--- /dev/null
+1 Notes on the Free Translation Project
+***************************************
+
+Free software is going international! The Free Translation Project is
+a way to get maintainers of free software, translators, and users all
+together, so that free software will gradually become able to speak many
+languages. A few packages already provide translations for their
+messages.
+
+ If you found this `ABOUT-NLS' file inside a distribution, you may
+assume that the distributed package does use GNU `gettext' internally,
+itself available at your nearest GNU archive site. But you do _not_
+need to install GNU `gettext' prior to configuring, installing or using
+this package with messages translated.
+
+ Installers will find here some useful hints. These notes also
+explain how users should proceed for getting the programs to use the
+available translations. They tell how people wanting to contribute and
+work on translations can contact the appropriate team.
+
+ When reporting bugs in the `intl/' directory or bugs which may be
+related to internationalization, you should tell about the version of
+`gettext' which is used. The information can be found in the
+`intl/VERSION' file, in internationalized packages.
+
+1.1 Quick configuration advice
+==============================
+
+If you want to exploit the full power of internationalization, you
+should configure it using
+
+ ./configure --with-included-gettext
+
+to force usage of internationalizing routines provided within this
+package, despite the existence of internationalizing capabilities in the
+operating system where this package is being installed. So far, only
+the `gettext' implementation in the GNU C library version 2 provides as
+many features (such as locale alias, message inheritance, automatic
+charset conversion or plural form handling) as the implementation here.
+It is also not possible to offer this additional functionality on top
+of a `catgets' implementation. Future versions of GNU `gettext' will
+very likely convey even more functionality. So it might be a good idea
+to change to GNU `gettext' as soon as possible.
+
+ So you need _not_ provide this option if you are using GNU libc 2 or
+you have installed a recent copy of the GNU gettext package with the
+included `libintl'.
+
+1.2 INSTALL Matters
+===================
+
+Some packages are "localizable" when properly installed; the programs
+they contain can be made to speak your own native language. Most such
+packages use GNU `gettext'. Other packages have their own ways to
+internationalization, predating GNU `gettext'.
+
+ By default, this package will be installed to allow translation of
+messages. It will automatically detect whether the system already
+provides the GNU `gettext' functions. If not, the included GNU
+`gettext' library will be used. This library is wholly contained
+within this package, usually in the `intl/' subdirectory, so prior
+installation of the GNU `gettext' package is _not_ required.
+Installers may use special options at configuration time for changing
+the default behaviour. The commands:
+
+ ./configure --with-included-gettext
+ ./configure --disable-nls
+
+will, respectively, bypass any pre-existing `gettext' to use the
+internationalizing routines provided within this package, or else,
+_totally_ disable translation of messages.
+
+ When you already have GNU `gettext' installed on your system and run
+configure without an option for your new package, `configure' will
+probably detect the previously built and installed `libintl.a' file and
+will decide to use this. This might not be desirable. You should use
+the more recent version of the GNU `gettext' library. I.e. if the file
+`intl/VERSION' shows that the library which comes with this package is
+more recent, you should use
+
+ ./configure --with-included-gettext
+
+to prevent auto-detection.
+
+ The configuration process will not test for the `catgets' function
+and therefore it will not be used. The reason is that even an
+emulation of `gettext' on top of `catgets' could not provide all the
+extensions of the GNU `gettext' library.
+
+ Internationalized packages usually have many `po/LL.po' files, where
+LL gives an ISO 639 two-letter code identifying the language. Unless
+translations have been forbidden at `configure' time by using the
+`--disable-nls' switch, all available translations are installed
+together with the package. However, the environment variable `LINGUAS'
+may be set, prior to configuration, to limit the installed set.
+`LINGUAS' should then contain a space separated list of two-letter
+codes, stating which languages are allowed.
+
+1.3 Using This Package
+======================
+
+As a user, if your language has been installed for this package, you
+only have to set the `LANG' environment variable to the appropriate
+`LL_CC' combination. If you happen to have the `LC_ALL' or some other
+`LC_xxx' environment variables set, you should unset them before
+setting `LANG', otherwise the setting of `LANG' will not have the
+desired effect. Here `LL' is an ISO 639 two-letter language code, and
+`CC' is an ISO 3166 two-letter country code. For example, let's
+suppose that you speak German and live in Germany. At the shell
+prompt, merely execute `setenv LANG de_DE' (in `csh'),
+`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash').
+This can be done from your `.login' or `.profile' file, once and for
+all.
+
+ You might think that the country code specification is redundant.
+But in fact, some languages have dialects in different countries. For
+example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The
+country code serves to distinguish the dialects.
+
+ The locale naming convention of `LL_CC', with `LL' denoting the
+language and `CC' denoting the country, is the one use on systems based
+on GNU libc. On other systems, some variations of this scheme are
+used, such as `LL' or `LL_CC.ENCODING'. You can get the list of
+locales supported by your system for your language by running the
+command `locale -a | grep '^LL''.
+
+ Not all programs have translations for all languages. By default, an
+English message is shown in place of a nonexistent translation. If you
+understand other languages, you can set up a priority list of languages.
+This is done through a different environment variable, called
+`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG'
+for the purpose of message handling, but you still need to have `LANG'
+set to the primary language; this is required by other parts of the
+system libraries. For example, some Swedish users who would rather
+read translations in German than English for when Swedish is not
+available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'.
+
+ Special advice for Norwegian users: The language code for Norwegian
+bokma*l changed from `no' to `nb' recently (in 2003). During the
+transition period, while some message catalogs for this language are
+installed under `nb' and some older ones under `no', it's recommended
+for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and
+older translations are used.
+
+ In the `LANGUAGE' environment variable, but not in the `LANG'
+environment variable, `LL_CC' combinations can be abbreviated as `LL'
+to denote the language's main dialect. For example, `de' is equivalent
+to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT'
+(Portuguese as spoken in Portugal) in this context.
+
+1.4 Translating Teams
+=====================
+
+For the Free Translation Project to be a success, we need interested
+people who like their own language and write it well, and who are also
+able to synergize with other translators speaking the same language.
+Each translation team has its own mailing list. The up-to-date list of
+teams can be found at the Free Translation Project's homepage,
+`http://translationproject.org/', in the "Teams" area.
+
+ If you'd like to volunteer to _work_ at translating messages, you
+should become a member of the translating team for your own language.
+The subscribing address is _not_ the same as the list itself, it has
+`-request' appended. For example, speakers of Swedish can send a
+message to `sv-request@li.org', having this message body:
+
+ subscribe
+
+ Keep in mind that team members are expected to participate
+_actively_ in translations, or at solving translational difficulties,
+rather than merely lurking around. If your team does not exist yet and
+you want to start one, or if you are unsure about what to do or how to
+get started, please write to `coordinator@translationproject.org' to
+reach the coordinator for all translator teams.
+
+ The English team is special. It works at improving and uniformizing
+the terminology in use. Proven linguistic skills are praised more than
+programming skills, here.
+
+1.5 Available Packages
+======================
+
+Languages are not equally supported in all packages. The following
+matrix shows the current state of internationalization, as of November
+2007. The matrix shows, in regard of each package, for which languages
+PO files have been submitted to translation coordination, with a
+translation percentage of at least 50%.
+
+ Ready PO files af am ar az be bg bs ca cs cy da de el en en_GB eo
+ +----------------------------------------------------+
+ Compendium | [] [] [] [] |
+ a2ps | [] [] [] [] [] |
+ aegis | () |
+ ant-phone | () |
+ anubis | [] |
+ ap-utils | |
+ aspell | [] [] [] [] [] |
+ bash | [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | |
+ bison | [] [] |
+ bison-runtime | [] |
+ bluez-pin | [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] [] [] |
+ console-tools | [] [] |
+ coreutils | [] [] [] [] |
+ cpio | |
+ cpplib | [] [] [] |
+ cryptonit | [] |
+ dialog | |
+ diffutils | [] [] [] [] [] [] |
+ doodle | [] |
+ e2fsprogs | [] [] |
+ enscript | [] [] [] [] |
+ fetchmail | [] [] () [] [] |
+ findutils | [] |
+ findutils_stable | [] [] [] |
+ flex | [] [] [] |
+ fslint | |
+ gas | |
+ gawk | [] [] [] |
+ gcal | [] |
+ gcc | [] |
+ gettext-examples | [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] |
+ gettext-tools | [] [] |
+ gip | [] |
+ gliv | [] [] |
+ glunarclock | [] |
+ gmult | [] [] |
+ gnubiff | () |
+ gnucash | [] [] () () [] |
+ gnuedu | |
+ gnulib | [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | [] |
+ gpe-aerial | [] [] |
+ gpe-beam | [] [] |
+ gpe-calendar | |
+ gpe-clock | [] [] |
+ gpe-conf | [] [] |
+ gpe-contacts | |
+ gpe-edit | [] |
+ gpe-filemanager | |
+ gpe-go | [] |
+ gpe-login | [] [] |
+ gpe-ownerinfo | [] [] |
+ gpe-package | |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] |
+ gpe-taskmanager | [] [] |
+ gpe-timesheet | [] |
+ gpe-today | [] [] |
+ gpe-todo | |
+ gphoto2 | [] [] [] [] |
+ gprof | [] [] |
+ gpsdrive | |
+ gramadoir | [] [] |
+ grep | [] [] |
+ gretl | () |
+ gsasl | |
+ gss | |
+ gst-plugins-bad | [] [] |
+ gst-plugins-base | [] [] |
+ gst-plugins-good | [] [] [] |
+ gst-plugins-ugly | [] [] |
+ gstreamer | [] [] [] [] [] [] [] |
+ gtick | () |
+ gtkam | [] [] [] [] |
+ gtkorphan | [] [] |
+ gtkspell | [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] [] |
+ indent | [] [] [] [] |
+ iso_15924 | |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | |
+ iso_4217 | [] [] [] |
+ iso_639 | [] [] [] [] |
+ jpilot | [] |
+ jtag | |
+ jwhois | |
+ kbd | [] [] [] [] |
+ keytouch | [] [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] |
+ latrine | () |
+ ld | [] |
+ leafpad | [] [] [] [] [] |
+ libc | [] [] [] [] |
+ libexif | [] |
+ libextractor | [] |
+ libgpewidget | [] [] [] |
+ libgpg-error | [] |
+ libgphoto2 | [] [] |
+ libgphoto2_port | [] [] |
+ libgsasl | |
+ libiconv | [] [] |
+ libidn | [] [] [] |
+ lifelines | [] () |
+ lilypond | [] |
+ lingoteach | |
+ lprng | |
+ lynx | [] [] [] [] |
+ m4 | [] [] [] [] |
+ mailfromd | |
+ mailutils | [] |
+ make | [] [] |
+ man-db | [] [] [] |
+ minicom | [] [] [] |
+ nano | [] [] [] |
+ opcodes | [] |
+ parted | [] [] |
+ pilot-qof | |
+ popt | [] [] [] |
+ psmisc | [] |
+ pwdutils | |
+ qof | |
+ radius | [] |
+ recode | [] [] [] [] [] [] |
+ rpm | [] |
+ screem | |
+ scrollkeeper | [] [] [] [] [] [] [] [] |
+ sed | [] [] [] |
+ shared-mime-info | [] [] [] [] () [] [] [] |
+ sharutils | [] [] [] [] [] [] |
+ shishi | |
+ skencil | [] () |
+ solfege | |
+ soundtracker | [] [] |
+ sp | [] |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] |
+ texinfo | [] [] [] |
+ tin | () () |
+ tuxpaint | [] [] [] [] [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] [] [] |
+ util-linux-ng | [] [] [] [] |
+ vorbis-tools | [] |
+ wastesedge | () |
+ wdiff | [] [] [] [] |
+ wget | [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] |
+ xpad | [] [] [] |
+ +----------------------------------------------------+
+ af am ar az be bg bs ca cs cy da de el en en_GB eo
+ 6 0 2 1 8 26 2 40 48 2 56 88 15 1 15 18
+
+ es et eu fa fi fr ga gl gu he hi hr hu id is it
+ +--------------------------------------------------+
+ Compendium | [] [] [] [] [] |
+ a2ps | [] [] [] () |
+ aegis | |
+ ant-phone | [] |
+ anubis | [] |
+ ap-utils | [] [] |
+ aspell | [] [] [] |
+ bash | [] |
+ bfd | [] [] |
+ bibshelf | [] [] [] |
+ binutils | [] [] [] |
+ bison | [] [] [] [] [] [] |
+ bison-runtime | [] [] [] [] [] |
+ bluez-pin | [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] [] |
+ console-tools | |
+ coreutils | [] [] [] [] [] [] |
+ cpio | [] [] [] |
+ cpplib | [] [] |
+ cryptonit | [] |
+ dialog | [] [] [] |
+ diffutils | [] [] [] [] [] [] [] [] [] |
+ doodle | [] [] |
+ e2fsprogs | [] [] [] |
+ enscript | [] [] [] |
+ fetchmail | [] |
+ findutils | [] [] [] |
+ findutils_stable | [] [] [] [] |
+ flex | [] [] [] |
+ fslint | |
+ gas | [] [] |
+ gawk | [] [] [] [] () |
+ gcal | [] [] |
+ gcc | [] |
+ gettext-examples | [] [] [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] [] |
+ gettext-tools | [] [] [] [] |
+ gip | [] [] [] [] |
+ gliv | () |
+ glunarclock | [] [] [] |
+ gmult | [] [] [] |
+ gnubiff | () () |
+ gnucash | () () () |
+ gnuedu | [] |
+ gnulib | [] [] [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | |
+ gpe-aerial | [] [] |
+ gpe-beam | [] [] |
+ gpe-calendar | |
+ gpe-clock | [] [] [] [] |
+ gpe-conf | [] |
+ gpe-contacts | [] [] |
+ gpe-edit | [] [] [] [] |
+ gpe-filemanager | [] |
+ gpe-go | [] [] [] |
+ gpe-login | [] [] [] |
+ gpe-ownerinfo | [] [] [] [] [] |
+ gpe-package | [] |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] [] [] |
+ gpe-taskmanager | [] [] [] |
+ gpe-timesheet | [] [] [] [] |
+ gpe-today | [] [] [] [] |
+ gpe-todo | [] |
+ gphoto2 | [] [] [] [] [] |
+ gprof | [] [] [] [] [] |
+ gpsdrive | [] |
+ gramadoir | [] [] |
+ grep | [] [] [] |
+ gretl | [] [] [] () |
+ gsasl | [] [] |
+ gss | [] [] |
+ gst-plugins-bad | [] [] [] [] |
+ gst-plugins-base | [] [] [] [] |
+ gst-plugins-good | [] [] [] [] [] |
+ gst-plugins-ugly | [] [] [] [] |
+ gstreamer | [] [] [] |
+ gtick | [] [] [] |
+ gtkam | [] [] [] [] |
+ gtkorphan | [] [] |
+ gtkspell | [] [] [] [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] [] [] [] [] |
+ indent | [] [] [] [] [] [] [] [] [] [] |
+ iso_15924 | [] |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | [] |
+ iso_4217 | [] [] [] [] [] [] |
+ iso_639 | [] [] [] [] [] [] |
+ jpilot | [] [] |
+ jtag | [] |
+ jwhois | [] [] [] [] [] |
+ kbd | [] [] |
+ keytouch | [] [] [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] [] |
+ latrine | [] [] |
+ ld | [] [] [] [] |
+ leafpad | [] [] [] [] [] [] |
+ libc | [] [] [] [] [] |
+ libexif | [] |
+ libextractor | [] |
+ libgpewidget | [] [] [] [] [] |
+ libgpg-error | [] |
+ libgphoto2 | [] [] [] |
+ libgphoto2_port | [] [] |
+ libgsasl | [] [] |
+ libiconv | [] [] [] |
+ libidn | [] [] |
+ lifelines | () |
+ lilypond | [] [] [] |
+ lingoteach | [] [] [] |
+ lprng | |
+ lynx | [] [] [] |
+ m4 | [] [] [] [] |
+ mailfromd | |
+ mailutils | [] [] |
+ make | [] [] [] [] [] [] [] [] |
+ man-db | [] |
+ minicom | [] [] [] [] |
+ nano | [] [] [] [] [] [] [] |
+ opcodes | [] [] [] [] |
+ parted | [] [] [] |
+ pilot-qof | |
+ popt | [] [] [] [] |
+ psmisc | [] [] |
+ pwdutils | |
+ qof | [] |
+ radius | [] [] |
+ recode | [] [] [] [] [] [] [] [] |
+ rpm | [] [] |
+ screem | |
+ scrollkeeper | [] [] [] |
+ sed | [] [] [] [] [] |
+ shared-mime-info | [] [] [] [] [] [] |
+ sharutils | [] [] [] [] [] [] [] [] |
+ shishi | [] |
+ skencil | [] [] |
+ solfege | [] |
+ soundtracker | [] [] [] |
+ sp | [] |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] [] [] [] |
+ texinfo | [] [] [] |
+ tin | [] () |
+ tuxpaint | [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | [] [] |
+ util-linux | [] [] [] [] [] [] [] |
+ util-linux-ng | [] [] [] [] [] [] [] |
+ vorbis-tools | |
+ wastesedge | () |
+ wdiff | [] [] [] [] [] [] [] [] |
+ wget | [] [] [] [] [] [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ es et eu fa fi fr ga gl gu he hi hr hu id is it
+ 85 22 14 2 48 101 61 12 2 8 2 6 53 29 1 52
+
+ ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn
+ +--------------------------------------------------+
+ Compendium | [] |
+ a2ps | () [] [] |
+ aegis | () |
+ ant-phone | [] |
+ anubis | [] [] [] |
+ ap-utils | [] |
+ aspell | [] [] |
+ bash | [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | |
+ bison | [] [] [] |
+ bison-runtime | [] [] [] |
+ bluez-pin | [] [] [] |
+ cflow | |
+ clisp | [] |
+ console-tools | |
+ coreutils | [] |
+ cpio | [] |
+ cpplib | [] |
+ cryptonit | [] |
+ dialog | [] [] |
+ diffutils | [] [] [] |
+ doodle | |
+ e2fsprogs | [] |
+ enscript | [] |
+ fetchmail | [] [] |
+ findutils | [] |
+ findutils_stable | [] |
+ flex | [] [] |
+ fslint | |
+ gas | |
+ gawk | [] [] |
+ gcal | |
+ gcc | |
+ gettext-examples | [] [] [] |
+ gettext-runtime | [] [] [] |
+ gettext-tools | [] [] |
+ gip | [] [] |
+ gliv | [] |
+ glunarclock | [] [] |
+ gmult | [] [] [] |
+ gnubiff | |
+ gnucash | () () () |
+ gnuedu | |
+ gnulib | [] [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | [] |
+ gpe-aerial | [] |
+ gpe-beam | [] |
+ gpe-calendar | [] |
+ gpe-clock | [] [] [] |
+ gpe-conf | [] [] [] |
+ gpe-contacts | [] |
+ gpe-edit | [] [] [] |
+ gpe-filemanager | [] [] |
+ gpe-go | [] [] [] |
+ gpe-login | [] [] [] |
+ gpe-ownerinfo | [] [] |
+ gpe-package | [] [] |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] [] |
+ gpe-taskmanager | [] [] [] [] |
+ gpe-timesheet | [] |
+ gpe-today | [] [] |
+ gpe-todo | [] |
+ gphoto2 | [] [] |
+ gprof | [] |
+ gpsdrive | [] |
+ gramadoir | () |
+ grep | [] [] |
+ gretl | |
+ gsasl | [] |
+ gss | |
+ gst-plugins-bad | [] |
+ gst-plugins-base | [] |
+ gst-plugins-good | [] |
+ gst-plugins-ugly | [] |
+ gstreamer | [] |
+ gtick | [] |
+ gtkam | [] [] |
+ gtkorphan | [] |
+ gtkspell | [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] |
+ indent | [] [] |
+ iso_15924 | [] |
+ iso_3166 | [] [] [] [] [] [] [] [] |
+ iso_3166_2 | [] |
+ iso_4217 | [] [] [] |
+ iso_639 | [] [] [] [] |
+ jpilot | () () |
+ jtag | |
+ jwhois | [] |
+ kbd | [] |
+ keytouch | [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | |
+ latrine | [] |
+ ld | |
+ leafpad | [] [] |
+ libc | [] [] [] |
+ libexif | |
+ libextractor | |
+ libgpewidget | [] |
+ libgpg-error | |
+ libgphoto2 | [] |
+ libgphoto2_port | [] |
+ libgsasl | [] |
+ libiconv | [] |
+ libidn | [] [] |
+ lifelines | [] |
+ lilypond | [] |
+ lingoteach | [] |
+ lprng | |
+ lynx | [] [] |
+ m4 | [] [] |
+ mailfromd | |
+ mailutils | |
+ make | [] [] [] |
+ man-db | |
+ minicom | [] |
+ nano | [] [] [] |
+ opcodes | [] |
+ parted | [] [] |
+ pilot-qof | |
+ popt | [] [] [] |
+ psmisc | [] [] [] |
+ pwdutils | |
+ qof | |
+ radius | |
+ recode | [] |
+ rpm | [] [] |
+ screem | [] |
+ scrollkeeper | [] [] [] [] |
+ sed | [] [] |
+ shared-mime-info | [] [] [] [] [] [] [] |
+ sharutils | [] [] |
+ shishi | |
+ skencil | |
+ solfege | () () |
+ soundtracker | |
+ sp | () |
+ system-tools-ba... | [] [] [] [] |
+ tar | [] [] [] |
+ texinfo | [] [] |
+ tin | |
+ tuxpaint | () [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] |
+ util-linux-ng | [] [] |
+ vorbis-tools | |
+ wastesedge | [] |
+ wdiff | [] [] |
+ wget | [] [] |
+ xchat | [] [] [] [] |
+ xkeyboard-config | [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn
+ 51 2 25 3 2 0 6 0 2 2 20 0 11 1 103 6
+
+ or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta
+ +--------------------------------------------------+
+ Compendium | [] [] [] [] [] |
+ a2ps | () [] [] [] [] [] [] |
+ aegis | () () |
+ ant-phone | [] [] |
+ anubis | [] [] [] |
+ ap-utils | () |
+ aspell | [] [] [] |
+ bash | [] [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | [] [] |
+ bison | [] [] [] [] [] |
+ bison-runtime | [] [] [] [] [] |
+ bluez-pin | [] [] [] [] [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] |
+ console-tools | [] |
+ coreutils | [] [] [] [] |
+ cpio | [] [] [] |
+ cpplib | [] |
+ cryptonit | [] [] |
+ dialog | [] |
+ diffutils | [] [] [] [] [] [] |
+ doodle | [] [] |
+ e2fsprogs | [] [] |
+ enscript | [] [] [] [] [] |
+ fetchmail | [] [] [] |
+ findutils | [] [] [] |
+ findutils_stable | [] [] [] [] [] [] |
+ flex | [] [] [] [] [] |
+ fslint | [] |
+ gas | |
+ gawk | [] [] [] [] |
+ gcal | [] |
+ gcc | [] [] |
+ gettext-examples | [] [] [] [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] [] [] [] |
+ gettext-tools | [] [] [] [] [] [] [] |
+ gip | [] [] [] [] |
+ gliv | [] [] [] [] [] [] |
+ glunarclock | [] [] [] [] [] [] |
+ gmult | [] [] [] [] |
+ gnubiff | () [] |
+ gnucash | () [] |
+ gnuedu | |
+ gnulib | [] [] [] |
+ gnunet | |
+ gnunet-gtk | [] |
+ gnutls | [] [] |
+ gpe-aerial | [] [] [] [] [] [] [] |
+ gpe-beam | [] [] [] [] [] [] [] |
+ gpe-calendar | [] [] [] [] |
+ gpe-clock | [] [] [] [] [] [] [] [] |
+ gpe-conf | [] [] [] [] [] [] [] |
+ gpe-contacts | [] [] [] [] [] |
+ gpe-edit | [] [] [] [] [] [] [] [] [] |
+ gpe-filemanager | [] [] |
+ gpe-go | [] [] [] [] [] [] [] [] |
+ gpe-login | [] [] [] [] [] [] [] [] |
+ gpe-ownerinfo | [] [] [] [] [] [] [] [] |
+ gpe-package | [] [] |
+ gpe-sketchbook | [] [] [] [] [] [] [] [] |
+ gpe-su | [] [] [] [] [] [] [] [] |
+ gpe-taskmanager | [] [] [] [] [] [] [] [] |
+ gpe-timesheet | [] [] [] [] [] [] [] [] |
+ gpe-today | [] [] [] [] [] [] [] [] |
+ gpe-todo | [] [] [] [] |
+ gphoto2 | [] [] [] [] [] [] |
+ gprof | [] [] [] |
+ gpsdrive | [] [] |
+ gramadoir | [] [] |
+ grep | [] [] [] [] |
+ gretl | [] [] [] |
+ gsasl | [] [] [] |
+ gss | [] [] [] [] |
+ gst-plugins-bad | [] [] [] |
+ gst-plugins-base | [] [] |
+ gst-plugins-good | [] [] |
+ gst-plugins-ugly | [] [] [] |
+ gstreamer | [] [] [] [] |
+ gtick | [] |
+ gtkam | [] [] [] [] [] |
+ gtkorphan | [] |
+ gtkspell | [] [] [] [] [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] [] |
+ herrie | [] [] [] |
+ hylafax | |
+ idutils | [] [] [] [] [] |
+ indent | [] [] [] [] [] [] [] |
+ iso_15924 | |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | |
+ iso_4217 | [] [] [] [] [] [] [] |
+ iso_639 | [] [] [] [] [] [] [] |
+ jpilot | |
+ jtag | [] |
+ jwhois | [] [] [] [] |
+ kbd | [] [] [] |
+ keytouch | [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] |
+ latrine | |
+ ld | [] |
+ leafpad | [] [] [] [] [] [] |
+ libc | [] [] [] [] |
+ libexif | [] [] |
+ libextractor | [] [] |
+ libgpewidget | [] [] [] [] [] [] [] [] |
+ libgpg-error | [] [] [] |
+ libgphoto2 | [] |
+ libgphoto2_port | [] [] [] |
+ libgsasl | [] [] [] [] |
+ libiconv | [] [] [] |
+ libidn | [] [] () |
+ lifelines | [] [] |
+ lilypond | |
+ lingoteach | [] |
+ lprng | [] |
+ lynx | [] [] [] |
+ m4 | [] [] [] [] [] |
+ mailfromd | [] |
+ mailutils | [] [] [] |
+ make | [] [] [] [] |
+ man-db | [] [] [] [] |
+ minicom | [] [] [] [] [] |
+ nano | [] [] [] [] |
+ opcodes | [] [] |
+ parted | [] |
+ pilot-qof | |
+ popt | [] [] [] [] |
+ psmisc | [] [] |
+ pwdutils | [] [] |
+ qof | [] [] |
+ radius | [] [] |
+ recode | [] [] [] [] [] [] [] |
+ rpm | [] [] [] [] |
+ screem | |
+ scrollkeeper | [] [] [] [] [] [] [] |
+ sed | [] [] [] [] [] [] [] [] [] |
+ shared-mime-info | [] [] [] [] [] [] |
+ sharutils | [] [] [] [] |
+ shishi | [] |
+ skencil | [] [] [] |
+ solfege | [] |
+ soundtracker | [] [] |
+ sp | |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] [] [] |
+ texinfo | [] [] [] [] |
+ tin | () |
+ tuxpaint | [] [] [] [] [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] [] [] |
+ util-linux-ng | [] [] [] [] |
+ vorbis-tools | [] |
+ wastesedge | |
+ wdiff | [] [] [] [] [] [] [] |
+ wget | [] [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta
+ 0 5 77 31 53 4 58 72 3 45 46 9 45 122 3
+
+ tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu
+ +---------------------------------------------------+
+ Compendium | [] [] [] [] | 19
+ a2ps | [] [] [] | 19
+ aegis | [] | 1
+ ant-phone | [] [] | 6
+ anubis | [] [] [] | 11
+ ap-utils | () [] | 4
+ aspell | [] [] [] | 16
+ bash | [] | 6
+ bfd | | 2
+ bibshelf | [] | 7
+ binutils | [] [] [] [] | 9
+ bison | [] [] [] [] | 20
+ bison-runtime | [] [] [] [] | 18
+ bluez-pin | [] [] [] [] [] [] | 28
+ cflow | [] [] | 5
+ clisp | | 9
+ console-tools | [] [] | 5
+ coreutils | [] [] [] | 18
+ cpio | [] [] [] [] | 11
+ cpplib | [] [] [] [] [] | 12
+ cryptonit | [] | 6
+ dialog | [] [] [] | 9
+ diffutils | [] [] [] [] [] | 29
+ doodle | [] | 6
+ e2fsprogs | [] [] | 10
+ enscript | [] [] [] | 16
+ fetchmail | [] [] | 12
+ findutils | [] [] [] | 11
+ findutils_stable | [] [] [] [] | 18
+ flex | [] [] | 15
+ fslint | [] | 2
+ gas | [] | 3
+ gawk | [] [] [] | 16
+ gcal | [] | 5
+ gcc | [] [] [] | 7
+ gettext-examples | [] [] [] [] [] [] | 29
+ gettext-runtime | [] [] [] [] [] [] | 28
+ gettext-tools | [] [] [] [] [] | 20
+ gip | [] [] | 13
+ gliv | [] [] | 11
+ glunarclock | [] [] [] | 15
+ gmult | [] [] [] [] | 16
+ gnubiff | [] | 2
+ gnucash | () [] | 5
+ gnuedu | [] | 2
+ gnulib | [] | 10
+ gnunet | | 0
+ gnunet-gtk | [] [] | 3
+ gnutls | | 4
+ gpe-aerial | [] [] | 14
+ gpe-beam | [] [] | 14
+ gpe-calendar | [] [] | 7
+ gpe-clock | [] [] [] [] | 21
+ gpe-conf | [] [] [] | 16
+ gpe-contacts | [] [] | 10
+ gpe-edit | [] [] [] [] [] | 22
+ gpe-filemanager | [] [] | 7
+ gpe-go | [] [] [] [] | 19
+ gpe-login | [] [] [] [] [] | 21
+ gpe-ownerinfo | [] [] [] [] | 21
+ gpe-package | [] | 6
+ gpe-sketchbook | [] [] | 16
+ gpe-su | [] [] [] [] | 21
+ gpe-taskmanager | [] [] [] [] | 21
+ gpe-timesheet | [] [] [] [] | 18
+ gpe-today | [] [] [] [] [] | 21
+ gpe-todo | [] [] | 8
+ gphoto2 | [] [] [] [] | 21
+ gprof | [] [] | 13
+ gpsdrive | [] | 5
+ gramadoir | [] | 7
+ grep | [] | 12
+ gretl | | 6
+ gsasl | [] [] [] | 9
+ gss | [] | 7
+ gst-plugins-bad | [] [] [] | 13
+ gst-plugins-base | [] [] | 11
+ gst-plugins-good | [] [] [] [] [] | 16
+ gst-plugins-ugly | [] [] [] | 13
+ gstreamer | [] [] [] | 18
+ gtick | [] [] | 7
+ gtkam | [] | 16
+ gtkorphan | [] | 7
+ gtkspell | [] [] [] [] [] [] | 27
+ gutenprint | | 4
+ hello | [] [] [] [] [] | 38
+ herrie | [] [] | 8
+ hylafax | | 0
+ idutils | [] [] | 15
+ indent | [] [] [] [] [] | 28
+ iso_15924 | [] [] | 4
+ iso_3166 | [] [] [] [] [] [] [] [] [] | 54
+ iso_3166_2 | [] [] | 4
+ iso_4217 | [] [] [] [] [] | 24
+ iso_639 | [] [] [] [] [] | 26
+ jpilot | [] [] [] [] | 7
+ jtag | [] | 3
+ jwhois | [] [] [] | 13
+ kbd | [] [] [] | 13
+ keytouch | [] | 8
+ keytouch-editor | [] | 5
+ keytouch-keyboa... | [] | 5
+ latrine | [] [] | 5
+ ld | [] [] [] [] | 10
+ leafpad | [] [] [] [] [] | 24
+ libc | [] [] [] | 19
+ libexif | [] | 5
+ libextractor | [] | 5
+ libgpewidget | [] [] [] | 20
+ libgpg-error | [] | 6
+ libgphoto2 | [] [] | 9
+ libgphoto2_port | [] [] [] | 11
+ libgsasl | [] | 8
+ libiconv | [] [] | 11
+ libidn | [] [] | 11
+ lifelines | | 4
+ lilypond | [] | 6
+ lingoteach | [] | 6
+ lprng | [] | 2
+ lynx | [] [] [] | 15
+ m4 | [] [] [] | 18
+ mailfromd | [] [] | 3
+ mailutils | [] [] | 8
+ make | [] [] [] | 20
+ man-db | [] | 9
+ minicom | [] | 14
+ nano | [] [] [] | 20
+ opcodes | [] [] | 10
+ parted | [] [] [] | 11
+ pilot-qof | [] | 1
+ popt | [] [] [] [] | 18
+ psmisc | [] [] | 10
+ pwdutils | [] | 3
+ qof | [] | 4
+ radius | [] [] | 7
+ recode | [] [] [] | 25
+ rpm | [] [] [] [] | 13
+ screem | [] | 2
+ scrollkeeper | [] [] [] [] | 26
+ sed | [] [] [] [] | 23
+ shared-mime-info | [] [] [] | 29
+ sharutils | [] [] [] | 23
+ shishi | [] | 3
+ skencil | [] | 7
+ solfege | [] | 3
+ soundtracker | [] [] | 9
+ sp | [] | 3
+ system-tools-ba... | [] [] [] [] [] [] [] | 38
+ tar | [] [] [] | 17
+ texinfo | [] [] [] | 15
+ tin | | 1
+ tuxpaint | [] [] [] | 19
+ unicode-han-tra... | | 0
+ unicode-transla... | | 2
+ util-linux | [] [] [] | 20
+ util-linux-ng | [] [] [] | 20
+ vorbis-tools | [] [] | 4
+ wastesedge | | 1
+ wdiff | [] [] | 23
+ wget | [] [] [] | 20
+ xchat | [] [] [] [] | 29
+ xkeyboard-config | [] [] [] | 14
+ xpad | [] [] [] | 15
+ +---------------------------------------------------+
+ 76 teams tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu
+ 163 domains 0 3 1 74 51 0 143 21 1 57 7 45 0 2036
+
+ Some counters in the preceding matrix are higher than the number of
+visible blocks let us expect. This is because a few extra PO files are
+used for implementing regional variants of languages, or language
+dialects.
+
+ For a PO file in the matrix above to be effective, the package to
+which it applies should also have been internationalized and
+distributed as such by its maintainer. There might be an observable
+lag between the mere existence a PO file and its wide availability in a
+distribution.
+
+ If November 2007 seems to be old, you may fetch a more recent copy
+of this `ABOUT-NLS' file on most GNU archive sites. The most
+up-to-date matrix with full percentage details can be found at
+`http://translationproject.org/extra/matrix.html'.
+
+1.6 Using `gettext' in new packages
+===================================
+
+If you are writing a freely available program and want to
+internationalize it you are welcome to use GNU `gettext' in your
+package. Of course you have to respect the GNU Library General Public
+License which covers the use of the GNU `gettext' library. This means
+in particular that even non-free programs can use `libintl' as a shared
+library, whereas only free software can use `libintl' as a static
+library or use modified versions of `libintl'.
+
+ Once the sources are changed appropriately and the setup can handle
+the use of `gettext' the only thing missing are the translations. The
+Free Translation Project is also available for packages which are not
+developed inside the GNU project. Therefore the information given above
+applies also for every other Free Software Project. Contact
+`coordinator@translationproject.org' to make the `.pot' files available
+to the translation teams.
+
--- /dev/null
+GnuTLS AUTHORS -- Information about the authors.
+Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
+ 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+See the end for copying conditions.
+
+The copyright holder for GnuTLS is Free Software Foundation, Inc., 51
+Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+Simon Josefsson <simon@josefsson.org>
+Current maintainer; draft TLS 1.2 support.
+
+Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Original author and maintainer of GnuTLS.
+
+Fabio Fiorina <Fabio.Fiorina@alcatel.it>
+ASN.1 structures parser library (libtasn1).
+
+Timo Schulz <twoaday@freakmail.de>
+OpenPGP support (OpenCDK library).
+
+Andrew McDonald <andrew@mcdonald.org.uk>
+OpenSSL compatible interface.
+
+Ludovic Courtes <ludo@gnu.org>
+Guile bindings, OpenPGP bug fixes.
+
+Mario Lenz <m@riolenz.de>
+Fixes to OpenCDK.
+
+Howard Chu <hyc@symas.com>
+APIs to extract X.500 DN's from Certificates.
+
+Ivo Timmermans <ivo@o2w.nl>
+Man pages, OpenCDK, fixes.
+
+Stefan Walter <stef@memberwebs.com>
+PKCS8 fix.
+
+Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp>
+Camellia support.
+
+Emile Van Bergen <emile@e-advies.nl>
+TLS/IA fixes.
+
+Joe Orton <jorton@redhat.com>
+Certificate name import/export, build fixes, test vectors.
+
+Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+OpenPGP discussion and improvements.
+
+David Marín Carreño <davefx@gmail.com>
+Added gnutls_x509_crq_get_key_id.
+
+Daiki Ueno <ueno@unixuser.org>
+Added TLS Session Ticket (RFC 5077) support,
+finished client-side TLS 1.2 support.
+
+Brad Hards <bradh@frogmouth.net>
+Add X.509 Issuer Alternative Name functions.
+
+Boyan Kasarov <bkasarov@gmail.com>
+C++ fixes.
+
+Steve Dispensa <dispensa@phonefactor.com>
+Initial TLS safe renegotiation patch.
+
+Jonathan Bastien-Filiatrault <joe@x2a.org>
+Fix TLS-version checks.
+Redesign and implementation of the buffering layer.
+
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+URL: http://josefsson.org/key.txt (always latest version)
+Comment: This 0xB565716F key is used to sign releases of GnuTLS.
+
+mKsEPNUHKwEFALqJSBHn6Qk5ex138kwymxA3idCFoTi5Q6mVooEVVaYVfeDG+5uV
+T5rhTFDfDcT9SO0eIlfKOraSRnVEHyDDH2PAgJFxyneFELcmLUQ66D+m8z+ziGro
+6bcDSBBDMRkHIX6/kH/vnevjqivIld+j8WTcVX+SArcKyzgQ58uMTrfQdLqzh6D9
+sE/838+ZPZkabmKKWMVWccoaUbWGYOcNwO0ABim0JVNpbW9uIEpvc2Vmc3NvbiA8
+c2ltb25Aam9zZWZzc29uLm9yZz6I+wQTAQIARQIbAwQLBwMCAxUCAwMWAgECHgEC
+F4AiGGRuczpzaW1vbi5qb3NlZnNzb24ub3JnP3R5cGU9Q0VSVAUCS4PgLwUJEL4w
+/wAKCRDtoh6UtWVxbzawBQCYVeIiYpYv5QXGUry1Dk4FXeQjuwL99wrv8zmE+zFF
+tm1lmOGgfN8US5TAiHMBhVPE8r46MP5WS7vNp4of9eTDBAXI6ou15mUrM66wdE1C
+1lj/AulyKUqGqZ1Q6Poq44lI8YlZ1yvjC+8+c1RniW6n80kHSlFgYmLsRCesf9RO
+4V1v1goAo8/RXDW0rlzcjCKRNNwZQM6SC8/Z9QGNcp1ViEYEExECAAYFAj1Y8sIA
+CgkQV5Mp08AbKiJmNwCgkgjjuS5TcZq4rVBWNYu1VwQlJWYAoJZf+pBNBvzT9xOg
+Hcs1cAMwT4FHiEwEExECAAwFAj1esHUFgwFXijYACgkQvLvElXGKklZXlwCfTWSl
+L2/3q5Od3zBVMKVHgpTo4asAnAtw7vVEIwp9pPuy1oKjTB/obqltiEYEExECAAYF
+AkEAyoIACgkQntdYP8FOsoK0XQCfRN1QBVk7/eu4YbFQBqH463dcHx4AoMp2QurM
+RXFDImswJ1Wi9K65dq66iEYEExECAAYFAkD/P4YACgkQlv+ZxCXA7Au9KACfYKMn
+MPmlbZDi5/Le4mcLCUlQ+SsAn2qOQ14l/ellraqWXbvacCJkOyNpiEwEEhECAAwF
+AkDgVz0FgwCTtOwACgkQyIHdR0rnq0csrwCgtL27/ndpjew28bGVYU9tBmIg2GUA
+oKFFKKHvJB2pVjRkRL4DjohSdIrkiEYEExECAAYFAkJJAYsACgkQj8NyXz1o1joW
+fwCgtb8mtlI8rg52vT5DRU+Ct3NuDfEAoL7IX823ezbe7HVegheirf3q7zmKiKIE
+EAECAAwFAkJG+cEFgwDmsQ4ACgkQv9buWFf3fwmuCwQAtAopBWKTnll1t4lFnR+C
+mvXdqui6g/MhMVjGlnGaxzKfdlXIDT3i6VEMQk639rCLUxNB5YiQZZm7aABg1dwt
+f10mFQUkm9dt4d852cu6ytmljXLJ4NIQFrhZQUrxvh8s8j41oN/hcwyLaX+FLI0G
+6Jehz0m0nPlEQf0sJ/4oCuqITAQTEQIADAUCQklECgWDABPOSgAKCRBmvnH/Z0ho
+g9kYAJ0QKz8Gt/kc7Q9Y/Ahh/wZO6vaQ9QCggcgpRYoJ6g1QXYWdTO/Hxve4Lu+I
+TAQQEQIADAUCQk2CtQWDAOAoGgAKCRA7jqQfgvYSQDh8AJ43bDTlK1p/aLXxJ2/1
+pFrHWFvncACgvVli4V9P6pVhP9p+H3APtQ+URVSJASIEEwECAAwFAkJhOZ0FgwDM
+cTIACgkQC3gy83PWLUFxowf/YLAopAmpU94kKSC4ECFsLXDivJ4LCOxgqZ0u7Fgi
+QgwWK1miJJnW9gME5vE/jMHlsjGwUKJDC3SfbgjOJj31ivrGIh4od8+zU0bwlwoJ
+ppDF/5cbzBheUiCsz+BVBZs8ii4OahnoELUzXbyVZITkMztmn/2+7DYXqqf1tCTy
+wIR/hQzFp6W7GNT/I73Ksz/cKop4jzxE5whkl+5NMBk9VYhfa2X49/S65nwXg4ii
+BPQN0UrhN0ZvrF+uKX6oVlOX+30CrPyT8FkcRk1AOhUpqblk2M2DblOebgxfF1ZV
+jXNNN/0fZhy4iTbYSggndO5PIybKMkMogVtO07F/8lvtC4hMBBMRAgAMBQJC2LCN
+BYMAVPpCAAoJEBhZ0B9ne6Hs7fEAn145gLDePrbxrfwN2dG5+IuvpvtYAJ4oRmRy
+hxwpwahGE+5281z2VTrQ9YhMBBMRAgAMBQJC2LCxBYMAVPoeAAoJEIHC9+viE7aS
+7sAAnRYuXokAy66xi04YD1ODtssYFw7nAJ4lqshFVn7NR5yznu0tioYLFwyc54hM
+BBMRAgAMBQJC2LDRBYMAVPn+AAoJEGtw7Nldw/Rz2iEAoJFrzoYjkR5ANZYbeX/o
+zQecQCmAAJwNCoPySmaxrwO6BiUd11bO80bPxYkCIgQTAQIADAUCQtiw8QWDAFT5
+3gAKCRCq4+bOZqFEaF90D/9xV8ua/ezhWOu5ADgHE1yeWMWQsecIx9TA5QVQg8pp
+jA3E2REe/lJbCweVhwfvSmuvuymRQw71cIdmqF1dz9R8mb62N1r07DcPxibhtHi4
+poENxIHqvEbtOR17Y6Ql4DW4PjK1ut9y2y58HK6XTiqCtbg43jEcbXk1r9qLJl2L
+gopYJQ1KJCwfn+DCVadRA2FgVclMGUGIdiiTwp12+E/70oYoMzLwm+7MUgbJUpRL
+ytsc5frhT91iX2lPoeylAHAQ0681WiawvexlqtAPto9Gjbtnw32oSOqIJcbbMhN8
+G87pkvBhk5wXfVM7kyutBFhIHcQFGeuGkZpgeXt40NcUJffn+KOfeXzgdQwmwNlo
+9K0arxNpIukgugvVeNtsKj1gtW7IkYcLmvlDyShz/cytguNEU+1W0ZeG73Tjphs8
+mCSlCKVcNWcy2l7z/DvB3VPibac525/Sw1ZIq7DShRHHv8x02/658LEW7gSvvZ4j
+3yuZSNgL2lgPzaYoQo+8ysHK9dqViVBXAHIwVZTmXptb5zxQcHtFUnR51IDSAfBG
+d7gjU5NJNfKKngLjDJy56nmJGMw/+13F5XFcjGPC9t6ZKoQud712K8TRIczWgGMn
+gkahyTl4KIwPxVzWnUN0IkcsO/5yO3JudWzzYB6r1QomCSAAA+uirstJwVtBWsCA
+54hGBBARAgAGBQJC8krrAAoJEG74r8KGV0rKoI4An0CQA/3wPCxskfqLhvN69ViN
+c9GhAJwMR5Nl4q7Y4c5j9BOG+9Yxaom2OYhMBBMRAgAMBQJC8cBwBYMAO+pfAAoJ
+ECmqKFIzPnwjCzsAmgIwd1uJC2Ka3bIgTCJukFjCcdWRAJ47P2tLKEcvatuPnnPT
+yWYuXGTBqIhGBBARAgAGBQJD+NOYAAoJEOFd2FexXDfRRVoAnj+kNh2yJiIAI9JE
+Vccgdv8cdElgAJ9jZHFa4KIdIsdGQZ5G4qS0YkHwKojYBBMBAgAiAhsDBAsHAwID
+FQIDAxYCAQIeAQIXgAUCPr1HRAUJAtWOGQAKCRDtoh6UtWVxb3F2BP9Whe+ArZn6
+WlbpHF+37Rqr+KmXL2fLI0b+phneaieRvACsOmPD3jDpvxz/xVf8s49SJ2+a23Ia
+iCA8Boyws9sBxn5N+yWhdYYjfDbH3JUOQz7BKN/9o8EAYuU8pmQtEN0q4+QiNsU0
+a8qLAV3qmEOwLfkB4z4H+aDZxe/p7vIYP4QmzTn3ZQ0mYR5mxpc52pF82KVyNWWJ
+vmcirPwKSckEiNgEEwECACICGwMECwcDAgMVAgMDFgIBAh4BAheABQI/pCtUBQkD
+vHImAAoJEO2iHpS1ZXFvPREE/j3fX+cLxCCZNTjMhThGFujiT7ty4x1jVc91J6QO
+A+Jp+78NIIeyg3JTeR3WIv7/WFNzLKJXJEEcga+0ViPjoLfvGsHMAnwXqPYAxu1c
+DY4jId0bCYgoVlnfF9gwOWxebtotLpCiuXGL/168zEAXWJpPg6r2MfPhAKUJ9G8q
+52OOWJW3cObxoZ2gyXjuWOFtygZ1vUAqP/8UGeZNdajHD5uI2AQTAQIAIgIbAwQL
+BwMCAxUCAwMWAgECHgECF4AFAkCGvikFCQSfBP4ACgkQ7aIelLVlcW9oqwT/a2nW
+kFFy1q16WURE8vp+Tqu6i4r5mTdyHjbhQeZh5Pub5DEJiFuWXxE73JVrnNozacQb
+Vbsnn54B4Xv6tuEDMxaTXSjreDY6D08urM8A0gnUHCAOwxtmepm9wxk/l3WAXWwz
+QoQaqZ2PSPFGW4Epk8+JwWKoLv1O2i9NbycGEccF9rr6I12319Vzk+P4P3FOgCwa
+dAQHSGS3Y6hlLm/RGIjYBBMBAgAiAhsDBAsHAwIDFQIDAxYCAQIeAQIXgAUCQW/E
+VgUJBYgLKQAKCRDtoh6UtWVxb8gUBP9Oiapzi+7qCcpj8Yy55jQvgpXkhe9g5DuT
+lRiHYjP5vTvXJNF7pDOOPj1pSUxumC3viv/pxUaWKp3tSOjsT0ZVgy4ah6rUdjyy
+bLAOAiPmAP3ryStzURF5/RnQbbzrSGZJRfeQIxY2871hWg241/wslRtNpsxYSPCI
+PHMVB4SSFYzzbKRgUU7SXsVQYBAlRU644UE+dB+b17slv1xvagOUiNgEEwECACIF
+Aj0lzz0CGwMFCQHhM4AECwcDAgMVAgMDFgIBAh4BAheAAAoJEO2iHpS1ZXFvt3ME
+/ijwFJCSNoY1AfCEm3AX6vRKUbjiy0MdemsqajXF6awcbIaeCwk3wVr9JOs1usu2
+/AQQDvz0sf/hEv6c3sMTYspD6+QzrRMUVbLm0fp+pRZKyaW1tO+/JIoOl8qsOwod
+kXPQ7CYFvSZhhkxdUwVOa6UtL6kOdCjQAy7DDQTzdcC/GxHQNVUNF5KcBWC7LMN6
+iAt0dAFEMaQz4t37CHq+DCyI+wQTAQIARQIbAwQLBwMCAxUCAwMWAgECHgECF4Ai
+GGRuczpzaW1vbi5qb3NlZnNzb24ub3JnP3R5cGU9Q0VSVAUCQkBc0AUJBlijpAAK
+CRDtoh6UtWVxb9EIBP4pk/ztQF+XV5L4krXEmbjAsGb9C+I+4OoRUY/mWDvNAjGp
+pkhFD+8Q3oQvg+1dcPsJ5rQHSXgA2w1bOsTknK9DamyY35LHd9T0ZSllXOUX9q3Q
+eKiDBYc2KB35ZtxKNIA4Lt5qDgYbSgtlERxDY94BCSy4YApdwATei3O32t5IoR+B
+roeIr+w+zn9mVulkn3pRXByYDX/scxcTtWwRL+UNiPsEEwECAEUCGwMECwcDAgMV
+AgMDFgIBAh4BAheAIhhkbnM6c2ltb24uam9zZWZzc29uLm9yZz90eXBlPUNFUlQF
+AkMVrNEFCQcvRSYACgkQ7aIelLVlcW+ahgUAnWORH5p6Cdk/zhen4sUwwnzsFyAO
+Z7vaVPrQPq58Czl2FymLm5kJgsGXH8b6KLxVMo8hjTZnsm+zO6XTLXsnnK7nXk70
+gBJ0AAM0XGlG53qDvvQmq3RkfFMHuSmxL+zL8pXTmnywIlEpgDHPVKbPKF3c508H
+FEPKFnDjuyRwPgq3q2mhC/qYYBRvw9hjjeRCqDTdC5wHuWLzs5MCLeG+3YhGBBAR
+AgAGBQJEc4b8AAoJEAixI47drUe278gAn15puEaeLjlpaTndlvxT+LAH/951AJ9b
+0Hlo7Py6F9c1liLsMNWNDnyvZ4j7BBMBAgBFAhsDBAsHAwIDFQIDAxYCAQIeAQIX
+gCIYZG5zOnNpbW9uLmpvc2Vmc3Nvbi5vcmc/dHlwZT1DRVJUBQJD8ykBBQkIC2/U
+AAoJEO2iHpS1ZXFvrF0FAJLVqSWQ2fYNGCvBH4xRS4n2LruzdubmzNuCIZrc75M+
+RfTvYeHwCNDY8H+PggYuXMT8armHvFvyL7jln864M9LTX4TwROrqKlkNgOkfxdSg
+Oz4QE9RHxxooF1GMl1yhxCoumixYE5w0z0LGYRKy/Xzd3+VMcUaFXvEqY6Q+cnQo
+qChCvKRmsIFhF4b4SAqzRePdx6U3PBpC4FbIlkQkpbaIRgQQEQIABgUCRYwLkgAK
+CRApqihSMz58I53iAJ47ZGEOrZrMqV6WKmfKa8+5907zeQCeI9LFETr1SK3IHx/7
+S7RlQhoqAzeI+wQTAQIARQIbAwQLBwMCAxUCAwMWAgECHgECF4AiGGRuczpzaW1v
+bi5qb3NlZnNzb24ub3JnP3R5cGU9Q0VSVAUCRObocwUJCP8vSAAKCRDtoh6UtWVx
+b9fhBQCRE0dBfP855Vv2fPCzIxnu1I0GM9BjmAC4uMNdW6o7I4yQMXNYpP8RdxDz
+PTon1JYQZqQW77EdqtwjFeguScudF8+85I2FtKDmzl0NNubmX6ckxdCbuUmOk2Vu
+H0IQ8O0f1htk0h4dQB97YA8zu9AtqyASkdCDbRC7RgoaeUaV7N7v8RM3KpEJm6pc
+eQT1DLqOQIFAp/cDa76xXK2Xrd4IiGsEEBECACsFAkXhdvUFgwKHjGMeGmh0dHA6
+Ly93d3cuY2FjZXJ0Lm9yZy9jcHMucGhwAAoJENK7DQFl0P1YbgMAnj34VvAwJhWn
+Z79fbgSY9O7CIBJFAKCJEs0DbASutepLJhiysH3J61b5D4hGBBARAgAGBQJF4sLA
+AAoJEKrPs4YhG27v90UAoKBHaY3RXOkwk5YL58jSYoOWltJ/AKDTwdKSURBZ3RTe
+GkriWGZRy2sfd4kCHAQQAQIABgUCReGU9AAKCRAmSeYoxdNNBWHAD/4+/J4V7cM1
+dMrr6rpaggfgRa7d121f4n+KVn69fmxBr6vMkGP+8Aor4xMGvkL6HYJvOMRK752H
+wXij7TM0HdGqU0S6cisOXiS/LOPQOayz6HuvliIhJeyDF4wfI358ZH8gVTKTn+1l
+tqWmggd8KVbU2pEvNte+lD0VIxK0wrUT0nFEYoJsDlTUVpnmM4PxP8TwoIRwo/h9
+NnL8zeh+5sj0D5tZW4DsTC1AVPH1WYUN4aY2lv49twDh63oXbzXZQ+xKWJeiByao
+DeEOFtouwTb7RbmDBB1i0aeb7gWCryUiHD4p2zf+R+4ikcwcG0LzR7DC3WFdlPnb
+NII/G31ZDacpPqkk5S3LL2jIXKhpD15ilbXGjkqsBAkOJpO7rehVbxEGUfGh+2TZ
+cCvLHeh9ckgjimFlZywk230H/tkQJpnHaTOmhNbBbowUkIdCjTBLkqyW99sM2heD
+kmkYh9jJTj2BLVED4HrgyMp+dXGeDM7nVGDCPfbaFTTz6It+ODndAC2Q0d0N59Sz
+x2Xb8LYfngezdhV0q0GgGXl+vh9zvZnpHV7Bef6ABTq0IOQri83IZv3HlyBeK6KP
+JTx+ll32ByQ8JcMuAAaVqWXI914J/fD9bvsTzJNQsPEa8yBta22Ww+jcnHBBhAbU
+Kfw5FKNDrqYr4VGY9+am80YmnIRQIt7Fu4hGBBARAgAGBQJF4fboAAoJEE1EwCDF
+wFuuzREAn11W3gtaynmEAcxw/WxLdndmL0mmAKCsf55yO8kTmKoohRXpfo+jn4HB
+XYhGBBARAgAGBQJF4gz4AAoJEFUVYHaRYekRxxwAmwVy1T7YQQtP7xXNdM+EVUxL
+nteTAJ9AzaxlVV4dO/OZTG9QDbqztagH54hGBBARAgAGBQJF4grQAAoJEMfZMCWd
+/6rUv38An3mkvCWcxGKhN6/PgQ2+W4zpFQPDAKCxweB0Xh/TQDjQ/dSaoj/BccNK
+LIhGBBARAgAGBQJF4hFCAAoJEOVE3gebfDKNJ4sAn3owtLwwEWtpw9VQxTc66cmd
+oFqPAJ4r2z3VgRa/Ns/uWMxV0Zlee/f2M4hGBBARAgAGBQJF4i3gAAoJEHZJQAVJ
+ruv2v54AoJCl4M0ClZrwxyTkOXJs7xeQjtDtAJ485636UH2u71nZdIyGTMqQkszm
+BohGBBARAgAGBQJF4sNEAAoJEH5OpU/Qq0B1NE8AoOJY9VXq8PPDDPjRPaJLahjO
+ykz+AKDN3jXgHvqD26euQ1ksEBc8Vn6zF4hMBBARAgAMBQJF4sR8BYMChj7cAAoJ
+EHMcr9NTwaMv9/EAn35hATWBiY7ra8Z2bjy+GZ4eSLQmAKDX1GfInkT57/rzmpkx
+n+IQlikCMIhGBBARAgAGBQJF4s6iAAoJENoZYjcCOz9PA5IAoIZucQg6PaqLETbG
+ch/y2UM6BhZ2AJ92fj8dOvoKNxn9Rh4UcTSSiPXNDohGBBARAgAGBQJF4eL3AAoJ
+EHhn1Tx0eTXduhcAn2LWbAgZcRRU7PJtIO3zqsIm6keDAKCeZgrQaUd1GSNW4AzZ
+LuT/XXiWW4kCHAQQAQIABgUCReLO2gAKCRBSIlPD1yc5gYUMD/0ah8KqI6rjyi7p
+WqPPcPKy9ZCnPJv2JJllu1wx4dqRZnUVA3rmHAUpzQp7HsfMXWLgjxOnUEvzjZkP
+PamYnczdE65l5M8zah1WNjfR8Vk4/XaeolVXe3a5R8Vxj27QRa+T5yEHprb5hPo4
+uFWkPlJgJd+qcXCIc28135QngN5uRRQK4NnM/oTtv2nv15L4M4qiH6V+We5IW+Tj
+t74O0mSEekg1bB/XKlF/XcgyO8rEZgqwufZ4cHbzWYXw3C+CKkhDSDItGUw9HesO
+u1FS+Mf/Js4+/kFjW8ZJPFO+A2z3gYTDzaXGq2zlvbqw1gYId5pbukVM6PRqQrlq
+tI2Kza7/CY85b+DVU9Zwe/Hr+yYnEJdG+eWkshmB0mIXgQlSaf/sglsAncrmxA/g
+m5IxaE3TIRW/mtizuCUwq+gigIUEANAsNwR5a/RAekc8aNaO1cSj8izlGqrl6cuQ
+5jyizUJB5AcOV4CUDiazITOasbt4+xx9MTsciqWIkMLYRloVuqXgsoKOTxTT6Zq+
+lPEGRyYds7OEdaXHWPO0OJ2ZPCagb3OvqxJc123Xf7XXySGkGXzZgoA6D4BwIB0b
+5WQFq8722b0tJPktH2a5clKJio3SMir1bpPT6b/CM/Mrk3kIFKJpmvEBYrKTCfhJ
+nDI2GJ4Z/f6rUDhiyQ5yj5Rop2zot4hGBBARAgAGBQJF4vk5AAoJEItKxIGsHnFe
+eYYAnRbZnnFoSrbo5E908zFdUPwfVfUoAJ9Dgo1WuGHPD+89PSqsyMshK1qavIhG
+BBARAgAGBQJF4y0kAAoJELOx+BoCeHiA9a0An0E0Zyjequ/iRSSB+YolhRqc87tp
+AJ9PeRbv8Ce1TY6qCoyIO76zYScX5YhGBBARAgAGBQJF40D2AAoJEDiaVjzCcqEm
+vrkAnimr8D1OTH8O8+E3A2VOoxLhG8PTAJ93AR9hPTBxVBY+TqzapQz12ROtjohG
+BBARAgAGBQJF40DdAAoJEB9/MmoS7vYqmnUAnjcrUSIjc8jjfdxLhJES9yDBTP/g
+AJ9ZSpKAG4kvVjZqcSBhudGIw2NkQokBHAQQAQIABgUCReM6egAKCRDo4GL2DcsE
+MZKUB/9bQd/kyhettf5FPhSPgtVgZanF2kI0WnDWUGXbbn8vLs7GNGsb6eyuUDEM
+kL/f6xtVHNPC44HarRbawhph/m0P25KQlaHX4120gdYzPR7mnUMk9g7P2ycNrcND
+730oJMS3f8FBhe9fnt4adPU8mp5fgU2zTsdVHpa2zUVZHNh84iuEoxoZJEWEyHHJ
+ke/avbbc/G6JmMD+8vOV8nKHbuzNOAfA09kPJWAPcfR/grCpEMZ8SkB9F4FvPEjU
+2HxeFKx1vWNTamkr6ygUVlX7bBwLCe9p+7ue1rMeKOMsJF7UnAkOthEC2IeyhPn1
+gyErrjYzQOX+3+YPCSO73fBxSG6liEYEEBECAAYFAkXjS5cACgkQKJz/wOY81tb5
+TwCeLd//hOBTT9hnSkZFuxLso9J3cToAoKnsSW/csdFyRJLh024CqSzu3/QXiEYE
+ExECAAYFAkXjRMAACgkQjCXuDw3At9aUHQCglgCi6nNiupwbEfwEsvd4MRYVzGsA
+niDj36LSv47TIbmUQJlR/qiNJ+phiEYEEBECAAYFAkXjVQEACgkQmEvTgKxfcAxE
+EACgmX4IGrSutcvAs9Pfr6JYEE3hdsYAn1yLt/tyLO9laWWhLKhNH7MPHc0xiEYE
+EBECAAYFAkXjT0YACgkQIae1O4AJae8N+ACfXCp09XmUQQ/xvA4LipoTAoyqX+oA
+n3aZHFSOKENXaHthrpt0FFaPVNEJiEYEEBECAAYFAkXjfaMACgkQzxI0fJaL1Yct
+2gCdEw43ra6oy0cwLX+zwRzTXazKQn0An0FuDnGs6J5+x6hlK3MFjyfRYZc5iEYE
+EBECAAYFAkXkGvoACgkQZDZDYQnzQCR0eACfWdtadQLH9Bbi/YPOcheMmavmCrUA
+n1fBKs46WOq7jppufBXwcncegfxHiEYEEBECAAYFAkXlgbQACgkQeQ6MlGH/2qvD
+yQCffMAMRUHCPKIbbz59BVNmgpyvSmYAnRMspmLYF0gk0xfHoIFaS3nwt3DgiQIc
+BBABAgAGBQJF6Vo/AAoJEFeTDasLhrBnakQP/1Z460aR3KyxrCrEcDJ/Vzf7vsbq
+1DQnmoRuIgpKmR87N3qRLb2p94ffRYYxlWcFj1jiYT3Wq2bxjHyCZPgcAM2bQuuJ
+MFxQo2xgwobyNqesIafgdbMjdUEAVy+NTyJfdmM3I57lkrleGz6lk9ojMLoIDa/t
+R1C+uoLuSWMj0Xk/nCT+WnN3/xqZyPIa+i6MN8fuI6Nsa/C1jiNw2FnZy721hl+P
+1Bhx+i9aiXCR0qz/3AOAOz25F0OXNKKdzOgdo5mCkelbUaey4gPpvb2oZ30rh6VT
+elOOlGU6WbEO3DQBuOGAxJ1Ux801przITs1923bZU8EPyfDZyZWINkpl7M4En4bq
+GKQkjTIfE8GrSSCp9rsLg1siK38yMYodegSzSJ7ZWWGlyuKvrim1eQw8svSzRphs
+ujaDJG8Oy3Dlc3qBbA/CGx1OtyML5G/w5C5b2Wz/BkMgHnOfOJSVjGlJJrxGyydR
+qThibZ88yRcZ8130COubR4Rr2I+TD+FZLhGtzQGia4gDQ9QG5td6LS5yLPc3Y52N
+cwWsbMHWzLTQ2k3O7PcsetRPLpduiq1eZUZZveY0MSjH+uH3xzp6qfj9I4FDtK6e
+pHQ0F9Dw8kK9qBAhiqrKxsUUbalx5Pup0gIkzNe1vzjByS2P/j2VMhbinhG5FZl0
+O2mPcIXHeHlAJdGCiEYEEBECAAYFAkXt5LkACgkQMGnpIbeahxy4RwCggxD0dEmG
+z7ipFrmwbIGTxuxIS+IAoKfxzxjiT2m3AEvfkL/xNuqgenPViEYEEBECAAYFAkXk
+wVwACgkQcLIDITr1nRa4rQCfZvrXaoYQ8TeX/lhuJfmsPb7kIRcAniKy+cTGNExR
+mZutFX/OcnatDZExiEYEEBECAAYFAkXqoaAACgkQL5UVCKrmAi7oEwCgu/2cheN4
+mU+yFFIG6HmLrbeIc5IAoI2I4eLWJdmLpJleOYgF7CtTGIKxiEYEEBECAAYFAkX/
+bGMACgkQOpD/wRQI1/HBUwCglcM0b6fl1oP8iofWeovuhSk4+5sAmQHrgf2pbqFW
+1oTBNS60dNQjA7VdiEYEEBECAAYFAka12CoACgkQXeJJllsDWKIizACgqk7R3Bhn
+GgzraKbcP9qSMhbYBr8An2Xah3bURySnK2QBDx4GzNM/vCTqiEYEEBECAAYFAkdZ
+tOwACgkQcgQ2cL3l8e4/XACg2opaihfpMLeOKb2bNSD7cLpI3N0An2A2r+PcOgUD
+t3qIIZ8i24HAhBnSiEYEEBECAAYFAkdZt8kACgkQ4Q56CecvefrAfgCfU/NbkK4w
+CiFMyviXo/F8tOEGyqkAnAgNaSmDzLkYZxHlM0SXosfHfV9diEYEExECAAYFAkda
+cyUACgkQaGtW3WCKJJsOKwCeLKhorr01GCKnXR8QaGvImLVOm98AoJpyR9WMJ0cs
+X+CuEdzGJDTlD8pxiEYEEBECAAYFAkddIIAACgkQt5wosOl/hW0OtwCgposF7nuk
+dTQ1nsQd1AGHb0CkQzYAn06bBOKMXsPcN2VvMiO2hiv9FLhniHoEExECADoFAkdc
+k2IzGmh0dHA6Ly93d3cuaGVucmlrbm9yZHN0cm9tLm5ldC9zaWduLXBvbGljeS0y
+MDA2LTEwAAoJEOdekMA5zDPbZ9IAnRTxxJl2Rtv1ZbnGsOuPJ6musP+5AJ9b8b3Y
+9BL7PRHzWgQjzALVVXRrdIhGBBARAgAGBQJHXR/KAAoJEPG6TB7RyLqP7nYAn048
+cLE/iNKJFxl/RwkY9VcRedkrAJ9+Y6u67OnG6HneUhzqGvMDbaGmAohGBBARAgAG
+BQJHXYVBAAoJEIUGW1nVLdGnUJ0AnjF43FY5SwhcW2JmuPVu1YnWfrwwAJ990zkv
+mIQtRCrxMzMgThz4jVaoEIhGBBARAgAGBQJHXAvSAAoJEO2/HhEm8iS4g2YAoMWb
+nnF/sbeM8+WToKO0nnoJrXVAAJ9iX3wXtSwAqrK+3X5imRfXGTxh8ohGBBMRAgAG
+BQJHXuTeAAoJEIXCJ+WlVzjy4fQAoKz8piSTCDPkv0qeNq0bdoDs9mOxAJ4lO8Hp
+GDqjYheaAvKG7tFZ1fsZjIj7BBMBAgBFAhsDBAsHAwIDFQIDAxYCAQIeAQIXgCIY
+ZG5zOnNpbW9uLmpvc2Vmc3Nvbi5vcmc/dHlwZT1DRVJUBQJF1dVYBQkLk/wtAAoJ
+EO2iHpS1ZXFvjEQE/1HviHOOSHv0ZuOd+H6SVlkwnhmx4g6fpyeeOa49lywggMBL
+8zddB/928PMYFQQ+pvYmECkOK+O6sVO2NkubopZwE/hUjt5sc0XTYQ9Lvxp40N/K
+UR8fSR5FvLQSWYGYRDXkK3t3Cta83ZeJk2IK43DpgVoFWMN6x69DlRGTyRWbB2Vd
+RvSZz3ZKp86p5cnwMT++K+pNxq+eY0UJorLRj+SIRgQQEQIABgUCSES5dgAKCRBQ
+LE8plp8qHbO7AKCPmi7Ri8FKIY/Wf9Ksa2NFDxUnRwCcCdAwwG67ZmplFNtZlVDW
+wFEcvT+IRgQSEQIABgUCSFlvKwAKCRAk0yv5qpXDSUwfAJ0TPD78S3J8UvoziG+b
+TCLTlPz1XwCgnWlV3PBKvOxuGSAdm/DOMlY1ogKJAaAEEAECAAYFAkkGvzkACgkQ
+Ke5YuZaGUXFYtgwgx9yOo8cCR2a0d/0J8Ux8wAnjLI8m68BCiKW6HmAzXx/mNX2e
+zicSEyqcvv4q5XdpvSrcA2kmlREBpu7mmnyerUuWWsTLMbi9clXaKRZ6yQJQBbrR
+YwrXtzdFziHqFjw+hC19uVXlPhXYa/8YL6aCO4JUlzWWgVF8xHupfRTIeXuGLkC+
+sWww2VmSm8Fg0FBG9jpIt4wYxNMI77so4szE/hoFQSdRtY1lC18jjluNiygGNQQP
+n7r5OKwrK9hX1gGZA2tGYVX0ZoYASRPZcUUzaYPH5cZ86SAg15zzroVD4etmk/2i
+I4sdzR9PyKr0zUp5FNSAFRey6avPAhaTNsyVDRiKmK3PnZF9H9HaRLJJnQEcvevN
+04Vg10VW/O3zCFMFi8zuxUP6ygoDdWZT9jR4wbzVEyFY7AUwXnStDd39p3oamTb9
+XtlngTJjmVBZIOlap4vmKsm0t2xviaxto6uR+656Ya49+SoXp+u5+dGDT2o0kFlN
+aC5r9zovItqdDYUHtn7DsIhGBBARAgAGBQJJZyWPAAoJEEc46iFldJl61+EAn1jp
+iTpjqq/l1oKwJQYDB0WsqGd+AKDEiDHvrN46b58gzQKdVbs472bFS4j7BBMBAgBF
+AhsDBAsHAwIDFQIDAxYCAQIeAQIXgCIYZG5zOnNpbW9uLmpvc2Vmc3Nvbi5vcmc/
+dHlwZT1DRVJUBQJIYfmJBQkNGHReAAoJEO2iHpS1ZXFvdAwFAIshSBfY4Zn4BQfa
+p1gTIjjcRy/v/bBnNMf8gMXkfm1FLTAaanO+n+lHsTNErPtaEfx8dyjvEg+wmOba
+qAJYoR75pXBFbLKdiN/P1Tp5Wd/C0t+cTT2datz2PL5XFKAMRko9rST8C1MWOiri
+H8akc6U6M+1Vy/dYcO2Tf3DxrXDLTFyrkfV9oREMsRFZu6W8P7UT578Epin/sTYY
+A619IXOI+wQTAQIARQIbAwQLBwMCAxUCAwMWAgECHgECF4AiGGRuczpzaW1vbi5q
+b3NlZnNzb24ub3JnP3R5cGU9Q0VSVAUCSaEuAAUJDq1aTgAKCRDtoh6UtWVxb4pU
+BP9f7+9yeYZCJTvILOWlsYIvl7J2P0em2qYn3NbDUS1yq+BUO8udTYNWwyxX9zGT
+5obhX9bhcWgms/UbGMsvlZcOT+e438P0t1q5q8u+FOgZtfkgZvyacCFvT4Fnd00B
++RaaGZ2atnodvhN8qpzHIf8GVrhzULEtdA55BRw+x5f6ORdSD14IFWirQ4WWKaXT
+URx5LIRxs6twYJawkumU6m4KiNgEEwECACICGwMECwcDAgMVAgMDFgIBAh4BAheA
+BQJAhr4rBQkEnwT+AAoJEO2iHpS1ZXFvkxgE/2ZfCBqYKIe3SDM0tOVNrIeSZuVN
+Uyn2xoqRKK4VomvTI1eMShfGa0twPVlBB5xXHt06yRbwjobJykmDc/Hmteel+FVW
+OcehnXq8T22gLENlEM0CUZellosNwFwdnWGOHGZs/B4BVCh2pzsCra6di7MKCznZ
+DOHX3TBLoqVHjWzCldxtwc6Y7fAsEtrLVos4+0JvjQoYYgHQyril5ywHYs+InAQQ
+AQIABgUCSw6cnwAKCRD1TYragIIf6syABACYfsh56PcvpDJ3pGPoylowLFW4DEP1
+4dFlADmaZd+SedFZqXI/Vv+7fT19W1cx/HqG46WwmSQjPYSqI3IMpB4IYMnsDYDn
+is9GIXLZyy/s4i8WBiiuRkuG69Q+SOjyF4X7MBh3UB2zkelpHHe1OTknOQ+7qzpZ
+rp6YhpAMSmSx8ohGBBARAgAGBQJF6qGjAAoJEC+VFQiq5gIukCUAn2UXazhZrEHL
+vZH0c56N2LdNHYI6AJ4zZnN8vY09pgpA6p7+YGQfnjuyBohGBBARAgAGBQJK/ASb
+AAoJENG84OKPoRoVuxQAnRhqvmMVRkSQiHLSQEnXu4zO2SiXAJ4l9/uWrMqAKUPe
+BcxbT7xrnru0zIhGBBARAgAGBQJK/BdwAAoJEHJZXrGBcEuTMP4AoKtme6FdYL53
+bVxbHklI8QwQEx6jAKCPSXqJmdslSfamkqA0dTncqUAZPohGBBARAgAGBQJLASuc
+AAoJEBgFUbrZWjw1PeIAn3GHmjiGSmkJzDAKpovoGEviB4DQAJ4+tap00n1o0q+b
++8YjEN9tCt/VZohGBBARAgAGBQJLDEARAAoJEHfdleLqUuz0LZMAn3fBmDQzpfUX
+yhciz6dUirKC0L6aAJ9IbQB4y0s1o8eR2ZxRXy5cYB30FIhGBBARAgAGBQJLDbh7
+AAoJEI53TMap06Pgx1gAnArZ857v7THGYpmTCjbwBz1oh7+4AJ9CNLFSBqnrZ+9p
+YKH12RiFHLmuLYhMBBMRAgAMBQI9XrB1BYMBV4o2AAoJELy7xJVxipJWGZ0Anjly
+M5hKGecjlTcoKYWJlMDjf0vCAJ99oFg8mkzKasg3CREHi3Y3Fu26EohGBBARAgAG
+BQJLHGQ7AAoJEMcaTGXwWbHRLcgAn2h+moRVxidIb1mADTBGcOy0DjFjAJ9JLJMZ
+gCvnQEmvyZcIssqTJ8Gx4YhWBBARCwAGBQJLEp4JAAoJEPKthaweQrNnE7UA3jYY
+Ov08+w9dAdbxBmwnL+Lev2ZdSP8M+YS1pXIA31NNq1SYUuqb2CVCGUmMo8m/a5uS
+Z/0c2Yyr5OS0IVNpbW9uIEpvc2Vmc3NvbiA8amFzQGV4dHVuZG8uY29tPoj7BBMB
+AgBFAhsDBAsHAwIDFQIDAxYCAQIeAQIXgCIYZG5zOnNpbW9uLmpvc2Vmc3Nvbi5v
+cmc/dHlwZT1DRVJUBQJLg+AxBQkQvjD/AAoJEO2iHpS1ZXFvDAgE/AzYH40Oe01T
+lvH651jUuR2PI2EJXOgo+2SdNekXdrWjKDnjix7TIULeCbhRCGA3VT7T6prGOVze
+LUPt0DowNLE5D9sjeq4bRvfBT0Qd+tQDsWPhw63rhRAaOT0eKRJ1GAcybsP2l/Vh
+/J7seYROtaeUAuipWTBHf39W5IOQjjk/pRTMrgnIop+ApncuzxQHfDXImGqzjCTI
+u77zKkSXtMGIRgQTEQIABgUCPVjyvwAKCRBXkynTwBsqIhf3AJ9HasyJd0rNkH3l
+pwDlhJDgwtDLKACfU2/szfpICh9H/vdaOqU+lUBD59GITAQTEQIADAUCPV6wdQWD
+AVeKNgAKCRC8u8SVcYqSVhmdAJ45cjOYShnnI5U3KCmFiZTA439LwgCffaBYPJpM
+ymrINwkRB4t2NxbtuhKIRgQTEQIABgUCQQDKfQAKCRCe11g/wU6ygvegAJ9cAzRB
+E2V+rw6AmHVBqVfDVIsllQCgoCgYAAAZvsXUc72NsrSjAgjyyx6IRgQTEQIABgUC
+QP8/dwAKCRCW/5nEJcDsC1uxAKC6gBDLFxVI90nAFw2HL0GkfuZTewCgzz7P/bYs
+bVpLh21vUj7mlHw4s0GITAQSEQIADAUCQOBXPQWDAJO07AAKCRDIgd1HSuerR2AI
+AKCp7WDpLQxo+R+bvYXyKhPWCGsoRwCfT3Szw8ijOgtNX3dNNs0Hv3mqbI+IRgQT
+EQIABgUCQkkBkAAKCRCPw3JfPWjWOuuxAKCruWhKUy59naZRTz3O/qI0SXPr1QCg
+3JjqylCoyJmViIfmP7yS8Dh2IvOITAQSEQIADAUCQh3wIwWDAD8iMQAKCRAYKCtr
+RTlKAWLKAJ4xLXJER/0ZaQtfG5Vi8BGA00oMOwCgpUFMz4MvSjX94+/zLD/xJq5e
+PkiIogQQAQIADAUCQkb5wQWDAOaxDgAKCRC/1u5YV/d/CZTyA/4gQg1rKbsrsVS9
+la4KR0lweyEIZUGVM6oj1gHUJNjws11EenyOtFcFkVk4M8DOIf/VmiJJCOyBODzw
+FSnEstKAkdk6qG48xaUvBrpazK0oZOS4UKdn6aSYcp7stWeNIqvw6s/vLk6EW11W
+pvl2CL1Ih4rZqyzVej70RZltyj6/84hMBBMRAgAMBQJCSUQKBYMAE85KAAoJEGa+
+cf9nSGiDgwsAn3jgiKCQHBL3u0JnYrJ61zrp257PAJ9aWgtpDW2H3FnjuFzpx3oJ
+T1cOR4hMBBARAgAMBQJCTYK1BYMA4CgaAAoJEDuOpB+C9hJABNIAoM+b0ThD6p/F
+UCWdw+nRYV0CEo2qAKC+QaW6C+mZcFBFIx6AfGyRkE8SEIkBIgQTAQIADAUCQmE5
+nQWDAMxxMgAKCRALeDLzc9YtQfYGB/0YcwIJhvfj2brrznkTI+QmaVVEYjlCLqbf
+uuNGa8CMv5oFIVigBjJQp59PK/dOwnyX5sBCyhpFTrBufu5z8vCglRMHJcWPus86
+ghPHHpJrdU/Wdh1eMK1qsqaPNBNhTVxbB8pRsQDd9KCziCl3zTWXoLbUX4NtKY/w
+Js60ZvrY2/VTHUJeJafavxVTLkBVZnRUPiq/HEgYafnxHS8vEoLmAYWJ2z0l0yEl
+3VIdDSYWRmn82k06dvDYDS1+FoWyl1ACgMSM4dOv1+zQ8BQGu3lhw/Zb6I1n0o98
+3ZzvTun/e8StI/FBkKhcGac3YsDnB40hVZmcq4k9R7JDkXAf2is+iEwEExECAAwF
+AkLYsI0FgwBU+kIACgkQGFnQH2d7oexBSwCfYuf/9OyYSogv9twu23xXPzaWqMIA
+n1rlNsu5Q6nj6HjcXYImOtQEvsIriEwEExECAAwFAkLYsLEFgwBU+h4ACgkQgcL3
+6+ITtpK5xQCfRx96KP6Px2NTqMM+b+2tAcvn8qgAnjJIDKzJVDxTd9n45jdd9gpc
+99UoiEwEExECAAwFAkLYsNEFgwBU+f4ACgkQa3Ds2V3D9HNhHwCfWMtWNP/fE5TR
+d31NXU43f2rEl60AoPoah6NEdoNc7YoGhCesZWCn3BVQiQIiBBMBAgAMBQJC2LDx
+BYMAVPneAAoJEKrj5s5moURoo2EP+QENiDYVYrAiRIyXPQplagAXCg725RaqtsXv
+PyDBkqU4Zb2C9wXQ49ijK/LT3het2p20bwjYmop9iClo+vuMVTdWJpjUyvzBA+rF
+9ya4qWwJ9mMPEppgfHhUpOILkhcniC4x5OWrNtPHeudNkubRJ7J6GZAN8g9NpxV6
+JIAzRYscTPR88jnBggErugNlDJIi2VFII4mYirlMQZURv0Hnsil7Nbg7RbBGoTqH
+DxNOfum4wcd1Osjw9LJ2g8DBJGZTFXynYQvhliBNNSu3O/SZN4bs93NT1hzZMXc5
+cnARPWhqR7Q80uGuJrIOp1WW+zWHYXUoQgCi24wpdF3wKJREqWdqGPt5a23chWKv
+w92gHNEC1Pf4mbwRLfbH9N1dDwoO3XA+z/R6QsxwjPIAhJbqBWL7q61SlO9RcxD+
+D+xBlePZitFNKME0U/paYTiE9zWHcm4mbQFvBcHRzyMTrRgQZ3QAdImA852+tr0B
+428xTp2fpzROzVuhXTfkO9NmFO1QBv2QBz9Pmi40PCbyCyihvsTTZQVF+EwijRmq
+PkGfaYLRAKdJv0/wvULpsBtkQVd79Sucf54oGv5gximFMhZZn8JJmEnAFpUMUIvO
+qv1n86KsQtIQkoJwbRXLGiKBB8eYfoJGMz0rgiYnavmuvgUpPfDzwa63Gz3Kllbp
+cSFD1OPZiEYEEBECAAYFAkLySu4ACgkQbvivwoZXSsrD/QCePeaIjTq/mM4ptEm3
+rDAsg0Ds3pEAn2l18L7gln5IyrTD1w7c0oYSwnXaiEwEExECAAwFAkLxwHAFgwA7
+6l8ACgkQKaooUjM+fCN/nwCgim7PNo7IYXeDYrL11X2+oQIE2zUAniNFTbtnCi/L
++HOchH2r6j564iOgiEYEEBECAAYFAkP405YACgkQ4V3YV7FcN9G7NgCfaOMHBmqn
+o18hFkz5w9AVaixqcwgAn2Bka5leo4ZxEcNijVXBQrsqDxqdiEYEEBECAAYFAkP4
+05gACgkQ4V3YV7FcN9FFWgCeP6Q2HbImIgAj0kRVxyB2/xx0SWAAn2NkcVrgoh0i
+x0ZBnkbipLRiQfAqiNgEEwECACICGwMECwcDAgMVAgMDFgIBAh4BAheABQI+vUdG
+BQkC1Y4ZAAoJEO2iHpS1ZXFvGNkE/j40miCY9+4o3sfsCfxwS5MsnalmFWYbkz01
+TC7Leg0DKHUQY914u1GJYIO5SerUcWq1bhf3mFumb+I8eRXj8SiwXgBvh+BUUB/q
+ICF3gZQ8eNV+y9ucI0scT4UOAsATTJkinJA/OC3UIj68oG1/CUC7CdPF7k8wxu++
+NHdEaLasYsxoWD9ECUw+u1b336ENIC7QeXIcOz3PaLE9fo+Mos6I2AQTAQIAIgIb
+AwQLBwMCAxUCAwMWAgECHgECF4AFAj+kK1EFCQO8ciYACgkQ7aIelLVlcW8LngT+
+LofWRDrko7dp+TqX7gGm5bK0c4ZYD35bgTH4xzcpxBbBo5/NZfNUwqkrUZZ+8A1I
+/eWbn0ot2L6GEhRtY33xjJP5Nra4CDbU95MWhpH57OncpAbleyotsFqnSZE3tYm8
+movkQqrfidZXUlLh3X0GecACzyUEW+B6ouzNvWsxR3H8WzC398hmMgbigu3gVTVW
+kefFExSuq9Al90+3hrpPG4jYBBMBAgAiAhsDBAsHAwIDFQIDAxYCAQIeAQIXgAUC
+QIa+KwUJBJ8E/gAKCRDtoh6UtWVxb5MYBP9mXwgamCiHt0gzNLTlTayHkmblTVMp
+9saKkSiuFaJr0yNXjEoXxmtLcD1ZQQecVx7dOskW8I6GycpJg3Px5rXnpfhVVjnH
+oZ16vE9toCxDZRDNAlGXpZaLDcBcHZ1hjhxmbPweAVQodqc7Aq2unYuzCgs52Qzh
+190wS6KlR41swpXcbcHOmO3wLBLay1aLOPtCb40KGGIB0Mq4pecsB2LPiNgEEwEC
+ACICGwMECwcDAgMVAgMDFgIBAh4BAheABQJBb8RUBQkFiAspAAoJEO2iHpS1ZXFv
+8W4E/Ajt3JTsRb+C/YLCbcXupUVCEpb5o6IkIoJsPDyEMBn0wkWAOaCuDI2uO/tT
+826s2NQJRItychaSEDAwqUYZIXxxozlR9r2qd2hl8Uha/CRjNEjtWefvPLjaPTe0
+QIuJKGspCMvhmCsqaMhfVCxo+UC/21GIMyyxvHrTWrJhPw5fPJhF4WN8Lj8GniBG
+3L/xwxwcpm7+1aZT/91YbQDXzs+I2AQTAQIAIgUCPNUHKwIbAwUJAeEzgAQLBwMC
+AxUCAwMWAgECHgECF4AACgkQ7aIelLVlcW+I8gT9Gq0zczE2pA4TvAQhNN3dIq7u
+rAhSdqkHoeFABV8vCmecm7VicRU/0O8Z9LlyroyffXF4bsu4nA0dd8FpEShttCIy
+ojb/cs0GjUd+vpufJo2btVA5xlZtj0/WxC2Jik1aLpouOEFoFOZYKuSmX1obAOQU
+BKkubafZOAgQYN+iQsI2MR351scpgNYUsjCj5oJj5umhXfi7/Xd4eaE1bPUwToj7
+BBMBAgBFAhsDBAsHAwIDFQIDAxYCAQIeAQIXgCIYZG5zOnNpbW9uLmpvc2Vmc3Nv
+bi5vcmc/dHlwZT1DRVJUBQJCQFzPBQkGWKOkAAoJEO2iHpS1ZXFvLfME+QHcoVJU
+M3FqCzf/d+JhZvM5O0wtZ5qBxO793rsE7psgAcHVIe5f87QZNtDp7ZmrnugyBhC6
+7H2FrQKr8lqsIvKbaSzjro8yUoQtswVSef/OrhqSgEqs08Aifa66sowT1ZWO181m
+4BCC7aoNRovx8Huy0P+Y1Z2btPA+uu6UvZLh2iKqMP+95zloNHNHZWooG5THFQl0
+RdCJtybyDmLpn+uI+wQTAQIARQIbAwQLBwMCAxUCAwMWAgECHgECF4AiGGRuczpz
+aW1vbi5qb3NlZnNzb24ub3JnP3R5cGU9Q0VSVAUCQxWs0gUJBy9FJgAKCRDtoh6U
+tWVxb/gpBP4irIXMfgUgQtneRCtuA8MOrAQzzReD+ZqiwjH2tlWxnlmX31UJRoCX
+i307dprSABkaAsmlGs1o49tOiuNTn+xtGVRXgsnz8owbShZcDS64zFs+5ABrS7Vx
+f2yp7ODK95QfClySojk4+bhSPZvm+XpgDA1yckBtw52v1kXHoKSPrq650dD3WYWA
+b2Dz2OoIHLS7F7Xy9xP23rNVy7Mi1s0jiEYEEBECAAYFAkRzhvwACgkQCLEjjt2t
+R7bvyACfXmm4Rp4uOWlpOd2W/FP4sAf/3nUAn1vQeWjs/LoX1zWWIuww1Y0OfK9n
+iEYEEBECAAYFAkRzhwAACgkQCLEjjt2tR7ZfuQCfZJN5fLHTvbQC/6RqWjLsMFxt
+D08AoJ4e760bQEmJoUnk+UUv3PthN/oqiPsEEwECAEUCGwMECwcDAgMVAgMDFgIB
+Ah4BAheAIhhkbnM6c2ltb24uam9zZWZzc29uLm9yZz90eXBlPUNFUlQFAkPzKP8F
+CQgLb9QACgkQ7aIelLVlcW+cLwT/abfnHnfzlMJ+kEFQtvF0hI/kNlxOUz07fQv5
+dmefWUVUAUNB6ztm0sl9C0ZRjNI+gDXXQbtySrxiYs3jqH761XVwR1Q0L/6mr5n6
+Fv7AZN1cv3PZwZhcfhjJRM8ViCoC96AUSlRBvYCk/205+c2UC7eC7vgZQE3gAzVJ
+VI53IICkl16d7mEIIVqmUB6xLN7ZNDcMwcWD1vew5rWHI0jWkIhGBBARAgAGBQJF
+jAuOAAoJECmqKFIzPnwjjEMAn1PGwa5O+Wkrfj8P+kUbrNDbQ4njAJwNHA9EwqAh
+V/iunGMkeXqyYR4ESoj7BBMBAgBFAhsDBAsHAwIDFQIDAxYCAQIeAQIXgCIYZG5z
+OnNpbW9uLmpvc2Vmc3Nvbi5vcmc/dHlwZT1DRVJUBQJE5uh1BQkI/y9IAAoJEO2i
+HpS1ZXFvgWQE/20EMJJ151G/XmiF8fmkmwHqDuYHKMMhc5YHIp2lMh7uif9aIDsI
+pZKED7MYYEROgP7p5N2WnJLwa86TdpsPWJ1RkQvjXParnkVihYQXyjVBcDAnKVSM
+tSIwkf3wM9cZVeJKSeUEF+Wz3vE2FKnykUuoX1kbwWXdElLgtbNeSMqoCqvUWREJ
+6uxjs8kLzG0gXkZK2+Brr2SHcHW0fqg9j5mIawQQEQIAKwUCReF29QWDAoeMYx4a
+aHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ0rsNAWXQ/VgiLQCgiPqK
+/6keqoRc1gY4ezjVthcLdboAnjD5FfICPgGIaPM2+7HKj/FrcSJHiEYEEBECAAYF
+AkXiwsYACgkQqs+zhiEbbu9orwCg7c41zi8ei142vgnW47+xoj++4wMAoPgVJ2wZ
+TQNwxTNnAjH4dPvhRzFGiQIcBBABAgAGBQJF4ZT5AAoJECZJ5ijF000FiXAP/1cQ
+9iih1PuCQpzBzALS0Md+vzJQcKhho1V+PmQII/c893bTj/aGHh/lOV0AltG8lW6p
+8mHQ1tMOblHLaSrcTrUUt4wkZszw9mr36Vto53oO8pX43iEJ59xJZLdbMbt0Ikn7
+xcRYMOBnyRiLNP534TueKjhl+fqDIrWryYjQutIRie4Pk6BGTpjV5FktbPd0s3/P
+Dm8ubusbUaKmDsS54+pAOYj2EpddMs/qKYq65QpsYfbMI7+9xfLronmwjoiTLjDZ
+0DYP/oJAZT+U1Awquxwop4jZ9dDwjtQU8aiYOKw7WXGvPlBD7PVXHqdwjm7mKs2M
+cUVg+Wyru0XgmDJVfXmxOmwAcwEAleGQT1/wLVjGy00qc/0XQm1zOorhsUXVtWho
+TkfQinw40t92gF6az1CXoGC8bJAz3ifqtNhWeWHLH0870suEXyRT8GmU9wDz5w82
+QHXTG4rjzMzyq+tKiEH9AdSjjoffcnY90x0WNkzgqrO04kLYOw84TwvpZkEwJy8x
+d5M5N2go+ZxG148AoX5rNQdY55ykCRdIorsfMnBlbI2tBaNcSLmnlaMS5QYUGAWY
+aVvOLsAtgsqPOMcMW8EOdvZ1lbMu2zA90r90QxyhWW9lRCOljQDOES47o0VDrGJw
+czP3rea9qzW4VWGaV1yNPbZ/W7ggpL76nMQyUpXqiEYEEBECAAYFAkXh9ugACgkQ
+TUTAIMXAW66YCwCgq8N4NAXq8HGawNANEDJpfaFnPzUAnR8Q2R0Vw5SSm961rJNa
+yI9Sr2bEiEYEEBECAAYFAkXiDPoACgkQVRVgdpFh6RGgYACguR4IPZ6tjHNslKOJ
+rWJ+eU2dJs8An1LmY0Y6eYtMBjEY5UkCABcC1m3EiEYEEBECAAYFAkXiCtQACgkQ
+x9kwJZ3/qtSAjACcCr6J7Cd+9ClhcxFA9AcVDVDighYAoJtSPYUQVSVTpwXOc+og
+ydTNzYDPiEYEEBECAAYFAkXiEUMACgkQ5UTeB5t8Mo3fvQCfX+MTeXy4L9TOu1jg
+TwXMHWlq+PAAniwTjjAxrwGJ3HpImfLaksVjGJxniEYEEBECAAYFAkXiLeIACgkQ
+dklABUmu6/bvPwCgvVLQxlTJYHFvSot1AG1oOc4QPAMAoMV6GpPMtrgYjVcFaczv
+7m+t4rLeiEYEEBECAAYFAkXiW1UACgkQW5PAL55KnJ3lCQCfQicMzcR/vgYMR6AQ
+mL0LJXrxGjMAnjsKUKxvivtYYJgmimWwUe+8Z1YaiEYEEBECAAYFAkXiw0YACgkQ
+fk6lT9CrQHWEIgCfeh3GOsUbJz3HwoJp4Fhc9wzic3gAoNztXrSsJ15tuG0WETN3
+Dy7DZMffiEwEEBECAAwFAkXixHwFgwKGPtwACgkQcxyv01PBoy8jxgCgx9GeUDRf
+VDBYFIV7xkdfJlfiEDAAoJDPri9GY0rv71xsDOkUKi1rD6GLiEYEEBECAAYFAkXh
+4voACgkQeGfVPHR5Nd01FgCg0T30FiLvPq1Wo0Oerb7n2bHzFKoAn3em1Xsv9MJc
+RR9wbimgeJmlKDM7iEYEEBECAAYFAkXizqIACgkQ2hliNwI7P08vvACfYZ5Bmdye
+XRi9SEx5uuwuc7qYcJgAnj52eTucZYVyHiPg/Ps9SRqRJq9NiQIcBBABAgAGBQJF
+4s7iAAoJEFIiU8PXJzmBZVcP/2j+knr/TnAy18so2tzJd6vxF3tHXiIGcS7pyyXL
+/Yq0p624P34dsmcaIJ20iwTHQVEQNkCtdt2sF1Ho+yboIZ9Up1C74tvzqiOfqawV
+eEMdK1PQaJsBEBPr1h0v9KhZnNMPiM6KAQtD14VSPbU7z6v7yjK20i4gZcasOhJM
+rH3EYByCHsaTzQfZDA+GG6E70x1zksabYWN4dHoToZ0XosOuwkBt9AjEF3T6dNbr
+x/OuehdwgOSxoU7/k/qxgHCfEhYkoYxfnF1jpSOw7QhX44S/w/UvVINkljIoKM+G
+BPmrdNUhs7NGoYoxf3I31uvExv5gcQVxebmN60VNO3/dvZLNqDMvpfZ6VT8HA7yr
+GB8DaL7TeDOcEuVFqYF+pCOGTz1fp52p9hVKjQnGSPfqVLMjrxCI7HWZBly4Mi+V
+mjd9Q4WTc/cjFhiTmjR5UaXQ5vHT16Zzz6FxSpuzt4cmpkltZoymjDxtjzIoApR9
+Sn5yuZGNg/xvs9X5OZDORLPh/sz8ksQzLKdyL8BPpHQCBZapWv2PuiENpmwG2kc8
+8zqwddvmKTX5Amz5qUGTD93LtWCIHSf2frq3RNJ0nqR3/soC+1rrOmn1D+RlhRTX
+tgUiUf+hXHdq/j1ew1P7oYWwLusqhECVN/1+Bg8MM78cUMke/QviWKXqIOf4AM3V
+mvtpiEYEEBECAAYFAkXi+TsACgkQi0rEgawecV7H7QCeJngXmqYTFwSH0jfcf+Ia
+1DlAoakAnj4Uk1Ht8PaEJsRv5vNYt8HkNT7viEYEEBECAAYFAkXjIqgACgkQ06Nw
+BK5NHNQpNgCgl4xfWCc9Up+Mq9wIXZc44WuGVpQAoN9v+RDoNgj/SLPaqjOzZqdj
+hwATiEYEEBECAAYFAkXjLSoACgkQs7H4GgJ4eIBUAQCcCFscWaidGGh3B7oVJqTt
+I8N4XEoAnjDvewmf1lvfpLaOO2c5iCat+AsoiEYEEBECAAYFAkXjQPcACgkQOJpW
+PMJyoSZfbACeL43DwlkxbaN0fG5hX3YTI28xdnQAoJRMDoknf2YJS1cSlKAHLbOU
+CmPKiEYEEBECAAYFAkXjQN0ACgkQH38yahLu9iqlwgCgrECipUP7veV2ROZWgxrx
+IaBFzNkAniTIO3MWz5uzFTzuqvVCcBskLju9iQEcBBABAgAGBQJF4zp6AAoJEOjg
+YvYNywQx7e0H/jufUUzX7Yw7sX2iFVN4sCIFbPJ13km/75+W63NRH6WhBnTa1z1h
+7w8v7ugEWd/OhuReHc9xG+JLoGgPvz+KdKTyJkZnokUYHMr6QE3RBfv2O/O3YZJf
+31bOv6Iy8ewauS6TsR7PUmSI4cV5HT80tOk9Hac1dog1WxlM9ZmS/LskBdHptc5X
+aIrMMxdPIKOJKFnhK17WQMtCobubqfLAyEmlFp5tlQx6xS3a/Dxc6VL/Gd+HvlzY
+olaD/fPXROhsdqoAYZkf6a8WOeCQsTIf3rL00S43/XM3t7dTyPNJiv5Jqds7FSLH
+dUiHcPn482HeGcw4uIAPJ+uE5b+YJXRp+QyIRgQQEQIABgUCReNLlwAKCRAonP/A
+5jzW1rOCAJ9L6VNwC3YPMk9GquKkCXV9aFYuWwCfRFapHzpBOlqjyGgOaZ6HQmky
+HXSIRgQTEQIABgUCReNEyAAKCRCMJe4PDcC31u8IAJ4wdJrBzCyI2byvKEh9JFqT
+8ZoghgCgymlKpEr2NMvOyIsy0GIo6HakLwyIRgQQEQIABgUCReNVBQAKCRCYS9OA
+rF9wDDMvAKDSNaHT/n0AOoeAi1o2hCtap3R4ZQCgzWNuY7C86gnCZ9CakGjTd4JL
+zceIRgQQEQIABgUCReNPSAAKCRAhp7U7gAlp78A/AJ9hRfyRGslSji/vvWGzS16Q
+VXkcWgCeOIaLdxjjkktjiGWfS/58OGUYh1qIRgQQEQIABgUCReN9owAKCRDPEjR8
+lovVh3rwAJ9k3Exch/OIzqXozpg0k6yt9MUMdQCeOpBpzOZoCFbqkg65f9UeD5q2
+DeOIRgQQEQIABgUCReQa/gAKCRBkNkNhCfNAJHkMAJ4rhsrQceSbxnBSVeTQZYjh
+n8YbNACdG3uYyP8loyv25/PMdsJjad5nAOOJAhwEEAECAAYFAkXpWk4ACgkQV5MN
+qwuGsGf1lw/9HYUm+Lyrl9B+mdxMr5XoWK42VCo7/LU/gdDlpr3sblBAulbWjxnV
+dGxyFiIuwI4o04LcEQ7E+qi4PjfMHwM3xpaAis+wQIhdlIGqf19CcGxF6tDoEsyd
+C1OX7BwTI/QW9qR1ZmVaspSaaboTEp0OKWhHLX6ty7NFCbJTYRrX5QBOoiGrLCKW
+aiPGmXwbQugFh5OwLFJfzEOBpcZJjZlTSaAULfIewxCtNgDqsAS2KxzUsqgZZo8/
+dAnd6vDJ7IdXe9NvjSWRdiLho6kgL+RNmljQmUNs5KDIThk5aj7JRMyIW+xv2tCN
+ttqcfA7QM2F/KSgNMy1fuFtOqSzq26ojxDgQjxOMLfLf4za7dG1YN4ay+kn/twGK
+YAxty1xK4RmxHD07DkVHkDFnBrWi3ygrNvQZZ+VgVYHoiQA797e8OBDBQY+YFZR2
+rjWw84qeKvfotweFo5m6pOxzqX5sZYjihCF+mihPUn3nCV7WuwNaaLTvKYNC5Xs7
+n4ze9stz0lCGtFZ6nTAFcmFzGFD7rwE5Ra9Kln88KpeXfye8zYoBc1wltIgZb+YK
+k6aKifm8ma9kVHbQv0Nsplj+P3AHEnBa0eGpw534jqgXjhkAcu3HmHeA1nd/DwVP
+n5+Gfa5/B3yEZSd8tgou5y7MG26d/Bi4GGMKtrYzaMbhq/+Pr2/HN8uIRgQQEQIA
+BgUCReWBtgAKCRB5DoyUYf/aq1uUAJ4sGur31pRLdR/KHlDoyQsqewHeBgCeOEFl
+abOQVqHjaSVnEt5uHCBWBF2IRgQQEQIABgUCRe3kuQAKCRAwaekht5qHHGbrAJ0W
+7gdbJW0SwHmwY1IU5cr4EnbImwCdFfzX3pDLL8F+nupsuSgUxWOFsrqIRgQQEQIA
+BgUCReTBXQAKCRBwsgMhOvWdFubfAKC4EM92YRnv4c8ENmwUzHlddgMs4QCdEFoP
+wR7x7HgXXuf9eGvlfKbdEl2IRgQQEQIABgUCReqhowAKCRAvlRUIquYCLpAlAJ9l
+F2s4WaxBy72R9HOejdi3TR2COgCeM2ZzfL2NPaYKQOqe/mBkH547sgaIRgQQEQIA
+BgUCRf9scAAKCRA6kP/BFAjX8UlBAKCA0EDBykHbbCpXECi93btpAXmo/gCdFhCj
+YEYfDYK3J6aVtk6TsoL0KjOIRgQQEQIABgUCRrXYMQAKCRBd4kmWWwNYorELAKCe
+C1hSzbUsAwOGzYvqiAByFZBLGwCglvOkljot0HE/3GfnnTGXak013kaIRgQQEQIA
+BgUCR1m07gAKCRByBDZwveXx7kW/AJ9hN5GhsrBOYbKygX5CAZXKNkm9iACfdXq9
+WKtpPFTqVLAYnv3crL4LGIeIRgQQEQIABgUCR1m3zAAKCRDhDnoJ5y95+k2MAJ9q
+wPkrhFPctC1M8a+ef8HOmshvjACdE7Mga0AcAObY/cYNu3ar5GcvkWKIRgQTEQIA
+BgUCR1pzJQAKCRBoa1bdYIokmy3KAJ0YH++OF0tmmb1816XZL6iaPEA2dQCdGgTD
+/dfAvPE3+TXdbBCIPrd/YXaIRgQQEQIABgUCR10ggAAKCRC3nCiw6X+FbcwuAKDR
+ub4/V8/4r12srO7jnemqoWqUQQCgjKULl0mHjzlwwhJIhhvmA7aHuZmIegQTEQIA
+OgUCR1yTYjMaaHR0cDovL3d3dy5oZW5yaWtub3Jkc3Ryb20ubmV0L3NpZ24tcG9s
+aWN5LTIwMDYtMTAACgkQ516QwDnMM9uJNACfcNHCcZ68HDIOeELxDAVUcs6Ohe0A
+nRbqDI9wciFrvY3NBhTf5ZrWrp05iEYEEBECAAYFAkddH84ACgkQ8bpMHtHIuo8l
+UACfRyTbEF9UTA5cgC9h+Ki1MADMCwUAoKCYd4CvSJSsLpggJqxRGh5xWgmBiEYE
+EBECAAYFAkddhUQACgkQhQZbWdUt0afiaQCglSfNOE9hln6LnUiOZcA1OqvvKzUA
+n2kOWUE1bpJ0nT8f98rej0x1r8+riEYEEBECAAYFAkdcC9IACgkQ7b8eESbyJLgT
+2gCaAiZB/OBvoxDh2tXrE7UWsaQ/aDgAoKz1sLDhM+GyO6hUsvCc6DMTr4Q9iEYE
+ExECAAYFAkde5N4ACgkQhcIn5aVXOPLUJACfXWv0ygnQYo/j5vd6z1KadkbJavcA
+oKcZCeWDa2AmsKHMn2kD3sbB2SiyiPsEEwECAEUCGwMECwcDAgMVAgMDFgIBAh4B
+AheAIhhkbnM6c2ltb24uam9zZWZzc29uLm9yZz90eXBlPUNFUlQFAkXV1VgFCQuT
+/C0ACgkQ7aIelLVlcW/oNAT7BnY+otbWxp6nuX2aKTnnmXVsVXS1DWFXLPplGwAp
+6b2rdlrm8pdj1BsXr9J4mLTBPdGmcJq7Yt7Srw9o/Lb3j9LqcZYBIQP108oUMOQo
+DAgxgxln9ES0CucRAbFrrjeIFeZ9WM3ceoo4nmcDSXxOHTizjODgj5GmhNvSYtE1
+V/wZxEgT1s91v0dNBYw3XP5deHgTuTpZskFf8wCk/kdLQYhGBBARAgAGBQJIRLl4
+AAoJEFAsTymWnyod1UAAn2eE7xX2Tm0cJTuGM86y/DTgYEWOAJwLQTb+RmtjruSp
+boc4HQ+HHP4T9ohGBBIRAgAGBQJIWW8rAAoJECTTK/mqlcNJLoYAnjT3gs2YZrIj
+XS+XrW8VGc1W013uAKCophfcMkBjGBdHkDUNWvDce6uGJokBoAQQAQIABgUCSQa/
+OQAKCRAp7li5loZRcRIvDCCoP0WynVZn3xtmZbozv1qkW0O2WjDdR5Kxs3ti31vK
+5HoVf+Qyii0U9AR/OJ26Rcjj1TOBR7975vNn4dMgw58ensBZRoBnO6L5i4xw5bSO
+/DsrRBZirfzu0jN748rc9f/17fa7ZWlg64QNrZzBEN/cQOwK8bcqUcsIXOddNxbp
+/udWVEoBhsyZZFCmpvP5APG+g9FPsd2cGXAcy3wVvj+oJ3nNr2RKID8cbpGD67S2
+0RNma1BtFNUbm1F7u+n5+LbqyAd2meLxXQmN2pf8QSJIOieZVtXc0XPr2PE3/aZ9
+/4CscoBOtSJtO/2/KQCiyQRHLqJsyJ/pVkuJ6dzuIeh61ThUkFv/+MSueYlOxfZ1
+ZqUAMJo9vdUpeyrMKdLH+DQyec7qOIgxaEVCo77XnBu7NXUQU9dA2ppKr6tTyArE
+DeudKE4UGg8PlQ4pi9YVUcDlHc1CM/gJCuUkcz+g3t54bmMTKUm8acQjkLmBj+W1
+IQdt0Y4CcFnqq9uESGRqmxDQ/aLRiEUEEBECAAYFAklnJY8ACgkQRzjqIWV0mXol
+GACXXwrZtQIo93VS0waciEtZZOYmKwCeKlzfXkACcBQtvFWYLlPlVQj4Ns+I+wQT
+AQIARQIbAwQLBwMCAxUCAwMWAgECHgECF4AiGGRuczpzaW1vbi5qb3NlZnNzb24u
+b3JnP3R5cGU9Q0VSVAUCSGH5iQUJDRh0XgAKCRDtoh6UtWVxbz4eBPsHj7IiAP6z
+HbcDHsBHBMjSpn3HUb20liyVcpCe+gSDFE3toAQKw5pPCE/mt/MnW2F+13x/jJiA
+7Sn07hrGTJk47JRFUl9BwnPYQ2m4WaXUryM6W9krOKWJMskwp9DGane90wmTF/x7
+TMNHBk98D7adX3RY+07x+yHjA5HP7wkj3GXMSblaUb4Ksx3Cihq8aDvfCHhdFy2u
+cxAadCbTbh3iiPsEEwECAEUCGwMECwcDAgMVAgMDFgIBAh4BAheAIhhkbnM6c2lt
+b24uam9zZWZzc29uLm9yZz90eXBlPUNFUlQFAkmhLgAFCQ6tWk4ACgkQ7aIelLVl
+cW/pRAT/X8oFdC6KZMRTukipZfy2cp2zQWmYs93T5Itr5VrqU4kGzIyeGpYlIS+7
+jD1/jILjK3DYQLXpwNOf3ABwulLYYTeX5SmHk5KJhi/UW059X6tOZ6lppW24fRL9
+3OzX6gVBHGpj4qfirLzM7eq+VyJf93he8znYOWJ/vy3mXa/QdMLmIL1eC+Z2Aysu
+lpDAOeIDzQbQNqbPMoNrmcO6VnZyHYj7BBMBAgBFAhsDBAsHAwIDFQIDAxYCAQIe
+AQIXgCIYZG5zOnNpbW9uLmpvc2Vmc3Nvbi5vcmc/dHlwZT1DRVJUBQJCQFzQBQkG
+WKOkAAoJEO2iHpS1ZXFv0QgE/imT/O1AX5dXkviStcSZuMCwZv0L4j7g6hFRj+ZY
+O80CMammSEUP7xDehC+D7V1w+wnmtAdJeADbDVs6xOScr0NqbJjfksd31PRlKWVc
+5Rf2rdB4qIMFhzYoHflm3Eo0gDgu3moOBhtKC2URHENj3gEJLLhgCl3ABN6Lc7fa
+3kihH4Guh4iv7D7Of2ZW6WSfelFcHJgNf+xzFxO1bBEv5Q2InAQQAQIABgUCSw6c
+nwAKCRD1TYragIIf6k+ABACFJpUa/RJ1k73Tagx6FUKE4SVP8DdlfJyAk54GeQug
+NMz+lU1HRduHQZSKCOpNd75Fwtf+u5V1P2vU06YuCBM0Y629LReYkbxQUFJXbgcs
+2zSXRoFpJFc5rAUI0g/lnlZOgKQ6XcOrOeU4O7P+uNx+nih6+eAL1iHpDAdAvZTp
+54hGBBARAgAGBQJK/ASbAAoJENG84OKPoRoVgpAAn0UxXXsO8AC23hNCfuvgjSaA
+9kYnAJ4u5O69pG6D9X0ZmxSjBVSxv6VD2YhGBBARAgAGBQJK/BdwAAoJEHJZXrGB
+cEuTggAAoN5Z9FTq5ZsRFYBMq4pM1IIi5TbhAKCNUYEW6JV1TeYtU216eCIVuOV8
+Q4hGBBARAgAGBQJLASucAAoJEBgFUbrZWjw1BBAAoI0+3cP62FnI3Z1TRcf+OHU9
+VnSZAKCA2suW6DOY2I/dKl6cP44NTvUc0YhGBBARAgAGBQJLDEARAAoJEHfdleLq
+Uuz0thAAnRssFLNOymUkbXRMV2xCTBxX/MpfAKCYjyOzjPSVoS5eNl+VlRSOAM1G
+v4hGBBMRAgAGBQJCSQGLAAoJEI/Dcl89aNY6Fn8AoLW/JrZSPK4Odr0+Q0VPgrdz
+bg3xAKC+yF/Nt3s23ux1XoIXoq396u85iohGBBARAgAGBQJLHGRGAAoJEMcaTGXw
+WbHRgkUAnRLnoCpmX6989NXjLRnSNS/dzq2UAJ0QHa6xy3Sn2641FpQ4LLsXwLrZ
+wYhWBBARCwAGBQJLEp4JAAoJEPKthaweQrNnybMA3ixjtagoUDd5XAO9addD51xR
+SP6tBBnSpzAniPcA31KUOXObtU+ns4gDrv81TxB+LJdJZMdYJkvC8aGJAiIEEwEC
+AAwFAkLYsPEFgwBU+d4ACgkQquPmzmahRGhfdA//cVfLmv3s4VjruQA4BxNcnljF
+kLHnCMfUwOUFUIPKaYwNxNkRHv5SWwsHlYcH70prr7spkUMO9XCHZqhdXc/UfJm+
+tjda9Ow3D8Ym4bR4uKaBDcSB6rxG7Tkde2OkJeA1uD4ytbrfctsufByul04qgrW4
+ON4xHG15Na/aiyZdi4KKWCUNSiQsH5/gwlWnUQNhYFXJTBlBiHYok8KddvhP+9KG
+KDMy8JvuzFIGyVKUS8rbHOX64U/dYl9pT6HspQBwENOvNVomsL3sZarQD7aPRo27
+Z8N9qEjqiCXG2zITfBvO6ZLwYZOcF31TO5MrrQRYSB3EBRnrhpGaYHl7eNDXFCX3
+5/ijn3l84HUMJsDZaPStGq8TaSLpILoL1XjbbCo9YLVuyJGHC5r5Q8koc/3MrYLj
+RFPtVtGXhu9046YbPJgkpQilXDVnMtpe8/w7wd1T4m2nOduf0sNWSKuw0oURx7/M
+dNv+ufCxFu4Er72eI98rmUjYC9pYD82mKEKPvMrByvXalYlQVwByMFWU5l6bW+c8
+UHB7RVJ0edSA0gHwRne4I1OTSTXyip4C4wycuep5iRjMP/tdxeVxXIxjwvbemSqE
+Lne9divE0SHM1oBjJ4JGock5eCiMD8Vc1p1DdCJHLDv+cjtybnVs82Aeq9UKJgkg
+AAProq7LScFbQVrAgOeI+wQTAQIARQIbAwQLBwMCAxUCAwMWAgECHgECF4AiGGRu
+czpzaW1vbi5qb3NlZnNzb24ub3JnP3R5cGU9Q0VSVAUCQkBc0AUJBlijpAAKCRDt
+oh6UtWVxb9EIBP4pk/ztQF+XV5L4krXEmbjAsGb9C+I+4OoRUY/mWDvNAjGppkhF
+D+8Q3oQvg+1dcPsJ5rQHSXgA2w1bOsTknK9DamyY35LHd9T0ZSllXOUX9q3QeKiD
+BYc2KB35ZtxKNIA4Lt5qDgYbSgtlERxDY94BCSy4YApdwATei3O32t5IoR+BroeI
+r+w+zn9mVulkn3pRXByYDX/scxcTtWwRL+UNiEwEExECAAwFAkLYsNEFgwBU+f4A
+CgkQa3Ds2V3D9HPaIQCgkWvOhiORHkA1lht5f+jNB5xAKYAAnA0Kg/JKZrGvA7oG
+JR3XVs7zRs/FiEwEExECAAwFAkLYsLEFgwBU+h4ACgkQgcL36+ITtpLuwACdFi5e
+iQDLrrGLThgPU4O2yxgXDucAniWqyEVWfs1HnLOe7S2KhgsXDJzniEwEExECAAwF
+AkLYsI0FgwBU+kIACgkQGFnQH2d7oezt8QCfXjmAsN4+tvGt/A3Z0bn4i6+m+1gA
+nihGZHKHHCnBqEYT7nbzXPZVOtD1iEwEExECAAwFAkJJRAoFgwATzkoACgkQZr5x
+/2dIaIPZGACdECs/Brf5HO0PWPwIYf8GTur2kPUAoIHIKUWKCeoNUF2FnUzvx8b3
+uC7viEwEEBECAAwFAkJNgrUFgwDgKBoACgkQO46kH4L2EkA4fACeN2w05Staf2i1
+8Sdv9aRax1hb53AAoL1ZYuFfT+qVYT/afh9wD7UPlEVUiEYEExECAAYFAkJJAYsA
+CgkQj8NyXz1o1joWfwCgtb8mtlI8rg52vT5DRU+Ct3NuDfEAoL7IX823ezbe7HVe
+gheirf3q7zmKuKsEPNUHewEFANj02qE/ETZBQ5V+1Ajgfb2kRca1/nTe5ekDvjtD
+IO3VXYyLRJ2mmJCfq+C13nCOOx6ILFBhMUXQ2Bk9A6u2mfBpAuFCj13N6tilkN4m
+98I96pwhptyF/yNuPcnWCwM0MlqjFtPcCweb8YT4uMo3reBUxlprWFJRsw2+/ulW
+YpWEU7ctL4RReHFV5Ttkfr4D8RTL1HO6PFhg50N4slgIs5EABimIxQQYAQIADwIb
+DAUCS4PgSAUJEL4wzAAKCRDtoh6UtWVxb9ToBP9Sy8/cIpo/CC+UL2YITRPnkGNa
+JHEGeGV6nLbdmh/of6DW7sSxijUtNwOHNqzooQqtl099VsxqDaL9sZbZTrJb1K06
+45q51aptZXkD2qV2vixgQPZQgAOAspwH741nwHAs5F9/DaRSqw2HE1eEHW+KzTPs
+KMtr7rhmMwCd6M/TnQUW83hxsa4GQcre6f8jq3p50RMwQysLYydC/fA0boFouI4E
+RBwt6wEEAOaG0PWwW6l4Z+nUf4bftXyaeB/jsGwFL3dEj7eZmM12r0zHj7JhQJa9
+bXZIsPYRtoGIoKiVjZ7Qr2obwtLyQRl/I9LL4r+8FRbbxhtCF7gOfeDtP9DXwms0
+3JY+T29WE6WdBD22tdNbbFgIAc9cZWAezh8PDP0BrKarAK7fq3AFACDNzuRhiMUE
+GAECAA8CGyAFAktHQWcFCQm+QXgACgkQ7aIelLVlcW9VbAUAiVWGH6mxz+3K+GXR
+wAKAjhKxkroM19MaHMsFN1XJaa/udyWGVnnNWn03wwLiXq/eVteIDxpnwVhegruR
+rfy43OljfOWv5VdZSL6gk5AZ1g6e2/v1OjzshNT3899cU0FyHa6QJ/23/RfTjGpB
+giw9/P+r2CexOKtDGLIhx+U34e0bKKpapazmAYVKnnDmYsypNKkpB2RQXTcztEc+
+H6ieWriOBEQcLtIBBACsHgigl+x7ysKpE2RXNiZu3G/POu3KXcuuW42BLs3itM4u
+AJB5QnyWCoSvaHcoRnw+MYFY1jDDeuP8ydfriO/9hur1fElz++QUFFhPUhKoazN4
+Vzc/QpNedVqEXnEbgxpDqaHLg+Ayrf80RN08f5Mn4jc4v/8o5rQykaPCa2cauwAg
+tfPwh4kBkgQYAQIADwIbAgUCS0dBeQUJCb5ApQDXwAsgBBkBAgA0BQJE8zgTLRSA
+AAAAABUAD3BrYS1hZGRyZXNzQGdudXBnLm9yZ2phc0BleHR1bmRvLmNvbQAKCRCn
+JxPIqrsfe3woA/9hac8iRbiR8BZTkT3c//RH0MdrWXLvM/clZumbsvF77YRI4nA+
+fcZZKfeH5PL7dSE4iyogQzQhJD5I8Ab+W1qCFxP9dRadS2iVxvphRUFyNC3nzCnF
+FZnAR/BBHnxpN8kcEMMddZOrnw31ihqXBMIVK+IX9TPIcDKynd0GN7vv8AkQ7aIe
+lLVlcW+gnQT7Ba4vgBu4MGskuyNh9QIVQZzhp0bL3G/fulWvq4E/NmtUlcv4lDbd
+eiT0gLneDfcCvyvXW1P1bW7IuqzfFfkrrEHzy2sfgMk397iBqVQFs77JFQqiBKeC
+TCPjaSZ2Sb/CgwLYOpXzfz3NLVIGqbxfDlGwfR30ywC6TLKv6ofxorqcS1j7b/ft
+XW6pu7VHswRCGpmO6LO/Gql1NoZyWoSTRbiOBEQcLwkBBADEIt6ZjHBaobBcFSox
+fvgZNBQuS+1JzzaxdaLHKuE83JrFgq4C+Uo7SeRcYQDBL9gwLib6AnuJOKyQb2JY
+9+hc8rlLzUCNFfs0DwHfgEBvmsltbZ4fKk4tD30xRQFjO40suqnAFlN66ahrPsOC
+ggc2kykPjH8ivDWZfzfE2FDoXwAgpq05TYjFBBgBAgAPAhsMBQJLR0GCBQkJvkB3
+AAoJEO2iHpS1ZXFv5RAFAJZhm/6jE0qkf64f97wnb3eBolwn2cOQQ1vxOK7yy3sR
+dpCbw6rKuelnI3P5zm3xXHKCiWGbCq6ifEBqzkIfF99//WExmOeKM/anGon83bPF
+XGIpR8SidD/N+dKXY66Y4oPeuVrwM8hpENPE+eHTbBQXrg8dA4smJsS3BIxvg0wc
+h6I36n7XaKrAtf+zpargt/BDloG7q1MrK6WQPihnxAw=
+=ZUSS
+-----END PGP PUBLIC KEY BLOCK-----
+
+----------------------------------------------------------------------
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
--- /dev/null
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+\f
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+\f
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+\f
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+\f
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+\f
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+\f
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+\f
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+\f
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+\f
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the library's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ <signature of Ty Coon>, 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
+
+
--- /dev/null
+2010-12-07 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Don't fail on 'make distcheck'.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.11.6.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c: Indent.
+
+2010-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: documented SSL 3.0 record version change.
+
+2010-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
+ SSL3_RECORD_VERSION priority option is now the default. That is in
+ order to not confuse non TLS 1.2 compliant implementations that
+ don't like a TLS 1.2 record.
+
+2010-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_str.c: simplified escape and unescape.
+
+2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: Added Michael.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, lib/gnutls_priority.c, lib/gnutls_state.c,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h, lib/nettle/rnd.c, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_secret.c, lib/pkcs11_write.c,
+ lib/x509/verify.c, src/certtool-common.c, src/certtool-common.h,
+ src/certtool.c, src/cli.c, src/common.c, src/p11tool.c,
+ src/p11tool.h, src/pkcs11.c, src/serv.c, tests/chainverify.c,
+ tests/openpgp-auth.c: Indent code.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/top/maint.mk.diff: Remove.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Update.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c, lib/pkcs11_secret.c, src/p11tool.c,
+ src/p11tool.gaa: Fix syntax-check nits.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_bindtextdomain: Ignore more.
+
+2010-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, build-aux/gendocs.sh, build-aux/pmccabe.css,
+ build-aux/pmccabe2html, gl/Makefile.am, gl/arpa_inet.in.h,
+ gl/float+.h, gl/gettext.h, gl/inet_ntop.c, gl/intprops.h,
+ gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/getdelim.m4,
+ gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-common.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/mmap-anon.m4, gl/m4/printf.m4,
+ gl/m4/readline.m4, gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4,
+ gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
+ gl/m4/vasnprintf.m4, gl/m4/wchar_h.m4, gl/printf-parse.c,
+ gl/printf-parse.h, gl/stdint.in.h, gl/stdio.in.h, gl/stdlib.in.h,
+ gl/string.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
+ gl/tests/Makefile.am, gl/tests/init.sh,
+ gl/tests/test-select-stdin.c, gl/tests/test-select.c,
+ gl/tests/test-update-copyright.sh, gl/tests/verify.h, gl/time.in.h,
+ gl/unistd.in.h, gl/vasnprintf.c, gl/verify.h, gl/wchar.in.h,
+ lib/gl/Makefile.am, lib/gl/float+.h, lib/gl/gettext.h,
+ lib/gl/m4/alloca.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
+ lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/iconv.m4, lib/gl/m4/memmem.m4, lib/gl/m4/mmap-anon.m4,
+ lib/gl/m4/printf.m4, lib/gl/m4/string_h.m4,
+ lib/gl/m4/sys_socket_h.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_h.m4,
+ lib/gl/printf-parse.c, lib/gl/printf-parse.h, lib/gl/stdint.in.h,
+ lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
+ lib/gl/sys_socket.in.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/init.sh, lib/gl/tests/intprops.h,
+ lib/gl/tests/verify.h, lib/gl/time.in.h, lib/gl/unistd.in.h,
+ lib/gl/vasnprintf.c, lib/gl/verify.h, lib/gl/wchar.in.h,
+ libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.
+
+2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/Makefile.am: Temporarily remove gendh test. It takes
+ extremely long time under valgrind.
+
+2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_sig.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/mpi.c, lib/x509/sign.c, lib/x509/verify.c: Use ASN1_NULL
+ when writing parameters for RSA signatures. This makes us comply
+ with RFC3279. Reported by Michael Rommel.
+
+2010-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/serv.c: Corrected buffer overflow in gnutls-serv by
+ Tomas Mraz. The gnutls-serv uses fixed allocated buffer for the response which
+ can be pretty long if a client certificate is presented to it and
+ the http header is large. This causes buffer overflow and heap
+ corruption which then leads to random segfaults or aborts. It was reported originally here:
+ https://bugzilla.redhat.com/show_bug.cgi?id=659259 The attached patch changes sprintf calls in peer_print_info() to
+ snprintf so the buffer is never overflowed.
+
+2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: increased revision
+
+2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am: Added p11tool.h
+
+2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: released 2.11.5
+
+2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-internals.texi: escaped chars.
+
+2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-internals.texi: Updated extension writing code. Still not
+ clear enough.
+
+2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-cert-auth.texi: PKCS #11 fixes
+
+2010-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c: Corrected pkcs11 example
+ URLs
+
+2010-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/pkcs11.c: Prefix mechanism number with 0x.
+
+2010-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois11.h, src/pkcs11.c: Added camellia and
+ SHA224.
+
+2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac, lib/configure.ac, lib/nettle/rnd.c: Use rusage if
+ present. Moved check to correct config and included resource.h
+ header.
+
+2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: More details on the text
+
+2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Corrected copyright statement
+
+2010-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: Corrected copyright header. Added Niels.
+
+2010-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_cert.c, lib/includes/gnutls/x509.h,
+ lib/x509/verify.c, src/certtool.c, src/cli.c, tests/chainverify.c:
+ Reverted default behavior for verification and introduced
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default V1
+ trusted CAs are allowed, unless the new flag is specified.
+
+2010-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2010-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * tests/suite/Makefile.in: Remove, it is generated.
+
+2010-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * README: No space at eol.
+
+2010-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am: Fix syntax-check warning.
+
+2010-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Ignore tests/suite for syntax-checks, not our code.
+
+2010-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * README: Recommend git format-patch rather than git diff.
+
+2010-11-24 Jeffrey Walton <noloader@gmail.com>
+
+ * README: Attached is a proposed modification to the README file,
+ including recent comments by Simon.
+
+2010-11-23 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am: Fix dependencies, fixes parallel builds. Tiny patch from Graham Gower <graham.gower@gmail.com>.
+
+2010-11-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Remove file.
+
+2010-11-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac, tests/suite/Makefile.in: Create Makefile in
+ tests/suite/
+
+2010-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa,
+ tests/Makefile.am, tests/netconf-psk.c: Deprecate the netconf
+ password and use a key only.
+
+2010-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/credentials/gnutls-http-serv: correctly set psk params.
+
+2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: added info
+
+2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey_pkcs8.c: Correctly write DSA public key in ASN.1
+ (add leading zero). Reported by Jeffrey Walton.
+
+2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c: cleanups
+
+2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-auth.texi, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in: Deprecated the key derivation
+ method from netconf. The published RFC does not include this method
+ and it is not known whether it has been used at all in practice. No
+ need to support it.
+
+2010-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_priority.c: Added SIGN-ALL, CTYPE-ALL, COMP-ALL,
+ and VERS-TLS-ALL priority strings.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: Removed redundant error check. Reported by
+ Nicolas Kaiser.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+ src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.c,
+ src/p11tool.gaa, src/p11tool.h, src/pkcs11.c: Added
+ --list-mechanisms option to p11tool. Lists all mechanisms supported
+ by a token.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, doc/manpages/p11tool.1: Added manpage
+ for p11tool.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/certtool.1, doc/manpages/gnutls-cli.1,
+ doc/manpages/gnutls-serv.1, doc/manpages/srptool.1: Corrected my
+ name.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/p11tool-gaa.c, src/p11tool.gaa: In p11tool --url was renamed
+ to --export.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa,
+ src/pkcs11.c: Corrected bug in secret key copy. Rationalized the
+ --help of p11tool.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c, lib/pkcs11_secret.c: * Corrected flag conversion to internal representation. * When generating secret keys include a generic key type and a
+ random ID.
+
+2010-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/p11tool-gaa.c, src/p11tool-gaa.h, src/p11tool.gaa: Added
+ option --no-detailed-url to p11tool. More detailed url is the
+ default now.
+
+2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/includes/gnutls/pkcs11.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_secret.c, lib/pkcs11_write.c, src/pkcs11.c: Added
+ gnutls_pkcs11_token_set_pin() and gnutls_pkcs11_token_init() to
+ enable manipulating tokens purely from PKCS #11.
+
+2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.gaa: Removed README.gaa.
+
+2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore, src/Makefile.am, src/certtool-common.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/p11tool-gaa.c,
+ src/p11tool-gaa.h, src/p11tool.c, src/p11tool.gaa, src/p11tool.h,
+ src/pkcs11.c: Introduced p11tool to separate PKCS #11 functionality
+ from certtool.
+
+2010-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/Makefile.am, tests/finished.c: Removed check on deprecated
+ feature (finished).
+
+2010-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
+ Deprecated old functions.
+
+2010-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: use @code for SAFE_RENEGOTIATION string.
+
+2010-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Doc fix.
+
+2010-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Add.
+
+2010-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/Makefile.am, tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/params.dh,
+ tests/safe-renegotiation/testsrn, tests/suite/Makefile.am,
+ tests/suite/README, tests/suite/eagain,
+ tests/suite/ecore/eina_config.h,
+ tests/suite/ecore/src/include/Eina.h,
+ tests/suite/ecore/src/include/eina_accessor.h,
+ tests/suite/ecore/src/include/eina_array.h,
+ tests/suite/ecore/src/include/eina_benchmark.h,
+ tests/suite/ecore/src/include/eina_binshare.h,
+ tests/suite/ecore/src/include/eina_config.h,
+ tests/suite/ecore/src/include/eina_convert.h,
+ tests/suite/ecore/src/include/eina_counter.h,
+ tests/suite/ecore/src/include/eina_cpu.h,
+ tests/suite/ecore/src/include/eina_error.h,
+ tests/suite/ecore/src/include/eina_file.h,
+ tests/suite/ecore/src/include/eina_fp.h,
+ tests/suite/ecore/src/include/eina_hamster.h,
+ tests/suite/ecore/src/include/eina_hash.h,
+ tests/suite/ecore/src/include/eina_inline_array.x,
+ tests/suite/ecore/src/include/eina_inline_f16p16.x,
+ tests/suite/ecore/src/include/eina_inline_f32p32.x,
+ tests/suite/ecore/src/include/eina_inline_f8p24.x,
+ tests/suite/ecore/src/include/eina_inline_fp.x,
+ tests/suite/ecore/src/include/eina_inline_hash.x,
+ tests/suite/ecore/src/include/eina_inline_list.x,
+ tests/suite/ecore/src/include/eina_inline_log.x,
+ tests/suite/ecore/src/include/eina_inline_mempool.x,
+ tests/suite/ecore/src/include/eina_inline_rbtree.x,
+ tests/suite/ecore/src/include/eina_inline_rectangle.x,
+ tests/suite/ecore/src/include/eina_inline_str.x,
+ tests/suite/ecore/src/include/eina_inline_stringshare.x,
+ tests/suite/ecore/src/include/eina_inline_tiler.x,
+ tests/suite/ecore/src/include/eina_inline_trash.x,
+ tests/suite/ecore/src/include/eina_inline_ustringshare.x,
+ tests/suite/ecore/src/include/eina_inlist.h,
+ tests/suite/ecore/src/include/eina_iterator.h,
+ tests/suite/ecore/src/include/eina_lalloc.h,
+ tests/suite/ecore/src/include/eina_list.h,
+ tests/suite/ecore/src/include/eina_log.h,
+ tests/suite/ecore/src/include/eina_magic.h,
+ tests/suite/ecore/src/include/eina_main.h,
+ tests/suite/ecore/src/include/eina_matrixsparse.h,
+ tests/suite/ecore/src/include/eina_mempool.h,
+ tests/suite/ecore/src/include/eina_module.h,
+ tests/suite/ecore/src/include/eina_quadtree.h,
+ tests/suite/ecore/src/include/eina_rbtree.h,
+ tests/suite/ecore/src/include/eina_rectangle.h,
+ tests/suite/ecore/src/include/eina_safety_checks.h,
+ tests/suite/ecore/src/include/eina_sched.h,
+ tests/suite/ecore/src/include/eina_str.h,
+ tests/suite/ecore/src/include/eina_strbuf.h,
+ tests/suite/ecore/src/include/eina_stringshare.h,
+ tests/suite/ecore/src/include/eina_tiler.h,
+ tests/suite/ecore/src/include/eina_trash.h,
+ tests/suite/ecore/src/include/eina_types.h,
+ tests/suite/ecore/src/include/eina_unicode.h,
+ tests/suite/ecore/src/include/eina_ustrbuf.h,
+ tests/suite/ecore/src/include/eina_ustringshare.h,
+ tests/suite/ecore/src/lib/Ecore.h,
+ tests/suite/ecore/src/lib/Ecore_Getopt.h,
+ tests/suite/ecore/src/lib/ecore.c,
+ tests/suite/ecore/src/lib/ecore_anim.c,
+ tests/suite/ecore/src/lib/ecore_app.c,
+ tests/suite/ecore/src/lib/ecore_events.c,
+ tests/suite/ecore/src/lib/ecore_exe.c,
+ tests/suite/ecore/src/lib/ecore_getopt.c,
+ tests/suite/ecore/src/lib/ecore_glib.c,
+ tests/suite/ecore/src/lib/ecore_idle_enterer.c,
+ tests/suite/ecore/src/lib/ecore_idle_exiter.c,
+ tests/suite/ecore/src/lib/ecore_idler.c,
+ tests/suite/ecore/src/lib/ecore_job.c,
+ tests/suite/ecore/src/lib/ecore_main.c,
+ tests/suite/ecore/src/lib/ecore_pipe.c,
+ tests/suite/ecore/src/lib/ecore_poll.c,
+ tests/suite/ecore/src/lib/ecore_private.h,
+ tests/suite/ecore/src/lib/ecore_signal.c,
+ tests/suite/ecore/src/lib/ecore_thread.c,
+ tests/suite/ecore/src/lib/ecore_time.c,
+ tests/suite/ecore/src/lib/ecore_timer.c,
+ tests/suite/ecore/src/lib/eina_accessor.c,
+ tests/suite/ecore/src/lib/eina_array.c,
+ tests/suite/ecore/src/lib/eina_benchmark.c,
+ tests/suite/ecore/src/lib/eina_binshare.c,
+ tests/suite/ecore/src/lib/eina_chained_mempool.c,
+ tests/suite/ecore/src/lib/eina_convert.c,
+ tests/suite/ecore/src/lib/eina_counter.c,
+ tests/suite/ecore/src/lib/eina_cpu.c,
+ tests/suite/ecore/src/lib/eina_error.c,
+ tests/suite/ecore/src/lib/eina_file.c,
+ tests/suite/ecore/src/lib/eina_fp.c,
+ tests/suite/ecore/src/lib/eina_hamster.c,
+ tests/suite/ecore/src/lib/eina_hash.c,
+ tests/suite/ecore/src/lib/eina_inlist.c,
+ tests/suite/ecore/src/lib/eina_iterator.c,
+ tests/suite/ecore/src/lib/eina_lalloc.c,
+ tests/suite/ecore/src/lib/eina_list.c,
+ tests/suite/ecore/src/lib/eina_log.c,
+ tests/suite/ecore/src/lib/eina_magic.c,
+ tests/suite/ecore/src/lib/eina_main.c,
+ tests/suite/ecore/src/lib/eina_matrixsparse.c,
+ tests/suite/ecore/src/lib/eina_mempool.c,
+ tests/suite/ecore/src/lib/eina_module.c,
+ tests/suite/ecore/src/lib/eina_private.h,
+ tests/suite/ecore/src/lib/eina_quadtree.c,
+ tests/suite/ecore/src/lib/eina_rbtree.c,
+ tests/suite/ecore/src/lib/eina_rectangle.c,
+ tests/suite/ecore/src/lib/eina_safety_checks.c,
+ tests/suite/ecore/src/lib/eina_sched.c,
+ tests/suite/ecore/src/lib/eina_share_common.c,
+ tests/suite/ecore/src/lib/eina_share_common.h,
+ tests/suite/ecore/src/lib/eina_str.c,
+ tests/suite/ecore/src/lib/eina_strbuf.c,
+ tests/suite/ecore/src/lib/eina_strbuf_common.c,
+ tests/suite/ecore/src/lib/eina_strbuf_common.h,
+ tests/suite/ecore/src/lib/eina_strbuf_template_c.x,
+ tests/suite/ecore/src/lib/eina_stringshare.c,
+ tests/suite/ecore/src/lib/eina_tiler.c,
+ tests/suite/ecore/src/lib/eina_unicode.c,
+ tests/suite/ecore/src/lib/eina_ustrbuf.c,
+ tests/suite/ecore/src/lib/eina_ustringshare.c,
+ tests/suite/ecore/src/lib/eina_value.c, tests/suite/mini-eagain2.c,
+ tests/suite/params.dh, tests/suite/testsrn: Added tests/suite which
+ contains tests to be executed during development time and will not
+ be distributed (not included in make dist). Added "ecore" and a new
+ mini-eagain to test EAGAIN behavior.
+
+2010-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: updated .gitignore.
+
+2010-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/common.c: gnutls-cli: Print channel binding only in
+ verbose mode. Before it printed it after the 'Compression:' output, thus breaking
+ Emacs starttls.el string searches.
+
+2010-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2010-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2010-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.11.4.
+
+2010-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Rename new symbol prefix after next stable
+ branch instead of development branch.
+
+2010-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/cha-bib.texi, doc/cha-gtls-app.texi: Document channel
+ binding API.
+
+2010-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
+ src/common.c: Implement RFC 5929 tls-unique channel binding.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am, lib/gnutls_errors.c,
+ lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map: Add gnutls_session_channel_binding API.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/gendh.c: Add self test gendh to check DH
+ generation.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-auth.c: Fix compiler warnings.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * guile/tests/Makefile.am, guile/tests/anonymous-auth.scm,
+ guile/tests/dh-parameters.pem, guile/tests/openpgp-auth.scm,
+ guile/tests/pkcs-import-export.scm,
+ guile/tests/session-record-port.scm, guile/tests/x509-auth.scm:
+ Don't generate DH primes in Guile self checks (for speed).
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/userid/userid: Cleanup, fixing distcheck.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-auth.c: Make it work with srcdir != objdir.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml: Improve GTK-DOC manual.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_two_space_separator_in_usage, lib/cryptodev.c,
+ lib/m4/hooks.m4, lib/pakchois/pakchois11.h: Fix syntax-check
+ warning.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, build-aux/pmccabe2html, doc/fdl-1.3.texi,
+ gl/Makefile.am, gl/arpa_inet.in.h, gl/errno.in.h, gl/float.in.h,
+ gl/ftello.c, gl/getaddrinfo.c, gl/m4/errno_h.m4, gl/m4/error.m4,
+ gl/m4/float_h.m4, gl/m4/ftello.m4, gl/m4/getpagesize.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hostent.m4,
+ gl/m4/include_next.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
+ gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lseek.m4,
+ gl/m4/malloc.m4, gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/printf.m4,
+ gl/m4/realloc.m4, gl/m4/servent.m4, gl/m4/size_max.m4,
+ gl/m4/socketlib.m4, gl/m4/sockets.m4, gl/m4/socklen.m4,
+ gl/m4/sockpfaf.m4, gl/m4/stdarg.m4, gl/m4/stdbool.m4,
+ gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdlib_h.m4,
+ gl/m4/time_h.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/malloc.c,
+ gl/netdb.in.h, gl/netinet_in.in.h, gl/read-file.c, gl/realloc.c,
+ gl/select.c, gl/stdarg.in.h, gl/stddef.in.h, gl/stdint.in.h,
+ gl/stdio.in.h, gl/stdlib.in.h, gl/strerror.c, gl/string.in.h,
+ gl/sys_select.in.h, gl/sys_socket.in.h, gl/sys_stat.in.h,
+ gl/sys_time.in.h, gl/tests/Makefile.am, gl/tests/binary-io.h,
+ gl/tests/getpagesize.c, gl/tests/init.sh, gl/tests/sys_ioctl.in.h,
+ gl/tests/test-binary-io.c, gl/tests/test-binary-io.sh,
+ gl/tests/test-ftello.c, gl/tests/test-ftello.sh,
+ gl/tests/test-ftello2.sh, gl/tests/test-ftello3.c,
+ gl/tests/test-getaddrinfo.c, gl/tests/test-memchr.c,
+ gl/tests/test-netdb.c, gl/tests/test-read-file.c,
+ gl/tests/test-stdbool.c, gl/tests/test-stddef.c,
+ gl/tests/test-stdlib.c, gl/tests/test-sys_socket.c,
+ gl/tests/test-sys_wait.h, gl/tests/test-update-copyright.sh,
+ gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
+ gl/time.in.h, gl/timespec.h, gl/unistd.in.h, gl/wchar.in.h,
+ lib/build-aux/config.rpath, lib/gl/Makefile.am, lib/gl/errno.in.h,
+ lib/gl/float.in.h, lib/gl/ftello.c, lib/gl/m4/codeset.m4,
+ lib/gl/m4/errno_h.m4, lib/gl/m4/fcntl-o.m4, lib/gl/m4/float_h.m4,
+ lib/gl/m4/ftello.m4, lib/gl/m4/getpagesize.m4,
+ lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4,
+ lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
+ lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
+ lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
+ lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
+ lib/gl/m4/ld-version-script.m4, lib/gl/m4/lib-ld.m4,
+ lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4, lib/gl/m4/lseek.m4,
+ lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4, lib/gl/m4/memmem.m4,
+ lib/gl/m4/minmax.m4, lib/gl/m4/printf-posix.m4,
+ lib/gl/m4/printf.m4, lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4,
+ lib/gl/m4/size_max.m4, lib/gl/m4/socketlib.m4,
+ lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
+ lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4,
+ lib/gl/m4/stdlib_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
+ lib/gl/m4/visibility.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
+ lib/gl/malloc.c, lib/gl/netdb.in.h, lib/gl/read-file.c,
+ lib/gl/realloc.c, lib/gl/stddef.in.h, lib/gl/stdint.in.h,
+ lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
+ lib/gl/string.in.h, lib/gl/strings.in.h, lib/gl/sys_socket.in.h,
+ lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/binary-io.h, lib/gl/tests/getpagesize.c,
+ lib/gl/tests/init.sh, lib/gl/tests/test-binary-io.c,
+ lib/gl/tests/test-binary-io.sh, lib/gl/tests/test-ftello.c,
+ lib/gl/tests/test-ftello.sh, lib/gl/tests/test-ftello2.sh,
+ lib/gl/tests/test-ftello3.c, lib/gl/tests/test-memchr.c,
+ lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
+ lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
+ lib/gl/tests/test-stdlib.c, lib/gl/tests/test-sys_socket.c,
+ lib/gl/tests/test-sys_wait.h, lib/gl/tests/test-verify.c,
+ lib/gl/time.in.h, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
+ libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
+ libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/ld-version-script.m4,
+ libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4, maint.mk:
+ Update gnulib files.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Don't assume chmod +x on gendocs.sh.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Use gnulib --add-import.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Sort and update.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/nl.po.in: Sync with TP.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.11.3.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2010-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/errcodes.c, doc/examples/ex-alert.c,
+ doc/examples/ex-cert-select-pkcs11.c,
+ doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/examples.h, doc/examples/tcp.c, guile/src/core.c,
+ guile/src/errors.c, guile/src/extra.c, guile/src/utils.c,
+ guile/src/utils.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_psk.h,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
+ lib/auth_srp.h, lib/crypto-api.c, lib/crypto.h, lib/cryptodev.c,
+ lib/debug.c, lib/debug.h, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gcrypt/init.c, lib/gcrypt/mpi.c,
+ lib/gcrypt/pk.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.h, lib/gnutls_dh.h,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_mem.h, lib/gnutls_mpi.h, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
+ lib/gnutls_sig.h, lib/gnutls_srp.c, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
+ lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/gnutlsxx.h,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/locks.c, lib/locks.h, lib/nettle/cipher.c, lib/nettle/egd.c,
+ lib/nettle/egd.h, lib/nettle/init.c, lib/nettle/mac.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/nettle/rnd.c,
+ lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
+ lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
+ lib/opencdk/misc.c, lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
+ lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/openpgp_int.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/pakchois/dlopen.c,
+ lib/pakchois/dlopen.h, lib/pakchois/errors.c,
+ lib/pakchois/pakchois.c, lib/pakchois/pakchois.h,
+ lib/pakchois/pakchois11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, lib/random.c,
+ lib/random.h, lib/system.c, lib/system.h, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ lib/x509/x509_write.c, lib/x509_b64.c,
+ libextra/ext_inner_application.c, libextra/ext_inner_application.h,
+ libextra/gnutls_extra.c, libextra/gnutls_ia.c,
+ libextra/includes/gnutls/extra.h, libextra/openssl_compat.h,
+ src/benchmark.c, src/certtool-cfg.h, src/certtool-common.h,
+ src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
+ src/pkcs11.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
+ tests/anonself.c, tests/certder.c,
+ tests/certificate_set_x509_crl.c, tests/certuniqueid.c,
+ tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
+ tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/mini-eagain.c,
+ tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nul-in-x509-names.c, tests/openpgp-auth.c,
+ tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
+ tests/parse_ca.c, tests/pgps2kgnu.c, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
+ tests/resume.c, tests/safe-renegotiation/srn0.c,
+ tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn2.c,
+ tests/safe-renegotiation/srn3.c, tests/safe-renegotiation/srn4.c,
+ tests/safe-renegotiation/srn5.c, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/simple.c, tests/tlsia.c, tests/utils.c,
+ tests/utils.h, tests/x509_altname.c, tests/x509dn.c,
+ tests/x509self.c, tests/x509sign-verify.c: Indent (using GNU indent
+ 2.2.11).
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.ac, lib/m4/hooks.m4: bumped version
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Revert "Applied last patch of Micah Anderson on
+ IKE status." This reverts commit a6b2f5ce7316b4774649ee9b421da2ee7fef461f.
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/fipsmd5.c: removed unneeded code.
+
+2010-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Applied last patch of Micah Anderson on IKE
+ status.
+
+2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Applied patch on IKE extension by Micah Anderson
+
+2010-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c, lib/gcrypt/mac.c, lib/gnutls_hash_int.c,
+ lib/includes/gnutls/crypto.h, lib/nettle/mac.c: Updated cryptodev
+ code to support the linux cryptodev extensions. Removed the clone()
+ capability from HMAC. It was never used and having it prevents using
+ it with hardware accelerators that might not have this capability.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: Added Micah
+
+2010-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/cha-cert-auth.texi, doc/cha-internals.texi,
+ doc/cha-library.texi, lib/ext_safe_renegotiation.c,
+ lib/ext_server_name.c, lib/gcrypt/init.c, lib/gnutls_record.c,
+ lib/gnutls_str.c, lib/locks.c, lib/nettle/egd.c, lib/nettle/init.c,
+ lib/system.c, lib/system.h, libextra/ext_inner_application.c,
+ src/certtool-common.h, src/common.c, src/pkcs11.c: Fix some
+ syntax-check errors.
+
+2010-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h: Fix compiler warnings.
+
+2010-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am: Mention new APIs.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-certs/testselfsigs: Avoid bashism. Reported by m.drochner@fz-juelich.de in
+ <http://savannah.gnu.org/support/?107449>.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/crypto-api.c: Don't return from void functions. Reported by Dagobert Michelsen <dam@opencsw.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4566>.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Remove spurious comma.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/x509.h: Remove spurious comma.
+
+2010-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8: Make
+ pkcs8-decode test work on Windows.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: updated
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c: treat absence of parameters the same as
+ having them disabled.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/resume.c: Corrected behavior on failure (don't crash).
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_extensions.c: Corrected bugs
+ when restoring extensions during session resumtion.
+
+2010-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c: Use more informative logging for
+ extensions.
+
+2010-09-29 Micah Anderson <micah@riseup.net>
+
+ * NEWS, doc/certtool.cfg, doc/cha-programs.texi,
+ lib/includes/gnutls/x509.h, lib/x509/output.c, src/certtool-cfg.c,
+ src/certtool-cfg.h, src/certtool.c: Add new extended key usage
+ ipsecIKE According to RFC 4945 § 5.1.3.12 section title
+ "ExtendedKeyUsage"[0] the following extended key usage has been
+ added: ... this document defines an ExtendedKeyUsage keyPurposeID that MAY
+ be used to limit a certificate's use: id-kp-ipsecIKE OBJECT IDENTIFIER ::= { id-kp 17 } where id-kp is defined in RFC 3280 [5]. If a certificate is
+ intended to be used with both IKE and other applications, and one
+ of the other applications requires use of an EKU value, then such
+ certificates MUST contain either the keyPurposeID id-kp-ipsecIKE or anyExtendedKeyUsage [5], as well as the keyPurposeID values associated with the other applications. Similarly, if a CA
+ issues multiple otherwise-similar certificates for multiple
+ applications including IKE, and it is intended that the IKE
+ certificate NOT be used with another application, the IKE
+ certificate MAY contain an EKU extension listing a keyPurposeID of
+ id-kp-ipsecIKE to discourage its use with the other application.
+ Recall, however, that EKU extensions in certificates meant for use
+ in IKE are NOT RECOMMENDED. Conforming IKE implementations are not required to support EKU.
+ If a critical EKU extension appears in a certificate and EKU is
+ not supported by the implementation, then RFC 3280 requires that the certificate be rejected. Implementations that do support EKU
+ MUST support the following logic for certificate validation: o If no EKU extension, continue. o If EKU present AND contains either id-kp-ipsecIKE or anyExtendedKeyUsage, continue. o Otherwise, reject cert. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.gaa: --pkcs11-* in certtool
+ was renamed to --p11-*.
+
+2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c: Added some comments and removed unused
+ code.
+
+2010-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/ext_session_ticket.c: Corrected advertizing issue for
+ session tickets.
+
+2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: cleanup of TODO list. Removed very old entries, entries
+ already fixed and added new ones.
+
+2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: IMED_RET parameters are easier to grasp.
+
+2010-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto.c, lib/gcrypt/cipher.c, lib/gcrypt/mac.c,
+ lib/nettle/cipher.c, lib/nettle/mac.c: cipher,mac and digest
+ priorities moved to crypto.c
+
+2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: changed the fatality level of some errors.
+
+2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: No longer use is_fatal() during handshake.
+ Explicitely treat EAGAIN and INTERRUPTED as non-fatal during
+ handshake. If the check_fatal flag is set then
+ GNUTLS_E_WARNING_ALERT_RECEIVED could interrupt a handshake as well.
+
+2010-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: fflush stdout and stderr before the call to setbuf.
+ This fixes issue in solaris where lines dissappeared from output.
+ Reported and suggested fix by Knut Anders Hatlen.
+
+2010-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: documented change
+
+2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Corrected bug in wrap_nettle_pk_fixup that was
+ importing DSA keys are RSA ones.
+
+2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c, lib/openpgp/privkey.c: indented some code
+
+2010-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: updated revision
+
+2010-09-18 Ludovic Courtès <ludo@gnu.org>
+
+ * .gitignore, tests/Makefile.am, tests/openpgp-auth.c: Add an
+ OpenPGP authentication unit test. * tests/Makefile.am (ctests)[ENABLE_OPENPGP]: Add `openpgp-auth'. (TESTS_ENVIRONMENT): Add `srcdir'. * tests/openpgp-auth.c: New file. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_alert.c,
+ lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.h,
+ lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_session_pack.c, lib/gnutls_state.c, libextra/gnutls_ia.c:
+ Explicit symmetric cipher state versionning. This introduces the concept of a "cipher epoch". The epoch number is
+ the number of successful handshakes and is incremented by one each
+ time. This concept is native to DTLS and this patch makes the
+ symmetric cipher state explicit for TLS in preparation for DTLS.
+ This concept was implicit in plain TLS and ChangeCipherSpec messages
+ triggered a "pending state copy". Now, we the current epoch number
+ is simply incremented to the parameters negotiated by the handshake. The main side effects of this patch is a slightly more abstract
+ internal API and, in some cases, simpler code. The session blob
+ format is also changed a bit since this patch avoids storing
+ information that is now redundant. If this breaks library users'
+ expectations, this side effect can be negated. The cipher_specs structure has been removed. The conn_state has
+ become record_state_st. Only symmetric cipher information is
+ versioned. Things such as key exchange algorithm and the master
+ secret are not versioned and their handling is unchanged. I have tested this patch as much as I could. It introduces no test
+ suite regressions on my x64 Debian GNU/Linux system. Do not hesitate to point out shortcomings or suggest changes. Since
+ this is a big diff, I am expecting this to be an iterative process. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_errors.h: Add gnutls_assert_val idiom. This warrants being made in an inline function or macro since it is used throughout the code. This converts 4 line repetitive blocks
+ into 1 line. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, NEWS, configure.ac: updated for 2.11.1
+
+2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Added 3 levels of details in PKCS
+ #11 URLs. 1st level: Token level. Object is unique up to token.
+ 2nd level: Object is unique up to token and module used to access
+ it. 3rd level: Object is unique up to token and module and version
+ of module used to access it.
+
+2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented changes.
+
+2010-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_b64.c: Be liberal in the PEM decoding. That is spaces and
+ tabs are being skipped.
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Fully mbufferize _gnutls_read and
+ _gnutls_read_buffered. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.h: mbuffers: Add _mbuffer_xfree operation. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c: mbuffers: make
+ _gnutls_io_read_buffered use mbuffers. This will be needed by the DTLS code to make sure reads are stored
+ in segments that correspond to datagram boundaries. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_int.h: Parenthesize size calculations. This is standard practice and the DTLS code got bit by this. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: mbuffers: Add
+ mbuffer_linearize. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: mbuffers: fix wrong size calculation. maximum_size is the maximum size of the payload, not including
+ overhead. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: mbuffers: Make _mbuffer_remove_bytes return
+ a meaningful error code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: mbuffers: Document the internal mbuffer
+ API. After a year of not hacking GnuTLS, I needed to look at the code to
+ know how mbuffers work. This will make it much easier for anybody
+ not familiar with this code. Signed-off-by: Jonathan Bastien-Filiatrault <joe@x2a.org>
+ Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: updated NEWS.
+
+2010-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: PKCS#11 URL support updated to
+ conform to draft-pechanec-pkcs11uri-02. Now in the URL the pkcs11
+ provider library (module) can be specified thus restricting objects
+ within a single provider.
+
+2010-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_record.c: When the %COMPAT flag is specified, larger
+ records that would otherwise violate the TLS spec, are accepted.
+
+2010-08-28 Brad Hards <bradh@frogmouth.net>
+
+ * src/certtool.c, src/pkcs11.c: Show which option is the default for
+ command line tools. We use "y/N" is most places - this just adapts two places that use
+ "Y/N" to match the behavior of read_yesno(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: prevent a memory leak in the unique_id functions.
+
+2010-08-20 Brad Hards <bradh@frogmouth.net>
+
+ * lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/output.c,
+ lib/x509/x509.c, tests/Makefile.am, tests/certuniqueid.c: As
+ identified in a previous mail, I've added support for accessing /
+ displaying the subjectUniqueID and issuerUniqueID fields within an
+ X.509 certificate. This is provided (along with a test case) in the
+ attached patch. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_int.h: By default lowat is set to zero.
+
+2010-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Revert "When scanning for terminator character for
+ PKCS #11 URLs ignore escaped \;." This reverts commit 583fad076506421c9007a3349784496e2927dcd1.
+
+2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: Added Sjoerd.
+
+2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/m4/hooks.m4: libnettle is the default crypto library.
+
+2010-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: oldstate var removed.
+
+2010-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/mini-eagain.c: mini-eagain will fail with EAGAIN error one
+ every two attempts. That is to remove probabilities.
+
+2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+
+ * lib/gnutls_int.h, lib/gnutls_record.c: Remember the amount of user
+ data we're sending out Partially reverts 3ef62950845f551ebc629e50d5ddf75f71b84294.
+ gnutls_record_send needs to return the amount of user-data we sent,
+ so we need to keep this information somewhere to return it when we
+ succeed in sending that data. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+
+ * lib/gnutls_handshake.c: Check whether the error is fatal in more
+ cases When stressing the async API of gnutls a lot of internal errors are
+ hit as IMED_RET clears the handshake hash buffers as a result of
+ -EAGAIN even though it would never be re-initialized at that point,
+ but is still needed in later stages. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-11 Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: Add state for flushing
+ the handshake buffer A seperate state is needed between flushing the handshake buffers
+ and sending the chipher spec change otherwise it's impossible to
+ determine whether _gnutls_send_change_cipher_spec is called for the
+ first time or again. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-08-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/nettle/mpi.c: Fix warning.
+
+2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: Define HAVE_GCRYPT when using gcrypt. nettle is
+ no longer marked as unsupported.
+
+2010-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/manpages/Makefile.am, lib/gnutls_extensions.c,
+ lib/m4/hooks.m4, lib/nettle/cipher.c, lib/nettle/mac.c,
+ lib/nettle/pk.c, libextra/gnutls_extra.c: Added Camellia-128/256,
+ SHA-224/384/512 and support for DSA2 when using nettle.
+
+2010-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: When scanning for terminator character for PKCS #11
+ URLs ignore escaped \;.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: Modified the example to work in TLS 1.2.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c: Added RSA_NULL_SHA1 and SHA256
+ ciphersuites.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_signature.c: When signature algorithms extension is not
+ received allow SHA1 and SHA256.
+
+2010-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: NULL MAC renamed to MAC-NULL
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Avoid fixed size buffers (now handles the big >100
+ SAN cert).
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Re-add old NEWS entries.
+
+2010-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Doc fix.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey.c: Do not trust fbase64_decode to return 0 on
+ success.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_x509.c, lib/x509/privkey.c, src/certtool.c:
+ gnutls_x509_privkey_import() will fallback to
+ gnutls_x509_privkey_import_pkcs8() without a password, if it is
+ unable to decode the key.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/includes/gnutls/gnutls.h.in, lib/nettle/mpi.c, src/prime.c:
+ Added GNUTLS_PK_DH to differentiate in the generation of parameters
+ with PK_DSA that requires special treatment.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Corrected wrong descriptions of security
+ levels.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: use RSA-SHA1 as an indicator of RSA
+ certificates.
+
+2010-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Fix DSA key values to avoid generating
+ normal and reporting them as low.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/nettle/mpi.c, lib/openpgp/privkey.c,
+ lib/x509/privkey.c, src/certtool.c,
+ tests/pathlen/no-ca-or-pathlen.pem: Better handling of security
+ parameters to key sizes matching (via a single table). Added
+ functions to return the security parameter of a private key.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Simplified documentation.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/mpi.c: Follow ECRYPT II recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-bib.texi, doc/cha-intro-tls.texi,
+ lib/gnutls_algorithms.c: Updated documentation and
+ gnutls_pk_params_t mappings to ECRYPT II recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: HMAC-MD5 deprecated according to ECRYPT II
+ yearly report (2009-2010) recommendations.
+
+2010-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/Makefile.am: added missing file key-subca-dsa.pem
+
+2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * gtk-doc.make: ignore html errors otherwise make dist doesn't work.
+
+2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: updated NEWS
+
+2010-07-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added option for certtool to print
+ certificate public key.
+
+2010-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Added SIG_RSA_MD5_OID as an indicator of
+ RSA. Some microsoft products were using it. Reported by Mads
+ Kiilerich.
+
+2010-07-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/x509/common.h: Added RSA with SHA224.
+
+2010-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Added blinding to RSA decryption AND signing.
+ Will stay there until it is moved to nettle itself.
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/system.h: fixed
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/nettle/Makefile.am, lib/nettle/egd.c, lib/nettle/egd.h,
+ lib/nettle/rnd.c: Added support for EGD daemon in nettle's RNG. It
+ is used if /dev/urandom is not present.
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/system.c, lib/system.h: Corrected the
+ lowat behavior. Documented that it will be deprecated in later
+ versions.
+
+2010-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: gnutls-serv: Do not print CR/LF if received, but
+ instead print LF only.
+
+2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_state.c,
+ lib/locks.c, lib/locks.h, lib/pakchois/pakchois.c, lib/system.c,
+ lib/system.h: system specific functions were moved to system.c
+
+2010-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.ac, lib/gnutls_alert.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h, lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_state.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, libextra/gnutls_ia.c: Support scattered write
+ using writev(). This takes advantage of the new buffering layer and
+ allows queuing of packets and flushing them. This is currently used
+ for handshake messages only. Performance-wise the difference of
+ packing several TLS records in a single write doesn't seem to offer
+ anything over ethernet (that my tests were on). Probably on links
+ with higher latency there would be a benefit.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-gtls-app.texi: Removed old reference.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-rfc2818.c: ex-rfc2818 is now a functional program
+ demonstrating the verification procedure.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/cha-gtls-app.texi, doc/examples/Makefile.am,
+ doc/examples/ex-serv-export.c: Example with export ciphersuites was
+ removed.
+
+2010-07-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pubkey.c: corrected typo
+
+2010-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Use the same "e" for RSA as libgcrypt. It's the
+ fastest choice.
+
+2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-cfg.c: Do not crash if input is redirected from
+ /dev/null.
+
+2010-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.c, src/certtool.gaa:
+ Changed the default pkcs-cipher to AES-128. Allowed specifying the
+ 3des-pkcs12 cipher with the --pkcs-cipher option.
+
+2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/benchmark.c: Use double to count bytes.
+
+2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: Added a windows version of the RNG.
+
+2010-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: Corrected locking usage in nettle's random
+ subsystem.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/Makefile.am, lib/gnutls_privkey.c,
+ lib/gnutls_pubkey.c, lib/nettle/Makefile.am, lib/pakchois/dlopen.h:
+ Fixed to compile under mingw32.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: only warn if dlopen or pthreads are not found.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/init.c, lib/includes/gnutls/gnutls.h.in, lib/locks.c,
+ lib/pakchois/pakchois.c: Locks were converted to be in align with
+ posix locks to easier wrap around them.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/locks.c, lib/locks.h, lib/pakchois/dlopen.c,
+ lib/pakchois/dlopen.h, lib/pakchois/pakchois.c: The included
+ pakchois will use gnutls locks and will use a portable dlopen() to
+ allow compilation in win32 (untested).
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: Read from /dev/urandom every 20 minutes.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/x509/Makefile.am: Added missing files
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/includes/gnutls/crypto.h,
+ lib/libgnutls.map: Allow encryption and decryption that are not
+ in-place only.
+
+2010-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/benchmark.c: Print values in a human-readable format and do
+ the calculations in fixed time to prevent stalling in slow systems.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: corrected library version
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ src/common.c, src/pkcs11.c: PIN callback supplies the token URL. The
+ callback function in common.c will cache PIN if requested for second
+ time.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c, src/common.c: Reverted the SAVE_PIN approach in
+ PIN callback. The new approach will be to provide enough information
+ for the callback to save the PIN itself.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/init.c: removed unneeded function.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: More uses of gnutls_certificate_free_ca_names
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/locks.c: Do not allow setting NULL lock functions
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/rnd.c: corrected lock usage.
+
+2010-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: bumped library version
+
+2010-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/Makefile.am: Include abstract.h in releases.
+
+2010-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c: Correctly deinitialize crypto API handles.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: commented obscure HANDSHAKE_MAC_TYPE_10 and
+ HANDSHAKE_MAC_TYPE_12.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/locks.c, lib/locks.h, lib/nettle/rnd.c: simplified locking
+ code. Locking functions always exist but are dummies if no locks
+ have been set.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/Makefile.am, lib/gcrypt/init.c, lib/gnutls_errors.c,
+ lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/includes/gnutls/gnutls.h.in, lib/locks.c, lib/locks.h,
+ lib/nettle/Makefile.am, lib/nettle/init.c, lib/nettle/rnd.c:
+ Initialization of crypto libraries moved outside main gnutls code.
+
+2010-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/locks.c, lib/locks.h: Moved locking code to special file.
+
+2010-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/pkcs11-vision.eps: Add pkcs11-vision rules.
+
+2010-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11_write.c, src/pkcs11.c:
+ When copying a private key the sensitive flag can be set or not.
+ This allows copying private keys that can be exported.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_write.c, src/certtool-common.h, src/certtool.c,
+ src/pkcs11.c: Combined object flags. No implicit login any more.
+ Login has to be specified with a flag on every call that could use
+ it.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_privkey.c, lib/gnutls_pubkey.c, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/pkcs11_write.c: Indented
+ code.
+
+2010-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_pubkey.c,
+ lib/gnutls_x509.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_write.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/cli.c, src/pkcs11.c: Allow
+ flags when importing objects from PKCS11 URLs. The only flag
+ supported now is the PKCS11_OBJ_FLAG_LOGIN, which forces login
+ before accessing object on a token. The reason is that some tokens
+ do not allow access of any data without login.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c: Added AES-128 to block ciphers.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_session_pack.c: Corrected writing and reading order of
+ security parameters.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/configure.ac, libextra/configure.ac: use 2.11.0 everywhere
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-gtls-app.texi, lib/configure.ac,
+ lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ lib/nettle/rnd.c, lib/pkcs11.c: Added gnutls_global_set_mutex() to
+ allow setting alternative locking procedures. By default the system
+ available locking is used. In *NIX pthreads are used and in windows
+ the critical section API. As a side effect this change avoids any API dependance on libgcrypt
+ even if threads are used.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/chainverify.c: Modified the cacertrsamd5 short-cut. The test
+ was checking whether verification using a trusted insecurely signed
+ self signed certificate will fail against a chain that has this as
+ intermediate. However this test should have succeeded since the
+ insecure certificate is trusted. This isn't the purpose of this test however. It should have checked
+ whether using the same certificate as trusted and to be verified and
+ the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flag should return an error.
+
+2010-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/chainverify.c: Fail on error.
+
+2010-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: When generating private key allow usage of
+ --pkcs-cipher flag.
+
+2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls_int.h:
+ MAX_SRP_USERNAME -> MAX_USERNAME_SIZE
+
+2010-06-24 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha: We also require GNU make.
+
+2010-06-24 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS, configure.ac, lib/configure.ac, libextra/configure.ac: Use
+ silent build rules. Suggested by Vincent Torri <vincent.torri@gmail.com> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4349>.
+
+2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/gnutls.h.in: removed OPRFI extension
+ functions.
+
+2010-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: removed OPRFI from makefile.
+
+2010-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: When verifying certificates use the same
+ algorithm whether the DO_NOT_ALLOW_SAME flag is set or not. Before
+ we were shortening certificate list if the flag was not set by the
+ size of the first certificate found in the trusted list, and keep
+ the list intact otherwise. Now we shorten the list in the latter
+ case as well, except for the first certificate.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Added news entry for EV-certificates.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: Corrected some tests.
+ Added test to check whether the %COMPAT option is required for this
+ server.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_session_pack.c: Corrections in
+ the new session packing code. Saving absolute positions in buffers
+ is no longer done. Now we store only and offset to allow
+ reallocating the buffer and still do the correct reference.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
+ lib/ext_signature.c, lib/gnutls_handshake.c: Fixes in new extensions
+ code that relate to SSL 3.0.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac: version is 2.11.0
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-cert-auth.texi: Some updates in the PKCS11 text.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Some updates on renegotiation text
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Removed links for discussion of the COMPAT
+ topic. I don't think they should be in the documentation.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Corrected example with %COMPAT.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Added gnutls_sec_param_to_pk_bits()
+ discussion.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: corrected text on AES
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Only save PIN if login was successful.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-auth.texi, lib/ext_signature.c: Applied patch by Andreas
+ Metzler
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/benchmark.c: Allow setting debug level via cmd.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c: Explicitely terminate cryptodev sessions.
+
+2010-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Removed the no
+ longer needed "active" variable.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: documented some of the changes
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Greatly simplified the
+ internal hash/hmac and cipher functions.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Allow listing of private keys only.
+ Certtool has now the --pkcs11-list-privkeya option.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11_privkey.c: Send correct token name to callback.
+
+2010-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c: Added more gnutls errors to map closer to PKCS11
+ actual errors.
+
+2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c, src/common.c:
+ Added option to the PKCS11 PIN callback to save PIN if the token is
+ being used with a single pkcs11_privkey structure.
+
+2010-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11_privkey.c: For Private key operations new sessions are
+ opened when are needed. This makes the usage of the PKCS11 API
+ thread safe. The only drawback is the requirement to enter PIN on
+ every operation.
+
+2010-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: gnutls-cli: Make --starttls work again. Problem introduced in patch to use read() instead of fgets()
+ committed on 2010-01-27.
+
+2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, tests/sha2/key-ca-dsa.pem,
+ tests/sha2/key-subca-dsa.pem, tests/sha2/sha2, tests/sha2/sha2-dsa:
+ Allow SHA224 hash in certtool. Added tests for SHA-256 and SHA-224
+ for DSA.
+
+2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Do not warn multiple times for the deprecation of
+ --bits.
+
+2010-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h, lib/gnutls_record.c: Appending data in
+ mbuffers is now cheaper by avoiding realloc, at the cost of
+ requiring to specify a maximum mbuffer size at creation.
+
+2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c: Removed unused functions.
+
+2010-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_int.h: Combined the max ticket
+ length with the maximum extension data length.
+
+2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-gtls-app.texi, lib/auth_srp.c, lib/ext_cert_type.c,
+ lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
+ lib/ext_oprfi.c, lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_buffers.c,
+ lib/gnutls_constate.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, lib/pkcs11.c,
+ lib/x509/dn.c, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, src/cli.c, src/serv.c, tests/Makefile.am,
+ tests/oprfi.c, tests/tlsia.c: Simplified and made more safe the
+ packing of data for session storage. Extensions use the internal API
+ to store/retrieve during resumption. Removed OPRFI since it was never standardized and was never actually
+ included in gnutls since it was in inactive ifdef. This was instead
+ of rewriting it to use the new API.
+
+2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/openpgp/output.c, lib/pkcs11.c,
+ lib/x509/dn.c, lib/x509/output.c: The gnutls_string code was
+ simplified and integrated with the buffer to avoid having two named
+ for the same thing.
+
+2010-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c: Properly handle fork() case.
+
+2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_extra.c: Register the md5 handler if gcrypt is in
+ fips mode once gnutls_global_init_extra() is called.
+
+2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c: corrected tests.
+
+2010-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c, lib/pakchois/pakchois.h, lib/pkcs11.c:
+ Added new calls to pakchois to open an absolute filename.
+
+2010-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h: Removed several comments that
+ pointed to Alon's implementation comments. We use inline C comments
+ to generate documentation (not doxygen).
+
+2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/ext_session_ticket.c,
+ lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_mbuffers.c, lib/gnutls_record.c, lib/gnutls_state.c: More
+ fixes for the rebase.
+
+2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS: Added Jonathan.
+
+2010-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c: Provider unref must be done after all
+ sessions have been closed.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: Several fixes for the broken rebase.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-intro-tls.texi: Merged with master.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_mbuffers.h,
+ lib/gnutls_record.c: Some other changes to mbuffers to make gnutls
+ (a bit more) agnostic on their internal structure.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: Corrected prefered hash algorithm return value
+ on RSA.
+
+2010-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: Use GCRYCTL_ENABLE_QUICK_RANDOM when using
+ libgcrypt.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: Ignore more files.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/sha2-dsa: Remove the correct file
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/key-ca-dsa.pem, tests/sha2/key-dsa.pem: Added missing
+ files.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/x509.h,
+ lib/x509/crq.c, lib/x509/x509.c, src/certtool.c: The
+ get_preferred_hash_algorithm() functions have now an extra argument
+ to indicate whether it is mandatory to use this algorithm.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-crq.c, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/crq.c: Added
+ gnutls_x509_crq_get_preferred_hash_algorithm().
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/x509/privkey.c,
+ lib/x509/verify.c, lib/x509/x509.c, src/certtool.c: Added
+ gnutls_pubkey_get_preferred_hash_algorithm() and
+ gnutls_x509_crt_get_preferred_hash_algorithm() to allow determining
+ the hash algorithm to use during signing. This is needed in the case
+ of DSA that uses specific versions of SHA depending on the size of
+ the parameters.
+
+2010-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi, lib/Makefile.am, lib/build-aux/config.rpath,
+ lib/gcrypt/pk.c, lib/gnutls_privkey.c, lib/pkcs11.c,
+ lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/sign.h, lib/x509/verify.c, lib/x509/x509.c, src/pkcs11.c:
+ Several fixes after big rebase.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/Makefile.am, tests/sha2/sha2-dsa: Test the DSA with
+ SHA256 as well.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c: Print debugging information on error.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_sig.c,
+ lib/nettle/mpi.c, lib/nettle/pk.c, lib/opencdk/pubkey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/verify.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/pkcs11_privkey.c, lib/x509/privkey.c,
+ lib/x509/x509_int.h: Nettle library can now parse the PGP integers.
+ Except for SHA-224/384/512 nettle seems to be fully working now.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: use --sec-param to generate privkey.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/openpgpself.c: reduced log level to a sane one
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: Corrected for new output of
+ --print-certificate-info
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/sha2/sha2: Print information on failure.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutls.map, src/certtool.c: Print exp1 and exp2 if they are
+ available.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/pkcs12,
+ tests/pkcs8-decode/pkcs8, tests/userid/userid: Only print output if
+ something fails
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4, lib/pakchois/pakchois.c: Some pakchois fixes.
+
+2010-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: Fixup to compile with nettle
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: Do not bother with MODPATH. We don't use it.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/debug.h: Added again _gnutls_dump_mpi() to assist
+ in debugging.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pkcs12_encode.c: Added debugging
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_sig.c: Allow DSA with other than SHA1 algorithms in
+ TLS.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix_asn1_tab.c: removed more stuff.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/x509/common.c: LocalKeyId and XmppAddr were
+ incorporated.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c: No need for those OIDs any
+ more.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/dn2.c: Corrected to support new EV_ values.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/crq_key_id.c, tests/cve-2009-1416.c, tests/pkcs12_s2k_pem.c:
+ avoid calling gcrypt directly.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/includes/gnutls/crypto.h, lib/libgnutls.map,
+ lib/random.c, lib/random.h, src/crypt.c, src/psk.c,
+ tests/mini-eagain.c: exported gnutls_rnd().
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c: The
+ recognition of DN elements is now self contained. It does not need
+ entries in pkix.asn.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c: Added
+ support for EV certificate attributes.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4, lib/nettle/cipher.c: Fixed nettle detection and
+ AES.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c: documentation updates
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-common.h, src/certtool.c, src/prime.c: Generate
+ dh-params also used --sec-param.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/mpi.c: Document that the generator is the generator of
+ the subgroup and not the group.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: Corrected certificate callback.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/Makefile.am, lib/nettle/Makefile.am,
+ lib/nettle/cipher.c: More AES stuff (still doesn't work).
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Correction in RSA encryption.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/cipher.c: Fixed issue with AES.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, lib/openpgp/output.c, lib/x509/output.c,
+ lib/x509/privkey.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added
+ gnutls_sec_param_to_pk_bits() et al. to allow select bit sizes for
+ private keys using a human understandable scale.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
+ lib/x509/common.h: Added support for SHA224 and SHA256 in DSA.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: Always use included pakchois.
+
+2010-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c: make sure all lines fit in
+ page.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-cert-auth.texi: make example more compact by removing
+ error checking.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-bib.texi, doc/cha-cert-auth.texi: Added bibliographic
+ reference to PKCS #11.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-cert-auth.texi: Added sketch for PKCS #11 usage.
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/credentials/x509-server-dsa.pem,
+ doc/credentials/x509-server-key-dsa.pem: Added 2048 bit DSA key
+
+2010-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/opencdk/armor.c, lib/opencdk/read-packet.c,
+ lib/opencdk/stream.c, lib/opencdk/write-packet.c: Increased log
+ level of several messages.
+
+2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/credentials/x509/key.pem: Corrected coefficient and exp[12]
+ values in key.
+
+2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/nettle/pk.c: Added blinding in RSA. Correct broken private
+ keys on import. Nettle uses more values than gcrypt does from RSA
+ decryption and it seemed that some values in our stored private keys
+ were messy (generated by very old gnutls).
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select-pkcs11.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/pkcs11.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/pkcs11_write.c, src/cli.c: Simplified
+ internal API. The only question that remains now is how to handle
+ the gnutls_pkcs11_privkey_t. Currently it opens a session and
+ maintains a handle to the object. This will require locks to be
+ added on operations. Alternatively new sessions may be opened for
+ each operation performed. This is guarranteed by PKCS #11 to be
+ thread safe but will of course require to ask for the PIN again.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pakchois/pakchois.c: Removed debugging print.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
+ lib/pakchois/errors.c, lib/pakchois/pakchois.c,
+ lib/pakchois/pakchois.h, lib/pakchois/pakchois11.h: Added a modified
+ pakchois library (to open arbitrary pkcs11 modules). Current gnutls
+ works only with this one.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/cha-gtls-app.texi: Added missing file.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: Removed finished items.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11_write.c: Noted that there things to be done.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/cha-cert-auth.texi: Added documentation on
+ abstract types.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/pk.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/opencdk/pubkey.c, lib/openpgp/privkey.c, lib/x509/privkey.c:
+ Common code for calculation of RSA exp1 and exp2. Also update the
+ openpgp code to calculate those values.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dh_common.c, lib/gnutls_dh_primes.c, lib/x509/privkey.c:
+ More fixes.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dh_common.c, lib/gcrypt/mpi.c, lib/gnutls_mpi.c:
+ Corrected nicely hidden bug that caused accesses to uninitialized
+ variables if the gcry_mpi_print() functions were pessimists and
+ returned more size than actually needed for the print.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gcrypt/pk.c: Added some sanity checks.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/cha-auth.texi, doc/cha-bib.texi,
+ doc/cha-cert-auth.texi, doc/cha-ciphersuites.texi,
+ doc/cha-copying.texi, doc/cha-functions.texi,
+ doc/cha-internals.texi, doc/cha-intro-tls.texi,
+ doc/cha-library.texi, doc/cha-preface.texi, doc/cha-programs.texi,
+ doc/cha-tls-app.texi, doc/gnutls.texi,
+ lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c:
+ Documentation updates. Separated big gnutls.texi to chapter to allow
+ easier maintainance.
+
+2010-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/nettle/pk.c,
+ lib/pkcs11.c, lib/pkcs11_int.h, lib/pkcs11_privkey.c,
+ lib/pkcs11_write.c, lib/x509/privkey.c, lib/x509/x509_int.h,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/crypt-gaa.c, src/pkcs11.c:
+ Added support to copy certificates and private keys to tokens. New
+ functions: gnutls_pkcs11_copy_x509_crt()
+ gnutls_pkcs11_copy_x509_privkey() gnutls_pkcs11_delete_url() Certtool was updated to allow copying certificates and private keys
+ to tokens. Deleting an object has issues (segfault) but it seems to
+ be related with libopensc and its pkcs11 API.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: Added gnutls_pubkey_verify_hash(),
+ gnutls_pubkey_get_verify_algorithm().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c, src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
+ gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
+ gnutls_pkcs11_obj_export().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Tried to document recent changes.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/pkcs11.c, lib/pkcs11_int.h,
+ src/certtool-gaa.c, src/certtool.gaa, src/pkcs11.c: Added
+ gnutls_pubkey_t abstract type to handle public keys. It can
+ currently import/export public keys from existing certificate types
+ as well as from PKCS #11 URL. This allows generating a certificate
+ or certificate request from a given public key (currently one could
+ only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of
+ just certificates. Certtool updated to list those objects.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Added gnutls_pkcs11_token_get_flags() to distinguish
+ between hardware and soft tokens.
+
+2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: Added support for libnettle backend. This uses
+ gmp for big number operations. It is not currently completed. It
+ lacks RSA blinding as well as optimizations.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/sign.c: Corrected bug in DSA signature generation.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509_int.h: Added operations to sign CRLs, certificates
+ and requests with an abstract key and thus with a PKCS #11 key as
+ well.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/privkey.h: privkey.h -> abstract.h
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: The gnutls-cli --x509cafile can now be a PKCS
+ #11 URL. It can read gnome-keyring's certificates and use them in
+ the trusted list.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: Corrections in openpgp private key usage.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/x509self.c: Updated self tests and examples to avoid using
+ deprecated functions such as
+ gnutls_certificate_server_set_retrieve_function and the sign
+ callback.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/privkey.h, lib/pkcs11_int.h: Added
+ documentation for most of the new functions.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Documented that it was initially based on neon
+ pkcs11 and got ideas from pkcs11-helper library.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Corrections to properly handle token removal and
+ insert.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_x509.c, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/privkey.h, lib/pkcs11.c, lib/x509/sign.c: Added
+ gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
+ abstract private key type that can be used to sign/encrypt any
+ private key of pkcs11,x509 or openpgp types. Added support for
+ PKCS11 in gnutls-cli/gnutls-serv.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, src/pkcs11.c: Added several helper functions, to
+ allow printing of tokens.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c, src/certtool-gaa.c, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: Added ability to export certificates
+ from PKCS #11 tokens. Added ability to list trusted certificates,
+ or only certificates with a corresponding private key or just all.
+
+2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/configure.ac, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
+ Certtool can now print lists of certificates available in system.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_pubkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/x509/common.h, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h: Added
+ gnutls_pubkey_verify_hash(), gnutls_pubkey_get_verify_algorithm().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.ac, lib/gnutls_pubkey.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h, lib/x509/x509.c,
+ src/pkcs11.c: Added gnutls_pubkey_import_pkcs11(),
+ gnutls_pubkey_import_rsa_raw(), gnutls_pubkey_import_dsa_raw(),
+ gnutls_pkcs11_obj_export().
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: Ignore files that should be ignored.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.gaa: Tried to document
+ recent changes.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_pubkey.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/pkcs11.h,
+ lib/libgnutls.map, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/mpi.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added
+ gnutls_pubkey_t abstract type to handle public keys. It can
+ currently import/export public keys from existing certificate types
+ as well as from PKCS #11 URL. This allows generating a certificate
+ or certificate request from a given public key (currently one could
+ only generate them from a given private key). PKCS#11 API augmented to allow reading arbitrary objects instead of
+ just certificates. Certtool updated to list those objects.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/pkcs11.c: Added
+ gnutls_pkcs11_token_get_flags() to distinguish between hardware and
+ soft tokens.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/libgnutlsxx.map, lib/m4/hooks.m4: Export all
+ symbols from C++ library. This library doesn't contain any internal
+ symbols anyway and there is no reason to mess with the C++ ABI that
+ hasn't got the problems of C.
+
+2010-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
+ lib/Makefile.am, lib/auth_srp.c, lib/cipher-libgcrypt.c,
+ lib/configure.ac, lib/gcrypt/Makefile.am, lib/gcrypt/cipher.c,
+ lib/gcrypt/mac.c, lib/gcrypt/mpi.c, lib/gcrypt/pk.c,
+ lib/gcrypt/rnd.c, lib/gnutls_global.c, lib/gnutls_mpi.c,
+ lib/gnutls_srp.c, lib/m4/hooks.m4, lib/mac-libgcrypt.c,
+ lib/mpi-libgcrypt.c, lib/nettle/Makefile.am, lib/nettle/cipher.c,
+ lib/nettle/mac.c, lib/nettle/mpi.c, lib/nettle/pk.c,
+ lib/nettle/rnd.c, lib/pk-libgcrypt.c, lib/rnd-libgcrypt.c,
+ src/certtool.c, src/cli.c, src/serv.c, tests/chainverify.c: Added
+ support for libnettle backend. This uses gmp for big number
+ operations. It is not currently completed. It lacks RSA blinding as
+ well as optimizations.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/gnutls-cli.1, src/cli-gaa.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv.gaa: Documented that the --file options in
+ gnutls-cli and gnutls-serv can accept a PKCS #11 URL.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/sign.c: Corrected bug in DSA signature generation.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_privkey.c, lib/includes/gnutls/abstract.h,
+ lib/libgnutls.map, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/mpi.c, lib/x509/sign.c, lib/x509/x509_int.h,
+ lib/x509/x509_write.c: Added operations to sign CRLs, certificates
+ and requests with an abstract key and thus with a PKCS #11 key as
+ well.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_privkey.c,
+ lib/gnutls_sig.h, lib/gnutls_x509.h,
+ lib/includes/gnutls/abstract.h, lib/includes/gnutls/privkey.h,
+ lib/openpgp/gnutls_openpgp.h: privkey.h -> abstract.h
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/configure.ac, lib/gnutls_x509.c, src/cli.c:
+ The gnutls-cli --x509cafile can now be a PKCS #11 URL. It can read
+ gnome-keyring's certificates and use them in the trusted list.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Documented that gnutls_global_init calls
+ gnutls_pkcs11_init.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: Only send termination request to avoid stalling on
+ servers that do not reply.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_state.c, lib/gnutls_state.h:
+ Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
+ works even when resuming a session.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/examples/ex-cert-select-pkcs11.c,
+ doc/gnutls.texi: Added initial example.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.h, lib/gnutls_x509.c, lib/openpgp/gnutls_openpgp.c:
+ Corrections in openpgp private key usage.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select.c, tests/Makefile.am,
+ tests/pkcs12_s2k.c, tests/x509dn.c, tests/x509signself.c: Updated
+ self tests and examples to avoid using deprecated functions such as
+ gnutls_certificate_server_set_retrieve_function and the sign
+ callback.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutlsxx.cpp, lib/includes/gnutls/gnutlsxx.h, src/tests.c: Use
+ the new callback function.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_privkey.c, lib/includes/gnutls/pkcs11.h,
+ lib/includes/gnutls/privkey.h, lib/libgnutls.map, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, lib/x509/privkey.c: Added
+ documentation for most of the new functions.
+
+2010-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkcs11.c: Documented that it was initially based on neon
+ pkcs11 and got ideas from pkcs11-helper library.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/libgnutls.map, lib/pkcs11.c,
+ lib/pkcs11_int.h, lib/pkcs11_privkey.c, src/common.c: Corrections to
+ properly handle token removal and insert.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/gnutls.h.in:
+ Deprecated the sign callback.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp_rsa.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_global.c, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs11.h, lib/includes/gnutls/privkey.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/gnutls_openpgp.h,
+ lib/openpgp/openpgp_int.h, lib/pkcs11.c, lib/pkcs11_int.h,
+ lib/pkcs11_privkey.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/sign.h, lib/x509/x509_int.h, src/cli.c, src/common.c,
+ src/common.h, src/pkcs11.c, src/serv.c: Added
+ gnutls_pkcs11_privkey_t and gnutls_privkey_t types. Those are an
+ abstract private key type that can be used to sign/encrypt any
+ private key of pkcs11,x509 or openpgp types. Added support for
+ PKCS11 in gnutls-cli/gnutls-serv.
+
+2010-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: ignore unrelated to gnutls files.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs11.h, lib/libgnutls.map, lib/pkcs11.c,
+ src/certtool-common.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/pkcs11.c: Added several helper
+ functions, to allow printing of tokens.
+
+2010-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_str.c,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/pkcs11.h,
+ lib/pkcs11.c, src/certtool-common.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/pkcs11.c:
+ Added ability to export certificates from PKCS #11 tokens. Added
+ ability to list trusted certificates, or only certificates with a
+ corresponding private key or just all.
+
+2010-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_srp.c, lib/configure.ac,
+ lib/gnutls.pc.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_psk.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/includes/Makefile.am,
+ lib/includes/gnutls/pkcs11.h, lib/libgnutls.map,
+ lib/openpgp/gnutls_openpgp.c, lib/pkcs11.c, lib/x509/common.c,
+ lib/x509/dn.c, src/Makefile.am, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa, src/pkcs11.c: Added initial PKCS #11 support.
+ Certtool can now print lists of certificates available in system.
+
+2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: Optimized the check_if_same().
+
+2010-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/x509/common.c, lib/x509/common.h:
+ Added a forgoten by god OID for RSA. Warn using the actual OID on
+ unknown public key algorithms.
+
+2009-12-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/ext_session_ticket.c: Adapt session ticket support to mbuffer
+ API.
+
+2009-08-16 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_kx.c,
+ lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Use mbuffers for
+ handshake synthesis.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c: Make _gnutls_handshake_io_send_int accept a
+ mbuffer_st.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c:
+ Simplify handshake send buffer logic.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Fix interrupted write braino.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c: Avoid pointer warning.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Remove now useless
+ _gnutls_mbuffer_enqueue{,copy} functions.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_mbuffers.c, lib/gnutls_record.c: Allocate data buffer
+ with mbuffer_st structure as suggested by Nikos.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_mbuffers.c, lib/gnutls_mbuffers.h: Prepare for mbuffer
+ allocation by the caller.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: GNUify some missed GNUification.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Harmonize read and write function names.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Now that LEVEL and LEVEL_EQ are fixed, use
+ less lines.
+
+2009-08-15 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_errors.h: Make LEVEL and LEVEL_EQ macros safer. Once again, I got bit by this pretty hard.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_record.c: Use a datum for ciphered data in
+ _gnutls_send_int.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.h: Remove the prototype for the non-existant
+ function _gnutls_io_write_buffered2.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_int.h, lib/gnutls_record.c: Cleanup of the remaining
+ internals.record_send_buffer mess.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Remove yet another !@#$% instance of
+ redundant hexadecimal dumping.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_record.c:
+ Modify slightly the contract of _gnutls_io_write_buffered as
+ suggested by Nikos Mavrogiannopoulos.
+
+2009-08-09 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Pass datums to mbuffers by address instead of
+ by value.
+
+2009-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_record.c: Corrected case where
+ handshake data were received during a session. It now stores them
+ for future use by a gnutls_handshake(). Reported by Peter
+ Hendrickson <pdh@wiredyne.com>.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Simplify _gnutls_io_write_buffered and
+ _gnutls_io_write_flush with mbuffers.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_int.h, lib/gnutls_state.c: Change type of
+ internals.record_send_buffer to a mbuffer.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Extract a simple_write function from
+ _gnutls_io_write_buffered.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_buffers.c: Add dump_bytes function.
+
+2009-08-06 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_mbuffers.c,
+ lib/gnutls_mbuffers.h: Add gnutls_mbuffers.{c,h} with some basic
+ mbuffer operations.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c: Do not rely on version ordering; use
+ switch..case instead.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/auth_cert.c: Remove hardcoded version checks in auth_cert.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_state.c: Remove hardcoded version check in
+ gnutls_state.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_cipher.c: Remove hardcoded version checks in
+ gnutls_cipher.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_sig.c: Remove hardcoded version checks in gnutls_sig.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_handshake.c: Remove hardcoded version checks in
+ gnutls_handshake.c.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c: Add version check function for selectable
+ signature/hash certificate algorithms.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c: Add version check functions for
+ non-minimal padding.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Add version
+ check function for explicit IV.
+
+2009-08-01 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/gnutls_algorithms.h: Add version check functions for
+ selectable PRF and extension handling.
+
+2010-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/announce.txt, doc/gnutls.texi, doc/manpages/gnutls-cli.1,
+ doc/manpages/gnutls-serv.1, lib/ext_safe_renegotiation.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_state.c, tests/safe-renegotiation/srn1.c,
+ tests/safe-renegotiation/srn5.c, tests/safe-renegotiation/testsrn:
+ Splitted safe renegotiation capabilities to %SAFE_RENEGOTIATION: will enable safe renegotiation. This is the
+ most secure and recommended option for clients. However this will
+ prevent from connecting to legacy servers. %PARTIAL_RENEGOTIATION: Prevents renegotiation with clients and
+ servers not supporting the safe renegotiation extension. (this is
+ the default) %UNSAFE_RENEGOTIATION: Permits (re-)handshakes even unsafe ones.
+
+2010-05-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Minor fix.
+
+2010-05-31 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, maint.mk: Update gnulib files.
+
+2010-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: Documented the defaults.
+
+2010-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: Added INITIAL_SAFE_RENEGOTIATION and other small
+ updates.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Update.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/README: Add.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_prohibit_strings_without_use, build-aux/c++defs.h,
+ build-aux/gendocs.sh, build-aux/gnupload, build-aux/vc-list-files,
+ configure.ac, doc/gendocs_template, gl/Makefile.am, gl/error.c,
+ gl/m4/asm-underscore.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
+ gl/m4/stdio_h.m4, gl/m4/unistd_h.m4, gl/m4/valgrind-tests.m4,
+ gl/netdb.in.h, gl/stdio-write.c, gl/stdio.in.h,
+ gl/tests/Makefile.am, gl/tests/init.sh, gl/tests/test-lseek.sh,
+ gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, gl/tests/test-verify.c,
+ gl/tests/test-verify.sh, gl/tests/verify.h, gl/unistd.in.h,
+ gl/vasnprintf.c, gl/wchar.in.h, gtk-doc.make,
+ lib/build-aux/c++defs.h, lib/gl/Makefile.am,
+ lib/gl/m4/asm-underscore.m4, lib/gl/m4/fcntl-o.m4,
+ lib/gl/m4/gettext.m4, lib/gl/m4/gnulib-common.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/iconv.m4, lib/gl/m4/intl.m4,
+ lib/gl/m4/netdb_h.m4, lib/gl/m4/po.m4, lib/gl/m4/stdio_h.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/netdb.in.h, lib/gl/stdio-write.c,
+ lib/gl/stdio.in.h, lib/gl/tests/Makefile.am, lib/gl/tests/init.sh,
+ lib/gl/tests/test-vasprintf.c, lib/gl/tests/test-verify.c,
+ lib/gl/tests/test-verify.sh, lib/gl/tests/verify.h,
+ lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
+ libextra/gl/m4/gnulib-common.m4, m4/valgrind.m4, maint.mk: Update
+ gnulib files, use valgrind-tests module, fix syntax-check problems.
+
+2010-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Doc fix.
+
+2010-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.h, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/verify.c: Use correct hashing algorithms for DSA with q
+ over 160 bits.
+
+2010-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Better checks in loops.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c: Doc fix.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, gtk-doc.make, m4/gtk-doc.m4: Support
+ GTK-DOC PDF file.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Also build PDF manual.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix node/section usage.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/srn5.c: Fix self test.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Readd lost fix from Nikos.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_safe_renegotiation.c: Readd lost fix from Nikos.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c, libextra/includes/gnutls/openssl.h,
+ libextra/openssl_compat.c: Doc fixes.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Doc fix.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, NEWS, README, cfg.mk, configure.ac, doc/Makefile.am,
+ doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
+ doc/examples/Makefile.am, doc/examples/ex-client-srp.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/gnutls.texi, doc/manpages/Makefile.am,
+ doc/printlist.c, guile/Makefile.am, guile/modules/Makefile.am,
+ guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/priorities.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/build/utils.scm,
+ guile/modules/gnutls/extra.scm, guile/src/Makefile.am,
+ guile/src/core.c, guile/src/errors.c, guile/src/errors.h,
+ guile/src/extra.c, guile/src/make-enum-header.scm,
+ guile/src/make-enum-map.scm, guile/src/make-session-priorities.scm,
+ guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
+ guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
+ guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
+ guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
+ guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
+ lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
+ lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
+ lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
+ lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
+ lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
+ lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_helper.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
+ lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_supplemental.c,
+ lib/gnutls_supplemental.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_v2_compat.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/includes/Makefile.am, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/libgnutlsxx.map, lib/m4/hooks.m4,
+ lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
+ lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
+ lib/openpgp/Makefile.am, lib/openpgp/compat.c,
+ lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
+ lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
+ libextra/configure.ac, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/fipsmd5.c,
+ libextra/gl/Makefile.am, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
+ libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
+ libextra/m4/hooks.m4, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, src/Makefile.am, src/benchmark.c,
+ src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
+ src/crypt.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
+ src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
+ tests/certder.c, tests/certificate_set_x509_crl.c,
+ tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
+ tests/crypto_rng.c, tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/key-id/Makefile.am,
+ tests/key-id/key-id, tests/mini-eagain.c,
+ tests/mini-x509-rehandshake.c, tests/mini-x509.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
+ tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
+ tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
+ tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
+ tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
+ tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
+ tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
+ tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
+ tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
+ tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
+ tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
+ tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/rsa-md5-collision,
+ tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn0.c, tests/safe-renegotiation/srn1.c,
+ tests/safe-renegotiation/srn2.c, tests/safe-renegotiation/srn3.c,
+ tests/safe-renegotiation/srn4.c, tests/safe-renegotiation/srn5.c,
+ tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
+ tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
+ tests/userid/userid, tests/utils.c, tests/utils.h,
+ tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
+ tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
+ Change GNUTLS into GnuTLS.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS, ChangeLog.1, NEWS, README, README-alpha, THANKS,
+ doc/gnutls.texi, doc/manpages/gnutls-cli-debug.1,
+ doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
+ doc/manpages/srptool.1, doc/reference/gnutls-docs.sgml,
+ lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
+ src/cli-gaa.c, src/cli.gaa, src/serv-gaa.c, src/serv.gaa,
+ src/tls_test-gaa.c, src/tls_test.gaa: Change GNU TLS into GnuTLS.
+
+2010-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c: Ignore
+ parsing of ciphersuite or extensions when safe renegotiation is
+ disabled.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn5.c: Add test of self renegotiation
+ APIs.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/README, tests/safe-renegotiation/srn4.c:
+ Add more rengotiation self tests.
+
+2010-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/README, tests/safe-renegotiation/srn0.c:
+ Add more safe renegotiation self test.
+
+2010-05-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/announce.txt, doc/gnutls.texi,
+ doc/manpages/Makefile.am, lib/ext_safe_renegotiation.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ tests/safe-renegotiation/srn2.c: Remove
+ gnutls_safe_negotiation_set_initial and
+ gnutls_safe_renegotiation_set.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: Documented behavioral change.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_priority.c: Because we want to
+ differentiate the behavior of server and client with regards to safe
+ renegotiation. If a server didn't have either SAFE_RENEGOTIATION or
+ UNSAFE_RENEGOTIATION set the safe renegotiation will be the default.
+ This (as well as the safe_renegotiation_set flag) has to be removed
+ once safe renegotiation is default in both server and client side.
+
+2010-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c: Emulate old gnutls behavior regarding safe
+ renegotiation if the priority_* functions are not called.
+
+2010-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/x509.h: Corrected typo. Reported by Clint
+ Adams.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn1.c, tests/safe-renegotiation/srn3.c:
+ tests: Add srn3 to test inverse of what srn1 is testing.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn2.c: tests: Add another safe
+ renegotiation self tests.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/srn1.c: Also test
+ gnutls_safe_renegotiation_status API.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/srn1.c: tests: Add first self-test of safe
+ renegotiation extension.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/mini-x509-rehandshake.c: tests: Add small
+ X.509 rehandshake test.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/mini-x509.c: Protect against infloops.
+
+2010-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/mini-x509.c: tests: Add mini-x509
+ self-test.
+
+2010-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Improve text, based on suggestions from Tomas
+ Hoger <thoger@redhat.com>.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Fix typo.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Improve renegotiation debug messages.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Add.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Add.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add section on safe renegotiation.
+
+2010-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Remove debug code.
+
+2010-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Mention shared library map file and GTK-DOC
+ guidelines.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Update URL.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Update my OpenPGP key.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announce.txt: Update my key.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announcement-template.txt: Remove.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/ANNOUNCE, doc/announce.txt: Prepare 2.10.0 release notes.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add 2.8.x NEWS entries.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/configure.ac: Also bump libgnutls-extra version.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4: Bump
+ versions.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh: Chmod +x.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2010-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.10.
+
+2010-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
+ lib/minitasn1/decoding.c, lib/minitasn1/element.h,
+ lib/minitasn1/gstr.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
+ lib/minitasn1/structure.h, lib/minitasn1/version.c: Upgrade to
+ libtasn1 version 2.6.
+
+2010-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/ioctl.m4,
+ gl/m4/netdb_h.m4, gl/stdbool.in.h, gl/tests/test-lseek.sh,
+ gl/tests/test-select-in.sh, gl/tests/test-stdbool.c,
+ gl/tests/test-stdint.c, lib/gl/Makefile.am, lib/gl/m4/netdb_h.m4,
+ lib/gl/m4/visibility.m4, lib/gl/stdbool.in.h,
+ lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stdint.c,
+ lib/gl/tests/test-vasprintf.c, maint.mk: Update gnulib files.
+
+2010-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Structure fork check together.
+
+2010-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Fix compiler warning.
+
+2010-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/top/maint.mk.diff, libextra/gl/hmac-md5.c,
+ libextra/gl/md5.c, maint.mk: Update gnulib files.
+
+2010-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/crypto-api.c, lib/gnutls_priority.c: Indent code.
+
+2010-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c, lib/includes/gnutls/crypto.h: Use size_t instead
+ of int for input variables that represent sizes.
+
+2010-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: Free the priority structure on error.
+ Reported by Paul Aurich.
+
+2010-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: The string is colon separated. Reported by
+ Paul Aurich.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Fix indent bug.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, doc/examples/examples.h, guile/src/errors.h,
+ guile/src/utils.h, lib/auth_cert.h, lib/auth_dh_common.h,
+ lib/crypto.h, lib/ext_oprfi.h, lib/ext_safe_renegotiation.h,
+ lib/ext_session_ticket.h, lib/ext_signature.h,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress.h, lib/gnutls_cryptodev.h, lib/gnutls_errors.h,
+ lib/gnutls_extensions.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_mpi.h, lib/gnutls_pk.h, lib/gnutls_sig.h,
+ lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
+ lib/gnutls_supplemental.h, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/keydb.h,
+ lib/opencdk/main.h, lib/opencdk/opencdk.h, lib/opencdk/packet.h,
+ lib/opencdk/stream.h, lib/opencdk/types.h,
+ lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp_int.h,
+ lib/x509/pbkdf2-sha1.h, lib/x509/x509_int.h,
+ libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, src/certtool-cfg.h,
+ src/certtool-common.h, src/common.h: More indentation.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-tlsia.c, doc/examples/ex-verify.c,
+ doc/examples/ex-x509-info.c, lib/auth_cert.c, lib/auth_rsa.c,
+ lib/ext_cert_type.c, lib/ext_max_record.c, lib/ext_oprfi.c,
+ lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
+ lib/ext_session_ticket.c, lib/ext_signature.c,
+ lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_constate.c, lib/gnutls_extensions.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
+ lib/gnutls_priority.c, lib/gnutls_record.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ lib/minitasn1/decoding.c, lib/opencdk/read-packet.c,
+ lib/opencdk/sig-check.c, lib/x509/pkcs12.c, lib/x509/verify.c,
+ libextra/gl/hmac-md5.c, libextra/gl/md5.c, src/benchmark.c,
+ src/certtool.c, src/cli.c, src/serv.c, src/tests.c, src/tls_test.c,
+ tests/anonself.c, tests/certder.c, tests/chainverify.c,
+ tests/crq_apis.c, tests/crq_key_id.c, tests/cve-2008-4989.c,
+ tests/dhepskself.c, tests/dn.c, tests/dn2.c, tests/finished.c,
+ tests/gc.c, tests/hostname-check.c, tests/init_roundtrip.c,
+ tests/mini-eagain.c, tests/mini.c, tests/netconf-psk.c,
+ tests/nul-in-x509-names.c, tests/openpgp-keyring.c,
+ tests/openpgpself.c, tests/parse_ca.c, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
+ tests/resume.c, tests/set_pkcs12_cred.c, tests/simple.c,
+ tests/tlsia.c, tests/utils.c, tests/x509_altname.c, tests/x509dn.c,
+ tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
+ Indent code.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/crypto-api.c, lib/ext_safe_renegotiation.c,
+ lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/libgnutls.map,
+ lib/x509/x509.c: Export new ABIs. Doc fixes for new APIs.
+
+2010-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/Makefile.am: Disable self-test
+ temporarily until we make it work cross-platform.
+
+2010-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/ext_safe_renegotiation.c, lib/gnutls_algorithms.c,
+ lib/includes/gnutls/gnutls.h.in: Doc fixes.
+
+2010-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am, src/certtool-gaa.c: Generated.
+
+2010-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore c++defs.h.
+
+2010-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_prohibit_empty_lines_at_EOF, GNUmakefile,
+ build-aux/c++defs.h, build-aux/warn-on-use.h, doc/certtool.cfg,
+ doc/credentials/gnutls-http-serv, doc/credentials/params.pem,
+ doc/credentials/x509/Makefile.am, doc/credentials/x509/cert.pem,
+ doc/credentials/x509/clicert-dsa.pem, gl/Makefile.am, gl/fseeko.c,
+ gl/m4/fseeko.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/lib-link.m4, gl/m4/memchr.m4, gl/m4/stdio_h.m4,
+ gl/m4/stdlib_h.m4, gl/m4/string_h.m4, gl/m4/time_h.m4,
+ gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/stdio-impl.h,
+ gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h, gl/sys_socket.in.h,
+ gl/sys_stat.in.h, gl/sys_time.in.h, gl/tests/Makefile.am,
+ gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
+ gl/tests/test-vasnprintf.c, gl/time.in.h, gl/unistd.in.h,
+ gl/vasnprintf.c, gl/wchar.in.h, guile/modules/gnutls/extra.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificate.pem,
+ lib/build-aux/c++defs.h, lib/build-aux/warn-on-use.h,
+ lib/ext_cert_type.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
+ lib/gl/m4/fseeko.m4, lib/gl/m4/gnulib-common.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/lib-link.m4,
+ lib/gl/m4/memchr.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
+ lib/gl/m4/string_h.m4, lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4,
+ lib/gl/m4/time_r.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/stdio-impl.h, lib/gl/stdio.in.h,
+ lib/gl/stdlib.in.h, lib/gl/string.in.h, lib/gl/sys_socket.in.h,
+ lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/test-vasnprintf.c, lib/gl/time.in.h, lib/gl/time_r.c,
+ lib/gl/unistd.in.h, lib/gl/vasnprintf.c, lib/gl/wchar.in.h,
+ lib/minitasn1/Makefile.am, lib/minitasn1/README,
+ lib/opencdk/keydb.h, lib/opencdk/packet.h,
+ libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4,
+ libextra/gl/m4/lib-link.m4, maint.mk, src/certtool.gaa,
+ src/cfg/Makefile.am, src/crypt.gaa, src/tls_test.gaa,
+ tests/key-id/ca-gnutls-keyid.pem, tests/key-id/ca-no-keyid.pem,
+ tests/key-id/ca-weird-keyid.pem,
+ tests/pkcs1-padding/pkcs1-pad-broken.pem,
+ tests/pkcs1-padding/pkcs1-pad-broken2.pem,
+ tests/pkcs1-padding/pkcs1-pad-broken3.pem,
+ tests/pkcs1-padding/pkcs1-pad-ok.pem,
+ tests/pkcs1-padding/pkcs1-pad-ok2.pem,
+ tests/safe-renegotiation/Makefile.am, tests/test25.pem: Update
+ gnulib files, fix syntax-check warnings.
+
+2010-03-31 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore, gl/m4/wchar_h.m4, lib/gl/m4/wchar_h.m4: Add forgotten
+ gnulib files, and fix .gitignore.
+
+2010-03-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-03-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/LINGUAS, lib/po/it.po.in, lib/po/nl.po.in: Sync with TP.
+
+2010-03-31 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_program_name, .x-sc_the_the, cfg.mk,
+ lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
+ lib/m4/hooks.m4, lib/opencdk/sig-check.c, src/certtool.c,
+ src/serv.c, tests/dn.c, tests/mini.c: Update gnulib files. Fix
+ syntax-check warnings.
+
+2010-03-31 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/c++defs.h, build-aux/vc-list-files,
+ build-aux/warn-on-use.h, gl/Makefile.am, gl/accept.c,
+ gl/arpa_inet.in.h, gl/bind.c, gl/connect.c, gl/getaddrinfo.c,
+ gl/gettext.h, gl/gettimeofday.c, gl/m4/arpa_inet_h.m4,
+ gl/m4/getaddrinfo.m4, gl/m4/gettimeofday.m4,
+ gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
+ gl/m4/inet_pton.m4, gl/m4/lseek.m4, gl/m4/netdb_h.m4,
+ gl/m4/stddef_h.m4, gl/m4/stdio_h.m4, gl/m4/stdlib_h.m4,
+ gl/m4/string_h.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
+ gl/m4/sys_socket_h.m4, gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4,
+ gl/m4/time_h.m4, gl/m4/unistd_h.m4, gl/m4/warn-on-use.m4,
+ gl/m4/wchar.m4, gl/netdb.in.h, gl/netinet_in.in.h, gl/recv.c,
+ gl/select.c, gl/send.c, gl/stdint.in.h, gl/stdio.in.h,
+ gl/stdlib.in.h, gl/string.in.h, gl/sys_select.in.h,
+ gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
+ gl/tests/Makefile.am, gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h,
+ gl/tests/test-vc-list-files-git.sh, gl/time.in.h, gl/unistd.in.h,
+ gl/wchar.in.h, lib/build-aux/c++defs.h,
+ lib/build-aux/warn-on-use.h, lib/gl/Makefile.am, lib/gl/gettext.h,
+ lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/intldir.m4, lib/gl/m4/lseek.m4, lib/gl/m4/netdb_h.m4,
+ lib/gl/m4/printf-posix.m4, lib/gl/m4/stddef_h.m4,
+ lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4, lib/gl/m4/string_h.m4,
+ lib/gl/m4/strings_h.m4, lib/gl/m4/sys_socket_h.m4,
+ lib/gl/m4/sys_stat_h.m4, lib/gl/m4/time_h.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/m4/visibility.m4,
+ lib/gl/m4/warn-on-use.m4, lib/gl/m4/wchar.m4, lib/gl/netdb.in.h,
+ lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/stdlib.in.h,
+ lib/gl/string.in.h, lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
+ lib/gl/tests/Makefile.am, lib/gl/time.in.h, lib/gl/unistd.in.h,
+ lib/gl/wchar.in.h, libextra/gl/m4/gnulib-common.m4,
+ libextra/gl/m4/gnulib-comp.m4, maint.mk: Update gnulib files.
+
+2010-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * m4/valgrind.m4: Check for what we use. Bump serial.
+
+2010-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * m4/valgrind.m4, tests/Makefile.am: Valgrind -q is now set by the
+ valgrind detection script to avoid issue when running tests without
+ valgrind.
+
+2010-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: increased small value for certificates. Typical
+ certificates are much longer than that.
+
+2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac, tests/Makefile.am, tests/anonself.c,
+ tests/certder.c, tests/chainverify.c, tests/crq_apis.c,
+ tests/crq_key_id.c, tests/cve-2009-1415.c, tests/dhepskself.c,
+ tests/dn.c, tests/dn2.c, tests/finished.c, tests/gc.c,
+ tests/hostname-check.c, tests/init_roundtrip.c,
+ tests/mini-eagain.c, tests/mini.c, tests/moredn.c, tests/mpi.c,
+ tests/netconf-psk.c, tests/nul-in-x509-names.c,
+ tests/openpgp-keyring.c, tests/openpgpself.c, tests/openssl.c,
+ tests/parse_ca.c, tests/pkcs12_encode.c, tests/pkcs12_s2k.c,
+ tests/pskself.c, tests/resume.c, tests/set_pkcs12_cred.c,
+ tests/sha2/sha2, tests/simple.c, tests/tlsia.c,
+ tests/x509_altname.c, tests/x509dn.c, tests/x509self.c,
+ tests/x509sign-verify.c, tests/x509signself.c: Reduced several
+ unneeded messages during the make check procedure. Verbose messages
+ can be obtained with --verbose.
+
+2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am: use mv -f to avoid interactiveness.
+
+2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/dn2.c: Modified to account for postalcode.
+
+2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: added news entry for postalcode.
+
+2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/common.c: Display postalCode and Name X.509 DN attributes
+ correctly. Based on patch by Pavan Konjarla.
+
+2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/includes/gnutls/gnutls.h.in, src/serv-gaa.c, src/serv.gaa: Each
+ ciphersuite is now tight with a minimum TLS version and a maximum
+ one. It is valid if it is between (and including) those. This was
+ added to deprecate TLS_RSA_EXPORT_WITH_RC4_40_MD5 which is not
+ available with TLS 1.1. Reported by Adrian F. Dimcev.
+
+2010-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: Ignore more files.
+
+2010-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_alert.c,
+ lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, src/cli.c: Added
+ gnutls_certificate_set_verify_function() to allow checking
+ (verifying) certificate before the handshake is completed.
+
+2010-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-rfc2818.c, doc/examples/ex-verify.c: Use the flags
+ for expiration instead of getting the time of each certificate.
+
+2010-03-17 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha: Mention datefudge.
+
+2010-03-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-padding/pkcs1-pad: Skip test if datefudge is not
+ available.
+
+2010-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: INITIAL_SAFE_RENEGOTIATION implies
+ SAFE_RENEGOTIATION.
+
+2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Added missing prototype.
+
+2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/safe-renegotiation/testsrn: made SAFE_RENEGOTIATION flags
+ explicit.
+
+2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c, src/certtool.c: gnutls_x509_crt_verify() and
+ gnutls_x509_crt_list_verify() behave identically. That means that
+ gnutls_x509_crt_verify() will now check dates as well. Certool --verify-chain will use the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME
+ flag to gnutls_x509_crt_verify() to force verification even if
+ certificates are the same. The only exception is at the final
+ certificate (self-checking) where the extra flag
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT is specified to allow for v1 CA
+ certificates.
+
+2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: Handle dates before 1-1-1970 (handle as being
+ equal to 1-1-1970).
+
+2010-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pkcs1-padding/pkcs1-pad: Fail if required programs are not
+ found.
+
+2010-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
+ lib/ext_safe_renegotiation.c, lib/gnutls_priority.c,
+ lib/gnutls_record.c: Safe renegotiation is not enabled by default in
+ client side.
+
+2010-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/gnutls-cli.1, lib/gnutls_priority.c: better
+ documentation for %INITIAL_SAFE_RENEGOTIATION
+
+2010-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2010-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs:
+ Rewrite tests/openpgp-certs/testselfsigs portably for Solaris. Fix
+ EXTRA_DIST.
+
+2010-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/safe-renegotiation/testsrn: localhost -> 127.0.0.1 to work
+ in places where localhost does not resolve.
+
+2010-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c: Extended time
+ verification to trusted certificate list as well. Introduced the
+ flag GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS that will prevent the
+ trusted certificate list verification.
+
+2010-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: Added tests for safe
+ renegotiation. Removed old tests for obsolete features (lzo) and
+ tests that were not actually working (srp).
+
+2010-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_handshake.c, lib/includes/gnutls/gnutls.h.in,
+ tests/safe-renegotiation/testsrn: Extension generation in SSL 3.0
+ (as a reply to SCSV) is not using common code with normal extension
+ generation. Solve issue reported by Tomas Mraz that caused SSL 3.0
+ renegotiation fail.
+
+2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: Removed artificial constrained that prevented
+ end-user certificates, being added to the trusted list, treated as
+ trusted. Suggestion and patch by Tomas Mraz.
+
+2010-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/gnutls-cli.1: Documented that
+ initial_safe_renegotiation is the default.
+
+2010-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: gnutls-serv will terminate connection on rehandshake
+ errors.
+
+2010-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_handshake.c,
+ lib/includes/gnutls/gnutls.h.in: Avoid sending alerts during
+ handshake. Alerts might be interrupted and return a non-fatal error
+ which will propagate and in many cases it shouldn't. Avoid sending no renegotiation alert when a client connects to an
+ unsafe server. Thanks to Tomas Hoger for the report.
+
+2010-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: On handshake error send appropriate alert and terminate
+ stream.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml: Add id's to chapters.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Update.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/zh_CN.po: Remove.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Fix -lrt usage.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/benchmark.c: Use gnulib gettime module. Indent.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/zh_CN.po: Add.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gl/netdb.in.h: Update gnulib files.
+
+2010-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gettime.c, gl/gettimeofday.c,
+ gl/m4/clock_time.m4, gl/m4/gettime.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/timespec.m4, gl/netdb.in.h,
+ gl/tests/Makefile.am, gl/tests/gettimeofday.c, gl/timespec.h: Update
+ gnulib files.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/cryptodev.c: Indent. Don't include fcntl.h and sys/ioctl.h on
+ (for example) Windows.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/testsrn: Fix objdir != srcdir.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/safe-renegotiation/testsrn: Drop bashism. Make it work on
+ Windows.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml,
+ lib/ext_safe_renegotiation.c, lib/ext_signature.c,
+ lib/gnutls_supplemental.c: More GTK-DOC fixes.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_db.c: Doc fix.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/gnutls_openpgp.c: Doc fix.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Doc fix.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Fix enum doc.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: More enum docs.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/crypto.h: More enum documentation.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_ia.c: Doc fix.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/x509.h: More enum documentation.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/includes/gnutls/extra.h: Document more.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/openpgp.h: Document more.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/pkcs12.h: Document enum.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: More enum.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Fix typo.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: More GTK-DOC documentation.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Improve GTK-DOC coverage.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/crypto.h: Fix comments, for GTK-DOC.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore more headers.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c: Doc fix.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/crypto.h: Fix for GTK-DOC parse breakage.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore gnutlsxx.h too, GTK-DOC doesn't
+ handle C++.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Need crypto.h too.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Improve header ignores.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c: Upgrade to libtasn1 2.5 snapshot, for
+ GTK-DOC comments.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/openpgp.h: Another GTK-DOC fix.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp_sb64.c, lib/crypto-api.c, lib/crypto.c,
+ lib/ext_safe_renegotiation.c, lib/ext_server_name.c,
+ lib/ext_signature.c, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_compress.c, lib/gnutls_db.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_priority.c,
+ lib/gnutls_psk.c, lib/gnutls_psk_netconf.c, lib/gnutls_record.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_session.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_ui.c,
+ lib/gnutls_x509.c, lib/includes/gnutls/crypto.h,
+ lib/opencdk/stream.c, lib/openpgp/compat.c, lib/openpgp/extras.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
+ lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
+ lib/x509/common.c, lib/x509/crl.c, lib/x509/crl_write.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/output.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_write.c, lib/x509_b64.c, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, libextra/openssl_compat.c: Fix GTK-DOC syntax.
+ Unfortunately this looses some information.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp_sb64.c, lib/crypto-api.c,
+ lib/ext_safe_renegotiation.c, lib/gnutls_anon_cred.c,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_db.c,
+ lib/gnutls_dh.c, lib/gnutls_handshake.c, lib/gnutls_mem.c,
+ lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_record.c,
+ lib/gnutls_session.c, lib/gnutls_srp.c, lib/gnutls_state.c,
+ lib/gnutls_x509.c, lib/x509/crl.c, lib/x509/crl_write.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/sign.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
+ libextra/openssl_compat.c: Align indentation of GTK-DOC comments.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/vi.po.in: Sync with TP.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Silence gnulib warning about fseek.
+
+2010-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, build-aux/gnupload, gl/Makefile.am,
+ gl/m4/getdelim.m4, gl/m4/getline.m4, gl/m4/gettimeofday.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4, gl/m4/sys_time_h.m4,
+ gl/netdb.in.h, gl/stdio.in.h, gl/sys_time.in.h,
+ gl/tests/test-getdelim.c, gl/tests/test-getline.c,
+ gl/tests/test-gettimeofday.c, lib/gl/Makefile.am,
+ lib/gl/m4/stdio_h.m4, lib/gl/netdb.in.h, lib/gl/stdio.in.h,
+ maint.mk: Update gnulib files.
+
+2010-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_session_pack.c: Corrected calculation of session data
+ for PSK ciphersuites. Solves issue #107256 reported by Wolfgang
+ Glas.
+
+2010-02-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/ANNOUNCE: Add announcement message.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/LINGUAS, lib/po/cs.po.in, lib/po/de.po.in,
+ lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
+ lib/po/sv.po.in, lib/po/zh_CN.po.in: Sync with TP.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gnupload, doc/gendocs_template,
+ gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
+ gl/tests/test-read-file.c, gl/tests/test-sockets.c,
+ lib/gl/tests/test-memchr.c, lib/gl/tests/test-read-file.c,
+ lib/gl/tests/test-sockets.c: Update gnulib files.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/gstr.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c: Use libtasn1 v2.4.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.pc.in: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * .clcopying: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/key-id/README, tests/libgcrypt.supp,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/README, tests/rsa-md5-collision/mbox,
+ tests/userid/userid.pem: License fix.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog, cfg.mk, configure.ac, doc/Makefile.am,
+ doc/credentials/Makefile.am, doc/cyclo/Makefile.am, doc/errcodes.c,
+ doc/examples/Makefile.am, doc/extract-guile-c-doc.scm,
+ doc/gendocs_template, doc/manpages/Makefile.am, doc/printlist.c,
+ gl/gnulib.mk, gl/m4/onceonly_2_57.m4, gl/tests/gnulib.mk,
+ guile/Makefile.am, guile/modules/Makefile.am,
+ guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/priorities.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/build/utils.scm,
+ guile/modules/gnutls/extra.scm,
+ guile/modules/system/documentation/c-snarf.scm,
+ guile/modules/system/documentation/output.scm,
+ guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
+ guile/src/errors.c, guile/src/errors.h, guile/src/extra.c,
+ guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
+ guile/src/make-session-priorities.scm,
+ guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
+ guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
+ guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
+ guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm, guile/tests/pkcs-import-export.scm,
+ guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
+ lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/configure.ac,
+ lib/crypto-api.c, lib/crypto.c, lib/crypto.h, lib/cryptodev.c,
+ lib/debug.c, lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
+ lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
+ lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
+ lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/gnutls_session.c, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
+ lib/m4/hooks.m4, lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
+ lib/minitasn1/gstr.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
+ lib/opencdk/Makefile.am, lib/opencdk/armor.c,
+ lib/opencdk/context.h, lib/opencdk/filters.h, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
+ lib/opencdk/main.c, lib/opencdk/main.h, lib/opencdk/misc.c,
+ lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
+ lib/opencdk/packet.h, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c,
+ lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
+ lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
+ lib/openpgp/compat.c, lib/openpgp/extras.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/output.c,
+ lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
+ lib/pk-libgcrypt.c, lib/po/cs.po.in, lib/po/de.po.in,
+ lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
+ lib/po/sv.po.in, lib/random.c, lib/random.h, lib/rnd-libgcrypt.c,
+ lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/extensions.c, lib/x509/mpi.c,
+ lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
+ libextra/configure.ac, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/fipsmd5.c,
+ libextra/gl/Makefile.am, libextra/gnutls-extra.pc.in,
+ libextra/gnutls_extra.c, libextra/gnutls_ia.c,
+ libextra/gnutls_openssl.c, libextra/includes/Makefile.am,
+ libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
+ libextra/m4/hooks.m4, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, m4/guile.m4, m4/valgrind.m4,
+ src/Makefile.am, src/common.c, src/serv.c, tests/Makefile.am,
+ tests/anonself.c, tests/certder.c,
+ tests/certificate_set_x509_crl.c, tests/chainverify.c,
+ tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
+ tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/key-id/Makefile.am,
+ tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
+ tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
+ tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
+ tests/openpgp-certs/Makefile.am, tests/openpgp-keyring.c,
+ tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
+ tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
+ tests/pgps2kgnu.c, tests/pkcs1-padding/Makefile.am,
+ tests/pkcs1-padding/pkcs1-pad, tests/pkcs12-decode/Makefile.am,
+ tests/pkcs12-decode/pkcs12, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
+ tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
+ tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/rsa-md5-collision, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
+ tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
+ tests/userid/userid, tests/utils.c, tests/utils.h,
+ tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
+ tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c:
+ Update copyright years.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * README: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/crypt.c: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/tls_test.c: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/tests.c: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/psk.c: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/prime.c: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: Fix copyright/license.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/benchmark.c: Indent and fix copyright notices.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gnupload, gl/tests/test-gettimeofday.c,
+ gl/tests/test-memchr.c, gl/tests/test-read-file.c,
+ gl/tests/test-sockets.c, lib/gl/tests/test-memchr.c,
+ lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c: Update
+ gnulib files.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog, ChangeLog.1, THANKS, build-aux/gnupload, cfg.mk,
+ doc/Makefile.am, doc/credentials/Makefile.am,
+ doc/cyclo/Makefile.am, doc/errcodes.c, doc/examples/Makefile.am,
+ doc/extract-guile-c-doc.scm, doc/manpages/Makefile.am,
+ doc/printlist.c, gl/tests/test-gettimeofday.c,
+ gl/tests/test-memchr.c, gl/tests/test-read-file.c,
+ gl/tests/test-sockets.c, guile/Makefile.am,
+ guile/modules/Makefile.am, guile/modules/gnutls.scm,
+ guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/priorities.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/build/utils.scm,
+ guile/modules/gnutls/extra.scm,
+ guile/modules/system/documentation/c-snarf.scm,
+ guile/modules/system/documentation/output.scm,
+ guile/pre-inst-guile.in, guile/src/errors.h,
+ guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
+ guile/src/make-session-priorities.scm,
+ guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
+ guile/src/utils.h, guile/tests/anonymous-auth.scm,
+ guile/tests/errors.scm, guile/tests/openpgp-auth.scm,
+ guile/tests/openpgp-keyring.scm, guile/tests/openpgp-keys.scm,
+ guile/tests/pkcs-import-export.scm,
+ guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificates.scm,
+ lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/cipher-libgcrypt.c, lib/crypto-api.c,
+ lib/crypto.c, lib/crypto.h, lib/cryptodev.c, lib/debug.c,
+ lib/debug.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_oprfi.c,
+ lib/ext_oprfi.h, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/ext_signature.c, lib/ext_signature.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gl/tests/test-memchr.c,
+ lib/gl/tests/test-read-file.c, lib/gl/tests/test-sockets.c,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_auth.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
+ lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
+ lib/gnutls_psk_netconf.c, lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/gnutls_session.c, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/gnutls_supplemental.c, lib/gnutls_supplemental.h,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/includes/Makefile.am,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/openpgp.h, lib/includes/gnutls/pkcs12.h,
+ lib/includes/gnutls/x509.h, lib/libgnutls.map, lib/libgnutlsxx.map,
+ lib/mac-libgcrypt.c, lib/minitasn1/Makefile.am,
+ lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/gstr.c,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c, lib/mpi-libgcrypt.c,
+ lib/opencdk/Makefile.am, lib/opencdk/hash.c,
+ lib/openpgp/Makefile.am, lib/openpgp/compat.c,
+ lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c, lib/pk-libgcrypt.c, lib/random.c,
+ lib/random.h, lib/rnd-libgcrypt.c, lib/x509/Makefile.am,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/Makefile.am,
+ libextra/ext_inner_application.c, libextra/ext_inner_application.h,
+ libextra/fipsmd5.c, libextra/gl/Makefile.am,
+ libextra/gnutls-extra.pc.in, libextra/gnutls_extra.c,
+ libextra/gnutls_ia.c, libextra/gnutls_openssl.c,
+ libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, libextra/libgnutls-extra.map,
+ libextra/openssl_compat.c, libextra/openssl_compat.h,
+ src/Makefile.am, src/benchmark.c, src/certtool-cfg.c,
+ src/certtool.c, src/common.c, src/crypt.c, src/prime.c, src/psk.c,
+ src/serv.c, src/tests.c, src/tls_test.c, tests/Makefile.am,
+ tests/anonself.c, tests/certder.c, tests/chainverify.c,
+ tests/crq_apis.c, tests/crq_key_id.c, tests/crypto_rng.c,
+ tests/cve-2008-4989.c, tests/cve-2009-1415.c,
+ tests/cve-2009-1416.c, tests/dhepskself.c, tests/dn.c, tests/dn2.c,
+ tests/finished.c, tests/gc.c, tests/hostname-check.c,
+ tests/init_roundtrip.c, tests/key-id/Makefile.am,
+ tests/key-id/key-id, tests/mini-eagain.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/netconf-psk.c,
+ tests/nist-pkits/pkits, tests/nist-pkits/pkits_crl,
+ tests/nist-pkits/pkits_crt, tests/nist-pkits/pkits_pkcs12,
+ tests/nist-pkits/pkits_smime, tests/nul-in-x509-names.c,
+ tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testcerts,
+ tests/openpgp-certs/testselfsigs, tests/openpgp-keyring.c,
+ tests/openpgpself.c, tests/openssl.c, tests/oprfi.c,
+ tests/parse_ca.c, tests/pathlen/Makefile.am, tests/pathlen/pathlen,
+ tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
+ tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
+ tests/pkcs12_encode.c, tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c,
+ tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
+ tests/pskself.c, tests/resume.c, tests/rfc2253-escape-test,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/rsa-md5-collision,
+ tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/testsrn, tests/set_pkcs12_cred.c,
+ tests/setcredcrash.c, tests/sha2/Makefile.am, tests/sha2/sha2,
+ tests/simple.c, tests/tlsia.c, tests/userid/Makefile.am,
+ tests/userid/userid, tests/utils.c, tests/utils.h,
+ tests/x509_altname.c, tests/x509dn.c, tests/x509paths/chain,
+ tests/x509self.c, tests/x509sign-verify.c, tests/x509signself.c: Fix
+ FSF copyright notices.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS, doc/gnutls.texi: doc: Fix pkg-config recommendation. Reported by Claudio Saavedra <csaavedra@igalia.com> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4095>.
+
+2010-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, src/cli.c: gnutls-cli: Handle reading binary data
+ from server. Reported by and tiny patch from Vitaly Mayatskikh
+ <v.mayatskih@gmail.com> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/update-copyright, gl/Makefile.am,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
+ gl/tests/test-update-copyright.sh: Update gnulib files.
+
+2010-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/openpgp-certs/testcerts, tests/openpgp-certs/testselfsigs,
+ tests/safe-renegotiation/testsrn: Added copyright notices!
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am: Generated.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Improve.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore more.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore, lib/gl/m4/warn-on-use.m4: Update gnulib files.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/warn-on-use.m4, lib/build-aux/arg-nonnull.h,
+ lib/build-aux/warn-on-use.h: Update gnulib files.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Fix.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gl/tests/macros.h, lib/gl/tests/signature.h: Update gnulib
+ files.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Fix
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/macros.h, gl/tests/signature.h,
+ gl/tests/test-sys_ioctl.c: Update gnulib files.
+
+2010-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, build-aux/arg-nonnull.h, build-aux/config.rpath,
+ build-aux/gendocs.sh, build-aux/gnupload, build-aux/link-warning.h,
+ build-aux/pmccabe2html, build-aux/useless-if-before-free,
+ build-aux/vc-list-files, build-aux/warn-on-use.h, gl/Makefile.am,
+ gl/accept.c, gl/alignof.h, gl/alloca.c, gl/alloca.in.h,
+ gl/arpa_inet.in.h, gl/asnprintf.c, gl/bind.c, gl/c-ctype.c,
+ gl/c-ctype.h, gl/close-hook.c, gl/close-hook.h, gl/close.c,
+ gl/connect.c, gl/errno.in.h, gl/error.c, gl/error.h, gl/fclose.c,
+ gl/float+.h, gl/float.in.h, gl/fseeko.c, gl/gai_strerror.c,
+ gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/getpass.c,
+ gl/getpass.h, gl/gettext.h, gl/inet_ntop.c, gl/inet_pton.c,
+ gl/intprops.h, gl/listen.c, gl/lseek.c, gl/m4/00gnulib.m4,
+ gl/m4/alloca.m4, gl/m4/arpa_inet_h.m4, gl/m4/autobuild.m4,
+ gl/m4/close.m4, gl/m4/errno_h.m4, gl/m4/error.m4,
+ gl/m4/extensions.m4, gl/m4/fclose.m4, gl/m4/float_h.m4,
+ gl/m4/fseeko.m4, gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4,
+ gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gettimeofday.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-common.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/hostent.m4,
+ gl/m4/include_next.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
+ gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4,
+ gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/m4/longlong.m4,
+ gl/m4/lseek.m4, gl/m4/malloc.m4, gl/m4/manywarnings.m4,
+ gl/m4/memchr.m4, gl/m4/minmax.m4, gl/m4/mmap-anon.m4,
+ gl/m4/multiarch.m4, gl/m4/netdb_h.m4, gl/m4/netinet_in_h.m4,
+ gl/m4/perror.m4, gl/m4/printf.m4, gl/m4/read-file.m4,
+ gl/m4/readline.m4, gl/m4/realloc.m4, gl/m4/select.m4,
+ gl/m4/servent.m4, gl/m4/size_max.m4, gl/m4/snprintf.m4,
+ gl/m4/sockets.m4, gl/m4/socklen.m4, gl/m4/sockpfaf.m4,
+ gl/m4/stdarg.m4, gl/m4/stdbool.m4, gl/m4/stddef_h.m4,
+ gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
+ gl/m4/stdlib_h.m4, gl/m4/strerror.m4, gl/m4/string_h.m4,
+ gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4, gl/m4/sys_socket_h.m4,
+ gl/m4/sys_stat_h.m4, gl/m4/sys_time_h.m4, gl/m4/time_h.m4,
+ gl/m4/ungetc.m4, gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4,
+ gl/m4/version-etc.m4, gl/m4/warnings.m4, gl/m4/wchar.m4,
+ gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/memchr.c,
+ gl/minmax.h, gl/netdb.in.h, gl/netinet_in.in.h,
+ gl/override/lib/gettext.h.diff, gl/perror.c, gl/printf-args.c,
+ gl/printf-args.h, gl/printf-parse.c, gl/printf-parse.h,
+ gl/progname.c, gl/progname.h, gl/read-file.c, gl/read-file.h,
+ gl/readline.c, gl/readline.h, gl/realloc.c, gl/recv.c, gl/select.c,
+ gl/send.c, gl/setsockopt.c, gl/shutdown.c, gl/size_max.h,
+ gl/snprintf.c, gl/socket.c, gl/sockets.c, gl/sockets.h,
+ gl/stdarg.in.h, gl/stdbool.in.h, gl/stddef.in.h, gl/stdint.in.h,
+ gl/stdio-impl.h, gl/stdio-write.c, gl/stdio.in.h, gl/stdlib.in.h,
+ gl/strerror.c, gl/string.in.h, gl/sys_select.in.h,
+ gl/sys_socket.in.h, gl/sys_stat.in.h, gl/sys_time.in.h,
+ gl/tests/Makefile.am, gl/tests/dummy.c, gl/tests/gettimeofday.c,
+ gl/tests/ioctl.c, gl/tests/sys_ioctl.in.h, gl/tests/test-alignof.c,
+ gl/tests/test-alloca-opt.c, gl/tests/test-arpa_inet.c,
+ gl/tests/test-c-ctype.c, gl/tests/test-errno.c,
+ gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
+ gl/tests/test-getdelim.c, gl/tests/test-getline.c,
+ gl/tests/test-gettimeofday.c, gl/tests/test-inet_ntop.c,
+ gl/tests/test-inet_pton.c, gl/tests/test-lseek.c,
+ gl/tests/test-memchr.c, gl/tests/test-netdb.c,
+ gl/tests/test-netinet_in.c, gl/tests/test-perror.c,
+ gl/tests/test-read-file.c, gl/tests/test-select-fd.c,
+ gl/tests/test-select-stdin.c, gl/tests/test-select.c,
+ gl/tests/test-snprintf.c, gl/tests/test-stdbool.c,
+ gl/tests/test-stddef.c, gl/tests/test-stdint.c,
+ gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
+ gl/tests/test-strerror.c, gl/tests/test-string.c,
+ gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
+ gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
+ gl/tests/test-time.c, gl/tests/test-unistd.c,
+ gl/tests/test-vasnprintf.c, gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, gl/tests/test-version-etc.c,
+ gl/tests/test-version-etc.sh, gl/tests/test-wchar.c,
+ gl/tests/verify.h, gl/tests/w32sock.h, gl/tests/zerosize-ptr.h,
+ gl/time.in.h, gl/unistd.in.h, gl/vasnprintf.c, gl/vasnprintf.h,
+ gl/version-etc-fsf.c, gl/version-etc.c, gl/version-etc.h,
+ gl/w32sock.h, gl/wchar.in.h, gl/xsize.h,
+ lib/build-aux/config.rpath, lib/build-aux/link-warning.h,
+ lib/gl/Makefile.am, lib/gl/alignof.h, lib/gl/alloca.in.h,
+ lib/gl/asnprintf.c, lib/gl/asprintf.c, lib/gl/byteswap.in.h,
+ lib/gl/c-ctype.c, lib/gl/c-ctype.h, lib/gl/close-hook.c,
+ lib/gl/close-hook.h, lib/gl/errno.in.h, lib/gl/float+.h,
+ lib/gl/float.in.h, lib/gl/fseeko.c, lib/gl/gettext.h,
+ lib/gl/lseek.c, lib/gl/m4/00gnulib.m4, lib/gl/m4/alloca.m4,
+ lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
+ lib/gl/m4/extensions.m4, lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4,
+ lib/gl/m4/func.m4, lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4,
+ lib/gl/m4/glibc21.m4, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/gnulib-tool.m4, lib/gl/m4/iconv.m4,
+ lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
+ lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
+ lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
+ lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
+ lib/gl/m4/ld-output-def.m4, lib/gl/m4/ld-version-script.m4,
+ lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
+ lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
+ lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
+ lib/gl/m4/memmem.m4, lib/gl/m4/minmax.m4, lib/gl/m4/mmap-anon.m4,
+ lib/gl/m4/multiarch.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
+ lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
+ lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
+ lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
+ lib/gl/m4/sockets.m4, lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4,
+ lib/gl/m4/stdbool.m4, lib/gl/m4/stddef_h.m4, lib/gl/m4/stdint.m4,
+ lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
+ lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
+ lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
+ lib/gl/m4/sys_socket_h.m4, lib/gl/m4/sys_stat_h.m4,
+ lib/gl/m4/threadlib.m4, lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4,
+ lib/gl/m4/uintmax_t.m4, lib/gl/m4/ungetc.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/m4/vasprintf.m4,
+ lib/gl/m4/visibility.m4, lib/gl/m4/vsnprintf.m4,
+ lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
+ lib/gl/m4/xsize.m4, lib/gl/memchr.c, lib/gl/memmem.c,
+ lib/gl/minmax.h, lib/gl/netdb.in.h,
+ lib/gl/override/lib/gettext.h.diff, lib/gl/printf-args.c,
+ lib/gl/printf-args.h, lib/gl/printf-parse.c, lib/gl/printf-parse.h,
+ lib/gl/read-file.c, lib/gl/read-file.h, lib/gl/realloc.c,
+ lib/gl/size_max.h, lib/gl/snprintf.c, lib/gl/sockets.c,
+ lib/gl/sockets.h, lib/gl/stdbool.in.h, lib/gl/stddef.in.h,
+ lib/gl/stdint.in.h, lib/gl/stdio-impl.h, lib/gl/stdio-write.c,
+ lib/gl/stdio.in.h, lib/gl/stdlib.in.h, lib/gl/str-two-way.h,
+ lib/gl/strcasecmp.c, lib/gl/string.in.h, lib/gl/strings.in.h,
+ lib/gl/strncasecmp.c, lib/gl/strverscmp.c, lib/gl/sys_socket.in.h,
+ lib/gl/sys_stat.in.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/dummy.c, lib/gl/tests/intprops.h,
+ lib/gl/tests/test-alloca-opt.c, lib/gl/tests/test-byteswap.c,
+ lib/gl/tests/test-c-ctype.c, lib/gl/tests/test-errno.c,
+ lib/gl/tests/test-fseeko.c, lib/gl/tests/test-func.c,
+ lib/gl/tests/test-memchr.c, lib/gl/tests/test-netdb.c,
+ lib/gl/tests/test-read-file.c, lib/gl/tests/test-snprintf.c,
+ lib/gl/tests/test-stdbool.c, lib/gl/tests/test-stddef.c,
+ lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
+ lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
+ lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
+ lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
+ lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
+ lib/gl/tests/test-vasnprintf.c, lib/gl/tests/test-vasprintf.c,
+ lib/gl/tests/test-vsnprintf.c, lib/gl/tests/test-wchar.c,
+ lib/gl/tests/verify.h, lib/gl/tests/zerosize-ptr.h,
+ lib/gl/time.in.h, lib/gl/time_r.c, lib/gl/unistd.in.h,
+ lib/gl/vasnprintf.c, lib/gl/vasnprintf.h, lib/gl/vasprintf.c,
+ lib/gl/vsnprintf.c, lib/gl/w32sock.h, lib/gl/wchar.in.h,
+ lib/gl/xsize.h, libextra/build-aux/config.rpath,
+ libextra/gl/gnulib.mk, libextra/gl/hmac-md5.c, libextra/gl/hmac.h,
+ libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
+ libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
+ libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/gnulib-tool.m4,
+ libextra/gl/m4/hmac-md5.m4, libextra/gl/m4/ld-output-def.m4,
+ libextra/gl/m4/ld-version-script.m4, libextra/gl/m4/lib-ld.m4,
+ libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
+ libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
+ libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h,
+ maint.mk: Update gnulib files.
+
+2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented addition of new priority strings.
+
+2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented Steve Dispensa's patch addition.
+
+2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/safe-renegotiation/testsrn: Added tests for new behaviour of
+ client.
+
+2010-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: Revert "Always allow initial negotiation.
+ Disable subsequent unsafe renegotiations." This reverts commit
+ 1e4981cfbec360a19cfb7470ce96093aaa95b32e. Ah, this was to twart the attack (description by Daniel Kahn
+ Gilmor): The problem, as i understand it, is that the client is
+ incapable of telling whether the plaintext prefix injection attack
+ has already happened. I don't think disabling renegotiation for the
+ session resolves the problem. For a server which does not announce and enforce safe renegotiation,
+ what the client sees as an initial connection may unknowingly
+ actually be renegotiating an existing session that was started by an
+ attacker. The concern isn't that the (legitimate) client will have their
+ session re-negotiated by an attacker; it's that the MITM attacker
+ can trick the server into viewing the client's initial
+ authentication as a re-negotiation of a TLS session already
+ underway. for servers which do odd things like apply the credentials of the
+ post-renegotiation client to the traffic that happened before the
+ renegotiation (e.g. HTTPS, with client-side certificates required
+ only for certain subdirectories), a safe-renegotiation-aware client
+ *should* refuse to connect to servers which do not announce safe
+ renegotiation if they want to resist this attack.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac: Added safe-renegotiation subdir.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_priority.c, tests/Makefile.am,
+ tests/safe-renegotiation/Makefile.am,
+ tests/safe-renegotiation/params.dh,
+ tests/safe-renegotiation/testsrn: Added safe renegotiation test
+ cases. Added priority string option to completely disable
+ renegotiation to assist in testing more cases.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Added the
+ --rehandshake option to gnutls-cli to allow connection and immediate
+ rehandshake.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c: More carefull copying of data. Check
+ for the malicious case where a server does initial unsafe
+ negotiation and proceeds with a safe renegotiation.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: Always allow initial negotiation. Disable
+ subsequent unsafe renegotiations. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_state.c: Safe renegotiation variable
+ cleanup. No longer clear variables that should stay across
+ rehandshakes.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c, lib/gnutls_cipher_int.c: Documented the
+ crypto-api functions and made the API tolerant to NULL IV.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: Added documentation of rehandshake usage
+ in gnutls if full-duplex capability is required.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: Reduced asserts to reduce unneeded
+ printings.
+
+2010-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: Removed rehandshake initiation capability
+ from client and transferred it to the echo server. Once the server
+ receives a string **REHANDSHAKE** will request a rehandshake.
+
+2010-01-19 Steve Dispensa <dispensa@phonefactor.com>
+
+ * lib/gnutls_handshake.c: Here is another patch that fixes an
+ interoperability problem with safe renegotiation and resumption. In
+ copying forward the safe renegotiation state across resumptions, I
+ got a little carried away and copied too much data (new connections
+ should start with empty RI data). Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_oprfi.c, lib/ext_session_ticket.c, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: Modified extensions
+ (session ticket, oprfi) to store internal data in gnutls internal
+ structure and input data only in the security_parameters extension
+ structure. Session ticket extension will call the user supplied hello function
+ on resumption. (the current API to handle that is inexistant. To be revised)
+
+2010-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_constate.c,
+ lib/gnutls_int.h, lib/gnutls_session_pack.c: Further cleanup the
+ extension internal structure. Now if values are not saved and
+ restored when resumming they will be initialized to zero.
+
+2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/chainverify.c, tests/crq_apis.c, tests/crq_key_id.c,
+ tests/cve-2008-4989.c, tests/dn2.c, tests/finished.c, tests/mini.c,
+ tests/pkcs12_s2k_pem.c, tests/tlsia.c, tests/x509sign-verify.c:
+ Tests compile with --enable-gcc-warnings.
+
+2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.h, lib/gnutls_constate.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_state.c, tests/resume.c, tests/simple.c: Specify in
+ detail what to be copied when resuming. It seems there are
+ extensions (like safe renegotiation) that do not need to read the
+ stored values. Moreover this might overcome any bugs by the
+ extensions that used to store pointers in the extension structure.
+
+2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c: Initialize the default value to 0.
+ It seemed to have default value of 0 when non resuming :)
+
+2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-client-tlsia.c, tests/utils.c: Removed warnings.
+
+2010-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac: Added -Wno-int-to-pointer-cast to enable compilation
+ when enable-gcc-warnings is given.
+
+2010-01-13 Steve Dispensa <dispensa@phonefactor.com>
+
+ * lib/gnutls_handshake.c: Here are two more patches. The first adds
+ support for renegotiation of resumption. Also, I found a bug in my initial implementation - I was incorrectly
+ sending the SCSV on all connections, not only those using SSLv3, as
+ should have been the case. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1:
+ Documentation updates.
+
+2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: When denying an initial negotiation due to
+ missing safe renegotiation extension reply with NO_RENEGOTIATION
+ alert.
+
+2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_handshake.c,
+ lib/includes/gnutls/gnutls.h.in, tests/resume.c: When resuming no
+ extensions were parsed thus the safe renegotiation extension was
+ ignored as well causing a false detection of unsafe session.
+ Corrected by making a special class of extensions called RESUMED.
+ Those are parsed even when resuming (normally we don't do it to
+ prevent clients overwriting capabilities and credentials).
+
+2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_safe_renegotiation.c, lib/ext_safe_renegotiation.h,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in: Added Steve
+ Dispensa's patch for safe renegotiation (with artistic changes).
+ Effectively reverted my previous patch
+ 1a338cbaaeec11d958de8da4d1ae036979fccf3e.
+
+2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: Updated thanks file.
+
+2010-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/opencdk/sig-check.c, src/certtool.c,
+ tests/openpgp-certs/Makefile.am, tests/openpgp-certs/testselfsigs:
+ When checking self signature also check the signatures of all
+ subkeys. Ilari Liusvaara noticed and reported the issue and
+ provided test vectors as well. certtool --pgp-certificate-info will check self signatures. Added self tests for self-sigs.
+
+2010-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/gc.c: hash_fast -> hmac_fast
+
+2010-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1,
+ lib/Makefile.am, lib/ext_safe_renegotiation.c,
+ lib/ext_safe_renegotiation.h, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, lib/includes/gnutls/gnutls.h.in, src/cli.c,
+ src/serv.c: Added safe renegotiation patch from Steve Dispensa,
+ modified to suit gnutls code style and error checking. Modified to
+ conform to draft-ietf-tls-renegotiation-03.txt. gnutls-cli will search input for **RENEGOTIATION** to perform a
+ renegotiation and gnutls-serv will perform one if requested.
+
+2010-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c: Corrections for --disable-extra-pki configure flag
+ to work. Patch by Bill Randle.
+
+2010-01-04 Andreas Metzler <ametzler@downhill.at.eu.org>
+
+ * ChangeLog, doc/certtool.cfg, doc/gnutls.texi, lib/gnutls_auth.c,
+ lib/gnutls_priority.c, lib/gnutls_session.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c: Typo fixes: successful, precedence, preferred
+
+2009-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c: define EALG_MAX_BLOCK_LEN if not there.
+
+2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/fipsmd5.c: use C99 initializations
+
+2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/compat.c, lib/crypto-api.c,
+ lib/crypto.c, lib/crypto.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, libextra/fipsmd5.c, src/benchmark.c: Reverted all
+ previous changes to combine hashes with MAC algorithms. It is now
+ permissible to register a hash algorithm separately from a MAC.
+
+2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
+ lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
+ lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
+ lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
+ lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
+ lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c:
+ Revert "Merged the two internal hash API functions, to simplify and
+ reduce code." This reverts commit bc3e43d5f121e404aa32212dcfcc5027de807056. Conflicts: lib/crypto.c lib/gnutls_cipher.c lib/gnutls_hash_int.c lib/gnutls_hash_int.h lib/includes/gnutls/crypto.h lib/mac-libgcrypt.c
+
+2009-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
+ lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Revert
+ "Added plain MD5 hash check and corrected gnutls_hash_fast() usage
+ in openssl.c" This reverts commit 54486afbfcf3398846d5c20d3094bdb7d0a43ff2.
+
+2009-12-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-x509-info.c: Improve example of printing cert
+ info.
+
+2009-12-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo fix. Reported by Laurence <lfinsto@gwdg.de> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4036>.
+
+2009-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/compat.c, lib/gnutls_algorithms.h: fixes for compilation.
+
+2009-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: Check return value from
+ gnutls_x509_crt_get_key_usage.
+
+2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: This is a follow-up to commit
+ 3d8da5765133c6ced37bf29b5a07f950b8c26cd7, that fixes some issues
+ with DSA and RSA certificate encoding. Due to that the shown public
+ key IDs are different than the ones in previous gnutls versions.
+
+2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c: reduced calls to gnutls_hash on
+ encryption/decryption. Only initialize MAC when needed.
+
+2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/includes/gnutls/crypto.h,
+ lib/mac-libgcrypt.c, libextra/gnutls_openssl.c, tests/gc.c: Added
+ plain MD5 hash check and corrected gnutls_hash_fast() usage in
+ openssl.c Corrected new hash API bug that prevented usage of plain
+ hash functions.
+
+2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/gnutls.texi, lib/Makefile.am, lib/compat.c,
+ lib/crypto.c, lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
+ lib/includes/gnutls/crypto.h, lib/libgnutls.map,
+ lib/opencdk/read-packet.c, lib/x509/privkey_pkcs8.c,
+ src/benchmark.c, tests/gc.c: Exported gnutls_cipher_get_block_size()
+ and all hash functions added to libgnutls.map. Expanded benchmark
+ with 3DES and ARCFOUR. Corrected test that used non-existing symbol.
+
+2009-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/m4/hooks.m4: Corrected check for cryptodev. Only enable it if
+ --enable-cryptodev is specified.
+
+2009-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c, lib/gnutls_cryptodev.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/mac-libgcrypt.c, lib/x509/mpi.c:
+ Corrected compilation issues.
+
+2009-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.ac, lib/m4/hooks.m4: Moved cryptodev check to
+ lib/m4/hooks.m4 and now --enable-cryptodev actually works.
+
+2009-11-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: Doc fix.
+
+2009-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c: corrected old type.
+
+2009-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cryptodev.c: Only include cryptodev.h if cryptodev is there.
+
+2009-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypto-api.c, lib/crypto.c, lib/crypto.h,
+ lib/ext_session_ticket.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_psk_netconf.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutls.h.in, lib/mac-libgcrypt.c,
+ lib/opencdk/dummy.c, lib/opencdk/filters.h, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/main.h, lib/opencdk/opencdk.h,
+ lib/opencdk/pubkey.c, lib/opencdk/sig-check.c,
+ lib/opencdk/verify.c, lib/x509/crq.c, lib/x509/pbkdf2-sha1.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
+ lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_int.h, libextra/fipsmd5.c, libextra/gnutls_openssl.c:
+ Merged the two internal hash API functions, to simplify and reduce
+ code. gnutls_hmac* and gnutls_hash* were merged to gnutls_hash API.
+
+2009-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore, configure.ac, lib/Makefile.am, lib/crypto-api.c,
+ lib/crypto.c, lib/cryptodev.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cryptodev.h, lib/gnutls_errors.c, lib/gnutls_global.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/libgnutls.map, src/Makefile.am, src/benchmark.c: Added cryptodev
+ support (/dev/crypto). Tested with
+ http://www.logix.cz/michal/devel/cryptodev/. Added benchmark
+ utility for AES. Exported API to access encryption algorithms.
+
+2009-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented certtool's certificate request generation fix.
+
+2009-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c: Corrected two issues that affected certificate
+ request generation. 1. Null padding is added on integers (found thanks to Wilankar
+ Trupti <trupti.wilankar@hp.com>) 2. In optional SignatureAlgorithm parameters field for DSA keys the
+ DSA parameters were added. Those were rejected by verisign. Gnutls
+ no longer adds those parameters there since other implementations
+ don't do either and having them does not seem to offer anything
+ (anyway you need the signer's certificate to verify thus public key
+ will be available).
+
+2009-11-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am, tests/key-id/key-id,
+ tests/nist-pkits/gnutls_test_entry, tests/x509paths/chain: More
+ fixes of grep -q problem.
+
+2009-11-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Allow exporting of Certificate requests to DER
+ format. Added option --no-crq-extensions to avoid adding extensions
+ to a request.
+
+2009-11-23 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rfc2253-escape-test: Don't use 'grep -q', to fix portability
+ to OpenSolaris. Reported by "Dr. David Kirkby" <david.kirkby@onetel.net> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3993>.
+
+2009-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/guile.texi: Doc fix.
+
+2009-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/intprops.h, gl/m4/sys_stat_h.m4,
+ gl/m4/unistd_h.m4, gl/sys_stat.in.h, gl/unistd.in.h,
+ gl/version-etc.c, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/sys_stat.in.h,
+ lib/gl/tests/intprops.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
+ files.
+
+2009-11-09 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-11-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.9.
+
+2009-11-09 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/pmccabe2html, gl/Makefile.am, gl/getpagesize.c,
+ gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4, gl/tests/test-fseeko.c,
+ lib/gl/Makefile.am, lib/gl/getpagesize.c, lib/gl/m4/getpagesize.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/tests/test-fseeko.c: Update gnulib
+ files.
+
+2009-11-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-11-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Cleanup header inclusion.
+
+2009-11-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: More dead code removed. Based on
+ suggestions by Steve Grubb and Tomaz Mraz
+
+2009-11-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-11-06 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, m4/valgrind.m4: Fix --disable-valgrind-tests.
+
+2009-11-06 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/Makefile.am: Update gnulib files.
+
+2009-11-06 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4, maint.mk: Update
+ gnulib files.
+
+2009-11-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Link to libgcrypt explicitly when libgcrypt
+ functions are used.
+
+2009-11-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c, src/serv.c: Fix libgcrypt usage.
+
+2009-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: Simplified code which was based on older
+ version of internal structures. Based on observations by Steve
+ Grubb and Tomas Mraz.
+
+2009-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Corrected bug fix author.
+
+2009-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented previous commit.
+
+2009-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_sig.c,
+ libextra/gnutls_openssl.c, src/certtool.c, src/cfg/cfg+.c,
+ src/cfg/platon/str/strdyn.c, src/serv.c: Cleanups and several bug
+ fixes found by Tomas Mraz. "I've patched the following problems in the code found by review of
+ gnutls-2.8.5 code done by Steve Grubb. See the patch attached. The gnutls_constate.c bug might be potentially serious so I've
+ decided to mail it to you directly, not to the public mailing list. The auth_cert.c change is just cleanup of the code. In gnutls_openssl.c I've just fixed the potential crasher, correct
+ fix would require using asprintf or precomputed length of the buffer
+ to allocate a memory. The certtool.c change is again just a cleanup."
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.8.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gl/tests/test-func.c: Update gnulib files.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
+ gl/tests/Makefile.am, gl/tests/test-inet_ntop.c,
+ gl/tests/test-inet_pton.c, gl/tests/test-sys_socket.c,
+ lib/gl/tests/test-func.c, lib/gl/tests/test-sys_socket.c,
+ libextra/gl/md5.c: Update gnulib files.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/m4/hooks.m4: Make sure libgcrypt's dependency on libgpg-error
+ is known.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Fix API name change.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix API name change.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-cert-select.c, doc/examples/ex-client-psk.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, guile/src/core.c, lib/auth_cert.c,
+ lib/auth_dhe.c, lib/auth_rsa_export.c, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/auth_srp_rsa.c, lib/ext_cert_type.c,
+ lib/ext_server_name.c, lib/ext_session_ticket.c,
+ lib/ext_signature.c, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_mpi.c, lib/gnutls_priority.c,
+ lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
+ lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_str.c,
+ lib/gnutls_supplemental.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
+ lib/minitasn1/decoding.c, lib/opencdk/armor.c, lib/opencdk/keydb.c,
+ lib/opencdk/literal.c, lib/opencdk/misc.c,
+ lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c,
+ lib/opencdk/verify.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/verify.c, lib/x509/x509_write.c,
+ libextra/gl/md5.c, libextra/gnutls_openssl.c, src/certtool-cfg.c,
+ src/cli.c, src/common.c, src/crypt.c, src/psk.c, src/serv.c,
+ tests/anonself.c, tests/chainverify.c, tests/crq_apis.c,
+ tests/cve-2008-4989.c, tests/cve-2009-1415.c, tests/dhepskself.c,
+ tests/dn2.c, tests/finished.c, tests/hostname-check.c,
+ tests/mini-eagain.c, tests/mini.c, tests/nul-in-x509-names.c,
+ tests/openpgpself.c, tests/oprfi.c, tests/pkcs12_encode.c,
+ tests/pkcs12_s2k.c, tests/pkcs12_s2k_pem.c, tests/pskself.c,
+ tests/resume.c, tests/tlsia.c, tests/x509_altname.c,
+ tests/x509dn.c, tests/x509self.c, tests/x509sign-verify.c,
+ tests/x509signself.c: Indent code.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-cert-select.c, src/cli.c: Fix API name change.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am, lib/ext_signature.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map: Fix NEWS blurb.
+ Shorten new API name.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_signature.c: Doc fix, add Since tag.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_signature.c: Indent code.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4: Fix compile error. Tiny patch by Brad Hards <bradh@frogmouth.net> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3943>.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_signature.c: Fix compile errors. Tiny patch from Brad Hards <bradh@frogmouth.net> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3942>.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c: Fix compile errors. Tiny patch from Brad Hards <bradh@frogmouth.net> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3941>.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/stdlib_h.m4, gl/stdlib.in.h,
+ gl/tests/test-getaddrinfo.c, lib/gl/Makefile.am,
+ lib/gl/m4/stdlib_h.m4, lib/gl/stdlib.in.h: Update gnulib files.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/vi.po.in: Sync with TP.
+
+2009-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am, src/Makefile.am, tests/Makefile.am: Use
+ INET_NTOP_LIB and INET_PTON_LIB.
+
+2009-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/pmccabe2html, build-aux/useless-if-before-free,
+ gl/m4/fseeko.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
+ gl/m4/inet_pton.m4, gl/m4/pmccabe2html.m4, gl/m4/ungetc.m4,
+ gl/sockets.c, gl/stdio.in.h, gl/sys_stat.in.h,
+ gl/tests/test-arpa_inet.c, gl/tests/test-getaddrinfo.c,
+ gl/tests/test-getdelim.c, gl/tests/test-getline.c,
+ gl/tests/test-gettimeofday.c, gl/tests/test-memchr.c,
+ gl/tests/test-netinet_in.c, gl/tests/test-select-stdin.c,
+ gl/tests/test-select.c, gl/tests/test-sockets.c,
+ gl/tests/test-stddef.c, gl/tests/test-stdint.c,
+ gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
+ gl/tests/test-strerror.c, gl/tests/test-string.c,
+ gl/tests/test-sys_select.c, gl/tests/test-sys_socket.c,
+ gl/tests/test-sys_stat.c, gl/tests/test-sys_time.c,
+ gl/tests/test-time.c, gl/tests/test-unistd.c,
+ gl/tests/test-version-etc.c, gl/tests/test-wchar.c,
+ lib/gl/m4/fseeko.m4, lib/gl/m4/ungetc.m4, lib/gl/sockets.c,
+ lib/gl/stdio.in.h, lib/gl/sys_stat.in.h,
+ lib/gl/tests/test-memchr.c, lib/gl/tests/test-sockets.c,
+ lib/gl/tests/test-stddef.c, lib/gl/tests/test-stdint.c,
+ lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
+ lib/gl/tests/test-string.c, lib/gl/tests/test-strverscmp.c,
+ lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
+ lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
+ lib/gl/tests/test-wchar.c, libextra/gl/md5.c, maint.mk: Update
+ gnulib files.
+
+2009-11-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-11-02 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Fix time bomb in chainverify self-test. Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented change for certificate retrieval callbacks.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: do not use gnutls_x509_crt_get_signature_algorithm() on
+ null certificates.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: Do not check signature algorithms for certificate
+ selection when using openpgp certificates.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/gnutls-cli.1: Avoid code duplication by using all the
+ functions defined in gnutls_algorithms to map from TLS 1.2 signature
+ algorithm numbers to gnutls signature algorithms. Added minimal documentation for SIGN-* in gnutls-cli priority
+ strings. Corrected bug in signature algorithm extension generation.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/ext_signature.c,
+ lib/ext_signature.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_int.h, lib/gnutls_sig.c: Avoid
+ code duplication by using all the functions defined in
+ gnutls_algorithms to map from TLS 1.2 signature algorithm numbers to
+ gnutls signature algorithms. Added minimal documentation for SIGN-* in gnutls-cli priority
+ strings. Corrected bug in signature algorithm extension generation.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
+ lib/auth_srp_rsa.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Rationalized
+ function names for signature generation and verification during
+ handshake. _gnutls_tls_sign_hdata ->
+ _gnutls_handshake_sign_cert_vrfy _gnutls_verify_sig_hdata ->
+ _gnutls_handshake_verify_cert_vrfy _gnutls_tls_sign_params ->
+ _gnutls_handshake_sign_data _gnutls_verify_sig_params ->
+ _gnutls_handshake_verify_data
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_signature.c: Do not output error if a server replies with
+ a SignatureAlgorithms extension.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/dn2.c, tests/pathlen/ca-no-pathlen.pem: RSA_SHA -> RSA_SHA1
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Documented memory leak fix.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/examples/ex-cert-select.c, doc/gnutls.texi,
+ lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_alert.c,
+ lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map, src/cli.c: Final
+ touch on signature algorithms in TLS 1.2 support. Added function
+ gnutls_session_sign_algorithm_get_requested() for callbacks to be
+ able to verify they return a correct certificate as well as
+ documentation for its usage.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_cert.c, lib/auth_cert.h,
+ lib/ext_signature.c, lib/ext_signature.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_errors.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_x509.c,
+ lib/includes/gnutls/gnutls.h.in, lib/openpgp/gnutls_openpgp.c:
+ Improved TLS 1.2 support. Added support for the SignatureAlgorithm
+ extension as well for the SignatureAlgorithm in certificate request. Limitation for TLS 1.2 clients: Only SHA1 or SHA256 are supported for generating signatures in
+ certificate verify message. That is to avoid storing all handshake
+ messages in memory. To be reconsidered in the future.
+
+2009-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: fixes in order to compile with -Werror
+
+2009-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c, lib/gnutls_cipher.c: remove unnessesary
+ warning.
+
+2009-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c: correctly check extension size.
+
+2009-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_handshake.c: When resuming a session do not
+ overwrite the initial session data with resumed session data.
+ Discovered on discussion at help-gnutls with Sebastien Decugis.
+
+2009-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_handshake.c, src/certtool.c: Fix
+ code style so it compiles with gcc 4.4 with warnings.
+
+2009-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/sys_stat_h.m4, gl/sys_stat.in.h,
+ lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4, lib/gl/sys_stat.in.h:
+ Update gnulib files.
+
+2009-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Drop unknown mini-hfail.
+
+2009-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-10-25 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/gnutls_handshake.c: Enable ClientHello to carry arbitrary
+ length extension data.
+
+2009-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/pkcs12.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/x509_int.h,
+ src/certtool.c: Added GNUTLS_BAG_SECRET that adds support for
+ storing a randomly generated key into a PKCS-12 structure. This is a
+ gnutls extension, since PKCS-12 does not specify what should be in
+ the secret bag. What we do is store the key as OCTET string and
+ specify an OID of the PKCS-9 random nonce.
+
+2009-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/privkey_pkcs8.c: Corrected warnings in picky
+ compilers and rearanged code.
+
+2009-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/certtool.1, lib/cipher-libgcrypt.c,
+ lib/gnutls_algorithms.c, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/x509_int.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added support for the AES family
+ of ciphers in the PKCS8 and 12 encryption options.
+
+2009-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: Do not print auto-generated files.
+
+2009-10-23 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2009-10-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutlsxx.cpp: Fix forgotten braces. Reported by Jason Pettiss <jpettiss@yahoo.com>.
+
+2009-10-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutlsxx.cpp: Indent code.
+
+2009-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_sig.c, lib/gnutls_state.c: 1. Fix for memory leaks on interrupted handshake. 2. Fixes issue where a TLS 1.2 client will wrongly calculate hashes
+ if the server will select a different than 1.2 protocol. 3. In TLS 1.2 when a certificate request is sent, support is not
+ complete. In that case abort the handshake. By checking TLS 1.2 it
+ seems that the algorithms to be used for the signature in the
+ certificate verify message are negotiated not at the client/server
+ hello messages but rather selected by the server at the certificate
+ request. This might not look as bad, but since in this message we
+ have to sign all previous handshake messages, it forces us to keep
+ all the handshake messages into a buffer until this point... I don't
+ know who proposed this change to the TLS WG, but it seems it wasn't
+ really thought of.
+
+2009-10-20 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Fix expired cert.
+
+2009-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Make sure we use libgcrypt correctly.
+
+2009-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/time_h.m4: Update gnulib files.
+
+2009-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/sys_stat_h.m4,
+ gl/sys_stat.in.h, gl/tests/Makefile.am, gl/tests/test-sys_stat.c,
+ gl/tests/test-time.c, gl/time.in.h, gl/unistd.in.h,
+ lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/sys_stat_h.m4, lib/gl/sys_stat.in.h,
+ lib/gl/tests/test-sys_stat.c, lib/gl/unistd.in.h: Update gnulib
+ files.
+
+2009-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutlsxx.map: Export C++ symbol visibility. Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.
+
+2009-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pkix_asn1_tab.c: Regenerate.
+
+2009-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12_encode.c: Fix MAC password.
+
+2009-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12_encode.c: Use better friendly names.
+
+2009-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/pkcs12_encode.c: Add self test to test
+ PKCS#12 functions.
+
+2009-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pkix.asn: Work around 'Cannot find OID: 1.2.840.113549.1.9.21'
+ PKCS#12 problem. Reported by Michael Welsh Duggan <mwd@cert.org> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1786>.
+
+2009-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Mention that sometimes CA certs needs to be
+ included in PKCS#12 files. Reported by Ivars Suba <Ivars.Suba@bank.lv>.
+
+2009-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: After setting priorities using new API,
+ update current TLS version.
+
+2009-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.7.
+
+2009-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4,
+ gl/m4/unistd_h.m4, gl/progname.c, gl/stdio.in.h, gl/unistd.in.h,
+ lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/stdio.in.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
+ files.
+
+2009-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutlsxx.map: Fix symbol export rules. Tiny patch by Boyan Kasarov <bkasarov@gmail.com>.
+
+2009-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutlsxx.cpp: Include config.h. Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.
+
+2009-10-01 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/gnutls_sig.c: Reserve enough room for hash buffers. This fixes x509self self-test.
+
+2009-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
+ gl/tests/Makefile.am, gl/unistd.in.h, lib/gl/Makefile.am,
+ lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/tests/Makefile.am, lib/gl/unistd.in.h: Update gnulib files.
+
+2009-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Attempt to negotiate TLS 1.2 by default.
+
+2009-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c: Fix comment.
+
+2009-09-30 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
+ lib/auth_srp_rsa.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Fix
+ server-side TLS 1.2 support.
+
+2009-09-30 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/gnutls_sig.c: Calculate DER-encoded DigestInfo on-the-fly
+ rather than hard code it.
+
+2009-09-28 Ludovic Courtès <ludo@gnu.org>
+
+ * configure.ac, guile/src/core.c: guile: Adjust for Guile 1.9.3+. * guile/src/core.c (mark_session_record_port,
+ free_session_record_port): Conditionalize on `SCM_MAJOR_VERSION == 1
+ && SCM_MINOR_VERSION <= 8'. (scm_init_gnutls_session_record_port_type): Adjust accordingly. (make_session_record_port): Use `scm_gc_malloc_pointerless ()'
+ when available.
+
+2009-09-28 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/core.c: guile: Syntactic nitpicking. * guile/src/core.c (SCM_GNUTLS_MAKE_SESSION_DATA, SCM_GNUTLS_SET_SESSION_RECORD_PORT): Remove extraneous semicolon.
+
+2009-09-28 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/core.c: guile: Use Guile's malloc routines. * guile/src/core.c (scm_init_gnutls): Use Guile's malloc routines.
+
+2009-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_server_name.c: Clarify gnutls_server_name_set usage. Reported by Daniel Black <daniel@cacert.org> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3878>.
+
+2009-09-23 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/core.c: Fix integer/pointer cast warnings in the Guile
+ bindings on x86_64. * guile/src/core.c (do_fill_port, fill_session_record_port_input, scm_gnutls_set_session_transport_fd_x): Make sure pointer/integer
+ casts use integers of the right size.
+
+2009-09-23 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/extra.c: Update Guile bindings to the current OpenPGP
+ API. * guile/src/extra.c (scm_gnutls_openpgp_certificate_id, scm_gnutls_openpgp_certificate_id_x): Use the newer `gnutls_openpgp_crt_get_key_id ()'.
+
+2009-09-23 Ludovic Courtès <ludo@gnu.org>
+
+ * doc/Makefile.am, guile/src/Makefile.am, guile/tests/Makefile.am:
+ Turn off auto-compilation when using Guile 1.9+. * guile/src/Makefile.am (GUILE_FOR_BUILD): Turn off auto-compilation with Guile 1.9+. * guile/tests/Makefile.am (TESTS_ENVIRONMENT): Likewise. * doc/Makefile.am (GUILE_FOR_BUILD): Likewise.
+
+2009-09-23 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/core.c, guile/src/errors.c, guile/src/extra.c,
+ guile/src/utils.c, guile/src/utils.h: Fix inclusion of <config.h> in
+ Guile bindings. * guile/src/core.c, guile/src/errors.c, guile/src/extra.c, guile/src/utils.c: Include <config.h> first, as suggested by Simon Josefsson. * guile/src/utils.h: Don't include <config.h>.
+
+2009-09-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/unistd.in.h, lib/gl/unistd.in.h: Update gnulib files.
+
+2009-09-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-09-22 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh: Chmod.
+
+2009-09-22 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-09-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.6.
+
+2009-09-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/getdelim.m4, gl/m4/stdio_h.m4,
+ gl/m4/stdlib_h.m4, gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4,
+ gl/stdio.in.h, gl/stdlib.in.h, gl/sys_stat.in.h, gl/unistd.in.h,
+ lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/stdlib_h.m4,
+ lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4, lib/gl/stdio.in.h,
+ lib/gl/stdlib.in.h, lib/gl/sys_stat.in.h, lib/gl/unistd.in.h,
+ maint.mk: Update gnulib files.
+
+2009-09-13 Brad Hards <bradh@frogmouth.net>
+
+ * lib/x509/x509.c: Add forgotten documentation bits for issuer
+ altname Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, gl/m4/getaddrinfo.m4, gl/m4/getline.m4,
+ gl/m4/readline.m4, gl/m4/select.m4, gl/m4/sockets.m4,
+ gl/m4/socklen.m4, gl/m4/sockpfaf.m4, lib/gl/m4/sockets.m4,
+ lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4, lib/gl/m4/time_r.m4:
+ Update gnulib files.
+
+2009-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cipher.c: Add debug message. Tiny patch from Miroslav
+ Kratochvil <exa.exa@gmail.com> in
+ <http://thread.gmane.org/gmane.network.gnutls.general/1758>.
+
+2009-09-11 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/Makefile.am: Fix out-of-tree build. Fix out-of-tree build; gnutls.h is generated in the build tree.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/m4/hooks.m4: Enable Camellia by default.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.5.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Bump version.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/stdio_h.m4, gl/m4/string_h.m4,
+ gl/m4/sys_stat_h.m4, gl/m4/unistd_h.m4, gl/stdio.in.h,
+ gl/string.in.h, gl/sys_stat.in.h, gl/unistd.in.h,
+ lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/m4/string_h.m4,
+ lib/gl/m4/sys_stat_h.m4, lib/gl/m4/unistd_h.m4, lib/gl/stdio.in.h,
+ lib/gl/string.in.h, lib/gl/sys_stat.in.h, lib/gl/unistd.in.h,
+ maint.mk: Update gnulib files.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/m4/hooks.m4: Bump library version for new APIs.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c, lib/x509/x509.c: Indent.
+
+2009-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Move the new ABIs to the GNUTLS_2_10 section.
+
+2009-09-09 Brad Hards <bradh@frogmouth.net>
+
+ * doc/manpages/Makefile.am, lib/includes/gnutls/x509.h,
+ lib/libgnutls.map, lib/x509/output.c, lib/x509/x509.c,
+ tests/Makefile.am, tests/x509_altname.c: Add X509 Issuer Altname
+ functions Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-09-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/key-id/key-id: Don't use ! to negate exit status. Reported
+ by "Tom G. Christensen" <tgc@jupiterrise.com> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3861>.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/close.c, gl/inet_ntop.c, gl/inet_pton.c,
+ gl/m4/sys_stat_h.m4, gl/sys_stat.in.h, gl/tests/Makefile.am,
+ gl/unistd.in.h, lib/gl/Makefile.am, lib/gl/m4/sys_stat_h.m4,
+ lib/gl/sys_stat.in.h, lib/gl/unistd.in.h, maint.mk: Update gnulib
+ files.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/configure.ac, lib/m4/hooks.m4, libextra/configure.ac:
+ Bump versions.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Commit cyclo/ dir too.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.4.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check.c: Build when OpenPGP is disabled.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix!
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Typo.
+
+2009-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Ugly hack for autobuilder.
+
+2009-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Use SHA256 as MAC by default.
+
+2009-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-09-01 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/gnutls_algorithms.c: Add SHA-2 cipher suites. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-09-01 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/debug.c: Print NewSessionTicket handshake. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Handle XMPP SANs properly. Reported by Howard
+ Chu <hyc@symas.com> in <https://savannah.gnu.org/support/?106975>.
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_dhe.c: Need another header.
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS, NEWS: Add.
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Add comment explaining where magic values
+ come from.
+
+2009-08-31 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/auth_cert.c: Fix parsing Certificate Request for TLS 1.2. Fix the logic to skip supported_signature_algorithms in Certificate
+ Request. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-31 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_state.c: Use
+ SHA256 for PRF if TLS 1.2. Use SHA256 for the basis of PRF, and for the hash over handshake
+ messages. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-31 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/auth_dhe.c, lib/auth_rsa_export.c, lib/auth_srp_rsa.c,
+ lib/gnutls_sig.c, lib/gnutls_sig.h: Respect TLS signature algorithm
+ in server KX. Verify signature of DH parameters in Server Key Exchange with the
+ embedded signature algorithm. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-31 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_int.h: Add functions for TLS signature algorithm. Add functions to convert TLS signature algorithm from/to constants
+ defined by GnuTLS. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2009-08-25 Fabian Keil <fk@fabiankeil.de>
+
+ * src/serv.c: Remove dead store in listen_socket(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-25 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/gnutls_buffers.c: Remove dead store in
+ _gnutls_io_write_buffered(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/x509/x509.c: Remove dead store in
+ gnutls_x509_crt_list_import(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/auth_srp_passwd.c: Remove dead store in pwd_put_values(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * src/certtool.c: Remove dead store in pkcs12_info(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-25 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/auth_cert.c: Remove write-only variable info in
+ _gnutls_proc_cert_cert_req(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-25 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/auth_rsa_export.c: Remove write-only variable info in
+ gen_rsa_export_server_kx(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-25 Fabian Keil <fk@fabiankeil.de>
+
+ * src/cfg/shared.c: Remove write-only variable sep_ar_idx in
+ split_multi_arg(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/x509/pkcs12.c: Remove write-only variable tmp_size in
+ _pkcs12_decode_safe_content(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-29 Fabian Keil <fk@fabiankeil.de>
+
+ * THANKS: Remove duplicates. Two exact ones and a pretty close one. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-25 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/auth_srp_passwd.c: Mark what looks like a bug in in
+ _gnutls_srp_pwd_read_entry() Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * src/crypt.c: In main(), rename salt to salt_size and don't bother
+ reading info.salt which we don't use anyway. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/misc.c: (cdk_strlist_next): Handle NULL root value better. Based on report
+ by Fabian Keil <fk@fabiankeil.de>.
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/x509/output.c: In print_extensions(), declare the *_idx
+ variables as int instead of size_t. While it shouldn't make a difference, it makes more sense to me.
+ It's also consistent with (at least) print_crl(). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/x509/output.c: In print_extensions(), initialize *_idx
+ variables once before entering the for loop instead of each run. Otherwise checking them is pointless as they always will be zero. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/x509/output.c: In print_crq(), initialize challenge and
+ extensions once before entering the for loop instead of each run. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Fabian Keil <fk@fabiankeil.de>
+
+ * lib/x509/output.c: In print_crl(), initialize aki_idx and crl_nr
+ once before entering the for loop instead of each run. Otherwise the "error: more than one AKI extension\n" and "error:
+ more than one CRL number\n" checks want work. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509dn.c: Likewise.
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509dn.c: Don't use deprecated type.
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Overwrite gettext's size_max.m4 to make sure we use one
+ that works.
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/stdlib_h.m4,
+ gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4, gl/progname.c,
+ gl/stdlib.in.h, gl/sys_socket.in.h, gl/tests/Makefile.am,
+ gl/unistd.in.h, gl/vasnprintf.c, lib/gl/Makefile.am,
+ lib/gl/m4/stdlib_h.m4, lib/gl/m4/sys_socket_h.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/stdlib.in.h, lib/gl/sys_socket.in.h,
+ lib/gl/tests/test-func.c, lib/gl/unistd.in.h, lib/gl/vasnprintf.c,
+ libextra/gl/override/lib/md5.c.diff: Update gnulib files.
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_str.h, lib/opencdk/Makefile.am,
+ lib/x509/privkey_pkcs8.c, libextra/configure.ac: Fix use of
+ deprecated types, for now and the future.
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Fix gnutls_datum usage.
+
+2009-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_pk.c, lib/gnutls_str.c,
+ lib/gnutls_x509.c, lib/includes/gnutls/gnutls.h.in,
+ lib/opencdk/pubkey.c, lib/openpgp/gnutls_openpgp.c,
+ lib/x509/common.c, lib/x509/extensions.c, lib/x509/mpi.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509_write.c, src/certtool.c,
+ tests/openpgp_test.c, tests/resume.c, tests/x509_test.c,
+ tests/x509dn.c, tests/x509sign-verify.c: Fix deprecated usage of
+ gnutls_datum.
+
+2009-08-27 Dan Fandrich <dan@coneharvesters.com>
+
+ * lib/opencdk/new-packet.c, lib/opencdk/packet.h,
+ lib/opencdk/pubkey.c, lib/opencdk/read-packet.c,
+ lib/opencdk/stream.c, lib/opencdk/stream.h, lib/opencdk/verify.c,
+ lib/x509/crq.c: Fix compiler warning bugs for OpenWatcom. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-25 Daiki Ueno <ueno@unixuser.org>
+
+ * tests/resume.c: Fix double-free Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * .gitattributes: Disable whitespace for file that need it.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check.c: Add check of OpenPGP cert too.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gl/override/lib/md5.c.diff: Work around whitespace commit
+ hook.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/stdio_h.m4, gl/select.c, gl/stdio.in.h,
+ lib/gl/Makefile.am, lib/gl/m4/stdio_h.m4, lib/gl/stdio.in.h,
+ maint.mk: Update gnulib files.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gl/gnulib.mk, libextra/gl/m4/gnulib-cache.m4,
+ libextra/gl/md5.c, libextra/gl/override/lib/md5.c.diff: Reduce stack
+ usage and remove code.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Remove unused constant.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Reduce stack usage.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/pgp.c: Fix OpenPGP hostname comparison.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/output.c, lib/openpgp/pgp.c: Reduce stack usage.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Reduce stack usage.
+
+2009-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_m4_quote_check, lib/gnutls_sig.c,
+ lib/opencdk/write-packet.c: Fix syntax-check nits.
+
+2009-08-20 Daiki Ueno <ueno@unixuser.org>
+
+ * lib/libgnutls.map, lib/opencdk/keydb.c, tests/dn2.c, tests/mpi.c,
+ tests/resume.c: Fix memleaks. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix references.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Also commit devel/ web pages.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Fix ChangeLog.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.3.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_session_ticket.c: Typo.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_sig.c: Need gnutls_algorithms.h for prototypes.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2009-08-18 Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+ * lib/auth_cert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_sig.c, lib/gnutls_state.c:
+ Replace explicit version checks with feature checks Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Reformat paragraphs.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am, src/cli-gaa.c, src/cli-gaa.h,
+ src/serv-gaa.c, src/serv-gaa.h: Generated.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add cross reference.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml, lib/ext_session_ticket.c: Fix
+ GTK-DOC output.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Fix namespace of new APIs.
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_session_ticket.c, lib/gnutls_extensions.c,
+ lib/gnutls_session_pack.c: Fix whitespace.
+
+2009-08-19 Daiki Ueno <ueno@unixuser.org>
+
+ * doc/TODO, lib/Makefile.am, lib/ext_session_ticket.c,
+ lib/ext_session_ticket.h, lib/gnutls_constate.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_session_pack.c, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/libgnutls.map,
+ lib/m4/hooks.m4, src/cli.c, src/cli.gaa, src/serv.c, src/serv.gaa,
+ tests/resume.c: session ticket support Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix indent rule.
+
+2009-08-19 Daiki Ueno <ueno@unixuser.org>
+
+ * doc/gnutls.texi: internals doc update Hi, When I wrote SessionTicket extension I referred to the manual node
+ "Adding a New TLS Extension", and noticed that it is not up to date.
+ So, here is a patch. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * gl/stdio.in.h, lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/memmove.m4, lib/gl/memmove.c,
+ lib/gl/stdio.in.h, maint.mk: Update gnulib files.
+
+2009-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/stddef_h.m4, lib/gl/m4/stddef_h.m4: Update gnulib files.
+
+2009-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Don't ignore gl/ files!
+
+2009-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/test-stddef.c, lib/gl/tests/test-stddef.c: Update gnulib
+ files.
+
+2009-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/wchar.m4,
+ gl/stddef.in.h, gl/stdlib.in.h, gl/string.in.h,
+ gl/tests/Makefile.am, gl/tests/test-stdio.c,
+ gl/tests/test-stdlib.c, gl/tests/test-string.c,
+ gl/tests/test-unistd.c, gl/tests/test-wchar.c, gl/unistd.in.h,
+ lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4, lib/gl/m4/wchar.m4,
+ lib/gl/stddef.in.h, lib/gl/stdlib.in.h, lib/gl/string.in.h,
+ lib/gl/tests/Makefile.am, lib/gl/tests/test-stdio.c,
+ lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
+ lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
+ lib/gl/tests/test-wchar.c, lib/gl/time.in.h, lib/gl/unistd.in.h,
+ maint.mk: Update gnulib files.
+
+2009-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.2.
+
+2009-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add 2.8.3 entry.
+
+2009-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/close.m4, gl/m4/fclose.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_socket_h.m4,
+ gl/m4/unistd_h.m4, gl/tests/Makefile.am, gl/tests/sys_ioctl.in.h,
+ gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
+ gl/tests/test-string.c, gl/tests/test-unistd.c,
+ gl/tests/test-version-etc.sh, gl/unistd.in.h, gl/vasnprintf.c,
+ lib/gl/Makefile.am, lib/gl/m4/sys_socket_h.m4,
+ lib/gl/m4/threadlib.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
+ lib/gl/tests/test-string.c, lib/gl/tests/test-unistd.c,
+ lib/gl/unistd.in.h, lib/gl/vasnprintf.c: Update gnulib files.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/test-version-etc.sh: Update gnulib files.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/test-version-etc.sh: Update gnulib files.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Don't generate gzip archives.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/gnutls_buffers.c, lib/gnutls_int.h,
+ lib/io_debug.h: Remove io_debug.h stuff, it is superseded by
+ self-tests like mini-eagain.c.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: (gnutls_x509_crt_import): Re-initialize the ASN.1 structure. If this is not done here, the next certificate loading may fail
+ because asn1_der_decoding modified the ASN.1 structure. Triggered
+ by the hostname-check self-test.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Revert "Always build vc checkouts with debugging." This reverts commit b68235be4d1ff7739456e0c5d8c28c6e96e15a14. It
+ breaks because -Wdisabled-optimizations will cause an error when
+ optimizations are disabled.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Always build vc checkouts with debugging.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check.c: Fix.
+
+2009-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check.c: Add another SAN/CN collision test.
+ Reported by Daniel Stenberg <daniel@haxx.se> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1735>.
+
+2009-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check.c: Fix logic.
+
+2009-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check.c: Test when SAN and CN differs. Inspired by
+ report by Daniel Stenberg <daniel@haxx.se> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1734>.
+
+2009-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am, libextra/gl/m4/sockets.m4: Use include
+ instead of copy.
+
+2009-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gl/m4/sockets.m4: Add, needed for -lws2_32 in libextra.
+
+2009-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/m4/hooks.m4: Add.
+
+2009-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Doc fix.
+
+2009-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_psk.c,
+ lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_x509.c,
+ lib/openpgp/gnutls_openpgp.c, lib/openpgp/pgp.c,
+ libextra/gnutls_ia.c: Fix typos in documentation. Reported by Daiki
+ Ueno <ueno> in <https://savannah.gnu.org/support/?106969>.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4, gl/m4/sys_select_h.m4, gl/stdio-write.c,
+ gl/sys_select.in.h, gl/tests/gettimeofday.c,
+ gl/tests/test-sys_select.c, gl/tests/test-version-etc.sh,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/stdio-write.c, maint.mk: Update
+ gnulib files.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Need to add LIBSOCKET because we link to
+ ../lib's gnulib library, for mingw.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/cs.po.in, lib/po/fr.po.in, lib/po/nl.po.in,
+ lib/po/pl.po.in, lib/po/sv.po.in: Sync with TP.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add 2.8.x news entries.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix usage.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Copy cyclomatic code complexity charts too.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Look only for latest _required_
+ libgcrypt/libtasn1 version. Reported by Marco d'Itri <md@linux.it> via Andreas Metzler
+ <ametzler@downhill.at.eu.org> as Debian BTS #540449.
+
+2009-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit c529f792e4c899080eb1f6e104c8552fa0770356 Author: Nikos
+ Mavrogiannopoulos <nmav@gnutls.org> Date: Sat Aug 8 09:06:57 2009
+ +0300
+
+2009-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Check for NUL in SANs and replace accordingly.
+
+2009-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/hostname-check.README,
+ tests/hostname-check.c: Move comment into source.
+
+2009-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Refuse to return DNs with embedded NULs which
+ breaks other code. Problem published by Dan Kaminsky and Moxie Marlinspike at
+ BlackHat09.
+
+2009-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Revert everything since last release, to allow
+ minimal patch to be applied.
+
+2009-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Fix invocation of rfc2253-escape-test. Reported by Brad Hards <bradh@frogmouth.net> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3750>.
+
+2009-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/vc-list-files, gl/Makefile.am, gl/error.c, gl/fseeko.c,
+ gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4, gl/m4/stdio_h.m4,
+ gl/m4/unistd_h.m4, gl/socket.c, gl/sockets.c, gl/stdio.in.h,
+ gl/tests/Makefile.am, gl/tests/test-select.c,
+ gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
+ gl/tests/test-string.c, gl/tests/test-unistd.c,
+ gl/tests/test-version-etc.c, gl/tests/test-version-etc.sh,
+ gl/unistd.in.h, gl/version-etc.c, gl/version-etc.h,
+ lib/gl/Makefile.am, lib/gl/fseeko.c, lib/gl/m4/iconv.m4,
+ lib/gl/m4/lib-link.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/time_h.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/sockets.c, lib/gl/stdio.in.h,
+ lib/gl/tests/test-stdio.c, lib/gl/tests/test-stdlib.c,
+ lib/gl/tests/test-string.c, lib/gl/tests/test-unistd.c,
+ lib/gl/time.in.h, lib/gl/unistd.in.h, libextra/gl/m4/lib-link.m4,
+ libextra/gl/md5.h, maint.mk: Update gnulib files.
+
+2009-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/rfc2253-escape-test: Add self-test of RFC
+ 2253 escaping.
+
+2009-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Simplify and fix mem leak.
+
+2009-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Don't use fixed size buffer for strings.
+
+2009-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nul-in-x509-names.c: Exit with failure on failure.
+
+2009-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nul-in-x509-names.c: Fix output.
+
+2009-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c: Cleanup code.
+
+2009-08-04 Tomas Hoger <thoger@redhat.com>
+
+ * lib/gnutls_str.c, lib/gnutls_str.h, lib/openpgp/pgp.c,
+ lib/x509/rfc2818_hostname.c: GnuTLS vs. NULL chars in CNs Check cert name size in _gnutls_hostname_compare() This is needed to protect against NULL (\0) characters embedded
+ in X509 certificates' CNs or subjectAltNames, that can be used
+ to fool SSL certificate verification as was demonstrated by Moxie
+ Marlinspike on BH USA 2009:
+ http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#MarlinspikeSigned-off-by: Simon Josefsson <simon@josefsson.org>
+
+2009-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/nul-in-x509-names.c: Add self-test for
+ NUL in X.509 CN/SAN problem.
+
+2009-08-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Fix typo.
+
+2009-08-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Fix expected output, a cert have expired.
+
+2009-08-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Fix crash.
+
+2009-08-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/mini-eagain.c: Make it build.
+
+2009-07-29 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Drop .c and sort.
+
+2009-07-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/minitasn1/errors.c, lib/minitasn1/libtasn1.h: Use
+ libtasn1 v2.3.
+
+2009-07-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit c02e9f1459330119d2947a4e46fb60c0e12fa32d Author: Nikos
+ Mavrogiannopoulos <nmav@gnutls.org> Date: Sun Jul 26 15:22:06 2009
+ +0300
+
+2009-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: do not allow null character in DN.
+
+2009-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: updated files to be ignored.
+
+2009-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/dn.c: Typo fix in test output. Patch by Brad Hards
+ <bradh@frogmouth.net>
+
+2009-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: Removed duplicate entry of Daniel and added Fabian, Brad
+ and Daiki.
+
+2009-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
+ doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
+ lib/auth_cert.c, lib/gnutls_buffers.c, lib/gnutls_mpi.c,
+ lib/gnutls_pk.c, lib/gnutls_sig.c, lib/opencdk/stream.c,
+ lib/opencdk/write-packet.c, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c, lib/x509/privkey_pkcs8.c, src/certtool.c,
+ src/psk.c: Several bug fixes by Fabian Keil (some were modified by
+ me).
+
+2009-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/mini-eagain.c: reduced transferred data size.
+
+2009-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/gnutls_buffers.c, lib/gnutls_errors.c,
+ lib/gnutls_record.c, lib/gnutls_supplemental.c,
+ lib/opencdk/armor.c, lib/opencdk/keydb.c, lib/opencdk/literal.c,
+ lib/opencdk/read-packet.c, lib/opencdk/sig-check.c,
+ lib/opencdk/stream.c, src/certtool-cfg.c, tests/chainverify.c: Added
+ casts to reduce warnings (based on report by Brad Hards).
+
+2009-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .gitignore: Added more stuff to have a clean status.
+
+2009-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README-alpha: Documentation corrections by Brad Hards.
+
+2009-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c: size_t and unsigned int fixes.
+
+2009-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_str.c: There are cases where those buffers might
+ overlap
+
+2009-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: Patch by Tim Kosse: "If
+ _gnutls_send_finished fails with GNUTLS_E_AGAIN or GNUTLS_E_AGAIN it
+ eventually gets called a second time. It however does not call _gnutls_send_handshake with a NULL pointer
+ on repeated calls, ultimately leading to an internal error in
+ _gnutls_handshake_io_send_int."
+
+2009-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.h, lib/gnutls_ui.c: Corrected
+ gnutls_certificate_client_get_request_status(). Based on observation
+ by Peter Hendrickson <pdh@wiredyne.com>.
+
+2009-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, tests/Makefile.am, tests/mini-eagain.c:
+ Added bug fix that allows gnutls_record_recv/send resuming from
+ previously interrupted actions. Patch by from Tim Kosse
+ <tim.kosse@filezilla-project.org>. Added a self test to check those functions in handling interrupted
+ states.
+
+2009-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit 21a7186bf83084a2bc85bbb7ddb600ccd070f1c2 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Tue Jun 23 23:04:51 2009
+ +0200
+
+2009-06-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Doc fix.
+
+2009-06-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-06-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/dn2.c: Add self-test of off-by-one size
+ error.
+
+2009-06-22 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2009-06-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-06-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/dn.c: Fix off-by-one size computation that leads to
+ truncated strings. Reported by Tim Kosse
+ <tim.kosse@filezilla-project.org> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
+
+2009-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/errno.in.h, gl/getpagesize.c,
+ gl/m4/errno_h.m4, gl/m4/gnulib-comp.m4, gl/m4/memchr.m4,
+ gl/m4/string_h.m4, gl/memchr.valgrind, gl/strerror.c,
+ gl/string.in.h, gl/tests/Makefile.am, gl/tests/getpagesize.c,
+ lib/gl/Makefile.am, lib/gl/errno.in.h, lib/gl/getpagesize.c,
+ lib/gl/m4/errno_h.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/memchr.m4, lib/gl/m4/string_h.m4, lib/gl/memchr.valgrind,
+ lib/gl/string.in.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/getpagesize.c: Update gnulib files.
+
+2009-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/m4/hooks.m4: Fix --disable-openssl-compatibility
+ parameter. Reported by Matthias Drochner <M.Drochner@fz-juelich.de>
+ in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3646>.
+
+2009-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2009-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/mpi.c: Fix build error.
+
+2009-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.c: Return proper MPI lengths in bits. Reported by
+ Peter Hendrickson <pdh@wiredyne.com> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
+
+2009-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit fad0d9b3289087dbd56176e7a1ccb498cf5ef099 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Wed Jun 10 17:55:05 2009
+ +0200
+
+2009-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12_s2k.c: Improve test vectors.
+
+2009-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/Makefile.am, tests/pkcs12_s2k_pem.c: Added new
+ self-test pkcs12_s2k_pem.
+
+2009-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs12_encr.c: Fix PKCS#12 string to key function for
+ 1/128 inputs. Reported by "Kukosa, Tomas"
+ <tomas.kukosa@siemens-enterprise.com> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
+
+2009-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/getpagesize.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/memchr.m4, gl/m4/mmap-anon.m4, gl/memchr.c,
+ gl/tests/Makefile.am, gl/tests/getpagesize.c,
+ gl/tests/test-memchr.c, gl/tests/zerosize-ptr.h,
+ lib/gl/Makefile.am, lib/gl/m4/getpagesize.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/memchr.m4,
+ lib/gl/m4/mmap-anon.m4, lib/gl/memchr.c, lib/gl/tests/Makefile.am,
+ lib/gl/tests/getpagesize.c, lib/gl/tests/test-memchr.c,
+ lib/gl/tests/zerosize-ptr.h: Update gnulib files.
+
+2009-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4, gl/m4/version-etc.m4,
+ gl/tests/test-alignof.c, gl/version-etc.c: Update gnulib files.
+
+2009-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.1.
+
+2009-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c: Mark global extfunc_size as having static
+ scope.
+
+2009-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/init_roundtrip.c: Add self-test to detect
+ extension init/deinit problem.
+
+2009-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c: Deinitalize extension global variable
+ properly. See <http://bugs.gentoo.org/272388>.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/alignof.h, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
+ gl/tests/test-alignof.c, lib/gl/alignof.h: Update gnulib files.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp.c, lib/debug.c, lib/debug.h, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/libgnutls.map, lib/pk-libgcrypt.c,
+ tests/mpi.c: Rename _gnutls_dump_mpi to _gnutls_mpi_log. Rewrite to
+ use less stack space.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Reduce stack size limit check.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Reduce stack size.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Fix malloc failure error strings.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_apis.c: Test more.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: (_gnutls_x509_oid_data2string): Return proper @res_size for NULL
+ res.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Indent.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Doc fix.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Reduce stack usage.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Doc fix.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Simplify.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_apis.c: Test more.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Reduce stack usage.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_apis.c: Test more.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Reduce stack usage.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Fix uninitialized variable access.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Reduce stack frame usage.
+
+2009-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: Reduce stack usage.
+
+2009-06-02 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/manywarnings.m4: Update gnulib files.
+
+2009-06-02 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_apis.c: Add.
+
+2009-06-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Don't assert on expected errors.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add crq self-test.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/extensions.c: Reduce stack usage.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Reduce stack usage. Fix build failure wrt
+ variable names.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/x509.h: Doc fix.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Doc fix.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Return buffer size for NULL/0 inputs. Fix output
+ buffer size computation.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/extensions.c: Fix mem leak.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Don't assert for expected errors.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Export wstack.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/configure.ac, libextra/configure.ac: Fix WSTACK_CFLAGS.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Improve logging and fix warnings.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/Makefile.am, lib/openpgp/Makefile.am,
+ lib/x509/Makefile.am, libextra/Makefile.am: Check stack size.
+
+2009-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/manywarnings.m4: Update gnulib files.
+
+2009-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: Added gnutls_dh_get_prime_bits limitation.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs12_bag.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_write.c: Doc fix. Reported by Peter Hendrickson
+ <pdh@wiredyne.com>.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix paths.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.9.0.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix paths for alpha release.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.c: Doc fix.
+
+2009-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gnupload: Update gnulib files.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/srptool.1: Fix.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/gnutls-serv.1: Doc fix.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk.c: Doc fix.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs7.c: Doc fix.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Cleanup rules.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/gnutls.texi, lib/Makefile.am,
+ lib/openpgp/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am:
+ Move API texinfo generation into doc/.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/include_next.m4, gl/m4/size_max.m4,
+ lib/gl/m4/include_next.m4, lib/gl/m4/size_max.m4: Update gnulib
+ files.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.8.0.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announcement-template.txt: Typo.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, cfg.mk, configure.ac, lib/configure.ac,
+ libextra/configure.ac: Prepare for stable release.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.c: Doc fix. Reported by Peter Hendrickson
+ <pdh@wiredyne.com>.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * src/select.c: Remove unused file, replaced by poll from gnulib.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix generation of error_codes.texi and
+ algorithms.texi.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announcement-template.txt: Fix.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.14.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-gaa.c, src/serv-gaa.c: Regenerate.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c, lib/includes/gnutls/compat.h,
+ libextra/gnutls_extra.c, libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, tests/openssl.c, tests/simple.c:
+ Fix version symbol namespace.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/gnutls.texi, doc/manpages/certtool.1,
+ doc/manpages/gnutls-serv.1, lib/auth_anon.c, lib/auth_dh_common.c,
+ lib/auth_dhe.c, lib/auth_dhe_psk.c, lib/gnutls_anon_cred.c,
+ lib/gnutls_errors.c, lib/gnutls_handshake.c, lib/gnutls_psk.c,
+ lib/gnutls_record.c, lib/gnutls_ui.c,
+ lib/includes/gnutls/gnutls.h.in, libextra/gnutls_ia.c,
+ src/certtool.gaa, src/prime.c, src/serv.c, src/serv.gaa,
+ src/tls_test.c, tests/anonself.c, tests/dhepskself.c,
+ tests/openpgpself.c, tests/oprfi.c, tests/resume.c, tests/tlsia.c,
+ tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Doc fixes.
+ Suggested by Peter Hendrickson <pdh@wiredyne.com>.
+
+2009-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_auth.c: Doc fix. Reported by Peter Hendrickson
+ <pdh@wiredyne.com>.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.13.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announcement-template.txt: Fix.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announcement-template.txt: Improve.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Sort symbols.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Auto-generate from GnuTLS 2.6.x list of
+ exported symbols. No substantial change.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Move functions. Reported by Andreas Metzler
+ <ametzler@downhill.at.eu.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3578>.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Move gnutls_x509_crq_set_key back to old ABI
+ namespace. Reported by Andreas Metzler
+ <ametzler@downhill.at.eu.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3576>.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Fix expired certs. Exit early to make it
+ easier to find failing test. Reported by Andreas Metzler
+ <ametzler@downhill.at.eu.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3580>.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * .clcopying: Fix.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Fix PGP key.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi, src/Makefile.am, src/README, src/README.srptool:
+ Removed duplicated documentation.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.12.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/serv.c, src/tls_test.c: Fix gnutls-serv and
+ gnutls-cli-debug on Windows.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getdelim.c: Update gnulib files.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/reference/Makefile.am, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/parser_aux.c: Use libtasn1 2.2.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gnupload, gl/Makefile.am, gl/m4/sys_socket_h.m4,
+ gl/sys_socket.in.h, gl/tests/test-sys_socket.c, lib/gl/Makefile.am,
+ lib/gl/m4/sys_socket_h.m4, lib/gl/sys_socket.in.h,
+ lib/gl/tests/test-sys_socket.c, maint.mk: Update gnulib files.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/vsnprintf.m4,
+ lib/gl/tests/Makefile.am, lib/gl/tests/test-vsnprintf.c,
+ lib/gl/vsnprintf.c: Replace vsnprintf if needed.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_key_id.c: Reorder gcry quick random to make it
+ effective. Reported by Andreas Metzler
+ <ametzler@downhill.at.eu.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3570>.
+
+2009-05-18 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.11.
+
+2009-05-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, cfg.mk, configure.ac, doc/examples/Makefile.am,
+ lib/Makefile.am, lib/configure.ac, lib/openpgp/Makefile.am,
+ lib/x509/Makefile.am, libextra/Makefile.am, libextra/configure.ac,
+ src/Makefile.am, tests/Makefile.am: Don't build with warnings all
+ the time. Use a WERROR_CFLAGS.
+
+2009-05-18 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2009-05-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Don't use unportable NI_MAXHOST/NI_MAXSERV.
+
+2009-05-17 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Link getaddrinfo libraries. Reported by "Tom G.
+ Christensen" <tgc@jupiterrise.com> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3560>.
+
+2009-05-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac: Need to run AC_PROG_CXX
+ unconditionally.
+
+2009-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/doxygen/Doxyfile.in, libextra/gl/Makefile.am: Fix old gnulib
+ lgpl/ paths. Reported by "Tom G. Christensen" <tgc@jupiterrise.com>
+ in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3556>.
+
+2009-05-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-05-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am: Need -DASN1_BUILDING for libtasn1.
+
+2009-05-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/announcement-template.txt: Add.
+
+2009-05-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am: Fix -I's after gnulib changes.
+ Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3548>.
+
+2009-05-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.10.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/tests/Makefile.am, gl/tests/test-alignof.c, lib/gl/Makefile.am,
+ lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/tests/Makefile.am, lib/gl/tests/test-alignof.c: Avoid failing
+ tests.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_priority.c,
+ lib/gnutls_psk.c, lib/gnutls_session.c, lib/gnutls_state.c,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/openpgp/extras.c, lib/openpgp/gnutls_openpgp.c,
+ lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/pkcs12_bag.c, lib/x509/x509.c,
+ lib/x509/x509_write.c, libextra/gnutls_ia.c: Doc fixes for GTK-DOC.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_server_name.c, lib/gnutls_priority.c,
+ lib/gnutls_record.c, lib/gnutls_srp.c, lib/gnutls_state.c,
+ lib/gnutls_ui.c, lib/gnutls_x509.c,
+ lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/x509.h,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_write.c: Doc fixes for GTK-DOC.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/crypto.h, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/x509.h, lib/openpgp/gnutls_openpgp.c,
+ lib/x509/dn.c, lib/x509/output.c, lib/x509/pkcs7.c,
+ lib/x509/verify.c, lib/x509/x509.c: Doc fixes for GTK-DOC.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
+ doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
+ doc/examples/ex-rfc2818.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/tcp.c: Place examples in public domain. After
+ discussion with Karl.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/alignof.h, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
+ gl/tests/test-alignof.c, lib/gl/alignof.h,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/tests/Makefile.am,
+ lib/gl/tests/test-alignof.c, maint.mk: Update gnulib files.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/keydb.c: Avoid sprintf.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-tlsia.c, lib/opencdk/literal.c,
+ lib/opencdk/misc.c, src/common.c, tests/chainverify.c,
+ tests/tlsia.c: Fix warnings.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-05-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pk-libgcrypt.c: Fix crash.
+
+2009-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: Doc fix.
+
+2009-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_dh_primes.c: Doc fix.
+
+2009-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am, lib/minitasn1/errors.h: Drop removed
+ libtasn1 file.
+
+2009-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/element.h,
+ lib/minitasn1/errors.c, lib/minitasn1/gstr.c, lib/minitasn1/gstr.h,
+ lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
+ lib/minitasn1/structure.c, lib/minitasn1/structure.h: Upgrade
+ libtasn1 to v2.1.
+
+2009-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c, libextra/gnutls_extra.c: Doc fixes. Remove
+ debugging code.
+
+2009-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.9.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/configure.ac, libextra/configure.ac: Drop obsolete stuff.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Drop obsolete stuff.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/ld-output-def.m4, gl/m4/ld-version-script.m4,
+ lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/ld-output-def.m4,
+ lib/gl/m4/ld-version-script.m4, libextra/gl/gnulib.mk,
+ libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4,
+ libextra/gl/m4/ld-output-def.m4,
+ libextra/gl/m4/ld-version-script.m4: Move gnulib tests into proper
+ directory.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Fix gnutls_priority_init documentation.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Revert "Fix man output for "%COMPAT" in
+ docstrings." This reverts commit d10f1872bcbf7eb63632a8ce2e50728f42bd03fa.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Fix man output for "%COMPAT" in docstrings.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: When writing man pages, don't append to
+ any existing file.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Doc fix.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/examples/Makefile.am, lib/gl/Makefile.am,
+ lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/tests/Makefile.am, lib/gl/tests/test-lseek.c,
+ lib/gl/tests/test-lseek.sh, src/Makefile.am, tests/Makefile.am: Fix
+ MinGW build failures.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/autogen.sh: Add.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * gtk-doc.make: Fix syntax-check.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * gtk-doc.make, m4/gtk-doc.m4: Upgrade gtk-doc files.
+
+2009-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, gl/sys_socket.in.h, gl/tests/test-vc-list-files-git.sh,
+ lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/sys_socket.in.h,
+ lib/gl/tests/Makefile.am, lib/gl/tests/test-lseek.c,
+ lib/gl/tests/test-lseek.sh, libextra/gl/gnulib.mk,
+ libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4:
+ Update gnulib files.
+
+2009-05-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Verisign CA v1 cert has expired! Change
+ expected results. Also test expiration code more.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Don't always rebuild manual.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/sys_socket_h.m4, lib/gl/m4/sys_socket_h.m4: Update gnulib
+ files.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, lib/gl/Makefile.am: Update gnulib files.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/alignof.h, lib/gl/Makefile.am: Update gnulib
+ files.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gnupload, gl/Makefile.am, gl/m4/errno_h.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/multiarch.m4, gl/m4/sys_socket_h.m4,
+ gl/m4/vasnprintf.m4, gl/sys_socket.in.h,
+ gl/tests/test-sys_socket.c, lib/gl/Makefile.am, lib/gl/alignof.h,
+ lib/gl/m4/errno_h.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/multiarch.m4, lib/gl/m4/sys_socket_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/sys_socket.in.h,
+ lib/gl/tests/test-sys_socket.c, maint.mk: Update gnulib files.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix -Werror handling.
+
+2009-05-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Fix warnings.
+
+2009-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
+ doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
+ tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
+ tests/oprfi.c, tests/pskself.c, tests/resume.c, tests/tlsia.c,
+ tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Fix
+ warnings.
+
+2009-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c, tests/dhepskself.c, tests/openpgpself.c,
+ tests/oprfi.c, tests/pskself.c, tests/resume.c, tests/tlsia.c,
+ tests/x509dn.c, tests/x509self.c, tests/x509signself.c: Use memset
+ instead of deprecated bzero.
+
+2009-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/certtool-cfg.c, src/serv.c: Fix build failure on systems
+ without AF_INET6, e.g., Solaris 2.6. Reported by "Tom G.
+ Christensen" <tgc@jupiterrise.com> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3524>.
+
+2009-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Drop README.GIT.
+
+2009-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Need to link directly to libgcrypt here.
+
+2009-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/mpi-libgcrypt.c: Don't use casts that break strict-aliasing
+ rules.
+
+2009-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha: Fix.
+
+2009-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Fix.
+
+2009-05-05 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha, doc/README.GIT: Replace doc/README.GIT with
+ README-alpha.
+
+2009-05-05 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha: Fix.
+
+2009-05-05 Simon Josefsson <simon@josefsson.org>
+
+ * README-alpha: Add.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/libgnutls.map: Fix build failure when LZO is enabled.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in, lib/includes/gnutls/openpgp.h,
+ libextra/includes/gnutls/extra.h: Fix gtk-doc warnings.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c: Regenerated libtasn1
+ files.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Build tools before using them.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * .x-sc_GPL_version, .x-sc_avoid_if_before_free,
+ .x-sc_cast_of_alloca_return_value, .x-sc_cast_of_argument_to_free,
+ .x-sc_file_system, .x-sc_m4_quote_check, .x-sc_makefile_check,
+ .x-sc_program_name, .x-sc_prohibit_HAVE_MBRTOWC,
+ .x-sc_prohibit_S_IS_definition, .x-sc_space_tab, .x-sc_the_the,
+ .x-sc_two_space_separator_in_usage, .x-sc_useless_cpp_parens, NEWS,
+ cfg.mk, doc/examples/ex-serv-export.c, doc/gnutls.texi,
+ gtk-doc.make, lib/gnutls.asn, lib/m4/hooks.m4,
+ lib/openpgp/Makefile.am, lib/pkix.asn, lib/x509/Makefile.am,
+ libextra/m4/hooks.m4, m4/valgrind.m4, src/Makefile.am,
+ src/certtool-cfg.c, src/certtool.c, src/crypt.c, src/psk.c,
+ src/serv.c, src/tls_test.c, tests/Makefile.am, tests/resume.c,
+ tests/x509dn.c: Fix syntax-check warnings.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, gtk-doc.make: Upgrade gtk-doc files.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.8.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gettext.h, gl/m4/wchar.m4, gl/wchar.in.h,
+ lib/gl/Makefile.am, lib/gl/gettext.h, lib/gl/m4/wchar.m4,
+ lib/gl/wchar.in.h: Update gnulib files.
+
+2009-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-padding/pkcs1-pad: Fix self test fails because of
+ expired certs using datefudge.
+
+2009-05-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Print cert details. Fix verifying expired
+ cert.
+
+2009-05-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/cve-2008-4989.c: Avoid time checks.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/cve-2009-1415.c, tests/cve-2009-1416.c:
+ Add self-tests for security problems.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/x509.h, lib/x509/verify.c, src/common.c:
+ libgnutls: Check activation/expiration times on untrusted
+ certificates. Reported by Romain Francoise.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_pk.c: Fix DSA key generation.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Use modern git names.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add old NEWS entries.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Document how to use TLS exporters.
+
+2009-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Fix getaddrinfo/bind loop.
+
+2009-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * : Replace PDF with official ZIP file. The PDFs have the same
+ SHA-1. The file was downloaded from:
+
+ http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/PKI%20Testing%20Page.htmUsing the direct link:
+
+ http://csrc.nist.gov/groups/ST/crypto_apps_infra/documents/certpath1.07.zip
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix.
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/useless-if-before-free, build-aux/vc-list-files,
+ gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/tests/Makefile.am,
+ gl/tests/test-vc-list-files-cvs.sh,
+ gl/tests/test-vc-list-files-git.sh, maint.mk: Update gnulib files.
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix some error messages.
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/vasnprintf.c,
+ lib/gl/m4/lib-link.m4, lib/gl/m4/lib-prefix.m4,
+ lib/gl/vasnprintf.c, libextra/gl/m4/lib-link.m4,
+ libextra/gl/m4/lib-prefix.m4, maint.mk: Update gnulib files.
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Move symbols new with gnutls 2.8.x under
+ GNUTLS_2_8 version.
+
+2009-04-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/serv.c: gnutls-serv: Listen on all interfaces.
+
+2009-04-24 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2009-04-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pk-libgcrypt.c: Cleanup code and fix memory leaks.
+
+2009-04-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs_template: Update gnulib files.
+
+2009-04-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/gnutls.texi: Improve texinfo section names.
+
+2009-04-23 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509sign-verify.c: Also test DSA keys.
+
+2009-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: release allocated mpis in
+ _gnutls_x509_verify_algorithm().
+
+2009-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/libgcrypt.supp: Suppress more for modern libgcrypt.
+
+2009-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509sign-verify.c: Cleanup code.
+
+2009-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Pass proper socket to libgnutls on Windows.
+
+2009-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/sockets.c, gl/sockets.h, gl/tests/Makefile.am, gl/tests/dummy.c,
+ gl/tests/sockets.c, gl/tests/sockets.h: Need sockets module.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.map: Make check needs more symbols.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/Makefile.am, lib/libgnutls.map, libextra/Makefile.am,
+ libextra/libgnutls-extra.map, libextra/libgnutls-extra.vers: Improve
+ version scripts. Limit exported symbols on systems without linker
+ script.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, build-aux/gendocs.sh, configure.ac, lib/configure.ac,
+ lib/m4/hooks.m4, libextra/configure.ac: Bump version.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.7.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Really generate DSA key in example.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Fix return value. Doc fix.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Explain how to generate DSA key.
+
+2009-04-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c, lib/x509/x509.c: Doc fix for new APIs.
+
+2009-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/pk-libgcrypt.c: Corrected possible memory corruption on
+ signature verification failure. Reported by Miroslav Kratochvil
+ <exa.exa@gmail.com>
+
+2009-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/printlist.c: Added small patch from Romain Francoise to remove
+ unneeded include.
+
+2009-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/x509.h, lib/x509/privkey.c, lib/x509/x509.c,
+ tests/Makefile.am, tests/x509sign-verify.c: Added self test for
+ gnutls_x509_crt_verify_hash() and
+ gnutls_x509_crt_get_verify_algorithm(). Added some notes in
+ gnutls_x509_privkey_sign_hash().
+
+2009-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/includes/gnutls/x509.h, lib/x509/verify.c,
+ lib/x509/x509.c: gnutls_x509_crt_get_sig_algorithm was renamed to
+ gnutls_x509_crt_get_verify_algorithm. Corrected some issues with
+ the code.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Reorder.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls.pc.in: Add -ltasn1 to pkg-config file. Reported
+ by Andreas Metzler <ametzler@downhill.at.eu.org> in
+
+ <http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3467>.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Use new po domain.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/de.po.in: Sync with TP.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/de.po.in: Sync with TP.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2009-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/de.po.in: Sync with TP.
+
+2009-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 934102c33ac89ace9a1e1d02047d54f2fea6b59b Merge: bc279f4
+ d720f3f Author: Nikos Mavrogiannopoulos <nmav@gnutls.org> Date:
+ Wed Apr 15 22:43:03 2009 +0300
+
+2009-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, doc/gendocs_template, doc/lgpl-2.1.texi:
+ Update gnulib files.
+
+2009-04-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/inet_ntop.m4, maint.mk: Update gnulib files.
+
+2009-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: documented Cedric Bail's function addition
+
+2009-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit 258d2e873f61d5543c674f46a6247b4a379d2cca Author: Simon
+ Josefsson <simon@josefsson.org> Date: Fri Apr 3 15:20:09 2009
+ +0200
+
+2009-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/POTFILES.in: Fix filenames.
+
+2009-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix PODIR.
+
+2009-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.ac, lib/Makefile.am, lib/configure.ac,
+ lib/po/LINGUAS, lib/po/Makevars, lib/po/POTFILES.in,
+ lib/po/cs.po.in, lib/po/de.po.in, lib/po/fr.po.in, lib/po/ms.po.in,
+ lib/po/nl.po.in, lib/po/pl.po.in, lib/po/sv.po.in, lib/po/vi.po.in,
+ po/LINGUAS, po/Makevars, po/POTFILES.in, po/cs.po.in, po/de.po.in,
+ po/fr.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in, po/sv.po.in,
+ po/vi.po.in: Move i18n dir back to lib/, after discussion with
+ Bruno.
+
+2009-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/ld-version-script.m4,
+ m4/linker-script.m4: Use linker-script from gnulib.
+
+2009-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/ld-output-def.m4, lib/configure.ac,
+ libextra/configure.ac, m4/output-def.m4: Use output-def test from
+ gnulib.
+
+2009-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/Makefile.am, lib/libgnutls.map,
+ lib/libgnutls.vers, lib/libgnutlsxx.map, lib/libgnutlsxx.vers:
+ Rename linker script.
+
+2009-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/m4/hooks.m4, libextra/Makefile.am: Use
+ DLL_VERSION variable name.
+
+2009-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/cs.po.in: Sync with TP.
+
+2009-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c, lib/openpgp/output.c, lib/x509/output.c: Fix
+ warnings.
+
+2009-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Only add warnings when using gcc. Don't use
+ -Wformat-nonliteral.
+
+2009-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, build-aux/gnupload, gl/Makefile.am, gl/close-hook.c,
+ gl/close-hook.h, gl/close.c, gl/fseeko.c, gl/gai_strerror.c,
+ gl/m4/close.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/printf.m4, gl/m4/select.m4, gl/m4/stdarg.m4,
+ gl/m4/sys_select_h.m4, gl/readline.c, gl/select.c, gl/setsockopt.c,
+ gl/stdint.in.h, gl/sys_select.in.h, gl/sys_socket.in.h,
+ gl/tests/Makefile.am, gl/tests/sockets.c, gl/tests/sockets.h,
+ gl/tests/test-getaddrinfo.c, gl/tests/test-sockets.c,
+ gl/unistd.in.h, gl/vasnprintf.c, gl/winsock-select.c,
+ lib/gl/Makefile.am, lib/gl/close-hook.c, lib/gl/close-hook.h,
+ lib/gl/fseeko.c, lib/gl/m4/gnulib-common.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/printf.m4, lib/gl/sockets.c,
+ lib/gl/sockets.h, lib/gl/stdint.in.h, lib/gl/sys_socket.in.h,
+ lib/gl/tests/test-sockets.c, lib/gl/unistd.in.h,
+ lib/gl/vasnprintf.c, lib/gl/w32sock.h,
+ libextra/gl/m4/gnulib-common.m4, maint.mk: Update gnulib files.
+
+2009-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/includes/gnutls/x509.h, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_int.h: Applied patch by Cedric Bail to add functions
+ gnutls_x509_crt_verify_hash() and
+ gnutls_x509_crt_get_sig_algorithm().
+
+2009-03-23 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix bootstrap.
+
+2009-03-23 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, cfg.mk, configure.ac, lib/Makefile.am,
+ lib/configure.ac: Fix po paths.
+
+2009-03-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/LINGUAS, lib/po/Makevars, lib/po/POTFILES.in,
+ lib/po/de.po.in, lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in,
+ lib/po/pl.po.in, lib/po/sv.po.in, lib/po/vi.po.in, po/LINGUAS,
+ po/Makevars, po/POTFILES.in, po/de.po.in, po/fr.po.in, po/ms.po.in,
+ po/nl.po.in, po/pl.po.in, po/sv.po.in, po/vi.po.in: Move lib/po to
+ po/ since the gettext domain is global for gnutls.
+
+2009-03-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Cosmetic fix.
+
+2009-03-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c, lib/x509/x509_int.h: Be compatible with
+ libtasn1 before v1.6.
+
+2009-03-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-03-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/errors.h, lib/minitasn1/gstr.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c: Update to minitasn1 v1.8.
+
+2009-03-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c, lib/gnutls_global.h, lib/x509/common.c,
+ lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c,
+ lib/x509/x509.c: Use modern libtasn1 interfaces.
+
+2009-03-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-03-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump version.
+
+2009-03-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Add -I's for errcodes/printlist. Reported by
+ Roman Bogorodskiy <novel@FreeBSD.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3435>.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix distcheck.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Remove error_codes.texi and algorithms.texi to
+ fix make distcheck.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Update --css-include path to fix distcheck.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.6.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Fix.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/test-fseeko2.sh, lib/gl/tests/test-fseeko2.sh: Update
+ gnulib files.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4, gl/m4/printf.m4, gl/m4/stdint.m4,
+ gl/m4/stdlib_h.m4, gl/m4/vasnprintf.m4, gl/tests/Makefile.am,
+ gl/tests/test-fseeko.c, gl/tests/test-getaddrinfo.c,
+ gl/vasnprintf.c, lib/gl/m4/gnulib-comp.m4, lib/gl/m4/printf.m4,
+ lib/gl/m4/stdint.m4, lib/gl/m4/stdlib_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/tests/Makefile.am,
+ lib/gl/tests/test-fseeko.c, lib/gl/vasnprintf.c: Update gnulib
+ files.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/ungetc.m4, lib/gl/m4/ungetc.m4: Update gnulib files.
+
+2009-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Revert %-hack that lead to syntax errors in
+ texinfo output.
+
+2009-02-24 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Minor cleanup.
+
+2009-02-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/certtool-cfg.c: certtool: Query for multiple dnsName
+ subjectAltName in interactive mode.
+
+2009-02-23 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/include_next.m4, lib/gl/m4/include_next.m4: Update gnulib
+ files.
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: documented pkix.asn change
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn: Removed several unneeded parameters from pkix tree.
+ This reduces initial memory usage after gnutls_global_init() from
+ 140kb (in amd64) to 50kb.
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/dn.c, tests/crq_key_id.c: Added more verbose information.
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/dn.c,
+ tests/crq_key_id.c: Revert "Added more verbose debugging info" This reverts commit c2d3596cddbb54ac4f19c44b15a03ee1fcceab12.
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/dn.c,
+ tests/crq_key_id.c: Added more verbose debugging info
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * doc/TODO: removed items that have already been done or solved.
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: documented the SSL3_RECORD_VERSION priority string
+
+2009-02-22 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * doc/scripts/gdoc, lib/gnutls_priority.c: Applied patch by Martin
+ von Gagern: The attached patch fixes gnutls_priority_init(3), but in
+ a very hackish way, treating a percent sign as indicating a constant
+ only if it is not immediately preceded by a double quote.
+
+2009-02-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * doc/manpages/gnutls-cli.1: Corrected listing of special keywords.
+ Reported by Martin von Gagern.
+
+2009-02-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * doc/manpages/gnutls-cli.1, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_priority.c: Added %SSL3_RECORD_VERSION
+ priority option that allows to specify the client hello message
+ record version. Used to overcome buggy TLS servers. Report by Martin
+ von Gagern.
+
+2009-02-15 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/verify.c: Corrected bit disable (was flipping instead).
+ Initialy reported by Daniel Kahn Gillmor on 9/1/2008. Many thanks to
+ moog@sysdev.oucs.ox.ac.uk for bringing this into my attention.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/serv.c: gnutls-serv: No longer disable MAC padding by
+ default.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: More gnulib usage.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Use more gnulib interfaces.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Update gnutls-serv --help output.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Update gnutls-cli --help output.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_x509.c:
+ libgnutls: Add new priority strings for allowing RSA-MD5 and V1-CA.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/cli.c: gnutls-cli: Don't permit V1 CAs by default.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/errcodes.c, doc/printlist.c,
+ src/Makefile.am, src/errcodes.c, src/printlist.c: Move doc related
+ tools from src/ to doc/.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Typo.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Typo.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Print OpenPGP cert info using libgnutls.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/openpgp/output.c: libgnutls: gnutls_openpgp_crt_print
+ supports oneline mode.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: Fix expected test vectors.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/output.c: libgnutls: gnutls_x509_crt_print prints
+ signature algorithm in oneline mode.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/close.m4, gl/m4/sockets.m4, gl/tests/sockets.h,
+ gl/tests/test-sockets.c, lib/gl/m4/sockets.m4, lib/gl/sockets.h,
+ lib/gl/tests/test-sockets.c: Update gnulib files.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/common.c: gnutls-cli: Print certificate info using
+ libgnutls.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Print bit size of RSA exponents.
+
+2009-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Need -lgnutls etc for certtool-cfg.c.
+
+2009-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.5.
+
+2009-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Merge in old NEWS entries.
+
+2009-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/verify.c: Move down revocation check to revert code to
+ how it looked before. The idea is that if you have marked a cert as
+ trusted, you may want to trust it even though some authority has
+ revoked it. This changes back how this code used to work.
+
+2009-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/TODO, lib/x509/verify.c, tests/chainverify.c: Make it
+ possible to trust intermediary certificates. Based on tiny patch
+ from "Douglas E. Engert" <deengert@anl.gov> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3376>.
+
+2009-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Add another chain from bug reports.
+
+2009-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Print more certificate status values.
+
+2009-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Assert less for expected errors.
+
+2009-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Simplify keyid printing to avoid allocation and
+ asserts.
+
+2009-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am, doc/scripts/gdoc: Update gdoc and use
+ -pkg-name.
+
+2009-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gnupload, gl/Makefile.am, gl/m4/00gnulib.m4,
+ gl/m4/errno_h.m4, gl/m4/extensions.m4, gl/m4/gnulib-common.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/multiarch.m4, gl/m4/pmccabe2html.m4,
+ gl/m4/stdlib_h.m4, gl/stdlib.in.h, gl/tests/test-getaddrinfo.c,
+ gl/version-etc.c, gl/version-etc.h, lib/gl/Makefile.am,
+ lib/gl/m4/00gnulib.m4, lib/gl/m4/errno_h.m4,
+ lib/gl/m4/extensions.m4, lib/gl/m4/gnulib-common.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/multiarch.m4,
+ lib/gl/m4/stdlib_h.m4, lib/gl/stdlib.in.h,
+ libextra/gl/m4/00gnulib.m4, libextra/gl/m4/extensions.m4,
+ libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4:
+ Update gnulib files.
+
+2009-01-27 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, lib/gnutls_handshake.c: gnutls_handshake when sending client
+ hello during a rehandshake, will not offer a version number larger
+ than the current. Reported by Tristan Hill <stan@saticed.me.uk>.
+
+2009-01-27 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_psk.c: result_size in gnutls_hex_encode behaves as
+ documented. It now holds the size of the result. Reported by John
+ Brooks.
+
+2009-01-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/arpa_inet.in.h, gl/fseeko.c, gl/m4/alloca.m4,
+ gl/m4/errno_h.m4, gl/m4/getaddrinfo.m4, gl/m4/getline.m4,
+ gl/m4/getpass.m4, gl/m4/gettimeofday.m4, gl/m4/gnulib-common.m4,
+ gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4, gl/m4/intmax_t.m4,
+ gl/m4/inttypes_h.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
+ gl/m4/longlong.m4, gl/m4/malloc.m4, gl/m4/minmax.m4,
+ gl/m4/printf.m4, gl/m4/readline.m4, gl/m4/realloc.m4,
+ gl/m4/sockets.m4, gl/m4/sockpfaf.m4, gl/m4/stdbool.m4,
+ gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
+ gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/m4/wchar_t.m4,
+ gl/m4/wint_t.m4, gl/progname.c, gl/stdint.in.h, gl/stdio.in.h,
+ gl/strerror.c, gl/sys_stat.in.h, gl/tests/gettimeofday.c,
+ gl/tests/ioctl.c, gl/tests/test-unistd.c, gl/unistd.in.h,
+ gl/wchar.in.h, lib/gl/Makefile.am, lib/gl/fseeko.c,
+ lib/gl/m4/alloca.m4, lib/gl/m4/byteswap.m4, lib/gl/m4/codeset.m4,
+ lib/gl/m4/errno_h.m4, lib/gl/m4/gettext.m4,
+ lib/gl/m4/gnulib-common.m4, lib/gl/m4/iconv.m4,
+ lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
+ lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
+ lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
+ lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4, lib/gl/m4/lock.m4,
+ lib/gl/m4/longlong.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memmem.m4,
+ lib/gl/m4/memmove.m4, lib/gl/m4/minmax.m4, lib/gl/m4/nls.m4,
+ lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
+ lib/gl/m4/progtest.m4, lib/gl/m4/realloc.m4, lib/gl/m4/sockets.m4,
+ lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4, lib/gl/m4/stdint.m4,
+ lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4, lib/gl/m4/strcase.m4,
+ lib/gl/m4/strverscmp.m4, lib/gl/m4/threadlib.m4,
+ lib/gl/m4/uintmax_t.m4, lib/gl/m4/unistd_h.m4,
+ lib/gl/m4/vasnprintf.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
+ lib/gl/stdint.in.h, lib/gl/stdio.in.h, lib/gl/sys_stat.in.h,
+ lib/gl/tests/test-unistd.c, lib/gl/unistd.in.h, lib/gl/wchar.in.h:
+ Update gnulib files.
+
+2009-01-21 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2009-01-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gl/Makefile.am, libextra/gl/gnulib.mk,
+ libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-common.m4,
+ libextra/gl/m4/lib-ld.m4, libextra/gl/m4/lib-link.m4,
+ libextra/gl/m4/md5.m4: Add -I's in libextra/gl for stdint.h on
+ Solaris. Reported by Dagobert Michelsen <dam@opencsw.org> in
+
+ http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3388
+
+2009-01-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Check return value properly.
+
+2009-01-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Fix mem leak because buffer is not expanded
+ correctly.
+
+2009-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix typos.
+
+2009-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/verify.c: Permit V1 Certificate Authorities
+ properly. Before they were mistakenly rejected even though
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
+ "Douglas E. Engert" <deengert@anl.gov> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+2009-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Permit V1 CA's in new --verify-chain code.
+
+2009-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2009-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Added chain supplied by "Douglas E. Engert"
+ <deengert@anl.gov>.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * src/errcodes.c, src/printlist.c: Fix license header.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_global.c,
+ lib/gnutls_global.h, lib/gnutls_int.h: Cleanup logger function type.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.4.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_rsa_export.c: Doc fixes.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
+ doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
+ doc/examples/ex-client1.c, lib/gnutls_algorithms.c,
+ lib/gnutls_rsa_export.c, lib/openpgp/output.c, lib/x509/output.c,
+ lib/x509/privkey.c, src/cli.c, src/common.c, src/serv.c,
+ src/tls_test.c, tests/dhepskself.c: Fix warnings.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, doc/gendocs_template, gl/Makefile.am,
+ gl/m4/errno_h.m4, gl/m4/extensions.m4, gl/m4/getaddrinfo.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes_h.m4,
+ gl/m4/lib-link.m4, gl/m4/manywarnings.m4, gl/m4/multiarch.m4,
+ gl/m4/printf.m4, gl/m4/size_max.m4, gl/m4/stdint.m4,
+ gl/m4/stdint_h.m4, gl/m4/wchar.m4, gl/m4/wchar_t.m4,
+ gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/stdint.in.h, gl/stdlib.in.h,
+ gl/sys_select.in.h, gl/tests/Makefile.am,
+ gl/tests/test-select-in.sh, gl/unistd.in.h, gl/version-etc.c,
+ gl/wchar.in.h, lib/gl/Makefile.am, lib/gl/m4/codeset.m4,
+ lib/gl/m4/errno_h.m4, lib/gl/m4/extensions.m4,
+ lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4, lib/gl/m4/glibc21.m4,
+ lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/iconv.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intlmacosx.m4,
+ lib/gl/m4/intmax.m4, lib/gl/m4/inttypes-pri.m4,
+ lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
+ lib/gl/m4/lib-link.m4, lib/gl/m4/multiarch.m4, lib/gl/m4/nls.m4,
+ lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
+ lib/gl/m4/progtest.m4, lib/gl/m4/size_max.m4, lib/gl/m4/stdint.m4,
+ lib/gl/m4/stdint_h.m4, lib/gl/m4/threadlib.m4,
+ lib/gl/m4/uintmax_t.m4, lib/gl/m4/visibility.m4,
+ lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
+ lib/gl/m4/xsize.m4, lib/gl/stdint.in.h, lib/gl/stdlib.in.h,
+ lib/gl/tests/Makefile.am, lib/gl/unistd.in.h, lib/gl/wchar.in.h,
+ libextra/gl/Makefile.am, libextra/gl/m4/extensions.m4,
+ libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4,
+ libextra/gl/m4/lib-link.m4: Update gnulib files.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix NEWS entry.
+
+2009-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/sha2/sha2: Fix self-test with new certtool --verify-chain
+ output.
+
+2009-01-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ * NEWS: added NEWS item about MD5 deprecation
+
+2009-01-06 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-padding/pkcs1-pad: Fix expect strings to compensate
+ for new certtool -e output.
+
+2009-01-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/certtool.c: certtool: Make --verify-chain use libgnutls
+ verification algorithm.
+
+2009-01-06 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Test chain with EE cert signed using RSA-MD5.
+
+2009-01-06 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ * lib/x509/verify.c: actually deprecate MD5 and MD2 signatures
+ during X.509 verification by treating them as invalid unless the
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_{MD5,MD2} flags are present.
+
+2008-12-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add NEWS entries from 2.6.3.
+
+2008-12-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_key_id.c: Fix.
+
+2008-12-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_key_id.c: Make it compile. Speed up key generation.
+
+2008-12-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crq_key_id.c: Indent.
+
+2008-12-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/Makefile.am, tests/crq_key_id.c: Add crq_key_id
+ self-test from David Marín Carreño.
+
+2008-12-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Update manywarnings usage.
+
+2008-12-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-12-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Print public key id for certificate requests
+ too.
+
+2008-12-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-12-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2008-12-11 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS, NEWS, lib/includes/gnutls/x509.h, lib/x509/crq.c: gnutls:
+ New interface to get key id for certificate requests. Patch from
+ David Marín Carreño <davefx@gmail.com> in
+
+ <http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.3.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Check ca=false with flags too.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/tests/test-lseek.sh.diff, gl/tests/test-lseek.sh,
+ lib/gl/tests/test-lseek.sh: Disable parts of gnulib self-tests that
+ fail on mingw.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gl/tests/test-lseek.c, maint.mk: Update gnulib files.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/tests/test-lseek.c.diff,
+ gl/override/tests/test-select-in.sh.diff, gl/tests/test-lseek.c,
+ gl/tests/test-select-in.sh: Disable parts of gnulib self-tests that
+ fail on mingw.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-cxx.cpp: Drop config.h, not needed (hopefully?)
+ and breaks mingw due to rpl_gmtime.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Certtool need libgnutls etc for
+ libcmd-certtool.la too, due to certtool-cfg.c.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509self.c: Fix comments.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/cve-2008-4989.c: Align with Nikos' patch.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/Makefile.am, lib/opencdk/armor.c,
+ lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
+ lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c: Revert "Fix warnings
+ in opencdk." This reverts commit 59cddc711e55bbd094bdf95986277fb33ba964ee.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/verify.c: Revert last commit.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Add GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag
+ when needed.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Add hbci chain.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Fix comments.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Fix order to match comments.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Don't fail on expect errors, to allow more
+ information to be collected.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/verify.c: Revert Nikos revert, and fix verification
+ hopefully better. The new logic is to include the CA cert in
+ validation, but short-cut full validation of trusted certificates.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chainverify.c: Add chain with CA having a basic constraint
+ saying CA=FALSE.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/cve-2008-4989.c: Add note.
+
+2008-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/Makefile.am, tests/chainverify.c: Add self-test of
+ chain verification logic.
+
+2008-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/libgcrypt.supp: Ignore more.
+
+2008-12-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-12-05 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/verify.c: reintroduced the self signed certificate
+ removal code. This time shouldn't have the drawbacks that used to.
+
+2008-12-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Disable secmem rather than overriding
+ libgcrypt memory allocators. Suggested by Werner Koch in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.libgcrypt.devel/2056>.
+
+2008-12-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_global.c: rearranged initialization stuff based on
+ Werner's suggestions.
+
+2008-12-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/certtool.c: gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0) is
+ being called after libgcrypt initialization (gnutls_global_init).
+
+2008-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/Makefile.am, lib/opencdk/armor.c,
+ lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/misc.c,
+ lib/opencdk/new-packet.c, lib/opencdk/read-packet.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c: Fix warnings in
+ opencdk.
+
+2008-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/manywarnings.m4: Add.
+
+2008-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/include_next.m4, gl/m4/warnings.m4,
+ gl/stdint.in.h, gl/sys_time.in.h, lib/gl/m4/include_next.m4,
+ lib/gl/stdint.in.h: Update gnulib files.
+
+2008-11-29 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * tests/x509self.c: Incorporated patch (with modifications) from Joe
+ Orton that also checks the rehandshake capabilities.
+
+2008-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
+ libextra/Makefile.am, tests/Makefile.am: Fix minitasn1 -I's.
+
+2008-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Fix minitasn1 -I.
+
+2008-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Fix compiler warning.
+
+2008-11-23 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Libreadline is needed by libcmd_certtool.la, not
+ certtool. Reported by Arfrever Frehtes Taifersar Arahesis
+ <arfrever.fta@gmail.com> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3293>.
+
+2008-11-23 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/context.h, lib/opencdk/literal.c, lib/opencdk/misc.c,
+ lib/opencdk/new-packet.c, lib/opencdk/opencdk.h,
+ lib/opencdk/read-packet.c: Converted non-C compliant code to
+ standard C. The usage of structures like: struct x { int el1; char str[1]; } and the trick of using a single allocation for str and the structure
+ itself by allocating sizeof(x) + strlen()-1, are questionable. They
+ were converted to: struct x { int el1; char *str; } and there is a single allocation of sizeof(x)+strlen() but then the
+ str pointer is updated to point to the rest of the data.
+
+2008-11-23 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_buffers.c, lib/gnutls_int.h, lib/gnutls_str.c,
+ lib/gnutls_str.h, lib/x509/dn.c: When reading data from a buffer
+ (gnutls_string) avoid memmoving all remaining data. This will speed
+ up short byte reads.
+
+2008-11-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * doc/TODO: reorganized goals
+
+2008-11-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/cli.c: return non zero error code on error conditions.
+
+2008-11-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * doc/certtool.cfg: better grouping of configuration directives
+
+2008-11-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 8b14ab18cf5e5214ac3d28412e0c503e83a753c1 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Fri Nov 21 21:02:45
+ 2008 +0200
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_compress.c: Clean up LZO initialization.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c: Don't use // comments.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Change link order, so that gnulib is last.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update gnulib files.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/LINGUAS: Sync with TP.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/LINGUAS: Sync with TP.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/LINGUAS, lib/po/ms.po.in: Sync with TP.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.2.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Add deprecated guard for libtasn1.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/element.h,
+ lib/minitasn1/errors.c, lib/minitasn1/gstr.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c,
+ lib/minitasn1/structure.h: Sync with libtasn1 v1.7.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am, lib/Makefile.am,
+ lib/openpgp/Makefile.am, libextra/Makefile.am: Fix WARN_CFLAGS uses.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_compress.c: Fix warnings.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Respect ENABLE_OPENSSL.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Move gnulib EARLY early.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ lib/m4/output-def.m4, libextra/configure.ac, m4/output-def.m4: Move
+ C++ and -output-def detection.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ lib/m4/linker-script.m4, libextra/configure.ac, m4/linker-script.m4:
+ Fix linker script test.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Fix typo.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, libextra/m4/hooks.m4: Print Openssl status.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/m4/hooks.m4: Print C++ status.
+
+2008-11-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Cleanup guile tests.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/warnings.m4: Update gnulib files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Rewrite warning initializations.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Typo.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/warnings.m4: Update gnulib files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/examples.h: Add.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, doc/examples/Makefile.am, doc/examples/ex-alert.c,
+ doc/examples/ex-client-psk.c, doc/examples/ex-pkcs12.c,
+ doc/examples/ex-rfc2818.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/tcp.c, gl/gettext.h, gl/override/lib/gettext.h.diff,
+ lib/gl/gettext.h, lib/gl/override/lib/gettext.h.diff,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_state.c,
+ lib/gnutls_str.h, lib/openpgp/output.c, lib/x509/Makefile.am,
+ lib/x509/dn.c, lib/x509/output.c, lib/x509/privkey.c,
+ libextra/fipsmd5.c, libextra/gnutls_extra.c,
+ libextra/gnutls_openssl.c, src/Makefile.am, src/cli.c,
+ src/common.h, src/crypt.c, src/prime.c, src/psk.c, src/serv.c,
+ src/tls_test.c, tests/Makefile.am, tests/anonself.c,
+ tests/crypto_rng.c, tests/dhepskself.c, tests/dn.c,
+ tests/finished.c, tests/gc.c, tests/mini.c, tests/openpgpself.c,
+ tests/pkcs12_s2k.c, tests/pskself.c, tests/resume.c,
+ tests/set_pkcs12_cred.c, tests/tlsia.c, tests/utils.c,
+ tests/utils.h, tests/x509dn.c, tests/x509self.c,
+ tests/x509signself.c: Use more warnings. Fix many warnings.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/warnings.m4, gl/override/tests/test-select-out.sh.diff,
+ gl/tests/test-select-out.sh: Update gnulib files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/compat.h, lib/includes/gnutls/crypto.h,
+ lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h: Fix
+ cosmetic nits in header files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/gnutls.h.in: Fix namespace of version symbols.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Move #include's outside of C++
+ markers.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/serv-gaa.c, src/serv-gaa.h:
+ Generated.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Work around gnulib+mingw problem.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.gaa, src/common.h, src/serv.c, src/serv.gaa: Never include
+ config.h in *.h files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/hostent.m4, gl/m4/servent.m4: Update gnulib files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/tests/test-select-out.sh.diff,
+ gl/tests/test-select-out.sh: Work around reported bug in gnulib
+ self-tests.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/getaddrinfo.m4, gl/m4/gnulib-comp.m4, gl/m4/sockets.m4,
+ gl/tests/test-select-out.sh, lib/gl/m4/sockets.m4: Update gnulib
+ files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, build-aux/gnupload, gl/m4/getaddrinfo.m4,
+ gl/m4/netdb_h.m4, gl/netdb.in.h, gl/tests/sockets.h,
+ lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/netdb_h.m4, lib/gl/netdb.in.h,
+ lib/gl/sockets.h, lib/gl/tests/Makefile.am,
+ libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
+ libextra/gl/m4/gnulib-comp.m4: Update gnulib files.
+
+2008-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_auth.c: Make it build.
+
+2008-11-15 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_auth.c: Corrected memory leak in
+ _gnutls_free_auth_info(). Trace and patch by Michael Weiser.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Disable openpgp-keyring when not building
+ openpgp.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add -I for libextra too.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutlsxx.cpp: Make it compile with --disable-openpgp.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/resume.c: Fix warning.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/mpi-libgcrypt.c: Don't return from void function. Reported by
+ Jeff Cai <jeff.cai@sun.com> in
+ https://savannah.gnu.org/support/?106549
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h, libextra/ext_inner_application.c,
+ libextra/gnutls_ia.c: Include gnutls/extra.h at the right places.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/mac-libgcrypt.c: Don't return from void function. Reported by
+ Jeff Cai <jeff.cai@sun.com> in
+ https://savannah.gnu.org/support/?106549
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/pkcs12-decode/Makefile.am,
+ tests/pkcs12-decode/pkcs12_s2k.c, tests/pkcs12_s2k.c: Move
+ pkcs12_s2k.c test to top-level to avoid -I/etc flag duplication.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12-decode/pkcs12: Test pkcs12_2certs.p12 too.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12-decode/Makefile.am: Dist pkcs12_2certs.p12.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Dist README.gaa.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Remove README.autoconf.
+
+2008-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/m4/hooks.m4: Run AC_PROG_CXX only when needed. Reported by
+ Daniel Black <dragonheart@gentoo.org> in
+ <https://savannah.gnu.org/support/?106542>.
+
+2008-11-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Use more warnings.
+
+2008-11-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Fix warning.
+
+2008-11-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Drop incorrect -I.
+
+2008-11-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.gaa: Add.
+
+2008-11-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, doc/examples/ex-serv-export.c,
+ libextra/gnutls_ia.c, src/Makefile.am, src/certtool-gaa.c,
+ src/cli-gaa.c, src/crypt-gaa.c, src/psk-gaa.c, src/serv-gaa.c,
+ src/tests.c, src/tls_test-gaa.c: Use more warnings. Fix warnings.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c, lib/gnutls_mpi.c, lib/gnutls_pk.c,
+ lib/mac-libgcrypt.c: Fix warnings.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Add -Werror again, code is fixed.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Use warning flags, but not for C++ code.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/cve-2008-4989.c: Use more warnings. Fix
+ warnings.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am, src/certtool-cfg.h, src/certtool-gaa.c: Use more
+ warnings. Fix warnings.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/Makefile.am, libextra/Makefile.am,
+ libextra/gl/Makefile.am, libextra/gl/m4/extensions.m4,
+ libextra/gl/m4/gnulib-cache.m4, libextra/gl/m4/gnulib-comp.m4: Use
+ more warning flags. Need extensions in libextra.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_handshake.c, lib/gnutls_mpi.c,
+ lib/gnutls_x509.c: Fix warnings.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Add prototype for
+ gnutls_certificate_set_x509_simple_pkcs12_mem.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Use WARN_CFLAGS.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_server_name.c, lib/gnutls_cipher.c,
+ lib/gnutls_constate.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_record.c,
+ lib/gnutls_supplemental.c, lib/gnutls_v2_compat.c: Fix warnings.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Build gl/ later.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Drop -Werror because gnutls code doesn't compile with it.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/Makefile.am: Disable pointer sign warnings. Use
+ WARN_CFLAGS more.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Better warning flag hangling.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, doc/README.GIT: Drop --enable-developer-mode.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac: Remove debug code.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, configure.ac: Use warnings module.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, configure.ac, gl/m4/gnulib-comp.m4, gl/m4/warnings.m4,
+ lib/configure.ac, libextra/configure.ac: Use gnulib warnings module.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add v2.6.2 entries.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/m4/hooks.m4, lib/m4/output-def.m4: Use output-def.m4.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.pc.in, libextra/gnutls-extra.pc.in: Add URL fields.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/m4/hooks.m4, lib/m4/linker-script.m4: Fix version script
+ detection.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ lib/m4/linker-script.m4, libextra/configure.ac, m4/valgrind.m4: Use
+ external m4 files for shared tests.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/cve-2008-4989.c: Frob expected verify status code. With
+ latest verify.c patch it just say the chain is invalid, rather than
+ complaining about missing signer certificate. This is arguable more
+ correct.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/verify.c: Remove check of last certificate in path is
+ self signed. Causes crashes further down in the code for
+ certificate chains that only contain one self-signed certificate.
+ Still protects against the GNUTLS-SA-2008-3 vulnerabillity.
+ Reported by Michael Meskes <meskes@debian.org> in
+ <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.
+
+2008-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/test-select-out.sh: Comment out broken test.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/warnings.m4, lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/warnings.m4: Update gnulib
+ files.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Need more -I's.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/warnings.m4: Update gnulib
+ files.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/fseeko.c, gl/m4/getaddrinfo.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
+ gl/m4/printf.m4, gl/netdb.in.h, gl/tests/test-select-fd.c,
+ gl/tests/test-select-in.sh, gl/tests/test-select-out.sh,
+ lib/gl/Makefile.am, lib/gl/fseeko.c, lib/gl/m4/netdb_h.m4,
+ lib/gl/m4/printf.m4, lib/gl/netdb.in.h: Update gnulib files.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * tests/cve-2008-4989.c: Also test chain length of 1 since the
+ security patch caused a crash.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * tests/libgcrypt.supp: Add another gcrypt leak.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_global.c: Fix mem leak.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * tests/cve-2008-4989.c: Fix mem leaks.
+
+2008-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/Makefile.am, tests/cve-2008-4989.c: Add
+ cve-2008-4989.c self-test.
+
+2008-11-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/tests/gettimeofday.c, gl/tests/test-gettimeofday.c,
+ gl/tests/test-select-fd.c, gl/tests/test-select-in.sh,
+ gl/tests/test-select-out.sh, gl/tests/test-select-stdin.c: Update
+ gnulib files.
+
+2008-11-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gettimeofday.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/sys_ioctl_h.m4, gl/tests/Makefile.am,
+ lib/gl/m4/include_next.m4, lib/gl/sys_stat.in.h: Update gnulib
+ files.
+
+2008-11-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, lib/x509/verify.c: Merge in v2.6.1 fixes.
+
+2008-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/m4/hooks.m4: Use modern -Wl,--version-script check.
+
+2008-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/cyclo/Makefile.am: Cover more files.
+
+2008-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/opencdk.h: Fix C++ rule, for pmccabe2html.
+
+2008-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/pmccabe.css, build-aux/pmccabe2html, configure.ac,
+ doc/Makefile.am, doc/cyclo/Makefile.am, gl/Makefile.am,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/pmccabe2html.m4,
+ gl/sys_stat.in.h: Add cyclomatic code complexity charts.
+
+2008-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/m4/hooks.m4, libextra/configure.ac: Need LZO detection
+ in libgnutls.
+
+2008-11-05 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, lib/gnutls_x509.c, tests/Makefile.am,
+ tests/set_pkcs12_cred.c: * Added gnutls_certificate_set_x509_simple_pkcs12_mem * Made gnutls_certificate_set_x509_simple_pkcs12_file() more
+ advanced. It will return a corresponding certificate and key pair.
+ [The previous version would return the first ones found]. Eliminated
+ memory leaks on error conditions on these functions.
+
+2008-11-05 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * .gitignore: ignore more stuff
+
+2008-11-05 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, doc/certtool.cfg, src/certtool-cfg.c, src/certtool.c:
+ certtool: allow setting arbitrary key purpose object identifiers.
+
+2008-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.autoconf: Remove obsolete instructions.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_srp.c, lib/gnutls_ui.c: Doc fix.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use error instead of fprintf.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Indent differently for gtk-doc.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore gnulib headers.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * m4/ax_create_stdint_h.m4: Remove.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore config.h.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Drop pointless gc_LDADD.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Drop removed -Ilgl.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/Makefile.am, doc/fdl-1.3.texi, doc/fdl.texi,
+ doc/gnutls.texi, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/include_next.m4: Update gnulib files.
+ Use GFDLv1.3 for manual.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Fix typo.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Sync gnutls_srp_set_prime_bits
+ prototype with code.
+
+2008-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/includes/gnutls/gnutls.h.in: Add forgotten prototype for
+ gnutls_srp_server_get_username. Reported by Kevin Quick.
+
+2008-11-03 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_ui.c: documented that gnutls_dh_set_prime_bits() has no
+ effect in server side.
+
+2008-11-03 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit fe191e360728fcee72cf5ba835f2301f1bf78b49 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Nov 3 21:44:38
+ 2008 +0200
+
+2008-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gl/Makefile.am, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/memchr.m4, lib/gl/m4/memcmp.m4, lib/gl/memchr.c,
+ lib/gl/memcmp.c, lib/gl/tests/Makefile.am,
+ lib/gl/tests/test-memchr.c, lib/gl/tests/test-memcmp.c, maint.mk:
+ Update gnulib files.
+
+2008-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.ac, lib/configure.ac, lib/m4/hooks.m4,
+ libextra/configure.ac: Bump versions.
+
+2008-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/m4/hooks.m4: Check for C99 macros.
+
+2008-11-02 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/minitasn1/decoding.c, lib/minitasn1/element.c,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/parser_aux.h: * added BER octet string decoder from libtasn1. * added the tree generation optimizations.
+
+2008-11-02 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/certtool.c: * Some more verbose out. * Do not abort the pkcs12 structure parsing if one bag failed.
+
+2008-11-02 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/pkcs12.c: Reduce verbosity
+
+2008-11-02 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/pkcs12.c: print DER errors if any.
+
+2008-10-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/texinfo.css: Use white background.
+
+2008-10-31 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-10-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.1.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am: Really fix -I's.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am: Fix -I's.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add -lgnutls-extra for openpgp-keyring.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/sys_stat_h.m4, gl/sys_stat.in.h, gl/tests/Makefile.am,
+ gl/tests/test-sys_stat.c: Need more gnulib modules.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/connect.c, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/recv.c, gl/send.c, gl/tests/Makefile.am,
+ gl/tests/connect.c, src/certtool.c, src/cli.c: Need more gnulib
+ modules.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/perror.c, gl/tests/Makefile.am, gl/tests/perror.c: Update gnulib
+ files.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: Update.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/.gitignore, lib/po/.gitignore, libextra/.gitignore: Update.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/minmax.m4, gl/m4/read-file.m4, gl/minmax.h, gl/read-file.c,
+ gl/read-file.h, gl/tests/Makefile.am, gl/tests/test-read-file.c,
+ src/Makefile.am, src/cli.c, src/serv.c: Need more gnulib modules.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/accept.c, gl/alloca.c, gl/bind.c, gl/close.c, gl/fclose.c,
+ gl/listen.c, gl/m4/close.m4, gl/m4/fclose.m4, gl/m4/perror.m4,
+ gl/m4/sockets.m4, gl/m4/sys_ioctl_h.m4, gl/m4/sys_select_h.m4,
+ gl/m4/sys_time_h.m4, gl/setsockopt.c, gl/socket.c,
+ gl/sys_select.in.h, gl/sys_time.in.h, gl/tests/connect.c,
+ gl/tests/ioctl.c, gl/tests/perror.c, gl/tests/sockets.c,
+ gl/tests/sockets.h, gl/tests/sys_ioctl.in.h,
+ gl/tests/test-perror.c, gl/tests/test-perror.sh,
+ gl/tests/test-select.c, gl/tests/test-sockets.c,
+ gl/tests/test-sys_select.c, gl/tests/test-sys_time.c,
+ gl/tests/w32sock.h, gl/winsock-select.c: Update gnulib files.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/shutdown.c, gl/tests/Makefile.am, gl/tests/dummy.c,
+ gl/w32sock.h, lib/Makefile.am, src/common.h: Use sockets module.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am: Fix.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-comp.m4, lib/gl/m4/sockets.m4, lib/gl/sockets.c,
+ lib/gl/sockets.h, lib/gl/tests/Makefile.am,
+ lib/gl/tests/test-sockets.c, lib/gnutls_buffers.c,
+ lib/gnutls_global.c: Better gnulib module usage.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4: Update gnulib files.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.ac, configure.in: Rename.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am, src/Makefile.am: Fixes.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/configure.ac, tests/Makefile.am: Fixes.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in, doc/Makefile.am,
+ doc/examples/Makefile.am, doc/reference/Makefile.am,
+ guile/src/Makefile.am, includes/Makefile.am,
+ includes/gnutls/compat.h, includes/gnutls/crypto.h,
+ includes/gnutls/extra.h, includes/gnutls/gnutls.h.in,
+ includes/gnutls/gnutlsxx.h, includes/gnutls/openpgp.h,
+ includes/gnutls/openssl.h, includes/gnutls/pkcs12.h,
+ includes/gnutls/x509.h, lib/Makefile.am, lib/configure.ac,
+ lib/includes/Makefile.am, lib/includes/gnutls/compat.h,
+ lib/includes/gnutls/crypto.h, lib/includes/gnutls/gnutls.h.in,
+ lib/includes/gnutls/gnutlsxx.h, lib/includes/gnutls/openpgp.h,
+ lib/includes/gnutls/pkcs12.h, lib/includes/gnutls/x509.h,
+ lib/opencdk/Makefile.am, lib/openpgp/Makefile.am,
+ lib/x509/Makefile.am, libextra/Makefile.am, libextra/configure.ac,
+ libextra/includes/Makefile.am, libextra/includes/gnutls/extra.h,
+ libextra/includes/gnutls/openssl.h, src/Makefile.am,
+ tests/Makefile.am, tests/hostname-check.README,
+ tests/hostname-check.c, tests/hostname-check/Makefile.am,
+ tests/hostname-check/README, tests/hostname-check/hostname-check.c,
+ tests/openpgp-keyring.c, tests/openpgp/Makefile.am,
+ tests/openpgp/keyring.c, tests/pkcs12-decode/Makefile.am: Separate
+ headers as well. Clean up -I's.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am, tests/Makefile.am,
+ tests/pkcs12-decode/Makefile.am: Builds on my system now.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls_mem.h: Drop dmalloc and efence support.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
+ lib/openpgp/Makefile.am, lib/x509/Makefile.am,
+ libextra/Makefile.am, src/Makefile.am: Make it build better.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, lib/m4/hooks.m4,
+ libextra/Makefile.am, src/Makefile.am: Fixes.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, configure.in, includes/gnutls/gnutls.h.in,
+ lib/Makefile.am, lib/configure.ac, lib/m4/hooks.m4,
+ lib/openpgp/Makefile.am, lib/x509/Makefile.am: Make it build.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/po/POTFILES.in: Fix paths.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, lib/m4/hooks.m4: Build fixes.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix i18n stuff.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/m4/hooks.m4, libextra/m4/hooks.m4: New files, forgotten in
+ last commit.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/build-aux/config.rpath, lib/build-aux/link-warning.h,
+ lib/gl/Makefile.am, lib/gl/m4/gnulib-cache.m4,
+ libextra/build-aux/config.rpath: Update gnulib files.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * COPYING.LIB, Makefile.am, configure.in, lib/AUTHORS, lib/COPYING,
+ lib/ChangeLog, lib/Makefile.am, lib/NEWS, lib/README,
+ lib/configure.ac, lib/po/.gitignore, lib/po/LINGUAS,
+ lib/po/Makevars, lib/po/POTFILES.in, lib/po/de.po.in,
+ lib/po/fr.po.in, lib/po/ms.po.in, lib/po/nl.po.in, lib/po/pl.po.in,
+ lib/po/sv.po.in, lib/po/vi.po.in, libextra/AUTHORS,
+ libextra/COPYING, libextra/ChangeLog, libextra/Makefile.am,
+ libextra/NEWS, libextra/README, libextra/configure.ac,
+ libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
+ libextra/gl/m4/gnulib-comp.m4, libextra/gl/m4/lib-ld.m4,
+ libextra/gl/m4/lib-link.m4, libextra/gl/m4/lib-prefix.m4,
+ po/.gitignore, po/LINGUAS, po/Makevars, po/POTFILES.in,
+ po/de.po.in, po/fr.po.in, po/ms.po.in, po/nl.po.in, po/pl.po.in,
+ po/sv.po.in, po/vi.po.in: More splitting updates.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
+ libextra/gl/m4/gnulib-comp.m4: Update gnulib files.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/alloca.in.h, gl/asnprintf.c, gl/errno.in.h, gl/float+.h,
+ gl/float.in.h, gl/fseeko.c, gl/gettext.h, gl/lseek.c,
+ gl/m4/alloca.m4, gl/m4/errno_h.m4, gl/m4/float_h.m4,
+ gl/m4/fseeko.m4, gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4,
+ gl/m4/longlong.m4, gl/m4/lseek.m4, gl/m4/malloc.m4,
+ gl/m4/printf.m4, gl/m4/realloc.m4, gl/m4/size_max.m4,
+ gl/m4/snprintf.m4, gl/m4/sockpfaf.m4, gl/m4/stdbool.m4,
+ gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/stdio_h.m4,
+ gl/m4/stdlib_h.m4, gl/m4/string_h.m4, gl/m4/sys_socket_h.m4,
+ gl/m4/unistd_h.m4, gl/m4/vasnprintf.m4, gl/m4/wchar.m4,
+ gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4,
+ gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
+ gl/printf-parse.h, gl/realloc.c, gl/size_max.h, gl/snprintf.c,
+ gl/stdbool.in.h, gl/stdint.in.h, gl/stdio-impl.h, gl/stdio-write.c,
+ gl/stdio.in.h, gl/stdlib.in.h, gl/string.in.h, gl/sys_socket.in.h,
+ gl/tests/dummy.c, gl/tests/test-alloca-opt.c,
+ gl/tests/test-errno.c, gl/tests/test-fseeko.c,
+ gl/tests/test-fseeko.sh, gl/tests/test-lseek.c,
+ gl/tests/test-lseek.sh, gl/tests/test-snprintf.c,
+ gl/tests/test-stdbool.c, gl/tests/test-stdint.c,
+ gl/tests/test-stdio.c, gl/tests/test-stdlib.c,
+ gl/tests/test-string.c, gl/tests/test-sys_socket.c,
+ gl/tests/test-unistd.c, gl/tests/test-vasnprintf.c,
+ gl/tests/test-wchar.c, gl/tests/verify.h, gl/unistd.in.h,
+ gl/vasnprintf.c, gl/vasnprintf.h, gl/wchar.in.h, gl/xsize.h: Update
+ gnulib files.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/tests/Makefile.am, lib/configure.ac,
+ libextra/Makefile.am, libextra/configure.ac: More splitting.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/config.rpath, lib/gl/Makefile.am,
+ lib/gl/m4/gnulib-cache.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/stdlib_h.m4, lib/gl/m4/sys_ioctl_h.m4,
+ lib/gl/m4/sys_socket_h.m4, lib/gl/stdlib.in.h,
+ lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
+ lib/gl/tests/Makefile.am, lib/gl/unistd.in.h: Update gnulib files.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, build-aux/config.rpath, configure.in,
+ lgl/Makefile.am, lgl/alloca.in.h, lgl/asnprintf.c, lgl/asprintf.c,
+ lgl/byteswap.in.h, lgl/c-ctype.c, lgl/c-ctype.h, lgl/errno.in.h,
+ lgl/float+.h, lgl/float.in.h, lgl/fseeko.c, lgl/gettext.h,
+ lgl/lseek.c, lgl/m4/alloca.m4, lgl/m4/byteswap.m4,
+ lgl/m4/codeset.m4, lgl/m4/errno_h.m4, lgl/m4/extensions.m4,
+ lgl/m4/float_h.m4, lgl/m4/fseeko.m4, lgl/m4/func.m4,
+ lgl/m4/gettext.m4, lgl/m4/glibc2.m4, lgl/m4/glibc21.m4,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-common.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/gnulib-tool.m4, lgl/m4/iconv.m4,
+ lgl/m4/include_next.m4, lgl/m4/intdiv0.m4, lgl/m4/intl.m4,
+ lgl/m4/intldir.m4, lgl/m4/intlmacosx.m4, lgl/m4/intmax.m4,
+ lgl/m4/intmax_t.m4, lgl/m4/inttypes-pri.m4, lgl/m4/inttypes_h.m4,
+ lgl/m4/lcmessage.m4, lgl/m4/lib-ld.m4, lgl/m4/lib-link.m4,
+ lgl/m4/lib-prefix.m4, lgl/m4/lock.m4, lgl/m4/longlong.m4,
+ lgl/m4/lseek.m4, lgl/m4/malloc.m4, lgl/m4/memchr.m4,
+ lgl/m4/memcmp.m4, lgl/m4/memmem.m4, lgl/m4/memmove.m4,
+ lgl/m4/minmax.m4, lgl/m4/netdb_h.m4, lgl/m4/nls.m4, lgl/m4/po.m4,
+ lgl/m4/printf-posix.m4, lgl/m4/printf.m4, lgl/m4/progtest.m4,
+ lgl/m4/read-file.m4, lgl/m4/realloc.m4, lgl/m4/size_max.m4,
+ lgl/m4/snprintf.m4, lgl/m4/socklen.m4, lgl/m4/sockpfaf.m4,
+ lgl/m4/stdbool.m4, lgl/m4/stdint.m4, lgl/m4/stdint_h.m4,
+ lgl/m4/stdio_h.m4, lgl/m4/stdlib_h.m4, lgl/m4/strcase.m4,
+ lgl/m4/string_h.m4, lgl/m4/strings_h.m4, lgl/m4/strverscmp.m4,
+ lgl/m4/sys_ioctl_h.m4, lgl/m4/sys_socket_h.m4,
+ lgl/m4/sys_stat_h.m4, lgl/m4/threadlib.m4, lgl/m4/time_h.m4,
+ lgl/m4/time_r.m4, lgl/m4/uintmax_t.m4, lgl/m4/unistd_h.m4,
+ lgl/m4/vasnprintf.m4, lgl/m4/vasprintf.m4, lgl/m4/visibility.m4,
+ lgl/m4/wchar.m4, lgl/m4/wchar_t.m4, lgl/m4/wint_t.m4,
+ lgl/m4/xsize.m4, lgl/memchr.c, lgl/memcmp.c, lgl/memmem.c,
+ lgl/memmove.c, lgl/minmax.h, lgl/netdb.in.h,
+ lgl/override/lib/gc-libgcrypt.c.diff, lgl/printf-args.c,
+ lgl/printf-args.h, lgl/printf-parse.c, lgl/printf-parse.h,
+ lgl/read-file.c, lgl/read-file.h, lgl/realloc.c, lgl/size_max.h,
+ lgl/snprintf.c, lgl/stdbool.in.h, lgl/stdint.in.h,
+ lgl/stdio-impl.h, lgl/stdio-write.c, lgl/stdio.in.h,
+ lgl/stdlib.in.h, lgl/str-two-way.h, lgl/strcasecmp.c,
+ lgl/string.in.h, lgl/strings.in.h, lgl/strncasecmp.c,
+ lgl/strverscmp.c, lgl/sys_socket.in.h, lgl/sys_stat.in.h,
+ lgl/tests/Makefile.am, lgl/tests/dummy.c, lgl/tests/intprops.h,
+ lgl/tests/test-alloca-opt.c, lgl/tests/test-byteswap.c,
+ lgl/tests/test-c-ctype.c, lgl/tests/test-errno.c,
+ lgl/tests/test-fseeko.c, lgl/tests/test-fseeko.sh,
+ lgl/tests/test-func.c, lgl/tests/test-lseek.c,
+ lgl/tests/test-lseek.sh, lgl/tests/test-memchr.c,
+ lgl/tests/test-memcmp.c, lgl/tests/test-netdb.c,
+ lgl/tests/test-read-file.c, lgl/tests/test-snprintf.c,
+ lgl/tests/test-stdbool.c, lgl/tests/test-stdint.c,
+ lgl/tests/test-stdio.c, lgl/tests/test-stdlib.c,
+ lgl/tests/test-string.c, lgl/tests/test-strings.c,
+ lgl/tests/test-strverscmp.c, lgl/tests/test-sys_socket.c,
+ lgl/tests/test-sys_stat.c, lgl/tests/test-time.c,
+ lgl/tests/test-unistd.c, lgl/tests/test-vasnprintf.c,
+ lgl/tests/test-vasprintf.c, lgl/tests/test-wchar.c,
+ lgl/tests/verify.h, lgl/time.in.h, lgl/time_r.c, lgl/unistd.in.h,
+ lgl/vasnprintf.c, lgl/vasnprintf.h, lgl/vasprintf.c,
+ lgl/wchar.in.h, lgl/xsize.h, lib/Makefile.am, lib/configure.ac,
+ lib/gl/Makefile.am, lib/gl/alloca.in.h, lib/gl/asnprintf.c,
+ lib/gl/asprintf.c, lib/gl/byteswap.in.h, lib/gl/c-ctype.c,
+ lib/gl/c-ctype.h, lib/gl/errno.in.h, lib/gl/float+.h,
+ lib/gl/float.in.h, lib/gl/fseeko.c, lib/gl/gettext.h,
+ lib/gl/lseek.c, lib/gl/m4/alloca.m4, lib/gl/m4/byteswap.m4,
+ lib/gl/m4/codeset.m4, lib/gl/m4/errno_h.m4,
+ lib/gl/m4/extensions.m4, lib/gl/m4/float_h.m4, lib/gl/m4/fseeko.m4,
+ lib/gl/m4/func.m4, lib/gl/m4/gettext.m4, lib/gl/m4/glibc2.m4,
+ lib/gl/m4/glibc21.m4, lib/gl/m4/gnulib-cache.m4,
+ lib/gl/m4/gnulib-common.m4, lib/gl/m4/gnulib-comp.m4,
+ lib/gl/m4/gnulib-tool.m4, lib/gl/m4/iconv.m4,
+ lib/gl/m4/include_next.m4, lib/gl/m4/intdiv0.m4, lib/gl/m4/intl.m4,
+ lib/gl/m4/intldir.m4, lib/gl/m4/intlmacosx.m4, lib/gl/m4/intmax.m4,
+ lib/gl/m4/intmax_t.m4, lib/gl/m4/inttypes-pri.m4,
+ lib/gl/m4/inttypes_h.m4, lib/gl/m4/lcmessage.m4,
+ lib/gl/m4/lib-ld.m4, lib/gl/m4/lib-link.m4,
+ lib/gl/m4/lib-prefix.m4, lib/gl/m4/lock.m4, lib/gl/m4/longlong.m4,
+ lib/gl/m4/lseek.m4, lib/gl/m4/malloc.m4, lib/gl/m4/memchr.m4,
+ lib/gl/m4/memcmp.m4, lib/gl/m4/memmem.m4, lib/gl/m4/memmove.m4,
+ lib/gl/m4/minmax.m4, lib/gl/m4/netdb_h.m4, lib/gl/m4/nls.m4,
+ lib/gl/m4/po.m4, lib/gl/m4/printf-posix.m4, lib/gl/m4/printf.m4,
+ lib/gl/m4/progtest.m4, lib/gl/m4/read-file.m4,
+ lib/gl/m4/realloc.m4, lib/gl/m4/size_max.m4, lib/gl/m4/snprintf.m4,
+ lib/gl/m4/socklen.m4, lib/gl/m4/sockpfaf.m4, lib/gl/m4/stdbool.m4,
+ lib/gl/m4/stdint.m4, lib/gl/m4/stdint_h.m4, lib/gl/m4/stdio_h.m4,
+ lib/gl/m4/stdlib_h.m4, lib/gl/m4/strcase.m4, lib/gl/m4/string_h.m4,
+ lib/gl/m4/strings_h.m4, lib/gl/m4/strverscmp.m4,
+ lib/gl/m4/sys_ioctl_h.m4, lib/gl/m4/sys_socket_h.m4,
+ lib/gl/m4/sys_stat_h.m4, lib/gl/m4/threadlib.m4,
+ lib/gl/m4/time_h.m4, lib/gl/m4/time_r.m4, lib/gl/m4/uintmax_t.m4,
+ lib/gl/m4/unistd_h.m4, lib/gl/m4/vasnprintf.m4,
+ lib/gl/m4/vasprintf.m4, lib/gl/m4/visibility.m4,
+ lib/gl/m4/wchar.m4, lib/gl/m4/wchar_t.m4, lib/gl/m4/wint_t.m4,
+ lib/gl/m4/xsize.m4, lib/gl/memchr.c, lib/gl/memcmp.c,
+ lib/gl/memmem.c, lib/gl/memmove.c, lib/gl/minmax.h,
+ lib/gl/netdb.in.h, lib/gl/override/lib/gc-libgcrypt.c.diff,
+ lib/gl/printf-args.c, lib/gl/printf-args.h, lib/gl/printf-parse.c,
+ lib/gl/printf-parse.h, lib/gl/read-file.c, lib/gl/read-file.h,
+ lib/gl/realloc.c, lib/gl/size_max.h, lib/gl/snprintf.c,
+ lib/gl/stdbool.in.h, lib/gl/stdint.in.h, lib/gl/stdio-impl.h,
+ lib/gl/stdio-write.c, lib/gl/stdio.in.h, lib/gl/stdlib.in.h,
+ lib/gl/str-two-way.h, lib/gl/strcasecmp.c, lib/gl/string.in.h,
+ lib/gl/strings.in.h, lib/gl/strncasecmp.c, lib/gl/strverscmp.c,
+ lib/gl/sys_socket.in.h, lib/gl/sys_stat.in.h,
+ lib/gl/tests/Makefile.am, lib/gl/tests/dummy.c,
+ lib/gl/tests/intprops.h, lib/gl/tests/test-alloca-opt.c,
+ lib/gl/tests/test-byteswap.c, lib/gl/tests/test-c-ctype.c,
+ lib/gl/tests/test-errno.c, lib/gl/tests/test-fseeko.c,
+ lib/gl/tests/test-fseeko.sh, lib/gl/tests/test-func.c,
+ lib/gl/tests/test-lseek.c, lib/gl/tests/test-lseek.sh,
+ lib/gl/tests/test-memchr.c, lib/gl/tests/test-memcmp.c,
+ lib/gl/tests/test-netdb.c, lib/gl/tests/test-read-file.c,
+ lib/gl/tests/test-snprintf.c, lib/gl/tests/test-stdbool.c,
+ lib/gl/tests/test-stdint.c, lib/gl/tests/test-stdio.c,
+ lib/gl/tests/test-stdlib.c, lib/gl/tests/test-string.c,
+ lib/gl/tests/test-strings.c, lib/gl/tests/test-strverscmp.c,
+ lib/gl/tests/test-sys_socket.c, lib/gl/tests/test-sys_stat.c,
+ lib/gl/tests/test-time.c, lib/gl/tests/test-unistd.c,
+ lib/gl/tests/test-vasnprintf.c, lib/gl/tests/test-vasprintf.c,
+ lib/gl/tests/test-wchar.c, lib/gl/tests/verify.h, lib/gl/time.in.h,
+ lib/gl/time_r.c, lib/gl/unistd.in.h, lib/gl/vasnprintf.c,
+ lib/gl/vasnprintf.h, lib/gl/vasprintf.c, lib/gl/wchar.in.h,
+ lib/gl/xsize.h, libextra/configure.ac: Start configure split.
+
+2008-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, doc/gnutls.texi, lib/Makefile.am,
+ lib/libgnutls-config.in, lib/libgnutls.m4, libextra/.gitignore,
+ libextra/Makefile.am, libextra/libgnutls-extra-config.in,
+ libextra/libgnutls-extra.m4: Remove *-config scripts and old M4
+ checks.
+
+2008-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, maint.mk: Update gnulib files.
+
+2008-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix coverage rules.
+
+2008-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Need to build before running checks.
+
+2008-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Add code coverage rules.
+
+2008-10-23 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 3eab289192e97f0bada61ca2c4d51214a4e4f7df Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Wed Oct 22 22:06:21
+ 2008 +0300
+
+2008-10-22 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 8973cd66b52fda65b4c9ffadab3b9db59a464fb0 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Wed Oct 22 18:42:41 2008
+ +0200
+
+2008-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/netdb_h.m4, gl/netdb.in.h, lgl/m4/netdb_h.m4,
+ lgl/netdb.in.h, lgl/sys_socket.in.h: Update gnulib files.
+
+2008-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Sync gdoc with libidn for license fixes.
+
+2008-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Use netdb.h instead of getaddrinfo.h.
+
+2008-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/arpa_inet.in.h, gl/gai_strerror.c, gl/getaddrinfo.c,
+ gl/getaddrinfo.h, gl/gnulib.mk, gl/m4/getaddrinfo.m4,
+ gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/netdb_h.m4,
+ gl/netdb.in.h, gl/netinet_in.in.h, gl/stdarg.in.h,
+ gl/tests/gnulib.mk, gl/tests/test-getaddrinfo.c,
+ gl/tests/test-netdb.c, lgl/Makefile.am, lgl/errno.in.h,
+ lgl/float.in.h, lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/netdb_h.m4, lgl/m4/stdlib_h.m4, lgl/m4/sys_socket_h.m4,
+ lgl/m4/sys_stat_h.m4, lgl/m4/unistd_h.m4, lgl/netdb.in.h,
+ lgl/stdint.in.h, lgl/stdio.in.h, lgl/stdlib.in.h, lgl/string.in.h,
+ lgl/strings.in.h, lgl/sys_socket.in.h, lgl/sys_stat.in.h,
+ lgl/time.in.h, lgl/unistd.in.h, lgl/wchar.in.h, lgl/winsock.c,
+ libextra/gl/m4/gnulib-common.m4: Update gnulib files.
+
+2008-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-10-16 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit a1c1da1939efe571f427a6323a8bb5311d933061 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Thu Oct 16 12:21:32 2008
+ +0200
+
+2008-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.7.0.
+
+2008-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Drop netdb.h check.
+
+2008-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/netdb_h.m4, lgl/netdb.in.h, lgl/tests/Makefile.am,
+ lgl/tests/test-netdb.c, src/common.h: Add netdb gnulib module. Use
+ it.
+
+2008-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am: Upgrade.
+
+2008-10-16 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, gl/getaddrinfo.c, gl/m4/getaddrinfo.m4,
+ lgl/Makefile.am, lgl/m4/gnulib-comp.m4, lgl/m4/stdio_h.m4,
+ lgl/m4/sys_ioctl_h.m4, lgl/m4/sys_socket_h.m4, lgl/m4/unistd_h.m4,
+ lgl/stdio-write.c, lgl/stdio.in.h, lgl/sys_socket.in.h,
+ lgl/unistd.in.h, lgl/winsock.c: Update gnulib files.
+
+2008-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Need to build libutils.la before recursing into
+ e.g. pkcs12-decode.
+
+2008-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutlsxx.cpp: Minimize ABI changes.
+
+2008-10-13 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-10-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Improve GNUTLS_E_AGAIN explanation.
+ Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]"
+ <lavr@ncbi.nlm.nih.gov>.
+
+2008-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2008-10-11 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * .gitignore: added to reduce untracked files.
+
+2008-10-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-10-11 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS, libextra/fipsmd5.c: Add static qualifiers on internal
+ symbols. Tiny patch from Aaron Ucko <ucko@ncbi.nlm.nih.gov>.
+
+2008-10-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Sync with upstream.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.h, lib/opencdk/armor.c, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/new-packet.c,
+ lib/opencdk/seskey.c, lib/opencdk/verify.c, lib/x509/x509_int.h,
+ src/cfg/platon/str/strplus.c: Fix syntax-check warnings.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/opencdk.h: Indent.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/debug.c, lib/opencdk/seskey.c, lib/opencdk/sig-check.c: Drop
+ gcrypt.h includes.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention libgcrypt dependency.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, lib/opencdk/Makefile.am,
+ lib/openpgp/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am:
+ More libgcrypt fixes.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, src/Makefile.am, tests/Makefile.am:
+ More libgcrypt fixes.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls_global.c, m4/libgcrypt.m4: Modernize
+ libgcrypt detection.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml, includes/gnutls/x509.h,
+ lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/output.c, lib/x509/x509_write.c: Doc fixes.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Sync with real list.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_int.h: Need libtasn1.h here.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_rsa.c, lib/auth_rsa_export.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_mpi.h, lib/gnutls_sig.c,
+ lib/gnutls_x509.c, lib/mpi-libgcrypt.c, lib/rnd-libgcrypt.c: Reduce
+ libtasn1.h includes.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Drop obsolete libtasn1 flags.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, libextra/Makefile.am, src/Makefile.am: Update
+ libtasn1 linker flags.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, configure.in, gl/arpa_inet.in.h, gl/c-ctype.h,
+ gl/gnulib.mk, gl/m4/arpa_inet_h.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
+ gl/strerror.c, lgl/Makefile.am, lgl/c-ctype.h, lgl/errno.in.h,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, lgl/m4/memcmp.m4,
+ lgl/m4/stdio_h.m4, lgl/m4/string_h.m4, lgl/m4/sys_socket_h.m4,
+ lgl/m4/unistd_h.m4, lgl/m4/wchar.m4, lgl/stdio.in.h,
+ lgl/string.in.h, lgl/sys_socket.in.h, lgl/unistd.in.h,
+ libextra/gl/Makefile.am, libextra/gl/m4/gnulib-cache.m4,
+ libextra/gl/md5.c: Update gnulib files.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove obsolete stuff.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_mpi.c,
+ lib/gnutls_pk.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
+ lib/opencdk/kbnode.c, lib/opencdk/keydb.c, lib/opencdk/pubkey.c,
+ lib/opencdk/stream.c, lib/openpgp/privkey.c, lib/x509/common.c,
+ lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509_write.c,
+ libextra/fipsmd5.c, libextra/gl/md5.c, src/certtool-cfg.c,
+ src/certtool.c, src/cli.c, src/serv.c: Indent.
+
+2008-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, lib/gnutls_global.c, m4/libtasn1.m4: Detect
+ libtasn1 via AC_LIB_HAVE_LINKFLAGS.
+
+2008-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-10-07 Ludovic Courtès <ludo@gnu.org>
+
+ * tests/Makefile.am: More test compilation fixes with minitasn1. * tests/Makefile.am (AM_CPPFLAGS)[ENABLE_MINITASN1]: Add minitasn1 directory. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2008-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-10-07 Ludovic Courtès <ludo@gnu.org>
+
+ * tests/pkcs12-decode/Makefile.am: Fix compilation of
+ `pkcs12-decode' test when using minitasn1. * tests/pkcs12-decode/Makefile.am (AM_CPPFLAGS)[ENABLE_MINITASN1]:
+ Add `minitasn1' include directory. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2008-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Get issuer dn in X509_get_issuer_name,
+ correct last patch.
+
+2008-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add 2.6.0 entries.
+
+2008-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Fix out-of-bounds access. Similar to
+ debian #499945 lynx-cur problem. libextra/gnutls_openssl.c: fix
+ X509_get_issuer_name to return issuer name of given certificate and
+ not try to get the subject dn of the issuer certificate wich may or
+ may not exist. (Checked how openssl does this, too.) This fixes a
+ accessing an array outside its bounds. Debian bug #499945 is
+ instructive about the problem. While lynx-cur credits Thomas Dickey
+ for the bug, the code and implications are essentially the same for
+ the gnutls openssl-compat libary. Tiny patch from Thomas Viehmann
+ <tv@beamnet.de>.
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-common.h,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: reduced warnings in compilation of certtool.
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/output.c: use union to avoid wrong type issues.
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/output.c: corrected print order.
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, doc/certtool.cfg, includes/gnutls/x509.h,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/x509/common.c,
+ lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/x509.c,
+ lib/x509/x509_int.h, lib/x509/x509_write.c, src/certtool-cfg.c,
+ src/certtool-cfg.h, src/certtool.c: Added function to copy
+ extensions from a CRL to a certificate. Reduced many warnings (and
+ added more by defining gnutls_log as printf like function --gcc
+ only)
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * configure.in: Disable certain warnings that do not work with my
+ compiler.
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/crq.c,
+ lib/x509/extensions.c, lib/x509/output.c, src/certtool.c: Added
+ gnutls_x509_crq_set_key_purpose_oid and
+ gnutls_x509_crq_get_key_purpose_oid.
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: documentation added functions
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: updated
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/crq.c, lib/x509/extensions.c, lib/x509/x509_int.h: set
+ global maximum size for certificate requests' extensions size.
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/Makefile.am: added missing file
+
+2008-10-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/output.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, src/certtool-cfg.c,
+ src/certtool-cfg.h, src/certtool-common.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added initial
+ support for certificate requests handling of X.509 extensions.
+ Added support to certtool to handle these extensions (add/read)
+
+2008-10-03 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, doc/certtool.cfg, includes/gnutls/x509.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/extensions.c, lib/x509/output.c,
+ lib/x509/x509_int.h, src/certtool-cfg.c, src/certtool-cfg.h,
+ src/certtool.c: Added functions to handle and set CRL extensions.
+
+2008-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * po/nl.po.in, po/vi.po.in: Sync with TP.
+
+2008-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-09-29 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit c357933a30801a82e484bed8fbc4bd5b2b34d5e0 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Sep 29 15:08:02
+ 2008 +0300
+
+2008-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.9.
+
+2008-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Document ABI change.
+
+2008-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_constate.c: Re-add comment about too long function, it
+ is one of the most complex in gnutls.
+
+2008-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Need AC_CONFIG_MACRO_DIR for modern libtool.
+
+2008-09-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * includes/gnutls/crypto.h, lib/gnutls_pk.c, lib/opencdk/pubkey.c,
+ lib/pk-libgcrypt.c, lib/x509/privkey.c, lib/x509/x509_int.h: changed
+ crypto API to reduce probability of memory leaks during usage of
+ pk_params.
+
+2008-09-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 699aa57dacc6446e92c123e93bba1f894067893e Author: Nikos
+ Mavrogiannopoulos <nmav@turtle.(none)> Date: Sun Sep 28 03:34:59
+ 2008 +0300
+
+2008-09-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: Revert "fixed" This reverts commit 14647811d21d3eda2d5bd82557329bcf7778f31b.
+
+2008-09-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: fixed
+
+2008-09-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_constate.c, lib/gnutls_int.h:
+ avoid using malloc for small buffers.
+
+2008-09-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_mpi.c: optimized in order to avoid calling malloc for
+ small buffers.
+
+2008-09-27 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_constate.c, lib/gnutls_mpi.c: Revert "Revert C99 uses.
+ Fixes gnutls_mpi.c mem leak, but not others." This reverts commit bdfa289133b15ad7d92eb3151ce86cca4c879426.
+
+2008-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pathlen/Makefile.am, tests/pathlen/pathlen: Use EXEEXT in
+ self-test scripts.
+
+2008-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/key-id/Makefile.am, tests/key-id/key-id,
+ tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/rsa-md5-collision, tests/sha2/Makefile.am,
+ tests/sha2/sha2, tests/userid/Makefile.am, tests/userid/userid: Use
+ EXEEXT in self-test scripts.
+
+2008-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/vasnprintf.c: Update gnulib files.
+
+2008-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2008-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_constate.c, lib/gnutls_mpi.c: Revert C99 uses. Fixes
+ gnutls_mpi.c mem leak, but not others.
+
+2008-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-09-23 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/x509.c: Corrected buffer overrun in crt_list_import.
+ Reported and patch by Jonathan Manktelow.
+
+2008-09-23 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * README: corrected libgcrypt site.
+
+2008-09-23 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/privkey.c: corrected embarrasing bug.
+
+2008-09-23 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_mpi.c,
+ lib/pk-libgcrypt.c, lib/x509/common.c, lib/x509/dn.c: Corrected
+ several memory leaks reported by Sam. In some cases switched to C99
+ to avoid having complex code.
+
+2008-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/extras.c: Doc fix.
+
+2008-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl_write.c, lib/x509/x509_write.c: Doc fix.
+
+2008-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, doc/reference/Makefile.am: Use automake warnings.
+
+2008-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Typo.
+
+2008-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix mingw32 rules.
+
+2008-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, doc/Makefile.am, doc/texinfo.css: Use a stylesheet for
+ texinfo HTML manual.
+
+2008-09-21 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * lib/x509/privkey.c: fixed memory leak in reencoding of RSA and DSA
+ private keys. Reported and studied by Sam Varshavchik
+
+2008-09-21 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * lib/x509/x509_write.c: documented the way set_subject_alt_name()
+ can set value.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.8.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * po/fr.po.in, po/pl.po.in, po/sv.po.in: Sync with TP.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Use srcdir for -Igl/.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Don't use CFLAGS with distcheck, causes errors in
+ ./configure tests.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix warnings.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am, src/certtool.c, src/serv.c: Use internal md5 if
+ libgcrypt is in FIPS mode.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Initialize libgnutls-extra too.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h: Add prototype for
+ gnutls_register_md5_handler.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/fipsmd5.c: Add Since: tag.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: Doc fixes.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Need -I for aclocal.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/wchar.m4, lgl/tests/test-wchar.c,
+ lgl/wchar.in.h: Add.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, libextra/Makefile.am, src/Makefile.am, src/cli.c:
+ Fix libextra build. Make gnutls-cli work in libgcrypt FIPS mode.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Fix typo.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix markup.
+
+2008-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Add -I for hmac.h, md5.h.
+
+2008-09-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/certtool.c: deinitialize structures after use.
+
+2008-09-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_pk.c: Corrected memory leak. Reported by Sam
+ Varshavchik.
+
+2008-09-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * includes/gnutls/x509.h: added missing headers.
+
+2008-09-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_pk.c, lib/x509/privkey.c: Corrected several bugs in DSA
+ DER key importing. Reported and debugged by Sam Varshavchik.
+
+2008-09-20 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/armor.c, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
+ lib/opencdk/keydb.c, lib/opencdk/stream.c: added gnutls_assert() to
+ assist debugging.
+
+2008-09-20 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/openpgp/privkey.c: properly report the error line.
+
+2008-09-20 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, doc/gnutls.texi, lib/x509/extensions.c, lib/x509/output.c,
+ lib/x509/x509_int.h, lib/x509/x509_write.c, src/certtool-cfg.c,
+ src/certtool-cfg.h, src/certtool.c: output.c: Can properly print IP
+ addresses in certificates. x509_write.c: added
+ gnutls_x509_crt_set_subject_alt_name added that can add multiple
+ subject alternative names. certtool: use the new function to be
+ able to add several names.
+
+2008-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2008-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, libextra/Makefile.am, libextra/fipsmd5.c: Add
+ gnutls_register_md5_handler.
+
+2008-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/strdup.m4, gl/strdup.c,
+ lgl/vasnprintf.c: Update gnulib files.
+
+2008-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, libextra/gl/Makefile.am, libextra/gl/hmac-md5.c,
+ libextra/gl/hmac.h, libextra/gl/m4/gnulib-cache.m4,
+ libextra/gl/m4/gnulib-common.m4, libextra/gl/m4/gnulib-comp.m4,
+ libextra/gl/m4/gnulib-tool.m4, libextra/gl/m4/hmac-md5.m4,
+ libextra/gl/m4/md5.m4, libextra/gl/m4/memxor.m4, libextra/gl/md5.c,
+ libextra/gl/md5.h, libextra/gl/memxor.c, libextra/gl/memxor.h: Add
+ md5 and hmac from gnulib to libextra/gl/.
+
+2008-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_hash_int.c: Make _gnutls_hash_copy work with registered
+ hashes.
+
+2008-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS, lib/gnutls_compress.c, lib/gnutls_compress.h,
+ libextra/gnutls_extra.c: Make LZO compression support build. Tiny
+ patch from Arfrever Frehtes Taifersar Arahesis
+ <arfrever.fta@gmail.com>.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/Makefile.am, lib/defines.h,
+ lib/gnutls_errors.h, lib/gnutls_int.h: Merge defines.h into
+ gnutls_int.h.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffer.h: Remove, unused.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c, lib/gnutls_x509.c: Fix overflows in gnutls_calloc
+ calls.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openssl_compat.c: Fix last commit.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/auth_cert.c, lib/gnutls_cert.c,
+ lib/gnutls_session_pack.c, libextra/openssl_compat.c: Fix overflows
+ in gnutls_calloc calls.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls_mem.c: libgnutls: Check for overflows in
+ gnutls_calloc and gnutls_secure_calloc. Reported by Werner Koch
+ <wk@gnupg.org>.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, lib/auth_srp.c, lib/gnutls_int.h, lib/gnutls_srp.c:
+ libgnutls: New function to set minimum acceptable SRP bits. The
+ function is gnutls_srp_set_prime_bits. Tiny patch by Kevin Quick
+ <quick@sparq.org> in
+ <https://savannah.gnu.org/support/index.php?106454>.
+
+2008-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/gnutls-cli.1: Fix markup, tiny patch from Sam
+ Varshavchik <mrsam@courier-mta.com>.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/auth_cert.c, lib/auth_rsa.c, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/ext_oprfi.c, lib/ext_server_name.c,
+ lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_constate.c, lib/gnutls_extensions.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
+ lib/gnutls_pk.c, lib/gnutls_record.c, lib/gnutls_session_pack.c,
+ lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_x509.c, lib/mac-libgcrypt.c, lib/minitasn1/structure.c,
+ lib/opencdk/armor.c, lib/opencdk/read-packet.c, lib/openpgp/pgp.c,
+ lib/x509/common.c, lib/x509/crq.c, lib/x509/pkcs12.c,
+ lib/x509/privkey.c, libextra/gnutls_ia.c, src/printlist.c,
+ src/serv.c, tests/finished.c, tests/openssl.c, tests/pgps2kgnu.c,
+ tests/pkcs12-decode/pkcs12_s2k.c, tests/simple.c: Indent.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.7.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Fix warning about trailing comma.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix math markup.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * src/printlist.c: Fix.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/gnutls.texi, src/printlist.c: Fix.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml: Document crypto.h stuff.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml: Add list of new symbols in 2.6.x.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/crypto.h: Indent.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Don't use extern on functions, for
+ consistency.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention new functions.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am, includes/gnutls/gnutls.h.in,
+ lib/gnutls_algorithms.c, src/printlist.c: Add interfaces to get PK
+ and PK-sign algorithms. Use them.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Credit.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Don't run pgps2kgnu self test when openpgp is
+ disable.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Merge in 2.4.2 news entries.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/main.c, lib/opencdk/opencdk.h: Remove cdk_strerror,
+ unused and uses non-thread safe strerror.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgpself.c, tests/x509dn.c, tests/x509self.c: Fix
+ warnings.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/crypto_rng.c: Fix warnings.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/parse_ca.c: Fix warning.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Split release target.
+
+2008-09-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/eoverflow.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/strerror.m4, gl/strerror.c,
+ gl/tests/gnulib.mk, gl/tests/test-EOVERFLOW.c,
+ gl/tests/test-strerror.c, lgl/Makefile.am, lgl/errno.in.h,
+ lgl/m4/eoverflow.m4, lgl/m4/errno_h.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/stdio_h.m4, lgl/stdio.in.h, lgl/sys_socket.in.h,
+ lgl/tests/Makefile.am, lgl/tests/test-EOVERFLOW.c,
+ lgl/tests/test-errno.c, lgl/tests/test-memchr.c: Update gnulib
+ files.
+
+2008-09-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/setcredcrash.c: Self-test regression of
+ gnutls_credentials_set.
+
+2008-09-15 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_auth.c: removed unnesessary and dangerous free from
+ credentials_set().
+
+2008-09-14 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/auth_cert.c: added some pedantic error checking.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-gaa.c, src/cli-gaa.c, src/crypt-gaa.c,
+ src/psk-gaa.c, src/serv-gaa.c, src/tls_test-gaa.c: Regenerate using
+ patched gaa.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Test release with -Werror to avoid regressions.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openssl_compat.c: Remove unused code.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/mac-libgcrypt.c: Fix warning.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/new-packet.c: Fix warning.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/opencdk.h: (CDK_KEY_USG_ENCR, CDK_KEY_USG_SIGN): Protect | op.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/cipher-libgcrypt.c: Fix warnings.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/mac-libgcrypt.c: Fix warnings.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/mpi-libgcrypt.c: Fix warnings.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add initialization section. Update thread
+ initialization discussion.
+
+2008-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openssl.c: Need to initialize gnutls to avoid crash.
+
+2008-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Drop redundant.
+
+2008-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove foo.def after testing --output-def.
+
+2008-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.6.
+
+2008-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/config.rpath, gl/m4/include_next.m4,
+ lgl/m4/include_next.m4: Update gnulib files.
+
+2008-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-psk.c, doc/examples/ex-client-resume.c,
+ doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-crq.c, doc/examples/ex-cxx.cpp,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-psk.c,
+ doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
+ doc/examples/ex-session-info.c, doc/examples/ex-verify.c,
+ doc/examples/ex-x509-info.c, doc/examples/tcp.c, lib/defines.h,
+ lib/gnutls_asn1_tab.c, lib/openpgp/openpgp_int.h,
+ lib/pkix_asn1_tab.c, src/errcodes.c, tests/anonself.c,
+ tests/certificate_set_x509_crl.c, tests/dhepskself.c,
+ tests/finished.c, tests/hostname-check/hostname-check.c,
+ tests/mini.c, tests/moredn.c, tests/netconf-psk.c,
+ tests/openpgpself.c, tests/oprfi.c, tests/pgps2kgnu.c,
+ tests/pskself.c, tests/resume.c, tests/tlsia.c, tests/x509dn.c,
+ tests/x509self.c, tests/x509signself.c: Use #ifdef for checking
+ HAVE_CONFIG_H for consistency.
+
+2008-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * po/POTFILES.in: Mark gnutls_alert for translation.
+
+2008-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * po/ms.po.in: Sync with TP.
+
+2008-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/vasnprintf.c: Update gnulib files.
+
+2008-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cipher_int.c: Don't return from a void function.
+ Reported by Dave Uhring <duhring@charter.net>.
+
+2008-09-01 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ * tests/Makefile.am, tests/pgps2kgnu.c: added pgps2kgnu test for GNU
+ extensions to OpenPGP String-to-Key (S2K) conventions.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/tls_test.c: Use gnulib for --version.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/crypt.c: Use gnulib more. Remove code.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/crypt.c, src/psk.c: Use gnulib for --version.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/serv-gaa.c, src/serv-gaa.h:
+ Generated.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi, doc/manpages/certtool.1,
+ doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1: Drop
+ --copyright from documentation.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/cli.gaa, src/common.c, src/serv.c, src/serv.gaa: Drop
+ --copyright.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Use gnulib for --version.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Use gnulib for --version.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Only print libgnutls version in --version if it is
+ different.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/Makefile.am, lib/gnutls_int.h,
+ lib/gnutls_str.h: Remove gnutls_buffer.h, move definitions to
+ gnutls_str.h.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_alert.c: Translate error messages. Cleanup code.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_compress.c, lib/gnutls_compress.h: Remove unused stuff.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/simple.c: Test sign algos.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Print pk and sign algos.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Typo.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
+ gnutls_sign_list and gnutls_sign_get_id. Suggested by Sam
+ Varshavchik <mrsam@courier-mta.com>.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.h, lib/gnutls_compress.h: Move declarations.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/Makefile.am,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
+ lib/gnutls_int.h: Merge gnutls_compress_int.? with
+ gnutls_compress.?.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/Makefile.am, lib/auth_anon.c,
+ lib/auth_cert.c, lib/auth_dh_common.c, lib/auth_dhe.c,
+ lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk_passwd.c,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/auth_srp_rsa.c, lib/ext_server_name.c,
+ lib/ext_srp.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_cert.c,
+ lib/gnutls_handshake.c, lib/gnutls_record.c,
+ lib/gnutls_session_pack.c, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ libextra/ext_inner_application.c: Move definitions in
+ gnutls_auth_int.h to gnutls_auth.h and update callers.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_compress.c: Move compression functions to
+ gnutls_compress.c to make gnutls_algorithms.c more readable.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Fix warning.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Doc fix.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/simple.c: Add more tests.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Fix typo.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
+ gnutls_pk_list and gnutls_pk_get_id. Suggested by Sam Varshavchik
+ <mrsam@courier-mta.com>.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * gl/arpa_inet.in.h, gl/gnulib.mk, gl/m4/include_next.m4,
+ gl/m4/lib-link.m4, gl/m4/lib-prefix.m4, gl/netinet_in.in.h,
+ gl/stdarg.in.h, lgl/Makefile.am, lgl/float.in.h,
+ lgl/m4/include_next.m4, lgl/m4/lib-link.m4, lgl/m4/lib-prefix.m4,
+ lgl/stdint.in.h, lgl/stdio.in.h, lgl/stdlib.in.h, lgl/string.in.h,
+ lgl/strings.in.h, lgl/sys_socket.in.h, lgl/sys_stat.in.h,
+ lgl/time.in.h, lgl/unistd.in.h, lgl/wchar.in.h: Update gnulib files.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am, lib/openpgp/Makefile.am: Fixes.
+
+2008-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix license and libgnutls-extra stuff.
+
+2008-08-31 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 765c079be0195f0f7fbefccf8b6a8910015042a6 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Sun Aug 31 13:33:52
+ 2008 +0300
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/gnutls_openpgp.c, lib/openpgp/Makefile.am,
+ lib/openpgp/gnutls_openpgp.c: Move gnutls_openpgp.c to lib/openpgp/.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Add Since: tag for gtk-doc.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Fix release target.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.5.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * .clcopying: Update copyright years.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, cfg.mk: Split up release targets.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/minitasn1/element.c, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/structure.c: Use libtasn1 1.5.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c: Include stdarg.h for va_start etc.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_anon_cred.c: Fix dummy cred.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump libtool version because of new API.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-tlsia.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, lib/gnutls_anon_cred.c,
+ lib/gnutls_buffers.c, lib/opencdk/keydb.c,
+ libextra/openssl_compat.c, libextra/openssl_compat.h,
+ src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
+ src/crypt.c, src/prime.c, src/printlist.c, src/serv.c, src/tests.c,
+ src/tls_test.c: Fix warnings.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix description of --enable-developer-mode. Right
+ now all it does is to enable compiler warnings.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/auth_cert.c, lib/auth_srp_passwd.h,
+ lib/auth_srp_sb64.c, lib/gnutls_constate.c, lib/gnutls_global.c,
+ lib/gnutls_helper.c, lib/gnutls_int.h, lib/gnutls_srp.c,
+ lib/gnutls_supplemental.c, lib/gnutls_x509.c, lib/mac-libgcrypt.c,
+ lib/mpi-libgcrypt.c, lib/opencdk/armor.c, lib/opencdk/hash.c,
+ lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.h,
+ lib/opencdk/opencdk.h, lib/opencdk/stream.c, lib/openpgp/extras.c,
+ lib/pk-libgcrypt.c, libextra/gnutls_ia.c: Fix warnings.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Translate unknown error code message.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Don't translate symbol names.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Fix warning about defining variable inside
+ functions.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_errors.c,
+ src/errcodes.c: Add gnutls_strerror_name.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c: Re-add, but mark static.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, gl/getdelim.c, gl/m4/getdelim.m4, maint.mk: Update
+ gnulib files.
+
+2008-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/opencdk/Makefile.am, lib/x509/Makefile.am: Fix libtasn1
+ include paths.
+
+2008-08-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/read-packet.c: avoid using gcrypt function.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/auth_rsa.c, lib/debug.c, lib/gnutls_cert.c,
+ lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_v2_compat.c: Fix warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Simplify logic.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/dn.c: Remove dead code.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/Makefile.am: Don't include missing -I's.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Drop warning.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Drop removed libextra directories from -I's.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Enable all kind of warnings. If you remove some,
+ add a comment on why.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/pgp.c, lib/x509/pbkdf2-sha1.c: Fix warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Tweak warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/dn.c: Fix warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c, lib/x509/common.h: Fix warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp.c, lib/rnd-libgcrypt.c: Fix warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_num.h: Protect against double inclusion.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/crypto.h: Protect against double inclusions.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/byteswap.in.h, lgl/m4/byteswap.m4,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
+ lgl/tests/Makefile.am, lgl/tests/test-byteswap.c, lib/gnutls_num.c,
+ lib/gnutls_num.h: Use byteswap from gnulib.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp.h, lib/gnutls_global.c: Fix warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_auth_int.h: Protect against double inclusion.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.h: Protect against double inclusion.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.h, lib/gnutls_record.h, lib/gnutls_state.h: Fix
+ warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.h, lib/gnutls_pk.h, lib/gnutls_x509.h,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/verify.c: Fix
+ warnings.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add warning.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Check whether warning flags are supported before
+ using them.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am, lib/gnutls_x509.c, lib/x509/output.c:
+ Make disable-extra-pki work better.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix --disable-extra-pki flag.
+
+2008-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls_x509.c, lib/gnutls_x509.h, tests/Makefile.am,
+ tests/set_pkcs7_cred.c: Remove code to import PKCS#7 certificate
+ chains. The code hasn't worked since GnuTLS v0.9.0. Reported by
+ Christian Grothoff <christian@grothoff.org>.
+
+2008-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Cast datasize to long to match %ld printf
+ format.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/set_pkcs7_cred.c: Fix.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/set_pkcs7_cred.c: Use utils infrastructure.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/set_pkcs7_cred.c: Add set_pkcs7_cred self
+ test.
+
+2008-08-26 Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+
+ * : commit 06ee30f6e553d4739ca50ab84492179da64cfc3e Author: Daniel
+ Kahn Gillmor <dkg@fifthhorseman.net> Date: Tue Aug 26 11:00:27
+ 2008 -0400
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c, libextra/gnutls_extra.c: Fix gnulib calls.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/autobuild.m4, lgl/Makefile.am, lgl/m4/gnulib-comp.m4,
+ lgl/m4/string_h.m4, lgl/m4/strverscmp.m4, lgl/m4/threadlib.m4,
+ lgl/string.in.h, lgl/strverscmp.h, lgl/tests/Makefile.am,
+ lgl/tests/test-strverscmp.c: Update gnulib files.
+
+2008-08-25 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_pk.c, lib/pk-libgcrypt.c, lib/x509/privkey.c: corrected
+ private key generation
+
+2008-08-25 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 976565830d853f981ecd749bdb15dd02133ed93b Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Aug 25 19:50:07
+ 2008 +0300
+
+2008-08-25 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/output.c: removed code that incorrectly printed IP
+ addresses.
+
+2008-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/fr.po.in, po/nl.po.in: Sync with TP.
+
+2008-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-08-19 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/opencdk.h, lib/opencdk/read-packet.c: patch by Daniel
+ Kahn Gillmor, to enable parsing (but not decrypting) of locked
+ secret keys (including the "gnu-dummy" S2K option).
+
+2008-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-08-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.4.
+
+2008-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/autobuild.m4, lgl/m4/lock.m4: Update gnulib files.
+
+2008-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Fix secure memory initialization of
+ libgcrypt. Reported by Joe Orton <joe@manyfish.co.uk> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2992>.
+
+2008-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Reference NIST SP 800-57.
+
+2008-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc5246.txt: Add.
+
+2008-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Re-add lost entry.
+
+2008-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/crypto.c, lib/gnutls_extensions.c, lib/gnutls_state.c,
+ lib/x509/crq.c: Doc fixes.
+
+2008-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.3.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, includes/gnutls/openssl.h,
+ includes/gnutls/pkcs12.h, includes/gnutls/x509.h: Bump copyright in
+ installed header files.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Drop final comma in enum. Reported
+ in <https://savannah.gnu.org/support/?106453>.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutlsxx.cpp: Don't call SRP functions if SRP is disabled.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
+ lib/auth_rsa.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_session_pack.c,
+ lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
+ libextra/gnutls_ia.c: Fix namespace problem with TLS_MASTER_SIZE and
+ TLS_RANDOM_SIZE.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/c-ctype.c, gl/c-ctype.h, gl/gnulib.mk, gl/inet_pton.c,
+ gl/m4/gnulib-comp.m4, gl/m4/inet_pton.m4, gl/tests/gnulib.mk,
+ gl/tests/test-c-ctype.c: Update gnulib files.
+
+2008-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_state.c, tests/Makefile.am,
+ tests/finished.c: Add API to set callback to extract TLS Finished
+ messages.
+
+2008-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile: Update gnulib files.
+
+2008-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, build-aux/gnupload: Update gnulib files.
+
+2008-08-03 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * includes/gnutls/x509.h, lib/x509/crq.c: added
+ gnutls_x509_crq_set_key_rsa_raw() which will set a raw key to a
+ certificate request.
+
+2008-08-02 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 767fb210de7dcde20ac05e1f3ca78375279f5603 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Sat Aug 2 11:55:56
+ 2008 +0300
+
+2008-07-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_psk_passwd.c, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/x509/pkcs12.c,
+ lib/x509/privkey_pkcs8.c, src/crypt.c: Make it compile.
+
+2008-07-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Drop doxygen.
+
+2008-07-22 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, gl/m4/gnulib-comp.m4, lgl/m4/gnulib-comp.m4,
+ lgl/vasnprintf.c: Update gnulib files.
+
+2008-07-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2008-07-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, doc/Makefile.am, doc/doxygen/Doxyfile.in,
+ doc/doxygen/Doxyfile.orig: Add doxygen scripts.
+
+2008-07-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Cleanup struct name, for doxygen documentation.
+
+2008-07-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/random.h: Add license.
+
+2008-07-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_rsa.c, lib/auth_srp_passwd.c, lib/gnutls_pk.c,
+ lib/random.c, lib/random.h, lib/x509/privkey_pkcs8.c, src/psk.c:
+ Minor randomness API cleanups.
+
+2008-07-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/dsa.c: Remove unused code.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.2.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix @include of algorithms.texi.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix typos.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, src/Makefile.am: Generate algorithms.texi the
+ same way as error_codes.texi for consistency. Fixes 'make
+ distcheck' due to srcdir != objdir breakage.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump libtool library version because we added
+ interfaces.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/Makefile.am, lib/ext_inner_application.c,
+ lib/ext_inner_application.h, lib/gnutls_extensions.c,
+ libextra/Makefile.am, libextra/ext_inner_application.c,
+ libextra/ext_inner_application.h, libextra/gnutls_extra.c: Move
+ TLS/IA features to libgnutls-extra.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/tlsia.c: Initialize extra library.
+
+2008-07-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-07-07 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/printlist.c: added missing file.
+
+2008-07-06 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * doc/Makefile.am, doc/gnutls.texi: automatically generate the
+ appendix with supported algorithms and ciphersuites.
+
+2008-07-06 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/Makefile.am: automatically generate the appendix with
+ supported algorithms and ciphersuites.
+
+2008-07-06 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_priority.c: document a way to get the available
+ algorithms and protocols.
+
+2008-07-05 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/x509/common.c: Corrected memory leak in read_octet. Based on
+ patch by Colin Leroy (colin@colino.net)
+
+2008-07-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-07-03 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: Add APIs to register TLS
+ extension handlers.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am, lib/x509/Makefile.am: Use AM_CPPFLAGS.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/Makefile.am: lib/opencdk/Makefile.am (INCLUDES):
+ Rename to `AM_CPPFLAGS'.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, cfg.mk: Guile problem fixed.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_dh_primes.c: Fix typo that swapped prime/generator in
+ gnutls_dh_params_generate2.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.1.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-psk.c, doc/examples/ex-client-tlsia.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-psk.c, doc/examples/ex-serv1.c,
+ guile/src/core.c, guile/src/errors.c, guile/src/extra.c,
+ lib/auth_cert.c, lib/auth_dh_common.c, lib/auth_dhe.c,
+ lib/auth_psk.c, lib/auth_psk_passwd.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp_passwd.c,
+ lib/auth_srp_rsa.c, lib/cipher-libgcrypt.c, lib/crypto.c,
+ lib/debug.c, lib/ext_cert_type.c, lib/ext_max_record.c,
+ lib/ext_oprfi.c, lib/ext_server_name.c, lib/ext_srp.c,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_compress.c, lib/gnutls_constate.c, lib/gnutls_db.c,
+ lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_kx.c,
+ lib/gnutls_mpi.c, lib/gnutls_openpgp.c, lib/gnutls_pk.c,
+ lib/gnutls_priority.c, lib/gnutls_psk.c, lib/gnutls_psk_netconf.c,
+ lib/gnutls_record.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_supplemental.c,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ lib/mac-libgcrypt.c, lib/minitasn1/structure.c,
+ lib/mpi-libgcrypt.c, lib/opencdk/armor.c, lib/opencdk/dummy.c,
+ lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
+ lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/misc.c,
+ lib/opencdk/new-packet.c, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c,
+ lib/opencdk/verify.c, lib/opencdk/write-packet.c,
+ lib/openpgp/compat.c, lib/openpgp/extras.c, lib/openpgp/output.c,
+ lib/openpgp/pgp.c, lib/openpgp/pgpverify.c, lib/openpgp/privkey.c,
+ lib/pk-libgcrypt.c, lib/random.c, lib/rnd-libgcrypt.c,
+ lib/x509/common.c, lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/dsa.c, lib/x509/extensions.c, lib/x509/mpi.c,
+ lib/x509/output.c, lib/x509/pbkdf2-sha1.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
+ lib/x509/sign.c, lib/x509/x509.c, lib/x509/x509_write.c,
+ libextra/gnutls_openssl.c, src/certtool-cfg.c, src/certtool.c,
+ src/cli.c, src/common.c, src/crypt.c, src/psk.c, src/select.c,
+ src/serv.c, src/tests.c, src/tls_test.c,
+ tests/certificate_set_x509_crl.c, tests/crypto_rng.c,
+ tests/dhepskself.c, tests/dn.c, tests/gc.c,
+ tests/hostname-check/hostname-check.c, tests/mini.c,
+ tests/moredn.c, tests/mpi.c, tests/openpgp/keyring.c,
+ tests/openpgpself.c, tests/oprfi.c, tests/parse_ca.c,
+ tests/pkcs12-decode/pkcs12_s2k.c, tests/x509dn.c, tests/x509self.c,
+ tests/x509signself.c: Indent code.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.5.0.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12-decode/Makefile.am: The -I.. needs to point to
+ srcdir.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/Makefile.am: Need -I to builddir for gnutls.h.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore more.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Dist pbkdf2-sha1.h.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * po/pl.po.in, po/vi.po.in: Sync with TP.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, cfg.mk: Disable building guile for now, to be able to
+ do a release.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Sort functions.
+
+2008-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Don't use @acronym for C++, as it breaks old
+ texinfo/tetex installations. Further, C++ isn't an acronym anyway
+ as far as I know.
+
+2008-07-01 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/tests/Makefile.am, gl/tests/gnulib.mk,
+ gl/tests/test-EOVERFLOW.c, gl/tests/test-arpa_inet.c,
+ gl/tests/test-getaddrinfo.c, gl/tests/test-getdelim.c,
+ gl/tests/test-getline.c, gl/tests/test-netinet_in.c,
+ gl/tests/test-strerror.c, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/tests/Makefile.am, lgl/tests/dummy.c,
+ lgl/tests/intprops.h, lgl/tests/test-EOVERFLOW.c,
+ lgl/tests/test-alloca-opt.c, lgl/tests/test-c-ctype.c,
+ lgl/tests/test-fseeko.c, lgl/tests/test-fseeko.sh,
+ lgl/tests/test-func.c, lgl/tests/test-lseek.c,
+ lgl/tests/test-lseek.sh, lgl/tests/test-memchr.c,
+ lgl/tests/test-memcmp.c, lgl/tests/test-read-file.c,
+ lgl/tests/test-snprintf.c, lgl/tests/test-stdbool.c,
+ lgl/tests/test-stdint.c, lgl/tests/test-stdio.c,
+ lgl/tests/test-stdlib.c, lgl/tests/test-string.c,
+ lgl/tests/test-strings.c, lgl/tests/test-sys_socket.c,
+ lgl/tests/test-sys_stat.c, lgl/tests/test-time.c,
+ lgl/tests/test-unistd.c, lgl/tests/test-vasnprintf.c,
+ lgl/tests/test-vasprintf.c, lgl/tests/test-wchar.c,
+ lgl/tests/verify.h: Add gnulib self-tests.
+
+2008-07-01 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/gnulib-cache.m4: Put gnulib tests in a separate directory.
+
+2008-07-01 Simon Josefsson <simon@josefsson.org>
+
+ * m4/gc_random.m4: Remove unused code.
+
+2008-07-01 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/arcfour.c, lgl/arcfour.h, lgl/arctwo.c,
+ lgl/arctwo.h, lgl/des.c, lgl/des.h, lgl/gc-gnulib.c,
+ lgl/gc-libgcrypt.c, lgl/gc-pbkdf2-sha1.c, lgl/gc.h, lgl/hmac-md5.c,
+ lgl/hmac-sha1.c, lgl/hmac.h, lgl/m4/arcfour.m4, lgl/m4/arctwo.m4,
+ lgl/m4/des.m4, lgl/m4/gc-arcfour.m4, lgl/m4/gc-arctwo.m4,
+ lgl/m4/gc-camellia.m4, lgl/m4/gc-des.m4, lgl/m4/gc-hmac-md5.m4,
+ lgl/m4/gc-hmac-sha1.m4, lgl/m4/gc-md2.m4, lgl/m4/gc-md4.m4,
+ lgl/m4/gc-md5.m4, lgl/m4/gc-pbkdf2-sha1.m4, lgl/m4/gc-random.m4,
+ lgl/m4/gc-rijndael.m4, lgl/m4/gc-sha1.m4, lgl/m4/gc.m4,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, lgl/m4/hmac-md5.m4,
+ lgl/m4/hmac-sha1.m4, lgl/m4/md2.m4, lgl/m4/md4.m4, lgl/m4/md5.m4,
+ lgl/m4/memxor.m4, lgl/m4/rijndael.m4, lgl/m4/sha1.m4, lgl/md2.c,
+ lgl/md2.h, lgl/md4.c, lgl/md4.h, lgl/md5.c, lgl/md5.h,
+ lgl/memxor.c, lgl/memxor.h, lgl/rijndael-alg-fst.c,
+ lgl/rijndael-alg-fst.h, lgl/rijndael-api-fst.c,
+ lgl/rijndael-api-fst.h, lgl/sha1.c, lgl/sha1.h: Drop gnulib gc
+ modules.
+
+2008-07-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lgl/m4/gnulib-cache.m4: Drop gc.
+
+2008-07-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/x509/privkey_pkcs8.c: Drop gc.h.
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: (_gnutls_handshake_hash_buffers_clear): Make sure deinitialized MAC
+ hashes are initialized. Report and tiny patch from Tomas Mraz
+ <tmraz@redhat.com>.
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-06-30 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/crypt.c: this fixes a problem in srptool, where the passwords
+ never match (--verify check) on some architectures (patch by
+ Matthias Koenig <mkoenig@suse.de>)
+
+2008-06-30 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: corrected
+ openssl.
+
+2008-06-30 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: use native
+ gnutls functions.
+
+2008-06-30 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: added
+ _gnutls_hash_fast()
+
+2008-06-30 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit fded9a7d1e6d58f951fc7e8f4db80d3e23f5ea1f Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Jun 30 20:15:19
+ 2008 +0300
+
+2008-06-30 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/crypt.c, src/psk.c: avoid using gc_ functions for random data.
+
+2008-06-30 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h,
+ lib/x509/Makefile.am, lib/x509/pbkdf2-sha1.c,
+ lib/x509/pbkdf2-sha1.h, lib/x509/privkey_pkcs8.c, tests/gc.c: added
+ _gnutls_pkcs5_pbkdf2_sha1() based on gc_pkcs5_pbkdf2_sha1()
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * : Remove executable.
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk_netconf.c: Remove debug code.
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-cache.m4, gl/m4/gnulib-tool.m4,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-tool.m4: Update gnulib files.
+
+2008-06-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-29 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_state.c: added check before reallocation of parameters
+ to avoid memory leaks on rehandshake.
+
+2008-06-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: document the rewrite of opencdk crypto backend.
+
+2008-06-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, doc/gnutls.texi, includes/gnutls/crypto.h,
+ includes/gnutls/gnutls.h.in, lib/Makefile.am, lib/auth_anon.c,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_dhe_psk.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/auth_srp.c, lib/cipher-libgcrypt.c, lib/crypto.c, lib/crypto.h,
+ lib/debug.c, lib/debug.h, lib/gnutls_algorithms.c,
+ lib/gnutls_cert.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_datum.h, lib/gnutls_dh.c,
+ lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_global.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_openpgp.c,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_psk_netconf.c, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_supplemental.c, lib/gnutls_x509.h,
+ lib/mac-libgcrypt.c, lib/mpi-libgcrypt.c, lib/opencdk/Makefile.am,
+ lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/dummy.c,
+ lib/opencdk/filters.h, lib/opencdk/hash.c, lib/opencdk/kbnode.c,
+ lib/opencdk/keydb.c, lib/opencdk/literal.c, lib/opencdk/main.c,
+ lib/opencdk/main.h, lib/opencdk/misc.c, lib/opencdk/new-packet.c,
+ lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c, lib/opencdk/types.h,
+ lib/opencdk/verify.c, lib/opencdk/write-packet.c,
+ lib/openpgp/extras.c, lib/openpgp/openpgp_int.h,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
+ lib/pk-libgcrypt.c, lib/random.c, lib/random.h,
+ lib/rnd-libgcrypt.c, lib/x509/Makefile.am, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crl.c, lib/x509/mpi.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, src/psk-gaa.c,
+ tests/Makefile.am, tests/ca.pem, tests/crypto_rng.c, tests/mpi.c,
+ tests/netconf-psk.c, tests/openpgp/keyring.c,
+ tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12_s2k.c:
+ Initial merge attempt with gnutls_with_ext_mpi
+
+2008-06-25 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_dh_primes.c: do not add trailing zero on the size
+ count.
+
+2008-06-23 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile: Update gnulib files.
+
+2008-06-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Fix build failures related to opencdk.h.
+ Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.
+
+2008-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix typo.
+
+2008-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Disable C++ library if psk, srp, anon etc have been
+ disabled. The libgnutlsxx.cpp file calls several functions that may
+ have been removed.
+
+2008-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, doc/examples/Makefile.am: Make
+ --disable-psk-authentication work.
+
+2008-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/lock.m4: Update gnulib files.
+
+2008-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-cxx.cpp: Use cstring instead of string.h.
+ Reported by Daniel Black <dragonheart@gentoo.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2922>.
+
+2008-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/psk.c: Fix warning regarding undeclared getpass
+ replacement. Reported by Massimo Gaspari <massimo.gaspari@alice.it>
+ in <http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix warning. Reported by Massimo Gaspari
+ <massimo.gaspari@alice.it> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.h: Add prototype for _gnutls_session_is_psk.
+ Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1281>.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, NEWS, configure.in: Bump versions.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add v2.4.0 release notes.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.4.0.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-06-18 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS, NEWS, includes/gnutls/openpgp.h, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c: libgnutls [OpenPGP]: New APIs to retrieve
+ fingerprint from OpenPGP subkeys. Contributed by Daniel Kahn
+ Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+2008-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/pgp.c: Fix typo in documentation. Tiny patch from
+ Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+2008-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.15.
+
+2008-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/openpgp-certs/Makefile.am: Disable
+ openpgp-certs properly.
+
+2008-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs_template, lgl/Makefile.am, lgl/m4/stdio_h.m4,
+ lgl/stdio.in.h: Update gnulib files.
+
+2008-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/Makefile.am: Disable openpgp-certs self-test.
+
+2008-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.14.
+
+2008-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/memmem.m4: Update gnulib files.
+
+2008-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-certs/testcerts: Use port 5557.
+
+2008-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Unrelease it.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-certs/testcerts: Fix.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-certs/testcerts: Deal with objdir != srcdir builds.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgp-certs/Makefile.am: Dist *.gpg's.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Reorder.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Drop AC_CANONICAL_TARGET, unused.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/gnulib.mk, gl/m4/autobuild.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, m4/autobuild.m4: Import
+ autobuild from gnulib.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.14.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-06-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Doc fix.
+
+2008-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/x509.c: gnutls_x509_crt_get_extension_oid: Doc fix.
+ Reported by Sam Varshavchik <mrsam@courier-mta.com>.
+
+2008-06-08 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/sig-check.c: added check for empty UID list.
+
+2008-06-08 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * configure.in, tests/Makefile.am, tests/openpgp-certs/Makefile.am,
+ tests/openpgp-certs/ca-public.gpg,
+ tests/openpgp-certs/ca-secret.gpg,
+ tests/openpgp-certs/srv-public-127.0.0.1-signed.gpg,
+ tests/openpgp-certs/srv-public-all-signed.gpg,
+ tests/openpgp-certs/srv-public-localhost-signed.gpg,
+ tests/openpgp-certs/srv-public.gpg,
+ tests/openpgp-certs/srv-secret.gpg, tests/openpgp-certs/testcerts:
+ Added OpenPGP certificate verification test.
+
+2008-06-08 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, lib/opencdk/keydb.c, lib/opencdk/main.h,
+ lib/opencdk/sig-check.c: Changed OpenPGP verification behaviour. An
+ OpenPGP certificate is now only considered verified if all the user
+ IDs are verified.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/examples/ex-cxx.cpp: Make it find strlen. Problem
+ reported by Rainer Gerhards <rgerhards@gmail.com> and suggested fix
+ by "John Brooks" <aspecialj@gmail.com>.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Sync with TP.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Sync with TP.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.13.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-export.c: Fix memory leak.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/resume.c: Fix memory leak.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile: Update gnulib files.
+
+2008-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/anonself.c, tests/dhepskself.c, tests/mini.c,
+ tests/openpgpself.c, tests/oprfi.c, tests/x509dn.c,
+ tests/x509self.c, tests/x509signself.c: tests/: Reduce amount of
+ debugging output.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/set_pkcs12_cred.c: Make it run without PKCS12FILE for
+ typical scenarios.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/resume.c: Fix memory leak.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/tlsia.c: Fix memory leak.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509dn.c: Fix memory leaks.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pskself.c: Fix most memory leaks.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/dhepskself.c: Fix memory leaks.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509signself.c: Fix memory leaks.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c: Fix memory leaks.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509self.c: Revert last commit, fix memory leak the right
+ way.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgpself.c: Fix memory leak.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509self.c: Fix memory leaks.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-x509-info.c: Fix printing of serial number.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/libgcrypt.supp: Drop non-generic stuff.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/gc.c: Fix memory leak.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/certder.c: Fix memory leaks.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/moredn.c: Fix memory leak.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Dist libgcrypt.supp.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/libgcrypt.supp: Add.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/mini.c: Fix warnings.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/Makefile.am, tests/mini.c: Add mini self-test, to
+ avoid having to fork to test TLS handshakes.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * po/ms.po.in: Sync with TP.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Reorder.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add psktool to @direntry. Alphasort @direntry.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * README: Drop experimental stuff.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgpself.c: The test now works.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/stdio-impl.h: Update gnulib files.
+
+2008-06-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-06-04 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/openpgp/pgp.c, lib/openpgp/privkey.c: safer copying of keyid
+ type.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.12.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-netconf-tls-02.txt: Add.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: We reverted the ABI bump.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk_netconf.c: Doc fix.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk.c: Doc fix.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am, src/psk-gaa.c: Generated.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump ABI version due to added symbols.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * : commit aa2c7264a52b993aca39c613e5fe1aed7511c972 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Wed Jun 4 08:11:34 2008
+ +0200
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-session-info.c: Update example with more PSK
+ printing.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.4.netconf.2.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Document PSK stuff.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Allow --pskusername to be specified to avoid query in
+ PSK callback.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv-gaa.c, src/serv-gaa.h: Generated.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/cli.c: gnutls-cli: Implement PSK callback.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/serv.c, src/serv.gaa: Add gnutls-serv --pskhint.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_psk.c: Generate server key exchange (psk identity hint).
+ Invoke client callback.
+
+2008-06-04 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in, lib/auth_psk.h, lib/gnutls_psk.c: Add
+ gnutls_psk_set_server_credentials_hint.
+
+2008-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_psk.c, src/common.c:
+ Add gnutls_psk_client_get_hint function. Use it.
+
+2008-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_session_pack.c: Pack/unpack psk identity hint too.
+
+2008-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/psk-gaa.c, src/psk-gaa.h, src/psk.c, src/psk.gaa:
+ psktool: Support --netconf-hint.
+
+2008-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-06-02 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/openpgp/openpgp_int.h: safer use of KEYID_IMPORT().
+
+2008-06-02 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/auth_cert.c: Corrected usage of DECR_LEN()
+
+2008-06-01 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * tests/openpgpself.c: reduced logging level
+
+2008-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * m4/libgcrypt.m4: Update to latest version.
+
+2008-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.vers, libextra/libgnutls-extra.vers: Add emacs mode
+ markers.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert "Revert ABI version, make libgnutls-extra use
+ another ABI version." This reverts commit 1a0f4dbf5a79ac61c7d10257221d851a4a12d814.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Revert "Use libtool EXTRA_ version symbols." This reverts commit 4e6bc87a35ed471022019265f7b5628e480f7e38.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention ABI bump.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Use libtool EXTRA_ version symbols.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert ABI version, make libgnutls-extra use another
+ ABI version.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump ABI version.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: Doc fix.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Merge 2.2.x branch NEWS entries.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl_write.c: (gnutls_x509_crl_set_version): Fix on platform where 'char' can be
+ unsigned. Based on report from Laurence Withers <l@lwithers.me.uk>,
+ see:
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2825>.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/memcmp.m4, lgl/stdbool.in.h, lgl/vasnprintf.c: Update
+ gnulib files.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/openssl.h, libextra/gnutls_openssl.c:
+ libgnutls-openssl: added RAND_pseudo_bytes API. Tiny patch from
+ Robert Millan <rmh@aybabtu.com>.
+
+2008-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-05-24 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/sig-check.c: added error check.
+
+2008-05-24 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/openpgp/output.c: Print Never when a certificate never
+ expires.
+
+2008-05-24 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/openpgp/pgp.c: Corrected bug gnutls_openpgp_crt_get_name()
+ which returned the same value for index==0 or 1.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.11.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/memcmp.m4, maint.mk: Update gnulib files.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Fix ex-cxx name. Fix LDADD's.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * po/nl.po.in, po/pl.po.in, po/sv.po.in, po/vi.po.in: Sync with TP.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Restore umask after opening file. Suggested by
+ Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+2008-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, src/certtool.c, src/crypt.c, src/psk.c: Use
+ umask unconditionally.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cipher.c: Fix broken debug check for GNUTLS-SA-2008-1.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Don't pass all C flags when building C++ library.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.10.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-05 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_str.c, tests/hostname-check/hostname-check.c: added
+ wide wildcard hostname matching. Patch by Jean-Philippe Garcia
+ Ballester.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Disable ftp.gnutls.org for now.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/vasnprintf.c: Update gnulib files.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_server_name.c, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c: Fix GNUTLS-SA-2008-1 security
+ vulnerabilities. See
+ http://www.gnu.org/software/gnutls/security.html for updates.
+
+2008-05-18 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: Use umask to restrict permissions to owner before creating a
+ file.
+
+2008-05-18 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Use umask to restrict the newly created file's
+ permissions if operating on a private key. This effectively fixes
+ the issue reported at
+ <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169> and the
+ followups.
+
+2008-05-17 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, doc/examples/Makefile.am, doc/examples/ex-cxx.cpp,
+ doc/gnutls.texi, includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp:
+ Updated the C++ API with patch from Eduardo Villanueva Che.
+ Suggested by Benjamin Herr.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.9.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove obsolete comment.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Don't check for present headers, hard code checks
+ for silly src/cfg/.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4: Replace strings.h check with gnulib module.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/strcase.m4, lgl/m4/strings_h.m4, lgl/strcasecmp.c,
+ lgl/strings.in.h, lgl/strncasecmp.c: Replace strings.h check with
+ gnulib module.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, src/certtool.c: certtool: When writing private keys
+ to files, change permissions of file. Now the file which the
+ private key is saved to is chmod'ed 0600. Reported by martin f
+ krafft <madduck@debian.org> see
+ <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, src/certtool-cfg.c, src/certtool-cfg.h,
+ src/certtool.c: certtool: Encrypting a private key now require a
+ confirmed password. Before, './certtool -k -8' would merely ask for
+ a password once. Reported by Daniel 'NebuchadnezzaR' Dehennin
+ <nebuchadnezzar@asgardr.info> see
+ <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update
+ gnulib files.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Remove --enable-profile-mode.
+
+2008-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/memmem.m4, lgl/str-two-way.h: Update gnulib files.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_psk.c, lib/gnutls_kx.c, lib/gnutls_state.c: Allow for
+ server key exchange message to be optional for PSK ciphers.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.4.netconf.1.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_psk.c, lib/auth_psk.h: Parse psk_identity_hint field.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix so that PSK authentication works.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/gnutls.texi: Document gnutls-cli PSK fix.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix so that PSK authentication works.
+
+2008-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
+ lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4: Update gnulib files.
+
+2008-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-07.txt: Add.
+
+2008-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * guile/tests/Makefile.am: Don't run guile openpgp self tests if
+ openpgp is disabled.
+
+2008-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Don't run openpgpself if openpgp stuff wasn't
+ built.
+
+2008-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/examples/ex-session-info.c, guile/src/core.c,
+ guile/tests/Makefile.am: libgnutls: Compile if SRP is disabled.
+ Report and tiny patches from <jared.jennings.ctr@eglin.af.mil>, see
+ <https://savannah.gnu.org/support/index.php?106342>.
+
+2008-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Fix warning.
+
+2008-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, gl/getaddrinfo.h: Update gnulib files.
+
+2008-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/output.c: More translation markups.
+
+2008-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * po/POTFILES.in: Add translations from openpgp output functions
+ too.
+
+2008-05-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Translation fixes, tiny patch from Benno
+ Schulenberg <bensberg@justemail.net>.
+
+2008-05-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
+ lgl/override/lib/gc-libgcrypt.c.diff: Update gnulib files.
+
+2008-05-02 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 382e242d6ab440749f44f53020a928c09a4c4765 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Thu May 1 11:06:19
+ 2008 +0300
+
+2008-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-02.txt: Add.
+
+2008-04-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/arpa_inet.in.h, gl/getaddrinfo.c, gl/gnulib.mk,
+ gl/m4/arpa_inet_h.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4: Update
+ gnulib files.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-06.txt,
+ doc/protocol/draft-rescorla-tls-extended-random-00.txt: Add.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Call AM_CONDITIONAL at top-level.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Dist maint.mk.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.8.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/arpa_inet_h.m4, lgl/Makefile.am,
+ lgl/m4/stdlib_h.m4, lgl/m4/string_h.m4, lgl/stdlib.in.h,
+ lgl/string.in.h: Update gnulib files.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/vi.po.in: Sync with TP.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Clarify area of change.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Doc fix.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_buffers.c,
+ lib/gnutls_errors.c, lib/gnutls_handshake.c, lib/gnutls_int.h:
+ Increase max handshake packet size. Add new error code for
+ situation. Thanks to Marc Haber <mh+debian-bugs@zugschlus.de> and
+ "Marc F. Clemente" <marc@mclemente.net> for reporting and providing
+ test servers.
+
+2008-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 08e4c95c3659544c39b93539d62209d4c296d5b1 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Tue Apr 29 00:13:26 2008
+ +0200
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Avoid another duplicate call to socket_bye() which can
+ cause a crash.
+
+2008-04-28 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, src/cli.c, src/common.c, src/common.h, src/serv.c,
+ src/tests.c: gnutls-cli will exit once a certificate that doesn't
+ have the correct name is found.
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml, lib/gnutls_cert.c,
+ lib/gnutls_openpgp.c, lib/gnutls_str.c, lib/gnutls_x509.c,
+ lib/openpgp/pgp.c, lib/openpgp/privkey.c, lib/x509/dn.c: Doc markup
+ for newly added APIs.
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12_bag.c,
+ lib/x509/pkcs7.c, lib/x509/x509.c: Doc fixes (silence gtk-doc
+ warnings).
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl_write.c, lib/x509/x509_write.c: Doc fixes (silence
+ gtk-doc warnings).
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_write.c: Doc fixes (silence gtk-doc
+ warnings).
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c, lib/x509/dn.c, lib/x509/output.c,
+ lib/x509/privkey.c: Doc fixes (silence gtk-doc warnings).
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 02393bd4ef0c2ee7864c356f70623f3950f372f0 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Mon Apr 28 18:14:14 2008
+ +0200
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, gl/arpa_inet.in.h, gl/gnulib.mk,
+ gl/inet_ntop.c, gl/inet_ntop.h, gl/inet_pton.c, gl/inet_pton.h,
+ gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
+ lgl/Makefile.am, lgl/fseeko.c, lgl/intprops.h,
+ lgl/m4/gnulib-comp.m4, lgl/m4/sys_socket_h.m4, lgl/memchr.c,
+ lgl/stdio-impl.h, lgl/sys_socket.in.h: Update gnulib files.
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix typo.
+
+2008-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, includes/gnutls/crypto.h: Hide crypto.h definitions
+ by default.
+
+2008-04-26 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * tests/Makefile.am, tests/crypto_rng.c: added crypto rng
+ registration test.
+
+2008-04-26 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * lib/crypto.c: add warning that these functions have to be called
+ before gnutls_global_init().
+
+2008-04-26 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * lib/crypto.c, lib/random.c: faster seek into the list.
+
+2008-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls_psk_netconf.c, tests/netconf-psk.c: Change PSK
+ key derivation algorithm.
+
+2008-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-04-25 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * lib/crypto.c, lib/crypto.h, lib/gnutls_global.c: Added
+ deregisteration function to free buffers allocated for registering
+ algorithms.
+
+2008-04-25 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * lib/crypto.c: corrected segmentation fault on registering ciphers.
+
+2008-04-25 Nikos Mavrogiannopoulos <nmav@turtle.(none)>
+
+ * doc/manpages/certtool.1, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.gaa: added --outraw --inraw options.
+
+2008-04-23 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, lgl/sys_socket.in.h: Update gnulib files.
+
+2008-04-23 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert libgcrypt vs vasprintf workaround, now that
+ 1.4.1rc1 is released.
+
+2008-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/arpa_inet.in.h: Update gnulib files.
+
+2008-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/arpa_inet.in.h, gl/gnulib.mk, gl/m4/arpa_inet_h.m4,
+ gl/m4/gnulib-comp.m4, lgl/sys_socket.in.h: Update gnulib files.
+
+2008-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 34e3d59b2e276b8a45924f11f6916399fa14f5be Author: Simon
+ Josefsson <simon@josefsson.org> Date: Tue Apr 22 09:56:03 2008
+ +0200
+
+2008-04-21 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 1b6c0f521f7e6e3d48b74fbb568a53547c5ff8ec Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Apr 21 21:53:55
+ 2008 +0300
+
+2008-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.7.
+
+2008-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Don't clean Guile documentations on make clean.
+
+2008-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/psk-gaa.c, src/psk.gaa, src/serv.c, src/tests.c:
+ Fix warnings.
+
+2008-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/reference/Makefile.am, lib/minitasn1/Makefile.am,
+ lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/mem.h: Update to libtasn1
+ 1.4.
+
+2008-04-19 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS: opencdk now properly sets the key usage bits into openpgp
+ keys.
+
+2008-04-19 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/keydb.c, lib/opencdk/read-packet.c: save key usage
+ while reading public keys.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Don't crash on TLS handshake failures. Reported by
+ "Marc F. Clemente" <marc@mclemente.net> in Debian BTS #466477. This
+ is related to the 5e5f086e124d8d90829fc8e22f34044161da5f80 fix, this
+ part is necessary too.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/certtool.c: certtool: with --generate-request and newly
+ generated keys, print the key.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Explain libgcrypt around gnulib.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: Don't
+ document opencdk API.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo fix.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Link to -lws2_32 if needed.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Define WINVER to get modern features. Test for
+ ws2_32. Add conditional.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Use ASCII-only isprint function to get
+ consistent outputs. Reported by Massimo Gaspari
+ <massimo.gaspari@alice.it> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1184>.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/c-ctype.c, lgl/c-ctype.h, lgl/dummy.c,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4: Add c-ctype module,
+ for lib/x509/output.c.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * gl/fseeko.c, gl/gnulib.mk, gl/lseek.c, gl/m4/extensions.m4,
+ gl/m4/fseeko.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/lseek.m4, gl/m4/netinet_in_h.m4, gl/m4/strerror.m4,
+ lgl/Makefile.am, lgl/fseeko.c, lgl/lseek.c, lgl/m4/extensions.m4,
+ lgl/m4/fseeko.m4, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/lseek.m4, lgl/m4/memmem.m4, lgl/m4/stdint.m4,
+ lgl/m4/stdio_h.m4, lgl/m4/sys_socket_h.m4: Move fseeko to lgl/ from
+ gl/ for opencdk.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Link to libgcrypt when running gnulib checks, to get
+ their vasprintf on MinGW.
+
+2008-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Don't check for vasprintf, already checked for by
+ gnulib.
+
+2008-04-17 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/openpgp/pgp.c: corrected typo.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * .clcopying, .cvscopying, .cvsusers, Makefile.am, src/pkcs1.asn:
+ Fix some obsolete stuff.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: (gnutls_x509_crt_get_key_usage): Doc fix.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.6.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Link errcodes with gnulib. Possibly fixes
+ rpl_strerror problem when linking on HPUX, see:
+
+ <http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Gnu/gnutls-2.3.4/gnutls-2.3.4-src-11.11.tar.gz+gnutls-2.3.4/HPUX.Install+text>.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 01a64fe6798a4ba82df9accf67c7c8f657abd9f5 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Thu Apr 17 14:27:03 2008
+ +0200
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/kbnode.c: Doc fix (gtk-doc warning).
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/openssl.h: Fix gtk-doc warning about duplicate RSA
+ namespace.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c: Fix warning.
+
+2008-04-17 Ludovic Courtès <ludo@gnu.org>
+
+ * : commit 2b4f4e3fd2b0df0b77b283928154b5f3e9139fe8 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Thu Apr 17 14:15:49 2008
+ +0200
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Fix --source-dir to only cover lib/,
+ libextra/ and includes/.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Simplify cdk handling.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Discuss OpenCDK better.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * README: No need for external opencdk.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, lib/opencdk/misc.c: Remove code to
+ link with external opencdk. It seems we now don't have resources to
+ maintain the LGPL opencdk code externally, since making it use
+ GnuTLS's crypto code will be complicated. See discussion in:
+
+ http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2672/focus=2711
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: No need for alloca checks.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_mem.h,
+ lib/gnutls_mpi.c, lib/gnutls_pk.c, lib/x509/crl.c, lib/x509/mpi.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/x509.c: Remove
+ all uses of gnutls_alloca/gnutls_afree. Use normal gnutls_malloc
+ instead. One reason is increased portability to Windows, the other
+ is that several of the uses may be unsafe because the size of data
+ allocated could be large. Reported by Massimo Gaspari
+ <massimo.gaspari@alice.it> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1170>.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c: Don't use alloca, the certificate list can be
+ larger than stack size.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/output.c: Don't use %e specifier with strftime, it
+ doesn't work under Windows. Reported by Massimo Gaspari
+ <massimo.gaspari@alice.it> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1170>.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c: Re-generate using
+ modern libtasn1.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Fix typo.
+
+2008-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/pathlen/pathlen: Run diff without parameters, to
+ improve portability. Based on HPUX recommendations in
+
+ <http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Gnu/gnutls-2.3.4/gnutls-2.3.4-src-11.11.tar.gz+gnutls-2.3.4/HPUX.Install+text>.
+
+2008-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Reorder libgnu.la last. Possibly fix
+ rpl_fseeko problem reported in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1166>.
+
+2008-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Update bibliography.
+
+2008-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Doc fix (silence texinfo warning).
+
+2008-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/pgp.c: Improve error messages. See
+ <http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/26>.
+
+2008-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rsa-aes-gcm-03.txt: Add.
+
+2008-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/crq.c, src/certtool.c: Make gnutls_x509_crq_sign2
+ set certificate request version if not set.
+
+2008-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, lib/x509/crq.c: Improve documentation for
+ gnutls_x509_crq_sign2. Based on report from "John Brooks"
+ <aspecialj@gmail.com> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1154>.
+
+2008-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-rescorla-tls-suiteb-02.txt: Add.
+
+2008-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-05.txt: Add.
+
+2008-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.5.
+
+2008-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/tls_test.c: Rely on sys/socket.h for SHUT_*.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/sys_socket_h.m4, lgl/sys_socket.in.h: Update gnulib files.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/gc-libgcrypt.c, lgl/m4/gnulib-cache.m4:
+ Update gnulib files.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/gnulib-cache.m4, lgl/override/lib/gc-libgcrypt.c.diff:
+ Quick fix for SHA-224 and old libgcrypt's.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/random.h: Fix warnings.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * cfg.mk: Typo.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * po/Makevars: We don't need --no-location any more, git stores
+ *.po.in's.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, cfg.mk: Translation fixes.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * po/de.po, po/de.po.in, po/ms.po, po/ms.po.in, po/nl.po,
+ po/nl.po.in, po/pl.po, po/pl.po.in, po/sv.po, po/sv.po.in: Improve
+ translation handling to avoid git conflicts.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, build-aux/gnupload, gl/fseeko.c, gl/getdelim.c,
+ gl/m4/eoverflow.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/include_next.m4, lgl/gc-gnulib.c, lgl/m4/gc-random.m4,
+ lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/include_next.m4, lgl/m4/stdint.m4, lgl/m4/vasnprintf.m4,
+ lgl/snprintf.c, lgl/vasnprintf.c, lgl/vasprintf.c, lgl/wchar.in.h:
+ Update gnulib files.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Cosmetic.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Whitespace fix.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Improve APIMANS/SRPMANS, to make it
+ easier to understand changes.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix test.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Don't bother checking for --output-def if shared
+ libraries are disabled. Based on report from Massimo Gaspari
+ <massimo.gaspari@alice.it> in
+ <http://permalink.gmane.org/gmane.network.gnutls.general/1145>.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, doc/gnutls.texi: Document how to generate CRLs.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.4.netconf.0.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-psk.c: Typo.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk_netconf.c: Typo.
+
+2008-04-13 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Typo.
+
+2008-04-13 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * includes/gnutls/openpgp.h: changed api.
+
+2008-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-psk.c: Doc fix.
+
+2008-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-psk.c, doc/examples/ex-serv-psk.c: Add, PSK
+ self test.
+
+2008-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk_netconf.c: Typo.
+
+2008-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Add ex-serv-psk.
+
+2008-04-12 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/cli.c: get_auth_subkey has one more parameter.
+
+2008-04-12 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/opencdk/pubkey.c: return the size of the required buffer to
+ hold the data
+
+2008-04-12 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/openpgp/output.c: Deallocate memory from parameters only when
+ function run was successful.
+
+2008-04-12 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_openpgp.c, lib/openpgp/pgp.c: Added a flag in
+ get_auth_subkey() to work for all use cases
+
+2008-04-10 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/pgp.c: do not return any subkey if an authentication
+ subkey is not found
+
+2008-04-10 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/extras.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c:
+ corrected bug in openpgp import when data is of size zero. Reported
+ by Daniel Kahn
+
+2008-04-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk_netconf.c: Fix mem leak on errors.
+
+2008-04-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-04-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/netconf-psk.c: Fix bugs.
+
+2008-04-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk_netconf.c: Fix bugs.
+
+2008-04-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/netconf-psk.c: Starting pointer for NETCONF-PSK support.
+
+2008-04-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/Makefile.am,
+ lib/gnutls_psk_netconf.c, tests/Makefile.am: Starting pointer for
+ NETCONF-PSK support.
+
+2008-04-04 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/pgp.c, lib/openpgp/privkey.c: Fail at import stage if
+ a non proper certificate is loaded.
+
+2008-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-nir-tls-eap-03.txt: Add.
+
+2008-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-netconf-tls-01.txt: Add.
+
+2008-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_psk_passwd.c: (_gnutls_psk_pwd_find_entry): Call fclose after fopen. Tiny patch
+ from Laurence Withers <l@lwithers.me.uk>, see
+
+ <http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>.
+
+2008-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 117152d4c91e1c01055eedada1412ec763e5196b Author: Simon
+ Josefsson <simon@josefsson.org> Date: Thu Apr 3 09:40:01 2008
+ +0200
+
+2008-04-02 Nikos <nmav@crystal.(none)>
+
+ * NEWS: documented the openpgp updates.
+
+2008-04-02 Nikos <nmav@crystal.(none)>
+
+ * doc/manpages/certtool.1: added the openpgp functionality to the
+ manpage.
+
+2008-04-02 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/privkey.c: Corrected exporting the DSA secret key
+ parameters.
+
+2008-04-02 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
+ lib/openpgp/privkey.c: Add proper ARMOR header in private keys.
+
+2008-04-02 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c:
+ Consistent printing of revoked status. Consistent printing of key
+ algorithm.
+
+2008-04-02 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_errors.c: Added revoked UID error string.
+
+2008-04-02 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/output.c, lib/openpgp/privkey.c: Print revoked names.
+
+2008-04-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecdhe-psk-01.txt: Add.
+
+2008-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/crypto.h: Fix warnings.
+
+2008-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/gc-libgcrypt.c, lgl/gc.h,
+ lgl/m4/stdlib_h.m4, lgl/stdlib.in.h: Update gnulib files.
+
+2008-03-29 Nikos <nmav@crystal.(none)>
+
+ * NEWS: Documented the --priority option to gnutls-cli and
+ gnutls-serv.
+
+2008-03-29 Nikos <nmav@crystal.(none)>
+
+ * doc/manpages/gnutls-cli.1, doc/manpages/gnutls-serv.1: documented
+ the --priority option.
+
+2008-03-29 Nikos <nmav@crystal.(none)>
+
+ * NEWS: corrected the news entry.
+
+2008-03-29 Nikos <nmav@crystal.(none)>
+
+ * lib/auth_cert.c: Reverted to gnutls 2.2 behaviour of allowing an
+ empty key (for PKCS #11). Reported by Joe Orton.
+
+2008-03-29 Nikos <nmav@crystal.(none)>
+
+ * NEWS: gnutls_crypto_rnd_register: ADDED
+
+2008-03-29 Nikos <nmav@crystal.(none)>
+
+ * : commit 0b37eef0f6b6626d5e4b5936bbc6f012416ef61a Author: Nikos
+ <nmav@crystal.(none)> Date: Sat Mar 29 12:01:27 2008 +0200
+
+2008-03-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-00.txt,
+ doc/protocol/draft-badra-tls-psk-new-mac-aes-gcm-01.txt: Add.
+
+2008-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/gc-libgcrypt.c, lgl/gc.h: Update gnulib files.
+
+2008-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Entries added at wrong place, move them.
+
+2008-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in: Avoid defining SHA-224 MAC
+ since it isn't specified in TLS 1.2.
+
+2008-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in: Add SHA-224 enum types.
+
+2008-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk: Update gnulib files.
+
+2008-03-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-10.txt: Add.
+
+2008-03-25 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, build-aux/GNUmakefile, build-aux/maint.mk, cfg.mk,
+ gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/lib-link.m4, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/lib-link.m4, maint-cfg.mk, maint.mk:
+ Update gnulib files.
+
+2008-03-20 Ludovic Courtès <ludo@gnu.org>
+
+ * configure.in, guile/src/Makefile.am: Check whether
+ `-fgnu89-inline' is supported before using it. * configure.in: Check for `-fgnu89-inline', define Automake
+ conditional `HAVE_GCC_GNU89_INLINE_OPTION'. * guile/src/Makefile.am (AM_CFLAGS): Only use `-fgnu89-inline' when `HAVE_GCC_GNU89_INLINE_OPTION' is true.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_extra.c: Fix LZO build failure.
+
+2008-03-19 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/Makefile.am: guile: Compile with `-fgnu89-inline'. * guile/src/Makefile.am (AM_CFLAGS): Add `-fgnu89-inline' when `HAVE_GCC' is true. This works around the fact that GnuTLS is compiled with `-std=c99', while Guile and GMP expect GNU inline semantics, which defer from C99 inline semantics.
+
+2008-03-19 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/core.c: guile: Don't declare `inline' functions that use
+ `alloca ()'. * guile/src/core.c (set_certificate_file): Remove `inline' keyword.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * includes/Makefile.am: Dist gnutls/crypto.h.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.4.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-resume.c, lib/crypto.c,
+ lib/gnutls_compress_int.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_openpgp.c, lib/openpgp/extras.c,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/privkey.c,
+ libextra/gnutls_extra.c, libextra/gnutls_ia.c, src/certtool.c,
+ src/serv.c: Fix gcc warnings.
+
+2008-03-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Fix warning.
+
+2008-03-16 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: fixes for all tests to
+ succeed.
+
+2008-03-16 Nikos <nmav@crystal.(none)>
+
+ * includes/gnutls/crypto.h: updated
+
+2008-03-16 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_sig.c,
+ lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/x509/pkcs12.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c: several fixes
+ in the cipher (register) interface and added hash.
+
+2008-03-16 Nikos <nmav@crystal.(none)>
+
+ * NEWS, includes/gnutls/crypto.h, includes/gnutls/gnutls.h.in,
+ lib/Makefile.am, lib/crypto.c, lib/crypto.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_constate.c, lib/gnutls_errors.c, lib/gnutls_int.h,
+ lib/gnutls_state.c: Added functionality to override (register) a
+ cipher. Initial functionality for MAC and digest algorithms.
+
+2008-03-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/gnutls_openpgp.h: Remove things already in
+ includes/gnutls/openpgp.h.
+
+2008-03-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_openpgp.c, lib/opencdk/Makefile.am,
+ lib/opencdk/armor.c, lib/opencdk/context.h, lib/opencdk/filters.h,
+ lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
+ lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
+ lib/opencdk/misc.c, lib/opencdk/new-packet.c,
+ lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c,
+ lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
+ lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
+ lib/openpgp/compat.c, lib/openpgp/extras.c, lib/openpgp/pgp.c,
+ lib/openpgp/pgpverify.c, lib/openpgp/privkey.c: Clean up license
+ headers for OpenPGP code. According to Nikos they are now licensed
+ under the LGPL, see:
+
+ http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2658/focus=2659
+
+2008-03-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Typo.
+
+2008-03-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/include_next.m4,
+ gl/m4/stdarg.m4, gl/stdarg.in.h, lgl/Makefile.am,
+ lgl/m4/absolute-header.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/include_next.m4: Update gnulib files.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, gl/m4/fseeko.m4: Update gnulib files.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Finish renaming of export
+ x509/openpgp functions. In particular,
+ gnutls_certificate_get_x509_cas, gnutls_certificate_get_x509_crls,
+ and gnutls_certificate_get_openpgp_keyring.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Revert
+ a3e4759117cee5d756475215437a440dc12fcc6c because it breaks libtool
+ v2.2. ../libtool: line 4398: cd: ../../lib/.libs: No such file or
+ directory libtool: link: cannot determine absolute directory name of
+ `../../lib/.libs'
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.3.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/reference/Makefile.am, libextra/Makefile.am,
+ libextra/gnutls_extra.c, libextra/gnutls_extra.h: Remove
+ gnutls_extra.h, not needed anymore. Fixes build failure in libextra
+ that looked for opencdk.h (via auth_cert.h). Reported by Roman
+ Bogorodskiy <novel@FreeBSD.org>.
+
+2008-03-08 Nikos <nmav@crystal.(none)>
+
+ * : commit cf8fb4bca34ec865959f1544e395b5566f2449ac Author: Nikos
+ <nmav@crystal.(none)> Date: Sat Mar 8 02:06:25 2008 +0200
+
+2008-03-07 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/Makefile.am: guile: Propagate Guile's CPPFLAGS to
+ `guile-snarf'.
+
+2008-03-07 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/make-enum-header.scm, guile/src/utils.h: guile: Include
+ <config.h>, not "config.h".
+
+2008-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml: Add index.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509_b64.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_alert.c: Doc fix.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_str.c: Fix
+ gnutls_hex2bin prototype.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix warnings.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/select.c: Avoid confusing gtk-doc.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/kbnode.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/opencdk/stream.c, lib/opencdk/verify.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/privkey.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/pgp.c, lib/openpgp/privkey.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_state.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_algorithms.c, lib/gnutls_record.c,
+ lib/gnutls_state.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.c: Doc fix.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_db.c: Doc fix.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_session.c: Doc fix.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Doc fix.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_srp.c: Doc fix.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_auth.c, lib/gnutls_openpgp.c, lib/gnutls_srp.c,
+ libextra/gnutls_ia.c: Doc fixes.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * m4/pkg.m4: Added, needed by new gtk-doc.m4.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Update gtk-doc Makefile.am to latest
+ examples.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/tmpl/gnutls-unused.sgml, gtk-doc.make: Update
+ gtk-doc makefile, this version allows us to get rid of tmpl/.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * m4/gtk-doc.m4: Update gtk-doc.m4.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_cert.c, lib/gnutls_global.c,
+ lib/gnutls_psk.c, lib/gnutls_record.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c: Doc fix,
+ remove verbose 'This function ...' Improves looks in 'apropos'
+ output.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_anon_cred.c, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_handshake.c, lib/gnutls_openpgp.c, lib/gnutls_psk.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/x509_b64.c: Doc fix, remove verbose 'This function will' stuff.
+ Improves man page look in 'apropos'.
+
+2008-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/func.m4, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4: Use func module, to get __func__.
+
+2008-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/common.c: Print DH parameters of session.
+
+2008-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c, gl/getdelim.c, lgl/alloca.in.h,
+ lgl/gc-gnulib.c, lgl/xsize.h: Update gnulib files.
+
+2008-02-28 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/utils.c: Use __func__ instead of __FUNCTION__. Reported
+ by Tim Mooney, see <https://savannah.gnu.org/support/?106267>. A
+ gnulib module to make sure __func__ is available would be nice.
+
+2008-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: Doc fix.
+
+2008-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls_x509.c: Optimize adding many trusted
+ certificates. See
+
+ <http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/>.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: Doc fixes.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.2.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgpself.c: Force success.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/Makefile.am, lib/gnutls_db.c,
+ lib/gnutls_session.h: Remove empty gnutls_session.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_int.h: align comments
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_int.h: Pull in gnutls/pkcs12.h instead of
+ duplicating stuff.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/x509_int.h: Move lib/x509/pkcs12.h stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/gnutls_cert.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_pk.c, lib/gnutls_x509.c,
+ lib/x509/Makefile.am, lib/x509/common.c, lib/x509/crl_write.c,
+ lib/x509/crq.c, lib/x509/extensions.c, lib/x509/mpi.c,
+ lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_int.h, lib/x509/x509_write.c: Move
+ mpi.h stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/openpgp/pgp.c, lib/x509/Makefile.am, lib/x509/rfc2818.h,
+ lib/x509/rfc2818_hostname.c: Move rfc2818.h hostname comparison to
+ gnutls_str.h and update callers.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openssl_compat.c: gnutls_int includes config.h, no need
+ to do it twice.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openssl_compat.c: Need gnutls_int.h for mpi_t and stuff
+ (now in lib/x509/x509_int.h).
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/x509/Makefile.am,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/extensions.c,
+ lib/x509/extensions.h, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509_int.h,
+ lib/x509/x509_write.c: Move extensions.h stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/gnutls_rsa_export.c,
+ lib/gnutls_x509.c, lib/x509/Makefile.am, lib/x509/pkcs12_bag.c,
+ lib/x509/privkey.h, lib/x509/privkey_pkcs8.c, lib/x509/x509.c,
+ lib/x509/x509_int.h: Move privkey.h stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/gnutls_x509.c,
+ lib/openpgp/pgpverify.c, lib/x509/Makefile.am, lib/x509/privkey.c,
+ lib/x509/sign.c, lib/x509/verify.c, lib/x509/verify.h,
+ lib/x509/x509.c, lib/x509/x509_int.h: Move verify.h stuff to
+ x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/gnutls_x509.c,
+ lib/x509/Makefile.am, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
+ lib/x509/x509_int.h: Move pkcs7.h stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/x509/Makefile.am, lib/x509/dsa.c,
+ lib/x509/dsa.h, lib/x509/privkey.c, lib/x509/x509_int.h: Move dsa.h
+ stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/x509/Makefile.am, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
+ lib/x509/sign.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509_int.h, lib/x509/x509_write.c,
+ libextra/openssl_compat.c: Move dn.h stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/x509/Makefile.am,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/privkey.c,
+ lib/x509/sign.c, lib/x509/sign.h, lib/x509/x509_int.h,
+ lib/x509/x509_write.c: Move sign.h stuff to x509_int.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/privkey.c: No need for rfc2818.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_int.h: Doc fixes.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_int.h: Remove stuff already in
+ includes/gnutls/x509.h.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * .gitignore: [no log message]
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, build-aux/gnupload, gl/gnulib.mk,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Use gnupload.
+
+2008-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4366-bis-02.txt: Add.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, lib/x509/Makefile.am,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
+ lib/x509/x509_int.h, lib/x509/x509_write.c: Merge crq.h into
+ x509_int.h, avoid one trivial header file.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Rename x509.h to x509_int.h.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_rsa_export.c, lib/gnutls_x509.c, lib/x509/crl.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/mpi.h,
+ lib/x509/output.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/verify.h, lib/x509/x509.c, lib/x509/x509.h,
+ lib/x509/x509_int.h: Rename lib/x509/x509.h to x509_int.h. Fixes
+ name-space collision that confuses GTK-DOC with
+ includes/gnutls/x509.h.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.h, lib/openpgp/Makefile.am, lib/openpgp/compat.c,
+ lib/openpgp/extras.c, lib/openpgp/openpgp.h,
+ lib/openpgp/openpgp_int.h, lib/openpgp/pgp.c,
+ lib/openpgp/pgpverify.c, lib/openpgp/privkey.c: Rename
+ lib/openpgp/openpgp.h to openpgp_int.h. Fixes name-space collision
+ that confuses GTK-DOC with includes/gnutls/openpgp.h.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Change DOC_SOURCE_DIR, needed for
+ GTK-DOC to have comments for variables.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Remove unused defines.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * tests/moredn.c: Added, lost part of Joe's original
+ gnutls_x509_dn_export patch.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/time_r.m4, lgl/m4/unistd_h.m4,
+ lgl/unistd.in.h: Update gnulib files.
+
+2008-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-tls-password-ext-01.txt: Add.
+
+2008-02-24 Nikos <nmav@crystal.(none)>
+
+ * NEWS, doc/manpages/Makefile.am, includes/gnutls/x509.h,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c,
+ tests/Makefile.am: Added gnutls_x509_dn_export(). Patch by Joe
+ Orton.
+
+2008-02-21 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_cert.c: _export_ -> _get_
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openpgpself.c: Don't use credentials from files (causes
+ problems with srcdir!=builddir).
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump version.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.1.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fixes.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
+ lib/x509/output.c, src/certtool.c, src/serv.c: Use better names in
+ gnutls_certificate_print_formats_t.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention new APIs.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/openpgp.h: Drop gnutls_openpgp_crt_get_id (handled
+ by compat.h).
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Credit.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/compat.h, lib/openpgp/pgp.c: Cleanup
+ gnutls_openpgp_crt_get_id vs gnutls_openpgp_crt_get_key_id.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Typo.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h: Make it
+ build.
+
+2008-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-extractor-01.txt,
+ doc/protocol/draft-mavrogiannopoulos-rfc5081bis-00.txt: Add.
+
+2008-02-20 Nikos <nmav@crystal.(none)>
+
+ * NEWS: removed function
+
+2008-02-20 Nikos <nmav@crystal.(none)>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_cert.c: Added
+ gnutls_certificate_export_x509_cas and other functions to export
+ elements from the certificate credentials structure.
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * lib/auth_cert.h, lib/openpgp/openpgp.h: changes to compile with
+ ENABLE_OPENPGP undef.
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/pgp.c: do not return more than the available names.
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * lib/openpgp/output.c: corrected bug that prevented printing the
+ names.
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * tests/openpgp_test.c, tests/openpgpself.c: some updates
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * tests/Makefile.am, tests/openpgpself.c: added self test for
+ openpgp connection
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/dn.c, lib/x509/x509.c,
+ tests/Makefile.am, tests/x509dn.c: Added
+ gnutls_x509_dn_import/init/deinit() to access raw DER DN. Patch by
+ Joe Orton.
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * lib/auth_cert.c, lib/gnutls_cert.c, lib/gnutls_openpgp.c,
+ lib/openpgp/gnutls_openpgp.h: better usage of gnutls_openpgp_keyid_t
+
+2008-02-19 Nikos <nmav@crystal.(none)>
+
+ * lib/auth_cert.c, lib/gnutls_openpgp.c, lib/openpgp/extras.c,
+ lib/openpgp/output.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c: copyright 2008
+
+2008-02-18 Nikos <nmav@crystal.(none)>
+
+ * doc/examples/ex-serv-pgp.c, includes/gnutls/gnutls.h.in,
+ includes/gnutls/openpgp.h, lib/auth_cert.c, lib/gnutls_cert.c,
+ lib/gnutls_openpgp.c, lib/openpgp/extras.c,
+ lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp.h,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c, src/certtool.c, src/cli-gaa.c, src/cli.c,
+ src/serv-gaa.c, tests/openpgp/keyring.c: pgp_keyid_t is now
+ compatible with the 2.2 key id.
+
+2008-02-18 Nikos <nmav@crystal.(none)>
+
+ * : commit 8784572575208f8755087125b168bb0a8832cee4 Author: Nikos
+ <nmav@crystal.(none)> Date: Mon Feb 18 17:58:24 2008 +0200
+
+2008-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * README: Don't mention SSL/TLS versions here. Some minor other
+ fixes.
+
+2008-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/openpgp.h: For compatibility.
+
+2008-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/openpgp/openpgp.h: Remove all external APIs already declared
+ in includes/gnutls/openpgp.h.
+
+2008-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/compat.h, lib/openpgp/pgp.c: Re-add
+ gnutls_openpgp_crt_get_id to avoid breaking ABI.
+
+2008-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention gnutls_openpgp_keyid_t.
+
+2008-02-18 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/vasnprintf.m4, lgl/vasnprintf.c: Update gnulib files.
+
+2008-02-17 Nikos <nmav@crystal.(none)>
+
+ * lib/x509/x509.c: corrected string handling in parse_general_name.
+ Thanks to Andreas Metzler for pointing out.
+
+2008-02-17 Nikos <nmav@crystal.(none)>
+
+ * NEWS, lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_x509.c:
+ Increased the default certificate verification chain limits and
+ allowed for checks without limitation.
+
+2008-02-17 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_priority.c: corrected previous fix in priorities
+ handling.
+
+2008-02-17 Nikos <nmav@crystal.(none)>
+
+ * NEWS, lib/auth_dh_common.c, lib/gnutls_auth.c,
+ lib/gnutls_session.c, lib/gnutls_session_pack.c: Corrected memory
+ leaks in session resuming and DHE ciphersuites. Reported by Daniel
+ Stenberg.
+
+2008-02-15 Nikos <nmav@crystal.(none)>
+
+ * NEWS: documented the gnutls_x509_crt_get_subject_alt_name fix.
+
+2008-02-15 Nikos <nmav@crystal.(none)>
+
+ * lib/x509/x509.c: null terminate only printable strings.
+
+2008-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-des-idea-00.txt: Add.
+
+2008-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-04.txt: Add.
+
+2008-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp_sb64.c: Doc fixes, to clarify that srp_base64 !=
+ base64. Based on discussion in
+
+ <http://thread.gmane.org/gmane.network.gnutls.general/1039/focus=1042>.
+
+2008-02-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-03.txt,
+ doc/protocol/draft-ietf-tls-rfc4346-bis-09.txt,
+ doc/protocol/draft-ietf-tls-rsa-aes-gcm-02.txt: Add.
+
+2008-02-07 Nikos <nmav@crystal.(none)>
+
+ * : commit 5178625a7e120fdf7b859f52848aa9cc69574268 Author: Nikos
+ <nmav@crystal.(none)> Date: Thu Feb 7 18:15:26 2008 +0200
+
+2008-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, Makefile.am, maint-cfg.mk: Brace expansion is not
+ POSIX portable.
+
+2008-02-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-02-04 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: When --debug is given, also print libgcrypt RNG
+ information.
+
+2008-02-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/gnutls.texi: Add 'On Record Padding' section.
+
+2008-02-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Re-order indices so they are last in the PDF.
+
+2008-02-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Merge in 2.2.1 release notes.
+
+2008-02-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: Make it compile.
+
+2008-02-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h: Drop SIZEOF_UNSIGNED_LONG_INT, it's done in
+ configure.in now.
+
+2008-02-03 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/md4.m4, lgl/m4/md5.m4, lgl/m4/sha1.m4,
+ lgl/m4/unistd_h.m4, lgl/md2.c, lgl/md2.h, lgl/md4.c, lgl/md4.h,
+ lgl/md5.c, lgl/md5.h, lgl/sha1.c, lgl/sha1.h, lgl/unistd.in.h:
+ Update gnulib files.
+
+2008-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/structure.c: Update libtasn1 to 1.3.
+
+2008-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/unistd_h.m4, lgl/unistd.in.h,
+ lgl/vasnprintf.c: Update gnulib files.
+
+2008-01-27 Nikos <nmav@crystal.(none)>
+
+ * src/certtool.c: some updates
+
+2008-01-27 Nikos <nmav@crystal.(none)>
+
+ * includes/gnutls/openpgp.h: new definitions
+
+2008-01-26 Nikos <nmav@crystal.(none)>
+
+ * : commit 2d73da902a2a983cf146d32e7528f8d5d3efc287 Author: Nikos
+ <nmav@crystal.(none)> Date: Sat Jan 26 23:08:18 2008 +0200
+
+2008-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc5077.txt: Add.
+
+2008-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-08.txt: Add.
+
+2008-01-25 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_openpgp.c, lib/openpgp/extras.c: updates in openpgp
+ keyring handling.
+
+2008-01-25 Nikos <nmav@crystal.(none)>
+
+ * lib/opencdk/Makefile.am, lib/opencdk/keydb.c,
+ lib/opencdk/keydb.h, lib/opencdk/opencdk.h: Modified the search to
+ include a state.
+
+2008-01-25 Nikos <nmav@crystal.(none)>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: print keyrings
+
+2008-01-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Simplify output.
+
+2008-01-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Fix paths.
+
+2008-01-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version so we are higher than gnutls 2.2.x but
+ remain compatible. This will avoid shared library name conflicts
+ with 2.2.x, and also that any 2.3.x libraries will always be
+ prefered over 2.2.x.
+
+2008-01-19 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, gl/error.h, lgl/Makefile.am,
+ lgl/gc-libgcrypt.c, lgl/m4/gnulib-comp.m4, lgl/m4/string_h.m4,
+ lgl/memmem.c, lgl/stdio.in.h, lgl/str-two-way.h, lgl/string.in.h,
+ lgl/vasnprintf.h: Update gnulib files.
+
+2008-01-17 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Update Ludovic's e-mail.
+
+2008-01-17 Simon Josefsson <simon@josefsson.org>
+
+ * guile/tests/openpgp-auth.scm: Also test dhe-rsa.
+
+2008-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/Makefile.am, libextra/openpgp/compat.c,
+ libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
+ libextra/openpgp/pgpverify.c, libextra/openpgp/privkey.c: Remove
+ openpgp files moved to lib/openpgp/.
+
+2008-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix pgp-api.texi move.
+
+2008-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc2440.txt: Fix chmod.
+
+2008-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4366-bis-01.txt: Add.
+
+2008-01-14 Nikos <nmav@crystal.(none)>
+
+ * : commit c6093b9df165dfbfbce8922e2192eedba5303f08 Author: Nikos
+ <nmav@crystal.(none)> Date: Mon Jan 14 21:08:18 2008 +0200
+
+2008-01-14 Nikos <nmav@crystal.(none)>
+
+ * NEWS: documented more changes.
+
+2008-01-14 Nikos <nmav@crystal.(none)>
+
+ * tests/openpgp/keyring.c: changes for the new api
+
+2008-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/alloca.m4, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/memmem.m4, lgl/string.in.h: Use
+ gnulib's memmem-simple instead.
+
+2008-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove libextra/minilozo/Makefile.
+
+2008-01-14 Nikos <nmav@crystal.(none)>
+
+ * includes/gnutls/openpgp.h, lib/openpgp/privkey.c, src/certtool.c:
+ openpgp_privkey_export() has parameters to export encrypted secret
+ keys. Added for future compatibility.
+
+2008-01-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rsa-aes-gcm-01.txt: Add.
+
+2008-01-13 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_openpgp.c: use the first valid subkey if an
+ authentication subkey is not found.
+
+2008-01-13 Nikos <nmav@crystal.(none)>
+
+ * NEWS, includes/gnutls/compat.h, includes/gnutls/openpgp.h,
+ lib/openpgp/openpgp.h, lib/openpgp/output.c, lib/openpgp/pgp.c,
+ lib/openpgp/pgpverify.c, lib/openpgp/privkey.c, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Additions to
+ make certtool print information on openpgp keys.
+
+2008-01-13 Nikos <nmav@crystal.(none)>
+
+ * NEWS: documented changes.
+
+2008-01-13 Nikos <nmav@crystal.(none)>
+
+ * README, configure.in, includes/gnutls/gnutls.h.in,
+ includes/gnutls/openpgp.h, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_errors.c, lib/gnutls_extra_hooks.c,
+ lib/gnutls_extra_hooks.h, lib/gnutls_openpgp.c, lib/gnutls_state.c,
+ lib/opencdk/Makefile.am, lib/opencdk/README, lib/opencdk/armor.c,
+ lib/opencdk/context.h, lib/opencdk/dummy.c, lib/opencdk/filters.h,
+ lib/opencdk/hash.c, lib/opencdk/kbnode.c, lib/opencdk/keydb.c,
+ lib/opencdk/literal.c, lib/opencdk/main.c, lib/opencdk/main.h,
+ lib/opencdk/misc.c, lib/opencdk/new-packet.c,
+ lib/opencdk/opencdk.h, lib/opencdk/packet.h, lib/opencdk/pubkey.c,
+ lib/opencdk/read-packet.c, lib/opencdk/seskey.c,
+ lib/opencdk/sig-check.c, lib/opencdk/stream.c,
+ lib/opencdk/stream.h, lib/opencdk/types.h, lib/opencdk/verify.c,
+ lib/opencdk/write-packet.c, lib/openpgp/Makefile.am,
+ lib/openpgp/compat.c, lib/openpgp/extras.c,
+ lib/openpgp/gnutls_openpgp.h, lib/openpgp/openpgp.h,
+ lib/openpgp/output.c, lib/openpgp/pgp.c, lib/openpgp/pgpverify.c,
+ lib/openpgp/privkey.c, libextra/Makefile.am,
+ libextra/gnutls_extra.c, libextra/gnutls_openpgp.c,
+ libextra/opencdk/Makefile.am, libextra/opencdk/README,
+ libextra/opencdk/armor.c, libextra/opencdk/cipher.c,
+ libextra/opencdk/compress.c, libextra/opencdk/context.h,
+ libextra/opencdk/dummy.c, libextra/opencdk/filters.h,
+ libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
+ libextra/opencdk/literal.c, libextra/opencdk/main.c,
+ libextra/opencdk/main.h, libextra/opencdk/misc.c,
+ libextra/opencdk/new-packet.c, libextra/opencdk/opencdk.h,
+ libextra/opencdk/packet.h, libextra/opencdk/pubkey.c,
+ libextra/opencdk/read-packet.c, libextra/opencdk/seskey.c,
+ libextra/opencdk/sig-check.c, libextra/opencdk/stream.c,
+ libextra/opencdk/stream.h, libextra/opencdk/types.h,
+ libextra/opencdk/verify.c, libextra/opencdk/write-packet.c,
+ src/Makefile.am, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/cli.c, src/serv.c,
+ src/tls_test.c: merged the openpgp branch to head\!
+
+2008-01-12 Nikos <nmav@crystal.(none)>
+
+ * libextra/Makefile.am: Added fix by Alon to avoid linking against
+ /usr/lib/libgnutls.so.
+
+2008-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, maint-cfg.mk: Re-add config.rpath hack, since gnulib
+ updated config.rpath.
+
+2008-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/config.rpath, lgl/Makefile.am, lgl/dummy.c,
+ lgl/m4/eealloc.m4, lgl/m4/gnulib-comp.m4, lgl/m4/malloca.m4,
+ lgl/malloca.c, lgl/malloca.h, lgl/malloca.valgrind, lgl/memmem.c,
+ lgl/printf-parse.c: Update gnulib files.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.3.0.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Sync with TP.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Sync with TP.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Further LZO fixes.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Cleanup after LZO removal.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, doc/gnutls.texi, libextra/Makefile.am,
+ libextra/minilzo/Makefile.am, libextra/minilzo/README.LZO,
+ libextra/minilzo/lzoconf.h, libextra/minilzo/lzodefs.h,
+ libextra/minilzo/minilzo.c, libextra/minilzo/minilzo.h,
+ libextra/minilzo/testmini.c: Remove LZO compression support.
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Call git-push (git-push --tags doesn't push
+ changes..).
+
+2008-01-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, gl/progname.c, lgl/m4/memmem.m4, lgl/memmem.c: Update gnulib
+ files.
+
+2008-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_server_name.c: Handle more than one server name field
+ correctly. Tiny patch from mark.phillips@virgin.net.
+
+2008-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Drop -D_REENTRANT -D_THREAD_SAFE, not needed as far
+ as I can tell.
+
+2008-01-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2008-01-04 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/ms.po: Sync with TP.
+
+2008-01-04 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Sync with TP.
+
+2008-01-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Bump copyright years.
+
+2008-01-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Remove dupe entry.
+
+2008-01-02 Simon Josefsson <simon@josefsson.org>
+
+ * gl/fseeko.c, gl/m4/gnulib-comp.m4, gl/progname.c,
+ gl/version-etc.c, lgl/Makefile.am, lgl/float.in.h,
+ lgl/m4/float_h.m4, lgl/m4/gnulib-comp.m4, lgl/m4/memmem.m4,
+ lgl/m4/stdlib_h.m4, lgl/m4/string_h.m4, lgl/m4/unistd_h.m4,
+ lgl/memmem.c, lgl/stdint.in.h, lgl/stdlib.in.h, lgl/string.in.h,
+ lgl/unistd.in.h: Update gnulib files.
+
+2008-01-02 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/dummy.c, lgl/m4/eealloc.m4, lgl/m4/malloca.m4,
+ lgl/m4/memchr.m4, lgl/m4/memcmp.m4, lgl/malloca.c, lgl/malloca.h,
+ lgl/malloca.valgrind, lgl/memchr.c, lgl/memcmp.c: Update gnulib
+ files.
+
+2008-01-02 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.gitignore, lgl/.gitignore: Remove .gitignore's from gnulib.
+
+2007-12-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-02.txt,
+ doc/protocol/draft-ietf-tls-extractor-00.txt: Add.
+
+2007-12-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Doc fixes.
+
+2007-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-hajjeh-tls-sign-04.txt: Add.
+
+2007-12-15 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_state.c: Fix for certificate selection in servers with
+ certificate callbacks.
+
+2007-12-16 Nikos <nmav@crystal.(none)>
+
+ * : 1 2 lib/gnutls_state.c
+
+2007-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h: Bump versions.
+
+2007-12-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Merge in old NEWS entries.
+
+2007-12-14 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/nl.po, po/pl.po, po/sv.po: Sync with TP.
+
+2007-12-13 Simon Josefsson <simon@josefsson.org>
+
+ * .cvscopying: Add 2007.
+
+2007-12-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-12-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: If the server has a callback, the search for a
+ valid certificate will fail. Patch from Nikos.
+
+2007-12-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-hajjeh-tls-identity-protection-02.txt: Add.
+
+2007-12-12 Ludovic Courtès <ludo@gnu.org>
+
+ * : commit a37e52e18a625138cb0e3441023e2ac9fbb62552 Author: Ludovic
+ Courtès <ludo@gnu.org> Date: Tue Dec 11 18:23:15 2007 +0100
+
+2007-12-11 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm: Update Guile OpenPGP test cases to use
+ the new names. * guile/tests/*.scm: Substitute `certificate' to `public-key' in
+ tests using the OpenPGP API.
+
+2007-12-11 Ludovic Courtès <ludo@gnu.org>
+
+ * doc/guile.texi: Update OpenPGP names in Guile examples. * doc/guile.texi (Guile Examples): Substitute `certificate' to `public-key' in OpenPGP examples.
+
+2007-12-11 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/modules/gnutls.scm, guile/modules/gnutls/extra.scm,
+ guile/pre-inst-guile.in, guile/src/Makefile.am: Bump Guile glue
+ libraries version number. * guile/modules/gnutls.scm: Load `libguile-gnutls-v-1'. * guile/modules/gnutls/extra.scm: Load `libguile-gnutls-extra-v-1'. * guile/pre-inst-guile.in: Load `v-1' libraries. * guile/src/Makefile.am (lib_LTLIBRARIES): Bump libraries from `v-0'
+ to `v-1'. Update all variables.
+
+2007-12-11 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/extra.scm, guile/src/extra.c: Substitute
+ `certificate' to `public-key' in `(gnutls extra)'. * guile/modules/gnutls/build/enums.scm (%openpgp-key-format-enum): Rename to... (%openpgp-certificate-format-enum): This. (%gnutls-extra-enums): Update. * guile/modules/gnutls/build/smobs.scm (%openpgp-public-key-smob): Rename to... (%openpgp-certificate-smob): This. (%gnutls-extra-smobs): Update. * guile/modules/gnutls/extra.scm: Substitute all `certificate' in
+ all `public-key' names. Add backward-compatible bindings. * guile/src/extra.c: Substitute `certificate' to `public-key'.
+
+2007-12-11 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, maint-cfg.mk: Remove config.rpath hack.
+
+2007-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Make --verify-chain support larger inputs than
+ 64kb.
+
+2007-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Re-order gettext invocation to avoid autoconf
+ warnings.
+
+2007-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.8.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: GPLv3 typo.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Doc fix.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, maint-cfg.mk: Gettext 0.17 to solve -L
+ problem.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: GPLv3.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * gl/version-etc.c: Revert local gnulib override regarding GPLv3.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/credentials/Makefile.am,
+ doc/extract-guile-c-doc.scm, doc/guile.texi, gl/Makefile.am,
+ guile/modules/gnutls/extra.scm,
+ guile/modules/system/documentation/c-snarf.scm,
+ guile/modules/system/documentation/output.scm,
+ guile/pre-inst-guile.in, guile/src/extra.c,
+ guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/openpgp-keys.scm, includes/Makefile.am: More GPLv3
+ fixes.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/lib/version-etc.c.diff: More GPLv3 fixes.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gpl-3.0.texi: Use GPLv3 in manual.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi, doc/gpl-2.0.texi, gl/gnulib.mk,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Use GPLv3 in manual.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, doc/examples/Makefile.am, doc/manpages/Makefile.am,
+ includes/gnutls/extra.h, includes/gnutls/openssl.h,
+ libextra/Makefile.am, libextra/gnutls_extra.h,
+ libextra/libgnutls-extra.vers, libextra/openpgp/Makefile.am,
+ libextra/openssl_compat.h, maint-cfg.mk: GPLv3 fixes.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am, src/common.c, src/list.h, src/serv.c: Use GPLv3
+ in src/.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/anonself.c, tests/certder.c,
+ tests/certificate_set_x509_crl.c, tests/dhepskself.c, tests/dn.c,
+ tests/gc.c, tests/hostname-check/Makefile.am,
+ tests/hostname-check/hostname-check.c, tests/key-id/Makefile.am,
+ tests/key-id/key-id, tests/nist-pkits/pkits,
+ tests/nist-pkits/pkits_crl, tests/nist-pkits/pkits_crt,
+ tests/nist-pkits/pkits_pkcs12, tests/nist-pkits/pkits_smime,
+ tests/openpgp/Makefile.am, tests/openpgp/keyring.c,
+ tests/openssl.c, tests/oprfi.c, tests/parse_ca.c,
+ tests/pathlen/Makefile.am, tests/pathlen/pathlen,
+ tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
+ tests/pkcs12-decode/Makefile.am, tests/pkcs12-decode/pkcs12,
+ tests/pkcs8-decode/Makefile.am, tests/pkcs8-decode/pkcs8,
+ tests/pskself.c, tests/resume.c,
+ tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/rsa-md5-collision, tests/set_pkcs12_cred.c,
+ tests/sha2/Makefile.am, tests/sha2/sha2, tests/simple.c,
+ tests/tlsia.c, tests/userid/Makefile.am, tests/userid/userid,
+ tests/utils.c, tests/utils.h, tests/x509paths/chain,
+ tests/x509self.c, tests/x509signself.c: Use GPLv3 for self-tests.
+
+2007-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/config.rpath, build-aux/gendocs.sh, doc/fdl.texi,
+ doc/gendocs_template, gl/fseeko.c, gl/gai_strerror.c,
+ gl/getaddrinfo.c, gl/getaddrinfo.h, gl/getdelim.c, gl/getline.c,
+ gl/getpass.c, gl/getpass.h, gl/inet_ntop.c, gl/inet_ntop.h,
+ gl/lseek.c, gl/m4/getdelim.m4, gl/m4/getline.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4, gl/m4/strerror.m4,
+ gl/netinet_in.in.h, gl/strdup.c, gl/strerror.c, gl/version-etc.c,
+ lgl/Makefile.am, lgl/m4/gettext.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/iconv.m4, lgl/m4/intdiv0.m4, lgl/m4/intl.m4,
+ lgl/m4/intlmacosx.m4, lgl/m4/intmax_t.m4, lgl/m4/lib-link.m4,
+ lgl/m4/lock.m4, lgl/m4/longlong.m4, lgl/m4/po.m4,
+ lgl/m4/printf-posix.m4, lgl/m4/stdio_h.m4, lgl/m4/stdlib_h.m4,
+ lgl/m4/string_h.m4, lgl/m4/uintmax_t.m4, lgl/m4/ulonglong.m4,
+ lgl/m4/unistd_h.m4, lgl/m4/vasnprintf.m4, lgl/m4/wint_t.m4,
+ lgl/printf-parse.c, lgl/realloc.c, lgl/stdlib.in.h,
+ lgl/string.in.h, lgl/unistd.in.h, lgl/vasnprintf.c: Update gnulib.
+
+2007-12-09 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_v2_compat.c: user_hello_func is call always. Even when
+ resuming a session.
+
+2007-12-09 Nikos <nmav@crystal.(none)>
+
+ * src/common.c: print session ID
+
+2007-12-07 System User <nmav@crystal.(none)>
+
+ * NEWS: license update
+
+2007-12-07 System User <nmav@crystal.(none)>
+
+ * COPYING, libextra/gnutls_extra.c, libextra/gnutls_ia.c,
+ libextra/gnutls_openpgp.c, libextra/gnutls_openssl.c,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
+ libextra/openpgp/privkey.c, libextra/openssl_compat.c,
+ src/certtool-cfg.c, src/certtool.c, src/cli.c, src/common.c,
+ src/crypt.c, src/prime.c, src/psk.c, src/serv.c, src/tests.c,
+ src/tls_test.c: GPL parts under GPLv3
+
+2007-12-06 System User <nmav@crystal.(none)>
+
+ * lib/gnutls_record.c: It seems we were ahead of our time.
+
+2007-12-06 System User <nmav@crystal.(none)>
+
+ * NEWS, lib/gnutls_record.c: Revert "We now ignore received packets
+ with unknown content types" This reverts commit 4a19fd59da474b3de977a925fd91578db7e3d4a1.
+
+2007-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Doc fix.es
+
+2007-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Typo fix. Tiny patch from Daniel Kahn Gillmor
+ <dkg-debian.org@fifthhorseman.net>.
+
+2007-12-04 Nikos <nmav@crystal.(none)>
+
+ * : commit bd3b0f49c966277e91f57c64cfcc720cbebb4a73 Author: Nikos
+ <nmav@crystal.(none)> Date: Tue Dec 4 22:05:25 2007 +0200
+
+2007-12-04 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Overwrite autopoint files with gnulib files.
+
+2007-12-03 Nikos <nmav@crystal.(none)>
+
+ * : commit dac01d7279eb28e7c5909d53bf346206f10319b5 Author: Nikos
+ <nmav@crystal.(none)> Date: Mon Dec 3 20:05:32 2007 +0200
+
+2007-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2007-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2007-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump to indicate added ABI.
+
+2007-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Copy, don't remove... to fix Makefile.in hard-coded
+ links to m4 filenames.
+
+2007-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Remove gettext havelib files.
+
+2007-12-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/privkey_pkcs8.c: Indent.
+
+2007-12-03 Nikos <nmav@crystal.(none)>
+
+ * : 3 0 NEWS
+
+2007-12-02 Nikos <nmav@crystal.(none)>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/x509.c: added
+ gnutls_x509_crt_get_subject_alt_name2 to overcome some limitations
+ of the original function.
+
+2007-12-02 Nikos <nmav@crystal.(none)>
+
+ * : 1 1 lib/x509/x509.c
+
+2007-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * : commit b6e4b1ff3f7ef8a8d26f2e89c0bc50d2fc9d23f4 Author: Nikos
+ <nmav@crystal.(none)> Date: Sat Dec 1 08:25:34 2007 +0200
+
+2007-11-30 Nikos <nmav@crystal.(none)>
+
+ * configure.in, lib/x509/dsa.c, src/certtool.c: Depend on libgcrypt
+ 1.2.4 again (lose DSA2 functionality).
+
+2007-11-30 Nikos <nmav@crystal.(none)>
+
+ * lib/gnutls_priority.c: Added SECURE256 and SECURE128 level.
+
+2007-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.7.
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * : 2 2 lib/gnutls_priority.c
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * lib/auth_srp_passwd.c: more assertions.
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * lib/auth_srp.c: more assertions
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * lib/auth_srp.c: added assertion.
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * src/serv.c: fix in priority_set
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * includes/gnutls/gnutlsxx.h: updated the gnutlsxx interface
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * includes/gnutls/gnutls.h.in, lib/gnutls_priority.c: more updates
+ for priority functions.
+
+2007-11-28 Nikos <nmav@crystal.(none)>
+
+ * doc/examples/ex-cert-select.c, doc/examples/ex-client-resume.c,
+ doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, lib/gnutls_priority.c, lib/gnutlsxx.cpp,
+ src/cli.c, src/serv.c: Return the string position in case of an
+ error in the priority functions.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Typo.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Give example for %COMPAT.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Rename HIGH to SECURE.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Re-add aes-256 so we don't fail to
+ negotiate it in case end only supports it. Doc fixes.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Doc fixes. Fix warnings.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Re-indent.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * po/ms.po: Sync with TP.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
+ lib/gnutls_priority.c: Re-add gnutls_set_default_priority and
+ gnutls_set_default_export_priority.
+
+2007-11-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-07.txt: Add.
+
+2007-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc5054.txt: Add.
+
+2007-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-rescorla-tls-extractor-01.txt: Add.
+
+2007-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 1 1 lib/gnutls_priority.c
+
+2007-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: corrected bug in the new read_mpis
+
+2007-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.c:
+ export_int was simplified are no artificial limits are imposed any
+ more
+
+2007-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: variables for the time functions are not more
+ rational.
+
+2007-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/mpi.c: in RSA certificate parameters
+ no artificial limits are imposed any more
+
+2007-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey_pkcs8.c: corrected documentation
+
+2007-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/privkey.c,
+ lib/x509/privkey.h, lib/x509/privkey_pkcs8.c: added support for PKCS
+ #8 decoding of DSA keys.
+
+2007-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c, lib/x509/privkey_pkcs8.c: added ability to write
+ DSA private keys.
+
+2007-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select.c, doc/examples/ex-serv1.c: examples
+ now compile
+
+2007-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 3 3 doc/examples/ex-cert-select.c
+
+2007-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
+ doc/examples/ex-client2.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
+ doc/gnutls.texi, includes/gnutls/compat.h,
+ includes/gnutls/gnutls.h.in, includes/gnutls/gnutlsxx.h,
+ lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutlsxx.cpp,
+ src/cli.c, src/common.c, src/serv.c: new era of priority functions.
+
+2007-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c, lib/gnutls_algorithms.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_state.c:
+ cleanup the priority functionality
+
+2007-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: links to rfc 5054 (srp)
+
+2007-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat.h: updated the priority compatibility
+ functions
+
+2007-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/gnutls.texi, includes/gnutls/gnutls.h.in,
+ lib/gnutls_priority.c, lib/gnutls_state.h: added
+ gnutls_check_priority() to check syntax of priority strings.
+
+2007-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_v2_compat.c: Renegotiate the protocol version after the
+ user_hello_func has been called
+
+2007-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select.c, doc/examples/ex-client-srp.c,
+ includes/gnutls/gnutlsxx.h, lib/gnutls_priority.c, lib/gnutlsxx.cpp:
+ fixes for the new gnutls_set_priority().
+
+2007-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: The gnutls_*_convert_priority() functions were
+ deprecated by the gnutls_set_priority()
+
+2007-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_priority.c: The gnutls_*_convert_priority()
+ functions were deprecated by the gnutls_set_priority()
+
+2007-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/examples/ex-client-resume.c,
+ doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/gnutls.texi, includes/gnutls/compat.h,
+ includes/gnutls/gnutls.h.in, includes/gnutls/gnutlsxx.h,
+ lib/gnutls_algorithms.h, lib/gnutls_priority.c, lib/gnutlsxx.cpp,
+ src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: added
+ gnutls_set_priority() to replace gnutls_set_default_priority2().
+
+2007-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/keydb.c, libextra/opencdk/seskey.c: Re-apply
+ opencdk fixes that were lost in 0.6.6 upgrade.
+
+2007-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, libextra/opencdk/cipher.c, libextra/opencdk/keydb.c,
+ libextra/opencdk/opencdk.h, libextra/opencdk/seskey.c,
+ libextra/opencdk/stream.c: Use OpenCDK 0.6.6.
+
+2007-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.6.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h: Revert rename of
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM. Instead we add a new
+ GNUTLS_E_UNKNOWN_ALGORITHM.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Revert rename of
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM. Instead we add a new
+ GNUTLS_E_UNKNOWN_ALGORITHM.
+
+2007-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Revert rename of
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM. Instead we add a new
+ GNUTLS_E_UNKNOWN_ALGORITHM.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/seskey.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/keydb.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_anon_cred.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Doc fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Doc fixes.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/extra.h: Move compat
+ stuff to compat.h.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/extra.c: Use new APIs.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * guile/modules/gnutls/build/enums.scm: Typo.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/smobs.scm: Update API.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * guile/modules/gnutls/build/enums.scm: Add unknown-algorithm (new
+ name of unknown-hash-algorithm).
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * guile/modules/gnutls/build/enums.scm: Remove openpgp trustdb
+ error.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/gnutls.h.in: Move compat
+ mappings to compat.h.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/common.c: Use new API.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-export.c, lib/auth_cert.h,
+ libextra/gnutls_openpgp.c: Use new API.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openpgp.c: Don't use trustdb error code.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp: Use new API in C++
+ library.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Use new API.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/gnutls.h.in,
+ includes/gnutls/openpgp.h: Move compat mappings to compat.h.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h: Fix.
+
+2007-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h: Remove trustdb error code, since we
+ removed all functions.
+
+2007-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_compress_int.c: some updates in the compression code
+
+2007-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_record.c: Corrected bug in
+ decompression of expanded compression data.
+
+2007-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c: When decompressed data are more than the
+ record max size warn using GNUTLS_E_DECOMPRESSION_FAILED.
+
+2007-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 1 1 src/certtool.gaa
+
+2007-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in, lib/gnutls_cert.c, src/tls_test.c:
+ Applied documentation and prototype fixes reported by Evan Martin
+ <martine@danga.com>.
+
+2007-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: updated the links to openpgp draft
+
+2007-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Add warnings about messages used by Emacs tls.el.
+
+2007-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc5081.txt: Add.
+
+2007-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.5.
+
+2007-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump ABI to 25.
+
+2007-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-06.txt: Add.
+
+2007-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-cfg.c, src/crypt-gaa.c: certtool now prints defaults.
+
+2007-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c: The pkcs3 parameters are now corrected
+ exported (without sign).
+
+2007-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/crypt.gaa: parameters -> group parameters
+
+2007-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, Makefile.am, NEWS, README, THANKS,
+ build-aux/config.rpath, configure.in, doc/Makefile.am,
+ doc/gnutls.texi, includes/gnutls/extra.h,
+ includes/gnutls/openpgp.h, includes/gnutls/pkcs12.h,
+ includes/gnutls/x509.h, lib/Makefile.am, lib/auth_anon.c,
+ lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/debug.c, lib/debug.h, lib/defines.h,
+ lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
+ lib/ext_max_record.h, lib/ext_server_name.c, lib/ext_server_name.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_auth_int.h, lib/gnutls_buffer.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
+ lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_psk.c,
+ lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session.h, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/io_debug.h,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
+ lib/x509/dn.c, lib/x509/dn.h, lib/x509/dsa.c, lib/x509/dsa.h,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/mpi.c,
+ lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
+ lib/x509/privkey.c, lib/x509/privkey.h, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818.h, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/verify.c, lib/x509/verify.h, lib/x509/x509.c,
+ lib/x509/x509.h, lib/x509/x509_write.c, lib/x509_b64.c,
+ lib/x509_b64.h, libextra/Makefile.am, libextra/gnutls_extra.c,
+ libextra/gnutls_extra.h, libextra/openpgp/Makefile.am,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
+ libextra/openpgp/privkey.c, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, src/certtool.c, src/cli.c, src/common.c,
+ src/crypt.c, src/prime.c, src/serv.c, src/tests.c, src/tls_test.c:
+ Changed my name to my "official" name.
+
+2007-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/gnutls.h.in: Moved some
+ old defines to compat.c.
+
+2007-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutlsxx.vers, libextra/libgnutls-extra.vers: Updated the
+ ld version.
+
+2007-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Fix gnutls_set_default_priority and
+ gnutls_set_default_export priority. The old functions returned an
+ error code, need to fake it.
+
+2007-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Reorder release target, to do disconnected ops first,
+ and to avoid losing tags.
+
+2007-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
+ lgl/stdint.in.h: Update gnulib files.
+
+2007-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: Used the original libtool library version.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.4.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h: Add for backwards compatibility.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix typo.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/config.rpath, gl/m4/gnulib-common.m4, gl/strerror.c,
+ lgl/m4/gnulib-common.m4, lgl/m4/ulonglong.m4, lgl/stdbool.in.h,
+ lgl/stdint.in.h: Update gnulib files.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/cipher.c, libextra/opencdk/keydb.c,
+ libextra/opencdk/new-packet.c, libextra/opencdk/opencdk.h,
+ libextra/opencdk/seskey.c: Sync with OpenCDK 0.6.5.
+
+2007-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: quick-random option was removed since it is now
+ the default.
+
+2007-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 1 2 lib/gnutls_algorithms.c
+
+2007-10-26 Ludovic Courtès <ludo@gnu.org>
+
+ * doc/README.CODING_STYLE: Add doc about maintenance of the Guile
+ bindings.
+
+2007-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * : commit d3ebcb4c39cd2e7650694e08faad5a7ca57c662e Author: Simon
+ Josefsson <simon@josefsson.org> Date: Thu Oct 25 21:51:38 2007
+ +0200
+
+2007-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: added some text for the debugging functions.
+
+2007-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2007-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Reorder and simplify.
+
+2007-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Doc fix.
+
+2007-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 867ffe404fbc7e16a543d2314bca85d613a902ef Author: Nikos
+ Mavrogiannopoulos <nmav@gnutls.org> Date: Wed Oct 24 23:48:27 2007
+ +0300
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 2 2 doc/examples/ex-serv-pgp.c
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, includes/gnutls/gnutls.h.in,
+ lib/gnutls_priority.c: Introduced GNUTLS_PRIORITIES_SECURITY_NORMAL
+ and GNUTLS_PRIORITIES_SECURITY_HIGH
+
+2007-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 74200139866f14efc4cbabeec8c6698982327296 Author: Nikos
+ Mavrogiannopoulos <nmav@gnutls.org> Date: Wed Oct 24 18:33:00 2007
+ +0300
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_v2_compat.c: The user handshake callback function is
+ now called on SSLv2 hello messages.
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/examples/ex-client-resume.c,
+ doc/examples/ex-client-srp.c, doc/examples/ex-client-tlsia.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, includes/gnutls/gnutls.h.in,
+ lib/gnutls_priority.c, src/cli.c, src/serv.c: Added
+ gnutls_set_default_priority2() and deprecated
+ gnutls_set_default_priority().
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 4 0 doc/manpages/certtool.1
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: added news entry for --disable-quick-random
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
+ src/cli.c, src/serv.c: /dev/urandom is used now by default for key
+ generation. The option --disable-quick-random was introduced.
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-serv-export.c, doc/examples/ex-serv1.c: updated
+ some examples.
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: The library version is now 14 instead of 24. (14 is
+ greater than our current 13).
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/examples/ex-serv1.c, includes/gnutls/gnutls.h.in,
+ lib/gnutls_state.c, src/serv.c, src/tests.c, src/tests.h: Introduced
+ gnutls_session_enable_compatibility_mode() to allow enabling all
+ supported compatibility options (like disabling padding). Some other
+ bug fixes in tls-test.c.
+
+2007-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-client-srp.c, doc/gnutls.texi: Added some
+ documentation for the new convert functions.
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: renamed zlib to deflate
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/libgnutls.vers: Updata gnutls.vers
+ since we changed our interfaces and some other fixes.
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 2 2 lib/gnutls_algorithms.c
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/tcp.c: Added copyright notices to examples
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in: corrected the prototypes
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: replaced UNKNOWN_HASH_ALGORITHM WITH
+ UNKNOWN_ALGORITHM
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in: corrected typo.
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 1 1 lib/gnutls_record.c
+
+2007-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_priority.c: Updated
+ the priority functions to be more compatible to our interface and
+ avoid parsing on every session generation. The current approach
+ stores parsed data to our integer format.CG:
+
+ -----------------------------------------------------------------------
+
+2007-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_int.h,
+ lib/gnutls_record.c: Added gnutls_record_disable_padding() to allow
+ servers talk to buggy clients that complain if TLS 1.0 padding is
+ used.
+
+2007-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_errors.c,
+ lib/gnutls_priority.c, lib/gnutls_record.c: Added new priority
+ functions that accept text instead of integers.
+
+2007-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * build-aux/config.rpath, lib/gnutls_buffers.c, lib/gnutls_record.c:
+ Removed some ancient non-used functions.
+
+2007-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit 628c62e935effc1c276fa6e4ae653f8488e017be Author: Nikos
+ Mavrogiannopoulos <nmav@gnutls.org> Date: Mon Oct 22 14:03:08 2007
+ +0300
+
+2007-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * po/de.po, po/ms.po, po/pl.po, po/sv.po: Sync with TP.
+
+2007-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/gc-camellia.m4: Add.
+
+2007-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/gc-libgcrypt.c, lgl/gc.h,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4: Update gnulib files.
+
+2007-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/config.rpath, build-aux/maint.mk, gl/error.c,
+ gl/error.h, gl/fseeko.c, gl/gnulib.mk, gl/inet_pton.c,
+ gl/inet_pton.h, gl/intprops.h, gl/m4/extensions.m4,
+ gl/m4/getaddrinfo.m4, gl/m4/getdelim.m4, gl/m4/getline.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/socklen.m4, gl/m4/strerror.m4,
+ gl/netinet_in.in.h, gl/netinet_in_.h, gl/progname.c, gl/progname.h,
+ gl/readline.c, gl/readline.h, gl/strerror.c, gl/version-etc-fsf.c,
+ gl/version-etc.c, gl/version-etc.h, lgl/Makefile.am,
+ lgl/alloca.in.h, lgl/alloca_.h, lgl/dummy.c, lgl/float.in.h,
+ lgl/float_.h, lgl/gc-gnulib.c, lgl/gc-libgcrypt.c, lgl/gc.h,
+ lgl/m4/extensions.m4, lgl/m4/gnulib-comp.m4, lgl/m4/lock.m4,
+ lgl/m4/longlong.m4, lgl/m4/memmem.m4, lgl/m4/socklen.m4,
+ lgl/m4/stdint.m4, lgl/m4/stdio_h.m4, lgl/m4/string_h.m4,
+ lgl/m4/strverscmp.m4, lgl/m4/ulonglong.m4, lgl/m4/vasprintf.m4,
+ lgl/printf-parse.c, lgl/realloc.c, lgl/stdbool.in.h,
+ lgl/stdbool_.h, lgl/stdint.in.h, lgl/stdint_.h, lgl/stdio.in.h,
+ lgl/stdio_.h, lgl/stdlib.in.h, lgl/stdlib_.h, lgl/string.in.h,
+ lgl/string_.h, lgl/sys_socket.in.h, lgl/sys_socket_.h,
+ lgl/sys_stat.in.h, lgl/sys_stat_.h, lgl/time.in.h, lgl/time_.h,
+ lgl/unistd.in.h, lgl/unistd_.h, lgl/vasnprintf.c, lgl/wchar.in.h,
+ lgl/wchar_.h: Update gnulib files.
+
+2007-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 07837c92f65f09b58c0ec55e3f49382ce0d71ba5 Author: Nikos
+ Mavrogiannopoulos <nmav@gnutls.org> Date: Fri Oct 19 22:05:28 2007
+ +0300
+
+2007-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/gnutls.texi, includes/gnutls/gnutls.h.in,
+ includes/gnutls/openpgp.h, lib/auth_cert.c, lib/gnutls_cert.c,
+ lib/gnutls_extra_hooks.c, lib/gnutls_extra_hooks.h,
+ lib/gnutls_state.c, libextra/gnutls_extra.c,
+ libextra/gnutls_openpgp.c, libextra/openpgp/compat.c,
+ libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
+ libextra/openpgp/pgpverify.c, libextra/openpgp/privkey.c,
+ src/common.c: Occurences of gnutls_openpgp_key were renamed to
+ gnutls_openpgp_cert, leaving an API compatibility layer.
+
+2007-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h,
+ lib/auth_cert.c, lib/gnutls_extra_hooks.c,
+ lib/gnutls_extra_hooks.h, libextra/gnutls_extra.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
+ libextra/openpgp/pgpverify.c: Renamed gnutls_openpgp_key_t to
+ gnutls_openpgp_cert_t
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Revert mistake removal.
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am, po/de.po, po/ms.po, po/pl.po, po/sv.po,
+ src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/serv-gaa.c,
+ src/serv-gaa.h, src/serv.gaa: Generated.
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.3.
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump ABI version.
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_int.h,
+ lib/gnutls_supplemental.c: Remove tls-authz.
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Remove tls-authz.
+
+2007-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, doc/examples/Makefile.am,
+ doc/examples/ex-client-authz.c, doc/examples/ex-serv-authz.c,
+ doc/reference/Makefile.am, includes/gnutls/gnutls.h.in,
+ lib/Makefile.am, lib/ext_authz.c, lib/ext_authz.h, src/cli.c,
+ src/cli.gaa, src/serv.c, src/serv.gaa: Remove TLS-authz.
+
+2007-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2007-10-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: Reenabled the 256 bit algorithms in the
+ default priorities.
+
+2007-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/auth_cert.h, lib/gnutls_cert.c,
+ lib/gnutls_errors.c, lib/gnutls_extra_hooks.c,
+ lib/gnutls_extra_hooks.h, libextra/gnutls_extra.c,
+ libextra/gnutls_openpgp.c, libextra/opencdk/main.h,
+ libextra/opencdk/sig-check.c, libextra/openpgp/compat.c,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/pgpverify.c: **
+ Corrected bugs in the openpgp certificate verification functions
+ using a keyring. Now it correctly verifies openpgp certificates. ** Removed the ancient pgpkeyserver support (which was not used
+ anywhere)
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.2.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-nir-tls-eap-02.txt: Add.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Wrap.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention enum's.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/gnutls.h.in: Move
+ deprecated SRP alerts to compat.h.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h: Add compatibility mapping for
+ GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED.
+
+2007-10-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Encode in shared library that we aren't backwards
+ compatible.
+
+2007-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: removed
+ references to trustdb
+
+2007-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/gnutls.texi, includes/gnutls/compat.h,
+ includes/gnutls/extra.h, includes/gnutls/gnutls.h.in,
+ includes/gnutls/openpgp.h, libextra/gnutls_openpgp.c,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/openpgp.h, libextra/openpgp/pgpverify.c: Removed
+ all the trustdb related code. It wasn't used and trustdbs are not
+ specified anywhere except pgp. Now we use the standard key rings.
+
+2007-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: more text
+
+2007-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_priority.c: The 256 bit ciphers are not enabled
+ in the default priorities.
+
+2007-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_algorithms.c, lib/gnutls_pk.c,
+ lib/x509/dsa.c, lib/x509/sign.c, src/certtool-gaa.c,
+ src/certtool.c, src/certtool.gaa: Added support for DSA2 (key sizes
+ for more than 1024 bits on DSA) via libgcrypt 1.3.0.
+
+2007-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: Updated documentation.
+
+2007-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 1 0 NEWS
+
+2007-10-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention certtool --quick-random.
+
+2007-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in: Added defines for the deprecated SRP
+ alert numbers.
+
+2007-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/extensions.c: added an assertion.
+
+2007-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_kx.c: Corrected an error in a parenthesis.
+
+2007-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit 72b99e94b1ecb51a2182645797e6153baeb60fc4 Author: Nikos
+ Mavrogiannopoulos <nmav@gnutls.org> Date: Tue Oct 9 11:37:45 2007
+ +0300
+
+2007-10-08 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/modules/gnutls.scm, guile/modules/gnutls/build/enums.scm:
+ Guile: Reflect SRP/PSK changes. * guile/modules/gnutls.scm (alert-description/unknown-srp-username, alert-description/missing-srp-username): Remove. (alert-description/unknown-psk-identity): New. * guile/modules/gnutls/build/enums.scm (%alert-description-enum): Likewise.
+
+2007-10-08 Ludovic Courtès <ludo@gnu.org>
+
+ * NEWS: Update `NEWS'.
+
+2007-10-08 Ludovic Courtès <ludo@gnu.org>
+
+ * configure.in: Fix configure-time Guile detection. * configure.in: Substitute `GUILE_LDFLAGS' into `LIBS', not
+ `LDFLAGS'. Patch by Nix <nix@esperi.org.uk>.
+
+2007-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : 1 1 doc/Makefile.am
+
+2007-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : commit 175526ddfe18f4c443fb31a676b8f1d50895b053 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Oct 8 12:57:03
+ 2007 +0300
+
+2007-10-08 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 1f24725c9a0b09e7a42ee18f2bb4c0fbac581b8f Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Oct 8 12:08:33
+ 2007 +0300
+
+2007-10-07 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/auth_srp.c: corrected possible size issue
+
+2007-10-07 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * NEWS, build-aux/config.rpath, doc/gnutls.texi,
+ includes/gnutls/openpgp.h, includes/gnutls/x509.h,
+ lib/x509/Makefile.am, lib/x509/xml.c, libextra/openpgp/Makefile.am,
+ libextra/openpgp/xml.c, po/de.po, po/ms.po, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa,
+ src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c:
+ Removed all the xml functions and stubs, as well as references in
+ the documentation.
+
+2007-10-06 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * lib/gnutls_alert.c: error_to_alert() now always return an alert
+ number. This is to avoid sending illegal values when the return
+ value is not checked (commonplace).
+
+2007-10-06 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : 51 51 src/certtool-gaa.c 10 10 src/certtool-gaa.h
+
+2007-10-06 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Added the --quick-random option to certtool to
+ improve generation time of private keys. They delay is quite
+ annoying especially when generating test keys.
+
+2007-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-10-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-10-06 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * src/certtool.c: Corrected output in DER format and corrected
+ output for smime_to_pkcs7 to output in outfile instead of stdout.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.1.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Rework Camellia configure messages and logic.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add fixes, for trac.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add --disable-camellia. Remove automake
+ conditional, not used.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Bump version.
+
+2007-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, includes/gnutls/gnutls.h.in, lgl/gc-libgcrypt.c,
+ lgl/gc.h, lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_priority.c, libextra/gnutls_openssl.c,
+ libextra/opencdk/opencdk.h, src/common.c, src/tests.c, src/tests.h,
+ src/tls_test.c: Add patch to support Camellia, contributed by
+ Yoshisato YANAGISAWA. Fixes #1. See
+
+ http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2331
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.1.0.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Move CFLAGS setting further down, to make AC_PROG_CC
+ add -g to it.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c, src/serv-gaa.c: Generated.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.gaa: Set variables to NULL. Fix oprfi variable.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.gaa: Set variables to NULL.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_oprfi.c: Fix crash.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_oprfi.c: Fix crash.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Fix infloop.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Fix crash.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix crash.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: Support
+ Opaque PRF Input in gnutls-cli and gnutls-serv.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention how to enable oprfi support.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Document more.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_oprfi.c: Doc fix.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, doc/gnutls.texi, includes/gnutls/gnutls.h.in,
+ lib/Makefile.am, lib/ext_oprfi.c, lib/ext_oprfi.h,
+ lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ tests/Makefile.am, tests/oprfi.c: Support for Opaque PRF Input TLS
+ extension.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add configure.in snippet to TLS ext section.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Fix -I's.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target (git-tag no longer exit with
+ failure for non-existing tags).
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.0.1.
+
+2007-09-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Improve TLS ext section.
+
+2007-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-05.txt: Add.
+
+2007-09-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Notes on adding a new TLS extension.
+
+2007-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 344057de0fbf1cbc55dbd74cc23c78ebd2609cfc Author: Simon
+ Josefsson <simon@josefsson.org> Date: Mon Sep 17 11:13:39 2007
+ +0200
+
+2007-09-17 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 6d3a3222640ce3b5e4daa67a4624a507445de334 Author: Simon
+ Josefsson <simon@josefsson.org> Date: Mon Sep 17 11:06:24 2007
+ +0200
+
+2007-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/credentials/Makefile.am,
+ doc/credentials/ca.tmpl, doc/credentials/client.tmpl,
+ doc/credentials/gnutls-http-serv,
+ doc/credentials/openpgp-server-key.txt,
+ doc/credentials/openpgp-server.txt,
+ doc/credentials/openpgp/Makefile.am,
+ doc/credentials/openpgp/cli_pub.asc,
+ doc/credentials/openpgp/cli_ring.asc,
+ doc/credentials/openpgp/cli_sec.asc,
+ doc/credentials/openpgp/pub.asc, doc/credentials/openpgp/sec.asc,
+ doc/credentials/params.pem, doc/credentials/proxy.tmpl,
+ doc/credentials/psk-passwd.txt, doc/credentials/server.tmpl,
+ doc/credentials/srp-passwd.txt, doc/credentials/srp-tpasswd.conf,
+ doc/credentials/srp/Makefile.am, doc/credentials/srp/tpasswd,
+ doc/credentials/srp/tpasswd.conf, doc/credentials/x509-ca-key.pem,
+ doc/credentials/x509-ca.pem, doc/credentials/x509-client-key.pem,
+ doc/credentials/x509-client.pem, doc/credentials/x509-other-ca.pem,
+ doc/credentials/x509-proxy-key.pem, doc/credentials/x509-proxy.pem,
+ doc/credentials/x509-server-dsa.pem,
+ doc/credentials/x509-server-key-dsa.pem,
+ doc/credentials/x509-server-key.pem,
+ doc/credentials/x509-server.pem, doc/credentials/x509-trust.pem,
+ doc/credentials/x509/Makefile.am, doc/credentials/x509/ca.pem,
+ doc/credentials/x509/cert-dsa.pem, doc/credentials/x509/cert.pem,
+ doc/credentials/x509/clicert-dsa.pem,
+ doc/credentials/x509/clicert.pem,
+ doc/credentials/x509/clikey-dsa.pem,
+ doc/credentials/x509/clikey.pem, doc/credentials/x509/key-dsa.pem,
+ doc/credentials/x509/key.pem, src/Makefile.am,
+ src/gnutls-http-serv, src/openpgp/Makefile.am,
+ src/openpgp/cli_pub.asc, src/openpgp/cli_ring.asc,
+ src/openpgp/cli_sec.asc, src/openpgp/pub.asc, src/openpgp/sec.asc,
+ src/params.pem, src/srp/Makefile.am, src/srp/tpasswd,
+ src/srp/tpasswd.conf, src/x509/Makefile.am, src/x509/ca.pem,
+ src/x509/cert-dsa.pem, src/x509/cert.pem, src/x509/clicert-dsa.pem,
+ src/x509/clicert.pem, src/x509/clikey-dsa.pem, src/x509/clikey.pem,
+ src/x509/key-dsa.pem, src/x509/key.pem: Move test credentials from
+ src/ to doc/credentials/.
+
+2007-09-17 Nikos Mavrogiannopoulos <nmav@crystal.(none)>
+
+ * : commit 9afa028dae6756ef463652e56543c89b04add024 Author: Nikos
+ Mavrogiannopoulos <nmav@crystal.(none)> Date: Mon Sep 17 11:47:12
+ 2007 +0300
+
+2007-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/extensions.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/string_h.m4, gl/string_.h: Remove
+ duplicate gnulib modules.
+
+2007-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gettext.h, gl/gnulib.mk, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/sockpfaf.m4, gl/m4/stdbool.m4,
+ gl/m4/stdio_h.m4, gl/m4/sys_socket_h.m4, gl/m4/unistd_h.m4,
+ gl/stdbool_.h, gl/stdio_.h, gl/sys_socket_.h, gl/unistd_.h: Remove
+ duplicate gnulib modules.
+
+2007-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update
+ gnulib files.
+
+2007-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/absolute-header.m4: Update gnulib files.
+
+2007-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/malloc.m4, lgl/m4/realloc.m4, lgl/m4/stdlib_h.m4,
+ lgl/realloc.c, lgl/stdlib_.h: Add.
+
+2007-09-04 Ludovic Courtès <ludo@gnu.org>
+
+ * guile/src/core.c: Guile: Fix `x509-certificate-dn-oid' and related
+ functions. * guile/src/core.c (X509_CERTIFICATE_DN_OID_FUNCTION_BODY): Use `scm_take_locale_stringn ()' instead of `scm_take_locale_string
+ ()'. * NEWS: Update. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-09-04 Ludovic Courtès <ludo@gnu.org>
+
+ * NEWS: Guile: Fix `x509-certificate-dn-oid' and related functions. * guile/src/core.c (X509_CERTIFICATE_DN_OID_FUNCTION_BODY): Use `scm_take_locale_stringn ()' instead of `scm_take_locale_string
+ ()'. * NEWS: Update. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-comp.m4, lgl/Makefile.am,
+ lgl/m4/gnulib-comp.m4, lgl/m4/time_h.m4: Update gnulib files.
+
+2007-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * .cvsignore, build-aux/.cvsignore, doc/.cvsignore,
+ doc/examples/.cvsignore, doc/manpages/.cvsignore,
+ doc/reference/.cvsignore, doc/reference/tmpl/.cvsignore,
+ doc/scripts/.cvsignore, gl/.cvsignore, includes/.cvsignore,
+ includes/gnutls/.cvsignore, lgl/.cvsignore, lib/.cvsignore,
+ lib/minitasn1/.cvsignore, lib/x509/.cvsignore, libextra/.cvsignore,
+ libextra/minilzo/.cvsignore, libextra/opencdk/.cvsignore,
+ libextra/openpgp/.cvsignore, m4/.cvsignore, po/.cvsignore,
+ src/.cvsignore, src/cfg/.cvsignore, src/cfg/platon/.cvsignore,
+ src/cfg/platon/str/.cvsignore, src/openpgp/.cvsignore,
+ src/srp/.cvsignore, src/x509/.cvsignore, tests/.cvsignore,
+ tests/hostname-check/.cvsignore, tests/key-id/.cvsignore,
+ tests/nist-pkits/.cvsignore, tests/pathlen/.cvsignore,
+ tests/pkcs1-padding/.cvsignore, tests/pkcs12-decode/.cvsignore,
+ tests/pkcs8-decode/.cvsignore, tests/rsa-md5-collision/.cvsignore,
+ tests/sha2/.cvsignore, tests/userid/.cvsignore,
+ tests/x509paths/.cvsignore: Remove .cvsignore's.
+
+2007-09-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-09-07 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-09-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/gnutls_int.h: Use official IANA
+ values for SRP.
+
+2007-09-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: TLS/IA example uses anonymous ciphers.
+
+2007-09-04 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-09-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 2.0.0.
+
+2007-09-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add 1.6.x entries.
+
+2007-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use three-digit versions.
+
+2007-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-09-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: Use libtasn1
+ v1.1.
+
+2007-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: Use libtasn1
+ v1.0.
+
+2007-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Drop gnits mode.
+
+2007-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Also don't build ex-serv-anon when
+ anonymous ciphers are disabled.
+
+2007-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Don't try to build ex-client1 if
+ anonymous ciphers are disabled.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.19.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-session-info.c: Support GNUTLS_CRD_PSK and
+ GNUTLS_CRD_IA.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Handle GNUTLS_CRD_IA in print_info().
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Doc fix.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Revert "Check that value is negative
+ before using gnutls_error_is_fatal." This reverts commit 9949a4b0b6b62a0ff3c05fee4283928d1a53b675.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Have gnutls_error_is_fatal return 0 on
+ positive "errors". Would fix bug reported by Andreas Metzler
+ <ametzler@downhill.at.eu.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2293see also <http://bugs.debian.org/439640>.
+
+2007-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Check that value is negative before using
+ gnutls_error_is_fatal. Fixes bug reported by Andreas Metzler
+ <ametzler@downhill.at.eu.org> in
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2293>see also <http://bugs.debian.org/439640>.
+
+2007-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/misc.c, libextra/opencdk/opencdk.h: Upgrade to
+ OpenCDK 0.6.4.
+
+2007-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-babu-serv-cert-trans-from-proxy-00.txt: Add.
+
+2007-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * gl/readline.c: Upgrade gnulib files.
+
+2007-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: No need for getline.h.
+
+2007-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getdelim.c, gl/getdelim.h, gl/getline.c, gl/getline.h,
+ gl/getpass.c, gl/gnulib.mk, gl/m4/getdelim.m4, gl/m4/getline.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/stdio_h.m4, gl/m4/unistd_h.m4,
+ gl/stdio_.h, gl/unistd_.h, lgl/Makefile.am, lgl/m4/stdio_h.m4,
+ lgl/stdio_.h: Upgrade gnulib files.
+
+2007-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * gl/fseeko.c, gl/getpass.c, gl/getpass.h, gl/gnulib.mk,
+ gl/lseek.c, gl/m4/fseeko.m4, gl/m4/getpass.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/lseek.m4,
+ lgl/Makefile.am, lgl/fseeko.c, lgl/getdelim.c, lgl/getdelim.h,
+ lgl/getline.c, lgl/getline.h, lgl/getpass.c, lgl/getpass.h,
+ lgl/lseek.c, lgl/m4/fseeko.m4, lgl/m4/getdelim.m4,
+ lgl/m4/getline.m4, lgl/m4/getpass.m4, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/lseek.m4: Update gnulib files.
+
+2007-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Don't build pgp example if pgp has been
+ disabled.
+
+2007-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.18.
+
+2007-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2007-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_psk_passwd.c, lib/gnutls_psk.c, lib/gnutls_x509.c,
+ libextra/gnutls_openpgp.c, libextra/openssl_compat.c: Fix pointer
+ mix for different sized variables. Tiny patch from
+
+ <http://cvs.fedora.redhat.com/viewcvs/devel/gnutls/gnutls-1.6.3-incompat-pointers.patch?rev=1.1&view=auto>.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Typo.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Install images in info directory.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/arch/certificate-user-use-case.eps,
+ doc/arch/certificate-user-use-case.pdf,
+ doc/arch/client-server-use-case.eps,
+ doc/arch/client-server-use-case.pdf, doc/arch/extensions_st.eps,
+ doc/arch/extensions_st.pdf, doc/arch/handshake-sequence.eps,
+ doc/arch/handshake-sequence.pdf, doc/arch/handshake-state.eps,
+ doc/arch/handshake-state.pdf, doc/arch/mod_auth_st.eps,
+ doc/arch/mod_auth_st.pdf, doc/arch/objects.eps,
+ doc/arch/objects.pdf, doc/gnutls-certificate-user-use-case.eps,
+ doc/gnutls-certificate-user-use-case.pdf,
+ doc/gnutls-client-server-use-case.eps,
+ doc/gnutls-client-server-use-case.pdf,
+ doc/gnutls-extensions_st.eps, doc/gnutls-extensions_st.pdf,
+ doc/gnutls-handshake-sequence.eps,
+ doc/gnutls-handshake-sequence.pdf, doc/gnutls-handshake-state.eps,
+ doc/gnutls-handshake-state.pdf, doc/gnutls-mod_auth_st.eps,
+ doc/gnutls-mod_auth_st.pdf, doc/gnutls-objects.eps,
+ doc/gnutls-objects.pdf, doc/gnutls.texi: More image renaming.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/gnutls-internals.eps,
+ doc/gnutls-internals.pdf, doc/gnutls-layers.eps,
+ doc/gnutls-layers.pdf, doc/gnutls-pgp.eps, doc/gnutls-pgp.pdf,
+ doc/gnutls-x509.eps, doc/gnutls-x509.pdf, doc/gnutls.texi,
+ doc/internals.eps, doc/internals.pdf, doc/layers.eps,
+ doc/layers.pdf, doc/pgp1.eps, doc/pgp1.pdf, doc/x509-1.eps,
+ doc/x509-1.pdf: Rename images to deal with texinfo brokenness. See
+ <http://thread.gmane.org/gmane.comp.tex.texinfo.bugs/3533>.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/my-bib-macros.texi: Remove my-bib-macros, not
+ used.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509self.c: Fix warning. Tiny patch from Andreas Metzler
+ <ametzler@downhill.at.eu.org>.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openpgp.c: Fix warning. Tiny patch from Andreas
+ Metzler <ametzler@downhill.at.eu.org>.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.17.
+
+2007-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2007-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/openpgp.h, libextra/gnutls_openpgp.c: Add
+ gnutls_openpgp_privkey_sign_hash.
+
+2007-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-cert-select.c, includes/gnutls/gnutls.h.in,
+ includes/gnutls/gnutlsxx.h, includes/gnutls/openpgp.h,
+ includes/gnutls/pkcs12.h, lib/auth_dh_common.c, lib/auth_dhe_psk.c,
+ lib/auth_psk.c, lib/auth_psk.h, lib/auth_psk_passwd.c,
+ lib/auth_psk_passwd.h, lib/gnutls_psk.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_x509.c, lib/gnutlsxx.cpp,
+ lib/x509/output.c, src/certtool-cfg.c, src/certtool-cfg.h,
+ src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
+ src/prime.c, src/psk.c, src/serv.c, src/tests.c, src/tests.h,
+ src/tls_test.c: Use *_t types consistently.
+
+2007-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in, includes/gnutls/x509.h,
+ lib/gnutls_cert.c, lib/gnutls_sig.c, lib/x509/privkey.c,
+ tests/x509signself.c: Use const and pointers to gnutls_datum_t in
+ sign callback.
+
+2007-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509signself.c: Fix warnings.
+
+2007-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2007-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Set shared library version correctly.
+
+2007-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in: New errors
+ GNUTLS_E_APPLICATION_ERROR_MIN..GNUTLS_E_APPLICATION_ERROR_MAX.
+
+2007-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_cert.c,
+ lib/gnutls_sig.c: Add gnutls_sign_callback_get. * includes/gnutls/gnutls.h.in (gnutls_sign_callback_get): Add. * lib/gnutls_cert.c (gnutls_sign_callback_set): Move here from gnutls_sig.c. Doc fix. (gnutls_sign_callback_get): New function. * lib/gnutls_sig.c (gnutls_sign_callback_set): Removed.
+
+2007-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: (gnutls_error_is_fatal): Return default is 1 for unknown error
+ codes.
+
+2007-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2007-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, includes/gnutls/x509.h,
+ lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa_export.c,
+ lib/gnutls_int.h, lib/gnutls_sig.c, lib/gnutls_x509.c,
+ lib/x509/privkey.c, tests/Makefile.am, tests/x509signself.c:
+ External signing callback interface. * includes/gnutls/gnutls.h.in (gnutls_sign_func): New type. (gnutls_sign_callback_set): New function. * includes/gnutls/x509.h (gnutls_x509_privkey_sign_hash): New function. * lib/gnutls_x509.c (gnutls_certificate_set_x509_key_mem): Handle NULL key. Doc fix. * lib/gnutls_sig.c (_gnutls_tls_sign_hdata): Pass session to _gnutls_tls_sign. (_gnutls_tls_sign_params): Likewise. (_gnutls_tls_sign): Add new parameter 'session'. Call sign callback if appropriate. (gnutls_sign_callback_set): New function. * lib/gnutls_x509.c (read_key_mem): Support a NULL key. * lib/gnutls_int.h (internals_st): Add sign_func, sign_func_userdata. * lib/auth_dhe.c (gen_dhe_server_kx): Use length of certificate list to decide wheter to sign, not presence of private key. * lib/auth_cert.c (_gnutls_gen_cert_client_cert_vrfy): Likewise. * lib/auth_rsa_export.c (gen_rsa_export_server_kx): Likewise. * lib/auth_cert.c(_gnutls_get_selected_cert): Don't require that private key is present. * lib/auth_rsa_export.c (gen_rsa_export_server_kx): Don't check key size when key is not present, assume it is > 512 bits. * lib/x509/privkey.c (gnutls_x509_privkey_sign_hash): New function. * tests/Makefile.am: Add x509signself.
+
+2007-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Build x509self.
+
+2007-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509self.c: New file.
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Disable TLS 1.2 by default, at least until
+ RFC is out and we've done simple interop of it.
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * po/pl.po, po/sv.po: Sync with TP.
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-07-09 Ludovic Courtès <ludo@gnu.org>
+
+ * doc/gnutls.texi, doc/signatures.texi: Capitalized subsection
+ titles. * doc/gnutls.texi: Capitalized subsection titles. * doc/signatures.texi: Likewise. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-03 Ludovic Courtès <ludo@gnu.org>
+
+ * doc/Makefile.am, guile/src/Makefile.am: Fixed CPPFLAGS for Guile
+ code and documentation. * doc/Makefile.am (SNARF_CPPFLAGS): Added `{top_srcdir,top_builddir}/includes' and `top_builddir'. (core.c.texi): Added `&&' between the `make' command and the `$(GUILE_FOR_BUILD)' command. Use `$(MAKE)' instead of `make'. (extra.c.texi): Likewise. * src/Makefile.am (AM_CPPFLAGS): Added `{top_srcdir,top_builddir}/includes'. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-08-08 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.16.
+
+2007-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/GNUmakefile, build-aux/maint.mk, doc/fdl.texi,
+ doc/gnutls.texi, doc/gpl-2.0.texi, doc/lgpl-2.1.texi, gl/error.c,
+ gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/include_next.m4,
+ gl/override/doc/gpl-2.0.texi.diff,
+ gl/override/doc/lgpl-2.1.texi.diff, lgl/Makefile.am,
+ lgl/m4/gnulib-cache.m4, lgl/m4/include_next.m4, lgl/m4/stdint.m4:
+ Update gnulib files.
+
+2007-08-02 Ludovic Courtès <ludo@gnu.org>
+
+ * NEWS: Updated `NEWS'. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-08-01 Ludovic Courtès <ludo@gnu.org>
+
+ * lib/auth_cert.c: Fixed erroneous checks and sloppy return values
+ in certificate selection. * lib/auth_cert.c (_gnutls_get_selected_cert): Dereference APR_CERT_LIST_LENGTH, APR_PKEY and APR_CERT_LIST when validating
+ their value. (_gnutls_server_select_cert): When IDX < 0, set RET to `GNUTLS_E_INSUFFICIENT_CREDENTIALS'. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-08-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-gssapi-03.txt: Add.
+
+2007-08-02 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add.
+
+2007-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/stdint_.h, lgl/vasnprintf.c: Update gnulib files.
+
+2007-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: On starttls EOF on stdin, clear EOF flag to make future
+ reads work OK. Needed for Mac OS X. Report and tiny patch by Hal
+ Eden <n.mavrogiannopoulos@gmail.com>.
+
+2007-07-12 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, gl/override/lib/version-etc.c.diff,
+ lgl/Makefile.am, lgl/m4/wchar.m4, lgl/wchar_.h: Update.
+
+2007-07-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-04.txt,
+ doc/protocol/draft-santesson-tls-gssapi-02.txt: Add.
+
+2007-07-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/gnutls.texi, doc/internals.texi: Avoid make
+ errors regarding internals.texi. See
+
+ <http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2233>.
+
+2007-07-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, guile/src/Makefile.am: Fix build failure in doc/
+ when guile isn't installed built yet.
+
+2007-07-08 Ludovic Courtès <ludo@gnu.org>
+
+ * doc/gnutls.texi, doc/internals.texi: Manual: Capitalized section
+ and chapter titles. * doc/gnutls.texi: Capitalized section and chapter titles. (Certificate to XML convertion functions): Fixed typo both in node name and chapter title. Updated menu. * doc/internals.texi: Likewise. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-07-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-nir-tls-eap-01.txt: Add.
+
+2007-07-02 Ludovic Courtès <ludo@gnu.org>
+
+ * doc/guile.texi: Manual: Small Guile fixes. * doc/guile.texi: Fixed typos, added cross-refs to the Guile manual. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-07-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4366-bis-00.txt: Add.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.15.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Revert.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Sync with TP.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gpl-2.0.texi, doc/gpl.texi, doc/lgpl-2.1.texi, doc/lgpl.texi:
+ Fix gnulib name changes.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/config.rpath, build-aux/maint.mk, doc/Makefile.am,
+ doc/gnutls.texi, gl/gnulib.mk, gl/m4/getaddrinfo.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/override/doc/gpl-2.0.texi.diff, gl/override/doc/gpl.texi.diff,
+ gl/override/doc/lgpl-2.1.texi.diff, gl/override/doc/lgpl.texi.diff:
+ Update gnulib files. Fix GPL renaming.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Improve installation instructions.
+
+2007-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add 'Obtaining and Installing'. Suggested by
+ ludo@gnu.org (Ludovic Courtès).
+
+2007-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/guile.texi: Add 'Guile Preparations' section. Based on
+ discussions with ludo@gnu.org (Ludovic Courtès).
+
+2007-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Check for scm_from_locale_string instead of SCM_API.
+ Patch from ludo@gnu.org (Ludovic Courtès).
+
+2007-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am: Put $(GUILE_FLAGS) in LIBADD, not LDFLAGS.
+ Reported by ludo@gnu.org (Ludovic Courtès).
+
+2007-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2007-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/ms.po: Sync with TP.
+
+2007-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/key-id/key-id: Can't use /dev/null as template under
+ mingw32, probably really a bug in cfg+.
+
+2007-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/getaddrinfo.m4: Fix gai_strerror on mingw32.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Check that the guile header files is recent
+ enough and that it works.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Move Guile setup stuff down under 'External
+ libraries'.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, NEWS, configure.in: Fix installation path of Guile
+ bindings.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.14.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs_template, gl/gnulib.mk, gl/m4/absolute-header.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/include_next.m4, gl/m4/netinet_in_h.m4,
+ gl/m4/string_h.m4, gl/m4/sys_socket_h.m4, gl/netinet_in_.h,
+ gl/string_.h, gl/sys_socket_.h, lgl/Makefile.am, lgl/float_.h,
+ lgl/m4/absolute-header.m4, lgl/m4/float_h.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/include_next.m4, lgl/m4/stdint.m4,
+ lgl/m4/stdio_h.m4, lgl/m4/string_h.m4, lgl/m4/sys_socket_h.m4,
+ lgl/m4/sys_stat_h.m4, lgl/m4/time_h.m4, lgl/m4/unistd_h.m4,
+ lgl/m4/wchar.m4, lgl/printf-args.c, lgl/printf-parse.h,
+ lgl/stdint_.h, lgl/stdio_.h, lgl/string_.h, lgl/sys_socket_.h,
+ lgl/sys_stat_.h, lgl/time_.h, lgl/unistd_.h, lgl/wchar_.h: Update
+ gnulib files.
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-17 Ludovic Courtes <ludo@chbouib.org>
+
+ * configure.in: Make sure Guile is 1.8 or later. * configure.in: Make sure Guile is 1.8 or later, using
+ `GUILE_CHECK'. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-26 Ludovic Courtes <ludo@chbouib.org>
+
+ * lib/gnutls_pk.c: Fixed memory leak in `_gnutls_dsa_verify ()'. * lib/gnutls_pk.c (_gnutls_dsa_verify): Release `rs[0]' and `rs[1]' when done. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-06-20 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-20 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2007-06-20 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Don't crash if TLS handshake fails. Reported by Marc
+ Haber <mh+debian-bugs@zugschlus.de> and Andreas Metzler
+ <ametzler@downhill.at.eu.org> via Debian BTS #429183.
+
+2007-06-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rsa-aes-gcm-00.txt: Add.
+
+2007-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-14.txt: Add.
+
+2007-06-14 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Update PGP key.
+
+2007-06-14 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Change Ludovic' description.
+
+2007-06-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openpgp.c: Merge patch from Timo, applied to CVS. (stream_to_datum): Call gnutls_assert() on error.
+
+2007-06-13 Ludovic Courtès <ludo@chbouib.org>
+
+ * lib/auth_cert.c: Fix off-by-one in TLS 1.2 handshake. * lib/auth_cert.c (_gnutls_gen_cert_server_cert_req): Before
+ invoking `gnutls_malloc ()', increment SIZE when using TLS 1.2 so
+ that the allocated buffer is large-enough to contain the list of
+ supported hashes. Don't change SIZE later on. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-06-13 Ludovic Courtès <ludo@chbouib.org>
+
+ * libextra/gnutls_openpgp.c: Fix use of uninitialized variable in
+ `gnutls_certificate_set_openpgp_key_mem ()' * libextra/gnutls_openpgp.c (stream_to_datum): Check whether INP is
+ NULL rather than checking BUF (which is not initialized yet). Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-06-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-06-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-salowey-tls-rfc4507bis-00.txt: Add.
+
+2007-06-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2007-06-11 Ludovic Courtes <ludo@chbouib.org>
+
+ * guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.scm,
+ guile/tests/raw-to-c.scm: Small cleanups in `guile/tests'. Signed-off-by: Simon Josefsson <simon@josefsson.org>
+
+2007-06-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Clarify that guile.texi dependencies are
+ dependencies of gnutls.texi too.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-nir-tls-eap-00.txt: Add.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS, configure.in: Need to use CFLAGS when checking for
+ -Wno-pointer-sign. Reported by "Kristofer T. Karas"
+ <ktk@enterprise.bidmc.harvard.edu>.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.13.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix update-po target.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Fix copyright years.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls.types: Add, to work around problems if this
+ file isn't present.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * po/Makevars: Specify MSGFILTER, to fix make distcheck.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am: Need to put libguile-gnutls-v-0.la before
+ gnulib_libs, to fix rpath issue.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * guile/src/Makefile.am: Use _LIBADD for libraries, not _LDFLAGS.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
+ lgl/fseeko.c, lgl/m4/gettext.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/intlmacosx.m4, lgl/m4/string_h.m4, lgl/m4/vasnprintf.m4,
+ lgl/printf-args.c, lgl/printf-args.h, lgl/printf-parse.c,
+ lgl/printf-parse.h, lgl/string_.h, lgl/vasnprintf.c: Update gnulib
+ files.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/armor.c, libextra/opencdk/cipher.c,
+ libextra/opencdk/compress.c, libextra/opencdk/context.h,
+ libextra/opencdk/filters.h, libextra/opencdk/kbnode.c,
+ libextra/opencdk/keydb.c, libextra/opencdk/literal.c,
+ libextra/opencdk/main.c, libextra/opencdk/main.h,
+ libextra/opencdk/misc.c, libextra/opencdk/new-packet.c,
+ libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c,
+ libextra/opencdk/read-packet.c, libextra/opencdk/seskey.c,
+ libextra/opencdk/sig-check.c, libextra/opencdk/stream.c,
+ libextra/opencdk/stream.h, libextra/opencdk/verify.c: Update to
+ OpenCDK 0.6.3.
+
+2007-06-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-ecdhe-tls-psk-00.txt,
+ doc/protocol/draft-hajjeh-tls-identity-protection-01.txt,
+ doc/protocol/draft-hajjeh-tls-sign-03.txt: Add.
+
+2007-06-08 Ludovic Courtes <ludo@chbouib.org>
+
+ * guile/src/Makefile.am: Fix Guile linking so that the right GnuTLS
+ libs are used. * guile/src/Makefile.am (GNUTLS_CORE_LIBS, GNUTLS_EXTRA_LIBS): New. (GNULIB_LDFLAGS): Renamed to `GNULIB_LIBS'. Explicitly pass the
+ `.la' path. (libguile_gnutls_v_0_la_LDFLAGS): Pass `$(GUILE_LDFLAGS)' as the
+ last item so that RPATH is in the right order (i.e., all `$(top_builddir)/...' appear first). (libguile_gnutls_extra_v_0_la_LDFLAGS): Likewise.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.12.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Fix warnings on amd64, from Nikos.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * : commit 42c591867afe192eae45c56f1e0f9e3b8867d2ad Author: Simon
+ Josefsson <jas@mocca.josefsson.org> Date: Fri Jun 8 13:45:59 2007
+ +0200
+
+2007-06-08 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * po/Makevars: Try to fix line number collisions.
+
+2007-06-06 Ludovic Courtes <ludo@chbouib.org>
+
+ * configure.in, guile/src/Makefile.am: Fixed the
+ `-Wno-strict-prototypes' issue in Guile code. * configure.in: Add all custom CFLAGS to `AM_CFLAGS' rather than `CFLAGS', except for `-D_REENTRANT -D_THREAD_SAFE' which must be present during feature tests. Substitute `AM_CFLAGS'. * src/Makefile.am (libguile_gnutls_v_0_la_CFLAGS): Added
+ `$(AM_CFLAGS)'. (libguile_gnutls_extra_v_0_la_CFLAGS): Likewise. (AM_CFLAGS): When GCC is used, add `-Wno-strict-prototypes'.
+
+2007-06-06 Ludovic Courtes <ludo@chbouib.org>
+
+ * configure.in: Cosmetic changes in `configure.in'. * configure.in: Display a heading indicating that Guile stuff are
+ being detected.
+
+2007-06-06 Ludovic Courtes <ludo@chbouib.org>
+
+ * m4/guile.m4: Added `guile.m4', per Simon's request.
+
+2007-06-06 Ludovic Courtes <ludo@chbouib.org>
+
+ * configure.in: Don't look for Guile when `guile-snarf' is not
+ found. * configure.in: Don't invoke `GUILE_PROGS' and `GUILE_FLAGS' when `guile-snarf' is not found.
+
+2007-06-04 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/protocol/draft-rescorla-tls-suiteb-01.txt: Add.
+
+2007-06-04 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-01.txt: Add.
+
+2007-06-01 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/guile.texi: More @node fixes.
+
+2007-06-01 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/guile.texi: Avoid @node collisions with main manual.
+
+2007-06-01 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/Makefile.am: Need -I for config.h.
+
+2007-06-01 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * Makefile.am: Need to build doc/ after guile/.
+
+2007-06-01 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: Add.
+
+2007-06-01 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * guile/src/Makefile.am: Need -I for config.h.
+
+2007-06-01 Ludovic Courtès <ludo@chbouib.org>
+
+ * : commit f469cfce51318df3b629d9af210ce4b4e587fac0 Author: Ludovic
+ Courtes <ludo@chbouib.org> Date: Fri Jun 1 00:51:10 2007 +0200
+
+2007-06-01 Ludovic Courtes <ludo@chbouib.org>
+
+ * doc/extract-guile-c-doc.scm,
+ guile/modules/system/documentation/c-snarf.scm: Tiny bug fixes in
+ Guile's documentation extraction. * doc/extract-guile-c-doc.scm (main): Use named arguments rather
+ than a single rest arg. Fixed the order of arguments as passed to `run-cpp-and-extract-snarfing' so that `ccache gcc -E' is really passed as `("ccache" "gcc" "-E")' (in this order). * guile/modules/system/documentation/c-snarf.scm (run-cpp-and-extract-snarfing): Pass FILE as the last CPP
+ argument.
+
+2007-05-31 Ludovic Courtes <ludo@chbouib.org>
+
+ * Makefile.am, configure.in, guile/src/Makefile.am: Build cleanups
+ following Simon's comments. * Makefile.am (SUBDIRS): Add `guile' when `HAVE_GUILE'. * configure.in: When `guile-snarf' is not found, set `opt_guile_bindings' to `no' instead of bailing out. * src/Makefile.am (GUILE_FOR_BUILD): Fixed `-L' parameter.
+
+2007-05-31 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/gnutls.texi: Revert unnecessary changes.
+
+2007-05-31 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * : commit d51689f572e544759632fa2f9ca0209a843d4452 Author: Ludovic
+ Courtès <ludo@chbouib.org> Date: Thu May 31 00:28:19 2007 +0200
+
+2007-05-31 Ludovic Courtès <ludo@chbouib.org>
+
+ * doc/guile.texi: Minor doc fixes.
+
+2007-05-31 Ludovic Courtès <ludo@chbouib.org>
+
+ * doc/Makefile.am: Handle missing Guile when building the
+ documentation.
+
+2007-05-31 Ludovic Courtès <ludo@chbouib.org>
+
+ * doc/Makefile.am, doc/extract-guile-c-doc.scm, doc/gnutls.texi,
+ doc/guile.texi: Integrated documentation of Guile bindings.
+
+2007-05-30 Ludovic Courtès <ludo@chbouib.org>
+
+ * configure.in, guile/src/Makefile.am: Try to handle "function
+ declaration isn't a prototype" warnings.
+
+2007-05-30 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * gl/netinet_in_.h, gl/string_.h, gl/sys_socket_.h,
+ lgl/Makefile.am, lgl/float_.h, lgl/fseeko.c, lgl/lseek.c,
+ lgl/m4/iconv.m4, lgl/m4/lseek.m4, lgl/m4/stdio_h.m4, lgl/stdint_.h,
+ lgl/stdio_.h, lgl/string_.h, lgl/sys_socket_.h, lgl/sys_stat_.h,
+ lgl/time_.h, lgl/unistd_.h, lgl/wchar_.h: Update.
+
+2007-05-30 Ludovic Courtès <ludo@chbouib.org>
+
+ * Makefile.am, configure.in, guile/Makefile.am,
+ guile/modules/Makefile.am, guile/modules/gnutls.scm,
+ guile/modules/gnutls/build/enums.scm,
+ guile/modules/gnutls/build/priorities.scm,
+ guile/modules/gnutls/build/smobs.scm,
+ guile/modules/gnutls/build/utils.scm,
+ guile/modules/gnutls/extra.scm,
+ guile/modules/system/documentation/README,
+ guile/modules/system/documentation/c-snarf.scm,
+ guile/modules/system/documentation/output.scm,
+ guile/pre-inst-guile.in, guile/src/Makefile.am, guile/src/core.c,
+ guile/src/errors.c, guile/src/errors.h, guile/src/extra.c,
+ guile/src/make-enum-header.scm, guile/src/make-enum-map.scm,
+ guile/src/make-session-priorities.scm,
+ guile/src/make-smob-header.scm, guile/src/make-smob-types.scm,
+ guile/src/utils.c, guile/src/utils.h, guile/tests/Makefile.am,
+ guile/tests/anonymous-auth.scm, guile/tests/errors.scm,
+ guile/tests/openpgp-auth.scm, guile/tests/openpgp-keyring.asc,
+ guile/tests/openpgp-keyring.scm, guile/tests/openpgp-keys.scm,
+ guile/tests/openpgp-pub.asc, guile/tests/openpgp-sec.asc,
+ guile/tests/pkcs-import-export.scm, guile/tests/raw-to-c.scm,
+ guile/tests/rsa-parameters.pem,
+ guile/tests/session-record-port.scm, guile/tests/srp-base64.scm,
+ guile/tests/x509-auth.scm, guile/tests/x509-certificate.pem,
+ guile/tests/x509-certificates.scm, guile/tests/x509-key.pem: Started
+ Guile integration. Documentation is still missing. A bit rough on the edges, but
+ `make' and `make check' do work.
+
+2007-05-28 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/Makefile.am: Make sure all images are distributed in all
+ formats. Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+2007-05-27 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * lib/gnutls_x509.c: (parse_pem_ca_mem): Handle reads beyond first certificate properly.
+ Reported by Dennis Vshivkov <walrus@amur.ru> in
+ <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333050>.
+
+2007-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/parse_ca.c: Add self-test.
+
+2007-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2007-05-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-05-27 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: [no log message]
+
+2007-05-27 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * lib/gnutls_datum.c: (_gnutls_free_datum_m): Free even if size is 0.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * lib/x509/privkey_pkcs8.c: (decode_pkcs8_key): If ASN.1 decoding fails after decrypting an
+ already properly decoded value, assume it is due to a bad password
+ rather than ASN.1 error. Reported by Nate Nielsen
+ <nielsen-list@memberwebs.com>. (From 1.6.x branch.)
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * lib/x509/privkey_pkcs8.c: (decode_private_key_info): Translate asn1 errors properly. Reported
+ by Nate Nielsen <nielsen-list@memberwebs.com>.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * lib/auth_cert.c: Fix mem leak, reported by Andrey Nosenko
+ <andrew.w.nosenko@gmail.com>. (From 1.6.x branch.)
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * THANKS: Add (from 1.6.x).
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: Version 1.7.11.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: Fix.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-26 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * libextra/opencdk/Makefile.am: Add opencdk.h to sources.
+
+2007-05-25 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * ChangeLog: Generated.
+
+2007-05-25 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: Version 1.7.10.
+
+2007-05-25 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * Makefile.am: Use cg instead of cvs commands, for update-po target.
+
+2007-05-25 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-25 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * Makefile.am: Change release target from cvs to git.
+
+2007-05-25 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * lgl/lseek.c, lgl/m4/lseek.m4: Update.
+
+2007-05-25 Simon Josefsson <jas@mocca.josefsson.org>
+
+ * doc/gendocs_template, lgl/.cvsignore, lgl/Makefile.am,
+ lgl/fseeko.c, lgl/m4/fseeko.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/unistd_h.m4, lgl/stdio_.h, lgl/unistd_.h: Update.
+
+2007-05-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2007-05-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2007-05-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: Use new API.
+
+2007-05-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-24 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/netinet_in_.h, gl/string_.h, gl/sys_socket_.h,
+ lgl/.cvsignore, lgl/Makefile.am, lgl/float+.h, lgl/float_.h,
+ lgl/fseeko.c, lgl/m4/float_h.m4, lgl/m4/fseeko.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/stdio_h.m4, lgl/m4/vasnprintf.m4,
+ lgl/m4/vasprintf.m4, lgl/m4/wint_t.m4, lgl/stdint_.h, lgl/stdio_.h,
+ lgl/string_.h, lgl/sys_socket_.h, lgl/sys_stat_.h, lgl/time_.h,
+ lgl/unistd_.h, lgl/vasnprintf.c, lgl/wchar_.h: Update.
+
+2007-05-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-05-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509.h: Export gnutls_x509_crt_get_raw_dn,
+ gnutls_x509_crt_get_raw_issuer_dn.
+
+2007-05-23 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/openpgp/xml.c: fix the key ID representation in the XML
+ code.
+
+2007-05-21 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/openpgp/extras.c, libextra/openpgp/openpgp.h,
+ libextra/openpgp/pgp.c, libextra/openpgp/xml.c: cleanups for the xml
+ code: elgamal keys are not supported. bug fix for the key import
+ (base64) code, store the stream and close it in the deinit function.
+
+2007-05-21 Timo Schulz <twoaday@gnutls.org>
+
+ * src/openpgp/Makefile.am, src/openpgp/cli_ring.asc: Add client
+ keyring in base64 format. This is the same file as cli_ring.gpg but
+ armored.
+
+2007-05-21 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/openpgp/extras.c: do not close the input stream in the
+ import code when the base64 is used.
+
+2007-05-14 Timo Schulz <twoaday@gnutls.org>
+
+ * tests/openpgp/keyring.c: few more comments.
+
+2007-05-14 Timo Schulz <twoaday@gnutls.org>
+
+ * configure.in: add makefile for the openpgp test folder
+
+2007-05-14 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/openpgp/extras.c: patch to support raw keyrings.
+
+2007-05-14 Timo Schulz <twoaday@gnutls.org>
+
+ * tests/Makefile.am, tests/openpgp/Makefile.am,
+ tests/openpgp/keyring.c: Add simple openpgp test.
+
+2007-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.9.
+
+2007-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Reorder to work around libtool bug.
+
+2007-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/vasnprintf.m4, lgl/vasnprintf.c, libextra/opencdk/armor.c,
+ libextra/opencdk/cipher.c, libextra/opencdk/compress.c,
+ libextra/opencdk/context.h, libextra/opencdk/filters.h,
+ libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
+ libextra/opencdk/literal.c, libextra/opencdk/main.c,
+ libextra/opencdk/main.h, libextra/opencdk/misc.c,
+ libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c,
+ libextra/opencdk/read-packet.c, libextra/opencdk/sig-check.c,
+ libextra/opencdk/stream.c, libextra/opencdk/verify.c,
+ libextra/opencdk/write-packet.c: Update.
+
+2007-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: (gnutls_set_default_priority): Change order to prefer X.509 over
+ OpenPGP.
+
+2007-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs_template, gl/override/doc/gendocs_template,
+ gl/override/doc/gendocs_template.diff: Update.
+
+2007-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs_template: Revert to upstream gnulib version.
+
+2007-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-05-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/socklen.m4,
+ gl/socket_.h, gl/string_.h, gl/sys_socket_.h, lgl/Makefile.am,
+ lgl/getpass.c, lgl/m4/fseeko.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/socklen.m4, lgl/m4/stdint.m4, lgl/m4/stdio_h.m4,
+ lgl/m4/sys_stat_h.m4, lgl/m4/unistd_h.m4, lgl/socket_.h,
+ lgl/stat_.h, lgl/stdio_.h, lgl/string_.h, lgl/sys_socket_.h,
+ lgl/sys_stat_.h, lgl/time_.h, lgl/unistd_.h, lgl/wchar_.h: Update.
+
+2007-05-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Add gnutls-logo.pdf, to fix distcheck.
+
+2007-05-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Fix mem leaks.
+
+2007-04-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-otto-tls-sigma-ciphersuite-00.txt: Add.
+
+2007-04-24 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/opencdk/literal.c: missing file.
+
+2007-04-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-new-mac-00.txt,
+ doc/protocol/draft-ietf-tls-suiteb-00.txt: Add.
+
+2007-04-22 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/opencdk/dummy.c: [no log message]
+
+2007-04-22 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/opencdk/Makefile.am, libextra/opencdk/README,
+ libextra/opencdk/armor.c, libextra/opencdk/cipher.c,
+ libextra/opencdk/cipher.h, libextra/opencdk/compress.c,
+ libextra/opencdk/context.h, libextra/opencdk/encrypt.c,
+ libextra/opencdk/filters.h, libextra/opencdk/kbnode.c,
+ libextra/opencdk/keydb.c, libextra/opencdk/keygen.c,
+ libextra/opencdk/keylist.c, libextra/opencdk/keyserver.c,
+ libextra/opencdk/main.c, libextra/opencdk/main.h,
+ libextra/opencdk/md.c, libextra/opencdk/md.h,
+ libextra/opencdk/misc.c, libextra/opencdk/new-packet.c,
+ libextra/opencdk/opencdk.h, libextra/opencdk/packet.h,
+ libextra/opencdk/plaintext.c, libextra/opencdk/pubkey.c,
+ libextra/opencdk/read-packet.c, libextra/opencdk/seskey.c,
+ libextra/opencdk/sig-check.c, libextra/opencdk/sign.c,
+ libextra/opencdk/stream.c, libextra/opencdk/stream.h,
+ libextra/opencdk/sym-cipher.c, libextra/opencdk/trustdb.c,
+ libextra/opencdk/types.h, libextra/opencdk/verify.c,
+ libextra/opencdk/write-packet.c: replace the old build-in opencdk
+ version with the most recent cvs version.
+
+2007-04-22 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Check for OpenCDK function that is only available in
+ OpenCDK 0.6.0.
+
+2007-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2007-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-tls-password-00.txt,
+ doc/protocol/draft-badra-tls-password-ext-00.txt: Add.
+
+2007-04-20 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Adjustments for the opencdk migration
+ and some cleanups.
+
+2007-04-20 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h,
+ libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
+ libextra/openpgp/privkey.c, libextra/openpgp/xml.c: First bunch of
+ patches for the opencdk migration.
+
+2007-04-19 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/extras.c: (gnutls_openpgp_keyring_import): Make it work (it seems the old code
+ didn't work). Patch from ludo@chbouib.org (Ludovic Courtès).
+
+2007-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Mention P12 structure.
+
+2007-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * tests/tlsia.c: Check return codes from init functions.
+
+2007-04-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/sign.c: Write NULL in parameters for RSA signing.
+
+2007-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/certtool-cfg.c, src/certtool.c: Use current time as
+ default serial number.
+
+2007-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.8.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: Doc fix.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/gc.c: Need to init libgcrypt with secure memory hooks.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am: Add.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Reorder to make it compile.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4, gl/string_.h, lgl/Makefile.am,
+ lgl/float+.h, lgl/m4/gnulib-comp.m4, lgl/m4/intl.m4,
+ lgl/m4/longdouble.m4, lgl/m4/stdint.m4, lgl/m4/stdio_h.m4,
+ lgl/m4/vasnprintf.m4, lgl/printf-args.c, lgl/printf-args.h,
+ lgl/printf-parse.c, lgl/stdio_.h, lgl/string_.h, lgl/time_.h,
+ lgl/vasnprintf.c, lgl/wchar_.h: Update.
+
+2007-04-16 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/gc-libgcrypt.c, lib/gnutls_handshake.c,
+ lib/gnutls_session_pack.c, lib/x509/output.c, lib/x509/verify.c: Fix
+ warnings, tiny patch from Andreas Metzler
+ <ametzler@downhill.at.eu.org>.
+
+2007-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Fix.
+
+2007-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Fix.
+
+2007-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2007-04-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_psk.c: (gnutls_psk_set_client_credentials): Fix prototype.
+
+2007-04-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-04-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am, lib/Makefile.am, src/cli.c, src/serv.c:
+ Respect ENABLE_AUTHZ.
+
+2007-04-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c: Make tls-authz conditional on
+ ENABLE_AUTHZ.
+
+2007-04-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add anon conditional.
+
+2007-04-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix --disable-*.
+
+2007-04-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add --disable-tls-authorization.
+
+2007-04-10 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openpgp.c: (gnutls_certificate_set_openpgp_key): Allocate certificate structure
+ properly. Tiny patch from ludo@chbouib.org (Ludovic Courtès).
+
+2007-04-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Make -d work again after last change.
+
+2007-04-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-04-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: (gnutls_x509_crt_get_key_id): Don't fail on non-RSA/DSA public keys.
+
+2007-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c, src/cli.gaa, src/common.c, src/common.h,
+ src/serv-gaa.c, src/serv.gaa: Use gnutls_cipher_suite_info.
+
+2007-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
+ gnutls_cipher_suite_info API, suggested by Howard Chu
+ <hyc@symas.com>.
+
+2007-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Don't hard code algorithm list.
+
+2007-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add
+ new APIs to list supported algorithms: gnutls_cipher_list,
+ gnutls_mac_list, gnutls_compression_list, gnutls_protocol_list,
+ gnutls_certificate_type_list, and gnutls_kx_list. Suggested by
+ Howard Chu <hyc@symas.com>.
+
+2007-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h: Simplify kx
+ definition, since gnutls-extra no longer touches it.
+
+2007-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Init the library immediately (for print_list(), called
+ by gaa_parser, to be able to call gnutls functions).
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: $(LIBOPENCDK_LIBS) should be necessary here,
+ since libgnutls-extra links to it.
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Fix LIBOPENCDK_LIBS. No need for
+ AM_CPPFLAGS += $(LIBOPENCDK_CFLAGS), the new macro add necessary
+ -I's to CPPFLAGS automatically.
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Need stddef.h for opencdk.h.
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getpass.c, gl/getpass.h, gl/gnulib.mk, gl/m4/getpass.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, lgl/.cvsignore,
+ lgl/Makefile.am, lgl/getdelim.c, lgl/getdelim.h, lgl/getline.c,
+ lgl/getline.h, lgl/getpass.c, lgl/getpass.h, lgl/m4/getdelim.m4,
+ lgl/m4/getline.m4, lgl/m4/getpass.m4, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4: Update.
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix LIBGNUTLS_EXTRA_* for cdk changes.
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, m4/opencdk.m4: Use AC_LIB_HAVE_LINKFLAGS to find
+ opencdk, remove opencdk.m4.
+
+2007-04-03 Simon Josefsson <simon@josefsson.org>
+
+ * build-aux/gendocs.sh, gl/stdbool_.h, lgl/Makefile.am,
+ lgl/alloca_.h, lgl/asprintf.c, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/iconv.m4, lgl/m4/intdiv0.m4,
+ lgl/stat_.h, lgl/stdbool_.h, lgl/vasprintf.c: Update.
+
+2007-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: No need to error about unknown algorithm, it
+ already says unknown.
+
+2007-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Remove #if GNUTLS_PK_LOOP madness that
+ hides problems. (gnutls_pk_algorithm_get_name): Don't return GOST for unsupported
+ algorithms (e.g., ECC).
+
+2007-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c: No need for vasprintf.h.
+
+2007-03-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c, gl/string_.h, gl/version-etc.c, lgl/.cvsignore,
+ lgl/Makefile.am, lgl/asprintf.c, lgl/des.c, lgl/dummy.c,
+ lgl/float+.h, lgl/m4/gnulib-comp.m4, lgl/m4/printf-posix.m4,
+ lgl/m4/stdio_h.m4, lgl/m4/vasnprintf.m4, lgl/m4/vasprintf.m4,
+ lgl/printf-parse.c, lgl/stdio_.h, lgl/string_.h, lgl/vasnprintf.c,
+ lgl/vasprintf.c, lgl/vasprintf.h: Update.
+
+2007-03-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
+ doc/examples/ex-rfc2818.c, src/crypt.c: Use size_t at appropriate
+ places. Tiny patch by Deanna Phillips <deanna@sdf.lonestar.org>.
+
+2007-03-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c: Need netinet/in.h. Tiny patch from Deanna
+ Phillips <deanna@sdf.lonestar.org>.
+
+2007-03-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-padding/pkcs1-pad: Trim whitespace from 'wc' output.
+ Tiny patch from Deanna Phillips <deanna@sdf.lonestar.org>.
+
+2007-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2007-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: (gnutls_x509_crt_set_version): Doc fix, tiny patch from Florian
+ Weimer <fweimer@bfk.de>.
+
+2007-03-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/netinet_in_h.m4,
+ gl/m4/sys_socket_h.m4, gl/netinet_in_.h, gl/socket_.h,
+ lgl/Makefile.am, lgl/des.c, lgl/des.h, lgl/dummy.c,
+ lgl/gc-gnulib.c, lgl/m4/gnulib-comp.m4, lgl/m4/snprintf.m4,
+ lgl/m4/stdbool.m4, lgl/m4/stdio_h.m4, lgl/m4/sys_socket_h.m4,
+ lgl/m4/vasnprintf.m4, lgl/snprintf.c, lgl/socket_.h,
+ lgl/stdbool_.h, lgl/stdint_.h, lgl/stdio_.h, lgl/vasnprintf.c,
+ lgl/vasnprintf.h, lgl/vasprintf.h: Update.
+
+2007-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-03.txt: Update,
+
+2007-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Simplify error handling.
+
+2007-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Doc fix.
+
+2007-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump due to added APIs.
+
+2007-03-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Prefer aes256.
+
+2007-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2007-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, maint-cfg.mk: Work around config.rpath issue.
+
+2007-03-06 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/stdio_.h: Update.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Use libgnutls' priorities.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/dhepskself.c: Remove priority setting. Fix output.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-authz.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client2.c, doc/examples/ex-serv-pgp.c: Remove
+ confusing priority setting stuff.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * .cvsignore, build-aux/.cvsignore, doc/.cvsignore: [no log message]
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_authz.c: Don't assert when no authz.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Use default ciphers. Simplify SRP callback.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: (gnutls_set_default_priority): Fix defaults.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Let libgnutls remove SRP/PSK if not used.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Indent and doc fix.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/gnutls_priority.h, lib/gnutls_record.c,
+ lib/gnutls_state.c: Remove gnutls_priority.h, not needed.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Reorder.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Reorder.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Reorder.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, build-aux/GNUmakefile, build-aux/config.rpath,
+ build-aux/gendocs.sh, build-aux/link-warning.h, build-aux/maint.mk,
+ gendocs.sh, gl/gnulib.mk, gl/m4/gnulib-cache.m4, lgl/Makefile.am,
+ lgl/m4/gnulib-cache.m4, link-warning.h, maint.mk: Fixes for
+ build-aux.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use build-aux/.
+
+2007-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-03.txt,
+ lgl/m4/gnulib-comp.m4, lgl/m4/time_r.m4, lgl/m4/vasnprintf.m4,
+ lgl/m4/vasprintf.m4, lgl/time_.h, lgl/vasnprintf.c,
+ lgl/vasnprintf.h, lgl/vasprintf.h: Updaet.
+
+2007-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-salowey-tls-rsa-aes-gcm-00.txt: Add.
+
+2007-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * po/sv.po: Sync with TP.
+
+2007-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * po/pl.po: Sync with TP.
+
+2007-02-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-nir-tee-pm-00.txt: Add.
+
+2007-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/.cvsignore: [no log message]
+
+2007-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add authz server.
+
+2007-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Add authz.
+
+2007-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-authz.c: Add.
+
+2007-02-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-authz.c, doc/gnutls.texi: Add.
+
+2007-02-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Add credits.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Minor tweaks to proxy output.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Typo.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/dn.c: Other cert.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add dn.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/dn.c: Add.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Rename.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Rename non-released functions.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.h: Remove.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Code cleanup and documentation of last patch.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h, lib/x509/x509.h: Fix.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h, lib/x509/x509.c, lib/x509/x509.h: New APIs
+ to deal with DN's. Patch from Howard Chu <hyc@symas.com>.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.7.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/.cvsignore: [no log message]
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c, gl/gnulib.mk, gl/m4/gnulib-comp.m4,
+ gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
+ lgl/m4/gnulib-comp.m4, lgl/m4/intdiv0.m4, lgl/m4/snprintf.m4,
+ lgl/m4/stdio_h.m4, lgl/m4/string_h.m4, lgl/m4/unistd_h.m4,
+ lgl/snprintf.c, lgl/snprintf.h, lgl/stdio_.h, lgl/string_.h,
+ lgl/unistd_.h, link-warning.h: Update.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_authz.c, lib/gnutls_supplemental.c: Typo.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_extensions.h: Revert.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: New flags for authz extension.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_authz.c: Use our own logic to determine whether to send
+ extension replies in server.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.h: Add prototype for
+ _gnutls_extension_list_check, we use it in ext_authz.c.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c: Remove static from
+ _gnutls_extension_list_check, we use it in ext_authz.c
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_authz.c: Don't send authz extension when we shouldn't.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h: Generated.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/serv.c: Fix #include's.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/cli.gaa: Support gnutls-cli --authz-x509-attr-cert
+ and --authz-saml-assertion.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
+ src/serv.gaa: Support gnutls-serv --authz-x509-attr-cert and
+ --authz-saml-assertion.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix so version due to added APIs.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore more.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Revert.
+
+2007-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.pc.in: Revert Requires-change.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_extensions.c: Add authz extension.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_authz.c: Typo.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_supplemental.c: Add authz hooks.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Fix type (in never released
+ prototypes).
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Add authz stuff.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Build ext_authz.h and ext_authz.c.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_authz.c, lib/ext_authz.h: New file.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_supplemental.h: Sync with
+ gnutls_supplemental.c.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_supplemental.c: Fill in type+length.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Add gnutls_authz_recv_callback_func
+ and gnutls_authz_send_callback_func. Add gnutls_authz_enable,
+ gnutls_authz_send_x509_attr_cert, gnutls_authz_send_saml_assertion,
+ gnutls_authz_send_x509_attr_cert_url, and
+ gnutls_authz_send_saml_assertion_url. Remove GNUTLS_AUTHZ_LAST from
+ gnutls_authz_data_format_type_t (never part of any release).
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_supplemental.c: If callbacks failed to provide
+ anything, at least send protocol valid (yet semantically invalid)
+ supplemental message.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Add for supplemental support.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Support supplemental handshake messages.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Add gnutls_supplemental.h and
+ gnutls_supplemental.c.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_supplemental.c, lib/gnutls_supplemental.h: New file.
+
+2007-02-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2007-02-19 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Add gnutls_supplemental_get_name.
+ Fix gnutls_authz_data_format_type_t.
+
+2007-02-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/debug.c: Support SUPPLEMENTAL handshake type.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: update
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check/hostname-check.c: Tests ipAddress SAN's too.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check/hostname-check.c: Test wildcard stuff too.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/rfc2818_hostname.c: Indent.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/rfc2818_hostname.c: Support iPAddress too. Doc fix.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check/hostname-check.c: Fix mem leak.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/rfc2818_hostname.c: Doc fix.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/rfc2818_hostname.c: Don't treat absence of CN in subject
+ as a successful RFC 2818 hostname comparison match. Reported by
+ "Richard W.M. Jones" <rjones@redhat.com>.
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/hostname-check/.cvsignore: [no log message]
+
+2007-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, tests/Makefile.am,
+ tests/hostname-check/Makefile.am, tests/hostname-check/README,
+ tests/hostname-check/hostname-check.c: Add self test of rfc2818
+ server identity check.
+
+2007-02-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.pc.in: Add 'Requires: libtasn1' to make 'pkg-config
+ --libs gnutls' output -ltasn1. Reported by Pavlov Konstantin
+ <thresh@altlinux.ru>.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_hash_int.c: Avoid assert.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Make sure NULL is a pointer.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Change vararg 0 to NULL. Tiny change suggested by
+ Joe Orton <joe@manyfish.co.uk>.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Fix gnutls_authz_data_format_type_t.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Add
+ gnutls_supplemental_data_format_type_t with member
+ GNUTLS_SUPPLEMENTAL_AUTHZ_DATA.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Add gnutls_authz_data_format_type_t,
+ with members GNUTLS_AUTHZ_X509_ATTR_CERT,
+ GNUTLS_AUTHZ_SAML_ASSERTION, GNUTLS_AUTHZ_X509_ATTR_CERT_URL,
+ GNUTLS_AUTHZ_SAML_ASSERTION_URL.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Reorder.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Add GNUTLS_EXTENSION_AUTHZ_CLIENT and
+ GNUTLS_EXTENSION_AUTHZ_SERVER.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Add GNUTLS_HANDSHAKE_SUPPLEMENTAL.
+
+2007-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Spell out handshake types.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use error().
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Cleanup p12 printing.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Cleanup pkcs7_info.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Better errors.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.gaa: Remove --copyright (use --version).
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use version-etc.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix for version-etc.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/stdarg.m4, gl/version-etc-fsf.c, gl/version-etc.c,
+ gl/version-etc.h: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Cleanup CRL.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Cleanup.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Simplify.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Cleanups.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Rewrite generate_private_key_int.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix mem leak.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix crl_info.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Rewrite load_private_key.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Rewrite load_request.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Rewrite load_ca_private_key.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Remove.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Rewrite load_ca_cert.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: No limit on CRL size during verification.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Simplify.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/certificate_set_x509_crl.c: Need config.h.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Use AM_CPPFLAGS, not obsolete INCLUDES.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Need libgnu.la.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/errcodes.c: Need config.h.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_asn1_tab.c, lib/pkix_asn1_tab.c: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove stuff obsoleted by time_r.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Don't check for time.h, not needed.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h: Only use time.h, from gnulib if needed.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/.cvsignore: [no log message]
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: UPdate.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Remove.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/string_.h, lgl/Makefile.am, lgl/m4/gnulib-comp.m4,
+ lgl/m4/time_h.m4, lgl/m4/time_r.m4, lgl/string_.h, lgl/time_.h,
+ lgl/time_r.c, lgl/time_r.h: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/.cvsignore, tests/x509paths/.cvsignore: [no log
+ message]
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/README: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/gnutls-nist-tests.html: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/README: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/pkits_test: Unpack.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/.cvsignore: [no log message]
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/pkits_test: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/pkits_test_list_generator.patch: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/gnutls_test_entry: Remove.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/build-chain, tests/nist-pkits/gnutls_test_entry,
+ tests/nist-pkits/pkits_test_list_generator.patch: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/README: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/README: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/mpi.c: We don't support inherited DSA parameters.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/pkits_crl, tests/nist-pkits/pkits_crt,
+ tests/nist-pkits/pkits_pkcs12, tests/nist-pkits/pkits_smime: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/pkits: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/pkits: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/pkits: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore, tests/nist-pkits/.cvsignore: [no log message]
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/nist-pkits/README, tests/nist-pkits/pkits,
+ tests/nist-pkits/pkits_crl, tests/nist-pkits/pkits_crt,
+ tests/nist-pkits/pkits_pkcs12, tests/nist-pkits/pkits_smime,
+ tests/pkits, tests/pkits_crl, tests/pkits_crt, tests/pkits_pkcs12,
+ tests/pkits_smime: Move PKITS stuff to nist-pkits/.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509paths/README: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/x509paths/chain: fix for chain 1.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chain, tests/x509paths/README, tests/x509paths/chain: Move
+ old NIST stuff to separate directory.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/dn.c: Don't write to buf if *sizeof_buf==0.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Don't use uninitialized.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Don't access ret unless *ret_size>0.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix PKI test.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Simplify copyright.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: Remove.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Remove unused.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Make certtool conditional on ENABLE_PKI.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add conditional for PKI stuff.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Handle larger certificate lists.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: crl: Support GNUTLS_X509_CRT_UNSIGNED_FULL.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use gnutls_x509_crl_print.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/output.c,
+ lib/x509/x509.c: Add gnutls_x509_crl_get_signature and
+ gnutls_x509_crl_print.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use error().
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: We do need lgl/ though.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am, libextra/opencdk/Makefile.am: No need for
+ gl/.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/Makefile.am: Don't include gl/.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/error.c, gl/error.h, gl/gnulib.mk, gl/m4/error.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/progname.c,
+ gl/progname.h: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in: Revert.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/dummy.c, src/lib/Makefile.am, src/lib/error.c,
+ src/lib/error.h, src/lib/m4/error.m4, src/lib/m4/gnulib-cache.m4,
+ src/lib/m4/gnulib-common.m4, src/lib/m4/gnulib-comp.m4,
+ src/lib/m4/gnulib-tool.m4, src/lib/progname.c, src/lib/progname.h:
+ Remove.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: No need for gl/.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix src/lib/.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Build src/lib/.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Init src/lib/.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ src/lib/Makefile.am, src/lib/m4/gnulib-cache.m4,
+ src/lib/m4/gnulib-comp.m4: Update.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/error.c, gl/error.h, gl/m4/error.m4: Remove.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/error.c, gl/error.h, gl/gnulib.mk, gl/m4/error.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, src/lib/Makefile.am,
+ src/lib/error.c, src/lib/error.h, src/lib/m4/error.m4,
+ src/lib/m4/gnulib-cache.m4, src/lib/m4/gnulib-common.m4,
+ src/lib/m4/gnulib-comp.m4, src/lib/m4/gnulib-tool.m4,
+ src/lib/progname.c, src/lib/progname.h: Add.
+
+2007-02-13 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: No size limit on CRL data.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: (_gnutls_x509_san_find_type): Support GNUTLS_SAN_DN.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Support GNUTLS_SAN_DN.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: (parse_general_name): Support GNUTLS_SAN_DN.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in: Add.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.6.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: New APIs, bump libtool library versions.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
+ lgl/m4/string_h.m4, lgl/string_.h: Update.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Use latest docs on web site.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * po/POTFILES.in: Add.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Mark for translation.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pkix_asn1_tab.c: Generated.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Print more than one SAN.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Better printing of XMPP SAN.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pkix.asn: Add XMPP definitions.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Doc fix.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Decode XMPP data. Suggested by Matthias Wimmer
+ <m@tthias.eu>.
+
+2007-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Print X.509 client cert info.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Text fix.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: Update.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: strftime %Z on mingw32 seems to not understand
+ that gmtime was used and that the time given is in UTC. Just hard
+ code it to UTC.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c: Typo.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/asprintf.c, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/vasprintf.m4, lgl/vasprintf.c,
+ lgl/vasprintf.h: Add.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Use gnulib's time_r for systems that lack
+ gmtime_r.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/time_r.m4, lgl/time_r.c, lgl/time_r.h: Add.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pathlen/no-ca-or-pathlen.pem: Fix.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Strings not zero terminated.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Hexprint unknown extensions.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * tests/key-id/key-id, tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: Update.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Remove.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Support GNUTLS_X509_CRT_UNSIGNED_FULL.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use gnutls_x509_crt_print.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h: Add.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Fix error messages.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Really fix.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Fix.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Change signature (ok since no release).
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Use datum for outputs.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-tls-authz-extns-07.txt: Add.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Simplify.
+
+2007-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/extensions.c: Don't crash on NULL's.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add, from older branches.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/output.c: Doc fix.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Build output.c.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/output.c: Add.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/x509.c: Add
+ gnutls_x509_crt_get_signature.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: gnutls-serv: create client & proxy too.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: Default proxy policy is ALL. Fixes crash.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/extensions.c: Fix warnings.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c, lib/gnutls_str.h: Add
+ _gnutls_string_append_printf.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/x509.c: Add
+ gnutls_x509_crt_get_extension_data and
+ gnutls_x509_crt_get_extension_info.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: XMPP otherName SAN support.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/x509/x509.c: Fix.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Doc fix.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Support XMPP OID.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Doc fix.
+
+2007-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, includes/gnutls/x509.h,
+ lib/x509/common.c, lib/x509/x509.c, src/certtool.c: Support
+ otherName SAN's.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: add tcp and tlsia
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Fix.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Don't say TLS 1.0.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_sig.c: Fix DSA sign, broken by last commit.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_sig.c: Fix TLS 1.2 signing (for servers).
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: dsa key
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_sig.c: Fix crash on failures.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-00.txt,
+ doc/protocol/draft-ietf-tls-srp-01.txt,
+ doc/protocol/draft-ietf-tls-srp-02.txt,
+ doc/protocol/draft-ietf-tls-srp-03.txt,
+ doc/protocol/draft-ietf-tls-srp-04.txt,
+ doc/protocol/draft-ietf-tls-srp-05.txt,
+ doc/protocol/draft-ietf-tls-srp-06.txt,
+ doc/protocol/draft-ietf-tls-srp-07.txt: Add.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.5.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
+ lgl/m4/string_h.m4, lgl/string_.h: Update.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Reorder.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Don't ask for PSK if we don't have credentials for it.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: mention psk
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: (_gnutls_remove_unwanted_ciphersuites): Remove GNUTLS_KX_SRP_RSA or
+ GNUTLS_KX_SRP_DSS if there is no SRP credential.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: fix
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: fix
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Don't try to negotiate SRP kx if we don't have SRP
+ username/password.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Prefer PSK.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/serv.c: Modernize priorities.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: more
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Parse new MACs.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Prefer OpenPGP certs from client.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c: Generated.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Typo in last commit.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.gaa: Typo.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Fix --list.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_hash_int.c: Revert, not needed.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_hash_int.c: (_gnutls_hash_get_algo_len): Handle NULL MACs again, broken by last
+ commit.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Fix last commit.
+
+2007-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Support TLS 1.2 and AES 256.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.4.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: use static DH params if none or provided
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c, tests/dhepskself.c, tests/resume.c,
+ tests/tlsia.c, tests/utils.c, tests/utils.h: Use static DH.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pskself.c: No dh here.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Reorder.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/sha2/.cvsignore: [no log message]
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, tests/Makefile.am: Add SHA-2 self test.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/sha2/Makefile.am, tests/sha2/key-ca.pem,
+ tests/sha2/key-subca.pem, tests/sha2/key-subsubca.pem,
+ tests/sha2/key-user.pem, tests/sha2/sha2: Add.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: Set pathlength to -1 (not present) by default,
+ for templates.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-gaa.c: Generated.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c, src/certtool.gaa: Support --hash SHA-256/384/512.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
+ lib/x509/common.h, lib/x509/dn.c, lib/x509/x509.h: Support
+ (RSA-)SHA-256/384/512.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/gc-libgcrypt.c, lgl/gc.h: Update.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: (GNUTLS_SIGN_ALG_LOOP): Don't match unknown algorithms to GOST.
+ Affects gnutls_sign_algorithm_get_name, and
+ _gnutls_x509_sign_to_oid.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in: Enum types for SHA-256/384/512.
+
+2007-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gnulib.mk, gl/m4/gnulib-comp.m4, gl/m4/string_h.m4,
+ gl/stdbool_.h, gl/string_.h, lgl/Makefile.am,
+ lgl/m4/gnulib-comp.m4, lgl/m4/string_h.m4, lgl/memmem.c,
+ lgl/string_.h: Update.
+
+2007-02-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-04 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gai_strerror.c, gl/gnulib.mk, gl/m4/gnulib-comp.m4,
+ gl/m4/socklen.m4, gl/m4/string_h.m4, gl/string_.h, lgl/Makefile.am,
+ lgl/m4/gnulib-comp.m4, lgl/m4/socklen.m4, lgl/m4/string_h.m4,
+ lgl/string_.h: Update.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/signatures.texi: Removed the wrong file, re-add this one.
+ Oops.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Remove bibliography.texi.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/bibliography.texi, doc/signatures.texi: Remove.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Don't use my-bib-macros.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/my-bib-macros.texi: use pxref.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/my-bib-macros.texi: Fix.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: proxy and certtool stuff
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Doc fix.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/bibliography.texi: reorder
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/bibliography.texi: Add rfc3820.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Mention RFC 3820.
+
+2007-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Improve extensions stuff.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.3.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem: Update.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Print times in UTC.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/key-id/.cvsignore: [no log message]
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Reorder.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, tests/Makefile.am, tests/key-id/Makefile.am,
+ tests/key-id/README, tests/key-id/ca-gnutls-keyid.pem,
+ tests/key-id/ca-no-keyid.pem, tests/key-id/ca-weird-keyid.pem,
+ tests/key-id/key-ca.pem, tests/key-id/key-id,
+ tests/key-id/key-user.pem: Add key-id self test.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Don't print proxy info if there aren't any proxy
+ extension.
+
+2007-02-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4785.txt: Add.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use the CA's SKI as the AKI value, if it is
+ present. Reported by Dale Sedivec
+ <dale-keyword-gnutls.5670f1@codefu.org>.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: Doc fix.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Add.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: Fix last commit.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Support
+ reading/generating proxy certificates in certtool.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/extensions.c,
+ lib/x509/extensions.h, lib/x509/x509.c: Add
+ gnutls_x509_crt_get_proxy.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: Fix last commit.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: (gnutls_x509_crt_set_proxy_dn): Permit NULL @name's.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention RFC 3820.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509_write.c:
+ Add proxy certificate APIs.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: Have RET for path lengths to mean -1.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.cvsignore, lgl/.cvsignore: [no log message]
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h: String.h from gnulib now makes sure memmem is
+ available.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * gl/strdup.h, lgl/memmem.h: Remove.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c, gl/gnulib.mk, gl/m4/absolute-header.m4,
+ gl/m4/extensions.m4, gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/strdup.m4, gl/m4/string_h.m4, gl/socket_.h, gl/strdup.c,
+ gl/string_.h, lgl/Makefile.am, lgl/m4/extensions.m4,
+ lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4, lgl/m4/memmem.m4,
+ lgl/m4/stdint.m4, lgl/m4/string_h.m4, lgl/m4/unistd_h.m4,
+ lgl/m4/wchar.m4, lgl/printf-args.c, lgl/printf-args.h,
+ lgl/printf-parse.c, lgl/socket_.h, lgl/stdint_.h, lgl/string_.h,
+ lgl/vasnprintf.c, lgl/wchar_.h: Update.
+
+2007-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pathlen/.cvsignore: Add.
+
+2007-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, tests/Makefile.am, tests/pathlen/Makefile.am,
+ tests/pathlen/ca-no-pathlen.pem,
+ tests/pathlen/no-ca-or-pathlen.pem, tests/pathlen/pathlen: Test for
+ pathlen bug (and general certificate parsing).
+
+2007-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/extensions.c: (_gnutls_x509_ext_extract_basicConstraints): Make sure
+ pathLenConstraint is read, even if CA reading fails.
+
+2007-01-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp: Add comment to
+ describe C++ compiler bug problem.
+
+2007-01-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutlsxx.h, lib/gnutlsxx.cpp: Fix C++ compiler bug
+ in a "better" way, tiny patch from Matthias Scheler
+ <tron@NetBSD.org>.
+
+2007-01-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-01-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_extra_hooks.h,
+ libextra/gnutls_openpgp.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/privkey.c: Fix import of ASCII armored OpenPGP
+ keys, patch from ludovic.courtes@laas.fr (Ludovic Courtès).
+
+2007-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-rescorla-tls-extractor-00.txt: Add.
+
+2007-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2007-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.2.
+
+2007-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/gc-gnulib.c, lgl/m4/gnulib-comp.m4,
+ lgl/m4/unistd_h.m4, lgl/m4/wint_t.m4, lgl/unistd_.h: Update.
+
+2007-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/pubkey.c: Doc fix.
+
+2007-01-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c: (cdk_pubkey_to_sexp, cdk_seckey_to_sexp): New functions, from Mario
+ Lenz <mario.lenz@gmx.net>.
+
+2007-01-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2007-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutlsxx.cpp: Make it compile by commenting out call to
+ virtual method (possibly incorrect but I don't know what the
+ intention was).
+
+2007-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Don't use -mms-bitfields
+ --enable-runtime-pseudo-reloc.
+
+2007-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am: Fix objdir!=srcdir.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: (generate_pkcs12): Read more than one certificate, if there are more
+ available, and store them in the PKCS12 blob. Suggested by Sascha
+ Ziemann <sascha.ziemann@secunet.com>.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore gnutls_extra_hooks.h.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Add.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Reorder lgl/ and gl/, to make sure lgl is built
+ before gl.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, includes/gnutls/x509.h,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
+ lib/x509/x509_write.c, src/certtool-cfg.c, src/certtool-cfg.h,
+ src/certtool.c: Support pathLenConstraint.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: libgnu.la depends on liblgnu.la, so don't
+ add it twice.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gnulib.mk, gl/m4/gnulib-cache.m4: Getaddrinfo
+ needs snprintf from ../lgl/, so make libgnu.la depend on liblgnu.la.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_extra.c: Need strverscmp.h.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls.vers: Don't export _E_*, they are only needed inside
+ libgnutls now. Fix copyright years.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/Makefile.am, lib/auth_cert.c, lib/auth_dh_common.c,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/auth_srp_rsa.c, lib/gnutls_cert.c, lib/gnutls_extra_hooks.c,
+ lib/gnutls_extra_hooks.h, libextra/gnutls_extra.c: Cleanup gnutls vs
+ gnutls-extra integration, for OpenPGP certs.
+
+2007-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_extra.c: Replace libgcrypt version check with
+ strverscmp. No need to duplicate prototype found in gnutls.h for
+ gnutls_check_version.
+
+2007-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-common.m4, gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4,
+ lgl/gc-gnulib.c, lgl/gc-libgcrypt.c, lgl/m4/gc-arcfour.m4,
+ lgl/m4/gc-arctwo.m4, lgl/m4/gc-des.m4, lgl/m4/gc-hmac-md5.m4,
+ lgl/m4/gc-hmac-sha1.m4, lgl/m4/gc-md2.m4, lgl/m4/gc-md4.m4,
+ lgl/m4/gc-md5.m4, lgl/m4/gc-random.m4, lgl/m4/gc-rijndael.m4,
+ lgl/m4/gc-sha1.m4, lgl/m4/gnulib-common.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/lib-link.m4: Update.
+
+2007-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/lib-link.m4, lgl/Makefile.am, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/lib-link.m4: Update.
+
+2007-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2007-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2007-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert part of patch.
+
+2007-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, src/Makefile.am: Tiny patch from
+ ludovic.courtes@laas.fr (Ludovic Courtès). * configure.in: Look for `gaa', issuing a warning with the URL if
+ not found. * src/Makefile.am (*-gaa.c): Use `$(GAA)' instead of `gaa'. Mark
+ `.gaa' files as being in `$(srcdir)', thereby allowing for
+ out-of-source-tree builds.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Don't dist mkinstalldirs, automake no longer copies
+ it.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.1.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_asn1_tab.c: Generate.
+
+2006-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.asn: Fix comment to make it parse correctly.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_sig.c: Fix signature verification for DSA signatures in
+ TLS 1.2, reported by ludovic.courtes@laas.fr (Ludovic Courtès). (_gnutls_pkcs1_rsa_verify_sig): Rename to _gnutls_verify_sig, and
+ add new parameter SHA1POS to indicate where in hash_concat the SHA.1
+ hash is stored (for DSA). (_gnutls_verify_sig_hdata): Pass proper SHA1POS. (_gnutls_verify_sig_params): Likewise.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/manpages/Makefile.am, lib/Makefile.am,
+ lib/x509/Makefile.am, libextra/Makefile.am,
+ libextra/openpgp/Makefile.am: Tiny patch from
+ ludovic.courtes@laas.fr (Ludovic Courtès). * doc/Makefile.am: Refer to `sort2.pl' as
+ `$(srcdir)/scripts/sort2.pl' instead of `scripts/sort2.pl'. * doc/manpages/Makefile.am: Refer to `gdoc' as `$(top_srcdir)/doc/scripts/gdoc' instead of `../scripts/gdoc'. * doc/lib/Makefile.am: Likewise. * doc/lib/x509/Makefile.am: Likewise. * doc/libextra/Makefile.am: Likewise. * doc/libextra/openpgp/Makefile.am: Likewise.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c: (_gnutls_gen_cert_server_cert_req): For TLS 1.2, generate conforming
+ cert requests (i.e., include a empty list of supported hashes).
+ Report and tiny patch from ludovic.courtes@laas.fr (Ludovic
+ Courtès).
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/userid/.cvsignore: [no log message]
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: (_oid2str): Mark UID as a CHOICE-field (i.e., DirectoryString). (_gnutls_x509_oid_data2string): Handle ia5String in CHOICEs. Fixes
+ problem reported by Max Kellermann <max@duempel.org>.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pkix_asn1_tab.c: Generated.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/pkix.asn: Encoded UID DN fields as DirectoryString (e.g.,
+ PrintableString), not as IA5String. Add IA5String as a CHOICE for
+ DirectoryString, to deal with backwards compatibility if there are
+ IA5String UID fields out there that were generated by older
+ versions. Reported by Max Kellermann <max@duempel.org>.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/userid/userid: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add tests/userid/.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add userid/.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/userid/Makefile.am, tests/userid/userid.pem: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: (generate_rdn_seq): Store subject DN instead of issuer DN in the
+ certificate authority list, to make sure server's send the proper
+ list of expected CAs to the client. Reported by Max Kellermann
+ <max@duempel.org>.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: (gnutls_certificate_set_x509_crl): Initialize before use, reported
+ by Max Kellermann <max@duempel.org>.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, tests/Makefile.am, tests/certificate_set_x509_crl.c:
+ Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/lib-link.m4, gl/strdup.h, lgl/m4/lib-link.m4,
+ lgl/m4/stdint.m4: Update.
+
+2006-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-13.txt: Add.
+
+2006-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-gssapi-01.txt: Add.
+
+2006-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-rescorla-tls-opaque-prf-input-00.txt,
+ doc/protocol/draft-rescorla-tls-suiteb-00.txt: Add.
+
+2006-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/de.po: Sync with TP.
+
+2006-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * m4/intl.m4, m4/intldir.m4, m4/lock.m4, m4/visibility.m4: Remove
+ (should have just been .cvsignore'd).
+
+2006-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * m4/.cvsignore: [no log message]
+
+2006-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * m4/intl.m4, m4/intldir.m4, m4/lock.m4, m4/visibility.m4: Add.
+
+2006-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2006-12-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Doc fix.
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, lgl/Makefile.am: Update.
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Put in devel/ directory. Disable doc generation.
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.7.0.
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, lgl/Makefile.am: Fix gnulib-tool bug.
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_priority.c: Attempt TLS 1.2 and TLS 1.1 too, by
+ default.
+
+2006-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-11-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gettext.h, lgl/Makefile.am, lgl/gettext.h,
+ lgl/m4/eoverflow.m4, lgl/m4/size_max.m4, lgl/m4/stdint.m4: Update.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c: Print TLS version too.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c: More debugging.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/utils.c: Output more debug info.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/keyserver.c: Doc fix.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/opencdk.h: Doc fixes.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
+ libextra/opencdk/keygen.c, libextra/opencdk/keylist.c,
+ libextra/opencdk/sign.c: Doc fix.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/kbnode.c, libextra/opencdk/keygen.c,
+ libextra/opencdk/sign.c: Doc fix.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/keydb.c: Doc fix.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_ia.c: Use new internal PRF API.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_sig.c: To use NULL
+ DigestInfo.AlgorithmsIdentifier.parameters or not, that is the
+ question.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Move AM_CONDITIONAL outside of 'if gcc' clause,
+ fixes problem reported by "Michael C. Vergallen"
+ <mvergall@telenet.be>.
+
+2006-11-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
+ lib/gnutls_kx.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/gnutls_state.h: Client TLS 1.2 support. Works against
+ www.mikestoolbox.org:4433.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Support "TLS1.2" as protocol name.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: (gnutls_protocol_t): Add GNUTLS_TLS1_2.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Support TLS 1.2.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getaddrinfo.c, gl/imaxtostr.c, gl/intprops.h,
+ gl/inttostr.c, gl/inttostr.h, gl/m4/absolute-header.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/inttostr.m4, gl/m4/longlong.m4,
+ gl/m4/stdint.m4, gl/m4/ulonglong.m4, gl/offtostr.c, gl/stdint_.h,
+ gl/uinttostr.c, gl/umaxtostr.c, lgl/m4/alloca.m4, lgl/m4/gettext.m4:
+ Update.
+
+2006-11-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-11-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-evidence-extns-01.txt: Add.
+
+2006-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Release do non-devel directory.
+
+2006-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.6.0.
+
+2006-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Fix copyright years.
+
+2006-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2006-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.5.5.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: (gnutls_record_recv): Fix docstring, suggested by Tim Kosse
+ <tim.kosse@filezilla-project.org>.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-sasl-rfc2831bis-11.txt: Remove, oops wrong
+ project.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-sasl-rfc2831bis-11.txt: Add.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/Makefile.am: Remove.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gettext.h, gl/m4/gnulib-comp.m4,
+ gl/m4/lib-link.m4, gl/m4/longlong.m4, gl/stdint_.h,
+ lgl/Makefile.am, lgl/gettext.h, lgl/m4/gnulib-comp.m4,
+ lgl/m4/lib-link.m4, lgl/m4/longlong.m4, lgl/stdint_.h: Update.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/chain1-expect.log,
+ tests/rsa-md5-collision/chain2-expect.log: Remove.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/rsa-md5-collision: Remove -x.
+
+2006-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/rsa-md5-collision: Make it work under
+ mingw32.
+
+2006-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions (done incorrectly in the 1.5.4
+ release).
+
+2006-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-x509-info.c: Fix cert_list_size type to match API,
+ reported by Tim Kosse <tim.kosse@filezilla-project.org>.
+
+2006-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-hajjeh-tls-identity-protection-00.txt: Add.
+
+2006-11-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-hajjeh-tls-sign-02.txt: Add.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.5.4.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/strverscmp.m4, lgl/strverscmp.c, lgl/strverscmp.h,
+ lib/gnutls_global.c: Use strverscmp.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Typo.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/manpages/Makefile.am: Add.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_ia.c: Doc fix.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: More errno discussion regarding push/pull
+ functions.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Don't use errno to avoid thread-safety
+ issues.
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Convert to EINTR/EAGAIN errno under Windows,
+ using WSAGetLastError().
+
+2006-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_buffers.c,
+ lib/gnutls_int.h: Add new APIs to set errno for push/pull functions,
+ suggested by tim.kosse@filezilla-project.org.
+
+2006-11-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, libextra/Makefile.am: Remove SOVERSION (see
+ configure.in).
+
+2006-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Set SOVERSION here.
+
+2006-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/.cvsignore: [no log message]
+
+2006-11-05 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/openpgp.h: (gnutls_openpgp_key_get_pk_algorithm): Fix prototype.
+
+2006-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/printf-parse.c: Update.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/pgp.c: (gnutls_openpgp_key_get_fingerprint): Doc fix. Reported by
+ ludovic.courtes@laas.fr (Ludovic Courtès).
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/pgp.c: (gnutls_openpgp_key_get_name): Make SIZEOF_BUF contain
+ actual/required buffer size on return. Suggested by
+ ludovic.courtes@laas.fr (Ludovic Courtès).
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/openpgp.h, libextra/openpgp/pgp.c,
+ libextra/openpgp/privkey.c: Fix return types.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_v2_compat.c: Have SSLv2 ClientHello's for unknown
+ versions negotiate the highest version we support, instead of the
+ lowest. Reported by Pasi.Eronen@nokia.com.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Simplify ssize_t test.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-cert-select.c: Remove duplicate #include
+ <sys/stat.h>.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/defines.h: Simplify #include's using gnulib
+ modules.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c, gl/getdelim.c, gl/getline.c, gl/gettext.h,
+ gl/m4/lib-link.m4, gl/readline.c, lgl/Makefile.am, lgl/arcfour.c,
+ lgl/arctwo.c, lgl/des.c, lgl/gc-gnulib.c, lgl/gc-libgcrypt.c,
+ lgl/gc-pbkdf2-sha1.c, lgl/gettext.h, lgl/hmac-md5.c,
+ lgl/hmac-sha1.c, lgl/m4/codeset.m4, lgl/m4/gettext.m4,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, lgl/m4/intl.m4,
+ lgl/m4/intldir.m4, lgl/m4/intmax.m4, lgl/m4/inttypes-h.m4,
+ lgl/m4/inttypes-pri.m4, lgl/m4/lib-link.m4, lgl/m4/lock.m4,
+ lgl/m4/signed.m4, lgl/m4/sys_stat_h.m4, lgl/m4/unistd_h.m4,
+ lgl/m4/vasnprintf.m4, lgl/md2.c, lgl/md4.c, lgl/memxor.c,
+ lgl/read-file.c, lgl/rijndael-alg-fst.c, lgl/rijndael-api-fst.c,
+ lgl/stat_.h: Update.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/m4/gnulib-comp.m4, lgl/m4/sys_stat_h.m4, lgl/stat_.h: Update.
+
+2006-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.5.3.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/.cvsignore: [no log message]
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/Makefile.am: Fix -I's.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/Makefile.am: Dist more.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/rsa-md5-collision/README: Add.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, libextra/Makefile.am, src/Makefile.am,
+ tests/Makefile.am: Change lgpl/ library name.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/m4/gnulib-cache.m4: Change lgpl/ library name
+ to liblgnu, to avoid weird libtool errors.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/Makefile.am, lgl/stdint_.h: Update.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getaddrinfo.c, gl/imaxtostr.c, gl/intprops.h,
+ gl/inttostr.c, gl/inttostr.h, gl/m4/absolute-header.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/inttostr.m4, gl/m4/longlong.m4,
+ gl/m4/stdint.m4, gl/m4/ulonglong.m4, gl/offtostr.c, gl/stdint_.h,
+ gl/uinttostr.c, gl/umaxtostr.c: Add.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/encrypt.c, libextra/opencdk/opencdk.h: Update to
+ 0.5.11.
+
+2006-10-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Be specific about SSLv2 security problems.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/rsa-md5-collision: Fix distcheck.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/Makefile.am: Dist more.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12-decode/.cvsignore: [no log message]
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add tests.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/pkcs12-decode/Makefile.am,
+ tests/pkcs12-decode/pkcs12, tests/pkcs12_neon: Move pkcs12 tests to
+ pkcs12-decode/.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs8-decode/pkcs8: More debugging info.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs8-decode/.cvsignore: [no log message]
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/enc2pkcs8.pem, tests/encpkcs8.pem,
+ tests/pkcs8, tests/pkcs8-decode/Makefile.am,
+ tests/pkcs8-decode/enc2pkcs8.pem, tests/pkcs8-decode/encpkcs8.pem,
+ tests/pkcs8-decode/pkcs8, tests/pkcs8-decode/unencpkcs8.pem,
+ tests/unencpkcs8.pem: Move pkcs8 tests to pkcs8-decode/.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Move pkcs1-pad stuff to pkcs1-padding/. Add
+ rsa-md5-collision/.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-padding/.cvsignore,
+ tests/rsa-md5-collision/.cvsignore: [no log message]
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/rsa-md5-collision/Makefile.am,
+ tests/rsa-md5-collision/chain1-expect.log,
+ tests/rsa-md5-collision/chain2-expect.log,
+ tests/rsa-md5-collision/mbox,
+ tests/rsa-md5-collision/rsa-md5-collision: Add.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-padding/Makefile.am, tests/pkcs1-padding/pkcs1-pad,
+ tests/pkcs1-padding/pkcs1-pad-broken.pem,
+ tests/pkcs1-padding/pkcs1-pad-broken2.pem,
+ tests/pkcs1-padding/pkcs1-pad-broken3.pem,
+ tests/pkcs1-padding/pkcs1-pad-ok.pem,
+ tests/pkcs1-padding/pkcs1-pad-ok2.pem: Moved from ../.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad, tests/pkcs1-pad-broken.pem,
+ tests/pkcs1-pad-broken2.pem, tests/pkcs1-pad-broken3.pem,
+ tests/pkcs1-pad-ok.pem, tests/pkcs1-pad-ok2.pem: Move to separate
+ directory.
+
+2006-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-null-03.txt,
+ doc/protocol/draft-ietf-tls-rfc4346-bis-02.txt: Add.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/.cvsignore: [no log message]
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Need lgpl gnulib.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Add lgpl too.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Reorder libgnu.la's.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/Makefile.am: Need lgpl/ gnulib in CFLAGS.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/alloca.h, lgl/stdint.h: Remove files that shouldn't have been
+ committed.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4: Fix avoid modules.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c, gl/m4/alloca.m4,
+ gl/m4/eoverflow.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/intmax_t.m4, gl/m4/inttypes_h.m4, gl/m4/longdouble.m4,
+ gl/m4/longlong.m4, gl/m4/signed.m4, gl/m4/size_max.m4,
+ gl/m4/snprintf.m4, gl/m4/stdint_h.m4, gl/m4/vasnprintf.m4,
+ gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4,
+ gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
+ gl/printf-parse.h, gl/size_max.h, gl/snprintf.c, gl/snprintf.h,
+ gl/vasnprintf.c, gl/vasnprintf.h, gl/xsize.h: Avoid duplicate
+ modules.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Avoid
+ duplicate modules.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Need gnulib lgl/ in CFLAGS and LIBADD.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/Makefile.am: Need gnulib lgl/ in CFLAGS.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am: Move modules from gl/ to lgl/.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, lgl/Makefile.am,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4: Move modules from gl/
+ to lgl/.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/absolute-header.m4, gl/m4/codeset.m4,
+ gl/m4/gettext.m4, gl/m4/glibc2.m4, gl/m4/glibc21.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/iconv.m4,
+ gl/m4/intdiv0.m4, gl/m4/intmax.m4, gl/m4/inttypes-h.m4,
+ gl/m4/inttypes-pri.m4, gl/m4/lcmessage.m4, gl/m4/lock.m4,
+ gl/m4/memmove.m4, gl/m4/minmax.m4, gl/m4/nls.m4, gl/m4/po.m4,
+ gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/read-file.m4,
+ gl/m4/stdint.m4, gl/m4/uintmax_t.m4, gl/m4/ulonglong.m4,
+ gl/m4/visibility.m4, gl/memmove.c, gl/minmax.h, gl/read-file.c,
+ gl/read-file.h, gl/stdint_.h, lgl/Makefile.am, lgl/alloca.h,
+ lgl/alloca_.h, lgl/asnprintf.c, lgl/gettext.h, lgl/m4/alloca.m4,
+ lgl/m4/codeset.m4, lgl/m4/eoverflow.m4, lgl/m4/gettext.m4,
+ lgl/m4/glibc2.m4, lgl/m4/glibc21.m4, lgl/m4/gnulib-cache.m4,
+ lgl/m4/gnulib-comp.m4, lgl/m4/iconv.m4, lgl/m4/intdiv0.m4,
+ lgl/m4/intmax.m4, lgl/m4/intmax_t.m4, lgl/m4/inttypes-h.m4,
+ lgl/m4/inttypes-pri.m4, lgl/m4/inttypes_h.m4, lgl/m4/lcmessage.m4,
+ lgl/m4/lock.m4, lgl/m4/longdouble.m4, lgl/m4/memmove.m4,
+ lgl/m4/nls.m4, lgl/m4/po.m4, lgl/m4/printf-posix.m4,
+ lgl/m4/progtest.m4, lgl/m4/read-file.m4, lgl/m4/signed.m4,
+ lgl/m4/size_max.m4, lgl/m4/snprintf.m4, lgl/m4/socklen.m4,
+ lgl/m4/sockpfaf.m4, lgl/m4/stdint_h.m4, lgl/m4/sys_socket_h.m4,
+ lgl/m4/uintmax_t.m4, lgl/m4/vasnprintf.m4, lgl/m4/visibility.m4,
+ lgl/m4/wchar_t.m4, lgl/m4/wint_t.m4, lgl/m4/xsize.m4,
+ lgl/memmove.c, lgl/printf-args.c, lgl/printf-args.h,
+ lgl/printf-parse.c, lgl/printf-parse.h, lgl/read-file.c,
+ lgl/read-file.h, lgl/size_max.h, lgl/snprintf.c, lgl/snprintf.h,
+ lgl/socket_.h, lgl/stdint.h, lgl/vasnprintf.c, lgl/vasnprintf.h,
+ lgl/xsize.h: Move modules from gl/ to lgl/.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * lgl/.cvsignore: [no log message]
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Build lgl/ too.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/arcfour.c, gl/arcfour.h, gl/arctwo.c,
+ gl/arctwo.h, gl/des.c, gl/des.h, gl/gc-gnulib.c, gl/gc-libgcrypt.c,
+ gl/gc-pbkdf2-sha1.c, gl/gc.h, gl/hmac-md5.c, gl/hmac-sha1.c,
+ gl/hmac.h, gl/m4/arcfour.m4, gl/m4/arctwo.m4, gl/m4/des.m4,
+ gl/m4/gc-arcfour.m4, gl/m4/gc-arctwo.m4, gl/m4/gc-des.m4,
+ gl/m4/gc-hmac-md5.m4, gl/m4/gc-hmac-sha1.m4, gl/m4/gc-md2.m4,
+ gl/m4/gc-md4.m4, gl/m4/gc-md5.m4, gl/m4/gc-pbkdf2-sha1.m4,
+ gl/m4/gc-random.m4, gl/m4/gc-rijndael.m4, gl/m4/gc-sha1.m4,
+ gl/m4/gc.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/hmac-md5.m4, gl/m4/hmac-sha1.m4, gl/m4/md2.m4, gl/m4/md4.m4,
+ gl/m4/md5.m4, gl/m4/memxor.m4, gl/m4/rijndael.m4, gl/m4/sha1.m4,
+ gl/md2.c, gl/md2.h, gl/md4.c, gl/md4.h, gl/md5.c, gl/md5.h,
+ gl/memxor.c, gl/memxor.h, gl/rijndael-alg-fst.c,
+ gl/rijndael-alg-fst.h, gl/rijndael-api-fst.c,
+ gl/rijndael-api-fst.h, gl/sha1.c, gl/sha1.h, lgl/Makefile.am,
+ lgl/arcfour.c, lgl/arcfour.h, lgl/arctwo.c, lgl/arctwo.h,
+ lgl/des.c, lgl/des.h, lgl/gc-gnulib.c, lgl/gc-libgcrypt.c,
+ lgl/gc-pbkdf2-sha1.c, lgl/gc.h, lgl/hmac-md5.c, lgl/hmac-sha1.c,
+ lgl/hmac.h, lgl/m4/absolute-header.m4, lgl/m4/arcfour.m4,
+ lgl/m4/arctwo.m4, lgl/m4/des.m4, lgl/m4/gc-arcfour.m4,
+ lgl/m4/gc-arctwo.m4, lgl/m4/gc-des.m4, lgl/m4/gc-hmac-md5.m4,
+ lgl/m4/gc-hmac-sha1.m4, lgl/m4/gc-md2.m4, lgl/m4/gc-md4.m4,
+ lgl/m4/gc-md5.m4, lgl/m4/gc-pbkdf2-sha1.m4, lgl/m4/gc-random.m4,
+ lgl/m4/gc-rijndael.m4, lgl/m4/gc-sha1.m4, lgl/m4/gc.m4,
+ lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4, lgl/m4/hmac-md5.m4,
+ lgl/m4/hmac-sha1.m4, lgl/m4/lib-ld.m4, lgl/m4/lib-link.m4,
+ lgl/m4/lib-prefix.m4, lgl/m4/longlong.m4, lgl/m4/md2.m4,
+ lgl/m4/md4.m4, lgl/m4/md5.m4, lgl/m4/memxor.m4, lgl/m4/minmax.m4,
+ lgl/m4/rijndael.m4, lgl/m4/sha1.m4, lgl/m4/stdint.m4,
+ lgl/m4/ulonglong.m4, lgl/md2.c, lgl/md2.h, lgl/md4.c, lgl/md4.h,
+ lgl/md5.c, lgl/md5.h, lgl/memxor.c, lgl/memxor.h, lgl/minmax.h,
+ lgl/rijndael-alg-fst.c, lgl/rijndael-alg-fst.h,
+ lgl/rijndael-api-fst.c, lgl/rijndael-api-fst.h, lgl/sha1.c,
+ lgl/sha1.h, lgl/stdint_.h: Move modules from gl/ to lgl/.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am, lib/x509/Makefile.am: Use gnulib in
+ lgl/ instead of gl/.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/alloca_.h, gl/arcfour.c,
+ gl/arcfour.h, gl/arctwo.c, gl/arctwo.h, gl/asnprintf.c, gl/des.c,
+ gl/des.h, gl/dummy.c, gl/gai_strerror.c, gl/gc-gnulib.c,
+ gl/gc-libgcrypt.c, gl/gc-pbkdf2-sha1.c, gl/gc.h, gl/getaddrinfo.c,
+ gl/getaddrinfo.h, gl/getdelim.c, gl/getdelim.h, gl/getline.c,
+ gl/getline.h, gl/getpass.c, gl/getpass.h, gl/gettext.h,
+ gl/hmac-md5.c, gl/hmac-sha1.c, gl/hmac.h, gl/inet_ntop.c,
+ gl/inet_ntop.h, gl/inet_pton.c, gl/inet_pton.h,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/memmem.m4,
+ gl/md2.c, gl/md2.h, gl/md4.c, gl/md4.h, gl/md5.c, gl/md5.h,
+ gl/memmem.c, gl/memmem.h, gl/memxor.c, gl/memxor.h, gl/minmax.h,
+ gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
+ gl/printf-parse.h, gl/read-file.c, gl/read-file.h, gl/readline.c,
+ gl/readline.h, gl/rijndael-alg-fst.c, gl/rijndael-alg-fst.h,
+ gl/rijndael-api-fst.c, gl/rijndael-api-fst.h, gl/sha1.c, gl/sha1.h,
+ gl/size_max.h, gl/snprintf.c, gl/snprintf.h, gl/socket_.h,
+ gl/stdbool_.h, gl/stdint_.h, gl/strdup.c, gl/strdup.h,
+ gl/vasnprintf.c, gl/vasnprintf.h, gl/xsize.h, lgl/Makefile.am,
+ lgl/dummy.c, lgl/m4/gnulib-cache.m4, lgl/m4/gnulib-comp.m4,
+ lgl/m4/gnulib-tool.m4, lgl/m4/memmem.m4, lgl/memmem.c,
+ lgl/memmem.h, lib/Makefile.am: Add lgl/ for LGPLed gnulib modules
+ (for lib/) and use gl/ for GPL gnulib modules, for use in src/ etc.
+
+2006-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gettext.h, gl/m4/alloca.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/lock.m4, gl/m4/longlong.m4,
+ gl/m4/size_max.m4, gl/m4/stdint.m4, gl/m4/ulonglong.m4,
+ gl/m4/vasnprintf.m4, gl/printf-args.c, gl/printf-args.h,
+ gl/printf-parse.c, gl/stdint_.h, gl/strdup.c, gl/vasnprintf.c:
+ Update.
+
+2006-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/libtasn1.h: Update to 0.3.7.
+
+2006-10-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-11 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/keylist.c, libextra/opencdk/opencdk.h: Bump to
+ 0.5.10.
+
+2006-10-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4680.txt, doc/protocol/rfc4681.txt: Add.
+
+2006-10-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-null-02.txt: Add.
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, libextra/Makefile.am: Fix .def filename.
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.5.2.
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-10-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getpass.c, gl/m4/getpass.m4, gl/m4/intmax.m4:
+ Update.
+
+2006-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-null-01.txt: Add.
+
+2006-09-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-26 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openpgp.c: (kbx_data_to_keyring): Fix off-by-one error in call to malloc,
+ reported by "Adam Langley" <agl@imperialviolet.org>.
+
+2006-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use library shared version 13 instead of 14,
+ incrementing it was a mistake since no API/ABI changes happened.
+ Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+2006-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Improve the C++ test, to handle CXX env. variables,
+ suggested by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+2006-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Use version script for libgnutlsxx too.
+
+2006-09-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/libgnutlsxx.vers: Add.
+
+2006-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c, gl/m4/gnulib-comp.m4, gl/m4/lock.m4,
+ gl/m4/signed.m4, gl/m4/sockpfaf.m4, gl/md4.c, gl/rijndael-api-fst.c:
+ Update.
+
+2006-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.c: (gnutls_x509_crt_init): Don't set output parameter on failures,
+ reported by Alon Bar-Lev <alon.barlev@gmail.com>. Also clean up
+ logic.
+
+2006-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c: Fix prototype of gnutls_x509_crl_get_issuer_dn to
+ match x509.h, for IRIX ido cc builds, reported by Georg Schwarz
+ <georg.schwarz@freenet.de>.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix gendocs.sh path.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.5.1.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/gpl.diff: Rename.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/doc/gpl.texi.diff, gl/override/doc/lgpl.texi.diff,
+ gl/override/gpl.diff, gl/override/gpl.texi.diff,
+ gl/override/lgpl.diff, gl/override/lgpl.texi.diff: Rename.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/override/lgpl.diff: Rename.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/fdl.texi, doc/gpl.texi, doc/lgpl.texi, gl/Makefile.am,
+ gl/asnprintf.c, gl/gai_strerror.c, gl/getaddrinfo.c, gl/getpass.c,
+ gl/inet_ntop.c, gl/inet_pton.c, gl/m4/gettext.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inttypes-h.m4,
+ gl/m4/inttypes-pri.m4, gl/m4/lib-link.m4, gl/m4/stdint.m4,
+ gl/md5.c, gl/memmove.c, gl/override/gpl.texi.diff,
+ gl/override/lgpl.texi.diff, gl/printf-args.c, gl/printf-parse.c,
+ gl/sha1.c, gl/snprintf.c, gl/stdint_.h, gl/strdup.c,
+ gl/vasnprintf.c: Update.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Dist gpl.texi and lgpl.texi.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add LGPL and GPL texts.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad: Simplify grep expression, to work around debug
+ messages from wine.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: (generate_self_signed): Load key, if generate_certificate() didn't
+ load or generate it, typically because it used a certificate
+ request. Reported by Sascha Ziemann <sascha.ziemann@secunet.com>.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Revert last patch.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/tests.c: (test_session_resume2): When comparing session id's, also compare
+ that the lengths are the same.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2006-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/tests.c: (test_session_resume2): If session-id is NULL, resumption isn't
+ supported. Tiny patch from Kataja Kai <kai.kataja@op.fi>.
+
+2006-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Dist more.
+
+2006-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad: Test another cert.
+
+2006-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad-broken3.pem: Add forged cert, from Ralf-Philipp
+ Weinmann.
+
+2006-09-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Gnulib seems to require autoconf 2.60? Bump it.
+
+2006-09-18 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/keydb.c: (keydb_idx_search): Don't return CDK_EOF if key is found at offset
+ 0. Suggested by "Adam Langley" <alangley@gmail.com>.
+
+2006-09-18 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Remove (already there).
+
+2006-09-18 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-09-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-pgp.c: Fix typo. Tiny patch from "Adam
+ Langley" <agl@imperialviolet.org>.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad: Fix.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/verify.c: Permit empty parameters field too, found after
+ adding self tests.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad: Fix exit code.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad-broken2.pem, tests/pkcs1-pad-ok2.pem: Add, from
+ Eric Young in
+ <http://permalink.gmane.org/gmane.comp.encryption.general/9185>.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad: Add more tests.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add pkcs1-pad test.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad-broken.pem, tests/pkcs1-pad-ok.pem: Add, from
+ Yutaka OIWA <y.oiwa@aist.go.jp>.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs1-pad: Add.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/verify.c: Fix asn1_read_value() call to fix crash,
+ reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+2006-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_pk.c: Add 'break' to make logic easier to follow.
+
+2006-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_pk.c: Revert part of patch, logging is only enabled in
+ debug mode, which isn't recommended for real use.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/verify.c: Make sure the digestAlgorithm.parameters field
+ is empty, which it has to be for the hashes we support. Otherwise,
+ the field can encode "garbage" that might be used to make the
+ signature be a perfect cube, similar (but not identical) to
+ Bleichenbacher's Crypto 06 rump session attack.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_pk.c: Don't return different errors depending on
+ content of decrypted PKCS#1 token, to avoid Bleichenbacher's
+ Crypto'98 attack, suggested by Werner Koch <wk@gnupg.org>.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client-srp.c: Use GNUTLS_SHUT_RDWR, tiny patch
+ from "Robert Millan [ackstorm]" <rmillan@ackstorm.es>.
+
+2006-08-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-11.txt: Add.
+
+2006-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-08-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getaddrinfo.c, gl/m4/arcfour.m4,
+ gl/m4/arctwo.m4, gl/m4/codeset.m4, gl/m4/des.m4,
+ gl/m4/gc-pbkdf2-sha1.m4, gl/m4/gc.m4, gl/m4/getdelim.m4,
+ gl/m4/getline.m4, gl/m4/getpass.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4, gl/m4/hmac-sha1.m4,
+ gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes_h.m4,
+ gl/m4/lock.m4, gl/m4/longlong.m4, gl/m4/md2.m4, gl/m4/md4.m4,
+ gl/m4/md5.m4, gl/m4/memxor.m4, gl/m4/read-file.m4,
+ gl/m4/readline.m4, gl/m4/rijndael.m4, gl/m4/sha1.m4,
+ gl/m4/stdint.m4, gl/m4/stdint_h.m4, gl/m4/strdup.m4,
+ gl/override/doc/gendocs_template, gl/stdint_.h: Update.
+
+2006-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2006-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/tcp.c: Include netinet/in.h
+ for FreeBSD, reported by Roman Bogorodskiy <novel@FreeBSD.org>.
+
+2006-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: (generate_certificate): Load private key when --load-request is
+ used, based on report from Sascha Ziemann
+ <sascha.ziemann@secunet.com>.
+
+2006-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509_write.c: (gnutls_x509_crt_sign2): Check to see if ISSUER_KEY is NULL before
+ continuing, based on report from Sascha Ziemann
+ <sascha.ziemann@secunet.com>.
+
+2006-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Map select to _win_select on Windows hosts.
+
+2006-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Need select.c in cli.c and serv.c.
+
+2006-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/select.c: Add, moved from cli.c, originally from plibc, see
+
+ <http://plibc.cvs.sourceforge.net/plibc/plibc/src/select.c?view=markup>.
+
+2006-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Move _win_select to select.c.
+
+2006-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Make select() work on Windows, copying code from plibc,
+ see
+
+ <http://plibc.cvs.sourceforge.net/plibc/plibc/src/select.c?view=markup>.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Mark with XXX.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.5.0.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Add (XXX).
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, libextra/Makefile.am: Install *.def to bin/
+ directory.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, libextra/Makefile.am: Create *.def
+ files for libraries, on mingw.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gc.m4, gl/m4/getaddrinfo.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
+ gl/m4/memxor.m4, gl/m4/restrict.m4, gl/snprintf.c: Update.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Use int/void* macros to avoid warnings,
+ suggested by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_buffers.c: Remove.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Move GNUTLS_POINTER_TO_INT here. Add
+ GNUTLS_INT_TO_POINTER. Based on glib macros, and suggestions from
+ Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+2006-08-13 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add void*, for GNUTLS_POINTER_TO_INT_CAST macros.
+
+2006-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: (_gnutls_x509_oid2mac_algorithm): Don't crash trying to strcmp the
+ NULL OID value in the hash_algorithms array, which happens when the
+ input OID doesn't match our OIDs for SHA1, MD5, MD2 or RIPEMD160.
+ Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.
+
+2006-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Don't overwrite CFLAGS.
+
+2006-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutlsxx.h: Make it compile.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/tls_test-gaa.c, src/tls_test-gaa.h: Update.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/tls_test.gaa: Use -V for --verbose.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c, src/crypt.c: Fix --version to conform to FSF
+ standards, to fix make distcheck.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/tls_test.c, src/tls_test.gaa: Support --version.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/psk.c, src/serv.c: Fix --version to conform to FSF
+ standards, to fix make distcheck.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix --without-included-libtasn1, reported by Daniel
+ Black <dragonheart@gentoo.org>.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4: Update.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/kbnode.c, libextra/opencdk/opencdk.h,
+ libextra/opencdk/stream.h: Update to 0.5.9.
+
+2006-08-03 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: add
+
+2006-08-03 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Fix libgcrypt link failure, reported by Brant
+ Gurganus, tiny patch by Daniel Black <dragonheart@gentoo.org>.
+
+2006-07-28 Simon Josefsson <simon@josefsson.org>
+
+ * gendocs.sh, gl/Makefile.am, gl/getaddrinfo.c, gl/getaddrinfo.h,
+ gl/gettext.h, gl/inet_ntop.h, gl/inet_pton.h, gl/m4/getline.m4,
+ gl/m4/gettext.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4, gl/m4/inttypes-h.m4,
+ gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4, gl/m4/isc-posix.m4,
+ gl/m4/lib-link.m4, gl/m4/lock.m4, gl/m4/netinet_in_h.m4,
+ gl/m4/nls.m4, gl/m4/onceonly_2_57.m4, gl/m4/po.m4, gl/m4/stdint.m4,
+ gl/m4/visibility.m4, gl/printf-args.c, gl/stdint_.h: Update.
+
+2006-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: cert_type extension was updated to the IANA
+ assigned value
+
+2006-07-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: cert_type extension was updated to the IANA
+ assigned value
+
+2006-07-13 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs.sh, gendocs.sh, gl/Makefile.am,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update.
+
+2006-07-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Revert.
+
+2006-07-13 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-07-13 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Retry handshake on non-fatal errors.
+
+2006-07-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix last commit.
+
+2006-07-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Dist arch/ images.
+
+2006-07-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Need -I's for arch/ images.
+
+2006-07-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Improve valgrind test.
+
+2006-07-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/absolute-header.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/onceonly_2_57.m4, gl/m4/stdint.m4:
+ Update.
+
+2006-07-10 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Fix.
+
+2006-07-10 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-07-10 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix load of pgp_keyfile, reported by Mario Lenz.
+
+2006-07-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.cvsignore: [no log message]
+
+2006-07-07 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getaddrinfo.c, gl/getaddrinfo.h,
+ gl/m4/absolute-header.m4, gl/m4/full-header-path.m4,
+ gl/m4/getpass.m4, gl/m4/gnulib-comp.m4, gl/m4/longlong.m4,
+ gl/m4/onceonly_2_57.m4, gl/m4/sockpfaf.m4, gl/m4/stdint.m4,
+ gl/m4/ulonglong.m4, gl/stdint_.h: Update.
+
+2006-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/bibliography.texi, doc/gnutls.texi: changed CRL rfc reference
+ from 2511 to 4211
+
+2006-07-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2006-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2006-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: added an extra error check.
+
+2006-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/common.c, src/serv.c: replaced USE_OPENPGP ifdefs
+ with ENABLE_OPENPGP.
+
+2006-06-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-funk-tls-inner-application-extension-03.txt:
+ Add.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/.cvsignore: [no log message]
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * includes/Makefile.am: Only conditionally install gnutlsxx.h.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Build and dist ex-client-tlsia.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Dist gnutls-logo.png.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c, gl/m4/getaddrinfo.m4: Update.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c: Update.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getaddrinfo.c, gl/getaddrinfo.h,
+ gl/m4/getaddrinfo.m4, gl/m4/stdint.m4, gl/stdint_.h: Update.
+
+2006-06-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-12.txt: Add.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc4346-bis-01.txt: Add.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Use GNU-style warnings.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Improve man output, from libtasn1.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix valgrind test.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Move around, to make $cross_compile work.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, tests/Makefile.am: Add --enable-valgrind-tests that
+ make it possible to enable/disable use of valgrind on self tests
+ specifically. Defaults to enabled if valgrind is installed and we
+ aren't cross-compiling.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Fix.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Revert.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/minilzo/Makefile.am: Use libtool -no-install.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/minilzo/Makefile.am: Use -DLZO_HAVE_CONFIG_H, as
+ suggested by README.LZO.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/minilzo/Makefile.am, tests/Makefile.am: Work under mingw.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls_buffers.c: Avoid warnings when casting
+ void* to int.
+
+2006-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/libtasn1.h: Update.
+
+2006-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/stdint.m4, gl/stdint_.h: Update.
+
+2006-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-06-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.pc.in, libextra/gnutls-extra.pc.in: Add Libs.Private to
+ pkg-config files, from Andreas Metzler
+ <ametzler@downhill.at.eu.org>.
+
+2006-06-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getaddrinfo.c, gl/getaddrinfo.h, gl/m4/getaddrinfo.m4,
+ gl/socket_.h: Try new win32 hooks for getaddrinfo.
+
+2006-06-22 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use AC_LIBTOOL_WIN32_DLL to make OBJDUMP/DLLTOOL
+ work under mingw. Fix use of deprecated AM_PROG_LIBTOOL.
+
+2006-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2006-06-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/inet_pton.c: Update.
+
+2006-06-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/alloca_.h, gl/getaddrinfo.c, gl/inet_ntop.c,
+ gl/m4/getaddrinfo.m4, gl/m4/sockpfaf.m4, gl/m4/stdint.m4,
+ gl/read-file.c, gl/socket_.h, gl/stdint_.h: Update.
+
+2006-06-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Add -no-install.
+
+2006-06-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Look for gnutls.h in builddir.
+
+2006-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir
+ != objdir.
+
+2006-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/Makefile.am: Need -I$builddir/gl for alloca.h
+ when srcdir != objdir.
+
+2006-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir
+ != objdir.
+
+2006-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir !=
+ objdir.
+
+2006-06-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Need -I$builddir/gl for alloca.h when srcdir !=
+ objdir.
+
+2006-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am: Update.
+
+2006-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/arpa_inet_.h, gl/inet_ntop.c, gl/inet_ntop.h,
+ gl/inet_pton.c, gl/inet_pton.h, gl/m4/arpa_inet_h.m4,
+ gl/m4/full-header-path.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4, gl/m4/inet_pton.m4,
+ gl/m4/size_max.m4, gl/m4/stdint.m4, gl/read-file.c, gl/size_max.h,
+ gl/stdint_.h: Update.
+
+2006-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.cvsignore: [no log message]
+
+2006-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-hajjeh-mtls-01.txt: Add
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ctr-01.txt: Add.
+
+2006-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2006-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: fixed bug
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Disable tests that use fork if the host doesn't
+ have fork.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Test for fork.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix LDFLAGS.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use LDFLAGS for --enable-runtime-pseudo-reloc, to
+ avoid warnings.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c, tests/dhepskself.c, tests/pskself.c,
+ tests/resume.c, tests/tlsia.c: Need config.h.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Workaround hard-wiring of gcrypt test in gnulib.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h: Fix prototype.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/strfile.h: Remove.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, lib/gnutls_x509.c,
+ libextra/gnutls_openpgp.c: Use read_binary_file from gnulib instead
+ of strfile stuff, to fix problem with binary files on mingw.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * tests/set_pkcs12_cred.c: Use utils stuff.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Initialize winsock, for mingw.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add HAVE_WINSOCK.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client-tlsia.c, doc/examples/ex-client1.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-rfc2818.c,
+ doc/examples/ex-serv-anon.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/examples/tcp.c: Include config.h, don't include netinet/in.h
+ (for mingw).
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Need to use AC_LINK_IFELSE, for
+ -Wl,--enable-runtime-pseudo-reloc.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Simplify.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix typo.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Set -mms-bitfields -Wl,--enable-runtime-pseudo-reloc
+ if supported. The former is to produce MSVS-compatible DLLs. The
+ second is needed to link libgnutls-extra at all (only due to
+ _gnutls_compression_algorithms, fix it another way?).
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am: Update.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/arpa_inet_.h, gl/inet_pton.c: Update.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2006-06-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add all the LZO tests.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * po/sv.po: Sync with TP.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: AC_PROG_CXX must be invoked unconditionally, for
+ libtool. (argh!)
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Fix last commit.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Make C++ stuff conditioned on ENABLE_CXX.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add --disable-cxx, to make it possibly to disable
+ the C++ stuff. Will also automatically disable it if there is no
+ C++ compiler.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Use gnulib, for portability.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.h: Don't include inet_ntop.h, use arpa/inet.h
+ unconditonially.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/arpa_inet_h.m4: Update.
+
+2006-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/arpa_inet_.h, gl/inet_ntop.c, gl/inet_ntop.h,
+ gl/inet_pton.c, gl/m4/arpa_inet_h.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4: Try new arpa-inet module,
+ for mingw.
+
+2006-06-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove mingw32 hook to get -lwsock32, the
+ getaddrinfo gnulib module links with -lws2_32 which is the more
+ appropriate library to use (winsock.h goes with wsock32.lib and
+ winsock2.h goes with ws2_32, of which the latter is backwards
+ compatible and available since Windows 3.11 or so, I'm told).
+
+2006-06-14 Simon Josefsson <simon@josefsson.org>
+
+ * tests/certder.c: fix
+
+2006-06-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-gnulib.c, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/read-file.m4, gl/read-file.c,
+ gl/read-file.h: Update.
+
+2006-06-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump so version.
+
+2006-06-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Add gnutlsxx.h.
+
+2006-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getpass.c, gl/m4/stdbool.m4, gl/printf-args.c, gl/sha1.c,
+ gl/stdint_.h: Update.
+
+2006-06-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-10.txt: Add.
+
+2006-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/Makefile.am,
+ includes/gnutls/gnutlsxx.h, lib/Makefile.am, lib/gnutls_db.c,
+ lib/gnutlsxx.cpp: Added a preliminary C++ interface.
+
+2006-06-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-tls-authz-extns-06.txt: Add.
+
+2006-05-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-tls-authz-extns-05.txt: Add.
+
+2006-05-23 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/sv.po: Sync with TP.
+
+2006-05-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/certtool.1: Typo, from debian #368323.
+
+2006-05-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-11.txt: Add.
+
+2006-05-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4507.txt: Add.
+
+2006-05-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.4.0.
+
+2006-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-09.txt: Add.
+
+2006-05-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: Remove duplicated #include.
+
+2006-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c, src/tls_test.c: Don't use AI_NUMERICSERV, it doesn't
+ exist on most platforms.
+
+2006-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c: Need getaddrinfo.h.
+
+2006-05-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gai_strerror.c, gl/getaddrinfo.c,
+ gl/getaddrinfo.h, gl/m4/getaddrinfo.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/strdup.m4, gl/strdup.c, gl/strdup.h: Add
+ getaddrinfo.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf: Remove.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: No supression file.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_ia.c: Remove junk.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_inner_application.c: Fix self tests.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_ia.c: Indent.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Improve valgrind stuff.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * .cvsignore: [no log message]
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * config.rpath: Not needed, generated by autopoint.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * config.rpath, gl/Makefile.am, gl/des.c, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/md4.c, gl/sha1.c, gl/stdint_.h: Update.
+
+2006-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: updated to reflect the new openpgp draft.
+
+2006-05-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Check for -Wno-pointer-sign, taken from Werner's
+ ksba.
+
+2006-05-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/protocol/draft-santesson-tls-ume-07.txt: Add.
+
+2006-05-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump required libtasn1.
+
+2006-05-10 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/gstr.c, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
+ lib/minitasn1/structure.c: Update to 0.3.4.
+
+2006-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump required libtasn1 version to 0.3.3.
+
+2006-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Fix.
+
+2006-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-05-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Run tests under valgrind.
+
+2006-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c, src/tls_test.c: some changes for IPv6.
+ Based on patch by Remi Denis-Courmont, sent to Debian bug tracking
+ system.
+
+2006-05-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-tls-authz-extns-04.txt: Add.
+
+2006-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/structure.c: updated to the latest libtasn1
+
+2006-05-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-05-05 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, includes/gnutls/gnutls.h.in,
+ lib/ext_inner_application.c, lib/gnutls_int.h, libextra/gnutls_ia.c:
+ TLS/IA fixes from Emile.
+
+2006-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4366.txt: Add.
+
+2006-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4346.txt, doc/protocol/rfc4347.txt: Add.
+
+2006-04-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Fix prototypes.
+
+2006-04-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/getpass.m4, gl/m4/longdouble.m4: Update.
+
+2006-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-supp-02.txt,
+ doc/protocol/draft-santesson-tls-ume-06.txt: Add.
+
+2006-04-19 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: (LDADD): Add libgnutls after libgnu, for libgcrypt transitive
+ reference, tiny patch from Nix <nix@esperi.org.uk>.
+
+2006-04-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-supp-01.txt: Add.
+
+2006-04-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-tls-authz-extns-03.txt,
+ doc/protocol/draft-santesson-tls-ume-05.txt: Add.
+
+2006-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: removed AES-256 from the list of default
+ ciphers. No point in having it (when everything else is far away
+ even from 128 bit security)
+
+2006-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in, lib/gnutls_srp.c:
+ gnutls_srp_set_client_credentials() uses const
+
+2006-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: documented the return value in the priority
+ functions
+
+2006-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in, lib/gnutls_handshake.c: [no log
+ message]
+
+2006-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gc-random.m4, gl/stdint_.h: Update.
+
+2006-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/x509.c: use snprintf()
+ instead of multiple calls to str_cpy() and str_cat().
+
+2006-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: bug fix
+
+2006-03-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-supp-00.txt,
+ doc/protocol/draft-santesson-tls-ume-04.txt: Add.
+
+2006-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2006-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: added -Wno-pointer-sign to gcc to avoid tons of
+ useless warnings.
+
+2006-03-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-tls-authz-extns-01.txt: Add.
+
+2006-03-21 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2006-03-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/bibliography.texi, doc/gnutls.texi: added reference for TLS
+ 1.1
+
+2006-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_global.h, lib/gnutls_x509.c,
+ lib/x509/rfc2818_hostname.c: some fixes for compilation
+
+2006-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: export to DER format is possible with certtool
+
+2006-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2006-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: Indent.
+
+2006-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/compat.h: Move
+ to ../gnutls_cert.c.
+
+2006-03-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: Move from x509/compat.c.
+
+2006-03-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: Add.
+
+2006-03-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2006-03-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/structure.c: Update.
+
+2006-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: force the gcrypt random generator to be
+ initialized at startup. Maybe it should be within and ifdef? This
+ saves lots of debugging time when something fails.
+
+2006-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/structure.c: added the fix for der_coding() from
+ libtasn1.
+
+2006-03-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Rebuild srp manpages too.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.3.5.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/libtasn1.h: Update.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS, po/pl.po: Sync with TP.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Add update-po target.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Doc fix.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c, lib/x509/sign.c, lib/x509/x509_write.c: Use new
+ asn1_copy_node API.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h, lib/minitasn1/structure.c: Update.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1-dont.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
+ lib/minitasn1/structure.c: Update.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Use internal error approach again, after
+ discussion with Nikos.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Fix.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1-dont.h, lib/minitasn1/libtasn1.h: Update.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Fix type_field.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Use external API.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/parser_aux.h, lib/minitasn1/structure.c: Update.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Fix.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Use external libtasn1 API.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Fix typo.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Required libtasn1 0.3.1.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Revert, we now use the new exported functions.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Make it build.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Sort.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Disable XML functionality, because it relies on
+ libtasn1 internals.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, libextra/Makefile.am: Add -no-undefined, for
+ mingw32 builds.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c, lib/x509/xml.c, src/cli.c, src/common.c,
+ src/common.h, src/serv.c, tests/resume.c: Indent.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c,
+ gl/m4/gc-random.m4, gl/m4/gc.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/readline.m4, maint.mk: Update.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * po/LINGUAS: Add.
+
+2006-03-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-funk-tls-inner-application-extension-02.txt:
+ Add.
+
+2006-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/common.c, src/common.h: gnutls-cli can now recognize services
+ and port numbers with the -p option.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * .cvscopying: Fix.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Gettext fixes.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Fix.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_global.c: Error message
+ translations.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * .cvsignore, m4/.cvsignore, po/.cvsignore: [no log message]
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * maint.mk: Update.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Add indent file list.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Remove indent target.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert, autoreconf needs it.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove gettext version stuff.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gettext.h, gl/m4/codeset.m4, gl/m4/gettext.m4,
+ gl/m4/glibc2.m4, gl/m4/glibc21.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/iconv.m4, gl/m4/intdiv0.m4,
+ gl/m4/intmax.m4, gl/m4/inttypes-pri.m4, gl/m4/isc-posix.m4,
+ gl/m4/lcmessage.m4, gl/m4/nls.m4, gl/m4/po.m4,
+ gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/readline.m4,
+ gl/m4/uintmax_t.m4, gl/m4/ulonglong.m4, maint.mk: Update.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-03-03 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in, po/Makevars, po/POTFILES.in:
+ Gettextize.
+
+2006-03-01 Simon Josefsson <simon@josefsson.org>
+
+ * gtk-doc.make: Add.
+
+2006-03-01 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/readline.m4, gl/m4/socklen.m4, gl/m4/sys_socket_h.m4,
+ gl/readline.c, maint.mk: Update.
+
+2006-03-01 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf, maint-cfg.mk: Don't gtkdocize.
+
+2006-02-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am, lib/minitasn1/coding.c,
+ lib/minitasn1/decoding.c, lib/minitasn1/der.h,
+ lib/minitasn1/element.c, lib/minitasn1/errors.h,
+ lib/minitasn1/errors_int.h, lib/minitasn1/gstr.c,
+ lib/minitasn1/gstr.h, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c, lib/minitasn1/structure.h: Update.
+
+2006-02-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: gnutls_record_send: Doc fix, suggested by
+ Eric Leblond <regit@inl.fr>.
+
+2006-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/sign.c: Fix warning.
+
+2006-02-17 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Make it explicit that GNUTLS_DIG_*
+ has the same values as GNUTLS_MAC_*.
+
+2006-02-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-ume-02.txt: Add.
+
+2006-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Fix.
+
+2006-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Fix.
+
+2006-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Fix.
+
+2006-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Fix.
+
+2006-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * maint-cfg.mk: Add mingw32 target.
+
+2006-02-14 Simon Josefsson <simon@josefsson.org>
+
+ * GNUmakefile, gl/Makefile.am, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, maint-cfg.mk, maint.mk: Add
+ maintainer-makefile module.
+
+2006-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/xml.c: Use external libtasn1 API.
+
+2006-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/der.h, lib/minitasn1/element.c,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c: Sync with libtasn1 CVS.
+
+2006-02-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump libtasn1 version.
+
+2006-02-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix typo.
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.3.4.
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/errors.h, lib/minitasn1/errors_int.h,
+ lib/minitasn1/gstr.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c: Update from libtasn1.
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2006-02-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-housley-tls-authz-extns-00.txt: Add.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: Fix typo in last commit.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/set_pkcs12_cred.c: Simplify using under gdb.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: Fix for latest certder bug.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/certder.c: Add more bug trigger.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/certder.c: Add.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: More asn1 length out of bounds checking.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: Fix asn1_get_length_der usage.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c: Fix asn1_get_length_der usage.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/element.c: Fix copyright.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/element.c, lib/minitasn1/structure.c: Fix
+ asn1_get_length_der usage.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: Revert.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: Fix for cert selftest.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add certder test.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/certder.c: Add.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h: Bump version.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Need libtasn1 0.2.18.
+
+2006-02-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/der.h, lib/minitasn1/element.c,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c: Add libtasn1 fixes from Nikos, prompted
+ by report from "Evgeny Legerov" <admin@gleg.net>.
+
+2006-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/xml.c: some fixes for the new libtasn1
+
+2006-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c: [no log message]
+
+2006-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/mpi.c: corrected wrong order of free.
+
+2006-02-02 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/main.h, libextra/opencdk/packet.h: Fix prototypes
+ for AIX compiler, reported by "Heiden, John"
+ <JHeiden@UTNet.UToledo.Edu>.
+
+2006-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2006-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: Corrected bugs in
+ gnutls_certificate_set_x509_crl() and
+ gnutls_certificate_set_x509_trust(), that caused memory corruption
+ if more than one certificates were added. Report and patch by Max
+ Kellermann <max@duempel.org>.
+
+2006-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2006-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: added some text about premature termination
+ of sessions.
+
+2006-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: fixed bug in non-blocking gnutls_bye().
+ gnutls_send will no longer invalidate session if the underlying send
+ fails, but it will set may_not_write to true. That is to allow
+ reading the already received data. Patches and bug reports by Yoann
+ Vandoorselaere <yoann@prelude-ids.org>
+
+2006-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.cvsignore: [no log message]
+
+2006-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/inet_ntop.h, gl/m4/gnulib-tool.m4, gl/m4/socklen.m4,
+ gl/m4/stdbool.m4, gl/socket_.h, gl/stdbool_.h, gl/vasnprintf.c:
+ Update.
+
+2006-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.h: Mingw32 fixes.
+
+2006-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-salowey-tls-ticket-07.txt: Add.
+
+2006-01-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-ume-01.txt: Add.
+
+2006-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: removed the RIPEMD test
+ since it is not supported any more.
+
+2006-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: minor updates.
+
+2006-01-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-comp.m4, gl/m4/sys_socket_h.m4,
+ gl/md5.c, gl/md5.h, gl/sha1.c, gl/sha1.h, gl/socket_.h: Update.
+
+2006-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2006-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-08.txt: Add.
+
+2006-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2006-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix igloo scp.
+
+2006-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Re-add igloo.
+
+2006-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2006-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.3.3.
+
+2006-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * .cvscopying: Fix copyright years.
+
+2006-01-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2006-01-11 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/dummy.c, gl/m4/gnulib-comp.m4,
+ gl/m4/readline.m4, gl/sha1.c, gl/stdint_.h: Update.
+
+2006-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4, gl/m4/gnulib-tool.m4, gl/m4/socklen.m4,
+ gl/m4/stdint.m4, gl/stdint_.h: Update.
+
+2006-01-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-santesson-tls-ume-00.txt: Add.
+
+2006-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/bibliography.texi: [no log message]
+
+2005-12-31 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h: C++ fix.
+
+2005-12-31 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_ia.c: Doc fix.
+
+2005-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-07.txt: Add.
+
+2005-12-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_errors.c,
+ lib/gnutls_global.h, lib/minitasn1/coding.c,
+ lib/minitasn1/errors.c, lib/x509/crq.c: Constify, tiny patch from
+ "ZIGLIO, Frediano, VF-IT" <Frediano.Ziglio@vodafone.com>.
+
+2005-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Doc fix.
+
+2005-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, libextra/gnutls_ia.c: Fix TLS/IA
+ prototypes, suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
+
+2005-12-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Use _gnutls_init as increment/decrement
+ counter for init/deinit, suggested by ZIGLIO, Frediano.
+
+2005-12-18 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Cosmetic changes.
+
+2005-12-18 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Cosmetic changes.
+
+2005-12-18 Simon Josefsson <simon@josefsson.org>
+
+ * tests/resume.c: Fix mem leak.
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, includes/gnutls/gnutls.h.in,
+ lib/gnutls_compress_int.c, lib/gnutls_constate.c: fixed a memory
+ copy that caused crashes.
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/resume.c: More debug info.
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add resume self test.
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/resume.c: Add, to test resume funtions.
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-salowey-tls-ticket-06.txt: Add.
+
+2005-12-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Doc fix.
+
+2005-12-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in: Add.
+
+2005-12-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Add API to get master secret too.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Fix.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Fix indentation.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, includes/gnutls/extra.h,
+ includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h,
+ includes/gnutls/openssl.h, includes/gnutls/pkcs12.h,
+ includes/gnutls/x509.h, lib/auth_anon.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp_passwd.h,
+ lib/auth_srp_sb64.c, lib/ext_inner_application.c,
+ lib/ext_inner_application.h, lib/ext_max_record.c,
+ lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_db.h,
+ lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_psk.c, lib/gnutls_record.c,
+ lib/gnutls_session.c, lib/gnutls_session_pack.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_x509.c,
+ lib/x509/mpi.h, lib/x509_b64.c, libextra/gnutls_ia.c,
+ libextra/openpgp/gnutls_openpgp.h, src/common.c, src/serv.c,
+ tests/dhepskself.c, tests/tlsia.c: Indent more.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Remove igloo, it seem weird.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.3.2.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c, lib/gnutls_state.h: Fix warnings.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Remove debug code.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/gnutls_state.c: Add
+ functions to access the TLS PRF and to extract client/server random
+ fields, suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore more.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/.cvsignore, libextra/.cvsignore, tests/.cvsignore: [no log
+ message]
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/Makefile.am, doc/examples/ex-client-tlsia.c,
+ doc/gnutls.texi, doc/manpages/Makefile.am, includes/gnutls/extra.h,
+ includes/gnutls/gnutls.h.in, lib/Makefile.am, lib/debug.c,
+ lib/defines.h, lib/ext_inner_application.c,
+ lib/ext_inner_application.h, lib/gnutls_alert.c,
+ lib/gnutls_buffers.c, lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_record.c, lib/gnutls_state.c, libextra/Makefile.am,
+ libextra/gnutls_ia.c, tests/Makefile.am, tests/tlsia.c: Add TLS/IA
+ support.
+
+2005-12-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-comp.m4: Update.
+
+2005-12-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: added missing set_params_function()
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/auth_psk_passwd.c,
+ lib/auth_srp_passwd.c, lib/auth_srp_sb64.c, lib/defines.h,
+ lib/ext_cert_type.c, lib/ext_server_name.c, lib/ext_srp.c,
+ lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_ui.c, lib/gnutls_x509.c, lib/x509/common.c,
+ lib/x509/dn.c, lib/x509/extensions.c, lib/x509/pkcs7.c,
+ lib/x509/privkey_pkcs8.c, lib/x509_b64.c: Replace "uint" with
+ "unsigned". Remove unused "sint".
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_num.c,
+ lib/gnutls_num.h, lib/gnutls_session_pack.c, lib/x509/mpi.c,
+ lib/x509/mpi.h, libextra/openpgp/extras.c,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/pgp.c: Replace
+ uint32 with uint32_t.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_dh_common.c, lib/auth_psk.c, lib/auth_rsa_export.c,
+ lib/auth_srp.c, lib/defines.h, lib/ext_max_record.c,
+ lib/ext_max_record.h, lib/ext_server_name.c,
+ lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
+ lib/gnutls_num.h, lib/gnutls_record.c, lib/gnutls_v2_compat.c,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
+ lib/x509/x509_write.c: Replace uint16 with uint16_t.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove unused sizeof checks.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/auth_cert.c, lib/auth_dh_common.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp_passwd.h,
+ lib/auth_srp_sb64.c, lib/defines.h, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/ext_server_name.c, lib/ext_srp.c,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_datum.c, lib/gnutls_db.c, lib/gnutls_db.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_num.c, lib/gnutls_record.c,
+ lib/x509/extensions.c, lib/x509/pkcs12.c, lib/x509/pkcs7.c,
+ lib/x509/x509.c, lib/x509_b64.c, lib/x509_b64.h,
+ libextra/gnutls_openpgp.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/xml.c: Replace uint8 with uint8_t.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4: Update.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h: Remove unused types, to start the transition to the
+ POSIX integer types (uint32_t, uint16_t, uint8_t).
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Remove -I../lib, these tools should only use the
+ external API.
+
+2005-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h, lib/gnutls_str.c: ULONG_MAX should be in limits.h,
+ so include it at the right place.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs12.c: Fix mem leaks. Remove unused variable.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: Fix mem leak.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.3.1.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c: Fix.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Dist pkcs8 blobs.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Fix.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/enc3pkcs8.pem: add
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/enc3pkcs8.pem: Add.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/enc2pkcs8.pem, tests/pkcs8: Add rc2 pkcs#8 blob.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/encpkcs8.pem, tests/unencpkcs8.pem: Fix.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/pkcs8: Add PKCS#8 self test.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Make --password work for PKCS#8 --key-info.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/encpkcs8.pem, tests/unencpkcs8.pem: Add, PKSC#8 blobs.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Remove.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/privkey_pkcs8.c: (gnutls_x509_privkey_import_pkcs8): Handle unencrypted PEM keys.
+ Remove unused "encrypted" variable.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/certtool.c: Generate unencrypted PKCS#8 keys for blank
+ passwords.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/TODO, includes/gnutls/gnutls.h.in, lib/gnutls_x509.c,
+ tests/Makefile.am, tests/set_pkcs12_cred.c: Support reading X.509
+ credentials from PKCS#12 files.
+
+2005-12-08 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Print PKCS#12 type for each element.
+
+2005-12-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4279.txt: Add.
+
+2005-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_session_pack.c: Corrected bugs in session resumption.
+ Bugs reported by Yoann Vandoorselare.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Put 1.3.x releases in devel/ directory.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: add
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Fix.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CODING_STYLE: Mention indentation.
+
+2005-12-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/socklen.m4, gl/readline.c, gl/stdint_.h: Update.
+
+2005-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Don't infloop.
+
+2005-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Check starttls_alarmed earlier, the signal might be
+ sent before select is called. Report by Otto Maddox
+ <ottomaddox@fastmail.fm> and influenced by tiny patch from Nozomu
+ Ando <nand@mac.com>.
+
+2005-12-01 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2005-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/gnutls.h.in, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c: Some fixes in session resumption and
+ prototypes. Based on patches and suggestions by Joe Orton.
+
+2005-11-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/tls-numbers.txt: From
+ <http://people.nokia.net/~pasi/tls-numbers.txt>.
+
+2005-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey_pkcs8.c: added some clarification about the
+ encryption status.
+
+2005-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool.c: Corrected a bug in certtool for 64 bit
+ machines. Reported by Max Kellermann <max@duempel.org>.
+
+2005-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli.gaa: [no log message]
+
+2005-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_datum.c, lib/gnutls_session_pack.c, src/serv.c: some
+ more fixes for PSK.
+
+2005-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: the library version number was bumped to 13 to allow
+ for incompatible changes.
+
+2005-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_dhe_psk.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/gnutls_kx.c, lib/gnutls_psk.c, lib/gnutls_session_pack.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, src/Makefile.am,
+ src/cli-gaa.c, src/cli.c, src/cli.gaa, src/common.c,
+ src/gnutls-http-serv, src/params.pem, src/serv.c: Completed the
+ DHE-PSK ciphersuite additions.
+
+2005-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_psk.c: some documentation updates
+
+2005-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_anon_cred.c, lib/gnutls_psk.c:
+ gnutls_anon_set_params_function was renamed to
+ gnutls_anon_set_server_params_function to be more consistent with
+ the other functions. The same for the PSK.
+
+2005-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.h, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/gnutls_cert.c, lib/gnutls_handshake.c: get_rsa_params was
+ converted to behave similarly to get_dh_params.
+
+2005-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: [no log message]
+
+2005-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/gnutls.h.in, lib/Makefile.am,
+ lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dhe.c, lib/auth_dhe_psk.c,
+ lib/auth_psk.c, lib/auth_psk.h, lib/auth_rsa_export.c,
+ lib/auth_srp.c, lib/auth_srp_sb64.c, lib/gnutls_algorithms.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
+ lib/gnutls_cert.c, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_psk.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/gnutls_state.c, lib/gnutls_ui.c, src/common.c, src/serv.c,
+ tests/Makefile.am, tests/dhepskself.c, tests/pskself.c: added
+ DHE-PSK ciphersuites and some cleanups.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.3.0.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/prime.c, src/serv.c, tests/pskself.c: Indent.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Use sha1sum instead of md5sum for igloo.linux.gr
+ CHECKSUMS.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog.1: Add, generated using cvs2cl --utc --fsf --FSF
+ --usermap .cvsusers -I ChangeLog -I .cvs --window 120 -l
+ "-d""<2005-11-08""", and manually adjusting the start and end of the
+ file.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Don't use --tags for cvs2cl.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Dist auth_psk.h.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-gaa.c, src/cli-gaa.c, src/crypt-gaa.c,
+ src/psk-gaa.c, src/serv-gaa.c, src/tls_test-gaa.c: Regenerate GAA
+ code, to remove use of C++ // comments.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Add license. Fix parser error. Dist
+ and install SRP man pages too.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, doc/examples/Makefile.am, doc/manpages/Makefile.am,
+ src/Makefile.am, src/prime.c: Disable more SRP stuff if
+ --disable-srp, tiny patch from Albert Chin
+ <gnutls-dev@mlists.thewrittenword.com> and tiny patch to src/prime.c
+ from RedHat gnutls-1.2.6 RPM.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Use more verbose NEWS entry format.
+
+2005-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/pskself.c: updated PSK self test
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-gaa.c: Fix.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add pskself.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pskself.c: Add, based on anonself.c.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_errors.c: Fix error messages; PSK also use the SRP
+ errors.
+
+2005-11-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_psk.c: Doc fix.
+
+2005-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/debug.c, lib/x509/common.c, lib/x509/crl.c, lib/x509/dn.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs7.c, libextra/openssl_compat.c,
+ src/serv.c: Include config.h first. Tiny patch from Albert Chin
+ <gnutls-dev@mlists.thewrittenword.com>.
+
+2005-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/opencdk.h: Don't use trailing comma in last enum
+ constant, for IBM C v6. Tiny patch from Albert Chin
+ <gnutls-dev@mlists.thewrittenword.com>.
+
+2005-11-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: Tru64 UNIX 4.0D has mmap() but doesn't define
+ MAP_FAILED, tiny patch from Albert Chin
+ <gnutls-dev@mlists.thewrittenword.com>
+
+2005-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/gnutls.texi, lib/gnutls_algorithms.c: removed the RIPEMD
+ ciphersuites.
+
+2005-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/arch/extensions_st.eps, doc/arch/extensions_st.pdf,
+ doc/arch/mod_auth_st.eps, doc/arch/mod_auth_st.pdf,
+ doc/internals.texi: added brief documentation on the extension and
+ auth_method internals.
+
+2005-11-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi, lib/gnutls_state.c, lib/gnutls_x509.c,
+ src/certtool.gaa: some documentation updates.
+
+2005-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/arch/certificate-user-use-case.eps,
+ doc/arch/certificate-user-use-case.pdf,
+ doc/arch/client-server-use-case.eps,
+ doc/arch/client-server-use-case.pdf,
+ doc/arch/handshake-sequence.eps, doc/arch/handshake-sequence.pdf,
+ doc/arch/handshake-state.eps, doc/arch/handshake-state.pdf,
+ doc/arch/objects.eps, doc/arch/objects.pdf,
+ doc/certificate-user-use-case.pdf, doc/client-server-use-case.pdf,
+ doc/handshake-sequence.pdf, doc/handshake-state.pdf,
+ doc/internals.texi, doc/objects.pdf: moved architecture figures to
+ arch/
+
+2005-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, Makefile.am: made ChangeLog more compact by ignoring
+ past changes.
+
+2005-11-10 Simon Josefsson <simon@josefsson.org>
+
+ * gl/inet_ntop.h, gl/readline.c: Update.
+
+2005-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: [no log message]
+
+2005-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2005-11-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/signatures.texi: Add.
+
+2005-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/certificate-user-use-case.pdf,
+ doc/client-server-use-case.pdf, doc/gnutls.texi,
+ doc/handshake-sequence.pdf, doc/handshake-state.pdf,
+ doc/internals.texi, doc/objects.pdf: added some stuff about the
+ internals of gnutls.
+
+2005-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : added again the files in binary mode.
+
+2005-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : [no log message]
+
+2005-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : added some architectural diagrams. Quite primitive.
+
+2005-11-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/signatures.texi: add
+
+2005-11-08 Simon Josefsson <simon@josefsson.org>
+
+ * doc/signatures.texi: Wrap around <80 columns.
+
+2005-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, lib/gnutls_session_pack.c, src/cli.c,
+ src/serv.c: fixed bug in session packing for anonymous connections.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * src/serv.c, tests/anonself.c, tests/openpgp_test.c,
+ tests/openssl.c, tests/x509_test.c: Indent.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Indent tests/.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/auth_dhe.c, lib/auth_psk.c, lib/auth_psk.h,
+ lib/auth_psk_passwd.c, lib/auth_psk_passwd.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/debug.c, lib/debug.h, lib/defines.h,
+ lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
+ lib/ext_max_record.h, lib/ext_server_name.c, lib/ext_server_name.h,
+ lib/ext_srp.c, lib/ext_srp.h, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_asn1_tab.c, lib/gnutls_auth.c,
+ lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_helper.c, lib/gnutls_helper.h,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
+ lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_priority.h, lib/gnutls_psk.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/gnutls_ui.c,
+ lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/io_debug.h, lib/pkix_asn1_tab.c,
+ lib/strfile.h, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/compat.c, lib/x509/compat.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
+ lib/x509/dn.c, lib/x509/dn.h, lib/x509/dsa.c, lib/x509/dsa.h,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/mpi.c,
+ lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
+ lib/x509/pkcs7.h, lib/x509/privkey.c, lib/x509/privkey.h,
+ lib/x509/privkey_pkcs8.c, lib/x509/rfc2818.h,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/verify.c, lib/x509/verify.h, lib/x509/x509.c,
+ lib/x509/x509.h, lib/x509/x509_write.c, lib/x509/xml.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/gnutls_extra.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openssl.c, libextra/openpgp/compat.c,
+ libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/openpgp.h, libextra/openpgp/pgp.c,
+ libextra/openpgp/pgpverify.c, libextra/openpgp/privkey.c,
+ libextra/openpgp/xml.c, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, src/certtool-cfg.c, src/certtool-cfg.h,
+ src/certtool.c, src/cli.c, src/common.c, src/common.h, src/crypt.c,
+ src/errcodes.c, src/list.h, src/prime.c, src/psk.c, src/serv.c,
+ src/tests.c, src/tests.h, src/tls_test.c: Use GNU coding style.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Use GNU coding style for indent.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Add.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Ignore more headers.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * src/.cvsignore: [no log message]
+
+2005-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_psk.c, lib/auth_psk_passwd.c, lib/auth_psk_passwd.h,
+ lib/gnutls_psk.c, src/serv-gaa.c, src/serv-gaa.h: more psk stuff
+
+2005-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, doc/gnutls.texi,
+ doc/manpages/Makefile.am, doc/manpages/psktool.1,
+ includes/gnutls/gnutls.h.in, lib/Makefile.am, lib/auth_psk.c,
+ lib/auth_psk.h, lib/auth_psk_passwd.c, lib/auth_psk_passwd.h,
+ lib/auth_srp.h, lib/auth_srp_sb64.c, lib/ext_srp.c,
+ lib/gnutls_algorithms.c, lib/gnutls_compress_int.c,
+ lib/gnutls_db.c, lib/gnutls_helper.c, lib/gnutls_helper.h,
+ lib/gnutls_int.h, lib/gnutls_psk.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_srp.c, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/libgnutls.vers, src/Makefile.am, src/cli-gaa.c, src/cli-gaa.h,
+ src/cli.c, src/cli.gaa, src/common.c, src/crypt.c,
+ src/gnutls-http-serv, src/psk-gaa.c, src/psk-gaa.h, src/psk.c,
+ src/psk.gaa, src/serv.c, src/serv.gaa: This is the initial commit in
+ the 1.3 branch. Ported from the PSK branch: * PSK ciphersuites have been added. * The session resumption data are now system independent.
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-11-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.9.
+
+2005-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: corrected bug in pkcs 12 ID key setting. Found and
+ reported by Fran <e_agf@yahoo.es>.
+
+2005-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: fixed typos etc.
+
+2005-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: [no log message]
+
+2005-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/signatures.texi: supported algorithms were moved in a
+ different subsection.
+
+2005-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: [no log message]
+
+2005-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/signatures.texi: [no log message]
+
+2005-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/signatures.texi: [no log message]
+
+2005-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi, doc/signatures.texi: better output for non-tex
+ formats.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/signatures.texi: Fix.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/signatures.texi: Add.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/signatures.texi: Add.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Remove
+ GNUTLS_CERTIFICATE_VERIFY_FLAGS_LAST hack, use version number
+ defines instead.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Add numeric version numbers, for CPP
+ version comparisons.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Compute numeric version numbers, for CPP version
+ comparisons.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Add GNUTLS_CERTIFICATE_VERIFY_FLAGS_LAST,
+ based on report by Daniel Stenberg <daniel@haxx.se>.
+
+2005-11-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.c: Doc fix, suggested by Daniel Stenberg
+ <daniel@haxx.se>.
+
+2005-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: some type fixes.
+
+2005-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: [no log message]
+
+2005-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/bibliography.texi, doc/gnutls.texi,
+ doc/signatures.texi: added some text about digital signatures.
+
+2005-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/x509/clicert-dsa.pem, src/x509/clicert.pem: appended the
+ intermediate CA certificates to client certificates.
+
+2005-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: added
+ the --require-cert option to gnutls-serv
+
+2005-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_kx.c: Some fixes in the certificate
+ handling.
+
+2005-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/bibliography.texi: [no log message]
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/bibliography.texi, doc/gnutls.texi: [no log message]
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/bibliography.texi, doc/gnutls.texi: the bibliography stuff is
+ a bit sorted... I hate that texinfo stuff.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/inet_ntop.c: Update.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/inet_ntop.h: Update.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/md2.c, gl/md2.h: Update.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/pgpverify.c: Doc fix.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Revert.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Fix warnings.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Don't include openpgp stuff in api manual.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Remove @anchor, texinfo @deftypefun create them
+ implicitly.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Fix.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Fix depends.
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi, doc/scripts/gdoc: some changes to allow cross
+ referencing of functions.
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * gl/arctwo.c: [no log message]
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/TODO: Add.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-libgcrypt.c, gl/m4/md2.m4: Update.
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-libgcrypt.c: Support MD2.
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: some more updates.
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: added text about gnutls_certificate_verify_flags.
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: [no log message]
+
+2005-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/gc.h: Update.
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/bibliography.texi, doc/gnutls.texi, doc/my-bib-macros.texi:
+ some more changes for better pdf output
+
+2005-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/bibliography.texi, doc/gnutls.texi,
+ doc/my-bib-macros.texi: added bibliography\!
+
+2005-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : [no log message]
+
+2005-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : pdf files generated with png2pdf. The output is a bit better
+ than eps2pdf.
+
+2005-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi, src/errcodes.c: some updates and improvments in
+ the pdf output.
+
+2005-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: [no log message]
+
+2005-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: The check for insecure algorithms is only
+ performed on non-self signed certificates.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c: Update.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/verify.c: Don't accept MD2/MD5 hashes when verifying
+ X.509 certificate signatures.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Print whether verification failed due to an
+ insecure algorithm.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in: Add GNUTLS_CERT_INSECURE_ALGORITHM.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs7.h, lib/x509/privkey.h, lib/x509/verify.h,
+ lib/x509/x509.h: Get public prototypes from gnutls/x509.h instead.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Fix prototype.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.h: Get exported function prototypes from
+ gnutls/x509.h instead.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Fix.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.h: Add.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_hash_int.c: Add MD2.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c: Fix link errors.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * : Remove.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Add MD2/MD5 verify flags.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/gc.h,
+ gl/m4/gc-md2.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/md2.m4, gl/md2.c, gl/md2.h: Add MD2.
+
+2005-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in, lib/gnutls_algorithms.c: Add MD2.
+
+2005-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c, gl/inet_ntop.c, gl/inet_ntop.h,
+ gl/m4/inet_ntop.m4, gl/md4.h, gl/md5.c, gl/md5.h: Update.
+
+2005-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-hajjeh-tls-sign-01.txt: Add.
+
+2005-10-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-10-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Fix zero size send.
+
+2005-10-22 Simon Josefsson <simon@josefsson.org>
+
+ * gl/arcfour.c, gl/arcfour.h, gl/arctwo.h, gl/m4/gc.m4,
+ gl/m4/gnulib-comp.m4, gl/md4.c, gl/md4.h: Update.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c: Update.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/hmac-md5.c, gl/hmac-sha1.c, gl/m4/gc.m4,
+ gl/m4/gnulib-comp.m4, gl/md4.c, gl/rijndael-alg-fst.h: Update.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c: Update.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/des.c, gl/des.h, gl/gc-gnulib.c, gl/m4/des.m4,
+ gl/m4/gc-des.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4:
+ Update.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/arctwo.c, gl/arctwo.h, gl/gc-gnulib.c,
+ gl/gc-libgcrypt.c, gl/m4/arctwo.m4, gl/m4/gc-arctwo.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-10-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-salowey-tls-ticket-05.txt: Add.
+
+2005-10-20 Simon Josefsson <simon@josefsson.org>
+
+ * tests/anonself.c: Fix bug.
+
+2005-10-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-modadugu-tls-ctr-00.txt: Add.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/arcfour.c, gl/arcfour.h, gl/gc-gnulib.c,
+ gl/m4/arcfour.m4, gl/m4/gc-arcfour.m4, gl/m4/gc-hmac-md5.m4,
+ gl/m4/gc-hmac-sha1.m4, gl/m4/gc-md4.m4, gl/m4/gc-md5.m4,
+ gl/m4/gc-rijndael.m4, gl/m4/gc-sha1.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4: Update.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc-gnulib.c: Cleanup.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc.h: Add ecb.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/rijndael-api-fst.c: Fix CBC IV bugs.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-gnulib.c, gl/hmac-md5.c, gl/hmac-sha1.c,
+ gl/m4/gc-rijndael.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/rijndael.m4, gl/rijndael-alg-fst.c, gl/rijndael-alg-fst.h,
+ gl/rijndael-api-fst.c, gl/rijndael-api-fst.h: Update.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Reverse logic.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * README: Update --with-builtin-crypto documentation.
+
+2005-10-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add --with-builtin-crypto to enable gnulib
+ functions.
+
+2005-10-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Initialize gcrypt here, for now, to make sure
+ it is done even if gnulib's GC uses the non-libgcrypt functions.
+
+2005-10-18 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove unused USE_GCRYPT.
+
+2005-10-18 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c, gl/gc.h,
+ gl/m4/gc-md4.m4, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/md4.m4, gl/md4.c, gl/md4.h: Add gc-md4.
+
+2005-10-18 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/stdbool.m4: Update.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-libgcrypt.c, gl/m4/gc-sha1.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Update.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/gc.c: Add self tests of gc.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/hmac-md5.c, gl/m4/gc-hmac-md5.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hmac-md5.m4,
+ gl/m4/md5.m4, gl/md5.c, gl/md5.h: Update.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/gc.h, lib/gnutls_cipher_int.h, lib/gnutls_hash_int.h,
+ lib/x509/pkcs12_encr.c, lib/x509/privkey_pkcs8.c,
+ libextra/Makefile.am: Fixes to make GC work again.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am,
+ src/Makefile.am: Don't link to gc directly.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/.cvsignore, crypto/Makefile.am, crypto/gc-libgcrypt.c,
+ crypto/gc-nettle.c, crypto/gc.h, crypto/pkcs5.c, crypto/test-gc.c,
+ crypto/utils.c, crypto/utils.h, nettle/.cvsignore,
+ nettle/Makefile.am, nettle/aes-decrypt-table.c,
+ nettle/aes-decrypt.c, nettle/aes-encrypt-table.c,
+ nettle/aes-encrypt.c, nettle/aes-internal.h, nettle/aes-meta.c,
+ nettle/aes-set-decrypt-key.c, nettle/aes-set-encrypt-key.c,
+ nettle/aes.c, nettle/aes.h, nettle/arcfour-crypt.c,
+ nettle/arcfour-meta.c, nettle/arcfour.c, nettle/arcfour.h,
+ nettle/arctwo-meta.c, nettle/arctwo.c, nettle/arctwo.h,
+ nettle/cbc.c, nettle/cbc.h, nettle/des-compat.c,
+ nettle/des-compat.h, nettle/des.c, nettle/des.h, nettle/des3.c,
+ nettle/desCode.h, nettle/descore.README, nettle/desinfo.h,
+ nettle/hmac-md5.c, nettle/hmac-sha1.c, nettle/hmac.c,
+ nettle/hmac.h, nettle/keymap.h, nettle/knuth-lfib.c,
+ nettle/knuth-lfib.h, nettle/macros.h, nettle/md2-meta.c,
+ nettle/md2.c, nettle/md2.h, nettle/md5-meta.c, nettle/md5.c,
+ nettle/md5.h, nettle/memxor.c, nettle/memxor.h,
+ nettle/nettle-internal.c, nettle/nettle-internal.h,
+ nettle/nettle-meta.h, nettle/parity.h, nettle/rotors.h,
+ nettle/sha.h, nettle/sha1-compress.c, nettle/sha1-meta.c,
+ nettle/sha1.c, nettle/tests/.cvsignore, nettle/tests/Makefile.am,
+ nettle/tests/aes-test.c, nettle/tests/arcfour-test.c,
+ nettle/tests/arctwo-test.c, nettle/tests/cbc-test.c,
+ nettle/tests/des-compat-test.c, nettle/tests/des-test.c,
+ nettle/tests/des3-test.c, nettle/tests/hmac-test.c,
+ nettle/tests/knuth-lfib-test.c, nettle/tests/md2-test.c,
+ nettle/tests/md4-test.c, nettle/tests/md5-test.c,
+ nettle/tests/run-tests, nettle/tests/sha1-test.c,
+ nettle/tests/testutils.c, nettle/tests/testutils.h: Remove
+ nettle+crypto.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in: Replace nettle+crypto with gnulib.
+
+2005-10-17 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-libgcrypt.c, gl/gc-pbkdf2-sha1.c, gl/gc.h,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/stdbool.m4:
+ UPdate.
+
+2005-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: added some more verbose messages to the client to
+ report whether it sent any certificates or not.
+
+2005-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_server_name.h: Remove unused prototypes.
+
+2005-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4: Don't
+ use gc just yet.
+
+2005-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gc-md5.m4: Add.
+
+2005-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/gc-gnulib.c, gl/gc-libgcrypt.c,
+ gl/gc-pbkdf2-sha1.c, gl/gc.h, gl/hmac-sha1.c, gl/hmac.h,
+ gl/m4/gc-hmac-sha1.m4, gl/m4/gc-pbkdf2-sha1.m4, gl/m4/gc.m4,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/hmac-sha1.m4,
+ gl/m4/inttypes.m4, gl/m4/memxor.m4, gl/m4/restrict.m4,
+ gl/m4/sha1.m4, gl/m4/stdint.m4, gl/memxor.c, gl/memxor.h,
+ gl/sha1.c, gl/sha1.h, gl/stdint_.h: Update.
+
+2005-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-hajjeh-mtls-00.txt: Add.
+
+2005-10-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-10.txt: Add.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.8.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * src/crypt.c: Don't use error.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2005-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getdelim.c, gl/m4/gnulib-comp.m4, gl/m4/stdbool.m4: Update.
+
+2005-10-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: depends on libgcrypt 1.2.2
+
+2005-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: handle better EOF from stdin.
+
+2005-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2005-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Don't install libexamples.la.
+
+2005-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/manpages/Makefile.am, lib/auth_dh_common.c,
+ lib/auth_rsa_export.c, lib/auth_srp.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
+ lib/gnutls_srp.c, lib/x509/pkcs12.c, lib/x509/pkcs12_encr.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: Made the PKCS #12 API
+ handle null passwords. Based on patch by Anton Altaparmakov
+ <aia21@cam.ac.uk>.
+
+2005-09-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4158.txt: Add.
+
+2005-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, src/common.c, src/common.h: Use gnulib for
+ inet_ntop.
+
+2005-09-24 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/inet_ntop.c, gl/inet_ntop.h,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/inet_ntop.m4,
+ gl/m4/sockpfaf.m4: Add inet_ntop.
+
+2005-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add --insecure.
+
+2005-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h: Generated.
+
+2005-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c, src/cli.gaa: Add --insecure. Make the default be to
+ abort connections if the peer doesn't verify, when a ca certificate
+ or PGP trust database has been supplied.
+
+2005-09-23 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Fix warnings.
+
+2005-09-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-cert-select.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c: Don't use mmap.
+ Use memset instead of bzero.
+
+2005-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Revert stupid program_name workaround, patch
+ from Martin Lambers <marlam@marlam.de>.
+
+2005-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/error.c, gl/error.h, gl/getdelim.c,
+ gl/getline.c, gl/getpass.c, gl/m4/error.m4, gl/m4/gnulib-cache.m4,
+ gl/m4/gnulib-comp.m4, gl/m4/strerror_r.m4, gl/memmove.c,
+ gl/readline.c: Remove error module. Update gnulib files.
+
+2005-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c, src/certtool.c: Don't use error module until
+ program_name problem is solved.
+
+2005-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use gnulib for socklen test.
+
+2005-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4,
+ gl/m4/socklen.m4: Update.
+
+2005-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Don't use mmap, patch from Martin Lambers
+ <marlam@marlam.de>.
+
+2005-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-11.txt: Add.
+
+2005-09-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-funk-tls-inner-application-extension-00.txt,
+ doc/protocol/draft-funk-tls-inner-application-extension-01.txt: Add.
+
+2005-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: gtk-doc in debian should work fine now
+
+2005-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/tmpl/.cvsignore: [no log message]
+
+2005-09-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/tmpl/gnutls-unused.sgml: Add (to workaround gtk-doc
+ makefile bug.)
+
+2005-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-chudov-cryptopro-cptls-02.txt: Add.
+
+2005-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2005-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.7.
+
+2005-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-salowey-tls-ticket-04.txt: Add.
+
+2005-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-09-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-09-06 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getpass.c: Update.
+
+2005-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/gnulib-tool.m4, gl/m4/lib-ld.m4, gl/m4/lib-prefix.m4: Add.
+
+2005-09-03 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib-cache.m4, gl/m4/gnulib.m4: Update.
+
+2005-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/getdelim.c,
+ gl/m4/gnulib-cache.m4, gl/m4/gnulib-comp.m4, gl/m4/lib-link.m4:
+ Update gnulib.
+
+2005-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4162.txt: Add.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Update my PGP key.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h: Update.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Dist libgnutls-extra.vers.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Dist libgnutls.vers.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Fix typo.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/libgnutls-extra.vers: Add version script.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, lib/libgnutls.vers: Add.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, libextra/Makefile.am: Use version script.
+
+2005-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add --enable-ld-version-script.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix typo.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Link with libz.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/isascii.c, gl/isascii.h, gl/m4/gnulib.m4,
+ gl/m4/isascii.m4: Update.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Add program_name, to shut up error module.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove isascii gnulib module.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h: Let's pretend all system has isascii until we find
+ one that actually hasn't.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-verify.c: Don't use C99 features.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Disable zlib code if we don't find zlib.h too.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Remove gnutls_random.h.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getpass.c, gl/m4/gnulib.m4: Update.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/auth_srp_passwd.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_pk.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: Don't include
+ gnutls_random.h.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/gnutls_random.c, lib/gnutls_random.h: (_gnutls_get_random): Removed, not used any more.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_rsa.c: Call gc directly instead of _gnutls_get_random.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * src/crypt.c: Prototype error().
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: Call gc directly
+ instead of _gnutls_get_random.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_pk.c: Fix last commit.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp_passwd.c, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_pk.c: Call gc directly instead of
+ _gnutls_get_random.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Add libgc.la for crypt.c.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * src/crypt.c: Avoid gcrypt.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Fix typo.
+
+2005-08-30 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Add -I for ../crypto. Remove unneeded OpenCDK
+ CFLAGS.
+
+2005-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2005-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getpass.c, gl/m4/gnulib.m4, gl/m4/minmax.m4:
+ Update.
+
+2005-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getpass.c: Update.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getpass.c, gl/m4/getpass.m4, gl/m4/gnulib.m4:
+ Update.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Only use getpass, not getpass-gnu (the later is
+ always built on glibc platforms).
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Fix copyright. Fix rc/status checking in last
+ commit.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Use gnutls_certificate_verify_peers2, suggested by
+ Daniel Stenberg <daniel@haxx.se>.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_x509.c: Doc fix.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c: (gnutls_certificate_verify_peers2): Doc fix, suggested by Daniel
+ Stenberg <daniel@haxx.se>.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Indent.
+
+2005-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: (gnutls_certificate_verify_flags): Doc fix.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Fix objdir!=srcdir builds once again.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/Makefile.am: Add -I for objdir!=srcdir builds.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am: Add -I for gl.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.h: Don't re-map socklen_t (done by configure now),
+ suggested by Martin Lambers <marlam@marlam.de>.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Define socklen_t to int, not size_t, if it is
+ missing, suggested by Martin Lambers <marlam@marlam.de>.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getpass.c, gl/m4/getpass.m4: Update.
+
+2005-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/openpgp.h: Protect config.h #include.
+
+2005-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/internals.eps, doc/layers.eps, doc/pgp1.eps: updated figures
+
+2005-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-cfg.c: (read_int): Use readline. Use strtol, and catch out of range
+ inputs. Suggested by Fran.
+
+2005-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add readline.
+
+2005-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Possibly link with readline.
+
+2005-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/lib-link.m4,
+ gl/m4/readline.m4, gl/readline.c, gl/readline.h: Update.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/errors.c, lib/minitasn1/errors.h,
+ lib/minitasn1/libtasn1.h: Update to 0.2.15.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/isascii.m4: Update.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/isascii.c, gl/isascii.h,
+ gl/m4/gnulib.m4, gl/m4/isascii.m4, lib/defines.h: Use isascii from
+ gnulib.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h: Protect config.h include. Assume C89 platform.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/memmove.m4,
+ gl/memmove.c, lib/defines.h: Cleanup memmove.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/tcp.c: Add, from ex-client2.c.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client2.c: Use external tcp_*.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Don't call progname stuff.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/memmem.c, lib/memmem.h: Remove.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Link with gnulib for memmem.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c, gl/error.c,
+ gl/error.h, gl/getdelim.c, gl/getdelim.h, gl/getline.c,
+ gl/getline.h, gl/getpass.c, gl/getpass.h, gl/m4/gnulib.m4,
+ gl/m4/memmem.m4, gl/memmem.c, gl/memmem.h, gl/minmax.h,
+ gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
+ gl/printf-parse.h, gl/progname.c, gl/progname.h, gl/size_max.h,
+ gl/snprintf.c, gl/snprintf.h, gl/stdbool_.h, gl/vasnprintf.c,
+ gl/vasnprintf.h, gl/xsize.h: Update.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Replace GPL progname.h with simple workaround.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Avoid progname module (only GPL one left). Add
+ memmem gnulib module. Force gnulib files to be LGPL.
+
+2005-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/getdelim.c, gl/getdelim.h, gl/getline.c,
+ gl/getline.h, gl/getndelim2.c, gl/getndelim2.h, gl/m4/getdelim.m4,
+ gl/m4/getline.m4, gl/m4/getndelim2.m4, gl/m4/gnulib.m4,
+ gl/m4/onceonly_2_57.m4, gl/m4/ssize_t.m4: Update.
+
+2005-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
+ doc/examples/ex-rfc2818.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
+ doc/examples/ex-session-info.c, doc/examples/ex-verify.c,
+ doc/examples/ex-x509-info.c: Indent.
+
+2005-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, doc/Makefile.am, doc/examples/.cvsignore,
+ doc/examples/Makefile.am, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client1.c, doc/examples/ex-client2.c,
+ doc/examples/ex-crq.c, doc/examples/ex-pkcs12.c,
+ doc/examples/ex-rfc2818.c, doc/examples/ex-serv-anon.c,
+ doc/examples/ex-serv-export.c, doc/examples/ex-serv-pgp.c,
+ doc/examples/ex-serv-srp.c, doc/examples/ex-serv1.c,
+ doc/examples/ex-session-info.c, doc/examples/ex-verify.c,
+ doc/examples/ex-x509-info.c: Build examples. Fix errors.
+
+2005-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2005-07-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Doc fixes, tiny patch from Ralph Giles
+ <giles@onlinegamegroup.com>.
+
+2005-07-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc4132.txt: Add.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.6.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h: Sync with 0.2.14.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_anon_cred.c: Fix GTK-DOC warnings.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: gtk-doc 1.4 is ok
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/gnutls.h.in, includes/gnutls/openpgp.h,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_ui.c: Fix GTK-DOC
+ warnings.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/x509.h: Fix GTK-DOC warning.
+
+2005-07-16 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c, lib/x509/privkey.c, lib/x509/x509.c: Fix GTK-DOC
+ warnings.
+
+2005-07-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-salowey-tls-ticket-03.txt: Add.
+
+2005-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-x509-info.c: corrected wrong number of arguments
+ in gnutls_x509_crt_import(). Reported by Fco J. Arias.
+
+2005-07-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls_compress_int.c, libextra/gnutls_extra.c:
+ Fix LZO 1.x vs 2.x header file #include mess.
+
+2005-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2005-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * gl/m4/size_max.m4, gl/size_max.h: Update.
+
+2005-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2005-07-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Check for lzo1x_1_compress in -llzo2 too, and prefer
+ -llzo2 if available, reported by Thomas Klausner <tk@giga.or.at>.
+
+2005-07-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls_compress_int.c, libextra/Makefile.am,
+ libextra/gnutls_extra.c, libextra/lzoconf.h, libextra/lzodefs.h,
+ libextra/minilzo.c, libextra/minilzo.h,
+ libextra/minilzo/.cvsignore, libextra/minilzo/Makefile.am,
+ libextra/minilzo/README.LZO, libextra/minilzo/lzoconf.h,
+ libextra/minilzo/lzodefs.h, libextra/minilzo/minilzo.c,
+ libextra/minilzo/minilzo.h, libextra/minilzo/testmini.c: Move
+ MiniLZO to separate directory. Update from MiniLZO 2.00 to 2.01.
+
+2005-07-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-07-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-07-03 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-07-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.5.
+
+2005-07-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/libgnutls-extra-config.in: Fix --help for distcheck.
+
+2005-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls-config.in: Send --help output to stdout.
+
+2005-07-02 Simon Josefsson <simon@josefsson.org>
+
+ * lib/libgnutls-config.in: Exit with 0 for --help.
+
+2005-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12_neon: Fix.
+
+2005-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkcs12_neon: Fix objdir!=srcdir (for distcheck).
+
+2005-06-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Dist gnutls-logo.eps.
+
+2005-06-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-rescorla-dtls-05.txt: Add.
+
+2005-06-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-13.txt: Add.
+
+2005-06-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-09.txt: Add.
+
+2005-06-17 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Use --enable-gtk-doc during distcheck.
+
+2005-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2005-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/Makefile.am: Fix srcdir!=objdir builds.
+
+2005-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/Makefile.am, libextra/openpgp/Makefile.am: Add
+ license.
+
+2005-06-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am, libextra/openpgp/Makefile.am: Fix
+ srcdir!=objdir builds.
+
+2005-06-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-06-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/lzodefs.h: Add.
+
+2005-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS: [no log message]
+
+2005-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_compress_int.c, libextra/Makefile.am,
+ libextra/gnutls_extra.c, libextra/lzoconf.h, libextra/minilzo.c,
+ libextra/minilzo.h: Updated to minilzo 2.0 and corrected stuff
+ pointed out by
+
+2005-06-03 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-12.txt: Add.
+
+2005-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509_write.c: some updates to prevent warnings for non
+ constant initializers
+
+2005-05-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-10.txt: Add.
+
+2005-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_ui.c, lib/x509/crl_write.c,
+ lib/x509/crq.c, lib/x509/mpi.c, lib/x509/sign.c,
+ lib/x509/x509_write.c: fixed some type conflicts.
+
+2005-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: crt_list_import() now works with DER certificates
+ (although only 1 can be imported).
+
+2005-05-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-05-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2005-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/dn.c: [no log message]
+
+2005-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/dn.c: correct the behaviour in DN parsing. Return the
+ correct size when requested.
+
+2005-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.4.
+
+2005-05-28 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2005-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: print the correct issuer in verify_chain()
+
+2005-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/auth_srp_rsa.c, lib/ext_srp.c,
+ lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_state.c,
+ lib/gnutls_ui.c, lib/gnutls_x509.c, lib/x509/pkcs12_bag.c,
+ src/certtool.c: eliminated some warnings.
+
+2005-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2005-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * config.rpath, doc/gendocs.sh: Update.
+
+2005-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS, COPYING, COPYING.LIB, Makefile.am, NEWS, configure.in,
+ crypto/Makefile.am, crypto/gc-libgcrypt.c, crypto/gc.h,
+ crypto/pkcs5.c, crypto/test-gc.c, crypto/utils.c, crypto/utils.h,
+ doc/Makefile.am, doc/fdl.texi, doc/gendocs.sh,
+ doc/gendocs_template, includes/Makefile.am,
+ includes/gnutls/extra.h, includes/gnutls/gnutls.h.in,
+ includes/gnutls/openpgp.h, includes/gnutls/openssl.h,
+ includes/gnutls/pkcs12.h, includes/gnutls/x509.h, lib/Makefile.am,
+ lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/auth_srp.c,
+ lib/auth_srp.h, lib/auth_srp_passwd.c, lib/auth_srp_passwd.h,
+ lib/auth_srp_rsa.c, lib/auth_srp_sb64.c, lib/debug.c, lib/debug.h,
+ lib/defines.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_srp.c, lib/ext_srp.h,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffer.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
+ lib/gnutls_constate.c, lib/gnutls_constate.h, lib/gnutls_datum.c,
+ lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_db.h,
+ lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mem.c,
+ lib/gnutls_mem.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_priority.c, lib/gnutls_priority.h,
+ lib/gnutls_random.c, lib/gnutls_random.h, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session.h, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/io_debug.h, lib/memmem.c,
+ lib/memmem.h, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/errors.h, lib/minitasn1/gstr.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c, lib/strfile.h, lib/x509/Makefile.am,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/compat.c,
+ lib/x509/compat.h, lib/x509/crl.c, lib/x509/crl_write.c,
+ lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/dsa.c, lib/x509/dsa.h, lib/x509/extensions.c,
+ lib/x509/extensions.h, lib/x509/mpi.c, lib/x509/mpi.h,
+ lib/x509/pkcs12.c, lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c,
+ lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
+ lib/x509/privkey.c, lib/x509/privkey.h, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818.h, lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
+ lib/x509/sign.h, lib/x509/verify.c, lib/x509/verify.h,
+ lib/x509/x509.c, lib/x509/x509.h, lib/x509/x509_write.c,
+ lib/x509/xml.c, lib/x509_b64.c, lib/x509_b64.h,
+ libextra/Makefile.am, libextra/gnutls_extra.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openssl.c, libextra/lzoconf.h, libextra/minilzo.c,
+ libextra/minilzo.h, libextra/opencdk/armor.c,
+ libextra/opencdk/cipher.c, libextra/opencdk/cipher.h,
+ libextra/opencdk/compress.c, libextra/opencdk/context.h,
+ libextra/opencdk/encrypt.c, libextra/opencdk/filters.h,
+ libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
+ libextra/opencdk/keygen.c, libextra/opencdk/keylist.c,
+ libextra/opencdk/keyserver.c, libextra/opencdk/main.c,
+ libextra/opencdk/main.h, libextra/opencdk/md.c,
+ libextra/opencdk/md.h, libextra/opencdk/misc.c,
+ libextra/opencdk/new-packet.c, libextra/opencdk/opencdk.h,
+ libextra/opencdk/packet.h, libextra/opencdk/plaintext.c,
+ libextra/opencdk/pubkey.c, libextra/opencdk/read-packet.c,
+ libextra/opencdk/seskey.c, libextra/opencdk/sig-check.c,
+ libextra/opencdk/sign.c, libextra/opencdk/stream.c,
+ libextra/opencdk/stream.h, libextra/opencdk/sym-cipher.c,
+ libextra/opencdk/trustdb.c, libextra/opencdk/types.h,
+ libextra/opencdk/verify.c, libextra/opencdk/write-packet.c,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
+ libextra/openpgp/privkey.c, libextra/openpgp/xml.c,
+ libextra/openssl_compat.c, libextra/openssl_compat.h,
+ src/Makefile.am, src/certtool-cfg.c, src/certtool.c, src/cli.c,
+ src/common.c, src/crypt.c, src/list.h, src/prime.c, src/serv.c,
+ src/tests.c, src/tls_test.c, tests/Makefile.am, tests/anonself.c,
+ tests/chain, tests/openssl.c, tests/pkcs12_neon, tests/pkits,
+ tests/pkits_crl, tests/pkits_crt, tests/pkits_pkcs12,
+ tests/pkits_smime, tests/simple.c, tests/utils.c, tests/utils.h:
+ Update FSF office address in license.
+
+2005-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Update FSF office address in license.
+
+2005-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-05-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c, gl/error.c,
+ gl/error.h, gl/getline.c, gl/getline.h, gl/getndelim2.c,
+ gl/getndelim2.h, gl/getpass.c, gl/getpass.h, gl/m4/gnulib.m4,
+ gl/m4/minmax.m4, gl/minmax.h, gl/printf-args.c, gl/printf-args.h,
+ gl/printf-parse.c, gl/printf-parse.h, gl/progname.c, gl/progname.h,
+ gl/snprintf.c, gl/snprintf.h, gl/stdbool_.h, gl/vasnprintf.c,
+ gl/vasnprintf.h, gl/xsize.h: Update.
+
+2005-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/certtool.1: [no log message]
+
+2005-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-verify.c: improved the verification example.
+
+2005-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/verify.c: Corrected a bug in
+ certificate verification that could lead to a trusted certificate
+ path to be marked as non-trusted, if it included the last
+ self-signed certificate in the chain.
+
+2005-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/ex-cert-select.c: [no log message]
+
+2005-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in, doc/manpages/Makefile.am,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Introduced to --fix-key option to certtool, which
+ can be used to regenerate the (optional) parameters in a private
+ key. It should be used together with --key-info.
+
+2005-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc3546bis-01.txt: Add.
+
+2005-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Typo.
+
+2005-05-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Include defines.h before gnutls.h, to pull in
+ config.h, to make sure memmem.h prototype memmem properly, from
+ Yoann Vandoorselaere <yoann.v@prelude-ids.com>.
+
+2005-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: removed unneeded gnutls_x509_crt_init().
+
+2005-05-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-10.txt: Add.
+
+2005-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: [no log message]
+
+2005-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/pkcs12.c: corrected some things that
+ could affect 64 bit machines.
+
+2005-05-01 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Use gnutls/extra.h to get
+ gnutls_openpgp_recv_key_func type.
+
+2005-05-01 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/openpgp.h: Remove, defined in gnutls.h.
+
+2005-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: added date
+
+2005-04-28 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert fully, LT_CURRENT was also updated. Sorry.
+
+2005-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Revert partially, LT_AGE already incremented.
+
+2005-04-27 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump versions.
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: for the gnutls_cipher.c bug, that could cause denial of
+ service
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: increased age
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/gnutls/x509.h,
+ lib/gnutls_rsa_export.c, lib/x509/privkey.c, src/certtool.c:
+ certtool can now fix the old RSA private keys. This is done by using
+ the -k parameter.
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey.c, lib/x509/x509.h: at the export phase, encode
+ the key.
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mpi.h, lib/x509/privkey.c, lib/x509/x509.h: corrected
+ bugs in RSA key export.
+
+2005-04-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c: added an extra check while checking the
+ padding.
+
+2005-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.2.
+
+2005-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Don't regenerate error_codes.texi when gnutls.h
+ is newer, because it will always be, and this causes texinfo to be
+ run on the manual.
+
+2005-04-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Dist more.
+
+2005-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c: some updates in the description of
+ gnutls_alert_get()
+
+2005-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c: gnutls_alert_send_appropriate() is no longer
+ marked as deprecated.
+
+2005-04-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: [no log message]
+
+2005-04-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: [no log message]
+
+2005-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2005-04-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_alert.c: Make it compile.
+
+2005-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.h: [no log message]
+
+2005-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_session_pack.c,
+ lib/gnutls_ui.c: some cleanups, and changes in the resuming code to
+ avoid freeing non-allocated stuff.
+
+2005-04-19 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Remove some warnings.
+
+2005-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: some cleanups in certtool
+
+2005-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, includes/Makefile.am, includes/gnutls/Makefile.am:
+ Remove includes/gnutls/Makefile.am. Fix includes/Makefile.am to
+ compensate.
+
+2005-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Remove gnutls_alert.h.
+
+2005-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/Makefile.am: Add license.
+
+2005-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * includes/Makefile.am: Simplify. Add license.
+
+2005-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/Makefile.am: Don't dist gnutls.h, it is generated.
+
+2005-04-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, includes/gnutls/gnutls.h.in, lib/gnutls.h.in.in:
+ Move lib/gnutls.h.in.in into includes/gnutls/gnutls.h.in. Fix
+ #warning about missing components, it didn't work in config.status.
+ Simplify configure.ac wrt to gnutls.h.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add more warnings (likely to be trimmed later).
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h: Remove.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.h: Remove dupe definition.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.h.in.in: Revert.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.h.in.in: Moved from gnutls_mem.h.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_mem.h: Cleanup.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.h: Fix warning.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/main.c: Fix warning.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_cert.c, lib/auth_srp_passwd.c, lib/gnutls_constate.c,
+ lib/gnutls_v2_compat.c, lib/gnutls_x509.c, libextra/opencdk/main.c,
+ libextra/opencdk/misc.c: Fix warning.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_hash_int.c, lib/gnutls_kx.c: Fix warning.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.c: Fix warnings.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_state.c, lib/gnutls_state.h: Fix
+ warning.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/getpass.m4: Update.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_handshake.h: Cleanup.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/getline.m4, gl/m4/getpass.m4,
+ gl/progname.c, gl/size_max.h, gl/vasnprintf.c: Update.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Improve warning CFLAGS.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: (_gnutls_x509_oid_data2string): Fix memory leak, tiny patch from
+ Rupert Kittinger <rkit@mur.at>.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Make error_codes.texi build, after removing
+ gnutls_errors_int.h.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_alert.c: Make it build.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_srp.c, lib/ext_srp.c, lib/gnutls_alert.h,
+ lib/gnutls_algorithms.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
+ lib/gnutls_record.c: Simplify.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_auth_int.h, lib/gnutls_db.h: Cleanup.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CODING_STYLE, lib/Makefile.am, lib/gnutls_errors.h,
+ lib/gnutls_errors_int.h: Simplify.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.h: Remove. (Everything moved to gnutls.h.in.in.)
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_cert.c, lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
+ lib/auth_srp_rsa.c, lib/debug.c, lib/debug.h, lib/gnutls.h.in.in,
+ lib/gnutls_alert.h, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_dh.h, lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_mem.h, lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.h, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
+ lib/gnutls_x509.c, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/x509.c, lib/x509/x509.h,
+ lib/x509/x509_write.c, libextra/openpgp/openpgp.h: Clean up #include
+ situation, merge from gnutls_1_2_1_with_include_fixes. Now
+ lib/gnutls_int.h start by including gnutls/gnutls.h, to check
+ prototypes during compile time. More cleanups are expected.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Mention API/ABI changes more clearly.
+
+2005-04-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2005-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c: Some fixes for
+ AuthorityKeyIdentifier parsing. Suggested by Fabio.
+
+2005-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: [no log message]
+
+2005-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-rescorla-dtls-04.txt: Add.
+
+2005-04-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-09.txt: Add.
+
+2005-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/manpages/Makefile.am, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/dn.c, lib/x509/pkcs12.c: Fixed pkcs12
+ friendly name and local key identifier decoding.
+
+2005-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: print some more information for PKCS #12
+ structures.
+
+2005-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: [no log message]
+
+2005-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/x509_write.c: [no log message]
+
+2005-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c: return unexpected_message alert in the case of
+ a handshake unexpected message.
+
+2005-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2005-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Doc fix, suggested by Nikos Mavrogiannopoulos
+ <nmav@gnutls.org>.
+
+2005-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.1.
+
+2005-04-04 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Doc fixes, adapted from suggestions by Martin
+ Lambers <marlam@web.de>.
+
+2005-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: added warning to libraries compiled with features
+ disabled.
+
+2005-04-02 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Fix.
+
+2005-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: some more documentation fixes.
+
+2005-03-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_record.c: Doc fix, reported by Martin Lambers
+ <marlam@web.de>.
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: [no log message]
+
+2005-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/x509.c, lib/x509/x509.h,
+ src/certtool.c, src/cli.c: more improvments to
+ gnutls_x509_crt_list_import()
+
+2005-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/x509.c, lib/x509/x509.h,
+ src/cli.c: improved gnutls_x509_crt_list_import().
+
+2005-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: certtool can now print certificate information in
+ files containing multiple certificates.
+
+2005-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: [no log message]
+
+2005-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/x509.c, src/cli.c: Added
+ the function gnutls_x509_crt_list_import(). This is a convinience
+ function to import many certificates with a single call.
+
+2005-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/x509_write.c: Added
+ gnutls_x509_crt_set_extension_by_oid().
+
+2005-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/crq.c: corrected bug in
+ gnutls_crq_get_attribute_by_oid()
+
+2005-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: fixed the library number.
+
+2005-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls_hash_int.h, lib/x509/common.c,
+ lib/x509/crq.c, lib/x509/privkey_pkcs8.c, lib/x509/x509.h,
+ lib/x509/xml.c, libextra/opencdk/opencdk.h: [no log message]
+
+2005-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/x509/crq.c: Added the functions: gnutls_x509_crq_get_attribute_by_oid() and gnutls_x509_crq_set_attribute_by_oid().
+
+2005-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.c,
+ lib/auth_dh_common.h, lib/gnutls_auth.c, lib/gnutls_record.c,
+ lib/gnutls_session_pack.c: eliminated some memory leaks caused by
+ DHE and RSA-EXPORT ciphersuites. Thanks to Yoann Vandoorselaere for
+ reporting them.
+
+2005-03-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-09.txt: Add.
+
+2005-03-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-03-11 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/tests/Makefile.am: Dist testutils.{c,h}.
+
+2005-03-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Flow.
+
+2005-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c, libextra/openpgp/pgpverify.c,
+ libextra/openssl_compat.c: some doc fixes.
+
+2005-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: [no log message]
+
+2005-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/dsa.c, lib/x509/privkey.c: [no log message]
+
+2005-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/x509/common.h, lib/x509/pkcs12.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.h: gnutls will now recognize
+ the GOST signature and public key OIDs. However no support is
+ planned.
+
+2005-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c: added a check to test whether the DH secret is
+ zero.
+
+2005-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2005-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/verify.c,
+ lib/x509/verify.h: Improved the semantics of
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to allow only trusted Version 1
+ CAs and introduced GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has
+ the old semantics.
+
+2005-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: test commit
+
+2005-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: [no log message]
+
+2005-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2005-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_state.c, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/pkcs12.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
+ libextra/gnutls_openssl.c, src/certtool.c, src/cli.c, src/common.c,
+ src/serv.c, src/tests.c: renamed all instances of _SHA to _SHA1 to
+ make naming more consistent and clear.
+
+2005-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2005-03-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Don't force -O2 -finline-functions.
+
+2005-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa, src/prime.c: Added the option --get-dh-params to
+ certtool, in order to get the included primes and generators
+
+2005-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool.c: added warning when MD5 is being used.
+
+2005-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2005-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_srp.c: added more strict checks for g,n
+
+2005-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-salowey-tls-ticket-00.txt,
+ doc/protocol/draft-salowey-tls-ticket-02.txt: new ticket
+
+2005-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-02-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-06.txt: Add.
+
+2005-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: some modifications for gnutls_bye()
+ semantics.
+
+2005-02-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-rescorla-dtls-03.txt: Add.
+
+2005-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/srptool.1: updated documentation for srptool.1
+
+2005-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add -Wshadow for --enable-developer-mode.
+
+2005-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.c, lib/gnutls_ui.h: (gnutls_rsa_export_get_pubkey): Don't use reserved word "exp",
+ reported by Neil Spring <nspring@cs.washington.edu>.
+
+2005-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h, lib/x509/crl.c: (gnutls_x509_crl_get_crt_serial): Don't use reserved word "time",
+ reported by Neil Spring <nspring@cs.washington.edu>.
+
+2005-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: Fix last commit.
+
+2005-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c: (gnutls_x509_crl_get_crt_serial): Don't use reserved word "index",
+ reported by Neil Spring <nspring@cs.washington.edu>.
+
+2005-02-12 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h: (gnutls_x509_crl_get_crt_serial): Don't use reserved word "index" in
+ prototype, reported by Neil Spring <nspring@cs.washington.edu>.
+
+2005-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: [no log message]
+
+2005-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2005-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h: Protect for C++, tiny patch from Daniel
+ Black <dragonheart@gentoo.org>.
+
+2005-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Scan in lib/x509/ too, sources now
+ fixed.
+
+2005-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c: Doc fix.
+
+2005-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/privkey.c, lib/x509/x509.c: Doc fix.
+
+2005-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/x509.c: Doc fix.
+
+2005-02-06 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Markup fixes.
+
+2005-02-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2005-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-04.txt,
+ doc/protocol/draft-ietf-tls-srp-07.txt: [no log message]
+
+2005-01-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-lee-tls-seed-01.txt: Add.
+
+2005-01-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: Fix gtk-doc.
+
+2005-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/xml.c: some
+ changes for 64bit machines.
+
+2005-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: [no log message]
+
+2005-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/compat.c: these functions are not exported in the API
+ documentation.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Don't use "devel" directory.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: Fix.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.2.0.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Make it compile.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs_template: Add.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs.sh, doc/gendocs_template: Update.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Fix gnutls-extra-api.texi.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Fix x509-api.texi.
+
+2005-01-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix indices, suggested by Nikos.
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : converted the eps to pdf (using epstopdf), resulting in a better
+ output in gnutls.pdf.
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: corrected types.
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add, from Nikos.
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: [no log message]
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi, doc/manpages/Makefile.am,
+ doc/protocol/draft-ietf-tls-openpgp-keys-05.txt: [no log message]
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.gaa: srptool has now
+ the --version parameter.
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-05.txt,
+ doc/protocol/draft-ietf-tls-openpgp-keys-06.txt: Add.
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/crypt.c: print version in srptool
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/crypt.c: [no log message]
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: --disable-extra-pki works again.
+
+2005-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_cert.c, lib/auth_cert.h, lib/auth_srp.h,
+ lib/gnutls_algorithms.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_priority.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.h,
+ libextra/gnutls_extra.c, libextra/gnutls_extra.h,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h:
+ Changes to make the --disable-* options work again.
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Typo.
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix license header. Mention TLS 1.1 more. Talk
+ about TLS instead of TLS 1.0 in general.
+
+2005-01-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/error.c, gl/gettext.h, gl/m4/alloca.m4,
+ gl/m4/codeset.m4, gl/m4/eoverflow.m4, gl/m4/error.m4,
+ gl/m4/getline.m4, gl/m4/getndelim2.m4, gl/m4/getpass.m4,
+ gl/m4/gettext.m4, gl/m4/glibc21.m4, gl/m4/gnulib.m4,
+ gl/m4/iconv.m4, gl/m4/intdiv0.m4, gl/m4/intmax.m4,
+ gl/m4/intmax_t.m4, gl/m4/inttypes-pri.m4, gl/m4/inttypes.m4,
+ gl/m4/inttypes_h.m4, gl/m4/isc-posix.m4, gl/m4/lcmessage.m4,
+ gl/m4/lib-ld.m4, gl/m4/lib-link.m4, gl/m4/lib-prefix.m4,
+ gl/m4/longdouble.m4, gl/m4/longlong.m4, gl/m4/nls.m4, gl/m4/po.m4,
+ gl/m4/printf-posix.m4, gl/m4/progtest.m4, gl/m4/signed.m4,
+ gl/m4/size_max.m4, gl/m4/snprintf.m4, gl/m4/ssize_t.m4,
+ gl/m4/stdbool.m4, gl/m4/stdint_h.m4, gl/m4/strerror_r.m4,
+ gl/m4/uintmax_t.m4, gl/m4/ulonglong.m4, gl/m4/vasnprintf.m4,
+ gl/m4/wchar_t.m4, gl/m4/wint_t.m4, gl/m4/xsize.m4, gl/size_max.h:
+ Update.
+
+2005-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/anonself.c, tests/chain,
+ tests/openssl.c, tests/pkcs12_neon, tests/simple.c, tests/utils.c,
+ tests/utils.h: Clean up license templates.
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Clean up license templates.
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in, doc/Makefile.am, lib/Makefile.am,
+ lib/gnutls.pc.in, lib/x509/Makefile.am, lib/x509/common.h,
+ lib/x509/compat.h, lib/x509/crq.h, lib/x509/dn.h, lib/x509/dsa.h,
+ lib/x509/extensions.h, lib/x509/mpi.h, lib/x509/pkcs12.h,
+ lib/x509/pkcs7.h, lib/x509/privkey.h, lib/x509/rfc2818.h,
+ lib/x509/sign.h, lib/x509/verify.h, lib/x509/x509.h,
+ libextra/Makefile.am, libextra/gnutls-extra.pc.in,
+ libextra/gnutls_extra.h, libextra/openssl_compat.h: Clean up license
+ templates.
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.pc.in: Clean up license templates.
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/gnutls_int_compat.c: Remove
+ gnutls_int_compat.c (not used).
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/auth_anon.h, lib/auth_cert.h,
+ lib/auth_dh_common.h, lib/auth_srp.h, lib/auth_srp_passwd.h,
+ lib/debug.h, lib/defines.h, lib/ext_cert_type.h,
+ lib/ext_max_record.h, lib/ext_server_name.h, lib/ext_srp.h,
+ lib/gnutls.h.in.in, lib/gnutls_alert.h, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffer.h,
+ lib/gnutls_buffers.h, lib/gnutls_cert.h, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.h,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.h,
+ lib/gnutls_datum.h, lib/gnutls_db.h, lib/gnutls_dh.h,
+ lib/gnutls_errors.h, lib/gnutls_errors_int.h,
+ lib/gnutls_extensions.h, lib/gnutls_global.h,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.h, lib/gnutls_mem.h, lib/gnutls_mpi.h,
+ lib/gnutls_num.h, lib/gnutls_pk.h, lib/gnutls_priority.h,
+ lib/gnutls_random.h, lib/gnutls_record.h, lib/gnutls_rsa_export.h,
+ lib/gnutls_session.h, lib/gnutls_session_pack.h, lib/gnutls_sig.h,
+ lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
+ lib/gnutls_ui.h, lib/gnutls_v2_compat.h, lib/gnutls_x509.h,
+ lib/io_debug.h, lib/strfile.h, lib/x509_b64.c, lib/x509_b64.h: Clean
+ up license templates.
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_anon.h, lib/auth_cert.h, lib/auth_dh_common.h,
+ lib/auth_srp.h, lib/auth_srp_passwd.h, lib/debug.h, lib/defines.h,
+ lib/ext_cert_type.h, lib/ext_max_record.h, lib/ext_server_name.h,
+ lib/ext_srp.h, lib/gnutls_alert.h, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffer.h,
+ lib/gnutls_buffers.h, lib/gnutls_cert.h, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.h,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.h,
+ lib/gnutls_datum.h, lib/gnutls_db.h, lib/gnutls_dh.h,
+ lib/gnutls_errors.h, lib/gnutls_errors_int.h,
+ lib/gnutls_extensions.h, lib/gnutls_global.h,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.h, lib/gnutls_mem.h, lib/gnutls_mpi.h,
+ lib/gnutls_num.h, lib/gnutls_pk.h, lib/gnutls_priority.h,
+ lib/gnutls_random.h, lib/gnutls_record.h, lib/gnutls_rsa_export.h,
+ lib/gnutls_session.h, lib/gnutls_session_pack.h, lib/gnutls_sig.h,
+ lib/gnutls_srp.h, lib/gnutls_state.h, lib/gnutls_str.h,
+ lib/gnutls_ui.h, lib/gnutls_v2_compat.h, lib/gnutls_x509.h,
+ lib/io_debug.h, lib/memmem.h, lib/strfile.h, lib/x509_b64.h: Clean
+ up license templates.
+
+2005-01-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/debug.c, lib/ext_server_name.c: File is LGPL.
+
+2005-01-22 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, includes/gnutls/openpgp.h,
+ includes/gnutls/openssl.h, includes/gnutls/pkcs12.h,
+ includes/gnutls/x509.h: Clean up license templates.
+
+2005-01-22 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
+ libextra/openpgp/privkey.c, libextra/openpgp/xml.c,
+ libextra/openssl_compat.c: Clean up license templates.
+
+2005-01-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c, lib/x509/compat.c, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/dn.c,
+ lib/x509/dsa.c, lib/x509/extensions.c, lib/x509/mpi.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_write.c, lib/x509/xml.c,
+ libextra/gnutls_extra.c, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openssl.c, libextra/openssl_compat.c: Clean up
+ license templates.
+
+2005-01-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_anon.c, lib/auth_cert.c, lib/auth_dh_common.c,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/auth_srp.c, lib/auth_srp_passwd.c, lib/auth_srp_rsa.c,
+ lib/auth_srp_sb64.c, lib/debug.c, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/ext_server_name.c, lib/ext_srp.c,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_compress.c, lib/gnutls_compress_int.c,
+ lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_db.c,
+ lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mpi.c,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_pk.c,
+ lib/gnutls_priority.c, lib/gnutls_random.c, lib/gnutls_record.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_session.c,
+ lib/gnutls_session.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
+ lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_str.c,
+ lib/gnutls_ui.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ lib/x509_b64.c: Clean up license templates.
+
+2005-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, src/certtool.c: some cleanups.
+
+2005-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls.h.in.in,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/mpi.c,
+ lib/x509/mpi.h, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/x509_write.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: introduced
+ gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and
+ gnutls_x509_crl_sign2(). Also added the --hash option to certtool in
+ order to be able to generate certificates signed with different hash
+ algorithms.
+
+2005-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_handshake.c,
+ lib/gnutls_int.h: changed the values of GNUTLS_PK_UNKNOWN and
+ GNUTLS_SIGN_UNKNOWN to zero.
+
+2005-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-01-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_int.h, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/x509.h: Simplified the algorithm to OID
+ and vice versa functions, and added the RSA-RMD160 and the RMD160
+ OID.
+
+2005-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c, lib/x509/dn.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/x509.c: updated documentation
+
+2005-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey_pkcs8.c: [no log message]
+
+2005-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openssl_compat.c: These compatibility functions will no
+ longer show up in the documentation.
+
+2005-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-rescorla-dtls-00.txt,
+ doc/protocol/draft-rescorla-dtls-02.txt: updated dtls draft
+
+2005-01-19 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (ChangeLog): Add --tags.
+
+2005-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c: increased a buffer.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (release): Fix.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.23.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix last commit better.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix client cert callback, to make X.509 client
+ authentication work.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (ChangeLog): Make it more like FSF format.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * .cvscopying: Add.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c, src/errcodes.c: Fix warning.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-01-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/parser_aux.c, lib/minitasn1/structure.c: Sync with
+ libtasn1 0.2.13.
+
+2005-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2005-01-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2005-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-hajjeh-tls-sign-00.txt: Add.
+
+2005-01-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: Fix.
+
+2005-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: added a check in verbose
+ mode to print the HTTPS server's name.
+
+2005-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tls_test.c: [no log message]
+
+2005-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2005-01-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: print RSA and DSA parameters in both certificates
+ and private keys.
+
+2005-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2005-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: (_gnutls_x509_data2hex): Make sure bin2hex will convert entire
+ string first, because bin2hex will not return NULL any longer.
+
+2005-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_constate.c: (_gnutls_set_keys): Use larger buffer, to hold entire hex output.
+ Reported by Michael.Ringe@aachen.utimaco.de.
+
+2005-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_kx.c: (generate_normal_master): Use larger buffer, to hold entire hex
+ output. Reported by Michael.Ringe@aachen.utimaco.de.
+
+2005-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2005-01-07 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_str.c: (_gnutls_bin2hex): Return truncated string instead of NULL, to make
+ it easier to use directly as a parameter to printf. Reported by
+ Michael.Ringe@aachen.utimaco.de.
+
+2005-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2005-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2005-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2005-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/dn.c: (_gnutls_x509_parse_dn): Return buffer size, not string size, in
+ *sizeof_buf. Reported by Martin Lambers <marlam@web.de>.
+
+2005-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: Add gtk-doc URLs.
+
+2005-01-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: Fix gtk-doc stuff.
+
+2004-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc3546bis-00.txt: Add.
+
+2004-12-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2004-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: Update.
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/tests/.cvsignore: [no log message]
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/Makefile.am, nettle/tests/md2-test.c: Add MD2.
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/Makefile.am, nettle/md2-meta.c, nettle/md2.c,
+ nettle/md2.h, nettle/md5-compat.c, nettle/md5-compat.h,
+ nettle/tests/Makefile.am, nettle/tests/md5-compat-test.c: Remove
+ md5-compat (not used).
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, crypto/gc.h: Add MD2 support, tiny patch
+ from Martin Kostner.
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/.cvsignore: [no log message]
+
+2004-12-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/alloca_.h, gl/progname.c, gl/progname.h: Update.
+
+2004-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-05.txt: Add.
+
+2004-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: [no log message]
+
+2004-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/pkcs12.c: [no log message]
+
+2004-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: [no log message]
+
+2004-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: corrected bug in gnutls_x509_set_time()
+
+2004-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: some additions for certtool
+
+2004-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/gnutls.texi: added documentation for the export/import to
+ pkcs3 and pkcs1 formats for RSA and DH parameters.
+
+2004-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509/verify.c, libextra/gnutls_openssl.c,
+ src/certtool.c: Corrected bugs found by Marcin Garski
+ <mgarski@post.pl>
+
+2004-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-14 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Fix.
+
+2004-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-kerb-01.txt: Add.
+
+2004-12-09 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-09.txt: Add.
+
+2004-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-07 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-07.txt: Add.
+
+2004-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/pkix_asn1_tab.c, lib/x509/verify.c: The certificate
+ chain verification function now checks certificates in the reverse
+ order to minimize the resources spent. This has not be thoroughtly
+ tested.
+
+2004-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-04.txt: Add.
+
+2004-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/dn.c: corrected bug in parse_dn_oid(). Traced and
+ reported by Pelle Johansson.
+
+2004-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-23 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rfc3943.txt: Add.
+
+2004-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-19 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_ui.c: Doc fix.
+
+2004-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-17 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2004-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-03.txt: Add.
+
+2004-11-16 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2004-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/parser_aux.c, lib/minitasn1/structure.c: updated to
+ the new libtasn1.
+
+2004-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/extensions.c: [no log message]
+
+2004-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/extensions.c: corrected CRL dist points handling.
+
+2004-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/extensions.c: corrected a sigsegv when writing CRL
+ distribution points. It does not work properly though.
+
+2004-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-08 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-11-08 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Make private key optional in --to-p12, suggested
+ by Fabian Fagerholm <fabbe@paniq.net>.
+
+2004-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc.h: Cleanup. Add PKs.
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.22.
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/Makefile.am: Need minitasn1 -I's.
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getpass.c, gl/m4/getpass.m4: Update.
+
+2004-11-04 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add link to PGP key.
+
+2004-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Forgot a source file.
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Remove leftovers.
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/.cvsignore: Fix.
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am, libextra/opencdk/Makefile.am,
+ libextra/openpgp/Makefile.am: Use convenience libraries for openpgp/
+ and opencdk/.
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Use LDFLAGS instead of LIBADD, for
+ $(LIBTASN1_LIBS).
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Simplify.
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Need libtasn1 for libgnutls-openssl.
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am: Add -I for alloca.h in gl (why wasn't
+ this needed before?).
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-11-03 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/.cvsignore: [no log message]
+
+2004-10-31 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls.types: Remove.
+
+2004-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c, lib/minitasn1/errors.c,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c: GTK-DOC fixes.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/openpgp.h: GTK-DOC fixes.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/crl.c, lib/x509/x509_write.c: Doc fix.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/structure.c: GTK-DOC fix.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Editorial fixes.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * src/errcodes.c: Fix.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: No need for libgnutls-extra.vers.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Need libgc.la for libgnutls_openssl.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Add openssl self test.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/openssl.c: Add.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/openssl.h: Declare MD_CTX. Add MD5_DIGEST_LENGTH.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_openssl.c: Remove MD_CTX (should never have been
+ here).
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: Port openssl
+ glue to generic crypto API.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * tests/simple.c: Fix.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Recurse into minitasn1/.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Remove libgnutls.vers.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Use AM_CPPFLAGS instead of obsoleted INCLUDES.
+ Use only one of -Iminitasn1 or $(LIBTASN1_CFLAGS), depending on
+ ENABLE_MINITASN1. Link with minitasn1/libminitasn1.la, instead of
+ building files here. Don't use $(LIBTASN1_LIBS) unless
+ ENABLE_MINITASN1.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am: Build library in this directory.
+
+2004-10-30 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Put .la libraries in LIBADD, not LDFLAGS, as
+ recommended.
+
+2004-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/x509/Makefile.am: Build x509 files inside
+ x509/, to avoid scattering *.o and *.lo for every file in x509/ in
+ lib/.
+
+2004-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf: Fix.
+
+2004-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Remove SERV_LIBS (not used).
+
+2004-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use AS_HELP_STRING. Remove SERV_LIBS (unused).
+ Various indentation and cleanup.
+
+2004-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2004-10-29 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in, lib/Makefile.am, lib/libgnutls.vers,
+ libextra/Makefile.am, libextra/libgnutls-extra.vers: Replace GNU LD
+ version script with Libtool -export-symbols-regex, tiny patch from
+ Joe Orton <joe@manyfish.co.uk>.
+
+2004-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/errors.h, lib/minitasn1/errors_int.h,
+ lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: Doc fixes,
+ from Martijn Koster <mak@greenhills.co.uk>.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/structure.c: GTK-DOC fix.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/ext_server_name.c, lib/gnutls_alert.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_db.c, lib/gnutls_handshake.c,
+ lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_session.c,
+ lib/gnutls_srp.c, lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/gnutls_x509.c, lib/minitasn1/structure.c,
+ libextra/gnutls_openpgp.c: Doc fix.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Reenable --sgml-mode.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Change struct-marker & to #, to align with
+ modern GTK-DOC. Improve texinfo and man output.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_int.h, lib/gnutls_ui.h, libextra/gnutls_openpgp.c,
+ libextra/minilzo.c, libextra/openpgp/gnutls_openpgp.h, src/serv.c:
+ Indent.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
+ lib/auth_srp_passwd.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/ext_srp.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_auth.h, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress_int.c, lib/gnutls_constate.c,
+ lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_db.c,
+ lib/gnutls_db.h, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_kx.h, lib/gnutls_mem.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_random.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c, lib/gnutls_session.h,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/memmem.c, lib/memmem.h,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/compat.c,
+ lib/x509/compat.h, lib/x509/crl.c, lib/x509/crl_write.c,
+ lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/dsa.h, lib/x509/extensions.c, lib/x509/extensions.h,
+ lib/x509/mpi.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs7.c,
+ lib/x509/pkcs7.h, lib/x509/privkey.c, lib/x509/privkey.h,
+ lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/verify.c, lib/x509/verify.h, lib/x509/x509.c,
+ lib/x509/x509.h, lib/x509/x509_write.c, lib/x509_b64.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openssl.c, libextra/lzoconf.h, libextra/minilzo.c,
+ libextra/minilzo.h, libextra/openpgp/compat.c,
+ libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/openpgp.h, libextra/openpgp/pgpverify.c,
+ libextra/openssl_compat.c, libextra/openssl_compat.h,
+ src/certtool-cfg.h, src/certtool.c, src/common.c, src/common.h,
+ src/list.h, src/serv.c, src/tests.c, src/tests.h: Indent.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Add indent target.
+
+2004-10-28 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am: Update.
+
+2004-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf: Mention --enable-gtk-doc.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix release target for new GTK-DOC.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.21.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf: Run gtkdocize.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/.cvsignore: Rewrite.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.tmpl: Remove.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am, doc/reference/gnutls-docs.sgml: Add
+ opencdk and libtasn1 to GTK-DOC manual.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Rewrite, GTK-DOC from CVS (plus
+ patches) seem to work reasonably well now.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls-docs.sgml: Add.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/common.c: Make it compile.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Dist *.p12.
+
+2004-10-27 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/.cvsignore: [no log message]
+
+2004-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12_encr.c: allow for NULL and empty passwords in
+ pkcs12 string to key
+
+2004-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12_encr.c: [no log message]
+
+2004-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12_encr.c, lib/x509/privkey_pkcs8.c: [no log message]
+
+2004-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: some minor fixes.
+
+2004-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Move LIBS (i.e., -lz) to end of LIBGNUTLS_LIBS, to
+ fix libgnutls*-config --libs output, reported by Yoann
+ Vandoorselaere <yoann@prelude-ids.org>.
+
+2004-10-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Revert to my own Makefile.am for now.
+
+2004-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Resign PGP key.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Fix.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Fix.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Rewrite, align with upstream
+ recommendations.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/gnutls.types: Add.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am, tests/pkcs12_neon: Add. Test vectors from Joe
+ Orton <joe@manyfish.co.uk>, by permission
+ (<20041024155032.GB26275@manyfish.co.uk>).
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_x509.c: (gnutls_certificate_set_x509_trust): Fix memory bug, tiny patch by
+ Aleix Conchillo Flaque <aleix@member.fsf.org>.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/.cvsignore, libextra/.cvsignore: [no log message]
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, configure.in, lib/Makefile.am, lib/gnutls.pc.in,
+ libextra/Makefile.am, libextra/gnutls-extra.pc.in: Add pkg-config
+ meta files, suggested by Stéphane LOEUILLET
+ <stephane.loeuillet@tiscali.fr>.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Generated.
+
+2004-10-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, lib/libgnutls-config.in,
+ libextra/libgnutls-extra-config.in: Add parameter --la-file to
+ libgnutls-config and libgnutls-extra-config, tiny patch contributed
+ by Joe Orton <joe@manyfish.co.uk>.
+
+2004-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: print teletex strings if they contain only
+ ASCII characters.
+
+2004-10-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/dn.c: corrected bug in _gnutls_x509_get_dn_oid().
+
+2004-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/common.c: [no log message]
+
+2004-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/dn.c,
+ lib/x509/dn.h: print the hex value of the name in certificates with
+ unknown character sets.
+
+2004-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/rfc2253.txt: added the LDAP string rfc.
+
+2004-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, src/certtool.c: some fixes
+
+2004-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsusers, AUTHORS: [no log message]
+
+2004-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, lib/x509/common.c: Increased the
+ precision in ASN.1 time to seconds from minutes. In certificate
+ names disallow non UTF8 strings such as UCS-2 and UCS-4.
+
+2004-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2004-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.20.
+
+2004-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump versions.
+
+2004-10-12 Simon Josefsson <simon@josefsson.org>
+
+ * gl/getpass.c, gl/snprintf.c, gl/snprintf.h: Update gnulib.
+
+2004-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.19.
+
+2004-10-07 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: (HIGNORE): Add.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Look for memmem, for lib/memmem.c test.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.cvsignore: [no log message]
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/alloca_.h, gl/asnprintf.c,
+ gl/m4/alloca.m4, gl/m4/eoverflow.m4, gl/m4/gnulib.m4,
+ gl/m4/intmax_t.m4, gl/m4/snprintf.m4, gl/m4/vasnprintf.m4,
+ gl/printf-args.c, gl/printf-args.h, gl/printf-parse.c,
+ gl/printf-parse.h, gl/snprintf.c, gl/snprintf.h, gl/vasnprintf.c,
+ gl/vasnprintf.h, gl/xsize.h: Add GNULib module, for missing snprintf
+ on OSF1 V4.0, reported by Yoann Vandoorselaere
+ <yoann@prelude-ids.org>. Note that lib/ does not yet use it.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h, lib/gnutls_ui.h: (gnutls_certificate_verify_peers): Fix prototype.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h: Fix warning.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Don't use exit.h (not needed, EXIT_* is C89).
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * gl/exit.h, gl/m4/extensions.m4, gl/m4/gnulib.m4,
+ gl/m4/unlocked-io.m4: Update Gnulib.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/memmem.m4,
+ gl/memmem.c, gl/memmem.h, lib/Makefile.am, lib/memmem.c,
+ lib/memmem.h: Don't link to gnulib in lib/ until issues are solved
+ (see bug-gnulib). Move memmem from gl/ to lib/, since it is the
+ only gnulib module lib/ needs.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-10-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/error.c, gl/getndelim2.c,
+ gl/getpass.c, gl/m4/gnulib.m4, gl/m4/memmem.m4, gl/m4/memstr.m4,
+ gl/memmem.c, gl/memmem.h, gl/memstr.c, gl/memstr.h,
+ gl/unlocked-io.h, lib/defines.h, lib/gnutls_x509.c, lib/x509_b64.c:
+ Update Gnulib. Replace memstr with memmem, see continued discussion
+ on bug-gnulib.
+
+2004-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-10-04 Simon Josefsson <simon@josefsson.org>
+
+ * : Add.
+
+2004-10-01 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/compat.h: (gnutls_certificate_verify_peers): Add.
+
+2004-09-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-30 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/memstr.m4,
+ gl/m4/strnstr.m4, gl/memstr.c, gl/memstr.h, gl/strnstr.c,
+ gl/strnstr.h, lib/defines.h, lib/gnutls_x509.c, lib/x509_b64.c:
+ Replace strnstr with memstr. See discussion on bug-gnulib list.
+
+2004-09-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Link with gnulib. Currently only minmax.h and
+ strnstr are used, which are under LGPL. The license templates in
+ gl/ will be fixed as soon as gnulib-tool support combined GPL/LGPL
+ projects.
+
+2004-09-29 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/m4/strnstr.m4,
+ gl/minmax.h, gl/progname.c, gl/progname.h, gl/strnstr.c,
+ gl/strnstr.h, lib/Makefile.am, lib/defines.h, lib/strnstr.c: Use
+ strnstr from gnulib. Gnulib sync.
+
+2004-09-26 Simon Josefsson <simon@josefsson.org>
+
+ * gl/minmax.h: Use version from Lesser GNULib.
+
+2004-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2004-09-21 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am, libextra/opencdk/main.c: Use gnulib getpass
+ in opencdk.
+
+2004-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-rfc2818.c: Fix.
+
+2004-09-19 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-rfc2818.c, doc/gnutls.texi: Add.
+
+2004-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am, src/Makefile.am: Fix objdir != srcdir in -I,
+ reported by "Gerrit P. Haase" <gp@familiehaase.de>.
+
+2004-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Fix objdir != srcdir in -I, reported by "Gerrit
+ P. Haase" <gp@familiehaase.de>.
+
+2004-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2004-09-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/Makefile.am: Fix objdir != srcdir in -I, reported by
+ "Gerrit P. Haase" <gp@familiehaase.de>.
+
+2004-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-11 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-09-10 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: (load_cert): Fix crash in `certtool --to-p12 --load-privkey foo'.
+
+2004-09-09 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: Sync with libtasn1 0.2.11.
+
+2004-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * : New version, solve the S/MIME bugs I reported. Downloaded from
+ http://csrc.nist.gov/pki/testing/x509paths.html on 2004-09-03 with
+ SHA1 ada0f267e0ff4eb16a0e19964cf518a833f00093.
+
+2004-09-02 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2004-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2004-08-31 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cert.c, lib/x509/x509.c: Fix mem leak (tiny patch).
+ From Simon Posnjak <simon.posnjak@cetrtapot.si>.
+
+2004-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-27 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_state.c: Typo.
+
+2004-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-26 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-srp-08.txt: Add.
+
+2004-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Update.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, lib/gnutls.h.in.in: Move remaining SRP
+ functions to lib/.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, lib/gnutls_anon_cred.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h: Doc fix.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, lib/gnutls_alert.c,
+ libextra/gnutls_extra.c, libextra/gnutls_openpgp.c: Doc fix.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/Makefile.am: Hack to fix texinfo docs.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/extra.h, libextra/gnutls_openpgp.c: Fix
+ prototypes.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Add.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (release): Copy gtk-doc.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_global.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h: Fix prototypes.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/Makefile.am: Clean more.
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_ui.h,
+ lib/x509/pkcs12.c, lib/x509/privkey.c: Fix prototypes. (Unfinished,
+ there should be a tool to do this...)
+
+2004-08-25 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-psk-01.txt: Add.
+
+2004-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO, doc/protocol/draft-badra-tls-express-00.txt,
+ doc/protocol/draft-salowey-tls-ticket-00.txt: Add.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, configure.in: Bump version.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.18.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/arctwo-meta.c, nettle/arctwo.c, nettle/arctwo.h,
+ nettle/des-compat.c, nettle/des-compat.h, nettle/macros.h,
+ nettle/nettle-meta.h, nettle/tests/arctwo-test.c,
+ nettle/tests/des-compat-test.c, nettle/tests/md5-test.c,
+ nettle/tests/testutils.c: Sync Nettle with CVS.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/Makefile.am: Build libnettle.la before self tests.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, nettle/Makefile.am, nettle/knuth-lfib.c,
+ nettle/knuth-lfib.h, nettle/tests/.cvsignore,
+ nettle/tests/Makefile.am, nettle/tests/aes-test.c,
+ nettle/tests/arcfour-test.c, nettle/tests/arctwo-test.c,
+ nettle/tests/cbc-test.c, nettle/tests/des-compat-test.c,
+ nettle/tests/des-test.c, nettle/tests/des3-test.c,
+ nettle/tests/hmac-test.c, nettle/tests/knuth-lfib-test.c,
+ nettle/tests/md4-test.c, nettle/tests/md5-compat-test.c,
+ nettle/tests/md5-test.c, nettle/tests/run-tests,
+ nettle/tests/sha1-test.c, nettle/tests/testutils.c,
+ nettle/tests/testutils.h: Add Nettle self tests.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/README.CVS: Add.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * doc/reference/.cvsignore: [no log message]
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * m4/gtk-doc.m4: Update.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, doc/Makefile.am, doc/README.CVS,
+ doc/reference/.cvsignore, doc/reference/Makefile.am,
+ doc/reference/gnutls-docs.tmpl, m4/gtk-doc.m4: Generate GTK-DOC
+ manuals (libextra/openpgp/ part doesn't work yet).
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_algorithms.c: Make gtk-doc happy.
+
+2004-08-24 Simon Josefsson <simon@josefsson.org>
+
+ * includes/gnutls/openssl.h, lib/gnutls.h.in.in: Make gtk-doc happy.
+
+2004-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * src/cfg/platon/str/strdyn.c: Fix. Reported by Dimitri
+ Papadopoulos-Orfanos <papadopo@shfj.cea.fr>.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Check for ctype.h to shut up Sun CC warnings in
+ src/cfg/shared.c. Reported by Dimitri Papadopoulos-Orfanos
+ <papadopo@shfj.cea.fr>.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chain: Fix.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkits: Add.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/arctwo-meta.c, nettle/arctwo.c, nettle/arctwo.h,
+ nettle/macros.h, nettle/nettle-meta.h: Update.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: ISO certify.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * m4/gc_random.m4: Fix.
+
+2004-08-23 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, m4/gc_random.m4: Move /dev/*random stuff to separate
+ m4 file.
+
+2004-08-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * AUTHORS: Add copying conditions, and PGP release key.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * README, THANKS: Add copying conditions.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add copying conditions. Markup.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkits_pkcs12, tests/pkits_smime: Typo.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/int.h: Bump version.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Remove stale -I.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/libtasn1.h: Bump version.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Need newer libtasn1.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/minitasn1/decoding.c: Only apply BER indefinite logic when we
+ have actually encountered BER indefinite lengths. Pending upstream
+ review. Triggered by PKITS test case
+ pkcs12/CPSPointerQualifierTest20EE.p12 (and others) as invoked by
+ tests/pkits_pkcs12.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkits_crl, tests/pkits_crt, tests/pkits_pkcs12,
+ tests/pkits_smime: Fix.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: (print_certificate_info): Don't crash on large X.509 extensions
+ (thanks to PKITS test suite). Also output ASCII representation of
+ printable extension data (some extension contain humanly readable
+ strings).
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkits_crl, tests/pkits_crt, tests/pkits_smime: Add.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: (smime_to_pkcs7): Make sure PKCS#7 output use LF EOL.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * tests/pkits_pkcs12: Add.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: (smime_to_pkcs7): Handle LF EOF.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Fix --password.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * : Add NIST's Public Key Interoperability Test Suite. Taken from
+ <http://csrc.nist.gov/pki/testing/x509paths.html>.
+ c8b1230c34f175f0fe479692e65c7ecc04117dfc PKITS_data.zip
+ e823aa3a8ece752aa7211153312b364dc578e789 PKITS.pdf
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Handle different #include's for PKCS12
+ functions.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * .cvsignore: [no log message]
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Want gzip too.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in: Use bz2.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/scripts/gdoc: Support -include.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Add man pages for lib/x509/, libextra/,
+ and libextra/openpgp/.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Add man pages for API.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/.cvsignore: [no log message]
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h,
+ crypto/test-gc.c: Mem alloca stuff for libgcrypt. Indent.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/.cvsignore, crypto/Makefile.am, crypto/test-gc.c,
+ crypto/utils.c, crypto/utils.h: Add self test of generic crypto.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/pkcs5.c: Doc fix.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls.h.in.in: Revert ssize_t change.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls.h.in.in: Assume POSIX system (which we
+ already do), so it has ssize_t. Redefining ssize_t locally, if it
+ doesn't exist, already handled by gnulib.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Simplify further.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Simplify further.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Move things from EXTRA_DIST, to improve
+ dependency tracking.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Move things from EXTRA_DIST to *_SOURCES, to
+ improve dependency tracking. Simplify.
+
+2004-08-22 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c: Fix warnings.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-nettle.c: Add checks.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/x509/Makefile.am: Remove pkcs5.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs5.c, lib/x509/pkcs5.h, lib/x509/privkey_pkcs8.c:
+ Replace PKCS5 with GC.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/Makefile.am, crypto/gc.h, crypto/pkcs5.c: Add pkcs5 stuff,
+ replacing lib/x509/pkcs5.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc.h: Typo.
+
+2004-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: (gc_hmac_sha1): Add (for PKCS5 KDF).
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-nettle.c, nettle/arctwo-meta.c, nettle/arctwo.c,
+ nettle/arctwo.h, nettle/nettle-meta.h: Change name of arctwo variant
+ from 'pkcs12' to 'gutmann'. Seems PKCS12 code uses pure rfc 2268
+ (who uses the variant then?!).
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/rrc2.doc: Add.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/arctwo.c: Typo.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/arctwo.c: Support plain RFC 2268 too.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2004-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey.c: Corrected a memory leak. Patch got from debian
+ bug report logs. Reported by Modestas Vainius
+ <geromanas@mailas.com>.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/arctwo.c: Fix.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/arctwo.c: Fix.
+
+2004-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: corrected bug with generalTime ASN.1 encoding.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-nettle.c, nettle/Makefile.am, nettle/arctwo-meta.c,
+ nettle/arctwo.c, nettle/arctwo.h, nettle/nettle-meta.h: Add arctwo.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc.h: (GC_SHA1_LEN): Add.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs12_encr.c: Fix.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/pkcs12_encr.c: Use gc.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: (gc_hash_buffer): Add.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chain: Cleanup.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chain: Add CRL's.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, tests/Makefile.am, tests/anonself.c: Add.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add examples.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/.cvsignore: [no log message]
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client2.c, doc/examples/ex-serv1.c: Doc fix.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-client1.c, doc/examples/ex-serv-anon.c: Add.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Markup.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Enable gnits in automake.
+
+2004-08-21 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Allow AC_PROG_CC to modify CFLAGS (why not?). Don't
+ check for install (handled by automake).
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Simplify shared library versioning.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/gnutls_extra.c: Use automake VERSION.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am, libextra/opencdk/armor.c: Fix version
+ number.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: Use automake VERSION instead of
+ GNUTLS_VERSION.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Use modern AC_INIT. Remove GNUTLS_*VERSION.
+ Separate libtool versioning from package versioning.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Remove, all are dist'ed by automake automatically.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/defines.h: Remove size_t, time_t, ptrdiff_t definitions.
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Assume time_t and ptrdiff_t (ANSI C89).
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.h.in.in: Assume time_t is in time.h (ANSI C89).
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/gnutls.h.in.in: Assume size_t is in stddef.h
+ (C89).
+
+2004-08-20 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: (T_CPU, T_VENDOR, T_OS): Remove (unused).
+
+2004-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.17.
+
+2004-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix, suggested by Stepan Kasal <kasal@ucw.cz>.
+
+2004-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_mpi.h: Reorder, to get config.h included before
+ gcrypt.h.
+
+2004-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Revert.
+
+2004-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix example indentation.
+
+2004-08-18 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/Makefile.am: Don't dist nettle-types.h.
+
+2004-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-17 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: Add
+ one-call interface.
+
+2004-08-17 Simon Josefsson <simon@josefsson.org>
+
+ * src/cli.c: Fix mem leak.
+
+2004-08-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_pk.c: Typo.
+
+2004-08-17 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS: Add.
+
+2004-08-17 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_pk.c: Simplify computation of PKCS#1 version 1.5 type 2
+ non-zero pad bytes, reported by Robey Pointer <robey@danger.com>.
+
+2004-08-17 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/m4/gnulib.m4, gl/minmax.h,
+ lib/Makefile.am, lib/auth_srp_passwd.c, lib/ext_srp.c,
+ lib/gnutls_buffers.c, lib/gnutls_num.h, lib/gnutls_pk.c,
+ lib/gnutls_str.c, lib/x509/dn.c, lib/x509/pkcs12.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
+ libextra/Makefile.am: Use minmax.h from gnulib instead of GMIN/GMAX.
+
+2004-08-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Oops, revert DES, not supported.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * src/common.c: Support AES-256 and DES in --ciphers too.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, README: Fix.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * README: Add.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h: Indent.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-nettle.c: Fix.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, crypto/gc-nettle.c, crypto/gc.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: Move hashing to
+ generic crypto API. Implement hashing for nettle/libgcrypt in
+ generic crypto API.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, crypto/gc-libgcrypt.c, crypto/gc-nettle.c,
+ crypto/gc.h, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_random.c, lib/gnutls_random.h: Move randomness calls to
+ generic crypto API. Implement randomness for libgcrypt and nettle
+ wrappers.
+
+2004-08-16 Simon Josefsson <simon@josefsson.org>
+
+ * gl/Makefile.am, gl/m4/gnulib.m4: Update.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-nettle.c: Doc fix.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Typo.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-nettle.c: Implement.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c: Reorder.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc.h: Add.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * nettle/nettle-meta.h: Add des(3).
+
+2004-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in, crypto/gc-nettle.c,
+ m4/ax_create_stdint_h.m4, nettle/.cvsignore, nettle/Makefile.am,
+ nettle/aes-decrypt-table.c, nettle/aes-decrypt.c,
+ nettle/aes-encrypt-table.c, nettle/aes-encrypt.c,
+ nettle/aes-internal.h, nettle/aes-meta.c,
+ nettle/aes-set-decrypt-key.c, nettle/aes-set-encrypt-key.c,
+ nettle/aes.c, nettle/aes.h, nettle/arcfour-crypt.c,
+ nettle/arcfour-meta.c, nettle/arcfour.c, nettle/arcfour.h,
+ nettle/cbc.c, nettle/cbc.h, nettle/des-compat.c,
+ nettle/des-compat.h, nettle/des.c, nettle/des.h, nettle/des3.c,
+ nettle/desCode.h, nettle/descore.README, nettle/desinfo.h,
+ nettle/hmac-md5.c, nettle/hmac-sha1.c, nettle/hmac.c,
+ nettle/hmac.h, nettle/keymap.h, nettle/macros.h,
+ nettle/md5-compat.c, nettle/md5-compat.h, nettle/md5-meta.c,
+ nettle/md5.c, nettle/md5.h, nettle/memxor.c, nettle/memxor.h,
+ nettle/nettle-internal.c, nettle/nettle-internal.h,
+ nettle/nettle-meta.h, nettle/parity.h, nettle/rotors.h,
+ nettle/sha.h, nettle/sha1-compress.c, nettle/sha1-meta.c,
+ nettle/sha1.c: Add Nettle.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * crypto/gc-libgcrypt.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_global.c: Fix warnings.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_cipher_int.c: Fix.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in, crypto/.cvsignore, crypto/Makefile.am,
+ crypto/gc-libgcrypt.c, crypto/gc.h, lib/Makefile.am,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_mpi.h,
+ libextra/Makefile.am: Initiate move of all libgcrypt calls to
+ crypto/gc* wrapper. Currently only encryption/decryption goes
+ through generic API.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (release): Fix tag name.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/getpass.c, gl/getpass.h,
+ gl/m4/getpass.m4, gl/m4/gnulib.m4, gl/m4/stdbool.m4, gl/stdbool_.h,
+ src/Makefile.am, src/certtool-cfg.c, src/certtool.c, src/crypt.c,
+ src/getpass.c, src/getpass.h: Replace ad-hoc 'read_pass' with gnulib
+ module 'getpass-gnu'.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Improve markup.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/errcodes.c: Fix.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Use @finalout, to avoid ugly black boxes.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fixes.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c: Indent.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (release): Abort if tag exists.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (release): Fix tag name.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.16.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.cvsignore: [no log message]
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool.c: Use progname.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/progname.c, gl/progname.h: Add
+ progname gnulib module.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Fix -I's, for srcdir != objdir builds (e.g.,
+ 'make distcheck').
+
+2004-08-15 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, lib/Makefile.am, libextra/Makefile.am,
+ src/Makefile.am: Fix -I's, for srcdir != objdir builds (e.g., 'make
+ distcheck').
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am: Link gnulib.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (release): Fix.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.15.
+
+2004-08-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Reorder.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * config.rpath: Add, needed by gnulib. When we support gettext,
+ this will be generated.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h: Generated.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, src/Makefile.am, src/certtool.c, src/certtool.gaa: Add
+ --smime-to-p7.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, gl/Makefile.am, gl/error.c, gl/error.h, gl/exit.h,
+ gl/gettext.h, gl/m4/codeset.m4, gl/m4/error.m4, gl/m4/gettext.m4,
+ gl/m4/glibc21.m4, gl/m4/gnulib.m4, gl/m4/iconv.m4,
+ gl/m4/intdiv0.m4, gl/m4/intmax.m4, gl/m4/inttypes-pri.m4,
+ gl/m4/inttypes.m4, gl/m4/inttypes_h.m4, gl/m4/isc-posix.m4,
+ gl/m4/lcmessage.m4, gl/m4/lib-ld.m4, gl/m4/lib-link.m4,
+ gl/m4/lib-prefix.m4, gl/m4/longdouble.m4, gl/m4/longlong.m4,
+ gl/m4/nls.m4, gl/m4/po.m4, gl/m4/printf-posix.m4,
+ gl/m4/progtest.m4, gl/m4/signed.m4, gl/m4/size_max.m4,
+ gl/m4/stdint_h.m4, gl/m4/strerror_r.m4, gl/m4/uintmax_t.m4,
+ gl/m4/ulonglong.m4, gl/m4/wchar_t.m4, gl/m4/wint_t.m4,
+ gl/m4/xsize.m4: Add error and exit gnulib modules.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * gl/.cvsignore: [no log message]
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add gl/Makefile.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Recurse into gl/.
+
+2004-08-14 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, configure.in, gl/Makefile.am, gl/getline.c,
+ gl/getline.h, gl/getndelim2.c, gl/getndelim2.h,
+ gl/m4/extensions.m4, gl/m4/getline.m4, gl/m4/getndelim2.m4,
+ gl/m4/gnulib.m4, gl/m4/onceonly_2_57.m4, gl/m4/ssize_t.m4,
+ gl/m4/unlocked-io.m4, gl/unlocked-io.h: Set up GnuTLS to use gnulib
+ for portability files. Initially only adding "getline", I will need
+ it for S/MIME parsing.
+
+2004-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chain: Be nicer.
+
+2004-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/.cvsignore: [no log message]
+
+2004-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * tests/chain: Add.
+
+2004-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-badra-tls-key-exchange-00.txt: Add.
+
+2004-08-12 Simon Josefsson <simon@josefsson.org>
+
+ * : Add NIST X.509 Path Validation Test Suite, Version 1.07. See
+ http://csrc.nist.gov/pki/testing/x509paths_old.html. Taken from
+ http://csrc.nist.gov/pki/testing/x509tests.tgz, with MD5sum
+ 5e6c15b7920e33a3e171258828c980f5.
+
+2004-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-08.txt: Add.
+
+2004-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Typo.
+
+2004-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix direntry.
+
+2004-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-11 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/gnutls-cli.1: Update.
+
+2004-08-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * m4/autobuild.m4: Update.
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/opencdk/keyserver.c: Need sys/types.h, for FreeBSD 4.10.
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: (release): Remove ChangeLog stuff.
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: If socklen_t doesn't exist, use size_t (needed for
+ Darwin).
+
+2004-08-10 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Add.
+
+2004-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-09 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Move AB_INIT to where it actually works.
+
+2004-08-09 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.14.
+
+2004-08-09 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Add release target.
+
+2004-08-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, THANKS, configure.in, m4/autobuild.m4: Add.
+
+2004-08-09 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Add.
+
+2004-08-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * THANKS: Add.
+
+2004-08-07 Simon Josefsson <simon@josefsson.org>
+
+ * tests/Makefile.am: Typo, reported by Michael Heironimus
+ <mkh01@earthlink.net>.
+
+2004-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-06 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Terminology consistency.
+
+2004-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * tests/simple.c: Fix warning.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am, lib/x509/Makefile.am, libextra/Makefile.am,
+ libextra/openpgp/Makefile.am: Remove *.tex stuff.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/manpages/Makefile.am: Simplify.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am, src/retcodes.c: Remove retcodes.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Fix last commit.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, doc/Makefile.am, doc/examples/Makefile.am,
+ doc/examples/ex-alert.c, doc/examples/ex-cert-select.c,
+ doc/examples/ex-client-resume.c, doc/examples/ex-client-srp.c,
+ doc/examples/ex-client2.c, doc/examples/ex-crq.c,
+ doc/examples/ex-pkcs12.c, doc/examples/ex-serv-export.c,
+ doc/examples/ex-serv-pgp.c, doc/examples/ex-serv-srp.c,
+ doc/examples/ex-serv1.c, doc/examples/ex-session-info.c,
+ doc/examples/ex-verify.c, doc/examples/ex-x509-info.c,
+ doc/scripts/Makefile.am, doc/scripts/sort1.pl, doc/tex/.cvsignore,
+ doc/tex/Makefile.am, doc/tex/alert.tex, doc/tex/appendix.tex,
+ doc/tex/auth.tex, doc/tex/callbacks.tex, doc/tex/cert_auth.tex,
+ doc/tex/certificate.tex, doc/tex/ciphers.tex,
+ doc/tex/ciphersuites.tex, doc/tex/compression.tex,
+ doc/tex/cover.tex.in, doc/tex/errors.tex, doc/tex/ex-alert.tex,
+ doc/tex/ex-cert-select.tex, doc/tex/ex-client-resume.tex,
+ doc/tex/ex-client-srp.tex, doc/tex/ex-client2.tex,
+ doc/tex/ex-crq.tex, doc/tex/ex-pkcs12.tex,
+ doc/tex/ex-serv-export.tex, doc/tex/ex-serv-pgp.tex,
+ doc/tex/ex-serv-srp.tex, doc/tex/ex-serv1.tex,
+ doc/tex/ex-session-info.tex, doc/tex/ex-verify.tex,
+ doc/tex/ex-x509-info.tex, doc/tex/examples.tex, doc/tex/fdl.tex,
+ doc/tex/funcs.tex, doc/tex/gnutls-logo.ps, doc/tex/gnutls.bib,
+ doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/howto.tex,
+ doc/tex/internals.eps, doc/tex/layers.eps, doc/tex/layers.tex,
+ doc/tex/library.tex, doc/tex/macros.tex, doc/tex/memory.tex,
+ doc/tex/openssl.tex, doc/tex/pgp-fig1.eps, doc/tex/pgpcert.xml.tex,
+ doc/tex/preface.tex, doc/tex/preparation.tex, doc/tex/programs.tex,
+ doc/tex/record.tex, doc/tex/record_weaknesses.tex, doc/tex/srp.tex,
+ doc/tex/supported_ciphersuites.tex, doc/tex/tls_extensions.tex,
+ doc/tex/tlsintro.tex, doc/tex/translayer.tex, doc/tex/x509-1.eps,
+ doc/tex/x509cert.xml.tex: Remove old manual.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in, doc/gnutls.texi: Fix copyright.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf, doc/README.CVS: Revert.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/TODO: Done.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/README.CVS: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Save gnutls.bib.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix deps.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Reorder.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix HTML.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gendocs.sh, doc/gendocs_template, doc/gnutls-logo.eps: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add logo.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix image size.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Fix deps.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Build more. Dist ps/pdf/html.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * : Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/.cvsignore: [no log message]
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/gnutls.texi, doc/scripts/sort2.pl: Add
+ Texinfo API documentation.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/openpgp/Makefile.am: Build pgp-api.texi. Dist
+ pgp-api.tex{,i}.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/.cvsignore, lib/.cvsignore, lib/x509/.cvsignore,
+ libextra/.cvsignore, libextra/openpgp/.cvsignore: [no log message]
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * libextra/Makefile.am: Build gnutls-extra-api.texi.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/Makefile.am: Build gnutls-api.texi.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/x509/Makefile.am: Build x509-api.texi.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls.h.in.in: (gnutls_is_secure_function): Add. (gnutls_global_set_mem_functions): Use it.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_global.c: (gnutls_global_set_mem_functions): Use typedefs in prototype, for
+ gdoc.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * lib/gnutls_mem.h: (gnutls_is_secure_function): Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Dist more.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS, doc/internals.eps, doc/layers.eps, doc/pgp1.eps,
+ doc/x509-1.eps: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/.cvsignore: [no log message]
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi, src/errcodes.c: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add error_codes.texi.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/errcodes.c: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am: Build error_codes.texi using errcodes.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/Makefile.am, src/errcodes.c: (errcodes): Add, same as retcodes, but for texinfo.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * src/.cvsignore: [no log message]
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Fix.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/.cvsignore: [no log message]
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-05 Simon Josefsson <simon@josefsson.org>
+
+ * doc/gnutls.texi: Add.
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, acinclude.m4, libgcrypt.m4, libtasn1.m4,
+ m4/libgcrypt.m4, m4/libtasn1.m4, m4/opencdk.m4, opencdk.m4: Move
+ *.m4's to m4/.
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf: Simplify.
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Add copying condition. Remove useless prefix
+ setting.
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf, configure.in: Don't use maintainer mode (see Autoconf
+ manual for rationale).
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/Makefile.am, doc/fdl.texi, doc/gnutls.texi: Start Texinfo
+ manual.
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * doc/.cvsignore: [no log message]
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * ChangeLog: ChangeLog
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am: Fix cvs2cl target.
+
+2004-08-04 Simon Josefsson <simon@josefsson.org>
+
+ * NEWS: Version 1.1.13.
+
+2004-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-08-02 Simon Josefsson <simon@josefsson.org>
+
+ * .cvsusers: Fix.
+
+2004-08-02 Simon Josefsson <simon@josefsson.org>
+
+ * configure.in: Bump version.
+
+2004-08-02 Simon Josefsson <simon@josefsson.org>
+
+ * Makefile.am, NEWS, configure.in, tests/Makefile,
+ tests/Makefile.am, tests/simple.c, tests/utils.c, tests/utils.h: Add
+ (start of) self test suite.
+
+2004-08-02 Simon Josefsson <simon@josefsson.org>
+
+ * .cvsignore, doc/examples/.cvsignore, doc/manpages/.cvsignore,
+ doc/tex/.cvsignore, includes/.cvsignore,
+ includes/gnutls/.cvsignore, libextra/.cvsignore,
+ libextra/opencdk/.cvsignore, libextra/openpgp/.cvsignore,
+ src/.cvsignore, src/cfg/.cvsignore, src/cfg/platon/.cvsignore,
+ src/cfg/platon/str/.cvsignore, src/openpgp/.cvsignore,
+ tests/.cvsignore: Ignore more.
+
+2004-08-02 Simon Josefsson <simon@josefsson.org>
+
+ * buildconf: Use autoreconf.
+
+2004-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/gnutls_cert.c, lib/gnutls_srp.c,
+ lib/gnutls_srp.h: _gnutls_calc_srp_u() has been modified to be
+ better.
+
+2004-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2004-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_int.h: [no log message]
+
+2004-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: print the number of bits of the public key in a
+ certificate.
+
+2004-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/examples.tex: [no log message]
+
+2004-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/auth_cert.h, lib/gnutls.h.in.in,
+ lib/gnutls_cert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, libextra/gnutls_extra.h,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/gnutls_openpgp.h: Added some default limits in the
+ verification of certificate chains, to avoid denial of service
+ attacks. Also added gnutls_certificate_set_verify_limits() to
+ override them.
+
+2004-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-cert-select.tex, lib/gnutls_cert.c: corrected
+ documentation.
+
+2004-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: [no log message]
+
+2004-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/extra.h, lib/Makefile.am, lib/auth_srp.c,
+ lib/auth_srp.h, lib/auth_srp_passwd.c, lib/auth_srp_passwd.h,
+ lib/auth_srp_rsa.c, lib/auth_srp_sb64.c, lib/ext_srp.c,
+ lib/ext_srp.h, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_extensions.c, lib/gnutls_srp.c, lib/gnutls_srp.h,
+ libextra/Makefile.am, libextra/auth_srp.c, libextra/auth_srp.h,
+ libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
+ libextra/auth_srp_rsa.c, libextra/auth_srp_sb64.c,
+ libextra/ext_srp.c, libextra/ext_srp.h, libextra/gnutls_extra.c,
+ libextra/gnutls_srp.c, libextra/gnutls_srp.h, libgcrypt.m4,
+ opencdk.m4: SRP ciphersuites were moved to the gnutls (lgpl)
+ library.
+
+2004-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2004-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsusers: added Simon
+
+2004-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, libextra/gnutls_openpgp.c,
+ libextra/openpgp/extras.c, libextra/openpgp/pgp.c,
+ libextra/openpgp/privkey.c, libextra/openpgp/xml.c: [no log message]
+
+2004-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, libextra/auth_srp.c, libextra/gnutls_srp.c,
+ libextra/gnutls_srp.h: * Updated the SRP authentication to conform to the latest (yet unreleased) draft. Unfortunately this breaks compatibility with previous versions.
+
+2004-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/minitasn1/Makefile.am, lib/x509/Makefile.am,
+ libextra/Makefile.am, libextra/opencdk/Makefile.am,
+ libextra/openpgp/Makefile.am, libextra/openpgp/openpgp.c,
+ libextra/openpgp/pgp.c, libextra/openpgp/pgpverify.c,
+ libextra/openpgp/verify.c: avoid using libtool's convenience
+ libraries since they are buggy and cause conflicts in linking.
+
+2004-07-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/opencdk/encrypt.c, libextra/opencdk/main.c,
+ libextra/opencdk/misc.c: removed the malloc.h include.
+
+2004-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-07.txt,
+ doc/protocol/rfc3749.txt, doc/tex/gnutls.bib: added the tls
+ compression rfc.
+
+2004-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cert_auth.tex: [no log message]
+
+2004-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2004-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2004-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c, lib/gnutls_x509.c, lib/x509/x509.c: eliminated
+ some memory leaks. Reported by Yoann Vandoorselaere
+ <yoann@prelude-ids.org>.
+
+2004-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-ssl-mods-00.txt: added
+ draft-ietf-tls-ssl-mods
+
+2004-07-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/Makefile.am: [no log message]
+
+2004-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2004-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c, libextra/auth_srp.h,
+ libextra/auth_srp_passwd.c, libextra/gnutls_srp.c: Do not free the
+ SRP (n/g) parameters from the callback if they are the static ones
+ defined in extra.h
+
+2004-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/auth_anon.h, lib/auth_cert.h,
+ lib/auth_dh_common.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_record.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/gnutls_ui.c, lib/gnutls_x509.c, libextra/gnutls_openpgp.c,
+ libextra/openpgp/verify.c, src/serv.c: The ephemeral DH and RSA
+ parameters are no longer stored in the session resume DB. This saves
+ space, but will cause resumed sessions not to be able to access the
+ original session parameters (which is ok).
+
+2004-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: Reject hello packets with major version
+ higher than 3.
+
+2004-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/x509/ca.pem, src/x509/cert-dsa.pem, src/x509/cert.pem,
+ src/x509/clicert-dsa.pem, src/x509/clicert.pem,
+ src/x509/key-dsa.pem, src/x509/key.pem: added some new certificates.
+
+2004-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, includes/gnutls/x509.h, lib/x509/verify.c,
+ lib/x509/verify.h, libextra/gnutls_srp.c, libextra/openpgp/verify.c: * Corrected a bug in certificate verification. Pointed out by Yoann Vandoorselaere <yoann@prelude-ids.org> * Added the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flags to the verification functions.
+
+2004-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/gnutls.bib, doc/tex/tlsintro.tex:
+ added links to gpgme and to Rescola's book.
+
+2004-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c: Corrected bug in PKCS #1 encryption.
+
+2004-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, doc/tex/auth.tex,
+ doc/tex/certificate.tex, doc/tex/ex-alert.tex,
+ doc/tex/ex-cert-select.tex, doc/tex/ex-client-resume.tex,
+ doc/tex/ex-client-srp.tex, doc/tex/ex-client2.tex,
+ doc/tex/ex-crq.tex, doc/tex/ex-pkcs12.tex,
+ doc/tex/ex-serv-export.tex, doc/tex/ex-serv-pgp.tex,
+ doc/tex/ex-serv-srp.tex, doc/tex/ex-serv1.tex,
+ doc/tex/ex-session-info.tex, doc/tex/ex-verify.tex,
+ doc/tex/ex-x509-info.tex, includes/Makefile.am,
+ includes/gnutls/Makefile.am, includes/gnutls/compat.h,
+ includes/gnutls/extra.h, includes/gnutls/openpgp.h,
+ includes/gnutls/openssl.h, includes/gnutls/pkcs12.h,
+ includes/gnutls/x509.h, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.c,
+ lib/auth_dh_common.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
+ lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
+ lib/ext_max_record.h, lib/ext_server_name.c, lib/ext_server_name.h,
+ lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_auth_int.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_mpi.c,
+ lib/gnutls_mpi.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/gnutls_priority.c, lib/gnutls_priority.h, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session.h, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_str.c,
+ lib/gnutls_str.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/compat.c, lib/x509/compat.h, lib/x509/crl.c,
+ lib/x509/crl_write.c, lib/x509/crq.c, lib/x509/crq.h,
+ lib/x509/dn.c, lib/x509/extensions.c, lib/x509/extensions.h,
+ lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/pkcs12.c,
+ lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/pkcs7.c,
+ lib/x509/pkcs7.h, lib/x509/privkey.c, lib/x509/privkey.h,
+ lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
+ lib/x509/sign.c, lib/x509/sign.h, lib/x509/verify.c,
+ lib/x509/verify.h, lib/x509/x509.c, lib/x509/x509.h,
+ lib/x509/x509_write.c, lib/x509/xml.c, lib/x509_b64.c,
+ libextra/auth_srp.c, libextra/auth_srp.h,
+ libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
+ libextra/auth_srp_rsa.c, libextra/auth_srp_sb64.c,
+ libextra/ext_srp.c, libextra/ext_srp.h, libextra/gnutls_extra.h,
+ libextra/gnutls_openpgp.c, libextra/gnutls_openssl.c,
+ libextra/gnutls_srp.c, libextra/gnutls_srp.h,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.c,
+ libextra/openpgp/openpgp.h, libextra/openpgp/privkey.c,
+ libextra/openpgp/verify.c, libextra/openpgp/xml.c,
+ libextra/openssl_compat.c, libextra/openssl_compat.h: Added the '_t'
+ suffix to all exported symbols.
+
+2004-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-srp-06.txt,
+ doc/protocol/draft-ietf-tls-srp-07.txt: added new srp draft
+
+2004-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-verify.tex, lib/gnutls_ui.c: [no log message]
+
+2004-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/openpgp.c: [no log message]
+
+2004-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/openpgp.h, libextra/openpgp/extras.c,
+ libextra/openpgp/openpgp.h, libextra/openpgp/verify.c: [no log
+ message]
+
+2004-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/verify.c: Added gnutls_openpgp_keyring_check_id()
+
+2004-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/examples/Makefile.am, doc/tex/Makefile.am,
+ doc/tex/certificate.tex, doc/tex/ex-rfc2818.tex,
+ doc/tex/ex-verify.tex, doc/tex/examples.tex,
+ includes/gnutls/x509.h, lib/x509/verify.c, lib/x509/verify.h,
+ lib/x509/x509.c, lib/x509/x509.h, libextra/openpgp/Makefile.am:
+ added an improved verification example.
+
+2004-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-rescorla-dtls-00.txt: added datagram tls draft.
+
+2004-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_state.c:
+ some fixes in the session resuming code.
+
+2004-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, includes/gnutls/openpgp.h,
+ includes/gnutls/pkcs12.h, includes/gnutls/x509.h, lib/auth_anon.c,
+ lib/auth_anon.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
+ lib/defines.h, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/gnutls.h.in.in, lib/gnutls_alert.c,
+ lib/gnutls_alert.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_anon_cred.c,
+ lib/gnutls_asn1_tab.c, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_auth_int.h, lib/gnutls_buffer.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_db.c, lib/gnutls_db.h, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_int_compat.c, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_mpi.c,
+ lib/gnutls_mpi.h, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_priority.c,
+ lib/gnutls_priority.h, lib/gnutls_random.c, lib/gnutls_random.h,
+ lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session.h, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_str.c,
+ lib/gnutls_str.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/io_debug.h, lib/pkix_asn1_tab.c,
+ lib/strfile.h, lib/strnstr.c, lib/x509/common.c, lib/x509/compat.c,
+ lib/x509/crl.c, lib/x509/crl_write.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/dsa.c, lib/x509/extensions.c,
+ lib/x509/mpi.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
+ lib/x509/pkcs12_encr.c, lib/x509/pkcs5.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rfc2818_hostname.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509_write.c, lib/x509/xml.c,
+ lib/x509_b64.c, lib/x509_b64.h, libextra/auth_srp.c,
+ libextra/auth_srp_passwd.c, libextra/auth_srp_rsa.c,
+ libextra/auth_srp_sb64.c, libextra/ext_srp.c,
+ libextra/gnutls_extra.c, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openssl.c, libextra/gnutls_srp.c,
+ libextra/minilzo.c, libextra/openpgp/compat.c,
+ libextra/openpgp/extras.c, libextra/openpgp/openpgp.c,
+ libextra/openpgp/openpgp.h, libextra/openpgp/privkey.c,
+ libextra/openpgp/verify.c, libextra/openpgp/xml.c,
+ libextra/openssl_compat.c, src/certtool-cfg.c, src/certtool-gaa.c,
+ src/certtool.c, src/cli-gaa.c, src/cli.c, src/common.c,
+ src/crypt-gaa.c, src/crypt.c, src/getpass.c, src/prime.c,
+ src/retcodes.c, src/serv-gaa.c, src/serv.c, src/tests.c,
+ src/tls_test-gaa.c, src/tls_test.c: changed indentation to 4 spaces
+ instead of tabs.
+
+2004-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cover.tex.in, lib/gnutls_record.c, lib/x509/x509.c: [no
+ log message]
+
+2004-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/gnutls.bib, doc/tex/howto.tex:
+ [no log message]
+
+2004-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/tex/certificate.tex, doc/tex/compression.tex,
+ doc/tex/programs.tex: [no log message]
+
+2004-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_datum.c, lib/gnutls_ui.c, lib/x509/pkcs12_bag.c,
+ src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c,
+ src/gnutls-http-serv, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
+ src/serv.gaa, src/tests.c, src/tests.h, src/tls_test.c: several
+ improvements
+
+2004-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tls_test-gaa.c, src/tls_test.gaa: [no log
+ message]
+
+2004-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/auth_dh_common.h,
+ lib/gnutls_compress_int.c, lib/gnutls_state.c, src/cli.c,
+ src/common.c, src/common.h, src/tests.c, src/tests.h,
+ src/tls_test.c: updated gnutls-cli-debug to print DHE and RSA-EXPORT
+ information if verbose is set. Some other minor fixes.
+
+2004-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CODING_STYLE, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_cert.h, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_auth_int.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.c, lib/gnutls_db.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c, libextra/auth_srp.c,
+ libextra/auth_srp_rsa.c, libextra/ext_srp.c,
+ libextra/gnutls_extra.c: some other changes to the internal types
+ names.
+
+2004-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c,
+ lib/debug.h, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_dh.c,
+ lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session_pack.c,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_state.c,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, libextra/auth_srp.c, libextra/auth_srp.h,
+ libextra/auth_srp_rsa.c, libextra/gnutls_srp.c: several internal
+ types fix.
+
+2004-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/auth_rsa_export.c,
+ lib/gnutls_mpi.h, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/dsa.c, lib/x509/dsa.h, lib/x509/mpi.c, lib/x509/mpi.h,
+ lib/x509/pkcs12_encr.c, lib/x509/privkey.c, lib/x509/sign.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509.h: Added the
+ functions gnutls_x509_crt_get_pk_rsa_raw() and
+ gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from
+ certificates.
+
+2004-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_cert.h, lib/auth_dh_common.c,
+ lib/auth_dh_common.h, lib/auth_dhe.c, lib/auth_rsa_export.c,
+ lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
+ lib/gnutls_ui.h: Allow access to the RSA-EXPORT parameters.
+
+2004-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dh_common.c, lib/auth_dh_common.h,
+ lib/gnutls_compress_int.c, lib/gnutls_mpi.c, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h: added function
+ to access the DH (peer's) public key.
+
+2004-06-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/gnutls_auth.c, lib/gnutls_cipher_int.c, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h, src/serv.c:
+ Added news functions to allow access to the ephemeral Diffie Hellman
+ parameters.
+
+2004-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_pk.c: [no log message]
+
+2004-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/gnutls.bib: [no log message]
+
+2004-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: ciphers are sorted according to a strength order.
+
+2004-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, libextra/auth_srp.c, libextra/gnutls_srp.c: Updated to
+ conform to the latest srp draft (draft-ietf-tls-srp-07).
+
+2004-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_handshake.c, lib/gnutls_mpi.h,
+ libextra/auth_srp.c, libextra/openpgp/compat.c, libtasn1.m4: [no log
+ message]
+
+2004-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_v2_compat.c: added some extra
+ checks in hello packet parsing.
+
+2004-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/x509/Makefile.am,
+ libextra/Makefile.am, libextra/openpgp/Makefile.am,
+ src/Makefile.am, src/certtool-cfg.h, src/retcodes.c: some libtasn1
+ related compilation fixes
+
+2004-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2004-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acinclude.m4, lib/gnutls_handshake.c: [no log message]
+
+2004-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/opencdk/keydb.c, libextra/opencdk/main.h,
+ libextra/opencdk/opencdk.h, libextra/opencdk/pubkey.c,
+ libextra/opencdk/read-packet.c, libextra/opencdk/sig-check.c,
+ libextra/openpgp/verify.c: added new opencdk
+
+2004-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/README.autoconf, doc/certtool.cfg,
+ lib/gnutls_handshake.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ libextra/libgnutls-extra.m4: Corrected session resuming in SRP
+ ciphersuites.
+
+2004-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/programs.tex, lib/gnutls_state.c, lib/libgnutls.m4: [no
+ log message]
+
+2004-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_state.c: _gnutls_deinit() is
+ no longer used. Sessions are not automatically removed any more, on
+ abnormal termination.
+
+2004-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_record.c: some cleanups and better
+ handling of EOF in record_recv.
+
+2004-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/decoding.c: [no log message]
+
+2004-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/int.h: [no log message]
+
+2004-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acinclude.m4, configure.in, lib/minitasn1/libtasn1.h, libtasn1.m4:
+ added proper libtasn1 version detection.
+
+2004-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/decoding.c: Applied patch by Max Vozeler
+ <max@hinterhof.net>, sent by Ivo Timmermans.
+
+2004-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/certtool.cfg, lib/pkix.asn,
+ libextra/Makefile.am, src/certtool-cfg.c, src/certtool.c: certtool
+ has now support for more X.520 DN attribute types.
+
+2004-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/certtool.cfg: [no log message]
+
+2004-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: certtool
+ can now read and set the UID field to a DN.
+
+2004-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h: [no log message]
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pkcs12.tex, doc/tex/examples.tex,
+ includes/gnutls/pkcs12.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
+ lib/x509/pkcs12_bag.c, src/certtool.c: removed gnutls_const_datum
+ type.
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/opencdk/Makefile.am, libextra/opencdk/README,
+ libextra/opencdk/opencdk.h, libextra/opencdk/sig-check.c,
+ libextra/openpgp/verify.c: updated opencdk to report if any key
+ signer was found.
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, libextra/Makefile.am, libextra/gnutls_extra.c,
+ libextra/openpgp/Makefile.am, libextra/openpgp/compat.c,
+ libextra/openpgp/extras.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h,
+ libextra/openpgp/privkey.c, libextra/openpgp/verify.c,
+ libextra/openpgp/xml.c: [no log message]
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-cfg.c, src/prime.c: [no log message]
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_compress_int.c, lib/gnutls_handshake.c,
+ lib/gnutls_priority.c, libextra/Makefile.am,
+ libextra/gnutls_extra.c, libextra/gnutls_openpgp.c, src/cli.c,
+ src/common.c, src/serv.c: some fixes in the compilation system.
+
+2004-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, libextra/Makefile.am: [no log message]
+
+2004-05-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, libextra/Makefile.am, libextra/gnutls_extra.c: Added
+ configure option to disable lzo completely.
+
+2004-05-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/certtool.cfg, doc/tex/srp.tex,
+ lib/Makefile.am, libextra/Makefile.am,
+ libextra/opencdk/Makefile.am, libextra/opencdk/armor.c,
+ libextra/opencdk/cipher.c, libextra/opencdk/cipher.h,
+ libextra/opencdk/compress.c, libextra/opencdk/context.h,
+ libextra/opencdk/encrypt.c, libextra/opencdk/filters.h,
+ libextra/opencdk/kbnode.c, libextra/opencdk/keydb.c,
+ libextra/opencdk/keygen.c, libextra/opencdk/keylist.c,
+ libextra/opencdk/keyserver.c, libextra/opencdk/main.c,
+ libextra/opencdk/main.h, libextra/opencdk/md.c,
+ libextra/opencdk/md.h, libextra/opencdk/misc.c,
+ libextra/opencdk/new-packet.c, libextra/opencdk/opencdk.h,
+ libextra/opencdk/packet.h, libextra/opencdk/plaintext.c,
+ libextra/opencdk/pubkey.c, libextra/opencdk/read-packet.c,
+ libextra/opencdk/seskey.c, libextra/opencdk/sig-check.c,
+ libextra/opencdk/sign.c, libextra/opencdk/stream.c,
+ libextra/opencdk/stream.h, libextra/opencdk/sym-cipher.c,
+ libextra/opencdk/trustdb.c, libextra/opencdk/types.h,
+ libextra/opencdk/verify.c, libextra/opencdk/write-packet.c,
+ libextra/openpgp/Makefile.am: opencdk is being included if not
+ found.
+
+2004-05-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c,
+ src/crypt-gaa.c, src/crypt.gaa: certtool can now add ip address SAN
+ extension.
+
+2004-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: the TLS hello message random values no
+ longer use strong random data.
+
+2004-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: [no log message]
+
+2004-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/README.srpcrypt, src/README.srptool: [no log
+ message]
+
+2004-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_v2_compat.c, libextra/auth_srp_passwd.c,
+ libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: Fixed some things
+ in the random number usage. Weak levels are used where possible to
+ avoid emptying the strong random pool.
+
+2004-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, doc/manpages/gnutls-srpcrypt.1,
+ doc/manpages/srptool.1, doc/protocol/draft-eronen-tls-psk-00.txt,
+ doc/tex/ex-x509-info.tex, doc/tex/srp.tex: [no log message]
+
+2004-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cert_auth.tex, doc/tex/certificate.tex,
+ doc/tex/ciphers.tex: some additions to certificate stuff.
+
+2004-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_auth.c, lib/gnutls_handshake.c, lib/gnutls_kx.c,
+ lib/gnutls_pk.c, lib/gnutls_ui.h: Added
+ gnutls_auth_client_get_type() and gnutls_auth_server_get_type().
+
+2004-04-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c, lib/gnutls_cert.c, lib/gnutls_state.c: Fixes
+ in the automatic disabling of certificate types.
+
+2004-04-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_state.c: Automatically disable certificate types that do
+ not have corresponding certificates.
+
+2004-04-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: added xml exporting capabilities to certtool
+ utility.
+
+2004-04-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_cert.c: [no log message]
+
+2004-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_cert.c, src/cli.c: [no log message]
+
+2004-04-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2004-04-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, lib/gnutls_global.c,
+ lib/gnutls_record.c: [no log message]
+
+2004-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2004-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c, lib/gnutls_random.h, src/common.c: [no log
+ message]
+
+2004-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2004-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/ex-serv-srp.tex, doc/tex/programs.tex,
+ doc/tex/srp.tex, src/Makefile.am: Renamed gnutls-srpcrypt to srptool
+
+2004-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/openpgp.h, lib/auth_cert.c: Corrected bug in
+ OpenPGP key loading using a callback.
+
+2004-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_record.c, lib/gnutls_str.c: Corrected bug in TLS
+ renegotiation.
+
+2004-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: [no log message]
+
+2004-04-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/ex-rfc2818.tex, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, src/certtool.c, src/crypt-gaa.c,
+ src/crypt-gaa.h: Added gnutls_sign_algorithm_get_name() and
+ gnutls_pk_algorithm_get_name().
+
+2004-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_state.c,
+ lib/gnutls_v2_compat.c, lib/x509/verify.c, libextra/ext_srp.c,
+ src/certtool-cfg.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/cli-gaa.c, src/cli-gaa.h, src/serv-gaa.c, src/serv-gaa.h,
+ src/tls_test-gaa.c, src/tls_test-gaa.h: Some updates in order to
+ compile with tcc.
+
+2004-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/structure.c: added the new libtasn1.
+
+2004-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-cfg.c, src/certtool-cfg.h, src/certtool.c: some
+ cleanups in the parsing code.
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-05.txt,
+ doc/protocol/draft-ietf-tls-rfc2246-bis-06.txt: [no log message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: [no log message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/extensions.c, src/certtool.c: minor bugfixes.
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/extensions.c, lib/x509/x509_write.c: [no log message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/certtool.cfg: [no log message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/certtool.cfg, src/certtool-cfg.c, src/certtool-cfg.h,
+ src/certtool.c: [no log message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/Makefile.am, doc/certtool.cfg, doc/manpages/certtool.1,
+ doc/tex/programs.tex, src/certtool.cfg, src/tests.c: [no log
+ message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: [no log message]
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, src/Makefile.am: certtool will use the system's
+ libcfg if available.
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, src/Makefile.am,
+ src/certtool-cfg.c, src/certtool-cfg.h, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.cfg,
+ src/certtool.gaa, src/cfg/Makefile.am, src/cfg/cfg+.c,
+ src/cfg/cfg+.h, src/cfg/cfgfile.c, src/cfg/cfgfile.h,
+ src/cfg/cmdline.c, src/cfg/cmdline.h, src/cfg/parse.c,
+ src/cfg/platon/Makefile.am, src/cfg/platon/str/Makefile.am,
+ src/cfg/platon/str/dynfgets.c, src/cfg/platon/str/dynfgets.h,
+ src/cfg/platon/str/strctype.c, src/cfg/platon/str/strctype.h,
+ src/cfg/platon/str/strdyn.c, src/cfg/platon/str/strdyn.h,
+ src/cfg/platon/str/strplus.c, src/cfg/platon/str/strplus.h,
+ src/cfg/props.c, src/cfg/shared.c, src/cfg/shared.h, src/getpass.c,
+ src/getpass.h: Added batch support to certtool. Now can use
+ templates.
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_cipher_int.c, lib/gnutls_global.c,
+ lib/x509/Makefile.am, lib/x509/rc2.c, lib/x509/rc2.h: The RC2 cipher
+ is no more included. The one in libgcrypt is now used.
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/extensions.c, lib/x509/extensions.h,
+ lib/x509/x509_write.c, src/certtool.c: updated the extensions
+ handling.
+
+2004-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, includes/gnutls/x509.h, lib/x509/extensions.c,
+ lib/x509/extensions.h, lib/x509/x509.c, lib/x509/x509_write.c,
+ src/certtool.c: - Added support for authority key identifier X.509 extension field. - Added support for the extended key usage X.509 extension field.
+
+2004-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_cipher.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c: The record receive buffer
+ is now stored in the session data, to avoid memory allocations per
+ receive.
+
+2004-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in: [no log message]
+
+2004-04-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_rsa_export.c, lib/x509/privkey.c, lib/x509/x509.h:
+ Optimized (a bit) the rsa_parameter copying. I don't like it.
+
+2004-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_compress_int.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: [no log message]
+
+2004-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls_state.c: - Corrected bug in RSA parameters handling which could cause unexpected crashes.
+
+2004-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/library.tex, lib/auth_cert.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h: [no log message]
+
+2004-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c: implemented all the check for SRP group
+ parameters from the latest SRP draft.
+
+2004-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.h, libextra/auth_srp_passwd.c,
+ libextra/gnutls_srp.c: [no log message]
+
+2004-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2004-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/examples.tex,
+ doc/tex/gnutls.bib, doc/tex/gnutls.tex: [no log message]
+
+2004-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_handshake.c, lib/gnutls_x509.c: some improvements that
+ lead to fewer calls to malloc().
+
+2004-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.bib, doc/tex/howto.tex, doc/tex/tls_extensions.tex:
+ [no log message]
+
+2004-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/gnutls/extra.h, lib/auth_cert.c,
+ lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_int.h,
+ lib/gnutls_ui.h, libextra/auth_srp_passwd.c, libextra/gnutls_srp.c,
+ src/cli.c, src/tests.c: Deprecated:
+ gnutls_srp_server_set_select_function(),
+ gnutls_certificate_client_set_select_function(),
+ gnutls_srp_server_set_select_function().
+
+2004-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, src/Makefile.am, src/certtool.c, src/crypt.c,
+ src/getpass.c, src/getpass.h: replaced the getpass() call with an
+ internal one.
+
+2004-03-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/tex/Makefile.am,
+ doc/tex/ex-pgp-keyserver.tex, doc/tex/examples.tex: removed the
+ openpgp key retrieval example.
+
+2004-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/Makefile.am, libextra/openpgp/openpgp.c,
+ libextra/openpgp/xml.c: Finally corrected a compilation issue when
+ opencdk was installed in a non-base directory. Some other minor
+ fixes.
+
+2004-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libgcrypt.m4, src/serv.c: [no log message]
+
+2004-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/auth.tex, includes/gnutls/x509.h,
+ lib/gnutls.h.in.in, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
+ lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
+ lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/gnutls_state.c, lib/gnutls_ui.h, lib/x509/privkey.c,
+ lib/x509/privkey.h: * Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() and gnutls_x509_privkey_cpy().
+
+2004-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/preparation.tex,
+ lib/gnutls_handshake.c, lib/gnutls_state.c: * Added some preliminary documentation for the new libgcrypt locking
+ interface. * Added some documentation for the parameters setting using
+ callback.
+
+2004-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/gnutls.h.in.in, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_sig.c, lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, src/serv.c: Added
+ gnutls_certificate_set_params_function() and
+ gnutls_anon_set_params_function() that set the RSA or DH parameters
+ using a callback.
+
+2004-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/openpgp.h: [no log message]
+
+2004-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/openpgp.h: [no log message]
+
+2004-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/int.h, lib/minitasn1/libtasn1.h: added new libtasn1
+ (0.2.7)
+
+2004-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_hash_int.c: some bugfixes. No
+ longer allow sending client hello if a TLS version is not set.
+
+2004-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
+ lib/gnutls_hash_int.c, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_sig.c: patch to fix the bug in mutual certificate
+ authentication in SSL 3.0
+
+2004-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h: added new minitasn1.
+
+2004-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-06.txt,
+ doc/protocol/draft-ietf-tls-compression-07.txt,
+ doc/protocol/draft-ietf-tls-srp-05.txt,
+ doc/protocol/draft-ietf-tls-srp-06.txt: [no log message]
+
+2004-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/openpgp.c: [no log message]
+
+2004-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/alert.tex, doc/tex/ciphers.tex, doc/tex/howto.tex,
+ doc/tex/srp.tex, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/x509/Makefile.am, lib/x509/rfc2818_hostname.c, opencdk.m4:
+ Corrected the return values of gnutls_x509_crt_check_hostname().
+
+2004-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/preface.tex: [no log message]
+
+2004-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/Makefile.am: [no log message]
+
+2004-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.h: [no log message]
+
+2004-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c: fixed CRLDistpoints ASN.1
+ definitions.
+
+2004-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, libextra/auth_srp.c: [no log message]
+
+2004-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/structure.c, src/common.c: [no log message]
+
+2004-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c: [no log message]
+
+2004-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/compression.tex, lib/ext_server_name.c,
+ lib/gnutls.h.in.in, lib/gnutls_extensions.c, src/cli.c,
+ src/common.c: Fixed a bug where 'server name' extension was always
+ sent.
+
+2004-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c: Fixed some bugs. Patch by Brieuc Jeunhomme
+ <bbp@via.ecp.fr>.
+
+2004-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, src/certtool.c: added getpass() check.
+
+2004-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/cert_auth.tex,
+ doc/tex/ex-x509-info.tex, doc/tex/library.tex,
+ doc/tex/programs.tex, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cert.c, lib/gnutls_cipher.c,
+ lib/gnutls_constate.c, lib/gnutls_errors.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
+ lib/gnutls_state.c, lib/x509/crl.c, lib/x509/crq.c,
+ lib/x509/pkcs12.c, lib/x509/pkcs7.c, lib/x509/x509.c,
+ lib/x509/x509_write.c, lib/x509/xml.c, lib/x509_b64.c,
+ libextra/gnutls_extra.c, libextra/gnutls_srp.c, src/certtool-gaa.c,
+ src/certtool.c, src/cli-gaa.c, src/common.c, src/crypt-gaa.c,
+ src/serv-gaa.c, src/serv.c, src/tls_test-gaa.c: Several bug fixes
+ and cleanups by Arne Thomassen.
+
+2004-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/pkix.asn, lib/pkix_asn1_tab.c: [no log
+ message]
+
+2004-01-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, includes/gnutls/x509.h, lib/gnutls.h.in.in,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/crl.c, lib/x509/crq.c, lib/x509/dn.c, lib/x509/mpi.c,
+ lib/x509/pkcs12.c, lib/x509/sign.c, lib/x509/x509.c, src/certtool.c: * Added the gnutls_sign_algorithm type. * Improved the DN parser.
+
+2004-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/protocol/rfc3039.txt, lib/gnutls_handshake.c: [no
+ log message]
+
+2004-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509/common.c, lib/x509/privkey_pkcs8.c:
+ [no log message]
+
+2004-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am: [no log message]
+
+2004-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: the -D_REENTRANT is now used.
+
+2004-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: [no log message]
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
+ lib/x509/dn.c, src/certtool.c: Corrected problem printing the DC
+ attributes in a DN.
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: [no log message]
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ src/certtool.c, src/common.c: [no log message]
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/x509/compat.c, libextra/gnutls_openpgp.c,
+ libextra/openpgp/gnutls_openpgp.h, src/cli.c: [no log message]
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crl_write.c: [no log message]
+
+2004-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/compat.h, lib/x509/rfc2818_hostname.c, src/cli.c: Updated
+ gnutls-cli's SRP behaviour. Some other fixes.
+
+2003-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: [no log message]
+
+2003-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h, src/certtool.c, src/common.c: [no log message]
+
+2003-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/auth.tex, lib/gnutls_algorithms.c, lib/gnutls_ui.h,
+ lib/x509/rfc2818_hostname.c, lib/x509/x509.c, src/certtool.c: [no
+ log message]
+
+2003-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/x509/rfc2818_hostname.c, libextra/openpgp/openpgp.c: [no log
+ message]
+
+2003-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/gnutls_cipher.c: [no log message]
+
+2003-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: added TLS 1.1 protocol
+ detection.
+
+2003-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/x509/rfc2818_hostname.c: [no log message]
+
+2003-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: added arcfour 40 cipher
+ detection.
+
+2003-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/library.tex, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/extensions.c: [no log message]
+
+2003-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-cert-select.tex, doc/tex/macros.tex,
+ doc/tex/record_weaknesses.tex, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_cipher.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c, src/common.c, src/serv.c:
+ Added support for TLS 1.1
+
+2003-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls_cert.c,
+ lib/gnutls_random.c, lib/gnutls_ui.h: updated the client retrieval
+ certificate callback.
+
+2003-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cert_auth.tex, doc/tex/certificate.tex,
+ doc/tex/ex-x509-info.tex, includes/gnutls/x509.h, lib/x509/x509.c,
+ lib/x509/x509_write.c, src/certtool.c: Added
+ gnutls_x509_crt_cpy_crl_dist_points()
+
+2003-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/certificate.tex, doc/tex/gnutls.bib,
+ includes/gnutls/extra.h, includes/gnutls/x509.h,
+ lib/gnutls.h.in.in, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/extensions.c, lib/x509/x509.c, lib/x509/x509.h,
+ src/certtool.c: Corrected the CRL distribution point extension
+ handling.
+
+2003-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/x509/compat.h, libextra/gnutls_extra.c,
+ libextra/openpgp/compat.c, libextra/openpgp/gnutls_openpgp.h: [no
+ log message]
+
+2003-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, NEWS, configure.in, doc/tex/cover.tex.in,
+ includes/Makefile.am, includes/gnutls/Makefile.am,
+ includes/gnutls/compat8.h, includes/gnutls/openssl.h,
+ lib/auth_anon.c, lib/auth_cert.c, lib/auth_dh_common.c,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c,
+ lib/ext_cert_type.c, lib/ext_max_record.c, lib/ext_server_name.c,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_compress.c, lib/gnutls_compress_int.c,
+ lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_db.c,
+ lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_kx.c,
+ lib/gnutls_mem.c, lib/gnutls_mpi.c, lib/gnutls_num.c,
+ lib/gnutls_pk.c, lib/gnutls_priority.c, lib/gnutls_random.c,
+ lib/gnutls_record.c, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_x509.c, lib/strnstr.c, lib/x509/common.c,
+ lib/x509/compat.c, lib/x509/compat.h, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/dsa.c,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c, lib/x509/pkcs5.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/rc2.c, lib/x509/rfc2818_hostname.c, lib/x509/sign.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
+ lib/x509/xml.c, lib/x509_b64.c, libextra/Makefile.am,
+ libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_rsa.c, libextra/auth_srp_sb64.c,
+ libextra/ext_srp.c, libextra/gnutls_extra.c,
+ libextra/gnutls_openpgp.c, libextra/gnutls_openssl.c,
+ libextra/gnutls_srp.c, libextra/openpgp/compat.c,
+ libextra/openpgp/extras.c, libextra/openpgp/openpgp.c,
+ libextra/openpgp/privkey.c, libextra/openpgp/verify.c,
+ libextra/openpgp/xml.c, libextra/openssl_compat.c,
+ libextra/openssl_compat.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa, src/cli.c, src/crypt.c,
+ src/prime.c, src/serv.c, src/tests.c, src/tls_test.c: * Added CRL verification functionality to certtool. * Added the FSF copyright notices. * Moved all the compatibility interface to the openssl compatibility library.
+
+2003-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c, lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/sign.c,
+ lib/x509/verify.c: corrected signing and verifying with DSA keys.
+
+2003-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/certificate.tex, includes/gnutls/x509.h,
+ lib/Makefile.am, lib/x509/Makefile.am, lib/x509/crl.c,
+ lib/x509/sign.c, lib/x509/sign.h, lib/x509/x509_write.c,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Added support for generating CRLs in the library
+ and the certtool utility.
+
+2003-12-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_mpi.h, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/extensions.c, lib/x509/extensions.h,
+ lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509.h,
+ lib/x509/x509_write.c, src/certtool.c: Added support for the Subject
+ Key ID PKIX extension.
+
+2003-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_server_name.c, libextra/gnutls_srp.c: [no log message]
+
+2003-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, includes/gnutls/x509.h, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/dsa.c,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
+ lib/x509/x509_write.c, src/certtool.c: Added support for reading and
+ generating CRL distribution points extensions in certificates (not
+ working yet).
+
+2003-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mpi.h, libextra/auth_srp.c: Added checks (in SRP) for
+ A%n==0,1,-1 in server side.
+
+2003-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added PKCS #7
+ support to certtool utility.
+
+2003-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/examples/Makefile.am, doc/manpages/certtool.1,
+ doc/tex/ex-cert-select.tex, doc/tex/examples.tex, lib/auth_cert.c,
+ lib/auth_cert.h, lib/gnutls_cert.c, lib/gnutls_int.h,
+ lib/gnutls_ui.h, lib/x509/compat.c, libextra/gnutls_openssl.c: [no
+ log message]
+
+2003-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: [no log message]
+
+2003-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, includes/Makefile.am,
+ includes/gnutls/Makefile.am, includes/gnutls/compat4.h,
+ includes/gnutls/compat8.h, includes/gnutls/openpgp.h,
+ includes/gnutls/x509.h, lib/dh_compat.c, lib/gnutls_ui.h,
+ lib/rsa_compat.c, libextra/gnutls_openpgp.c,
+ libextra/openpgp/openpgp.c, libextra/openpgp/verify.c,
+ libextra/openpgp/xml.c: Added gnutls_openpgp_key_get_key_usage(),
+ and removed several compatibility functions.
+
+2003-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/openpgp.h, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/x509/common.c, lib/x509/mpi.c,
+ lib/x509/rfc2818_hostname.c, libextra/Makefile.am,
+ libextra/auth_srp_rsa.c, libextra/gnutls_extra.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h,
+ libextra/openpgp/privkey.c: several cleanups.
+
+2003-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: Corrected bug which disallowed
+ ciphersuites other than the CERTIFICATE ones to work.
+
+2003-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/privkey.c: [no log message]
+
+2003-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, includes/gnutls/compat8.h, includes/gnutls/openpgp.h,
+ lib/auth_cert.c, lib/gnutls_cert.c, lib/gnutls_int.h,
+ lib/gnutls_ui.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ libextra/Makefile.am, libextra/gnutls_extra.h,
+ libextra/gnutls_openpgp.c, libextra/openpgp/Makefile.am,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.c,
+ libextra/openpgp/openpgp.h: Improved
+ gnutls_certificate_client_retrieve_function() and
+ gnutls_certificate_server_retrieve_function() so that the parsing
+ time spent within them is minimized. Also added
+ gnutls_openpgp_privkey struct. No testing yet.
+
+2003-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls_cert.h, lib/x509/extensions.c,
+ lib/x509/x509_write.c: [no log message]
+
+2003-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_cert.h,
+ lib/x509/extensions.c, lib/x509/extensions.h,
+ lib/x509/x509_write.c, src/certtool.c, src/tests.c, src/tests.h,
+ src/tls_test.c: Added gnutls_x509_crt_set_key_usage() and certtool
+ can now set the certificate's key usage.
+
+2003-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/protocol/draft-ietf-tls-emailaddr-00.txt,
+ doc/tex/auth.tex: [no log message]
+
+2003-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cert_auth.tex, doc/tex/ciphersuites.tex, src/serv.c: [no
+ log message]
+
+2003-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/cert_auth.tex,
+ doc/tex/certificate.tex, doc/tex/ciphers.tex,
+ doc/tex/ciphersuites.tex, doc/tex/compression.tex,
+ doc/tex/handshake.tex, doc/tex/openpgp.tex,
+ doc/tex/preparation.tex, doc/tex/record_weaknesses.tex,
+ doc/tex/tls_extensions.tex, doc/tex/x509.tex: some updated in
+ documentation
+
+2003-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/cli.c, src/serv.c: Corrected bug in gnutls_bye() which made it
+ return an error code of INVALID_REQUEST instead of success.
+
+2003-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, includes/gnutls/x509.h, lib/Makefile.am,
+ lib/gnutls_pk.c, lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/gnutls_sig.c, lib/gnutls_ui.h, lib/rsa_compat.c,
+ lib/x509/Makefile.am, lib/x509/common.c, lib/x509/crq.c,
+ lib/x509/dsa.c, lib/x509/dsa.h, lib/x509/mpi.c, lib/x509/mpi.h,
+ lib/x509/privkey.c, lib/x509/sign.c, lib/x509/x509.c,
+ lib/x509/x509_write.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added support for generating and
+ exporting DSA private keys. Exporting to PKCS #8 is still not
+ supported due to lack of standards.
+
+2003-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_cert.c, lib/auth_cert.h, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_state.c,
+ lib/gnutls_ui.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ libextra/auth_srp_rsa.c, libextra/gnutls_extra.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/openpgp/gnutls_openpgp.h: Added the callbacks
+ gnutls_certificate_client_retrieve_function() and
+ gnutls_certificate_server_retrieve_function(), to allow a client or
+ a server to specify certificates for the handshake without storing
+ them to the credentials structure.
+
+2003-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/auth_anon.c, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/dh_compat.c, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_rsa_export.c, lib/gnutls_ui.c,
+ lib/libgnutls.vers, lib/x509/common.c, libextra/auth_srp_rsa.c,
+ libextra/gnutls_extra.c, libextra/libgnutls-extra.vers, opencdk.m4: * The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and
+ GNUTLS_E_NO_TEMPORARY_RSA_PARAMS are no longer returned by the
+ handshake function. Ciphersuites that require temporary parameters
+ are removed when such parameters do not exist. * Several internal changes to allow adding the callback function to
+ retrieve the certificate and the private key.
+
+2003-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_dh_primes.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_state.c: Included
+ gnutls_1_0_0_patches.
+
+2003-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, lib/Makefile.am, lib/gnutls_handshake.c,
+ lib/gnutls_record.c, libextra/Makefile.am,
+ libextra/openpgp/Makefile.am, src/cli.c, src/tests.c, src/tests.h,
+ src/tls_test.c: Included gnutls_1_0_0_patches.
+
+2003-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/tex/ciphers.tex, lib/gnutls_dh_primes.c,
+ lib/gnutls_mpi.c, src/prime.c: some minor fixes and cleanups.
+
+2003-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/common.c: [no log message]
+
+2003-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: some cleanups in the
+ record protocol processing.
+
+2003-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/srp.tex, includes/gnutls/extra.h,
+ lib/gnutls.h.in.in, lib/gnutls_errors.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_state.c, libextra/auth_srp.c,
+ libextra/auth_srp.h, libextra/ext_srp.c, libextra/ext_srp.h,
+ libextra/gnutls_srp.c, src/cli.c: Improved the support for
+ draft-ietf-tls-srp-05. The two-phase handshake is now fully
+ supported without any interaction with the application layer (except
+ for a callback).
+
+2003-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/manpages/Makefile.am, doc/manpages/certtool.1,
+ doc/manpages/gnutls-cli-debug.1, doc/manpages/gnutls-cli.1,
+ doc/manpages/gnutls-serv.1, doc/manpages/gnutls-srpcrypt.1: Added
+ new manpages by Ivo.
+
+2003-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphersuites.tex: [no log message]
+
+2003-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_hash_int.c, lib/gnutls_random.c,
+ lib/x509/dn.c, src/common.c: eliminated some memory leaks and other
+ fixes.
+
+2003-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-serv-export.tex, doc/tex/ex-serv-srp.tex,
+ doc/tex/preface.tex: [no log message]
+
+2003-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: added detection for ZLIB
+ compression.
+
+2003-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tls_test.c: improved srp detection.
+
+2003-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/srp.tex, lib/gnutls_cipher.c, libextra/auth_srp.c,
+ src/cli.c: Some fixes in the certificate authenticated SRP
+ ciphersuites.
+
+2003-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf, lib/gnutls_alert.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
+ libextra/auth_srp.c, src/serv-gaa.c, src/serv.c: some fixes to
+ comply with the SRP draft. The handshake is now repeated if an empty
+ SRP username is received.
+
+2003-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/srp.tex, includes/gnutls/extra.h,
+ lib/gnutls_anon_cred.c, lib/gnutls_cert.c, lib/gnutls_x509.c,
+ lib/libgnutls.vers, lib/x509_b64.c, libextra/auth_srp.c,
+ libextra/auth_srp_sb64.c, libextra/gnutls_openpgp.c,
+ libextra/gnutls_srp.c, libextra/libgnutls-extra.vers,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.c,
+ libextra/openpgp/verify.c, src/common.c, src/crypt.c: several
+ corrections in the documentation.
+
+2003-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/libgnutls.vers, libextra/libgnutls-extra.vers:
+ [no log message]
+
+2003-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/examples.tex, doc/tex/gnutls.bib,
+ doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/library.tex,
+ doc/tex/preface.tex, doc/tex/programs.tex, doc/tex/srp.tex: [no log
+ message]
+
+2003-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/appendix.tex,
+ doc/tex/ciphers.tex, doc/tex/ciphersuites.tex,
+ doc/tex/supported_ciphersuites.tex, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c, lib/gnutls_int.h,
+ lib/gnutls_state.c: Removed the TWOFISH cipher. Documented the
+ supported ciphersuites.
+
+2003-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-benaloh-pct-00.txt,
+ doc/protocol/draft-benaloh-pct-01.txt,
+ doc/protocol/draft-hickman-netscape-ssl-00.txt: Added historical
+ documents. Got from
+ http://www21.ocn.ne.jp/~k-west/SSLandTLS/index-e.html
+
+2003-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/tex/preface.tex: [no log message]
+
+2003-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/preface.tex: [no log message]
+
+2003-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/Makefile.am, lib/auth_cert.c,
+ lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_mem.h, lib/gnutls_mpi.c,
+ lib/gnutls_mpi.h, lib/gnutls_x509.c, libextra/gnutls_openpgp.c,
+ src/serv.c: corrected some bugs that affected openpgp
+ authentication.
+
+2003-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphersuites.tex, doc/tex/gnutls.bib, doc/tex/gnutls.tex,
+ doc/tex/handshake.tex, doc/tex/library.tex, doc/tex/openpgp.tex,
+ doc/tex/preface.tex: [no log message]
+
+2003-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/protocol/rfc3279.txt, doc/tex/cover.tex.in,
+ doc/tex/gnutls.bib, doc/tex/library.tex, includes/gnutls/x509.h,
+ lib/gnutls_pk.c, lib/x509/privkey.c, lib/x509/verify.c,
+ lib/x509/verify.h, lib/x509/x509.c: Exported the
+ gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data()
+ and gnutls_x509_crt_verify_data().
+
+2003-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: only generate v3 certificates, since we always use
+ the CA (basicConstraints) extension.
+
+2003-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/privkey.c: ensure that the leading
+ zero is there on RSA keys.
+
+2003-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c, lib/x509/sign.c, lib/x509/x509_write.c: [no log
+ message]
+
+2003-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-x509-info.tex: [no log message]
+
+2003-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c: added crq_get_version().
+
+2003-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/ex-crq.tex, doc/tex/gnutls.bib,
+ doc/tex/openssl.tex, lib/x509/crq.c, lib/x509/x509_write.c,
+ src/certtool.c: Some documentation fixes. Changed
+ gnutls_x509_*_set_version() to have a compatible input with
+ gnutls_x509_*_get_version().
+
+2003-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/rfc2459.txt, doc/protocol/rfc3280.txt: added the
+ newest PKIX rfc.
+
+2003-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-cert-select.tex, doc/tex/ex-client-resume.tex,
+ doc/tex/ex-client-srp.tex, doc/tex/ex-client2.tex,
+ doc/tex/ex-serv-export.tex, doc/tex/ex-serv-pgp.tex,
+ doc/tex/examples.tex: [no log message]
+
+2003-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: [no log message]
+
+2003-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf, includes/gnutls/x509.h, lib/x509/pkcs5.c,
+ src/common.c, src/serv.c: [no log message]
+
+2003-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-05.txt,
+ doc/protocol/draft-ietf-tls-compression-06.txt,
+ doc/protocol/draft-ietf-tls-ecc-03.txt,
+ doc/protocol/draft-ietf-tls-ecc-04.txt: [no log message]
+
+2003-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: generated certificates by certtool now have
+ version 1 if they do not include extensions.
+
+2003-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/ext_server_name.c, lib/gnutls.h.in.in, opencdk.m4,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c: [no log
+ message]
+
+2003-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS, lib/gnutls_session.c, lib/x509/pkcs12.c,
+ libextra/gnutls_openssl.c, src/certtool.gaa, src/serv-gaa.c,
+ src/serv.c, src/serv.gaa: Some fixes pointed out by Dimitri
+ Papadopoulos-Orfanos <papadopo@shfj.cea.fr>
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-client-resume.tex, doc/tex/ex-client-srp.tex,
+ doc/tex/ex-client2.tex, doc/tex/ex-rfc2818.tex,
+ doc/tex/examples.tex: [no log message]
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ex-client-resume.tex,
+ doc/tex/ex-client-srp.tex, doc/tex/ex-client2.tex,
+ doc/tex/examples.tex: Simplified a bit the client examples.
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-client1.tex: [no log message]
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs5.c, src/certtool-gaa.c, src/certtool.gaa,
+ src/serv.c, src/tests.c: [no log message]
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: some changes in password reading.
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs5.c: some corrections in the pkcs5 module by Simon
+ Josefsson.
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_server_name.c, lib/gnutls_int.h: [no log message]
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h: [no log message]
+
+2003-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_cert.c, lib/defines.h,
+ lib/ext_server_name.c, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+ lib/gnutls_record.c, lib/gnutls_session.c, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_ui.h, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/extensions.c,
+ lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
+ lib/x509/pkcs5.c, lib/x509/privkey.c, lib/x509/privkey_pkcs8.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509_write.c,
+ lib/x509_b64.c, libextra/gnutls_srp.c, src/certtool.c,
+ src/common.c, src/serv.c: Several minor fixes in code and function
+ documentation.
+
+2003-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-crq.tex: [no log message]
+
+2003-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/common.c, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/x509.c, lib/x509/x509_write.c: [no log
+ message]
+
+2003-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/x509/crl.c, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/dn.h, lib/x509/extensions.c,
+ lib/x509/extensions.h, lib/x509/x509.c, src/certtool.c: * Added gnutls_x509_*_get_dn_oid() and
+ gnutls_x509_crt_get_extension_oid() functions which return the
+ available OIDs. * The certtool utility now prints all available extension OIDs and values.
+
+2003-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_str.c, lib/gnutls_str.h,
+ lib/x509/common.c, lib/x509/compat.c, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/rfc2818_hostname.c, lib/x509/x509.c, lib/x509/x509.h,
+ libextra/openpgp/openpgp.h: gnutls_x509_*_get_*_dn_by_oid()
+ functions have a raw_flag parameter added. Several other fixes.
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/gnutls/compat8.h,
+ includes/gnutls/openpgp.h, includes/gnutls/pkcs12.h,
+ includes/gnutls/x509.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/x509/compat.c, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h, lib/x509/pkcs12.c,
+ lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h,
+ lib/x509/x509_write.c, libextra/openpgp/openpgp.c, src/certtool.c,
+ src/cli.c, src/common.c, src/tests.c: gnutls_x509_*_set_dn_by_oid()
+ functions have a raw_flag parameter added. Some other fixes in
+ function types.
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, includes/gnutls/compat8.h, includes/gnutls/x509.h,
+ lib/gnutls.h.in.in, lib/x509/crq.c, lib/x509/crq.h,
+ lib/x509/x509.c, lib/x509/x509.h: Compatibility header for gnutls4
+ is no longer included in gnutls.h. Added deprecated warnings to
+ gnutls8 stuff.
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/openssl.h: [no log message]
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c, lib/x509/x509.c: [no log message]
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/common.c, lib/x509/crq.c,
+ lib/x509/x509_write.c: added gnutls_x509_oid_known() to report known
+ OIDs.
+
+2003-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509_write.c: added gnutls_x509_oid_known() to report
+ known OIDs.
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/defines.h, lib/gnutls.h.in.in,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
+ src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.gaa, src/prime.c,
+ src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.gaa: [no log
+ message]
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/ext_max_record.c, lib/gnutls_extensions.c,
+ lib/gnutls_int.h, src/cli.c: [no log message]
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_cert.c, lib/debug.c,
+ lib/ext_server_name.c, lib/gnutls_buffers.c, lib/gnutls_constate.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_mem.c,
+ lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ lib/x509/crl.c, lib/x509_b64.c, libextra/auth_srp.c,
+ libextra/auth_srp_sb64.c, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openssl.c, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/verify.c, src/common.h: Some bugfixes, and type
+ corrections.
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: [no log message]
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/x509/common.c, src/cli.c, src/common.c, src/serv.c: Added the
+ RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04.
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutls.m4, libextra/libgnutls-extra.m4: [no log message]
+
+2003-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/openssl.tex, includes/Makefile.am,
+ lib/minitasn1/mem.h, libextra/Makefile.am,
+ libextra/libgnutls-extra.vers: The openssl compatibility layer was
+ moved to gnutls-openssl to allow the extension of it without
+ bloating the libgnutls-extra.
+
+2003-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h: [no log message]
+
+2003-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: [no log message]
+
+2003-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Prints certificate information before signing.
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_random.h: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_random.c, src/crypt.c: Patch by Werner
+ Koch: * configure.in: Check for gcry_create_nonce. * lib/gnutls_random.c (_gnutls_get_random): Ditto. * src/crypt.c (_srp_crypt): Use gcry_create_nonce if available. Also removed some unneeded code in random.c.
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: Added capability to read CRLs to
+ certtool.
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls_x509.c, lib/x509/compat.c,
+ lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
+ lib/x509/x509.c, lib/x509/x509.h: Renamed several pkcs #7 related
+ functions. That is to allow future extensions to the API.
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12_bag.c,
+ lib/x509/x509.c, lib/x509/x509_write.c: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h: [no log message]
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/gnutls/x509.h, lib/gnutls.h.in.in,
+ lib/gnutls_dh_primes.c, lib/gnutls_ui.h, lib/x509/pkcs7.c,
+ lib/x509_b64.c, src/cli-gaa.c: Added gnutls_pkcs7_set_certificate2()
+ and gnutls_pkcs7_set_crl2() functions.
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs12_bag.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.c: added some check for the
+ input parameters.
+
+2003-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, libgcrypt.m4: [no log message]
+
+2003-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/x509/common.c, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/x509.c: Removed the
+ gnutls_handshake_set_rsa_pms_check() prototype from gnutls.h.
+ Corrected the *_get_dn() functions to return the data size if the
+ data argument is NULL, and *data_size == 0. Bugs reported by Gergely
+ Nagy <algernon@bonehunter.rulez.org>.
+
+2003-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/gnutls_constate.c, lib/gnutls_extensions.c,
+ lib/gnutls_session_pack.c: some fixes to have the correct cert_type
+ on resumed sessions.
+
+2003-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool.c: The certtool utility can now generate PKCS
+ #12 structures without specifying a certificate.
+
+2003-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/gnutls.bib: [no log message]
+
+2003-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/errors.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/mem.h,
+ lib/minitasn1/structure.c: Included the new libtasn 0.2.6.
+
+2003-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-03.txt,
+ doc/protocol/draft-ietf-tls-openpgp-keys-04.txt: [no log message]
+
+2003-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
+ src/cli.c, src/common.c, src/common.h, src/crypt-gaa.c,
+ src/crypt-gaa.h, src/crypt.gaa, src/prime.c, src/serv.c,
+ src/tests.c, src/tls_test-gaa.c, src/tls_test-gaa.h,
+ src/tls_test.c, src/tls_test.gaa: some code cleanups.
+
+2003-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, libextra/gnutls_srp.c: [no log message]
+
+2003-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.gaa,
+ src/common.c, src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.gaa,
+ src/tests.c, src/tests.h, src/tls_test-gaa.c, src/tls_test-gaa.h,
+ src/tls_test.c, src/tls_test.gaa: [no log message]
+
+2003-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/certtool-gaa.c, src/certtool.gaa, src/cli.c,
+ src/common.c, src/common.h, src/crypt-gaa.c, src/crypt.gaa,
+ src/serv.c, src/tls_test.c: [no log message]
+
+2003-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.gaa, src/crypt-gaa.c,
+ src/crypt-gaa.h, src/crypt.c, src/crypt.gaa: [no log message]
+
+2003-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: Corrected the types in
+ gnutls_anon_free_client_credentials() and
+ gnutls_anon_allocate_client_credentials(). Reported by Ivo.
+
+2003-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, src/crypt.c, src/tests.c, src/tls_test.c: [no log
+ message]
+
+2003-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_buffers.c, libextra/auth_srp_passwd.c,
+ libextra/gnutls_openpgp.c, libgcrypt.m4, src/Makefile.am,
+ src/certtool.c, src/cli-gaa.c, src/cli.c, src/crypt.c, src/serv.c,
+ src/tests.c, src/tests.h, src/tls_test-gaa.c, src/tls_test.c: some
+ changes to compile in mingw32.
+
+2003-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: added the new gdoc by Simon.
+
+2003-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_compress.c, lib/gnutls_handshake.c, lib/gnutls_ui.c,
+ lib/x509/privkey.c: [no log message]
+
+2003-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/pkcs12.h, lib/ext_server_name.c,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
+ lib/gnutls_db.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/extensions.h, lib/x509/pkcs12.c, lib/x509/pkcs5.c,
+ lib/x509/pkcs5.h, lib/x509/pkcs7.c, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/rfc2818_hostname.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509_b64.c, lib/x509_b64.h:
+ some type fixes. Based on build logs sent by Dimitri
+ Papadopoulos-Orfanos <papadopo@shfj.cea.fr>.
+
+2003-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: preserve the flags from the last certificate
+ verification, in a chain.
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/verify.c: added gnutls_openpgp_key_verify_self()
+ which verifies the self signature in the key.
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/openpgp.h, libextra/gnutls_openpgp.c,
+ libextra/openpgp/compat.c, libextra/openpgp/openpgp.c,
+ libextra/openpgp/verify.c, src/common.c: added
+ gnutls_openpgp_key_export() function.
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: [no log message]
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/library.tex,
+ includes/gnutls/openpgp.h, includes/gnutls/x509.h: [no log message]
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/compat.c, libextra/openpgp/openpgp.h,
+ libextra/openpgp/verify.c: [no log message]
+
+2003-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_int.h, lib/x509/pkcs12_bag.c,
+ lib/x509/privkey.h, lib/x509/privkey_pkcs8.c: Some changes to
+ preserve binary compatibility.
+
+2003-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Added option to certtool to use export-grade
+ algorithms. If password is set in pkcs8 mode, then the output
+ structure will be encrypted.
+
+2003-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/verify.c, libextra/openpgp/verify.c,
+ src/certtool-gaa.c, src/certtool.gaa, tests/test25.pem: [no log
+ message]
+
+2003-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/prime-gaa.c, src/prime-gaa.h, src/prime.gaa: [no log message]
+
+2003-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/Makefile.am: gdoc and sort1.pl are now included in the
+ distribution.
+
+2003-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/certificate.tex, doc/tex/cover.tex.in,
+ doc/tex/ex-rfc2818.tex, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+ lib/gnutls_int.h, lib/x509/compat.c, lib/x509/verify.c,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/verify.c, src/Makefile.am, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/common.c,
+ src/prime.c: * Several changes in certificate and key verification. * GNUTLS_CERT_NOT_TRUSTED was replaced by GNUTLS_CERT_INVALID, to
+ avoid having two flags for the same thing. * Updated documentation for openpgp key verification. * The prime tool was combined with the certtool.
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ libextra/gnutls_openpgp.c, libextra/openpgp/extras.c: [no log
+ message]
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, src/certtool.gaa, src/common.c: [no log message]
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/.cvsignore, libextra/openpgp/openpgp.c,
+ libextra/openpgp/openpgp.h: [no log message]
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/pkcs12.h, libextra/gnutls_openpgp.c,
+ src/certtool.c, src/common.c: more openpgp related changes.
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12_bag.c: Added gnutls_pkcs12_bag_set_crl() and
+ gnutls_pkcs12_bag_set_crt() functions.
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: [no log message]
+
+2003-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex, lib/Makefile.am, lib/gnutls_x509.c,
+ lib/strfile.h, libextra/gnutls_openpgp.c,
+ libextra/openpgp/openpgp.h, src/serv.c: some openpgp related
+ changes.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/crypt.c: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_global.c: added version check against libtasn1
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool.c, src/certtool.gaa,
+ src/common.c: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, src/cli.c, src/crypt.c, src/serv.c: Added error
+ checking to global_init() calls.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/handshake.tex, doc/tex/howto.tex:
+ Corrected some things in documentation. Got from Debian bug tracking
+ system, Reported by Ivan Nestlerode <nestler@speakeasy.net>
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/x509/pkcs12_bag.c,
+ libextra/openpgp/compat.c, libextra/openpgp/extras.c,
+ libextra/openpgp/verify.c: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/pkcs12.h, lib/gnutls.h.in.in,
+ lib/x509/pkcs12_bag.c, lib/x509/verify.c, src/certtool.c: introduced
+ gnutls_const_datum for gnutls_pkcs12_bag_get_data(). Some other
+ cleanups in the verification functions.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: corrected some bugs in the verification
+ functions.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/test22.pem: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c, src/certtool.c, tests/test23.pem: [no log
+ message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_int.h,
+ lib/x509/compat.c, lib/x509/verify.c, src/certtool.c, src/common.c,
+ tests/test1.pem, tests/test10.pem, tests/test13.pem,
+ tests/test2.pem, tests/test20.pem, tests/test21.pem,
+ tests/test22.pem, tests/test23.pem, tests/test24.pem,
+ tests/test25.pem, tests/test26.pem, tests/test3.pem: Improved the
+ certificate verification functions and the certtool program's
+ verification capability.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, src/crypt.c: Certtool is only compiled when
+ ENABLE_PKI is defined.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/Makefile.am: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509_b64.c, lib/x509_b64.h: Made the
+ B64FSIZE to return an accurate value.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/programs.tex, lib/x509/common.c,
+ lib/x509_b64.c, src/certtool.c: some fixes.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/programs.tex: [no log message]
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: added capability to print pkcs12 structures.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/libgnutls-extra.vers: exported OpenSSL* symbols.
+
+2003-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/rfc2818.h: added missing file.
+
+2003-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-pkcs12.tex, includes/gnutls/pkcs12.h,
+ lib/x509/common.c, src/certtool-gaa.c, src/certtool-gaa.h,
+ src/certtool.c, src/certtool.gaa: added pkcs #12 support to
+ certtool. Corrected some bugs in the export functions.
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-sharedkeys-01.txt,
+ doc/protocol/draft-ietf-tls-sharedkeys-02.txt: [no log message]
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: [no log message]
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool.c, src/certtool.gaa: [no log
+ message]
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_dh_primes.c: Used the new gcrypt API for
+ generating primes and groups.
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: added the --der option to certtool.
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/programs.tex,
+ includes/gnutls/openpgp.h, lib/x509/x509.c, lib/x509/x509_write.c,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: several improvements for the certtool utility.
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2003-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/manpages/Makefile.am,
+ doc/manpages/gnutls-cli-debug.1, doc/manpages/gnutls-cli.1,
+ doc/manpages/gnutls-serv.1, doc/manpages/gnutls-srpcrypt.1: Added
+ manpages created by Ivo Timmermans <ivo@o2w.nl>
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
+ src/cli.gaa, src/common.c: Added the --print-cert option to
+ gnutls-cli.
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/Makefile.am: [no log message]
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509/common.c, lib/x509/mpi.c,
+ lib/x509/mpi.h, lib/x509/privkey.c, lib/x509/privkey.h,
+ lib/x509/x509.c, lib/x509_b64.c, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa: Added
+ capability to print the keyid of a certificate or a private key to
+ certtool. Updated the key_id functions to return the hash of the
+ SubjectPublicKey.
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Added fingerprint calculation to certtool.
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, libextra/gnutls_openssl.c: added configure option to
+ disable the openssl compatibility layer.
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c: a fix in the get_subject_alt_name, to return
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when finished reading.
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool.c: Added capability to decode some X.509v3
+ extensions.
+
+2003-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Added certificate chain verification capability to
+ certtool
+
+2003-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c: [no log message]
+
+2003-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
+ lib/x509/crq.c, lib/x509/privkey_pkcs8.c, src/Makefile.am,
+ src/certtool-gaa.c, src/certtool-gaa.h, src/certtool.c,
+ src/certtool.gaa: Several improvments in the certtool.
+
+2003-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/privkey_pkcs8.c, src/Makefile.am, src/certtool-gaa.c,
+ src/certtool-gaa.h, src/certtool.c, src/certtool.gaa, src/common.c:
+ Added a certtool primitive command line utility
+
+2003-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/crl.c, lib/x509/dn.c, lib/x509/extensions.c,
+ lib/x509/extensions.h, lib/x509/mpi.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/x509.h, lib/x509/x509_write.c: Improved
+ the certificate generation stuff.
+
+2003-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, includes/gnutls/x509.h, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/dn.c, lib/x509/dn.h, lib/x509/sign.c,
+ lib/x509/x509_write.c: Almost finished the X.509 certificate
+ generation.
+
+2003-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, configure.in, includes/gnutls/x509.h,
+ lib/Makefile.am, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
+ lib/x509/x509_write.c, libgcrypt.m4: Added some support for writable
+ gnutls_x509_crt structures. Not ready yet.
+
+2003-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_mem.h, lib/minitasn1/mem.h: some
+ alloca-related fixes. Patch by Philip Brown <phil@bolthole.com>.
+
+2003-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/rfc2818_hostname.c: The hostname verification in the
+ certificate is now case insensitive.
+
+2003-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2003-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2003-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_handshake.c: corrected a bug in the debugging
+ output of handshake. Pointed out by Mark McLoughlin
+ <mark@skynet.ie>.
+
+2003-10-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.h:
+ Corrected issue in openpgp code, which did not allow compilation
+ when opencdk was not present.
+
+2003-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2003-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cover.tex.in: [no log message]
+
+2003-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: opencdk is now mandatory in the base installation.
+
+2003-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/openpgp.h, includes/gnutls/x509.h,
+ lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_rsa_export.c,
+ lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
+ lib/x509/common.c, lib/x509/pkcs5.c, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/x509.c, lib/x509/x509.h,
+ libextra/openpgp/openpgp.c: Some changes in types.
+
+2003-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h: [no log message]
+
+2003-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/extensions.c, lib/x509/x509.c, lib/x509/x509.h: [no log
+ message]
+
+2003-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls_errors.c, lib/gnutls_global.c,
+ lib/gnutls_int.h, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/crl.c, lib/x509/crq.c, lib/x509/crq.h, lib/x509/dn.c,
+ lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/privkey.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h,
+ lib/x509_b64.c, libextra/auth_srp_sb64.c: Corrected some of the
+ return types. Several other minor corrections.
+
+2003-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/README.autoconf, doc/tex/gnutls.bib,
+ lib/gnutls_pk.c: [no log message]
+
+2003-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/fdl.tex, doc/tex/gnutls.bib: [no log message]
+
+2003-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/fdl.tex, doc/tex/funcs.tex, doc/tex/gnutls.bib:
+ Documentation is now under FDL 1.2.
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/funcs.tex, libextra/Makefile.am,
+ libextra/gnutls_openpgp.c, libextra/openpgp/Makefile.am,
+ libextra/openpgp/gnutls_openpgp.c: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, libextra/Makefile.am, src/cli.c,
+ src/common.c, src/serv.c: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/Makefile.am, doc/tex/funcs.tex,
+ includes/Makefile.am, includes/gnutls/openpgp.h, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/pkcs12.c, lib/x509/pkcs12_bag.c,
+ lib/x509/pkcs7.c, lib/x509/privkey.c, lib/x509/x509.c,
+ libextra/Makefile.am, libextra/gnutls_extra.c,
+ libextra/openpgp/Makefile.am, libextra/openpgp/gnutls_openpgp.h,
+ libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h,
+ src/common.c: Updated the openpgp key API.
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/Makefile.am: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, includes/gnutls/openpgp.h, libextra/Makefile.am,
+ libextra/gnutls_openpgp.h, libextra/openpgp/Makefile.am,
+ libextra/openpgp/gnutls_openpgp.c,
+ libextra/openpgp/gnutls_openpgp.h, libextra/openpgp/openpgp.c,
+ libextra/openpgp/openpgp.h: Converted the pgp verification functions
+ to the new API.
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, includes/gnutls/openpgp.h,
+ libextra/openpgp/gnutls_openpgp.c: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/xml.c: the place where the XML stuff were moved.
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/openpgp/Makefile.am, libextra/openpgp/gnutls_openpgp.c,
+ libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h: Updated the
+ old opencdk code and moved the XML stuff. Based on patch by Mikhail
+ Teterin <mi+mx@aldan.algebra.com>.
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/Makefile.am, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/x509/Makefile.am,
+ lib/x509/rfc2818_hostname.c, libextra/Makefile.am, src/cli.c,
+ src/common.c, src/common.h, src/serv.c: Applied patch by Arne that
+ fixes several possible NULL pointer dereferences.
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: Disable buffering. Clear FD set. Patch by Simon
+ Josefsson <jas@extundo.com>
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: [no log message]
+
+2003-10-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/Makefile.am, libextra/gnutls_openpgp.c,
+ libextra/openpgp/Makefile.am, libextra/openpgp/gnutls_openpgp.c,
+ libextra/openpgp/openpgp.c, libextra/openpgp/openpgp.h: started some
+ rewrite of the openpgp stuff.
+
+2003-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli.gaa: [no log message]
+
+2003-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/common.h, src/serv.c: Rolled back some of Arne's
+ changes. Now the ciphers can be set in the client/server.
+
+2003-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, doc/tex/Makefile.am, lib/gnutls_errors.c: Patch
+ by Arne. Fixes a linking problem with _gnutls_handshake2str() and
+ _gnutls_packet2str(). Some other fixes in the documentation creation.
+
+2003-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_record.c,
+ lib/gnutls_state.c, lib/minitasn1/structure.c, src/cli.c,
+ src/common.c, src/serv.c: A new patch by Arne. More bug fixes and
+ optimizations.
+
+2003-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: Corrected some unaligned accesses in IA64.
+ Initial patch by Ian Wienand <ianw@gelato.unsw.edu.au>.
+
+2003-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_srp.c: Corrected a bug in the SRP U calculation.
+ Reported by Casey Marshall <rsdio@metastatic.org>.
+
+2003-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/common.c: Applied Simos' patch for the SIGALRM
+ triggered handshake.
+
+2003-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_pk.c, lib/x509/rfc2818_hostname.c:
+ some cleanups.
+
+2003-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-serv-pgp.tex, includes/gnutls/x509.h, src/cli.c,
+ src/common.c, src/common.h, src/serv.c, src/tests.c: Added a
+ hostname check with the certificate in the gnutls-cli.
+
+2003-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ libextra/gnutls_openssl.c, src/cli.c, src/serv.c, src/tests.c:
+ RIJNDAEL ciphersuites were renamed to AES.
+
+2003-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2003-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: [no log message]
+
+2003-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_handshake.c, lib/gnutls_v2_compat.c, src/cli.c,
+ src/serv.c: some more cleanups.
+
+2003-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, src/cli.c, src/serv.c: Corrected the
+ client's behaviour in the handshake handling. Some fixes in the
+ documentation.
+
+2003-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/crypt.c: [no log message]
+
+2003-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, src/cli.c: [no log message]
+
+2003-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutls.vers, libextra/libgnutls-extra.vers: [no log
+ message]
+
+2003-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/libgnutls.vers,
+ libextra/Makefile.am, libextra/libgnutls-extra.vers: Some additions
+ to export only the documented API, and some support for versioning.
+
+2003-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/.cvsignore, doc/tex/library.tex, lib/debug.c,
+ lib/debug.h, lib/gnutls_errors.c, src/cli.c: cleanups.
+
+2003-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c, src/crypt-gaa.c, src/crypt-gaa.h,
+ src/crypt.c, src/crypt.gaa, src/srp/tpasswd, src/srp/tpasswd.conf:
+ Corrected and improved SRP support. The gnutls-srpcrypt now
+ generates several primes.
+
+2003-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c: added a size check in the group generator
+ received by the server.
+
+2003-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/README.autoconf, doc/TODO,
+ doc/tex/ex-pkcs12.tex, includes/gnutls/x509.h,
+ lib/x509/privkey_pkcs8.c, src/cli.c: Improved the error handling in
+ the gnutls-cli.
+
+2003-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ libextra/auth_srp.c: [no log message]
+
+2003-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_alert.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, libextra/auth_srp.c, src/crypt.c,
+ src/srp/tpasswd, src/srp/tpasswd.conf: Updated the SRP
+ implementation to follow the latest draft.
+
+2003-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tls_test.c: corrected bug which made some tests
+ now to be compiled.
+
+2003-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/x509_b64.c, src/retcodes.c: More more fixes by Arne.
+
+2003-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_b64.c: [no log message]
+
+2003-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_server_name.c: [no log message]
+
+2003-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c, src/tests.c, src/tls_test-gaa.c, src/tls_test-gaa.h,
+ src/tls_test.c, src/tls_test.gaa: corrected bug in the session
+ resumption detection in the gnutls-cli-debug, and other minor fixes.
+
+2003-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/programs.tex, src/tls_test.c: [no log message]
+
+2003-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/openssl.h, lib/gnutls_compress_int.c,
+ src/tls_test.c: minor cleanups.
+
+2003-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2003-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509_b64.c: CR is now allowed in the base64 decoder.
+
+2003-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/README.CVS: [no log message]
+
+2003-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: _gnutls_bin2hex function was removed from
+ gnutls_errors.c
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: [no log message]
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_global.c, lib/rc2.c, lib/rc2.h,
+ lib/x509/Makefile.am, lib/x509/rc2.c, lib/x509/rc2.h: RC2 is not
+ included when PKCS#12 is disabled.
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/README.CODING_STYLE, doc/README.CVS: [no log
+ message]
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/defines.h, lib/rc2.c: RC2 was made reentrant.
+ The stddef.h is now included if found.
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_global.c: [no log message]
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_global.c:
+ added better check for gcrypt library.
+
+2003-08-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_record.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
+ libextra/ext_srp.c: Arne: - gcry_check_version() _must_ be called nowadays, says
+ libgcrypt-1.1.42/NEWS. - configure.in: the respective test in configure.in included
+ <sys/stddef.h> (which doesn't exist) instead of the usual
+ <stddef.h>. - lib/gnutls_errors.c: declaration of function _gnutls_bin2hex()
+ doesn't match prototype from file lib/gnutls_str.h, causing
+ compilation failure - configure.in: -Wsign-compare removed.
+
+2003-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/dh_compat.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_compress.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_mem.c, lib/gnutls_record.c,
+ lib/gnutls_rsa_export.c, lib/rsa_compat.c, lib/x509/common.c,
+ lib/x509_b64.c, libextra/ext_srp.c: more fixes by Arne.
+
+2003-08-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/rc2.c: Cleaned up the RC2 cipher.
+
+2003-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/alert.tex, doc/tex/ciphersuites.tex,
+ doc/tex/ex-cert-select.tex, doc/tex/howto.tex, doc/tex/record.tex,
+ doc/tex/record_weaknesses.tex, doc/tex/srp.tex,
+ doc/tex/translayer.tex, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dh_common.c, lib/auth_rsa_export.c, lib/dh_compat.c,
+ lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_compress_int.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_mem.c,
+ lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_record.c,
+ lib/gnutls_state.c, lib/gnutls_x509.c, lib/io_debug.h,
+ lib/x509/compat.c, lib/x509/verify.c, libextra/auth_srp_sb64.c,
+ src/retcodes.c: still more patches by Arne Thomassen
+
+2003-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_compress_int.c,
+ lib/gnutls_record.c: some more cleanups.
+
+2003-08-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/record_weaknesses.tex, lib/gnutls_anon_cred.c,
+ lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
+ lib/gnutls_compress_int.c, lib/gnutls_db.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_record.c,
+ lib/x509/pkcs7.c, lib/x509_b64.c, libextra/auth_srp_passwd.h,
+ libextra/auth_srp_sb64.c, libextra/ext_srp.c: more patches by Arne
+ Thomassen.
+
+2003-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mpi.c: [no log
+ message]
+
+2003-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_anon_cred.c: [no log message]
+
+2003-08-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/README.CODING_STYLE, doc/README.CVS,
+ doc/protocol/draft-ietf-tls-rfc2246-bis-04.txt,
+ doc/protocol/draft-ietf-tls-rfc2246-bis-05.txt,
+ includes/gnutls/x509.h, lib/auth_anon.c, lib/auth_cert.c,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/gnutls_alert.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_compress_int.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_int.h, lib/gnutls_num.c, lib/gnutls_pk.c,
+ lib/gnutls_random.c, lib/gnutls_state.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_x509.c, lib/minitasn1/errors.c, lib/rc2.c,
+ libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_rsa.c, libextra/gnutls_extra.c,
+ libextra/gnutls_openssl.c, libextra/gnutls_srp.h, src/common.c,
+ src/serv.c, tests/x509_test.c: Applied patch from Arne Thomassen
+ <arne@arne-thomassen.de>, which corrects several things in the
+ library.
+
+2003-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/debug.c, lib/gnutls_algorithms.c,
+ lib/gnutls_cert.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_dh.h, lib/gnutls_global.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_rsa_export.c, lib/rc2.c, lib/rc2.h,
+ lib/x509/pkcs12.c, lib/x509/pkcs12.h, lib/x509/pkcs12_encr.c,
+ lib/x509/pkcs5.c, lib/x509/privkey.c, lib/x509/privkey.h,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.h: Ported to the new
+ libgcrypt (still unstable). Also added the RC2 cipher and improved
+ the PKCS #12 stuff in order to support it.
+
+2003-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/Makefile.am, lib/minitasn1/coding.c,
+ lib/minitasn1/decoding.c, lib/minitasn1/element.c: * Added the new libtasn1. * the tex files are included in the distribution.
+
+2003-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: added missing rfc2818_hostname.lo object.
+
+2003-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12_encr.c: Removed the salt size restriction
+ (multiple of 8) to allow parsing IE5 generated structures.
+
+2003-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat4.h: [no log message]
+
+2003-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/ex-client-srp.tex,
+ doc/tex/ex-client1.tex, doc/tex/ex-serv1.tex, doc/tex/handshake.tex:
+ [no log message]
+
+2003-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-client-resume.tex, doc/tex/ex-client-srp.tex,
+ doc/tex/ex-client1.tex, doc/tex/ex-client2.tex,
+ doc/tex/ex-serv-export.tex, doc/tex/ex-serv-pgp.tex,
+ doc/tex/ex-serv-srp.tex, doc/tex/ex-serv1.tex: added the
+ (gnutls_transport_ptr) cast to example programs.
+
+2003-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: [no log
+ message]
+
+2003-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.h.in.in: [no log message]
+
+2003-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/tex/ex-pkcs12.tex, lib/x509/pkcs12_encr.c: [no log
+ message]
+
+2003-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-pkcs12.tex, includes/Makefile.am,
+ includes/gnutls/Makefile.am, includes/gnutls/pkcs12.h,
+ includes/gnutls/x509.h: [no log message]
+
+2003-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12_encr.c: [no log message]
+
+2003-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/tex/Makefile.am,
+ doc/tex/certificate.tex, doc/tex/ex-crq.tex, doc/tex/ex-pkcs12.tex,
+ doc/tex/examples.tex, doc/tex/gnutls.tex: some reorganization on the
+ documentation. Added also stuff about PKCS #12 structures.
+
+2003-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: Corrected a null pointer dereference in
+ gnutls_certificate_get_ours(). Report and Patch by Steve Langasek.
+
+2003-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c:
+ some cleanups.
+
+2003-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls_buffers.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/gnutls_pk.c, lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/pkcs12.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c: Added function to do
+ the MAC verification in the PKCS #12 structure.
+
+2003-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/common.h, lib/x509/dn.c,
+ lib/x509/dn.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h: Added stuff
+ needed to read PKCS #12 bag attributes.
+
+2003-06-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/common.c,
+ lib/x509/dn.c, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c: Added ability to write Bag attributes
+ LocalKeyId and friendlyName, in order for browsers to be able to
+ import our structures.
+
+2003-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls_state.c, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/pkcs12_encr.c,
+ lib/x509/privkey_pkcs8.c: some cleanups.
+
+2003-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/decoding.c, lib/minitasn1/element.c: added new
+ Fabio's fixes.
+
+2003-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs12.c, lib/x509/privkey_pkcs8.c: PKCS #12 generation,
+ finaly can interoperate with openssl even in the encrypted case.
+
+2003-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs12.c,
+ lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c:
+ Some more improvements in the PKCS #12 part. Now it interoperates
+ with openssl pkcs12, in the unencrypted case.
+
+2003-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs5.c, lib/x509/privkey.h,
+ lib/x509/privkey_pkcs8.c: Several more additions to PKCS #12 to
+ allow encrypting bags. Still not interoperable.
+
+2003-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, includes/gnutls/x509.h, lib/gnutls_algorithms.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_errors.c, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_session.c,
+ lib/gnutls_state.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs12.c,
+ lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
+ lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c: More PKCS #12 additions.
+ Now the code can generate PKCS #12 files. Also added the ability to
+ decrypt plain DES encrypted PKCS #8 keys.
+
+2003-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls_cert.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_encr.c, lib/x509/pkcs5.c: Passwords in PKCS5 and
+ PKCS12 are now restricted to ASCII ones.
+
+2003-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/pkcs12.c, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c: Some changes in
+ PKCS12 to allow a bag to hold more than one elements.
+
+2003-06-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/x509/common.h, lib/x509/pkcs12.c,
+ lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c, lib/x509/privkey_pkcs8.c:
+ some pkcs12 improvements.
+
+2003-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/Makefile.am, lib/x509/common.h, lib/x509/pkcs12.h,
+ lib/x509/pkcs12_bag.c, lib/x509/pkcs12_encr.c,
+ lib/x509/privkey_pkcs8.c: Some additions to allow decrypting PKCS #5
+ encrypted data, with PKCS #12 schema OIDs.
+
+2003-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-cert-select.tex, doc/tex/ex-client2.tex,
+ doc/tex/ex-serv-srp.tex, doc/tex/layers.tex, doc/tex/record.tex,
+ doc/tex/tlsintro.tex, includes/gnutls/x509.h, lib/Makefile.am,
+ lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/x509/Makefile.am, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/pkcs12.c, lib/x509/pkcs12.h, lib/x509/pkcs12_bag.c,
+ lib/x509/privkey.h: Some improvements in PKCS12 parser. Now it can
+ extract private keys from the structure.
+
+2003-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/protocol/draft-ietf-tls-extensions-06.txt,
+ doc/protocol/rfc3546.txt, doc/tex/gnutls.bib: new extensions RFC
+
+2003-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-srp-04.txt,
+ doc/protocol/draft-ietf-tls-srp-05.txt, doc/tex/gnutls.bib: new srp
+ draft.
+
+2003-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.bib, doc/tex/library.tex: corrected a typo.
+
+2003-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c: [no log message]
+
+2003-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: added the most compatible ciphers in
+ default priorities.
+
+2003-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/cli.c, src/crypt.c: Corrected bug in SRP where a non
+ allocated value was freed. Reported by Hiroshi Hayakawa
+ <deuva@rapid.ocn.ne.jp>. Also the SRP programs are now build by default (they weren't due to
+ a bug).
+
+2003-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-01.txt,
+ doc/protocol/draft-ietf-tls-ecc-03.txt: [no log message]
+
+2003-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-03.txt,
+ doc/protocol/draft-ietf-tls-rfc2246-bis-04.txt: [no log message]
+
+2003-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h: [no log message]
+
+2003-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dh_common.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
+ lib/gnutls_dh.c, lib/x509/privkey.c, lib/x509/x509.c: [no log
+ message]
+
+2003-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-04.txt,
+ doc/protocol/draft-ietf-tls-compression-05.txt,
+ doc/protocol/draft-ietf-tls-sharedkeys-01.txt: [no log message]
+
+2003-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_buffers.c: Corrected a bug in the record layer
+ buffering, which affected the case where external pull function was
+ used. Report and a patch by Sergey Poznyakoff
+ <gray@Mirddin.farlep.net>.
+
+2003-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_server_name.c, lib/ext_server_name.h, lib/gnutls.h.in.in:
+ [no log message]
+
+2003-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h, lib/minitasn1/decoding.c, lib/minitasn1/element.c,
+ lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs12.c,
+ lib/x509/pkcs12.h: some more stuff about PKCS12. Still on early
+ stage and incomplete.
+
+2003-05-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c: [no log message]
+
+2003-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h: [no log message]
+
+2003-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/openssl.h: [no log message]
+
+2003-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_cipher.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/der.h, lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+ lib/x509/privkey.c, lib/x509/x509.c, libextra/gnutls_openssl.c,
+ libextra/gnutls_srp.c, src/serv-gaa.c, src/serv.c, src/serv.gaa:
+ Several fixes in several places. Patch by Sean Gao
+ <sean.gao@sun.com>.
+
+2003-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: Corrections in the TLS layer openpgp certificate
+ packet parser.
+
+2003-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: [no log message]
+
+2003-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_x509.c,
+ lib/x509/privkey.c, lib/x509/privkey.h, lib/x509/x509.c, src/serv.c: * Added gnutls_x509_privkey_get_key_id() and
+ gnutls_x509_crt_get_key_id() functions which return a unique (per
+ public key) ID. These can be used to check if the private key
+ corresponds to a given certificate.
+
+2003-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c: [no log message]
+
+2003-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/x509guide.txt: [no log message]
+
+2003-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c: The PEM header for certificate requests is now
+ BEGIN NEW CERTIFICATE REQUEST.
+
+2003-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_x509.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509/crq.c, lib/x509/pkcs7.c: Renamed all of the PKCS #xx stuff
+ names, to pkcs-x-name.
+
+2003-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/x509/Makefile.am, lib/x509/common.h,
+ lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c: [no log message]
+
+2003-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c: added definitions for pkcs12
+
+2003-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: Corrected a bug in gnutls-cli while resuming sessions.
+ Reported by Ivo Timmermans, patch by Gergely Nagy
+ <algernon@boszorka.mad.hu>.
+
+2003-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_server_name.c: Corrected bug in server_name extension
+ which made the client to send the wrong size of data.
+
+2003-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/common.c, src/serv.c: [no log message]
+
+2003-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c: Increased the default DH bits limit.
+
+2003-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/verify.c: some prototype fixes.
+
+2003-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-02.txt,
+ doc/protocol/draft-ietf-tls-openpgp-keys-03.txt: [no log message]
+
+2003-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_extra.c, src/cli.c, src/common.c, src/crypt.c,
+ src/serv.c, src/tests.c, src/tls_test.c: Some fixes to allow proper
+ compiling when --disable-srp-authentication and
+ --disable-anon-authentication are specified. Patch by Paul Sheer.
+
+2003-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_cert.c, lib/gnutls_x509.c,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/compat.c,
+ lib/x509/crl.c, lib/x509/crq.c, lib/x509/pkcs5.c, lib/x509/pkcs7.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/sign.c, lib/x509/verify.c,
+ lib/x509/x509.c, lib/x509/xml.c, src/cli.c, src/common.c,
+ src/serv.c: Added the --disable-extra-pki configure option, which
+ disables all extra PKI stuff like PKCS #7, PKCS #10 etc. To be used
+ in constraint systems.
+
+2003-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/x509.c: [no log message]
+
+2003-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_mpi.c, lib/minitasn1/decoding.c, lib/x509/crl.c,
+ lib/x509/x509.c, libextra/gnutls_openpgp.c: several bug fixes in the
+ certificate parsing, and some in the asn1 parser.
+
+2003-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_x509.c, lib/x509/crl.c,
+ lib/x509/x509.c: More fixes to eliminate constants.
+
+2003-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
+ lib/x509/mpi.c, lib/x509/privkey.c, lib/x509/x509.h: Eliminated the
+ need for a hard coded max MPI parameter size.
+
+2003-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.sym, libextra/gnutls-extra.sym: [no log message]
+
+2003-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/common.h, lib/x509/xml.c,
+ src/common.c: Some fixes in the gnutls_x509_crt_to_xml() function.
+
+2003-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/x509/pkcs7.c, libextra/Makefile.am: [no log
+ message]
+
+2003-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_b64.c: some cleanups.
+
+2003-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/gnutls/x509.h, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/crl.c, lib/x509/pkcs7.c: Several
+ improvments in the PKCS #7 handling. Added capability to delete
+ certificates, and handle CRLs.
+
+2003-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/privkey_pkcs8.c,
+ lib/x509/x509.c, lib/x509/x509.h: several cleanups.
+
+2003-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_b64.c, lib/x509_b64.h: [no log message]
+
+2003-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/pkcs7.c,
+ lib/x509/x509.c, lib/x509_b64.c, lib/x509_b64.h: Several fixes to
+ allow exporting the PKCS #7 structures.
+
+2003-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/pkcs7.c, lib/x509/privkey_pkcs8.c: [no log message]
+
+2003-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_handshake.c,
+ lib/gnutls_v2_compat.c: Some improvements in the version detection
+ in the client hello.
+
+2003-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/x509/pkcs7.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h: Added
+ functionality to generate PKCS #7 structures. Currently only
+ certificates can be put there. (untested)
+
+2003-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: Added
+ the --debug option to the gnutls-serv.
+
+2003-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/minitasn1/coding.c, lib/minitasn1/element.c,
+ lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/parser_aux.c, lib/pkix.asn, src/tests.c, src/tests.h,
+ src/tls_test.c: Added bogus TLS record version check in the
+ gnutls-cli-debug tool.
+
+2003-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/ext_server_name.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_session_pack.c,
+ lib/gnutls_sig.c, lib/x509/crl.c, lib/x509/crq.c, lib/x509/mpi.c,
+ lib/x509/privkey.c, lib/x509/privkey_pkcs8.c, lib/x509/sign.c,
+ lib/x509/verify.c, lib/x509/x509.c: Several
+ GNUTLS_E_UNIMPLEMENTED_FEATURE errors were replaced with meaningful
+ error values.
+
+2003-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Added the
+ --debug option in the client.
+
+2003-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_cert.c, lib/gnutls_buffers.c, lib/gnutls_global.c,
+ lib/gnutls_kx.c: * Corrected behaviour when a certificate request message is
+ received. Now a certificate packet is always sent, and in SSL 3.0
+ cipher suites a no_certificate alert is sent instead.
+
+2003-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: Corrected a parsing error in the Certificate
+ request message.
+
+2003-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509/Makefile.am: last changes for 0.9.3 release.
+
+2003-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
+ lib/x509/verify.c: reduced the FIXMEs.
+
+2003-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/privkey.h,
+ lib/x509/privkey_pkcs8.c, src/cli-gaa.c, src/cli.gaa: Allow for
+ unencrypted PKCS #8 private keys.
+
+2003-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: [no log message]
+
+2003-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_rsa_export.c:
+ The functions that return the pkix_asn and gnutls_asn types were
+ converted to macros.
+
+2003-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c, lib/x509/common.h, lib/x509/privkey_pkcs8.c,
+ lib/x509/xml.c: Some cleanups.
+
+2003-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/Makefile.am,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/x509/privkey_pkcs8.c, lib/x509/x509.c, lib/x509/x509.h: * Added support for encoding and decoding PKCS #8 2.0 encrypted RSA private keys.
+
+2003-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/funcs.tex, lib/gnutls_cert.c, lib/x509/Makefile.am:
+ the idea of using a separate library for x509 stuff was dropped for
+ now.
+
+2003-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: more cleanups.
+
+2003-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_x509.c: [no log message]
+
+2003-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls.h.in.in,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_x509.c,
+ lib/minitasn1/coding.c, lib/pkix.asn, lib/x509/crl.c,
+ lib/x509/x509.c, lib/x509/x509.h: * Added the new functions: gnutls_certificate_set_x509_key() gnutls_certificate_set_x509_trust(),
+ gnutls_certificate_set_x509_crl(), gnutls_x509_crt_export(),
+ gnutls_x509_crl_export().
+
+2003-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/privkey_pkcs8.c: [no log
+ message]
+
+2003-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509/Makefile.am,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/pkcs5.c,
+ lib/x509/pkcs5.h, lib/x509/privkey.c, lib/x509/privkey.h,
+ lib/x509/privkey_pkcs8.c: Added ability to import PKCS8 encrypted
+ keys.
+
+2003-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-serv-export.tex, includes/gnutls/compat8.h,
+ lib/gnutls.h.in.in, lib/gnutls_ui.c, src/prime-gaa.c, src/prime.gaa: * The gnutls_certificate_set_rsa_params() was renamed to gnutls_certificate_set_rsa_export_params().
+
+2003-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-serv-export.tex, doc/tex/ex-serv1.tex: [no log message]
+
+2003-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_int.h, lib/gnutls_pk.c: [no log
+ message]
+
+2003-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_rsa.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_pk.c, lib/gnutls_state.c, src/tests.c, src/tests.h,
+ src/tls_test.c: * The RSA premaster secret version check can no longer be disabled. * Implemented the counter measure discussed in the paper "Attacking RSA-based Sessions in SSL/TLS", against the attack discussed in
+ the same paper. * Added the functions: gnutls_handshake_get_last_in(), gnutls_handshake_get_last_out().
+
+2003-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_priority.c, lib/minitasn1/coding.c,
+ lib/minitasn1/decoding.c, lib/minitasn1/element.c,
+ lib/minitasn1/errors.c, lib/minitasn1/errors_int.h,
+ lib/minitasn1/int.h, lib/minitasn1/libtasn1.h,
+ lib/minitasn1/structure.c, lib/x509/dn.c: * The diffie Hellman ciphersuites are now of higher priority than the plain RSA. * Added the new libtasn1.
+
+2003-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/auth_rsa.c, lib/debug.c, lib/debug.h,
+ lib/dh_compat.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
+ lib/gnutls_alert.h, lib/gnutls_buffers.c, lib/gnutls_constate.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_pk.c, lib/gnutls_sig.c, lib/rsa_compat.c, lib/x509/dn.c,
+ lib/x509/x509.c, libextra/auth_srp.c, libextra/gnutls_openpgp.c,
+ src/cli.c: * Improved the error logging functions, by adding a level, and by allowing debugging messages just by increasing the level.
+
+2003-03-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/tex/Makefile.am,
+ doc/tex/ex-info.tex, doc/tex/ex-session-info.tex,
+ doc/tex/ex-x509-info.tex, doc/tex/examples.tex: [no log message]
+
+2003-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2003-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/funcs.tex, lib/Makefile.am, lib/x509/Makefile.am:
+ some of the extra X.509 functionality was moved to libgnutls-x509
+ library.
+
+2003-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c, lib/gnutls_errors.c, lib/gnutls_pk.c,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/mpi.c, lib/x509/sign.c,
+ lib/x509/verify.c, lib/x509/x509.c: better use of asn1_der_coding()
+ to avoid using static buffers.
+
+2003-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c: [no log message]
+
+2003-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/x509/common.c,
+ lib/x509/verify.c, lib/x509/x509.h: MD2 support was dropped this is
+ an algorithm we cannot use.
+
+2003-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/sign.c, lib/x509/verify.c: some cleanups.
+
+2003-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/crq.c, lib/x509/x509.c: Added
+ gnutls_x509_crq_get_challenge_password().
+
+2003-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CVS: [no log message]
+
+2003-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/tex/Makefile.am,
+ doc/tex/ex-crq.tex, doc/tex/examples.tex: added an example about
+ certificate request and private key generation.
+
+2003-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_int.h, lib/x509/crq.c, lib/x509/x509.c: [no log
+ message]
+
+2003-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/gnutls/x509.h, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/common.c, lib/x509/common.h,
+ lib/x509/crq.c, lib/x509/dn.c, lib/x509/dn.h, lib/x509/x509.c,
+ libextra/auth_srp_rsa.c: Added support for PKCS#10 certificate
+ requests generation.
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/rfc2985.txt: added pkcs9 rfc.
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/crq.c: several other additions and fixes for the
+ certificate request stuff.
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crq.c,
+ lib/x509/dn.c, lib/x509/dn.h, lib/x509/mpi.c, lib/x509/mpi.h,
+ lib/x509/sign.c, lib/x509/sign.h: several other additions and fixes
+ for the certificate request stuff.
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/Makefile, tests/openpgp_test.c: [no log message]
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/rfc2986.txt: added rfc for certificate requests.
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/pkix.asn,
+ lib/pkix_asn1_tab.c, lib/x509/Makefile.am, lib/x509/crl.c,
+ lib/x509/crq.c, lib/x509/crq.h, lib/x509/pkcs7.c,
+ lib/x509/privkey.c, lib/x509/sign.c, lib/x509/sign.h,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/x509.h: Added some
+ stuff needed in PKCS#10 certificate request generation. Some other
+ fixes as well.
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: [no log message]
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/auth_rsa_export.c, lib/gnutls_int.h,
+ lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/x509/privkey.c, lib/x509/x509.h: The RSA parameters handling
+ functions, are now implemented using the rsa privkey functions.
+
+2003-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/privkey.c: added flags to
+ privkey_generate()
+
+2003-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: unmap data and close the file descriptor after
+ the mmap().
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, libextra/gnutls_srp.c: [no log message]
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_srp.c: fixed a memory leak. Reported by Rupert
+ Kittinger <r.kittinger@efkon.com>
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls_dh_primes.c, lib/gnutls_x509.c,
+ src/cli.c: Use mmap() if available to read files.
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/Makefile.am, lib/defines.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_x509.c, lib/strnstr.c,
+ lib/x509/crl.c, lib/x509/pkcs7.c, lib/x509/privkey.c,
+ lib/x509_b64.c: * Added an strnstr() function and the requirement in some functions
+ to use null terminated PEM structures is no more.
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: [no log message]
+
+2003-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_mpi.h,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_x509.c,
+ lib/x509/privkey.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509.h, libextra/auth_srp_rsa.c, libextra/gnutls_openpgp.c: * Added ability to generate RSA keys. * Increased the maximum parameter size in order to read some large
+ keys by some CAs. Patch by Ian Peters <itp@ximian.com>. * Rolled back some of yesterdays changes. The gnutls_x509_privkey,
+ was replaced (again) by the gnutls_privkey.
+
+2003-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_cert.c, lib/auth_cert.h,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, lib/gnutls_privkey.h, lib/gnutls_sig.c,
+ lib/gnutls_sig.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/x509/privkey.c, lib/x509/x509.h: some improvements in the
+ private key handling api. It is now used internally.
+
+2003-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_ui.c: [no log message]
+
+2003-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_ui.c: The fingerprint now accepts a
+ pointer to an int instead of a ptr to a size_t.
+
+2003-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-info.tex, src/common.c: [no log message]
+
+2003-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS: [no log message]
+
+2003-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-02.txt,
+ doc/protocol/draft-ietf-tls-rfc2246-bis-03.txt: added the new tls
+ 1.1 draft
+
+2003-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2003-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/gnutls_buffers.c,
+ lib/x509/Makefile.am, libextra/Makefile.am: the documentation is now
+ created on dist time.
+
+2003-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_buffers.c: Corrected a broken buffer check in
+ _gnutls_io_read_buffered()
+
+2003-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/Makefile.am: [no log message]
+
+2003-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CODING_STYLE, doc/tex/certificate.tex,
+ doc/tex/ex-rfc2818.tex, doc/tex/ex-serv-export.tex,
+ doc/tex/ex-serv1.tex: some documentation fixes.
+
+2003-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/record_weaknesses.tex: Documented the last timing attack.
+
+2003-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/defines.h, lib/gnutls.h.in.in,
+ lib/gnutls_alert.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/gnutls_num.c,
+ lib/gnutls_num.h, lib/gnutls_ui.c, lib/gnutls_x509.c, src/serv.c: * Corrected a bug in 64 bit architectures, which affected the serial number calculation in the record layer. * Added gnutls_certificate_free_keys() which deletes all the private keys and certificates from the credentials structure.
+
+2003-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c: updated to the
+ new libtasn1.
+
+2003-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_cipher.c, lib/gnutls_cipher_int.c: Added
+ protection against the new TLS 1.0 record layer timing attack.
+
+2003-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/auth_cert.h, lib/gnutls.h.in.in,
+ lib/gnutls_ui.c, lib/gnutls_x509.c, lib/x509/verify.c,
+ lib/x509/verify.h, src/cli.c, src/common.c: Added a flag to allow
+ signing by v1 X.509 certificates. Also added a function to allow
+ setting the verification flags in the credentials structure.
+
+2003-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tls_test.c: some fixes in tests
+
+2003-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/x509/verify.c: Added
+ support for MD2 signature verification in X.509 certificates.
+
+2003-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/tests.c, src/tls_test.c: Added option to disable all TLS 1.0
+ extensions.
+
+2003-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c: [no log message]
+
+2003-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/Makefile.am, lib/Makefile.am: some fixes in
+ makefiles.
+
+2003-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_cipher.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_global.c: [no log message]
+
+2003-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: [no log message]
+
+2003-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/tex/Makefile.am,
+ doc/tex/ex-cert-select.tex, doc/tex/ex-info.tex,
+ doc/tex/examples.tex: Added a small example on how to use the
+ certificate selection callback in client side.
+
+2003-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_auth.c, lib/gnutls_mpi.c, lib/gnutls_pk.c,
+ libextra/auth_srp.c, libextra/gnutls_srp.c: some fixes in types.
+
+2003-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_cert.c, src/cli.c, src/tests.c: The
+ client certificate selection callback is no longer called twice. It
+ is called once if it is set.
+
+2003-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_session.c:
+ [no log message]
+
+2003-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: [no log message]
+
+2003-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2003-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tls_test.c: works better in buggy servers.
+
+2003-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2003-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-serv-export.tex, doc/tex/ex-serv1.tex,
+ includes/gnutls/compat8.h, includes/gnutls/x509.h, lib/Makefile.am,
+ lib/dh_compat.c, lib/gnutls.h.in.in, lib/gnutls_dh_primes.c,
+ lib/gnutls_int.h, lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/rsa_compat.c, lib/x509/mpi.c, libextra/Makefile.am,
+ src/prime.c, src/serv.c: The RSA and DH parameter handling has been
+ updated.
+
+2003-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_x509.c, lib/x509/x509.c: Added a
+ primitive function to load a file into memory, so that no
+ certificate files are truncated. Also fixed a bug in the client
+ certificate callback function.
+
+2003-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c, lib/x509/dn.c, lib/x509/pkcs7.c,
+ lib/x509/pkcs7.h, lib/x509/x509.c: Null, as the data value, is now
+ an acceptable value in functions that may return the size of the
+ data.
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, src/common.c: [no log message]
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+ lib/gnutls_ui.h, lib/x509/dn.c, lib/x509/rfc2818_hostname.c,
+ src/cli.c, src/common.c, src/tests.c, src/tests.h, src/tls_test.c:
+ Corrected bugs in gnutls_x509_rdn_get(). Added a test to print the
+ server's trusted CAs in gnutls-cli-debug, and in gnutls-cli.
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/prime.c: [no log message]
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/gnutls/x509.h, lib/gnutls_cert.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_mpi.c, lib/gnutls_mpi.h,
+ lib/gnutls_pk.c, lib/gnutls_privkey.c, lib/gnutls_x509.c,
+ lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/element.c, lib/minitasn1/errors.c,
+ lib/minitasn1/gstr.h, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/parser_aux.c,
+ lib/minitasn1/structure.c, lib/x509/common.c, lib/x509/compat.c,
+ lib/x509/crl.c, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/extensions.c, lib/x509/mpi.c, lib/x509/pkcs7.c,
+ lib/x509/verify.c, lib/x509/x509.c, lib/x509/xml.c: ported to
+ libtasn1 0.2.x. Also the included minitasn1 was replaced by the
+ 0.2.1 version of libtasn1.
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
+ lib/x509/crl.c, lib/x509/dn.c, lib/x509/x509.c: gnutls_const_datum
+ was removed from exported types, for the time being.
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h: [no log message]
+
+2003-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/common.c: [no log message]
+
+2003-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, doc/TODO, lib/auth_cert.c, lib/gnutls_int.h,
+ lib/gnutls_state.c, lib/gnutls_x509.c: Added option to allow an
+ X.509 server not to send the trusted CA list to the peer.
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/appendix.tex, doc/tex/certificate.tex,
+ doc/tex/ex-info.tex, doc/tex/ex-rfc2818.tex, doc/tex/funcs.tex,
+ doc/tex/gnutls.bib, doc/tex/x509cert.xml.tex: [no log message]
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, src/cli.c, src/serv.c: [no log message]
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c: [no log message]
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, src/tests.c, src/tests.h, src/tls_test.c: Added
+ test which prints the Diffie Hellman prime bits used.
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/compat8.h, includes/gnutls/x509.h,
+ lib/gnutls.h.in.in, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
+ lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/crl.c,
+ lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/privkey.c,
+ lib/x509/x509.c, lib/x509/x509.h: Added some private key handling
+ functions. They are primitive enough for now.
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: some fixes
+ to compile.
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-extensions-05.txt,
+ doc/protocol/draft-ietf-tls-extensions-06.txt: added new extensions
+ draft.
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/compat8.h, includes/gnutls/x509.h,
+ lib/auth_cert.c, lib/auth_cert.h, lib/gnutls.h.in.in,
+ lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_int.h,
+ lib/gnutls_ui.h, lib/gnutls_x509.c, lib/x509/compat.c,
+ lib/x509/crl.c, lib/x509/extensions.c, lib/x509/extensions.h,
+ lib/x509/mpi.c, lib/x509/mpi.h, lib/x509/pkcs7.c, lib/x509/pkcs7.h,
+ lib/x509/rfc2818_hostname.c, lib/x509/verify.c, lib/x509/verify.h,
+ lib/x509/x509.c, lib/x509/x509.h, lib/x509/xml.c, tests/x509_test.c:
+ gnutls_x509_certificate_* were renamed gnutls_x509_crt_*.
+
+2003-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
+ lib/gnutls_ui.c, lib/x509/x509.c: added
+ gnutls_x509_certificate_get_fingerprint(). Untested yet.
+
+2003-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat8.h, lib/debug.c, lib/debug.h,
+ lib/gnutls.h.in.in, lib/gnutls_errors.c, lib/gnutls_global.c,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, lib/x509/compat.h,
+ lib/x509/rfc2818_hostname.c, lib/x509/x509.c: renamed
+ gnutls_x509_fingerprint to gnutls_fingerprint.
+
+2003-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c, src/prime.c: fixes in pkcs3 DH parameter
+ generation.
+
+2003-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp_rsa.c: [no log message]
+
+2003-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/Makefile.am, includes/gnutls/Makefile.am,
+ includes/gnutls/compat8.h, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_dh_primes.c, lib/gnutls_handshake.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/x509/compat.c, lib/x509/extensions.c,
+ lib/x509/pkcs7.h, lib/x509/x509.h, lib/x509_extensions.c,
+ lib/x509_extensions.h, lib/x509_sig_check.c, lib/x509_verify.c,
+ lib/x509_verify.h, libextra/auth_srp_rsa.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
+ src/cli.gaa, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
+ src/serv.gaa: Several internal changes to use the new certificate
+ API. CRL support is complete.
+
+2003-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/Makefile.am, lib/x509/common.c,
+ lib/x509/crl.c, lib/x509/crl.h, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/pkcs7.c, lib/x509/verify.c, lib/x509/x509.c,
+ lib/x509/x509.h, tests/test20.pem, tests/test21.pem,
+ tests/x509_test.c: Certificate revocation support is almost
+ complete.
+
+2003-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_int.h,
+ lib/x509/crl.c, lib/x509/crl.h, lib/x509/verify.c,
+ lib/x509/verify.h, lib/x509/x509.c, lib/x509/x509.h: added a crl
+ verification function (untested yet).
+
+2003-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, src/common.c: [no log message]
+
+2003-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_x509.c,
+ lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/compat.h,
+ lib/x509/crl.c, lib/x509/dn.c, lib/x509/dn.h,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/mpi.c,
+ lib/x509/mpi.h, lib/x509/rfc2818_hostname.c, lib/x509/verify.c,
+ lib/x509/verify.h, lib/x509/x509.c, lib/x509/x509.h,
+ lib/x509_b64.c, tests/test2.pem, tests/x509_test.c: Added some new
+ certificate verification functions.
+
+2003-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/gnutls_cert.c, lib/x509/dn.c:
+ [no log message]
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_privkey.c: removed the raw part in the gnutls_privkey
+ internal structure..
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/compat.c, lib/x509/extensions.c,
+ lib/x509/extensions.h, lib/x509/rfc2818_hostname.c,
+ lib/x509/x509.c, lib/x509/x509.h: Criticality of an X.509 extension
+ can now be extracted.
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/x509/.cvsignore,
+ lib/x509/extensions.c, lib/x509/extensions.h, lib/x509/x509.c,
+ lib/x509_extensions.c: Added function to extract the key usage
+ extension from an X.509 certificate, and combined some code.
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: [no log message]
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/certificate.tex,
+ doc/tex/ex-info.tex, doc/tex/ex-rfc2818.tex, doc/tex/funcs.tex,
+ includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_dh_primes.c,
+ lib/gnutls_ui.h, lib/gnutls_x509.h, lib/rfc2818_hostname.c,
+ lib/x509/Makefile.am, lib/x509/compat.h, lib/x509/dn.h,
+ lib/x509/rfc2818_hostname.c, lib/x509/x509.h, lib/x509/xml.c,
+ lib/x509_xml.c: More stuff for the new certificate API.
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_cert.c,
+ lib/gnutls_errors.h, lib/gnutls_errors_int.h, lib/gnutls_x509.c,
+ lib/x509/Makefile.am, lib/x509/compat.c, lib/x509/dn.c: The old
+ certificate parsing API was reimplemented over the new one. It will
+ stay in the 1.0.0 release for compatibility reasons.
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_x509.h,
+ lib/x509/Makefile.am, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/pkcs7.c, lib/x509/pkcs7.h, lib/x509/x509.c: Added the new
+ PKCS7 parsing functions.
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509/x509.c, lib/x509/x509.h: Added the new certificate
+ handling functions.
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-client-resume.tex, doc/tex/ex-client1.tex,
+ doc/tex/ex-client2.tex, doc/tex/ex-serv-export.tex,
+ doc/tex/ex-serv-pgp.tex, doc/tex/ex-serv1.tex,
+ includes/gnutls/x509.h, lib/Makefile.am, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/x509/Makefile.am, lib/x509/common.c,
+ lib/x509/common.h, lib/x509/crl.c, lib/x509/crl.h, lib/x509_xml.c:
+ Added the new certificate handling functions.
+
+2003-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS, includes/gnutls/x509.h, lib/Makefile.am,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509/Makefile.am,
+ lib/x509/common.c, lib/x509/common.h, lib/x509/crl.c,
+ lib/x509/dn.c, lib/x509/dn.h, lib/x509_extensions.c, lib/x509_xml.c:
+ More improvements in the CRL support, and the X.509 backend. Added a
+ function to get some parts of the DN using an OID.
+
+2003-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/gnutls.h.in.in, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/x509/crl.c, lib/x509/crl.h: CRL parsing
+ support is almost complete.
+
+2003-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/x509.h, lib/debug.c, lib/debug.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_rsa_export.c, lib/gnutls_str.c,
+ lib/gnutls_str.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/x509/crl.c, lib/x509/dn.c, lib/x509/dn.h: Several fixes and
+ improvements in CRL support.
+
+2003-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, includes/Makefile.am,
+ includes/gnutls/Makefile.am, includes/gnutls/x509.h,
+ lib/Makefile.am, lib/gnutls_int.h, lib/gnutls_x509.c,
+ lib/x509/Makefile.am, lib/x509/crl.c, lib/x509/crl.h,
+ lib/x509/dn.c, lib/x509/dn.h: Added preliminary CRL support. This
+ will be under the new X.509 API. Other x509 functions will be
+ updated later.
+
+2003-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c, lib/gnutls_pk.c: some fixes. There wasn't
+ any limitation in libtasn1 code... just my lazyness.
+
+2003-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/prime-gaa.c, src/prime-gaa.h, src/prime.c, src/prime.gaa: use
+ options to print DH parameters.
+
+2003-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_dh_primes.c, lib/gnutls_int.h, lib/gnutls_ui.h,
+ lib/minitasn1/coding.c, src/prime.c: * Added gnutls_pkcs3_extract_dh_params() and
+ gnutls_pkcs3_export_dh_params() which extracts and export parameters
+ from and to PKCS#3 encoded structures. These were added to read
+ parameters generated using the openssl dhparam tool. * The prime program was modified to also print the generated prime
+ and generator using the PKCS#3 format.
+
+2003-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/ex-serv-export.tex,
+ doc/tex/ex-serv-pgp.tex, doc/tex/ex-serv1.tex, lib/Makefile.am,
+ lib/auth_anon.c, lib/auth_dhe.c, lib/gnutls.asn,
+ lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_anon_cred.c,
+ lib/gnutls_asn1_tab.c, lib/gnutls_cert.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_rsa_export.c, lib/gnutls_state.c,
+ lib/gnutls_ui.h, src/serv-gaa.c, src/serv-gaa.h, src/serv.c,
+ src/serv.gaa: * gnutls_dh_params_generate() and gnutls_rsa_params_generate() now
+ use gnutls_malloc() to allocate the output parameters. * Added gnutls_pkcs3_extract_dh_params() which extracts parameters
+ from PKCS#3 encoded structures. This was in order to read parameters
+ generated using the openssl dhparam tool. * Several changes in the temporary (DH/RSA) parameter codebase. No
+ DH parameters are now included in the library. Also a credentials
+ structure can now hold only one temporary parameter.
+
+2003-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: more doc for the gnutls_set_dh_prime_bits().
+
+2003-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls.sym, lib/gnutls_alert.c,
+ lib/gnutls_int_compat.c: removed backward compatibility functions
+ for 0.9.0 version.
+
+2003-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/minitasn1/.cvsignore: [no log message]
+
+2003-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/compression.tex: [no log message]
+
+2003-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/compression.tex: [no log message]
+
+2003-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, libextra/auth_srp.c:
+ use RECEIVED_ILLEGAL_PARAMETER instead of SRP_PROTOCOL_FAILURE, when
+ the SRP protocol fails.
+
+2003-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: The gcrypt log handler is only set when we
+ are in debugging mode.
+
+2003-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_rsa.c, lib/debug.c, lib/gnutls_algorithms.c,
+ lib/gnutls_compress_int.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_extensions.c,
+ lib/gnutls_global.c, lib/gnutls_rsa_export.c, lib/gnutls_x509.c,
+ src/cli.c: Added ability to send some messages back to the
+ application using the gnutls_global_set_log_function(). This is
+ quite experimental.
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-client-resume.tex, doc/tex/ex-client-srp.tex,
+ doc/tex/ex-client1.tex, doc/tex/ex-client2.tex,
+ doc/tex/ex-rfc2818.tex: some minor bugfixes in the documentation.
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_mpi.h,
+ libextra/auth_srp.c: Added check and error code for some SRP fatal
+ protocol failures.
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tls_test.c: [no log message]
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp_passwd.c, libextra/gnutls_srp.c: more cleanups.
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h:
+ [no log message]
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_alert.c, lib/gnutls_auth_int.h,
+ lib/gnutls_handshake.c, libextra/auth_srp.c,
+ libextra/auth_srp_passwd.c, libextra/ext_srp.c,
+ libextra/gnutls_openpgp.c, src/cli.c: The library notifies the
+ application on empty and illegal SRP usernames, so that proper
+ notification (via an alert) is sent to the peer. Currently when the
+ SRP ciphersuite is advertized but no username is sent by the peer,
+ the library returns GNUTLS_E_EMPTY_SRP_USERNAME, and the alert
+ associated with this is GNUTLS_A_ACCESS_DENIED (to be changed when
+ the srp draft defines something more appropriate).
+
+2003-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp_passwd.c: Some cleanups.
+
+2003-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/Makefile.am, doc/scripts/Makefile.am,
+ lib/gnutls_x509.c, libextra/auth_srp_passwd.c: [no log message]
+
+2003-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2003-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tls_test.c: improved srp detection
+
+2003-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
+ libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_passwd.h, libextra/gnutls_srp.c, src/cli.c,
+ src/tests.c: Improved the SRP support, to prevent attackers guessing
+ the available usernames by brute force. The g,n values sent are now
+ obtained by the password conf file. (they were static ones)
+
+2003-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cover.tex.in, lib/Makefile.am, lib/auth_anon.c,
+ lib/auth_cert.c, lib/auth_dh_common.c, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_rsa_export.c, lib/debug.c,
+ lib/ext_cert_type.c, lib/ext_server_name.c, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress_int.c,
+ lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_db.c,
+ lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_mem.c,
+ lib/gnutls_mpi.c, lib/gnutls_pk.c, lib/gnutls_record.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/gnutls_x509.c, lib/x509_extensions.c, lib/x509_sig_check.c,
+ lib/x509_verify.c, lib/x509_xml.c: [no log message]
+
+2003-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2003-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2003-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2003-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/patents.tex,
+ includes/gnutls/compat4.h, libmcrypt.m4: [no log message]
+
+2003-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_record.c, lib/gnutls_record.h:
+ Prefixed with underscore some internal functions.
+
+2003-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/appendix.tex, doc/tex/library.tex, doc/tex/srp.tex:
+ [no log message]
+
+2003-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/patents.tex, doc/tex/srp.tex, lib/Makefile.am,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_x509.c,
+ lib/x509_b64.c, libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/gnutls_openpgp.c: GNUTLS_E_PARSING_ERROR error code was
+ replaced by GNUTLS_E_BASE64_DECODING_ER and
+ GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also
+ replaced by GNUTLS_E_BASE64_DECODING_ERROR.
+
+2003-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/Makefile.am, doc/tex/Makefile.am, doc/tex/appendix.tex,
+ doc/tex/patents.tex: Added some information about the SRP patents in
+ the documentation.
+
+2003-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-serv-srp.tex: [no log message]
+
+2003-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c: [no log message]
+
+2003-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, acinclude.m4, configure.in, doc/README.CODING_STYLE,
+ lib/Makefile.am, lib/defines.h, lib/gnutls.h.in.in, lib/gnutls.sym,
+ lib/gnutls_auth.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_state.c, libextra/Makefile.am,
+ libextra/gnutls-extra.sym: Only the documented symbols are now
+ exported.
+
+2003-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: If the certificate does not contain the
+ basicConstraints extension GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ will be returned by gnutls_x509_extract_certificate_ca_status().
+
+2003-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509_extensions.c: [no log message]
+
+2003-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_ui.h, lib/gnutls_x509.c: Added
+ gnutls_x509_extract_certificate_ca_status() which returns the CA
+ status of the given certificate.
+
+2003-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-rfc2818.tex: [no log message]
+
+2003-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2003-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: [no log message]
+
+2003-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2003-01-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls_compress_int.c,
+ lib/minitasn1/Makefile.am, libextra/Makefile.am: If liblzo is found
+ in the system then libgnutls-extra will depend on it, instead of
+ including minilzo.
+
+2002-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mpi.c: Added a test for null (zero) integers in MPI
+ scanning.
+
+2002-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tls_test.c: some fixes in the gnutls-cli-debug
+ program
+
+2002-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Added missing stub function.
+
+2002-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/Makefile: [no log message]
+
+2002-12-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/minitasn1/Makefile.am, lib/minitasn1/README: [no
+ log message]
+
+2002-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/Makefile.am: [no log message]
+
+2002-12-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, NEWS, configure.in, doc/README.CVS, lib/Makefile.am,
+ lib/defines.h, lib/minitasn1/coding.c, lib/minitasn1/decoding.c,
+ lib/minitasn1/der.h, lib/minitasn1/element.c,
+ lib/minitasn1/element.h, lib/minitasn1/errors.c,
+ lib/minitasn1/errors.h, lib/minitasn1/errors_int.h,
+ lib/minitasn1/gstr.c, lib/minitasn1/gstr.h, lib/minitasn1/int.h,
+ lib/minitasn1/libtasn1.h, lib/minitasn1/mem.h,
+ lib/minitasn1/parser_aux.c, lib/minitasn1/parser_aux.h,
+ lib/minitasn1/structure.c, lib/minitasn1/structure.h: [no log
+ message]
+
+2002-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: depends on libgcrypt 1.1.11
+
+2002-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/gnutls_auth.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ libextra/auth_srp.c, libextra/auth_srp.h, libextra/auth_srp_rsa.c:
+ Dropped the support for the client key exchange message 0, and
+ server key exchange message 2.
+
+2002-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/debug.c, lib/gnutls_mpi.h,
+ lib/gnutls_record.c, libextra/auth_srp.c: Finished SRP-6 stuff. It
+ should work fine now.
+
+2002-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c, libextra/auth_srp_rsa.c, libextra/ext_srp.c,
+ libextra/gnutls_srp.c, libextra/gnutls_srp.h: First part of SRP-6
+ support. Follows draft-ietf-tls-srp-04 and does not need the second
+ key exchange part. Does not work yet.
+
+2002-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-03.txt,
+ doc/protocol/draft-ietf-tls-compression-04.txt,
+ doc/protocol/draft-ietf-tls-srp-03.txt,
+ doc/protocol/draft-ietf-tls-srp-04.txt, doc/tex/gnutls.bib,
+ doc/tex/programs.tex: [no log message]
+
+2002-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/extra.h, libextra/gnutls_openpgp.c: Added
+ gnutls_openpgp_extract_key_name_string() which returns a single
+ string for a pgp user id.
+
+2002-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-serv-export.tex, src/serv.c: updated some example and
+ the server to use the new gnutls_malloc() in callbacks.
+
+2002-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h, lib/gnutls_x509.c: Added the
+ gnutls_x509_extract_dn_string() function.
+
+2002-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/README.CODING_STYLE: [no log message]
+
+2002-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: [no log message]
+
+2002-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, doc/TODO: [no log message]
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, lib/gnutls_mem.c, libextra/gnutls_openpgp.c: [no log
+ message]
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: updated to include a callback for receiving openpgp
+ keys, using libopencdk.
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_sig.c, lib/x509_b64.c,
+ libextra/auth_srp_sb64.c: some cleanups
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: minor cleanups
+
+2002-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex: [no log message]
+
+2002-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_server_name.c: some fixes in server_name extension
+
+2002-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex, src/serv-gaa.c, src/serv-gaa.h,
+ src/serv.c, src/serv.gaa: [no log message]
+
+2002-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/callbacks.tex, lib/gnutls.h.in.in, lib/gnutls_db.c,
+ lib/gnutls_global.c, lib/gnutls_mem.c, lib/x509_b64.c,
+ libextra/auth_srp_sb64.c, libextra/gnutls_srp.c: Exported the more
+ convenient gnutls_malloc() and gnutls_free() functions. Actually
+ pointers to functions.
+
+2002-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_global.c: [no log message]
+
+2002-12-07 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Some bug fixes for the OpenPGP code.
+
+2002-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.c, libextra/gnutls_srp.c: [no log message]
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/x509_b64.c, libextra/auth_srp_sb64.c: Changed the
+ semantics of gnutls_pem_base64_encode_alloc() and
+ gnutls_pem_base64_decode_alloc(). In the default case were the
+ gnutls library is used with malloc/realloc/free, these are binary
+ compatible. They now require the returned data to be freed using the
+ gnutls_global_get_free_function().
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, lib/gnutls_int.h, lib/gnutls_ui.h,
+ libextra/auth_srp_passwd.c, libextra/gnutls_srp.c,
+ libextra/gnutls_srp.h: some cleanups.
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/Makefile.am, doc/tex/callbacks.tex,
+ doc/tex/library.tex, lib/gnutls.h.in.in, lib/gnutls_datum.c,
+ lib/gnutls_datum.h, lib/gnutls_db.c, lib/gnutls_global.c,
+ lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_passwd.h, libextra/gnutls_srp.c, src/cli.c,
+ src/serv.c: Added the new functions gnutls_get_malloc_function(),
+ gnutls_get_free_function(). Also changed the way callback functions
+ must allocate data. They now need to use these functions, instead of
+ just calling malloc().
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_passwd.h, libextra/gnutls_srp.c: more updates in
+ the SRP parameter callback.
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, includes/gnutls/extra.h: [no log message]
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/ext_srp.c, libextra/gnutls_srp.c: Some updates in the srp
+ codebase, to detect illegal usernames etc.
+
+2002-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c: added error code to
+ report illegal srp usernames. Some fixes in the extension parsing to
+ report fatal errors.
+
+2002-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_extensions.c, lib/x509_verify.c: some optimizations in
+ string handling of the x.509 asn.1 parsers.
+
+2002-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/openpgp_test.c: [no log message]
+
+2002-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, doc/tex/ex-pgp-keyserver.tex: [no log message]
+
+2002-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2002-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ex-pgp-keyserver.tex,
+ doc/tex/examples.tex, doc/tex/macros.tex, doc/tex/preparation.tex:
+ Added a chapter for sources preparation. Based on the documenation
+ of libksba.
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/ex-pgp-keyserver.tex: depends on opencdk
+ 0.3.5
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex, doc/tex/gnutls.bib,
+ doc/tex/srp.tex, doc/tex/x509.tex: [no log message]
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c: Corrected bug in extension parsing.
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_extra.c: [no log message]
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/srp.tex: [no log message]
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, includes/gnutls/extra.h, libextra/gnutls_srp.c:
+ some updates on srp documentation.
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex: [no log message]
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex: [no log message]
+
+2002-12-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/ext_cert_type.c, lib/ext_server_name.c,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_compress_int.c, lib/gnutls_constate.c,
+ lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_db.c,
+ lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_kx.c, lib/gnutls_mem.c,
+ lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pk.c,
+ lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_random.c,
+ lib/gnutls_record.c, lib/gnutls_rsa_export.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_state.c,
+ lib/gnutls_str.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_x509.c, lib/x509_extensions.c, lib/x509_sig_check.c,
+ libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_rsa.c, libextra/ext_srp.c,
+ libextra/gnutls_extra.c, libextra/gnutls_openpgp.c,
+ libextra/gnutls_srp.c: Cleanups. Prefixed some internal function
+ with underscore.
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: more fixes in
+ gnutls_x509_extract_certificate_dn_string()
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_dh_primes.c: [no log message]
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-pgp-keyserver.tex, includes/gnutls/extra.h,
+ lib/gnutls_dh.h, lib/gnutls_dh_primes.c, libextra/auth_srp.c,
+ libextra/auth_srp.h, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_passwd.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_srp.c, libextra/gnutls_srp.h, src/common.c: Added
+ the function gnutls_srp_server_set_credentials_function() to allow
+ retrieving SRP parameters from an external backend - other than
+ password files.
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex-pgp-keyserver.tex, lib/auth_cert.c,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h: Enabled the OpenPGP key retrieval
+ callback function (untested yet).
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/Makefile.am, libextra/crypt.c, libextra/crypt.h,
+ libextra/crypt_srpsha1.c, libextra/crypt_srpsha1.h: removed all
+ files related to srpsha1 encoding. The are not needed any more.
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/gnutls/extra.h, lib/x509_b64.c,
+ libextra/auth_srp_sb64.c, libextra/crypt.c,
+ libextra/crypt_srpsha1.c, libextra/gnutls_srp.c,
+ libextra/gnutls_srp.h, src/common.c, src/crypt-gaa.c, src/crypt.c,
+ src/crypt.gaa: Added the functions: gnutls_srp_verifier() gnutls_srp_base64_encode() gnutls_srp_base64_decode() and modified the gnutls-srpcrypt, to use the exported functions.
+
+2002-12-01 Timo Schulz <twoaday@gnutls.org>
+
+ * tests/openpgp_test.c: Some enhancements for the OpenPGP test
+ program.
+
+2002-12-01 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Some new code for the OpenPGP lib.
+
+2002-12-01 Timo Schulz <twoaday@gnutls.org>
+
+ * tests/openpgp_test.c: Some enhancements for the OpenPGP test
+ program.
+
+2002-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2002-11-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_x509.c:
+ gnutls_x509_extract_certificate_dn_string() now behaves as described
+ in RFC2253.
+
+2002-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CODING_STYLE, includes/gnutls/extra.h,
+ lib/gnutls_int.h: some changes in the callback function behaviour.
+
+2002-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: linked against libgcrypt (I saw that in debian)
+
+2002-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CODING_STYLE, doc/README.CVS: [no log message]
+
+2002-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CODING_STYLE: [no log message]
+
+2002-11-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/alert.tex, doc/tex/certificate.tex, doc/tex/errors.tex,
+ doc/tex/examples.tex, doc/tex/funcs.tex, doc/tex/gnutls.bib,
+ doc/tex/handshake.tex, doc/tex/layers.tex, doc/tex/openpgp.tex,
+ doc/tex/record.tex, doc/tex/record_weaknesses.tex,
+ doc/tex/tls_extensions.tex: [no log message]
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat.h: [no log message]
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, libextra/auth_srp_rsa.c,
+ libextra/gnutls_extra.c: Several cleanups and elimination of
+ warnings.
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/gnutls.bib, doc/tex/record.tex,
+ doc/tex/record_weaknesses.tex, doc/tex/tls_extensions.tex,
+ doc/tex/tlsintro.tex, includes/gnutls/compat4.h,
+ lib/ext_server_name.c, lib/gnutls_int_compat.c: updated
+ documentation to include record layer weaknesses and
+ counter-measures, and the supported TLS extensions.
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/Makefile.am, includes/gnutls/Makefile.am: [no log
+ message]
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat4.h, lib/gnutls.h.in.in: compat4.h was
+ added, and is included by default in gnutls.h.
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cert.h, lib/gnutls_sig.c,
+ lib/gnutls_ui.h, lib/gnutls_x509.c, lib/rfc2818_hostname.c,
+ libextra/gnutls_extra.c: Moved the GNUTLS_X509KEY_* to gnutls_cert.h
+ and renamed them to KEY_*. Improved the checking of key usage.
+
+2002-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: added the AES ciphersuites for
+ certificate srp authentication.
+
+2002-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf, doc/TODO: [no log message]
+
+2002-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex: [no log message]
+
+2002-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_x509.c, libextra/auth_srp_rsa.c, libextra/ext_srp.c,
+ libextra/gnutls_extra.c, src/cli.c, src/common.c, src/common.h,
+ src/serv.c: Added support for the DSS certificate SRP authenticated
+ cipher suites (currently only with 3DES cipher). Cleaned up the
+ client and server code, which was duplicated.
+
+2002-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_cert.c, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.c, lib/gnutls_auth_int.h, lib/gnutls_cert.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c,
+ lib/gnutls_x509.c, libextra/Makefile.am, libextra/auth_srp.c,
+ libextra/auth_srp.h, libextra/auth_srp_rsa.c, libextra/ext_srp.c,
+ libextra/gnutls_extra.c, libextra/gnutls_extra.h, src/cli.c,
+ src/common.c, src/serv.c: Added certificate authenticated SRP cipher
+ suites.
+
+2002-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/compression.tex, doc/tex/gnutls.bib,
+ doc/tex/openpgp.tex, doc/tex/tlsintro.tex: [no log message]
+
+2002-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.bib: [no log message]
+
+2002-11-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, lib/gnutls_x509.c: [no log message]
+
+2002-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int_compat.c: added compatibility function for the
+ openpgp_keyserver.
+
+2002-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/appendix.tex, doc/tex/auth.tex,
+ doc/tex/compression.tex, doc/tex/examples.tex, doc/tex/gnutls.bib,
+ doc/tex/gnutls.tex, doc/tex/openpgp.tex, doc/tex/tlsintro.tex: added
+ bibliography in documentation.
+
+2002-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex: [no log message]
+
+2002-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex: [no log message]
+
+2002-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-pgp-keyserver.tex: [no log message]
+
+2002-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/examples/Makefile.am, doc/tex/Makefile.am,
+ doc/tex/ex-pgp-keyserver.tex, doc/tex/examples.tex,
+ includes/gnutls/extra.h, lib/gnutls_int.h: updated pgp key retrieval
+ callback and added example.
+
+2002-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2002-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2002-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/Makefile.am, doc/examples/.cvsignore,
+ doc/examples/Makefile.am, doc/tex/Makefile.am: example programs are
+ now located in doc/examples directory.
+
+2002-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h: Added
+ some new alert codes from the extensions draft.
+
+2002-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_ui.c: [no log message]
+
+2002-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/.cvsignore: [no log message]
+
+2002-11-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-client2.tex, doc/tex/examples.tex: updated the basic
+ client to support OpenPGP certificate authentication.
+
+2002-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ex-serv-pgp.tex,
+ doc/tex/examples.tex: added example with an openpgp server
+
+2002-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2002-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_cert.c, lib/auth_dh_common.c,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_rsa_export.c,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_session_pack.c,
+ lib/gnutls_state.c, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/gnutls_x509.c, libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/ext_srp.c: The session->gnutls_key was renamed to
+ session->key.
+
+2002-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/compat.h, includes/gnutls/extra.h: added compat.h
+ which has definitions for compatibility with older (0.4.x and 0.5.y,
+ y<5) versions.
+
+2002-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, includes/Makefile.am, includes/gnutls/Makefile.am,
+ lib/gnutls_ui.h: [no log message]
+
+2002-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, lib/gnutls_int.h: The
+ gnutls_openpgp_recv_key_func() callback function now accepts a key
+ fingerprint, instead of the key id.
+
+2002-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/common.h, src/serv.c, src/tests.c, src/tests.h,
+ src/tls_test.c: [no log message]
+
+2002-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c, src/tests.c: cleanups
+
+2002-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, lib/gnutls.h.in.in: dropped source
+ backwards compatibility
+
+2002-11-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, includes/gnutls/extra.h, lib/gnutls_int.h,
+ libextra/gnutls_openpgp.c: Added callback for OpenPGP key retrieval.
+
+2002-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-rfc2246-bis-01.txt,
+ doc/protocol/draft-ietf-tls-rfc2246-bis-02.txt: added new rfc2246bis
+ draft
+
+2002-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * opencdk.m4: updated url for opencdk
+
+2002-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_buffers.c, lib/gnutls_db.c,
+ lib/gnutls_global.c, lib/gnutls_state.c, lib/gnutls_x509.c: some
+ updated in the documentation
+
+2002-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-04 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Applied patch to make the error
+ handling with keyservers more easier.
+
+2002-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_alert.h,
+ lib/gnutls_errors_int.h: Added new alert (certificate unobtainable)
+ from draft-ietf-tls-extensions.
+
+2002-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: depends on opencdk 0.3.2
+
+2002-11-04 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Some debug code for the OpenPGP part.
+
+2002-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2002-11-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ libextra/gnutls_openpgp.c: Use the old error codes for OpenPGP
+ again.
+
+2002-11-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/auth_cert.c: Fixed an off-by-one bug for OpenPGP fingerprint
+ handling.
+
+2002-11-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_errors_int.h: Corrected error number (the old was
+ reserved).
+
+2002-11-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ libextra/gnutls_openpgp.c: Unification for the OpenPGP error code.
+
+2002-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: corrected behaviour of verification in openpgp
+ keys.
+
+2002-11-03 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Set the OpenPGP certificate status to
+ GNUTLS_CERT_NOT_TRUSTED if the function failed.
+
+2002-11-03 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, tests/openpgp_test.c: Bug fix for the
+ OpenPGP secret key order.
+
+2002-11-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ libextra/gnutls_openpgp.c: Add OpenPGP error description
+
+2002-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_sig.c,
+ lib/gnutls_x509.c: Renamed GNUTLS_E_X509_KEY_USAGE_VIOLATION to
+ GNUTLS_E_KEY_USAGE_VIOLATION, in order to apply to PGP keys as well.
+
+2002-11-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_pk.c,
+ lib/gnutls_sig.c, lib/x509_sig_check.c, src/cli-gaa.c,
+ src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c: Added some new
+ error codes and updated client.
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: [no log message]
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: [no log message]
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: fixed stub
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/ext_cert_type.c, lib/ext_max_record.c,
+ lib/ext_server_name.c, lib/gnutls_alert.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
+ lib/gnutls_record.c, lib/gnutls_rsa_export.c,
+ lib/gnutls_session_pack.c, lib/gnutls_ui.c, lib/x509_b64.c,
+ libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: Combined
+ GNUTLS_E_INVALID_PARAMETERS wich GNUTLS_E_INVALID_REQUEST.
+ Introduced GNUTLS_E_SHORT_MEMORY_BUFFER.
+
+2002-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509_xml.c: Fixed some memory leaks which
+ may occured on error cases.
+
+2002-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_x509.c, src/common.c:
+ gnutls_x509_extract_certificate_dn_string() was rewritten.
+
+2002-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: [no log message]
+
+2002-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: Added a check for dn extraction failure in
+ gnutls_x509_extract_certificate_dn_string().
+
+2002-11-01 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Adjust the
+ keydb search code.
+
+2002-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-29 Timo Schulz <twoaday@gnutls.org>
+
+ * configure.in: Bump OpenCDK version to 0.3.0
+
+2002-10-29 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_errors_int.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h, tests/Makefile, tests/openpgp_test.c: Add
+ new regression test for OpenPGP. New code for the OpenCDK 0.3.0
+ version. A new error code for the OpenPGP part.
+
+2002-10-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffer.h: added missing file
+
+2002-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_constate.c,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_record.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/gnutls_x509.c, lib/x509_verify.c, lib/x509_xml.c,
+ libextra/auth_srp_passwd.c, libextra/gnutls_openpgp.c:
+ GNUTLS_E_UNKNOWN_ERROR was removed, and was replaced by
+ GNUTLS_E_INTERNAL_ERROR.
+
+2002-10-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: [no log message]
+
+2002-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/Makefile.am, doc/tex/auth.tex, doc/tex/tlsintro.tex,
+ doc/tex/translayer.tex: [no log message]
+
+2002-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_str.h:
+ Optimizations in buffering code, which reduce the number of
+ malloc/realloc calls.
+
+2002-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, src/retcodes.c: The error code table now
+ contains all the error codes sorted.
+
+2002-10-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/Makefile.am, doc/tex/appendix.tex,
+ doc/tex/errors.tex, doc/tex/gnutls.tex, lib/gnutls_errors.c,
+ lib/gnutls_pk.c, src/Makefile.am, src/retcodes.c: Documented error
+ codes in an appendix. This documentation is generated automatically
+ using the retcodes program.
+
+2002-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: [no log message]
+
+2002-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, doc/scripts/sort1.pl, doc/tex/Makefile.am: Added
+ script to sort function names in function reference.
+
+2002-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: [no log message]
+
+2002-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_constate.c,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_pk.c, lib/gnutls_v2_compat.c:
+ Added more descriptive error codes to be returned by
+ gnutls_strerror(). Removed old and unused error codes.
+
+2002-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.c,
+ src/tls_test.gaa: gnutls-cli-debug now accepts one hostname only
+
+2002-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: gnutls-cli
+ now accepts one hostname only
+
+2002-10-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-02.txt,
+ doc/protocol/draft-ietf-tls-compression-03.txt: [no log message]
+
+2002-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/tex/Makefile.am, lib/Makefile.am, lib/auth_anon.c,
+ lib/auth_dh_common.c, lib/auth_dh_common.h, lib/auth_dhe.c,
+ lib/rfc2818_hostname.c: Merged common stuff in DHE and anonymous DH
+ key exchange.
+
+2002-10-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/examples.tex: [no log message]
+
+2002-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/ex-client-resume.tex,
+ doc/tex/ex-client-srp.tex, doc/tex/ex-client1.tex,
+ doc/tex/ex-client2.tex, doc/tex/ex-info.tex,
+ doc/tex/ex-serv-export.tex, doc/tex/ex-serv-srp.tex,
+ doc/tex/ex-serv1.tex, doc/tex/ex1.tex, doc/tex/ex2.tex,
+ doc/tex/ex3.tex, doc/tex/ex4.tex, doc/tex/serv-export.tex,
+ doc/tex/serv-srp.tex, doc/tex/serv1.tex, doc/tex/srp1.tex: Example
+ programs found in the documentation can now be generated by running
+ "make examples" in doc/tex directory.
+
+2002-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS, libextra/Makefile.am: Fixed interlibrary dependencies. By
+ Ivo Timmermans. This requires the debian libtool 1.4.2-7.1
+
+2002-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/compression.tex, doc/tex/layers.tex,
+ doc/tex/translayer.tex: [no log message]
+
+2002-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_max_record.c, lib/ext_server_name.c: cleanups in the
+ server name extension.
+
+2002-10-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/cli.c: Some fixes in 'gnutls-cli' client program to
+ prevent some segmentation faults at exit.
+
+2002-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/funcs.tex: [no log message]
+
+2002-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/alert.tex, doc/tex/auth.tex,
+ doc/tex/certificate.tex, doc/tex/ciphersuites.tex,
+ doc/tex/compression.tex, doc/tex/handshake.tex, doc/tex/howto.tex,
+ doc/tex/memory.tex, doc/tex/record.tex, doc/tex/tlsintro.tex:
+ spelling corrections, and addition of a subsection for compression
+ algorithms.
+
+2002-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: ZLIB's number was changed according to
+ draft-ietf-tls-compression-02
+
+2002-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/auth_anon.c, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/defines.h, lib/ext_cert_type.c,
+ lib/ext_cert_type.h, lib/ext_max_record.c, lib/ext_max_record.h,
+ lib/ext_server_name.c, lib/ext_server_name.h, lib/gnutls.h.in.in,
+ lib/gnutls_alert.c, lib/gnutls_alert.h, lib/gnutls_algorithms.c,
+ lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_mem.c,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_record.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_session_pack.c,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_state.c,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/rfc2818_hostname.c, lib/x509_b64.c,
+ lib/x509_b64.h, lib/x509_sig_check.c, libextra/auth_srp.c,
+ libextra/auth_srp.h, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_passwd.h, libextra/auth_srp_sb64.c,
+ libextra/crypt.c, libextra/crypt_srpsha1.c, libextra/ext_srp.c,
+ libextra/ext_srp.h, libextra/gnutls_openpgp.c: several fixes in the
+ codebase, mostly in signed/unsigned checkings.
+
+2002-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_max_record.c, lib/ext_max_record.h: Corrected some types,
+ to work in 64 bits machines. Suggested by Ivo Timmermans
+ <ivo@o2w.nl>.
+
+2002-10-12 Andrew McDonald <admcd@gnutls.org>
+
+ * includes/gnutls/openssl.h: Enclose in extern "C" (from Debian bug
+ #163394).
+
+2002-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: now does not require carriage return
+
+2002-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_server_name.c: Fixes (or not) in server name extension
+ parsing
+
+2002-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/ex-rfc2818.tex, doc/tex/ex3.tex,
+ doc/tex/examples.tex: updated documentation
+
+2002-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/ext_server_name.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, src/serv.c: Improved the server name
+ extension. Resumed sessions can now use it.
+
+2002-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/ext_server_name.c,
+ lib/ext_server_name.h, lib/gnutls.h.in.in, lib/gnutls_extensions.c,
+ lib/gnutls_int.h, src/cli.c, src/common.c, src/serv.c: Added server
+ name extension, from draft-ietf-tls-extension-05.
+
+2002-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-01.txt,
+ doc/protocol/draft-ietf-tls-compression-02.txt,
+ doc/protocol/draft-ietf-tls-rfc2246-bis-01.txt: [no log message]
+
+2002-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-alert.tex, doc/tex/ex-rfc2818.tex,
+ doc/tex/examples.tex, lib/rfc2818_hostname.c: more documentation
+ updates
+
+2002-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-rfc2818.tex: more documentation updates
+
+2002-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex-alert.tex: [no log message]
+
+2002-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/Makefile.am, doc/tex/ex-alert.tex,
+ doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
+ doc/tex/examples.tex, doc/tex/handshake.tex,
+ doc/tex/serv-export.tex, doc/tex/serv-srp.tex, doc/tex/serv1.tex,
+ src/serv.c: Separated alert checking from the example programs, to
+ make them cleaner. Added an example which demonstrates the alert
+ checking.
+
+2002-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/examples.tex: last minute changes for 0.5.9 release.
+
+2002-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/gnutls_ui.h, lib/rfc2818_hostname.c:
+ Added int gnutls_x509_check_certificates_hostname() which check
+ whether the given hostname matches the owner of the given X.509
+ certificate.
+
+2002-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls_extensions.c, lib/x509_xml.c:
+ cleanups
+
+2002-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: [no log message]
+
+2002-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2002-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex4.tex, doc/tex/serv-export.tex,
+ doc/tex/serv1.tex, lib/gnutls.h.in.in, lib/gnutls_priority.c,
+ src/cli-gaa.c: Added gnutls_set_default_priority() and
+ gnutls_set_default_export_priority() functions, to avoid calling all
+ the *_priority() functions if the defaults are ok.
+
+2002-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2002-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_ui.h, lib/gnutls_x509.c: Added
+ gnutls_x509_extract_certificate_dn_string() which returns the peer's
+ Distinguished name in a single string.
+
+2002-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/gnutls.h.in.in, lib/gnutls_auth.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
+ src/cli.c, src/cli.gaa: several cleanups
+
+2002-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: Changes in
+ gnutls-cli, to allow testing of starttls implementations.
+
+2002-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_ui.c, lib/gnutls_ui.h: rolled back addition of
+ certificate_get_our_issuer() function.
+
+2002-10-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, libextra/gnutls_extra.c,
+ libextra/libgnutls-extra.m4: Corrected the broken detection of
+ libgnutls-extra. Bug reported by Ivo Timmermans.
+
+2002-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/gnutls_state.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h: Corrected bug which prevented
+ gnutls_certificate_get_ours() from working. Added
+ gnutls_certificate_get_our_issuer() function.
+
+2002-10-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_privkey.c, lib/gnutls_privkey.h, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, lib/x509_b64.c: Improved
+ gnutls_x509_extract_key_pk_algorithm(), which can now distinguish
+ DSA keys from unknown keys.
+
+2002-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_buffers.c: some fixes to compile with
+ gcc-2.95.
+
+2002-10-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-10-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/TODO, lib/gnutls.h.in.in, lib/gnutls_privkey.c,
+ lib/gnutls_privkey.h, lib/gnutls_ui.h: Added function to extract the
+ public key algorithm of a DER encoded private key.
+
+2002-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-00.txt,
+ doc/protocol/draft-ietf-tls-compression-01.txt: [no log message]
+
+2002-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/auth_rsa.c, lib/gnutls_cert.c: [no log
+ message]
+
+2002-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls_cert.c: [no log message]
+
+2002-09-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: enabled error messages of libgcrypt in debug
+ mode
+
+2002-09-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/defines.h, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_compress_int.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ libextra/Makefile.am, libextra/gnutls_extra.c, libextra/lzoconf.h,
+ libextra/minilzo.c, libextra/minilzo.h, src/cli.c, src/serv.c: Added
+ support for the LZO compression library in gnutls-extra. Some fixes
+ in the hello message parsing.
+
+2002-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_state.c: [no log message]
+
+2002-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_int_compat.c, lib/gnutls_state.c:
+ replaced gnutls_handshake_get_direction() with
+ gnutls_record_get_direction().
+
+2002-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/appendix.tex, doc/tex/certificate.tex,
+ doc/tex/library.tex: updated documentation
+
+2002-09-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, src/serv.c: [no log message]
+
+2002-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: [no log message]
+
+2002-09-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/library.tex, doc/tex/macros.tex,
+ doc/tex/tlsintro.tex, doc/tex/translayer.tex: [no log message]
+
+2002-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2002-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/library.tex: [no log message]
+
+2002-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/library.tex: [no log message]
+
+2002-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/TODO, doc/tex/alert.tex, doc/tex/auth.tex,
+ doc/tex/programs.tex, lib/gnutls_alert.c, src/crypt.c: [no log
+ message]
+
+2002-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/layers.tex: [no log message]
+
+2002-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/library.tex: [no log message]
+
+2002-09-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, lib/gnutls.h.in.in, lib/gnutls_alert.c: Added a new
+ function to convert from an error to an alert code.
+
+2002-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_compress_int.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: Improved support for zlib.
+
+2002-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-srp-02.txt,
+ doc/protocol/draft-ietf-tls-srp-03.txt: [no log message]
+
+2002-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-compression-00.txt,
+ doc/protocol/draft-ietf-tls-extensions-03.txt,
+ doc/protocol/draft-ietf-tls-extensions-05.txt: updated drafts
+
+2002-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/cli.c, tests/x509_test.c: [no log message]
+
+2002-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_rsa_export.c: Corrected bug in gnutls_dh_params_set().
+ Corrected bug in session resuming code of server side.
+
+2002-09-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c, lib/ext_max_record.c, libextra/ext_srp.c:
+ some cleanups in the extension parsing
+
+2002-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h: [no log message]
+
+2002-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: Added Simon Josefsson's patch for gdoc. Now gdoc
+ supports texinfo output.
+
+2002-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, buildconf, configure.in, lib/gnutls.h.in.in,
+ lib/gnutls_global.c, libextra/gnutls_extra.c, libmcrypt.m4: changes
+ for autoconf 2.50
+
+2002-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/examples.tex,
+ doc/tex/handshake.tex, doc/tex/library.tex, doc/tex/x509.tex: [no
+ log message]
+
+2002-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, src/serv.c: Removed dependency on libgdbm
+ library.
+
+2002-09-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe.c, lib/auth_rsa_export.c, lib/gnutls_algorithms.c,
+ lib/gnutls_compress_int.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
+ lib/gnutls_str.c, lib/gnutls_x509.c, lib/x509_xml.c,
+ libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: Some fixes for the
+ used realloc() function. Now we have gnutls_realloc_fast() which
+ frees the given pointer if the new allocation failed.
+
+2002-09-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/.cvsignore, lib/gnutls_num.h,
+ lib/gnutls_str.c: updated string functions
+
+2002-09-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_rsa_export.c: [no log message]
+
+2002-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/certificate.tex, doc/tex/ciphers.tex,
+ doc/tex/ex-rfc2818.tex, doc/tex/examples.tex, doc/tex/layers.eps,
+ doc/tex/layers.tex, doc/tex/memory.tex: [no log message]
+
+2002-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/x509cert.xml.tex, src/common.c: [no log message]
+
+2002-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: last changes for 0.5.6 release
+
+2002-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/pgpcert.xml.tex, doc/tex/x509cert.xml.tex,
+ lib/x509_xml.c, libextra/gnutls_openpgp.c, src/common.c,
+ src/gnutls-http-serv: added versioning in the XML output of
+ certificate functions.
+
+2002-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/intro.tex,
+ doc/tex/library.tex: [no log message]
+
+2002-09-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/internals.eps,
+ doc/tex/library.tex: [no log message]
+
+2002-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/Makefile.am, doc/tex/certificate.tex,
+ doc/tex/x509-1.eps, lib/gnutls_global.h: [no log message]
+
+2002-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/certificate.tex,
+ doc/tex/ciphers.tex, doc/tex/ciphersuites.tex, doc/tex/gnutls.tex,
+ doc/tex/intro.tex, doc/tex/layers.tex, doc/tex/library.tex,
+ doc/tex/openpgp.tex, doc/tex/tlsintro.tex, doc/tex/x509.tex:
+ reorganized documentation
+
+2002-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/Makefile, tests/Makefile.am, tests/Makefile.in: [no log
+ message]
+
+2002-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/test22.pem: [no log message]
+
+2002-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, configure.in, tests/Makefile, tests/Makefile.am,
+ tests/Makefile.in, tests/ca.pem, tests/test1.pem, tests/test10.pem,
+ tests/test13.pem, tests/test2.pem, tests/test23.pem,
+ tests/test24.pem, tests/test26.pem, tests/test3.pem,
+ tests/x509_test.c: Added more tests for the X.509 certificate
+ validation. These tests are now only included in the CVS not the
+ distribution.
+
+2002-09-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c: [no log message]
+
+2002-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2002-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_extensions.c, lib/gnutls_int.h: Corrected
+ extension type checks which used an 8 bit extension size, instead of
+ 16 bits.
+
+2002-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c, libextra/gnutls_srp.c: Corrected the SRP 'u'
+ generation, and the size part of 's' changed to 8bits.
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
+ lib/gnutls_ui.c, lib/gnutls_x509.c, libextra/auth_srp.c,
+ libextra/auth_srp.h, libextra/auth_srp_passwd.c,
+ libextra/ext_srp.c, libextra/gnutls_extra.h,
+ libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h,
+ libextra/gnutls_srp.c, src/cli.c, src/serv.c, src/tests.c,
+ src/tls_test.c: [no log message]
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, configure.in, libextra/ext_srp.c: [no log message]
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/auth_srp.c: corrected the SRP key exchange (bugs pointed
+ out by D. Taylor)
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c, lib/gnutls_int.h, lib/gnutls_x509.c:
+ corrected the cert_type extension. (bug pointed out by D. Taylor)
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c, lib/gnutls_priority.h: gnutls_list replaced
+ by const int*
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/appendix.tex, doc/tex/cover.tex.in,
+ doc/tex/gnutls.tex, doc/tex/handshake.tex, tests/Makefile.am: last
+ changes for 0.5.5 release
+
+2002-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-02.txt: [no log message]
+
+2002-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, configure.in: [no log message]
+
+2002-09-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
+ doc/tex/serv-export.tex, doc/tex/serv-srp.tex, doc/tex/serv1.tex,
+ doc/tex/srp1.tex, lib/gnutls.h.in.in, lib/gnutls_int_compat.c,
+ lib/gnutls_state.c, lib/gnutls_x509.c, lib/x509_extensions.c,
+ libextra/gnutls_openssl.c, src/cli.c, src/serv.c, src/tls_test.c:
+ [no log message]
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/programs.tex: [no log message]
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: [no log message]
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/ex4.tex, doc/tex/serv-export.tex, doc/tex/serv-srp.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex: corrected bugs in examples.
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, lib/gnutls.h.in.in,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
+ lib/gnutls_cert.c, lib/gnutls_handshake.c, lib/gnutls_int_compat.c,
+ lib/gnutls_record.c, lib/x509_b64.c, libextra/gnutls_openssl.c,
+ libextra/gnutls_srp.c, src/tests.c: more cleanups
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/ex1.tex,
+ doc/tex/ex2.tex, doc/tex/ex4.tex, doc/tex/examples.tex,
+ doc/tex/gnutls.tex, doc/tex/serv-export.tex, doc/tex/serv-srp.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex: Updated documentation and added
+ more server examples.
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_int.h, lib/gnutls_int_compat.c,
+ lib/gnutls_ui.h, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/x509_b64.c, lib/x509_b64.h, tests/x509_test.c: Updated the
+ base64 encoding/decoding functions.
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
+ lib/gnutls_state.c, lib/gnutls_v2_compat.c, lib/gnutls_x509.c,
+ libextra/gnutls_openpgp.c: several clean ups
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/appendix.tex, doc/tex/gnutls.tex,
+ doc/tex/howto.tex, doc/tex/macros.tex, doc/tex/pgpcert.xml.tex,
+ doc/tex/x509.tex, doc/tex/x509cert.xml.tex: Updated documentation to
+ include examples of XML certificates.
+
+2002-09-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_state.c, src/common.c: [no log message]
+
+2002-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-08-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_x509.c, lib/gnutls_x509.h: Improved the
+ certificate and key read functions. They can now read a PEM encoded
+ key and certificate from the same file.
+
+2002-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex3.tex, doc/tex/handshake.tex, lib/auth_cert.c,
+ lib/ext_cert_type.c, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_cert.c, lib/gnutls_int_compat.c, lib/gnutls_priority.c,
+ lib/gnutls_priority.h, lib/gnutls_state.c, lib/gnutls_state.h,
+ libextra/gnutls_openssl.c, src/cli.c, src/common.c, src/serv.c,
+ src/tests.c: cert_type abreviation was expanded to certificate_type.
+
+2002-08-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ex-rfc2818.tex, doc/tex/examples.tex:
+ updated examples
+
+2002-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2002-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/ex4.tex, doc/tex/examples.tex, doc/tex/serv1.tex,
+ doc/tex/srp1.tex, includes/gnutls/extra.h,
+ includes/gnutls/openssl.h, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_cert.c, lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/debug.c, lib/debug.h,
+ lib/ext_cert_type.c, lib/ext_cert_type.h, lib/ext_max_record.c,
+ lib/ext_max_record.h, lib/gnutls.h.in.in, lib/gnutls_alert.c,
+ lib/gnutls_alert.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.c, lib/gnutls_auth.h,
+ lib/gnutls_auth_int.h, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_compress.c,
+ lib/gnutls_compress.h, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_db.c, lib/gnutls_db.h,
+ lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_int_compat.c, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_priority.c, lib/gnutls_priority.h, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/gnutls_rsa_export.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_session.c,
+ lib/gnutls_session.h, lib/gnutls_session_pack.c,
+ lib/gnutls_session_pack.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, lib/gnutls_v2_compat.c, lib/gnutls_v2_compat.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_sig_check.c,
+ lib/x509_verify.c, libextra/auth_srp.c, libextra/auth_srp.h,
+ libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
+ libextra/ext_srp.c, libextra/ext_srp.h, libextra/gnutls_openssl.c,
+ libextra/gnutls_srp.c, src/cli.c, src/common.c, src/serv.c,
+ src/tests.c, src/tls_test.c: Renamed all the constructed types to
+ have more consisten names, and some other minor improvements.
+
+2002-08-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, PGPKEYS: removed PGPKEYS from the distribution.
+
+2002-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: [no log message]
+
+2002-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_record.c: Allow the NULL pointer
+ for data in gnutls_record_send(), if the previous call was
+ interrupted.
+
+2002-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: Corrected possible bug in decompression code.
+ Well compressed packets may have been rejected due to limited
+ buffer.
+
+2002-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex: [no log message]
+
+2002-08-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/README.autoconf, doc/TODO,
+ doc/protocol/draft-ietf-tls-srp-01.txt,
+ doc/protocol/draft-ietf-tls-srp-02.txt, lib/gnutls_algorithms.c,
+ lib/gnutls_int.h, libextra/Makefile.am, libextra/auth_srp.c,
+ libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
+ libextra/crypt.c, libextra/crypt.h, libextra/crypt_bcrypt.c,
+ libextra/crypt_bcrypt.h, libextra/crypt_srpsha1.c,
+ libextra/crypt_srpsha1.h, libextra/gnutls_srp.c,
+ libextra/gnutls_srp.h, src/crypt-gaa.c, src/crypt-gaa.h,
+ src/crypt.c, src/crypt.gaa: Added support for the new SRP draft by
+ D. Taylor. This includes the removal of the blowfish crypt hash
+ option, and the change of SRP cipher suite numbers.
+
+2002-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/gnutls_hash_int.c, lib/gnutls_x509.c: removed old
+ FIXME stuff.
+
+2002-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS: [no log message]
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/x509.tex, src/cli.c: [no log message]
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : added figures used in the documentation. Figures were generated
+ by DIA.
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/ex1.tex,
+ doc/tex/ex2.tex, doc/tex/ex4.tex, doc/tex/srp1.tex,
+ lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_int.h,
+ libextra/gnutls_openssl.c, src/cli.c, src/serv.c, src/tests.c:
+ Renamed GNUTLS_CIPHER_ARCFOUR to GNUTLS_CIPHER_ARCFOUR_128
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsignore, README: [no log message]
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c: better export ciphersuite detection
+
+2002-08-26 Andrew McDonald <admcd@gnutls.org>
+
+ * libextra/gnutls_openssl.c: Update SSL_CIPHER_get_name() to use
+ gnutls_cipher_suite_get_name()
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa_export.c: [no log message]
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/common.c, src/common.h, src/tests.c,
+ src/tests.h, src/tls_test.c: Improved the gnutls-cli-debug program
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_state.c: [no log message]
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphers.tex, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_int.h, src/cli.c, src/serv.c,
+ src/tests.c: renamed ARCFOUR-EXPORT to ARCFOUR-40
+
+2002-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_rsa_export.c, lib/gnutls_kx.c,
+ lib/gnutls_rsa_export.h, lib/gnutls_state.c, lib/gnutls_state.h:
+ Added support for RSA_EXPORT_WITH_RC4_EXPORT_MD5 with RSA
+ certificates with modulus less than 512 bits. This change made the
+ code a bit messy.
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: [no log message]
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c, src/tests.c, src/tests.h, src/tls_test.c: improvements
+ in server html output
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/intro.tex: changes
+ in order to keep up with the addition of export-grade ciphersuite
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa_export.c: [no log message]
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: changes for export cipher suites
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: Added the first EXPORT-grade ciphersuite
+
+2002-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/auth_rsa_export.c, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_rsa_export.c, lib/gnutls_rsa_export.h,
+ lib/gnutls_state.c, lib/gnutls_state.h, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, lib/gnutls_x509.c: Corrected bug in DHE key
+ exchange which prevented from parsing the given certificates
+ properly.
+
+2002-08-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-08-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h: Exported gnutls_openpgp_extract_key_id().
+ This is the gnutls_openpgp_keyid() function renamed.
+
+2002-08-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_auth.c: [no log message]
+
+2002-08-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_int_compat.c, src/serv.c:
+ gnutls_handshake_set_exportable_detection() was obsoleted.
+
+2002-08-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2002-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_constate.c, lib/gnutls_hash_int.c: corrected bug in
+ SSL3 random generation function. Now the export ciphersuite works in
+ SSL3 mode too.
+
+2002-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_state.c: Added
+ the first exportable ciphersuite (TLS_RSA_WITH_RC4_EXPORT_MD5). This
+ one only works in servers that have certificates of 512 bits length.
+
+2002-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2002-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_state.c, src/cli.c: Added some initials for the export
+ cipher suites.
+
+2002-08-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
+ doc/protocol/draft-ietf-tls-openpgp-keys-02.txt: updated openpgp
+ draft
+
+2002-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: included the change cipher specs in
+ gnutls_handshake_get_direction().
+
+2002-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2002-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_handshake.c:
+ gnutls_handshake_check_direction() renamed to
+ gnutls_handshake_get_direction().
+
+2002-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.c,
+ src/tls_test.gaa: Added verbose option to gnutls-cli-debug.
+
+2002-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_state.c: Added the
+ gnutls_handshake_set_exportable_detection() function, which is used
+ to control whether the handshake will check for exportable cipher
+ suites in the server. In that case an error of
+ GNUTLS_E_EXPORT_CIPHER_SUITE is returned.
+
+2002-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: [no log message]
+
+2002-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS: included cvs aliases into authors file
+
+2002-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: [no log message]
+
+2002-08-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c: Added
+ gnutls_cipher_suite_get_name(). This functions constructs the name
+ of a cipher suite using the given algorithms.
+
+2002-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_handshake.c, lib/gnutls_int.h:
+ Added new function gnutls_handshake_check_direction(), which returns
+ the state where the handshake function was interrupted.
+
+2002-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf, configure.in, doc/README.CVS: Added the
+ --enable-maintainer-mode configure option, and renamed the old one
+ to --enable-developer-mode.
+
+2002-08-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_x509.c: added
+ some missing consts
+
+2002-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-07-21 Andrew McDonald <admcd@gnutls.org>
+
+ * doc/tex/openssl.tex, includes/gnutls/openssl.h,
+ libextra/gnutls_openssl.c: add ability to use separate file
+ descriptors for send() and recv() using new set_transport_ptr2()
+ function
+
+2002-07-21 Andrew McDonald <admcd@gnutls.org>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: some initial
+ support for TLS/SSL server applications
+
+2002-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c: Added a special error code for cases where
+ the peer (server) supports only export ciphersuites.
+
+2002-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2002-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/errors.tex, doc/tex/howto.tex,
+ doc/tex/openpgp.tex, doc/tex/record.tex: Several documentation
+ fixes. Suggestions and patch by Paul Wujek <pwujek@xp2telecom.com>
+
+2002-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/ext_max_record.c, lib/gnutls_cert.c, lib/gnutls_compress.c,
+ lib/gnutls_compress_int.c, lib/gnutls_constate.c,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_global.c,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_state.c,
+ libextra/gnutls_extra.c: Fixes in zlib compression code.
+ gnutls_global_init_extra() in libgnutls-extra fails if library
+ versions do not match. Semantic changes in
+ gnutls_record_set_max_size(). The requested size is now immediately
+ enforced at the output buffers.
+
+2002-07-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: Client and server now accept the null
+ cipher option.
+
+2002-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_buffers.c, lib/gnutls_int.h,
+ lib/gnutls_record.c: Added gnutls_transport_set_ptr2() which accepts
+ two pointers.
+
+2002-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2002-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_mpi.h, lib/gnutls_privkey.c: moved to
+ libgcrypt 1.1.8
+
+2002-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/libgnutls.m4, libextra/libgnutls-extra.m4: corrected m4
+ macros for gnutls
+
+2002-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-ciphersuite-05.txt,
+ doc/protocol/rfc3268.txt: [no log message]
+
+2002-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/ext_cert_type.c, lib/ext_max_record.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_constate.c, lib/gnutls_datum.c, lib/gnutls_db.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_mpi.c, lib/gnutls_num.c, lib/gnutls_pk.c,
+ lib/gnutls_priority.c, lib/gnutls_privkey.c, lib/gnutls_random.c,
+ lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_v2_compat.c,
+ lib/x509_b64.c, lib/x509_extensions.c, lib/x509_sig_check.c,
+ lib/x509_verify.c, lib/x509_xml.c: Added some hints on the file
+ purpose, and some other cleanups.
+
+2002-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.h, lib/gnutls_state.c: [no log message]
+
+2002-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.c, lib/gnutls_state.c: Now gnutls_deinit() removes
+ abnormally terminated sessions. Added the _gnutls_deinit() function
+ which has the behaviour of the older gnutls_deinit().
+
+2002-07-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: corrected possible bug in http server
+
+2002-07-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.tex: [no log message]
+
+2002-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, src/serv.c: [no log message]
+
+2002-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.h: [no log message]
+
+2002-07-06 Andrew McDonald <admcd@gnutls.org>
+
+ * doc/tex/openssl.tex: added some more information about current
+ limitations of OpenSSL compatibility layer
+
+2002-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/Makefile.am: added gnutls_openssl.c
+
+2002-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/examples.tex: [no log message]
+
+2002-07-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/intro.tex, doc/tex/x509.tex: some documentation fixes.
+
+2002-07-06 Andrew McDonald <admcd@gnutls.org>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: get rid of
+ some warnings during build
+
+2002-07-06 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Minor fixes
+ for the OpenPGP code.
+
+2002-07-05 Andrew McDonald <admcd@gnutls.org>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: yet more
+ functions, and some fixes
+
+2002-07-05 Andrew McDonald <admcd@gnutls.org>
+
+ * includes/gnutls/openssl.h, libextra/gnutls_openssl.c: some more
+ functions implemented
+
+2002-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/examples.tex, doc/tex/funcs.tex,
+ doc/tex/openssl.tex: [no log message]
+
+2002-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_xml.c, libextra/gnutls_openpgp.c: [no log message]
+
+2002-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, lib/gnutls.h.in.in, lib/gnutls_ui.h:
+ Added defines for old function names.
+
+2002-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c, src/serv.c: [no log message]
+
+2002-07-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Fixed stub for xml keys. Added support
+ for the new string functions in xml key generation.
+
+2002-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex: [no log message]
+
+2002-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/README.srpcrypt, src/crypt-gaa.c, src/crypt-gaa.h,
+ src/crypt.gaa, src/serv.c: updated the parameters of srpcrypt
+ program. Other minor changes in included programs.
+
+2002-07-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: Corrected bug in the mpi extraction function
+ from X.509 certificates (affects DSA certificates).
+
+2002-07-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h: [no log message]
+
+2002-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_ui.h,
+ lib/x509_xml.c, libextra/gnutls_openpgp.c, src/common.c: Made the
+ xml convertion functions more mnemonic. Several other fixes in the
+ core library.
+
+2002-06-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_cipher.c,
+ lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
+ lib/gnutls_errors.c, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_x509.c, lib/x509_extensions.c,
+ lib/x509_extensions.h, lib/x509_xml.c: Several (internal) cleanups.
+ Const flags are better used now.
+
+2002-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_x509.c: Better organization of
+ cert2gnutls_cert function.
+
+2002-06-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_xml.c: Now
+ certificate decoding makes use of partial DER decoding of the
+ libtasn1 library. It speedups a bit the handshake in client side,
+ which needs to decode the certificate, in order to read the public
+ key parameters.
+
+2002-06-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_xml.c: Improved XML output.
+
+2002-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-06-24 Andrew McDonald <admcd@gnutls.org>
+
+ * libextra/gnutls_openssl.c: fix SSL_CIPHER_get_bits to return key
+ size in bits rather than bytes
+
+2002-06-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: Depends on opencdk 0.2.0
+
+2002-06-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, includes/Makefile.am, includes/gnutls/Makefile.am:
+ [no log message]
+
+2002-06-23 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Changes for the new OpenCDK version.
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/x509_test.c: [no log message]
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: [no log message]
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls_cert.h, lib/gnutls_record.c, lib/gnutls_str.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_extensions.c,
+ lib/x509_extensions.h, lib/x509_sig_check.c: The TLS handshake no
+ longer fails if the X.509 extensions in the Certificate are critical
+ and unsupported. The unsupported critical extensions are now only
+ catched by the verification functions.
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_str.c, lib/gnutls_str.h, lib/x509_xml.c: Added new
+ string functions to handle the XML string stuff.
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex, includes/gnutls/Makefile.am,
+ includes/gnutls/extra.h, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_xml.c,
+ libextra/gnutls_openssl.c, libextra/gnutls_srp.c, src/cli.c,
+ src/serv.c, src/tls_test.c: Renamed credential allocation functions
+ from *_sc() to *_cred().
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/gnutls/Makefile.am, includes/gnutls/gnutls.h: [no log
+ message]
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, configure.in, lib/Makefile.am, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_int_compat.c,
+ lib/gnutls_x509.c, libextra/Makefile.am, libextra/extra.h,
+ libextra/gnutls_openssl.c, libextra/openssl.h, src/Makefile.am,
+ src/cli.c, src/common.c, src/prime.c, src/serv.c, src/tests.c,
+ src/tls_test.c, tests/Makefile.am: [no log message]
+
+2002-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * includes/Makefile.am, includes/gnutls/Makefile.am,
+ includes/gnutls/extra.h, includes/gnutls/gnutls.h,
+ includes/gnutls/openssl.h: Installed headers moved to includes/
+ directory.
+
+2002-06-21 Andrew McDonald <admcd@gnutls.org>
+
+ * libextra/gnutls_openssl.c, libextra/openssl.h: changes to way
+ SSL_CIPHER allocation is handled make use of option SSL_OP_NO_TLSv1
+
+2002-06-21 Andrew McDonald <admcd@gnutls.org>
+
+ * libextra/gnutls_openssl.c: use gnutls_cipher_get_key_size() in
+ SSL_CIPHER_get_bits()
+
+2002-06-21 Andrew McDonald <admcd@gnutls.org>
+
+ * libextra/gnutls_openssl.c, libextra/openssl.h: make arrays for
+ priority information in SSL_METHOD statically allocated
+
+2002-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2002-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c, lib/x509_xml.c: [no log
+ message]
+
+2002-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: corrected countryName
+
+2002-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ src/common.c: [no log message]
+
+2002-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/extra.h, libextra/openssl.h: changed <gnutls.h> with
+ <gnutls/gnutls.h>
+
+2002-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_constate.c, lib/gnutls_int.h:
+ Exported gnutls_cipher_get_key_size(). Better name printing for MAC
+ algorithms.
+
+2002-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/cli.c, src/common.c, src/serv.c, src/tests.c,
+ src/tls_test.c: [no log message]
+
+2002-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex4.tex,
+ doc/tex/funcs.tex, doc/tex/serv1.tex, doc/tex/srp1.tex,
+ libextra/Makefile.am, libextra/extra.h, libextra/gnutls-extra.h,
+ libextra/gnutls-openssl.h, libextra/openssl.h: New install directory
+ for headers is /gnutls
+
+2002-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2002-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/gnutls_x509.h: [no log message]
+
+2002-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/handshake.tex, doc/tex/memory.tex,
+ doc/tex/translayer.tex, lib/gnutls.h.in.in, lib/gnutls_global.c: [no
+ log message]
+
+2002-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsusers: [no log message]
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-19 Andrew McDonald <admcd@gnutls.org>
+
+ * libextra/gnutls-openssl.h, libextra/gnutls_openssl.c: Implemented
+ some more functions. Basic TLS/SSL operations tested with: slrn,
+ wget, lynx
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_db.c,
+ lib/gnutls_global.c, lib/gnutls_int_compat.c, lib/gnutls_ui.h,
+ libextra/gnutls-extra.h, libextra/gnutls_srp.c, src/serv.c: _func
+ abreviation is no longer used. Functions renamed to _function.
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_xml.c: x509_xml.c
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: removed ioctl stuff.
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa,
+ src/tls_test.c: added 'nodb' and 'quiet' options to server.
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c, src/cli.c: [no log message]
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c: Corrected bug in PKCS-1 RSA encryption.
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2002-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsusers, AUTHORS: [no log message]
+
+2002-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/common.c, src/list.h, src/serv.c: The server
+ used was changed to a non blocking one. The server was created by
+ Paul Sheer.
+
+2002-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: cleanups
+
+2002-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: fixed stubs
+
+2002-06-17 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Minor changes and a XML stub if OpenCDK
+ is not used.
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_xml.c: [no log message]
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int_compat.c, lib/gnutls_x509.c, lib/x509_xml.c: [no
+ log message]
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls-extra.h, libextra/gnutls-openssl.h,
+ libextra/gnutls_openssl.c: [no log message]
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: [no log message]
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/howto.tex: Added
+ chapter on how to use TLS in application protocols.
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openssl.c: [no log message]
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/Makefile.am, libextra/gnutls-openssl.h: Added Andrew's
+ openssl compatible interface.
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h, lib/x509_xml.c, libextra/gnutls-extra.h: [no log
+ message]
+
+2002-06-16 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Changed the
+ xml function name to fit into the GnuTLS API. New memory handling
+ for gnutls_datum.
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: [no log message]
+
+2002-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls-extra.h: [no log message]
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/alert.tex, doc/tex/ciphers.tex, doc/tex/errors.tex,
+ doc/tex/examples.tex, doc/tex/handshake.tex, doc/tex/layers.tex,
+ doc/tex/macros.tex, doc/tex/memory.tex, doc/tex/record.tex,
+ doc/tex/translayer.tex: [no log message]
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, configure.in, doc/TODO, src/Makefile.am: Corrected
+ libgdbm issues
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, doc/tex/handshake.tex,
+ doc/tex/serv1.tex, lib/defines.h, lib/gnutls.h.in.in,
+ lib/gnutls_db.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_int_compat.c, lib/gnutls_state.c, lib/x509_xml.c,
+ src/Makefile.am, src/common.c, src/serv.c: Removed the gdbm backend
+ for resuming TLS sessions. Program gnutls-serv was modified to
+ include support for resuming sessions with the callback api.
+
+2002-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/alert.tex, doc/tex/auth.tex,
+ doc/tex/errors.tex, doc/tex/examples.tex, doc/tex/funcs.tex,
+ doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/layers.tex,
+ doc/tex/openpgp.tex, doc/tex/record.tex, doc/tex/x509.tex: Added
+ index.
+
+2002-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/macros.tex,
+ doc/tex/openpgp.tex, doc/tex/x509.tex: [no log message]
+
+2002-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_xml.c: [no log message]
+
+2002-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_ui.h, lib/x509_xml.c: [no log message]
+
+2002-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_ui.h, lib/x509_xml.c: Added XML
+ extraction from an X.509 certificate. Only some basic functionality
+ is now available.
+
+2002-06-14 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Corrected the key length calcuation for
+ the key data fields.
+
+2002-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/crypt_bcrypt.c: [no log message]
+
+2002-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/pkix.asn, lib/pkix_asn1_tab.c: [no log message]
+
+2002-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-12 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Some minor improvements for the XML
+ code.
+
+2002-06-12 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Implemented verbosity level for XML
+ output.
+
+2002-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_ASN.c: [no log message]
+
+2002-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/Makefile.am, src/Makefile.am, tests/Makefile.am: [no log
+ message]
+
+2002-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/README.CVS: [no log message]
+
+2002-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_cert.c, lib/auth_rsa.c,
+ lib/gnutls_asn1_tab.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_privkey.c,
+ lib/gnutls_sig.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ lib/pkix_asn1_tab.c, lib/x509_extensions.c, lib/x509_sig_check.c,
+ lib/x509_verify.c: renamed libasn1 to libtasn1
+
+2002-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CVS: renamed libasn1 to libtasn1
+
+2002-06-10 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: A small fix for the XML code.
+
+2002-06-10 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Basic XML
+ output for OpenPGP certificates.
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/layers.eps, doc/tex/layers.ps,
+ doc/tex/layers.tex, doc/tex/openpgp.tex, doc/tex/pgp-fig1.eps: [no
+ log message]
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/gnutls.tex,
+ doc/tex/intro.tex, doc/tex/openpgp.tex, doc/tex/pgp-fig1.eps: Added
+ Timo's openpgp guide
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, buildconf, configure.in, lib/Makefile.am: Added
+ configure option to use the included libasn1.
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, NEWS, configure.in, libextra/Makefile.am,
+ tests/Makefile.am: [no log message]
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CVS: [no log message]
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_cert.c, lib/auth_rsa.c,
+ lib/gnutls_asn1_tab.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_mpi.c, lib/gnutls_mpi.h, lib/gnutls_pk.c,
+ lib/gnutls_privkey.c, lib/gnutls_sig.c, lib/gnutls_x509.c,
+ lib/gnutls_x509.h, lib/pkix_asn1_tab.c, lib/x509_ASN.y,
+ lib/x509_asn1.c, lib/x509_asn1.h, lib/x509_der.c, lib/x509_der.h,
+ lib/x509_extensions.c, lib/x509_extensions.h, lib/x509_sig_check.c,
+ lib/x509_verify.c: Adapted codebase to the new libasn1 0.1.0.
+
+2002-06-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/asn1c.c: removed asn1c.c program. Moved to
+ libasn1.
+
+2002-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h: [no log message]
+
+2002-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/x509_test.c: [no log message]
+
+2002-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_global.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
+ lib/x509_b64.c: Added gnutls_b64_encode_fmt2() and
+ gnutls_b64_decode_fmt2(). These functions return allocated data.
+ Cleaned up the gnutls_datum code and some of memory stuff.
+
+2002-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, acconfig.h, configure.in, lib/gnutls_alert.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_global.c,
+ lib/gnutls_mem.c, lib/gnutls_mem.h: Added check for C99 macro
+ support. Stubs are used if they are not supported by the compile. A
+ more elegant solution is required.
+
+2002-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c, lib/gnutls_mem.c, lib/gnutls_mem.h: only use
+ the libc's strdup, if using the libc's malloc function.
+
+2002-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mem.c, lib/gnutls_mem.h: Removed gnutls_strdup().
+ Replaced with a pointer to libc's strdup() function.
+
+2002-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_record.c, lib/gnutls_state.c,
+ src/cli.c: [no log message]
+
+2002-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: No longer realloc() the record buffers. It
+ had some meaning when gnutls_realloc_fast() was there, but now they
+ one cause a slowdown.
+
+2002-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_int.h, lib/gnutls_state.c, src/cli.c, src/serv.c: Created
+ gnutls_handshake_set_private_extensions() function.
+
+2002-06-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c: [no log message]
+
+2002-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/defines.h, lib/gnutls_algorithms.c,
+ lib/gnutls_int.h, lib/gnutls_state.c, libextra/crypt_bcrypt.c:
+ Corrected issues with ptrdiff_t. Added option to enable private
+ (experimental) cipher suites. They are now disabled by default so
+ they do not create interoperability problems.
+
+2002-06-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, libextra/crypt_bcrypt.c, libextra/crypt_srpsha1.c:
+ added check for ptrdiff_t type.
+
+2002-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: [no log message]
+
+2002-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv-gaa.h, src/serv.gaa: [no log message]
+
+2002-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, doc/tex/Makefile.am, doc/tex/asn1.tex, lib/Makefile.am:
+ asn1.ps is no longer generated in the gnutls package. It is included
+ in the libasn1 package.
+
+2002-06-03 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls-extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h: Corrected some data types and more
+ documentation.
+
+2002-06-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/x509_test.c: [no log message]
+
+2002-06-02 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls-extra.h: [no log message]
+
+2002-06-02 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls-extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h: More fixes for the keyid and some changes
+ for the _mem functions.
+
+2002-06-02 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h: Applied the
+ patches. Changed the keyid from u32[2] to byte[8].
+
+2002-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, NEWS, configure.in, doc/TODO,
+ lib/gnutls_anon_cred.c, lib/gnutls_x509.c, lib/gnutls_x509.h,
+ libextra/gnutls_srp.c: Removed stubs for srp and anonymous
+ authentication. Added test suite directory.
+
+2002-06-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * tests/Makefile.am, tests/test1.pem, tests/test10.pem,
+ tests/test2.pem, tests/test25.pem, tests/test3.pem,
+ tests/x509_test.c: added test suite
+
+2002-06-02 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Some modifications for the newest
+ OpenCDK snapshot.
+
+2002-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: [no log message]
+
+2002-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_record.c: [no log message]
+
+2002-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Minor fixes. Added documentation for
+ gnutls_certificate_set_openpgp_trustdb() function.
+
+2002-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/common.c, src/serv-gaa.c, src/serv.c, src/serv.gaa,
+ src/tls_test-gaa.c, src/tls_test.gaa: [no log message]
+
+2002-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ libextra/gnutls_openpgp.c: Added error code for unsupported trustdb.
+
+2002-05-27 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Check the trustdb format before the
+ handshake begins.
+
+2002-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-05-27 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: Added a check for the trustdb so we can
+ figure out if the format is useable for OpenCDK.
+
+2002-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls-extra.h, src/cli.c, src/common.c, src/serv.c: [no
+ log message]
+
+2002-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/CertificateExample.c, src/CrlExample.c, src/Makefile.am,
+ src/cli-gaa.c, src/cli.gaa, src/crypt.c, src/serv-gaa.c,
+ src/serv.gaa: some parts were moved to libasn1.
+
+2002-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mem.h: [no log message]
+
+2002-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/errors.tex, doc/tex/gnutls.tex,
+ doc/tex/memory.tex: added memory handling section
+
+2002-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_mem.h,
+ lib/gnutls_priority.c: reintroduced realloc_fast() which prevents
+ some malloc(0) situations.
+
+2002-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am: [no log message]
+
+2002-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/auth_cert.c, lib/auth_rsa.c, lib/gnutls_int.h,
+ lib/gnutls_num.h, lib/gnutls_record.c, libextra/auth_srp.c,
+ libextra/auth_srp_passwd.c, libextra/gnutls_srp.c,
+ libextra/gnutls_srp.h: Several clean ups and bug fixes.
+
+2002-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, acconfig.h, configure.in, lib/auth_cert.c,
+ lib/gnutls.h.in.in, lib/gnutls_algorithms.c, lib/gnutls_auth.c,
+ lib/gnutls_buffers.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
+ lib/gnutls_pk.c, lib/gnutls_x509.c, lib/x509_b64.c,
+ libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/crypt_bcrypt.c, libextra/crypt_srpsha1.c,
+ libextra/gnutls_openpgp.c, libextra/gnutls_srp.c, src/common.c:
+ Applied Jeff Johnson's patch which fixes type problems in 64 bit
+ machines. Removed the default allocation handlers, and made the
+ libc's functions to be defaults. Added function which sets the
+ memory allocation functions to be used.
+
+2002-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.h.in.in, libextra/gnutls-extra.h,
+ libextra/gnutls_extra.h, libextra/gnutls_openpgp.c,
+ libextra/gnutls_openpgp.h: [no log message]
+
+2002-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.h: [no log message]
+
+2002-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * libextra/gnutls_openpgp.c: corrected function declaration
+
+2002-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CVS, doc/tex/Makefile.am, doc/tex/serv1.tex,
+ doc/tex/srp1.tex: Updated documentation for the gnutls-extra library
+
+2002-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_datum.c,
+ lib/gnutls_datum.h, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_record.c, lib/gnutls_session_pack.c,
+ lib/gnutls_v2_compat.c, lib/gnutls_x509.c, libextra/auth_srp.c:
+ Prefixed internal functions with _gnutls_
+
+2002-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2002-05-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-05-20 Timo Schulz <twoaday@gnutls.org>
+
+ * libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h:
+ Modifications for the new OpenCDK version and some minor fixes.
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/README.autoconf, lib/Makefile.am,
+ libextra/Makefile.am, libextra/libgnutls-extra-config.in,
+ libextra/libgnutls-extra.m4, src/crypt.c, src/tests.c: [no log
+ message]
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, doc/tex/Makefile.am, lib/Makefile.am,
+ libextra/Makefile.am, src/Makefile.am, src/cli.c, src/common.c,
+ src/serv.c, src/tls_test.c: [no log message]
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, README, libextra/auth_srp.c, libextra/auth_srp_passwd.c,
+ libextra/auth_srp_sb64.c, libextra/crypt.c,
+ libextra/crypt_bcrypt.c, libextra/crypt_srpsha1.c,
+ libextra/ext_srp.c, libextra/gnutls_extra.c,
+ libextra/gnutls_openpgp.c, libextra/gnutls_srp.c: [no log message]
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, README, configure.in: [no log message]
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_passwd.h, lib/auth_srp_sb64.c,
+ lib/crypt.c, lib/crypt.h, lib/crypt_bcrypt.c, lib/crypt_bcrypt.h,
+ lib/crypt_srpsha1.c, lib/crypt_srpsha1.h, lib/ext_srp.c,
+ lib/ext_srp.h, lib/gnutls-extra.h, lib/gnutls_extra.c,
+ lib/gnutls_extra.h, lib/gnutls_openpgp.c, lib/gnutls_openpgp.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, libextra/Makefile.am,
+ libextra/auth_srp.c, libextra/auth_srp.h,
+ libextra/auth_srp_passwd.c, libextra/auth_srp_passwd.h,
+ libextra/auth_srp_sb64.c, libextra/crypt.c, libextra/crypt.h,
+ libextra/crypt_bcrypt.c, libextra/crypt_bcrypt.h,
+ libextra/crypt_srpsha1.c, libextra/crypt_srpsha1.h,
+ libextra/ext_srp.c, libextra/ext_srp.h, libextra/gnutls-extra.h,
+ libextra/gnutls_extra.c, libextra/gnutls_extra.h,
+ libextra/gnutls_openpgp.c, libextra/gnutls_openpgp.h,
+ libextra/gnutls_srp.c, libextra/gnutls_srp.h: Moved the gnutls-extra
+ files to libextra directory.
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore: [no log message]
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/funcs.tex, lib/Makefile.am: removed
+ html version of the documentation
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls-extra.h, lib/gnutls_extra.c, lib/gnutls_extra.h,
+ src/cli.c, src/serv.c: [no log message]
+
+2002-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, README, configure.in, doc/tex/Makefile.am,
+ doc/tex/funcs.tex, doc/tex/macros.tex, lib/Makefile.am,
+ lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cert.c,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_openpgp.h, lib/gnutls_ui.h, lib/libgnutls-config.in,
+ src/Makefile.am, src/cli.c, src/common.c, src/serv.c, src/tests.c,
+ src/tls_test.c: Separated the library to gnutls and gnutls-extra.
+ gnutls-extra library contains the GPL parts of gnutls
+
+2002-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, configure.in, src/prime.c, src/tests.c: [no log message]
+
+2002-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, configure.in, lib/auth_anon.c, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_srp.c, lib/libgnutls-config.in,
+ src/prime.c: Added --modules option to libgnutls-config. This option
+ prints the extra modules that have been enabled into the library.
+
+2002-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2002-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: configure script now prints the library license
+
+2002-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c: Replaced group1 prime with a prime of 1024
+ bits
+
+2002-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * COPYING.LIB, NEWS, README, lib/auth_anon.c, lib/auth_cert.c,
+ lib/auth_dhe.c, lib/auth_rsa.c, lib/debug.c, lib/ext_cert_type.c,
+ lib/ext_max_record.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c, lib/gnutls_auth.c,
+ lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_compress.c,
+ lib/gnutls_compress_int.c, lib/gnutls_constate.c,
+ lib/gnutls_datum.c, lib/gnutls_db.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.c, lib/gnutls_extensions.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mpi.c,
+ lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_priority.c,
+ lib/gnutls_privkey.c, lib/gnutls_random.c, lib/gnutls_record.c,
+ lib/gnutls_session.c, lib/gnutls_session_pack.c, lib/gnutls_sig.c,
+ lib/gnutls_state.c, lib/gnutls_str.c, lib/gnutls_ui.c,
+ lib/gnutls_v2_compat.c, lib/gnutls_x509.c, lib/x509_asn1.c,
+ lib/x509_b64.c, lib/x509_der.c, lib/x509_extensions.c,
+ lib/x509_sig_check.c, lib/x509_verify.c: License changed to LGPL
+
+2002-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c: [no log message]
+
+2002-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c: Some cleanups in the Diffie Hellman code.
+
+2002-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: Added the missing user_ptr pointer in
+ gnutls_internals.
+
+2002-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in, lib/gnutls_state.c: Added
+ gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to
+ assist in callback functions.
+
+2002-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h: Corrected prototypes for callback selector
+ functions, which now accept the state.
+
+2002-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/gnutls_anon_cred.c, lib/gnutls_cert.c,
+ lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_kx.c,
+ lib/gnutls_openpgp.c, lib/gnutls_pk.c, lib/gnutls_privkey.c,
+ lib/gnutls_sig.c, lib/gnutls_srp.c, lib/x509_sig_check.c: [no log
+ message]
+
+2002-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_gcry.c, lib/gnutls_gcry.h,
+ lib/gnutls_int.h, lib/gnutls_mpi.c, lib/gnutls_mpi.h: renamed
+ gnutls_gcry* to gnutls_mpi*
+
+2002-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_global.c: Updated libgcrypt
+ initialization stuff. Now depends on libgcrypt 1.1.7, and only
+ initializes libgcrypt if this has not been done before.
+
+2002-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe.c, lib/auth_rsa.c, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/crypt.c, lib/crypt_bcrypt.c,
+ lib/crypt_srpsha1.c, lib/debug.c, lib/gnutls_auth.c,
+ lib/gnutls_dh.c, lib/gnutls_dh_primes.c, lib/gnutls_gcry.c,
+ lib/gnutls_gcry.h, lib/gnutls_openpgp.c, lib/gnutls_openpgp.h,
+ lib/gnutls_pk.c, lib/gnutls_privkey.c, lib/gnutls_srp.c,
+ lib/gnutls_x509.c, lib/x509_ASN.c, lib/x509_sig_check.c: Cleaned up
+ the big number support.
+
+2002-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.h: [no log message]
+
+2002-04-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2002-04-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: [no log message]
+
+2002-04-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-04-21 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Adjust the code for the new OpenCDK version.
+
+2002-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_compress_int.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ lib/gnutls_srp.c, lib/gnutls_state.h: Optimized memory handling in
+ the record protocol.
+
+2002-04-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.h, lib/gnutls_anon_cred.c, lib/gnutls_srp.c,
+ lib/gnutls_ui.c, src/cli.c, src/serv.c: Added stubs when SRP or
+ anonymous authentication are disabled, to preserve binary
+ compatibility
+
+2002-04-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-04-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/ex4.tex, lib/gnutls.h.in.in,
+ lib/gnutls_state.c, src/cli.c, src/serv.c: gnutls_session_resumed()
+ was renamed to gnutls_session_is_resumed(), and changed semantics,
+ to make the return value be the obvious one.
+
+2002-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ex4.tex, doc/tex/examples.tex:
+ updated documentation for the new resumption check function
+
+2002-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls.h.in.in, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, lib/gnutls_state.c, src/cli.c, src/serv.c:
+ Added function to report if a session is a resumed one. See
+ gnutls_session_resumed().
+
+2002-04-18 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Applied the fixes for the new code.
+
+2002-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c: [no log message]
+
+2002-04-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/ext_cert_type.c, lib/ext_cert_type.h,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_srp.c,
+ lib/ext_srp.h, lib/gnutls_extensions.c, lib/gnutls_srp.c,
+ src/gnutls-http-serv, src/serv.c: Some minor fixes in SRP support.
+ Changed extension generation. Now less allocation with malloc are
+ done.
+
+2002-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c: [no log message]
+
+2002-04-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-56-bit-ciphersuites-01.txt: [no log
+ message]
+
+2002-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: Fixed description of
+ gnutls_x509_extract_certificate_subject_alt_name().
+
+2002-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-04-13 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Some modifications for the new OpenCDK code.
+
+2002-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphersuites.tex, doc/tex/errors.tex,
+ doc/tex/ex1.tex, doc/tex/examples.tex, doc/tex/gnutls.tex,
+ doc/tex/handshake.tex, doc/tex/serv1.tex, src/crypt.c: Documentation
+ fixes
+
+2002-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, src/Makefile.am: [no log message]
+
+2002-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, configure.in: fixed opencdk detection problem
+
+2002-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/gnutls_x509.h: better doc (internal) for
+ _gnutls_int2str()
+
+2002-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/serv1.tex, lib/gnutls.h.in.in, lib/gnutls_state.c: [no log
+ message]
+
+2002-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_rsa.c, lib/gnutls_int.h, lib/gnutls_state.c: Added
+ function which disables the version check in the RSA premaster
+ secret -only needed in server side
+
+2002-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/asn1.tex,
+ doc/tex/cover.tex.in, doc/tex/funcs.tex, doc/tex/gnutls.tex,
+ lib/Makefile.am: separated asn1 parser library and tls library
+ documentation
+
+2002-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_pk.c: changes for 0.4.1
+
+2002-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.h: [no log message]
+
+2002-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: fixed case where a certificate could be both
+ invalid and trusted.
+
+2002-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-04-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, opencdk.m4: [no log message]
+
+2002-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am: [no log message]
+
+2002-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acinclude.m4, buildconf, libgcrypt.m4, libmcrypt.m4, opencdk.m4:
+ m4 files were removed from acinclude.m4
+
+2002-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acinclude.m4, configure.in: added detection of opencdk
+
+2002-04-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf: [no log message]
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in: [no log message]
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_verify.c,
+ lib/x509_verify.h: Improved X.509 time convertion functions
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_x509.c:
+ GNUTLS_E_UNIX_TIME_LIMIT_REACHED error code was removed
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphers.tex, doc/tex/handshake.tex,
+ doc/tex/translayer.tex: [no log message]
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: Added kludge in order to work with dates over
+ 2036
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex3.tex: [no log message]
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_int.h,
+ lib/gnutls_int_compat.c, lib/gnutls_openpgp.c, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, lib/gnutls_x509.h, lib/x509_verify.c,
+ src/common.c: GNUTLS_CERT_EXPIRED is no longer returned by
+ verification functions. Added functions to check the expiration and
+ activation date of peer's certificate. See
+ gnutls_certificate_expiration_time_peers().
+
+2002-04-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, configure.in, lib/defines.h, lib/x509_verify.c:
+ Replaced mktime() with mktime_utc(). This corrects a bug with the
+ localtime returned by mktime().
+
+2002-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/auth_cert.c, lib/defines.h,
+ lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_handshake.c, lib/gnutls_mem.h, lib/gnutls_x509.c,
+ lib/x509_asn1.c, lib/x509_der.c: merged changes from
+ gnutls_0_4_with_alloca.
+
+2002-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.h: [no log message]
+
+2002-04-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_cert.h, lib/gnutls_pk.c: Optimized RSA
+ signature calculation
+
+2002-04-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_int.h: [no log message]
+
+2002-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c: [no log message]
+
+2002-04-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in, doc/TODO: [no log message]
+
+2002-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_pk.c: [no log message]
+
+2002-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_gcry.c, lib/gnutls_global.c, lib/gnutls_pk.c,
+ lib/gnutls_privkey.c, lib/gnutls_x509.c, lib/x509_asn1.h,
+ lib/x509_extensions.c, lib/x509_sig_check.c, lib/x509_verify.c:
+ Error codes of ASN.1 parser are now independent, with a map to
+ gnutls' error codes.
+
+2002-03-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c: cleanups
+
+2002-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Added the text for
+ gnutls_openpgp_extract_key_pk_algorithm.
+
+2002-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/serv1.tex, lib/gnutls.h.in.in, lib/gnutls_x509.c,
+ src/cli.c, src/serv.c: Removed the CRL list parameter from
+ gnutls_certificate_set_x509_trust_*.
+
+2002-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: gnutls_certificate_set_x509_trust_*() now
+ accept single DER certificates or PEM certificate lists.
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: [no log message]
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/crypt_srpsha1.c, lib/gnutls_x509.c: Added
+ ability to read DSA DER formatted keys, and corrected bugs in DER
+ certificate reading.
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.c: [no log message]
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress.c, lib/gnutls_compress_int.c,
+ lib/gnutls_compress_int.h, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_state.c,
+ lib/gnutls_ui.c, lib/x509_sig_check.c: Prefixed with underscore
+ several internal functions.
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_global.c,
+ lib/gnutls_x509.c: removed unneeded functions
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa: added crlf
+ option
+
+2002-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, doc/TODO, lib/auth_rsa.c, lib/gnutls_int.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_sig.c, lib/x509_der.c,
+ lib/x509_sig_check.c, src/cli.c, src/serv-gaa.c, src/serv-gaa.h,
+ src/serv.gaa: Some cleanups in the certificate authentication.
+ Parameters are passed together with the length, to avoid abuse.
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c: [no log message]
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO: [no log message]
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509_b64.c: Cleaned up the return values of
+ several functions.
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv-gaa.h, src/serv.c, src/serv.gaa: added
+ option to read DER encoded certificates
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_cert.h, lib/gnutls_pk.c,
+ lib/gnutls_privkey.c: Optimized RSA decryption. (Very) Much faster
+ now
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: read PKCS7 certificate chains in the reverse
+ order.
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_compress_int.c: [no log message]
+
+2002-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h: [no log message]
+
+2002-03-26 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/x509_asn1.c, lib/x509_asn1.h: add asn1_number_of_elements
+ function
+
+2002-03-26 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/x509_der.c: fix bug in asn1_get_start_end_der function
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/common.c: [no log message]
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, doc/tex/ex3.tex: [no log message]
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, lib/gnutls_x509.c, src/common.c: changed semantics of
+ gnutls_x509_extract_certificate_pk_algorithm()
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c: [no log message]
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_buffers.c, lib/gnutls_global.c, lib/gnutls_record.c:
+ Several optimizations
+
+2002-03-26 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Now the pk algorithm is returned and not
+ only the key size in bits.
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_pk.h, lib/gnutls_x509.c: [no log
+ message]
+
+2002-03-26 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Function which is used
+ to extract key parameters for openpgp keys.
+
+2002-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/gnutls.h.in.in, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_pk.h, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, src/common.c, src/gnutls-http-serv, src/serv.c:
+ added gnutls_x509_extract_certificate_pk_algorithm()
+
+2002-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, lib/gnutls.h.in.in,
+ lib/gnutls_int.h, lib/gnutls_x509.c, src/cli-gaa.c, src/cli.c,
+ src/cli.gaa, src/serv-gaa.c, src/serv.c, src/serv.gaa: Improved
+ PKCS7 support
+
+2002-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_x509.c: Added function which reads
+ the DER encoded certificate and key. (now only works for RSA keys)
+
+2002-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/auth_cert.c, lib/gnutls_global.c,
+ lib/gnutls_hash_int.c, lib/gnutls_random.c, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, lib/pkix.asn, lib/pkix_asn1_tab.c,
+ lib/x509_asn1.c, lib/x509_extensions.c, lib/x509_sig_check.c,
+ lib/x509_verify.c, src/gnutls-http-serv, src/serv.c: Added support
+ for RFC2630 - PKCS7 formated structures
+
+2002-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: [no log message]
+
+2002-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c: [no log message]
+
+2002-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: more cleanups
+
+2002-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in, lib/auth_cert.c: [no log message]
+
+2002-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: Cleanups and fixes in X.509 certificate message
+ parsing
+
+2002-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/common.h, src/serv-gaa.c, src/serv.c,
+ src/tls_test-gaa.c: [no log message]
+
+2002-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c: [no log message]
+
+2002-03-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: Corrected code to avoid compiler's warnings
+
+2002-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, acconfig.h, configure.in, lib/auth_anon.c,
+ lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
+ lib/auth_srp_passwd.h, lib/auth_srp_sb64.c, lib/crypt.c,
+ lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/ext_srp.c,
+ lib/ext_srp.h, lib/gnutls_algorithms.c, lib/gnutls_anon_cred.c,
+ lib/gnutls_auth.c, lib/gnutls_extensions.c,
+ lib/gnutls_session_pack.c, lib/gnutls_srp.c, lib/gnutls_srp.h,
+ lib/gnutls_ui.c, src/serv.c: Added hooks not to include SRP and
+ Anonymous authentication
+
+2002-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_x509.c: Corrected behaviour when no
+ certificate is got by the peer.
+
+2002-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/gnutls-http-serv: Added script which runs an
+ http server with the appropriate parameters.
+
+2002-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, lib/gnutls_record.c, lib/gnutls_state.c: CBC
+ protection support is disabled by default.
+
+2002-03-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS: [no log message]
+
+2002-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_constate.c: [no log message]
+
+2002-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_constate.c: [no log message]
+
+2002-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
+ lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
+ lib/gnutls_constate.c: Optimizations and fixes in compression
+
+2002-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_passwd.c, lib/gnutls_cipher.c, lib/gnutls_x509.c: [no
+ log message]
+
+2002-03-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_compress_int.c, lib/gnutls_compress_int.h,
+ lib/gnutls_constate.c, lib/gnutls_int.h, lib/gnutls_state.c,
+ lib/x509_ASN.c, lib/x509_ASN.y, lib/x509_asn1.c: Improved
+ compression support. Corrected several bugs in empty fragment
+ sending and receiving.
+
+2002-03-19 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/x509_asn1.c: segmentation fault bug fix
+
+2002-03-18 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: New OpenCDK interface for secure memory.
+
+2002-03-18 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_errors_int.h, lib/gnutls_openpgp.c: Detection of
+ revoked OpenPGP userID's.
+
+2002-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2002-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h: added missing prototypes
+
+2002-03-18 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Support for multiple
+ userID's.
+
+2002-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_srp.c: [no log message]
+
+2002-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: removed default parameters arguments
+
+2002-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, THANKS, acconfig.h, configure.in,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mem.c,
+ lib/gnutls_mem.h, src/cli.c: Added hooks for electric fence
+
+2002-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CVS, src/Makefile.am: [no log message]
+
+2002-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: Checking of certificate lists even if the CA
+ size is zero. Pointed out by Andrew McDonald
+
+2002-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CVS: [no log message]
+
+2002-03-13 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Improved code for the various keyrings and
+ support for armored keyring files.
+
+2002-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: [no log message]
+
+2002-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, acconfig.h, configure.in, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_state.c: made CBC chosen plaintext
+ protection configurable
+
+2002-03-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2002-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h: [no log message]
+
+2002-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2002-03-11 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Added missing stub for one function.
+
+2002-03-10 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: New error codes.
+
+2002-03-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_pk.c,
+ lib/gnutls_privkey.c, lib/gnutls_record.c, lib/gnutls_sig.c,
+ lib/gnutls_state.c, lib/gnutls_x509.c, lib/x509_asn1.h: some error
+ codes were renamed to more appropriate names
+
+2002-03-09 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/x509_ASN.c: Patches for the new OpenCDK
+ version and some stricter checks for memory leaks.
+
+2002-03-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, doc/tex/ex3.tex, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_record.c, lib/gnutls_state.c, lib/gnutls_state.h,
+ lib/x509_verify.c, src/common.c: removed GNUTLS_CERT_TRUSTED
+ enumeration
+
+2002-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c: [no log message]
+
+2002-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_record.c:
+ Added protection against denial of service attacks, while receiving
+ empty packets.
+
+2002-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: [no log message]
+
+2002-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: corrected memory leak
+
+2002-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_openpgp.c, lib/gnutls_record.c,
+ lib/gnutls_state.h: Added protection against the newly discovered
+ CBC attacks against TLS. Experimental code.
+
+2002-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/CertificateExample.c, src/CrlExample.c, src/asn1c.c: [no log
+ message]
+
+2002-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: Added references to internet drafts.
+ Added DHE_DSS with ARCFOUR from 56 bit draft.
+
+2002-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/README.autoconf, doc/TODO, doc/tex/alert.tex,
+ doc/tex/asn1.tex, doc/tex/examples.tex, doc/tex/handshake.tex,
+ doc/tex/record.tex: [no log message]
+
+2002-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-extensions-02.txt,
+ doc/protocol/draft-ietf-tls-extensions-03.txt: Added new draft
+
+2002-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/auth_cert.c, lib/gnutls_alert.c,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_gcry.c,
+ lib/gnutls_global.c, lib/gnutls_pk.c, lib/gnutls_privkey.c,
+ lib/gnutls_x509.c, lib/x509_ASN.c, lib/x509_ASN.y, lib/x509_asn1.h,
+ lib/x509_extensions.c, lib/x509_sig_check.c, lib/x509_verify.c:
+ Combined error codes of gnutls and ASN.1 parser. Also several
+ cleanups in the X.509 code.
+
+2002-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/asn1.tex, doc/tex/ciphers.tex,
+ doc/tex/ciphersuites.tex, doc/tex/examples.tex, doc/tex/funcs.tex,
+ doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/record.tex,
+ doc/tex/translayer.tex: [no log message]
+
+2002-03-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/alert.tex, doc/tex/gnutls.tex,
+ doc/tex/translayer.tex: Added alert protocol section
+
+2002-03-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_x509.c,
+ lib/x509_ASN.c, lib/x509_asn1.c, lib/x509_der.c, lib/x509_verify.c:
+ Added the error UNIX_TIME_LIMIT_EXCEEDED, and corrected bugs in
+ X.509 certificate parsing.
+
+2002-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/errors.tex, lib/gnutls.h.in.in: updated
+
+2002-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/auth.tex, doc/tex/ciphersuites.tex,
+ doc/tex/gnutls.tex, doc/tex/handshake.tex, doc/tex/layers.tex,
+ doc/tex/macros.tex, doc/tex/resumedb.tex, doc/tex/translayer.tex:
+ updated documentation
+
+2002-03-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, configure.in, doc/scripts/gdoc, lib/gnutls_cert.c,
+ lib/gnutls_handshake.c, lib/x509_ASN.y, lib/x509_asn1.c,
+ lib/x509_der.c: changes for pretty documentation and cleanups.
+
+2002-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c: pgp_fingerprint indicator is not cleared.
+
+2002-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tls_test.c: [no log message]
+
+2002-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tls_test.c: last minute changes for 0.3.91 release
+
+2002-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in, lib/auth_anon.c, lib/auth_cert.c,
+ lib/auth_dhe.c, lib/auth_srp.c, lib/gnutls_auth.c,
+ lib/gnutls_auth_int.h, lib/gnutls_errors.c, src/cli.c: Added checks
+ in authentication type renegotiation procedure.
+
+2002-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-03-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls_auth.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_state.c, lib/gnutls_state.h: Changed
+ behaviour in rehandshake procedure. Now can use rehandshake with a
+ different authentication method (ie. perform anonymous
+ authentication, and after that perform a certificate authentication,
+ or srp).
+
+2002-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mem.h, lib/gnutls_x509.c: corrected certificate type
+ checking.
+
+2002-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
+ src/cli.gaa, src/common.h, src/crypt.c, src/serv-gaa.c,
+ src/serv-gaa.h, src/serv.c, src/serv.gaa, src/tls_test-gaa.c,
+ src/tls_test.gaa: Updated cli and server to read certificate and
+ keys from command line parameters. client, client-debug and server
+ are now being installed.
+
+2002-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c:
+ Cleanups in gnutls_handshake.c and gnutls_algorithms.c. Now cipher
+ suites get associated with a protocol version. This will allow
+ disabling several ciphersuites which are only defined in TLS 1.0,
+ when using SSL 3.0.
+
+2002-03-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: No extensions are now sent if SSL 3.0 is
+ the only protocol advertized.
+
+2002-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_session.c: added a check in the given parameters for
+ null
+
+2002-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: added session resumption
+ test
+
+2002-02-28 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Changed the interface for the new OpenCDK
+ version.
+
+2002-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli.c, src/cli.gaa, src/serv-gaa.c,
+ src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.c,
+ src/tls_test.gaa: updated gaa files, and client options.
+
+2002-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_state.c, lib/gnutls_state.h,
+ src/tests.c: gnutls_record_set_default_version() was prefixed with
+ underscore, and it is no longer exported.
+
+2002-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_db.c, lib/gnutls_int.h,
+ lib/gnutls_session_pack.c, lib/gnutls_state.c: Corrected session
+ resuming in certificate authentication. gnutls_deinit, does not
+ remove the session entry any more if it is invalid. Added
+ gnutls_db_remove_session() function, which does this.
+
+2002-02-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tls_test-gaa.c, src/tls_test-gaa.h, src/tls_test.gaa: added
+ missing files
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mem.c: removed cycle from gnutls_free and
+ gnutls_secure_free.
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, src/tests.c, src/tests.h, src/tls_test.c: added check for
+ TLS closure alerts
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tests.c, src/tests.h, src/tls_test.c: added openpgp
+ authentication test, and unknown cipher suites test
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_srp.c: Now we do not send the srp username as an
+ extension, if SRP is disabled.
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/tests.c, src/tests.h, src/tls_test.c: added check
+ for client hello extensions.
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli.c, src/tests.c, src/tests.h,
+ src/tls_test.c: Added tls_test. This is program that can be used to
+ test TLS servers' parameters.
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_errors.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_state.c: Added
+ gnutls_record_set_default_version(). This is a low level function.
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: SOCKET_PTR was removed
+
+2002-02-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: corrected record_send() prototype
+
+2002-02-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: updated for fcdump
+
+2002-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2002-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c: added (an impossible situation) check
+
+2002-02-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: [no log message]
+
+2002-02-24 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Fixed a possible buffer overflow.
+
+2002-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/openpgp/Makefile.am: added missing makefile.am
+
+2002-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/serv1.tex, lib/auth_anon.c,
+ lib/auth_anon.h, lib/auth_cert.h, lib/auth_dhe.c,
+ lib/auth_srp_passwd.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
+ lib/gnutls_cert.c, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
+ lib/gnutls_int.h, lib/gnutls_ui.c, src/cli.c, src/serv.c: The Diffie
+ Hellman parameters are now stored in the credentials structures.
+ This will allow precomputation of signatures (for DHE cipher
+ suites).
+
+2002-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, configure.in, lib/gnutls_int.h, lib/gnutls_ui.h,
+ lib/x509_verify.c, src/cli.c: [no log message]
+
+2002-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/common.c, src/serv.c: [no log message]
+
+2002-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/ciphersuites.tex,
+ doc/tex/errors.tex, doc/tex/ex3.tex, doc/tex/gnutls.tex,
+ doc/tex/resumedb.tex: [no log message]
+
+2002-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c: [no log message]
+
+2002-02-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_openpgp.c, lib/gnutls_record.c,
+ lib/gnutls_x509.c, lib/x509_sig_check.c, lib/x509_verify.c: removed
+ GNUTLS_CERT_NONE (replaced by GNUTLS_E_NO_CERTIFICATE_FOUND).
+ removed GNUTLS_CERT_VALID (it's valid if it's not invalid)
+
+2002-02-23 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Bug fixes for
+ _verify_key and basic trust handling for keys.
+
+2002-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/debug.c: [no log message]
+
+2002-02-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: [no log message]
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: [no log message]
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c: includes moved before #ifdef
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2002-02-22 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Added stubs for the case we don't have
+ OpenCDK support.
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex3.tex, lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_x509.c,
+ lib/x509_sig_check.c, lib/x509_verify.c, src/common.c, src/serv.c:
+ Changed certificate verification functions.
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2002-02-22 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Implemented
+ gnutls_certificate_set_openpgp_key_mem. Some basic routines for key
+ ownertrust.
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.h, lib/gnutls.h.in.in, lib/gnutls_cert.c: added
+ trustdb stuff
+
+2002-02-22 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Modified code for the new OpenCDK code.
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: [no log message]
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c: [no log message]
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: moved private cipher suites to 0xFF
+ space.
+
+2002-02-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/layers.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex, lib/gnutls.h.in.in,
+ lib/gnutls_alert.c, lib/gnutls_alert.h, lib/gnutls_algorithms.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_record.c, src/cli.c, src/serv.c: Several alert protocol
+ changes.
+
+2002-02-21 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Fixed return code check for GnuTLS
+ functions.
+
+2002-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c: [no log message]
+
+2002-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_openpgp.c: set_key_server renamed
+ to set_keyserver
+
+2002-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, NEWS, doc/tex/ex1.tex, doc/tex/serv1.tex, lib/debug.c,
+ lib/debug.h, lib/gnutls.h.in.in, lib/gnutls_alert.c, src/cli.c:
+ Added gnutls_alert_str (allows printing alert number descriptions)
+
+2002-02-21 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Fixed a segfault in the OpenPGP code.
+
+2002-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: Updated the openpgp certificate message,
+ fingerprint handling.
+
+2002-02-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.gaa, src/common.c,
+ src/common.h, src/serv-gaa.c, src/serv-gaa.h, src/serv.gaa: [no log
+ message]
+
+2002-02-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: some fixes in verification procedure
+
+2002-02-19 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/.cvsignore, lib/gnutls_cert.h, lib/gnutls_errors_int.h,
+ lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Applied the patches to
+ fix the GDOC problem. Some bug fixes all over the place and the
+ implementation of some function stubs.
+
+2002-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex3.tex, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+ lib/gnutls_int.h, lib/gnutls_x509.c, lib/x509_sig_check.c,
+ src/common.c: removed CERT_CORRUPTED
+
+2002-02-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c: openpgp fingerprint is calculated dynamically.
+
+2002-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h, lib/gnutls.h.in.in: Added some
+ support the OpenPGP Certificate message, with key fingerprints.
+
+2002-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_int.h,
+ lib/gnutls_state.c, lib/gnutls_state.h, src/cli-gaa.c,
+ src/cli-gaa.h, src/cli.c, src/cli.gaa, src/common.c: Added some
+ stuff for the client to send the OpenPGP fingerprint.
+
+2002-02-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cover.tex.in: [no log message]
+
+2002-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_pk.c: Corrected bug in RSA
+ authentication, responsible for random (very very rare, and
+ difficult to reproduce) failures.
+
+2002-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509_verify.c: [no log message]
+
+2002-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c, lib/x509_verify.c: Improved X.509 verification
+ functions. They are still too primitive.
+
+2002-02-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_dh.c: [no log message]
+
+2002-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c: Some cleanups.
+
+2002-02-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphersuites.tex, doc/tex/layers.tex:
+ [no log message]
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/errors.tex, doc/tex/ex1.tex,
+ doc/tex/ex2.tex, doc/tex/layers.tex, doc/tex/serv1.tex,
+ doc/tex/srp1.tex, lib/gnutls.h.in.in, lib/gnutls_record.c,
+ src/cli.c, src/serv.c: [no log message]
+
+2002-02-15 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Fixed some memory leaks. Code to handle
+ ElGamal keys. Some minor bug fixes.
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_record.c: renamed gnutls_read to
+ gnutls_record_read and gnutls_write to gnutls_record_write.
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ciphersuites.tex,
+ doc/tex/cover.tex.in, doc/tex/errors.tex, doc/tex/ex1.tex,
+ doc/tex/ex2.tex, doc/tex/gnutls.tex, doc/tex/layers.ps,
+ doc/tex/layers.tex, doc/tex/serv1.tex, doc/tex/srp1.tex: Added TLS
+ Layers section.
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/serv-gaa.c, src/serv.gaa: updated client and server
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-00.txt: removed
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_extensions.c,
+ lib/gnutls_extensions.h, lib/gnutls_record.c: Extension types now
+ use a 16 bit type field (following the current draft). Some fixes
+ in the max record size extension.
+
+2002-02-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
+ doc/tex/serv1.tex: [no log message]
+
+2002-02-14 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Basic HKP keyserver
+ support. Function to retrieve the key from the keyring by keyid,
+ fingerprint.
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/x509_verify.c: Verification function
+ returns the GNUTLS_CERT_VALID flag.
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog, doc/tex/ex3.tex, doc/tex/serv1.tex: [no log message]
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_passwd.c, lib/gnutls_int.h, lib/gnutls_srp.c,
+ lib/gnutls_ui.h: Changed srp callback function parameters.
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh_primes.c, src/serv.c: Corrected bugs in prime
+ generation.
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli.c, src/common.c, src/serv-gaa.c,
+ src/serv-gaa.h, src/serv.c, src/serv.gaa: Server updated. Now
+ command line parameters are available.
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli.c, src/cli.gaa: [no log message]
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/x509_ASN.c: [no log message]
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli-gaa.c, src/cli-gaa.h, src/cli.c, src/cli.gaa,
+ src/common.c: Updated client
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_kx.c, lib/gnutls_record.c: Direct access to version field
+ in the state was replaced by the function
+ gnutls_protocol_get_version().
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c: Corrected bugs in RSA authentication. Random value
+ is not generated using the GNUTLS_STRONG_RANDOM flag, and fixed
+ client key exchange packet formating, to depend on the correct
+ version.
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in.in: [no log message]
+
+2002-02-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/x509_sig_check.c, lib/x509_verify.c: Added
+ GNUTLS_CERT_INVALID and GNUTLS_CERT_VALID of CertificateStatus
+ flags, which replace GNUTLS_CERT_NOT_TRUSTED.
+
+2002-02-13 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/x509_ASN.y: bug fix with bison 1.32
+
+2002-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_anon.h, lib/auth_cert.h,
+ lib/auth_dhe.c, lib/gnutls.h.in.in, lib/gnutls_dh.c,
+ lib/gnutls_dh.h, lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_state.c,
+ lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h, src/cli.c,
+ src/common.c, src/serv.c: Added more functions to allow access to
+ Diffie Hellman parameters (partially at least). Corrected Diffie
+ Hellman stuff.
+
+2002-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex: [no log message]
+
+2002-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2002-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli-gaa.c, src/cli-gaa.h, src/cli.c,
+ src/cli.gaa: Made most ifdefs in client program, configurable via
+ command line.
+
+2002-02-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c: It does not send the cert_type extension if
+ only x.509 certificates are used.
+
+2002-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex3.tex, doc/tex/serv1.tex: Corrected
+ bugs in examples.
+
+2002-02-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: Priority cannot be set if not using the
+ OPENCDK library.
+
+2002-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphersuites.tex, doc/tex/cover.tex.in,
+ doc/tex/gnutls.tex: Updated documentation.
+
+2002-02-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/openpgp/cli_pub.asc, src/openpgp/cli_sec.asc: Added
+ new client pgp keys and a keyring
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsusers, ChangeLog: [no log message]
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_passwd.c: [no log message]
+
+2002-02-10 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: High level support for
+ OpenPGP keyrings.
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * ChangeLog: Added ChangeLog [generated by CVS log]
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: [no log message]
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.c: [no log message]
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: [no log message]
+
+2002-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: [no log message]
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/common.c, src/serv.c: [no log message]
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c: [no log message]
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c: Added
+ gnutls_certificate_type_get_name() function.
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
+ lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_ui.h: [no log
+ message]
+
+2002-02-09 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: * Applied the fixed for the memory leaks.
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: [no log message]
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
+ lib/auth_srp_passwd.h, lib/gnutls_cert.c, lib/gnutls_int.h,
+ lib/gnutls_srp.c, lib/gnutls_srp.h, lib/gnutls_ui.h,
+ lib/gnutls_x509.c: Added ability for an SRP server to use multiple
+ password files. The password file is selected on the fly (handshake)
+ using a callback function.
+
+2002-02-09 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/auth_cert.h, lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * auth_cert.h: Added OpenPGP keyring item. * gnutls_openpgp.c: Improved support for keyring handling.
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c: Some fixes in ciphertext2compressed handling
+
+2002-02-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h: Removed the GNUTLS_E_MAC_FAILED error. Now
+ only GNUTLS_E_DECRYPTION_FAILED error is used. That we don't leak
+ any information about the result of a possible attack.
+
+2002-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls_cert.c, lib/gnutls_openpgp.h: Added LIBOPENCDK ifdefs
+ (suggested by Andrew McDonald)
+
+2002-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_ASN.c: Added bison generated file
+
+2002-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: [no log message]
+
+2002-02-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: changed the
+ introduction (again)
+
+2002-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: [no log message]
+
+2002-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, src/cli.c, src/openpgp/cli_pub.asc,
+ src/openpgp/cli_sec.asc: Corrected behaviour of client openpgp
+ certificate selection.
+
+2002-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.c: [no log message]
+
+2002-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c, lib/gnutls_ui.h: removed
+ gnutls_certificate_get_ours_index()
+
+2002-02-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_asn1_tab.c, lib/pkcs1_asn1_tab.c: Added asn1 file
+
+2002-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_ui.h, lib/gnutls_x509.c: Modified
+ gnutls_x509_extract_subject_alt_name() to return the type, instead
+ of storing it to a pointer.
+
+2002-02-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, lib/x509_extensions.c: Added function which
+ returns the subjectAltName (subject_dns_name was obsoleted).
+
+2002-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS: added Timo
+
+2002-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: [no log message]
+
+2002-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypt_bcrypt.c, lib/gnutls_cert.c, lib/gnutls_num.c,
+ lib/gnutls_num.h, lib/x509_extensions.c, src/common.c: [no log
+ message]
+
+2002-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_verify.c: Changed the X.509 certificate verification
+ algorithm. Now if any of the certificates in the certificate path is
+ expired (except the first one), we return GNUTLS_CERT_NOT_TRUSTED.
+
+2002-02-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.h: [no log message]
+
+2002-02-05 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: Changes the function
+ name to make clear OpenPGP uses keys and not certificates like
+ X.509.
+
+2002-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_ui.h, src/common.c: Changes for
+ gnutls_openpgp_name structure
+
+2002-02-04 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h, lib/gnutls_ui.h: Now
+ OpenPGP uses its own context for DN.
+
+2002-02-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: More fixes for the GnuTLS OpenPGP code.
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex3.tex, lib/gnutls.h.in.in, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, src/common.c: renamed the gnutls_dn structure to
+ gnutls_x509_dn
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/common.c, src/common.h: made the print_info
+ stuff much cleaner.
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c: some changes in gnutls_cert handling
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.h: keyUsage is now 16 bits
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, src/common.h: [no log message]
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.h: [no log message]
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex3.tex, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_cert.h, lib/auth_dhe.c, lib/auth_rsa.c,
+ lib/gnutls_alert.c, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, lib/gnutls_x509.c, lib/x509_verify.c,
+ lib/x509_verify.h, src/cli.c, src/common.h, src/serv.c: Added
+ OpenPGP certificate support in gnutls. Several changes.
+
+2002-02-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * gnutls_openpgp.c (_gnutls_openpgp_cert2gnutls_cert): New. Set the
+ keyUsage flag to indicate what the key is useful for.
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.h: [no log message]
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_ui.h: Exported openpgp keys'
+ related functions.
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_state.c,
+ lib/gnutls_state.h: Moved functions unrelated to record layer to
+ gnutls_state.c
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: several modifications for cert_type extension
+ etc
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_priority.c, lib/gnutls_priority.h:
+ Added option to set the cert_type priority.
+
+2002-02-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: * Applied the patch and minor changes. * Now it's also possible to use binary certificates.
+
+2002-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_cert_type.c, lib/ext_cert_type.h: Added stuff for parsing
+ the CertType extension type.
+
+2002-02-03 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: * gnutls_openpgp.c: Fixed some memory leaks.
+
+2002-02-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_ui.c: renamed gnutls_fingerprint()
+ to gnutls_x509_fingerprint().
+
+2002-02-02 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * gnutls_openpgp.c: Now all functions use gnutls_datum. Change the
+ function headers of internal functions.
+
+2002-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/gnutls_openpgp.c,
+ src/Makefile.am: Added gnutls_openpgp in the makefiles. Added some
+ kind of opencdk library detection.
+
+2002-02-01 Timo Schulz <twoaday@gnutls.org>
+
+ * src/openpgp/pub.asc, src/openpgp/sec.asc: New files for OpenPGP
+ tests.
+
+2002-02-01 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c, lib/gnutls_openpgp.h: * gnutls_openpgp.c: Added gdoc compatible function descriptions. (gnutls_openpgp_add_fingerprint): New function to register keyrings.
+
+2002-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_x509.h: added new header file
+
+2002-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
+ doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/serv1.tex, lib/Makefile.am, lib/auth_cert.c,
+ lib/auth_cert.h, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_int_compat.c,
+ lib/gnutls_session_pack.c, lib/gnutls_ui.h, lib/gnutls_x509.c,
+ lib/x509_extensions.c, src/cli.c, src/common.h, src/serv.c: Several
+ changes in certificate and key handling. * gnutls_certificate_allocate_sc() does not require the ncerts
+ argument
+
+2002-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, doc/protocol/draft-ietf-tls-openpgp-keys-01.txt,
+ doc/tex/ex3.tex, lib/Makefile.am, lib/auth_cert.c, lib/debug.c,
+ lib/gnutls.h.in.in, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_state.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ lib/gnutls_x509.c, src/cli.c, src/common.h: Renamed
+ gnutls_x509pki_extract_* to gnutls_x509_extract_*. Separated
+ gnutls_x509_extract_* functions. Now are in gnutls_x509.c.
+
+2002-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_asn1.c, lib/x509_der.c: corrected _gnutls_str_cpy()
+ usage.
+
+2002-01-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: [no log message]
+
+2002-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: updated
+
+2002-01-30 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Fixed some memory leaks.
+
+2002-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: updated candidate
+ draft
+
+2002-01-29 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_openpgp.c: Fixed a typo.
+
+2002-01-29 Timo Schulz <twoaday@gnutls.org>
+
+ * lib/gnutls_cert.h, lib/gnutls_openpgp.c, lib/gnutls_openpgp.h:
+ Basic GnuTLS OpenPGP support.
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/ex3.tex, src/common.h: updated for
+ gnutls_certificate_get_peers()
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c, lib/gnutls_ui.h: Added
+ gnutls_certificate_get_peers() Added gnutls_certificate_get_ours()
+ Added gnutls_certificate_get_ours_index()
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/gnutls.h.in.in, lib/gnutls_cert.h,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_record.h,
+ lib/gnutls_state.c, lib/gnutls_state.h: CertificateType is now
+ accesible from the API.
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: corrected bug in certificate selection.
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_state.c, lib/gnutls_state.h: Added this
+ gnutls_state.c/h files. Are added in order to access some of the
+ GNUTLS_STATE structures members, indirectly. It's not possible to
+ move all the members of this structure here, yet, but it is
+ desirable.
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am: [no log message]
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_cert.c, lib/gnutls_cert.c,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_ui.h: Modified the
+ state's parameters to hold the negotiated certificate type. Modified
+ the certificate selection procedure to take the certificate type in
+ account, when choosing the most appropriate certificate.
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/serv1.tex, lib/auth_cert.c, lib/gnutls.h.in.in,
+ lib/gnutls_int.h, lib/x509_sig_check.c, src/cli.c, src/common.h,
+ src/serv.c: Added in CertificateStatus: GNUTLS_CERT_CORRUPTED (replaces GNUTLS_CERT_INVALID) GNUTLS_CERT_REVOKED
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_cert.c:
+ gnutls_x509pki_allocate_sc() renamed to
+ gnutls_certificate_allocate_sc() and similar functions too. They
+ share too common properties with OpenPGP certificates, that it is
+ not needed a separate function.
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c, lib/gnutls_ui.h: Updated function names.
+
+2002-01-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_cert.c, lib/auth_cert.h: Separated X509 specific stuff in
+ the CERTIFICATE_CREDENTIALS structure.
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.asn: Removed fake OID.
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am: better ChangeLog output
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c, src/cli.c, src/serv.c: Identified a race
+ condition in the example client. If application data is sent after
+ a rehandshake request, the server thinks we ignored his request, and
+ breaks the connection. This is a bad design of this client.
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_datum.c: minor fixes
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: changed some buffering code, to use the
+ cleaner gnutls_datum_append(). Leads to a much cleaner code.
+
+2002-01-28 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/x509_ASN.y: Modules without OID
+
+2002-01-28 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/x509_der.c: gnutls_str_... functions substitution
+
+2002-01-28 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/x509_asn1.c: _gnutls_str_... functions substitution
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_datum.c, lib/gnutls_datum.h: added
+ gnutls_datum_append()
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_cert.h, lib/x509_sig_check.c:
+ signature is now a gnutls_datum
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex, lib/Makefile.am,
+ lib/auth_anon.c, lib/auth_cert.c, lib/auth_cert.h, lib/auth_dhe.c,
+ lib/auth_rsa.c, lib/auth_srp.c, lib/auth_srp_passwd.c,
+ lib/auth_x509.c, lib/auth_x509.h, lib/debug.c, lib/ext_srp.c,
+ lib/gnutls.h.in.in, lib/gnutls_algorithms.c, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_privkey.c,
+ lib/gnutls_session_pack.c, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, lib/x509_sig_check.c, src/cli.c,
+ src/common.h, src/serv.c: GNUTLS_X509PKI -> GNUTLS_CRD_X509PKI
+ GNUTLS_SRP -> GNUTLS_CRD_SRP GNUTLS_ANON -> GNUTLS_CRD_ANON
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/auth_x509.c, lib/gnutls_int.h, src/cli.c: [no log
+ message]
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c: corrected and optimized handshake.
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int_compat.c: not used by default
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe.c, lib/auth_x509.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_record.c: Added
+ ability of the client to choose a certificate depending on the
+ server's sign algorithm preference. Added CertType in gnutls_cert
+ structure (which identified X509, OPENPGP certificates)
+
+2002-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c: Optimizations in the handshake messages
+ hashing. (no more mallocs)
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_int.h,
+ lib/x509_b64.c, lib/x509_extensions.c, lib/x509_sig_check.c,
+ src/cli.c, src/serv.c: cleanups
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_gcry.c, lib/gnutls_gcry.h, lib/gnutls_pk.c: corrected
+ bug in DSA signing.
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: corrected bug in file read
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_x509.c, lib/auth_x509.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_v2_compat.c: Added support to select a certificate based
+ on the peer's cipher suite list. (ie if DSS cipher suites are
+ requested and a DSA certificate is available, then this will be
+ used)
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-keys-01.txt: Added an updated
+ version of the submited draft
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/x509/Makefile.am: [no log message]
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe.c, lib/auth_dhe_dss.c, lib/auth_dhe_dss.h,
+ lib/auth_dhe_rsa.c, src/x509/cert-dsa.pem, src/x509/key-dsa.pem:
+ added missing files
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/gnutls_algorithms.c,
+ lib/gnutls_cert.c, lib/gnutls_int.h, lib/gnutls_sig.c, src/cli.c,
+ src/serv.c: added support for DHE_DSS cipher suites.
+
+2002-01-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/asn1.tex, lib/auth_dhe_rsa.c, lib/auth_rsa.c,
+ lib/auth_x509.c, lib/gnutls.asn, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_gcry.c, lib/gnutls_gcry.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_privkey.c,
+ lib/gnutls_sig.c, lib/x509_sig_check.c, src/cli.c: added support for
+ DSS certificates.
+
+2002-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_x509.c, lib/ext_max_record.c,
+ lib/gnutls.asn, lib/gnutls_buffers.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_extensions.c, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_privkey.c, lib/gnutls_privkey.h,
+ lib/gnutls_sig.c, lib/pkcs1.asn, lib/pkix.asn, lib/x509_sig_check.c:
+ Added stuff for DSS certificates (not ready yet)
+
+2002-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/x509/Makefile.am, src/x509/ca.pem, src/x509/cert.pem,
+ src/x509/clicert-dsa.pem, src/x509/clicert.pem,
+ src/x509/clikey-dsa.pem, src/x509/clikey.pem, src/x509/key.pem:
+ added new DSA certificates..
+
+2002-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acinclude.m4, lib/auth_srp_passwd.c, lib/gnutls.h.in.in,
+ lib/gnutls_buffers.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_record.c: [no log message]
+
+2002-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_str.c, lib/gnutls_str.h: added _gnutls_mem_cpy()
+
+2002-01-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_asn1.c, lib/x509_der.c: Added checks after malloc for
+ null.
+
+2002-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex3.tex, doc/tex/serv1.tex, lib/auth_x509.c,
+ lib/gnutls.h.in.in, lib/gnutls_int_compat.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, src/common.h, src/serv.c: gnutls_*_get_algo()
+ renamed to gnutls_*_get() (suggested by Simon Josefsson)
+
+2002-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c, lib/gnutls_int.h: [no log message]
+
+2002-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2002-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_extensions.c, lib/gnutls_int.h, lib/gnutls_int_compat.c,
+ src/cli.c: added check for requested TLS extensions
+
+2002-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_int_compat.c: [no log message]
+
+2002-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls.h.in.in, lib/gnutls_buffers.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_sig.h: Handshake
+ messages are not kept in memory any more. Now we use less memory
+ during a handshake.
+
+2002-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: [no log message]
+
+2002-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_random.c: added an #error
+
+2002-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_int.h, lib/gnutls_kx.c:
+ GNUTLS_A_NETSCAPE_NO_CLIENT_CERTIFICATE ->
+ GNUTLS_A_SSL3_NO_CERTIFICATE
+
+2002-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-openpgp-01.txt,
+ doc/protocol/draft-ietf-tls-openpgp-keys-00.txt: added our openpgp
+ draft
+
+2002-01-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/gnutls_alert.c, lib/gnutls_buffers.c,
+ lib/gnutls_constate.c, lib/gnutls_errors.h,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
+ lib/gnutls_record.c, lib/gnutls_ui.h, lib/gnutls_v2_compat.c: added
+ _gnutls_record_log(), gnutls_handshake_log(), to avoid that #ifdef
+ XXX stuff. Done some cleanups in record layer.
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_str.c: [no log message]
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/Makefile.am, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/crypt_srpsha1.c, lib/gnutls_cert.c,
+ lib/gnutls_str.c, lib/gnutls_str.h, lib/x509_extensions.c,
+ lib/x509_sig_check.c, lib/x509_verify.c: Added a minimal string
+ library to assist in safer ASN.1 parsing
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/common.h: in server side now prints srp username
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.c, lib/crypt_bcrypt.c, lib/crypt_srpsha1.c,
+ lib/debug.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
+ lib/gnutls_global.c, lib/x509_b64.c, lib/x509_extensions.c,
+ lib/x509_sig_check.c, lib/x509_verify.c: Some corrections done (
+ found by using flawfinder). Added several tags for flawfinder to
+ ignore.
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: added string library
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/scripts/gdoc, lib/auth_x509.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/x509_extensions.c, lib/x509_sig_check.c: cleanups
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: more cleanups in the recv_int() function
+
+2002-01-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c: corrected behaviour against PKCS-1 attacks. (it
+ seems that debugging code has made it to release)
+
+2002-01-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: Made recv_int() cleaner (needs a lot of
+ improvement)
+
+2002-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/errors.tex, lib/gnutls_handshake.c, lib/gnutls_record.c,
+ src/cli.c, src/serv.c: Now a server in a case of rehandshake can
+ continue normaly if the handshake request is ignored by the client.
+
+2002-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: corrected gnutls_alert_send() prototype.
+
+2002-01-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2002-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_anon.h, lib/auth_dhe_rsa.c,
+ lib/auth_srp.c, lib/auth_x509.c, lib/gnutls_algorithms.c,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
+ lib/gnutls_int.h: updated auth info structures handling. Corrected
+ bug in DHE_RSA.
+
+2002-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: corrected bug introduced in the buffering
+ code update
+
+2002-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c: [no log message]
+
+2002-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/ex3.tex, lib/auth_anon.c,
+ lib/auth_dhe_rsa.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
+ lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_int.h,
+ lib/gnutls_int_compat.c, lib/gnutls_record.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, src/common.h, src/serv.c: Combined
+ gnutls_x509pki_(set/get)_dh_bits() and gnutls_anon_server/client_get
+ to gnutls_dh_(set/get)_bits(). gnutls_anon_set_server_cred() was
+ deprecated by gnutls_dh_set_bits().
+
+2002-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: gnutls_x509pki_set_trust_(file/mem) can now be
+ called multiple times
+
+2002-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore: [no log message]
+
+2002-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-freier-ssl-version3-02.txt,
+ doc/protocol/ssl-2.txt, doc/protocol/ssl-draft302.txt,
+ doc/protocol/ssl-version2.txt: [no log message]
+
+2002-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/rfc2440.txt: added openpgp rfc
+
+2002-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/ex3.tex, doc/tex/serv1.tex,
+ lib/Makefile.am, lib/auth_srp_passwd.h, lib/auth_x509.c,
+ lib/debug.c, lib/gnutls.h.in.in, lib/gnutls_alert.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_db.c,
+ lib/gnutls_db.h, lib/gnutls_dh.h, lib/gnutls_dh_primes.c,
+ lib/gnutls_errors.c, lib/gnutls_global.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ lib/x509_ASN.y, src/cli.c, src/common.h, src/serv.c: several
+ cleanups in order to move to gnutls 0.4.0
+
+2002-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int_compat.c: added file to hold functions for
+ backwards binary compatibility.
+
+2002-01-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_ui.h, lib/x509_b64.c: cleanups
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex3.tex, lib/auth_dhe_rsa.c,
+ lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h, src/common.h,
+ src/serv.c: Renamed gnutls_x509pki_s/get_dh_bits() to
+ gnutls_dh_s/get_dhe_bits(). Renamed
+ gnutls_anon_server/client_get_dh_bits() to gnutls_dh_get_dha_bits().
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/auth.tex, doc/tex/ex1.tex, doc/tex/ex2.tex,
+ doc/tex/ex3.tex, lib/gnutls_algorithms.c, lib/gnutls_int.h: Key
+ exchange methods changed so they do not depend on the Certificate
+ type (GNUTLS_KX_X509PKI_* renamed to GNUTLS_KX_*).
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_sb64.c, lib/gnutls.h.in.in, lib/gnutls_algorithms.c,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_sig.c: changes in buffering code
+ (actually variables' names are more rational now).
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/gnutls.tex,
+ doc/tex/macros.tex, doc/tex/resumedb.tex, doc/tex/translayer.tex:
+ [no log message]
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: corrected library interface numbers
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, doc/tex/Makefile.am, doc/tex/ciphersuites.tex,
+ doc/tex/cover.tex.in, doc/tex/gnutls-logo.ps, doc/tex/gnutls.tex:
+ updated documentation
+
+2002-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_sb64.c, lib/gnutls_handshake.c, lib/gnutls_random.c,
+ src/crypt.c: fixed bugs reported (with patches) by Marc Huber and
+ Guillaume Morin.
+
+2002-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, lib/gnutls.h.in.in, lib/gnutls_cert.c,
+ lib/x509_b64.c, lib/x509_b64.h: Added gnutls_x509pki_set_trust_mem()
+ and gnutls_x509pki_set_key_mem()
+
+2002-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2002-01-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_alert.h, lib/gnutls_int.h, lib/gnutls_record.c: better
+ length checking in the record layer.
+
+2002-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-extensions-01.txt,
+ doc/protocol/draft-ietf-tls-extensions-02.txt: new extensions draft
+
+2002-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.tex: [no log message]
+
+2002-01-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/gnutls.tex, lib/auth_x509.c: added
+ gnutls_x509pki_verify_certificate()
+
+2002-01-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: renamed DigestAlgorithm to GNUTLS_DigestAlgorithm
+ (in order to be consistent with gnutls.h)
+
+2002-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutls.m4: corrected the temp file name
+
+2002-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/cover.tex.in, doc/tex/errors.tex, lib/Makefile.am,
+ lib/gnutls_errors.c: last minute changes for 0.3.2 release
+
+2002-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_ui.h, lib/x509_b64.c: renamed gnutls_b64_encode()
+ to gnutls_b64_encode_fmt()
+
+2002-01-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_ui.h, lib/x509_b64.c: Added gnutls_b64_encode()
+ and gnutls_b64_decode()
+
+2002-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/.cvsignore, doc/tex/.cvsignore: [no log message]
+
+2002-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/translayer.tex: updated documentation
+
+2002-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex3.tex, src/common.h: updated documentation
+
+2002-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_rsa.c, lib/gnutls_auth.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_priority.c, lib/gnutls_record.c, lib/gnutls_record.h:
+ Cleanups
+
+2002-01-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_alert.c, lib/gnutls_alert.h: separated
+ alert protocol functions
+
+2002-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_rsa.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_record.c: corrected behaviour in version advertizing
+
+2002-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutls.m4: now removes the temp file
+
+2002-01-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: check_version() updated
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_int.h: [no log message]
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypt_srpsha1.c, lib/gnutls.h.in.in, lib/gnutls_auth.c,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_int.h, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_ui.c, lib/x509_sig_check.c: cleanups
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_x509.c, lib/gnutls.h.in.in,
+ lib/gnutls_algorithms.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ src/cli.c, src/common.h, src/serv.c: Added
+ gnutls_x509pki_extract_certificate_serial() and some cleanups.
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: more error checking
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_ui.c: [no log message]
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in: prefixed all variable with GNUTLS_
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: added support for calling global_init()
+ several times.
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: added static variable to check if
+ global_init() is called for a second time.
+
+2002-01-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, README, lib/crypt_srpsha1.c, lib/gnutls.h.in.in,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
+ lib/gnutls_sig.c, lib/gnutls_srp.c, lib/gnutls_ui.c,
+ lib/x509_sig_check.c, src/cli.c: Cleanups in the digest code
+ (separated from HMAC). Added gnutls_fingerprint_calc(), which
+ calculates a fingerprint.
+
+2001-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am: added PGPKEYS
+
+2001-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.CVS: updated
+
+2001-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_x509.c: corrected bug which did not allow a client
+ to accept multiple CA distinguished names.
+
+2001-12-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/README.srpcrypt: updated
+
+2001-12-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_buffers.c: [no log message]
+
+2001-12-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: some corrections in documentation
+
+2001-12-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: releasing 0.3.0
+
+2001-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_ASN.y, lib/x509_asn1.c, lib/x509_der.c: cleaned up and
+ fixed ASN.1 documentation.
+
+2001-12-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: corrected in order not to complain if func(void)
+ is used.
+
+2001-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls.h.in.in: cleanups
+
+2001-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/serv1.tex,
+ doc/tex/srp1.tex, lib/auth_anon.h, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_x509.c, lib/auth_x509.h,
+ lib/ext_srp.c, lib/gnutls.h.in.in, lib/gnutls_anon_cred.c,
+ lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_global.h,
+ lib/gnutls_handshake.c, lib/gnutls_sig.c, lib/gnutls_srp.c,
+ lib/gnutls_ui.h, src/cli.c, src/serv.c: some cleanups. *_CREDENTIALS
+ renamed to GNUTLS_*_CREDENTIALS. Added defines to keep source
+ compatibility.
+
+2001-12-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c: corrected bugs in AUTH_INFO allocation
+
+2001-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in.in, lib/gnutls_algorithms.c, lib/gnutls_int.h:
+ cleanups
+
+2001-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, configure.in, lib/Makefile.am, lib/gnutls.h.in,
+ lib/gnutls.h.in.in, lib/gnutls_buffers.c, lib/gnutls_int.h:
+ corrections in the configuration files.
+
+2001-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: some corrections in assembler detection. Also chmod
+ -w gnutls.h was removed.
+
+2001-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
+ lib/gnutls_record.c: Corrections for big endian machines. Pointed
+ out by Mike Siers <mikes@poliac.com>
+
+2001-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ciphersuites.tex, doc/tex/ex1.tex, doc/tex/ex2.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex, lib/gnutls.h.in,
+ lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_record.c, lib/gnutls_session.c, src/cli.c, src/serv.c:
+ cleanups and documentation updates
+
+2001-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2001-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_srp.c, lib/gnutls_record.c,
+ lib/gnutls_session_pack.c, src/cli.c: corrections in SRP and ANON
+ authentication. Also corrections in the session packing for
+ anonymous auth info.
+
+2001-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/serv1.tex,
+ doc/tex/srp1.tex, lib/gnutls.h.in, lib/gnutls_kx.c,
+ lib/gnutls_record.c, lib/gnutls_record.h, src/cli.c, src/serv.c:
+ *_alert -> alert_*
+
+2001-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex, lib/auth_anon.c,
+ lib/auth_dhe_rsa.c, lib/auth_srp.c, lib/auth_x509.c,
+ lib/gnutls.h.in, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, src/cli.c, src/serv.c: gnutls_set_max_record_size
+ -> gnutls_record_set_max_size gnutls_get_max_record_size ->
+ gnutls_record_get_max_size gnutls_set_cred -> gnutls_cred_set
+ gnutls_get_auth_type -> gnutls_auth_get_type
+
+2001-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphers.tex, doc/tex/ciphersuites.tex,
+ doc/tex/errors.tex, doc/tex/gnutls.tex, doc/tex/macros.tex,
+ doc/tex/resumedb.tex, doc/tex/translayer.tex,
+ lib/gnutls_handshake.c: documentation updated
+
+2001-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_db.c, lib/gnutls_record.c: changed
+ function names
+
+2001-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.tex, doc/tex/macros.tex, doc/tex/resumedb.tex,
+ doc/tex/translayer.tex: fixes in documentation
+
+2001-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/ASN1.readme.txt, doc/Makefile.am: removed ASN1.readme.txt
+
+2001-12-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-12-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsusers, lib/gnutls.h.in, lib/gnutls_srp.c, src/serv.c: [no log
+ message]
+
+2001-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, buildconf, doc/README.autoconf, doc/tex/ex1.tex,
+ doc/tex/ex2.tex, doc/tex/gnutls.tex, doc/tex/serv1.tex,
+ lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_int.h, src/cli.c,
+ src/serv.c: renamed gnutls_x509pki_set_trust/key to
+ gnutls_x509pki_set_trust_file/key_file
+
+2001-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.c, lib/gnutls.h.in, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_int.h: some corrections in the
+ DECR_LEN stuff added recently.
+
+2001-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/README.autoconf, doc/tex/Makefile.am,
+ doc/tex/errors.tex, doc/tex/gnutls.tex, lib/auth_x509.c: updated
+ documentation
+
+2001-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe_rsa.c, lib/auth_srp.c,
+ lib/auth_x509.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c:
+ More carefull parsing of incoming packets.
+
+2001-12-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/translayer.tex: [no log message]
+
+2001-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, lib/gnutls_int.h, lib/gnutls_pk.c: [no log message]
+
+2001-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: several cleanups
+
+2001-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_gcry.c, lib/gnutls_gcry.h: corrected bugs in STD
+ formating (back to USG).
+
+2001-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * COPYING: [no log message]
+
+2001-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2001-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_int.h: last commits for 0.2.91
+
+2001-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/auth_anon.c, lib/auth_rsa.c, lib/gnutls_constate.c,
+ lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_mem.c, lib/gnutls_mem.h, lib/gnutls_record.c:
+ optimizations and fixes in the TLS PRF calculation (and the SSL3
+ equivalent)
+
+2001-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2001-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex: [no log message]
+
+2001-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphers.tex: updated documentation
+
+2001-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_anon_cred.c: fixed gnutls_anon_free_client_sc()
+
+2001-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/auth.tex, lib/auth_anon.h, lib/gnutls.h.in,
+ lib/gnutls_anon_cred.c, lib/gnutls_auth.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, src/cli.c: Fixes in anonymous authentication.
+ Fixes in client ciphersuite selection.
+
+2001-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/gnutls_cert.c: GET_CN() now works. (affects debug
+ mode only)
+
+2001-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/.cvsignore, src/Makefile.am, src/README.crypt,
+ src/README.srpcrypt: crypt -> srpcrypt
+
+2001-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_x509.c, lib/auth_x509.h, lib/gnutls_cert.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h:
+ Optimizations in server certificate callback.
+
+2001-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in, lib/gnutls_db.c, lib/gnutls_int.h,
+ lib/gnutls_record.c: added gnutls_transport_get_ptr() and
+ gnutls_db_get_ptr() functions.
+
+2001-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_x509.c, lib/ext_dnsname.c,
+ lib/ext_dnsname.h, lib/gnutls.h.in, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, src/cli.c, src/serv.c: remove dnsname
+ (name_ind) extension
+
+2001-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe_dss.c, lib/auth_dhe_rsa.c,
+ lib/auth_srp.c, lib/auth_srp_passwd.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_dh_primes.c, lib/gnutls_gcry.c,
+ lib/gnutls_gcry.h, lib/gnutls_int.h, lib/gnutls_pk.c,
+ lib/gnutls_privkey.c, lib/gnutls_srp.c, lib/x509_extensions.c:
+ Cleanups. Now use GCRYMPI_FMT_STD instead of USG.
+
+2001-12-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: [no log message]
+
+2001-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/.cvsignore: [no log message]
+
+2001-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/auth.tex, doc/tex/ciphers.tex: added missing files
+
+2001-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/ciphersuites.tex,
+ doc/tex/gnutls.tex, doc/tex/resumedb.tex, doc/tex/translayer.tex,
+ lib/.cvsignore: updated documentation
+
+2001-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.c, lib/gnutls_int.h, lib/gnutls_ui.h: callbacks now
+ get a GNUTLS_STATE argument.
+
+2001-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphersuites.tex, doc/tex/ex1.tex, doc/tex/ex2.tex,
+ doc/tex/ex3.tex, doc/tex/serv1.tex, doc/tex/srp1.tex,
+ lib/auth_x509.c, lib/gnutls.h.in, lib/gnutls_algorithms.c,
+ lib/gnutls_cert.c, lib/gnutls_int.h, src/cli.c, src/serv.c:
+ GNUTLS_KX_RSA renamed to GNUTLS_KX_X509PKI_RSA (and the other X509
+ key exchange methods). This will allow GNUTLS_KX_PGP_RSA etc.
+
+2001-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/ex1.tex, doc/tex/ex2.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex, lib/defines.h,
+ lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, lib/gnutls_record.c, src/cli.c, src/serv.c:
+ GNUTLS_LIST is now int*
+
+2001-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/serv1.tex,
+ doc/tex/srp1.tex, lib/debug.c, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_compress_int.c,
+ lib/gnutls_constate.c, lib/gnutls_errors_int.h,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_record.c, lib/gnutls_v2_compat.c, src/cli.c, src/serv.c:
+ cleanups again
+
+2001-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_ASN.y, lib/x509_asn1.c, lib/x509_asn1.h, lib/x509_der.c,
+ lib/x509_der.h: some changes to keep gcc -Wall happy
+
+2001-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex, lib/auth_rsa.c,
+ lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, lib/gnutls_priority.h, lib/gnutls_record.c,
+ lib/gnutls_record.h, src/cli.c, src/serv.c: Several cleanups.
+
+2001-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/ex1.tex, doc/tex/serv1.tex,
+ lib/gnutls.h.in, lib/gnutls_db.c, lib/gnutls_db.h,
+ lib/gnutls_session.c, lib/gnutls_session.h, src/cli.c, src/serv.c:
+ Changes in function names concerning _db_ handling and _session_
+ handling.
+
+2001-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, doc/tex/ex1.tex, doc/tex/ex2.tex,
+ doc/tex/ex3.tex, doc/tex/serv1.tex, lib/auth_dhe_rsa.c,
+ lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_anon_cred.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_srp.c,
+ lib/gnutls_ui.h, src/cli.c, src/serv.c: Added callback to select the
+ server certificate.
+
+2001-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ lib/auth_x509.c, lib/gnutls_record.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, src/cli.c, src/common.h, src/serv.c: optimized
+ certificate handling API
+
+2001-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe_rsa.c, lib/auth_x509.c, lib/auth_x509.h,
+ lib/gnutls_cert.h, lib/gnutls_ui.h, src/serv.c: several cleanups.
+ Removed old unneeded functions. certificate verification was moved
+ out of the handshake procedure.
+
+2001-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_global.c,
+ lib/gnutls_int.h, lib/gnutls_record.c: some cleanups
+
+2001-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_dhe_rsa.c, lib/auth_x509.c,
+ lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_record.c, lib/gnutls_session_pack.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, lib/x509_extensions.c, lib/x509_extensions.h,
+ src/Makefile.am, src/cli.c, src/common.h, src/port.h, src/serv.c:
+ now the peer's certificate list is stored into auth info structure
+ (instead of the certificate). several other cleanups.
+
+2001-12-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.c, lib/auth_x509.h, lib/debug.c, lib/debug.h,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_ui.c,
+ lib/gnutls_ui.h, lib/x509_extensions.c, src/cli.c, src/serv.c:
+ moving gnutls_DN structures out of gnutls_cert and auth_info
+ structures. Now they are generated upon request.
+
+2001-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, configure.in, lib/defines.h, lib/gnutls.h.in: fixes in
+ autoconf scripts
+
+2001-12-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, Makefile.am, NEWS, acconfig.h, configure.in,
+ lib/auth_x509.c, lib/defines.h, lib/gnutls_random.c: updated
+ detection of library settings
+
+2001-11-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, lib/auth_x509.c, lib/auth_x509.h, lib/gnutls_cert.c,
+ lib/gnutls_int.h, lib/x509_extensions.c, src/cli.c: The RDN sequence
+ needed in the certificate request message is now generated and
+ cached into a x509pki_credentials structure. This would save a lot
+ of time in the server side.
+
+2001-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2001-11-29 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * doc/ASN1.readme.txt: overflow buffers check
+
+2001-11-29 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * doc/ASN1.readme.txt, lib/x509_ASN.y, lib/x509_asn1.c,
+ lib/x509_asn1.h: ""
+
+2001-11-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/auth_anon.c, lib/auth_dhe_rsa.c,
+ lib/auth_rsa.c, lib/auth_srp.c, lib/auth_x509.c, lib/auth_x509.h,
+ lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_db.c,
+ lib/gnutls_int.h, lib/gnutls_record.c, lib/gnutls_session.c,
+ lib/gnutls_session_pack.c, lib/gnutls_session_pack.h,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, src/cli.c: introduced
+ gnutls_x509pki_get_certificate(). This function returns the peer's
+ certificate DER encoded. This certificate is also stored in the
+ resume db.
+
+2001-11-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.h: [no log message]
+
+2001-11-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS, configure.in, doc/README.autoconf, doc/TODO,
+ lib/gnutls.h.in, lib/gnutls_db.c, lib/libgnutls.m4: cleanups and
+ some corrections.
+
+2001-11-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/srp1.tex,
+ lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_db.c, lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_record.c, lib/gnutls_record.h, src/cli.c, src/serv.c:
+ gnutls_handshake(), gnutls_read() etc. functions no longer require
+ the 'SOCKET cd' argument. This argument is set using the function
+ gnutls_set_transport_ptr().
+
+2001-11-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf: [no log message]
+
+2001-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf: gnutls.m4 -> libgnutls.m4
+
+2001-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: added new pictures
+
+2001-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphersuites.tex: updated
+
+2001-11-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am: [no log message]
+
+2001-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: [no log message]
+
+2001-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc: produces better tex output
+
+2001-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, lib/gnutls_ui.c: updated documentation (and
+ generation of tex)
+
+2001-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS: updated
+
+2001-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: fixed gnutls_kx_get_name()
+
+2001-11-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_ui.h: cleanups
+
+2001-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, lib/gnutls_record.c, lib/x509_asn1.c: Gdoc
+ updated. Now handles powers and '->' symbol automatically for tex.
+
+2001-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO: [no log message]
+
+2001-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_der.c: corrected typo
+
+2001-11-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/ASN1.readme.txt, doc/scripts/gdoc, doc/tex/Makefile.am,
+ doc/tex/asn1.tex, doc/tex/gnutls.tex, lib/Makefile.am,
+ lib/x509_ASN.y, lib/x509_asn1.c, lib/x509_der.c: Documentation for
+ ASN.1 has been moved to inline comments and to the tex
+ documentation.
+
+2001-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h: removed E_TIMEOUT
+
+2001-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_dhe_rsa.c, lib/auth_srp.c,
+ lib/auth_x509.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h, lib/gnutls_record.c,
+ src/serv.c: corrected some obscure bugs in the handshake and record
+ send buffering code.
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: removed debugging stuff
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS: [no log message]
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: more fixes
+
+2001-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_cipher.c, lib/gnutls_constate.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_priority.c, lib/gnutls_record.c, lib/io_debug.h,
+ src/serv.c: more non blocking IO fixes
+
+2001-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: now resolves hostnames.
+
+2001-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h, lib/gnutls_priority.c: va_copy macro renamed to
+ VA_COPY
+
+2001-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: now requires autoconf 2.50
+
+2001-11-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/ext_max_record.c, lib/gnutls.h.in,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_compress_int.c, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_mem.c,
+ lib/gnutls_mem.h, lib/gnutls_privkey.c, lib/gnutls_record.c,
+ lib/io_debug.h, src/cli.c, src/serv.c: several fixes. Including: - max_record_header extension. - resume handshake sending wrong ssl version - Non blocking IO (not ready yet)
+
+2001-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_int.h: [no log message]
+
+2001-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/resumedb.tex,
+ doc/tex/translayer.tex, lib/auth_x509.c, lib/gnutls.h.in,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/cli.c: cleanups and documentation updates
+
+2001-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.c: rolled back previous change...
+
+2001-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.c: made empty certificate message consistent with
+ other implementations.
+
+2001-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe_rsa.c, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/auth_x509.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_dh.c, lib/gnutls_dh_primes.c,
+ lib/gnutls_gcry.c, lib/gnutls_gcry.h, lib/gnutls_pk.c,
+ lib/gnutls_privkey.c, lib/gnutls_record.c, lib/gnutls_session.c,
+ lib/gnutls_sig.c, lib/gnutls_srp.c, lib/x509_sig_check.c: corrected
+ memory leaks and other bugs
+
+2001-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: added warning
+
+2001-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/Makefile.am, lib/ext_dnsname.c,
+ lib/ext_max_record.c, lib/ext_max_record.h, lib/ext_srp.c,
+ lib/gnutls.h.in, lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/cli.c: added max_record_size extension
+
+2001-11-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_session.c: corrected bug which made
+ get_current_session, not to return the right size of the session.
+
+2001-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_dhe_rsa.c, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_int.h, lib/gnutls_mem.c,
+ lib/gnutls_record.c: receive buffer is now dynamic.
+
+2001-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_handshake.c, lib/gnutls_record.c, src/cli.c:
+ changed semantics of the GNUTLS_E_REHANDSHAKE error code.
+
+2001-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, configure.in, lib/defines.h, lib/gnutls_priority.c:
+ added support for va_copy
+
+2001-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/translayer.tex, lib/gnutls_db.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/serv.c: cleanups
+
+2001-11-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.h: list -> gnutls_list
+
+2001-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_anon_cred.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c: changed LIST to GNUTLS_LIST
+
+2001-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_db.c: added new function to check for
+ expired sessions.
+
+2001-11-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: cleanups
+
+2001-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c, lib/gnutls_record.c, lib/gnutls_sig.c:
+ cleanups in function names
+
+2001-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.c: cleanups in the resuming code
+
+2001-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, configure.in, lib/gnutls.h.in, lib/gnutls_db.c,
+ lib/gnutls_db.h, lib/gnutls_int.h, lib/gnutls_record.c: added hooks
+ in order to use external database to store session to be resumed.
+ Works but it is not finished.
+
+2001-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_global.c, lib/gnutls_int.h:
+ set_push() & set_pull() functions moved to state (instead of being
+ global)
+
+2001-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README.CVS, doc/Makefile.am, doc/README.CVS: moved README.CVS to
+ doc/
+
+2001-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README.CVS: added documentation of the steps required to built the
+ cvs tree
+
+2001-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/auth_srp_passwd.c, lib/auth_x509.c,
+ lib/gnutls_auth.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_record.c,
+ lib/gnutls_record.h, lib/io_debug.h, src/cli.c, src/serv.c: Adopted
+ some of the patches of Jon Nelson. Fixes the non blocking behaviour.
+
+2001-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2001-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_record.c: corrected and fixed
+ several things in send_int() etc.
+
+2001-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/translayer.tex: Added missing file.
+
+2001-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2001-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/TODO, doc/scripts/Makefile.am: added scripts
+ into distribution
+
+2001-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: [no log message]
+
+2001-10-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.c, lib/gnutls_session.c: corrected bugs in session
+ resuming.
+
+2001-10-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/gnutls_db.c, lib/gnutls_int.h,
+ lib/gnutls_mem.c, lib/gnutls_session.c: [no log message]
+
+2001-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_int.h, lib/io_debug.h: cleanups
+
+2001-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/io_debug.h: added IO debugging code
+
+2001-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in: [no log message]
+
+2001-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_buffers.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_kx.h, lib/gnutls_record.c: added some checks for memory
+ allocation. Fixes in write interrupts.
+
+2001-10-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: corrected bugs which could break non
+ blocking IO
+
+2001-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * PGPKEYS: added file. Holds pgp keys
+
+2001-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_record.c: corrections for the
+ gnutls_read_buffered() function.
+
+2001-10-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, src/serv.c: updated/fixed the handling of
+ interrupted writes
+
+2001-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_record.c:
+ changed gnutls_write() semantics in order to cope with interrupted
+ system calls and non blocking IO
+
+2001-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: [no log message]
+
+2001-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_int.h: [no log message]
+
+2001-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/gnutls.tex, lib/gnutls.h.in,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c:
+ changes in order to be independent of the berkeley style sockets
+ (but it is still difficult to use gnutls with any other api)
+
+2001-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: made gnutls_write() unaware of interrupted
+ system calls and eagain errors.
+
+2001-10-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS, doc/tex/resumedb.tex, lib/gnutls_buffers.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_record.c,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, src/serv.c: several cleanups
+
+2001-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_int.h: Corrected short read bug
+
+2001-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: corrected _gnutls_write()
+
+2001-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c: peeked data now stays also in handshake
+
+2001-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_kx.c: corrected bug which caused a fatal alert to be
+ sent even if it wasn't required
+
+2001-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.c, lib/gnutls_record.c, lib/gnutls_sig.c, src/cli.c:
+ [no log message]
+
+2001-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls_buffers.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c,
+ lib/gnutls_record.c: introduced GNUTLS_E_INTERRUPTED, fixes in error
+ handling
+
+2001-10-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h:
+ the gnutls handshake protocol can now hold it's state. Thus it may
+ be used in some kind of non blocking mode. Not tested at all
+
+2001-10-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_record.c: clean ups in the handshake protocol
+
+2001-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ex1.tex, doc/tex/gnutls.tex,
+ doc/tex/resumedb.tex: [no log message]
+
+2001-10-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, doc/tex/ex3.tex, doc/tex/serv1.tex,
+ lib/auth_dhe_rsa.c, lib/auth_rsa.c, lib/auth_x509.c,
+ lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_auth.c,
+ lib/gnutls_auth_int.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ src/cli.c, src/serv.c: auth_info types and structures were moved to
+ the internals of the library. This makes the library incompatible
+ (source & binary) with the previous versions.
+
+2001-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_cert.c,
+ lib/gnutls_dh_primes.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_ui.h: added option to regenerate
+ primes and generators for EDH
+
+2001-10-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_x509.c, lib/ext_dnsname.c, lib/ext_dnsname.h,
+ lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ src/cli.c, src/crypt.c, src/serv.c: updated name indication
+ extension (dnsname)
+
+2001-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/crypt-gaa.c, src/crypt.gaa: renamed crypt to
+ srpcrypt.
+
+2001-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/auth_anon.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_global.c, lib/gnutls_int.h,
+ src/crypt.c: better prime handling
+
+2001-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphersuites.tex: [no log message]
+
+2001-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore: [no log message]
+
+2001-10-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_dhe_rsa.c, lib/auth_srp_passwd.c,
+ lib/auth_x509.c, lib/gnutls.h.in, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_dh_primes.c, lib/gnutls_record.h, lib/gnutls_srp.c:
+ Updated the handling of prime numbers.
+
+2001-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe_rsa.c, lib/auth_x509.c, lib/gnutls.h.in,
+ lib/gnutls_buffers.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_sig.c, lib/gnutls_sig.h: several
+ cleanups
+
+2001-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_sig.c: [no log message]
+
+2001-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, THANKS, configure.in, doc/tex/ex3.tex, lib/auth_anon.c,
+ lib/auth_dhe_rsa.c, lib/auth_x509.c, lib/auth_x509.h,
+ lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_datum.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/x509_extensions.c,
+ src/cli.c, src/serv.c: added DHE_RSA ciphersuites
+
+2001-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-ciphersuite-03.txt,
+ doc/protocol/draft-ietf-tls-ciphersuite-05.txt,
+ doc/protocol/draft-ietf-tls-extensions-00.txt,
+ doc/protocol/draft-ietf-tls-extensions-01.txt,
+ doc/protocol/draft-ietf-tls-kerb-00.txt, doc/protocol/rfc2712.txt:
+ updated documents
+
+2001-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/x509_extensions.c: [no log message]
+
+2001-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/x509_asn1.c, lib/x509_extensions.c: fixes in the certificate
+ extensions handling code. Bugs reported by Neil Spring
+ <nspring@saavie.org>
+
+2001-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.tex: [no log message]
+
+2001-09-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ciphersuites.tex: [no log message]
+
+2001-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf, doc/tex/macros.tex: [no log message]
+
+2001-09-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/ciphersuites.tex, doc/tex/gnutls.tex:
+ more documentation
+
+2001-09-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_anon.c, lib/auth_rsa.c,
+ lib/auth_x509.c, lib/auth_x509.h, lib/gnutls_cert.c,
+ lib/gnutls_dh.h, lib/gnutls_ui.c, lib/gnutls_ui.h: several cleanups
+ in order to support DHE_RSA
+
+2001-09-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe_rsa.c: Preliminary support for DHE_RSA
+
+2001-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-09-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_dhe_dss.c, lib/gnutls_compress_int.h, lib/gnutls_num.c:
+ [no log message]
+
+2001-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2001-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-09-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: updated documentation
+
+2001-09-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, doc/TODO: [no log message]
+
+2001-09-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/ex3.tex, lib/Makefile.am, lib/auth_rsa.c,
+ lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
+ lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h,
+ lib/x509_extensions.c, src/cli.c, src/serv.c: Client certificate
+ callback has been improved
+
+2001-09-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-09-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-09-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf, doc/TODO: [no log message]
+
+2001-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/Makefile.am, lib/Makefile.am: updated
+ documentation generation
+
+2001-09-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-09-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: updated documentation
+
+2001-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2001-08-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c, lib/gnutls_int.h, lib/gnutls_num.h: minor
+ bugfixes
+
+2001-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, configure.in, lib/gnutls_global.c: use of sigaction
+ instead of signal(), to ignore SIGPIPE
+
+2001-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf: [no log message]
+
+2001-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/Makefile.am, doc/tex/cover.tex,
+ doc/tex/cover.tex.in, doc/tex/serv1.tex, lib/auth_rsa.c,
+ lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_cert.c,
+ lib/gnutls_int.h, lib/gnutls_ui.c, lib/gnutls_ui.h, src/serv.c:
+ gnutls_set_certificate_request() renamed to
+ gnutls_x509pki_set_cert_request(). Added
+ gnutls_x509pki_set_cert_callback().
+
+2001-08-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/gnutls.h.in, lib/gnutls_anon_cred.c,
+ lib/gnutls_cipher.c, lib/gnutls_record.c, lib/x509_asn1.c,
+ lib/x509_asn1.h, lib/x509_b64.c, lib/x509_der.c, src/serv.c: fixed
+ memory leaks
+
+2001-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.h.in: updated gnutls.h file
+
+2001-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cover.tex: [no log message]
+
+2001-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cover.tex, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_record.c, lib/gnutls_ui.c, src/serv.c: some memory
+ optimization while receiving packets
+
+2001-08-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_record.c:
+ header size is now written in gnutls_cipher.c
+
+2001-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls.h.in, lib/gnutls_int.h,
+ lib/gnutls_record.c, src/cli.c, src/serv.c: bugfixes and minor
+ updates
+
+2001-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/serv1.tex, doc/tex/srp1.tex: corrected and updated
+ documentation
+
+2001-08-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/cli.c, src/serv.c: changed gnutls_bye() behaviour
+
+2001-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_int.h,
+ lib/gnutls_record.c: several fixes in gnutls_bye() function, and in
+ gnutls_recv_int()
+
+2001-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: corrected bugs in version handling and in
+ certificate initialization
+
+2001-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/auth_srp.c, lib/ext_srp.c,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/cli.c: better support for buffered read and several cleanups
+
+2001-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_kx.c, lib/gnutls_record.c: gnutls
+ now sends (again) record packets using one write.
+
+2001-08-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_srp.c: corrected free for data not belonging to the
+ heap
+
+2001-08-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_srp.c, lib/auth_srp_passwd.c,
+ lib/crypt_bcrypt.c, lib/gnutls_buffers.c, lib/gnutls_dh.c,
+ lib/gnutls_handshake.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
+ lib/gnutls_srp.c: several checks for failed allocations and other
+ fixes
+
+2001-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2001-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/ext_srp.c, lib/gnutls_dh.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_privkey.c, src/cli.c: fixes in SRP key exchange and
+ several others.
+
+2001-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/tex/ex3.tex, doc/tex/serv1.tex,
+ lib/auth_rsa.c, lib/ext_srp.c, lib/gnutls_auth_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_sig.c, lib/gnutls_sig.h, lib/gnutls_ui.h,
+ lib/x509_sig_check.c, lib/x509_verify.c, src/cli.c, src/serv.c:
+ server side client authentication works
+
+2001-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/auth_anon.c, lib/auth_rsa.c, lib/auth_srp.c,
+ lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_auth.h,
+ lib/gnutls_cert.c, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_kx.h, src/serv.c: additions in order for gnutls server to
+ support client authentication
+
+2001-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
+ lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_pk.c: ssl3 fixes and several others.
+
+2001-08-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mem.c: realloc does not realloc memory if less size is
+ requested.
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_cert.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c, lib/gnutls_int.h:
+ updated in key usage fields
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, lib/gnutls_sig.c, lib/gnutls_sig.h,
+ lib/x509_sig_check.c: cleanups in the signature generating functions
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_kx.c: [no log message]
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_anon.c, lib/auth_anon.h, lib/auth_rsa.c,
+ lib/auth_srp.c, lib/auth_srp.h, lib/auth_x509.c, lib/auth_x509.h,
+ lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_auth.c,
+ lib/gnutls_buffers.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, lib/gnutls_v2_compat.c,
+ src/cli.c, src/serv.c: several fixes. Added client authentication
+ with x509PKI
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_rsa.c, lib/gnutls_buffers.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_sig.c, lib/gnutls_sig_check.c, lib/x509_sig_check.c: more
+ x509 client certificate stuff
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/x509/clicert.pem, src/x509/clikey.pem: added client
+ certificates
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_rsa.c, lib/gnutls_cert.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_pk.c, lib/gnutls_sig.c, lib/gnutls_sig.h, src/cli.c,
+ src/x509/Makefile.am: several additions for x509 client
+ authentication
+
+2001-08-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_buffers.c, lib/gnutls_cert.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_mem.c, lib/gnutls_mem.h,
+ lib/gnutls_record.c: added the concept of optional handshake packets
+ (like CERTIFICATE_REQUEST). several other fixes.
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_anon.h, lib/auth_rsa.c, lib/auth_srp.c,
+ lib/auth_srp.h, lib/auth_x509.h, lib/ext_srp.c,
+ lib/gnutls_algorithms.c, lib/gnutls_auth.h, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_record.c,
+ lib/gnutls_ui.c: several cleanups and updates in the handshake
+ protocol implementation iolaiiiiiCVS:
+
+ ----------------------------------------------------------------------
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/tex/ex3.tex, doc/tex/serv1.tex,
+ lib/Makefile.am, lib/auth_x509.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_cert.h, lib/gnutls_errors_int.h, lib/gnutls_int.h,
+ lib/gnutls_ui.c, lib/gnutls_ui.h, src/cli.c, src/serv.c: several
+ cleanups. No longer export structures to the API, but a bunch of
+ functions in order to access them.
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex:
+ gnutls_x509_set_cn() was removed
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf, doc/TODO: [no log message]
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore, lib/x509_asn1.h, lib/x509_der.h: [no log message]
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.h.in, lib/gnutls_global.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/.cvsignore: added new function gnutls_send_alert() to the api
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_rsa.c, lib/auth_x509.c,
+ lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_cert.c,
+ lib/gnutls_cert.h: cleanups in certificate copying
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/CertificateExample.c, src/CrlExample.c, src/Makefile.am,
+ src/asn1c.c, src/prime.c: fixes for the new files
+
+2001-08-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_rsa.c, lib/auth_srp_passwd.c,
+ lib/cert_ASN.y, lib/cert_asn1.c, lib/cert_asn1.h, lib/cert_b64.c,
+ lib/cert_b64.h, lib/cert_der.c, lib/cert_der.h, lib/cert_verify.c,
+ lib/cert_verify.h, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_global.c, lib/gnutls_global.h, lib/gnutls_privkey.c,
+ lib/gnutls_sig_check.c, lib/pkcs1_asn1_tab.c, lib/pkix_asn1_tab.c,
+ lib/x509_ASN.y, lib/x509_asn1.c, lib/x509_asn1.h, lib/x509_b64.c,
+ lib/x509_b64.h, lib/x509_der.c, lib/x509_der.h,
+ lib/x509_extensions.c, lib/x509_extensions.h, lib/x509_verify.c,
+ lib/x509_verify.h: renamed cert_* to x509_*
+
+2001-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_asn1.c, lib/cert_asn1.h, lib/cert_der.c, lib/cert_der.h,
+ lib/gnutls_cert.c: asn1_read_value() will no longer overflow the
+ given buffer. (this assumes that the caller provided the size of
+ the buffer)
+
+2001-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_sig_check.c: fixes in x509 cert
+ extensions handling
+
+2001-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: minor fixes
+
+2001-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_mem.c, lib/gnutls_mem.h: added internal memory handlers
+
+2001-08-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/auth_rsa.c, lib/cert_b64.c,
+ lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/gnutls_algorithms.c,
+ lib/gnutls_datum.h, lib/gnutls_global.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_pk.c,
+ src/serv.c: added internal memory handlers
+
+2001-08-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.tex: [no log message]
+
+2001-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c: [no log message]
+
+2001-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.c, src/cli.c: subjectAltName related fixes
+
+2001-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_x509.h, lib/cert_verify.c,
+ lib/cert_verify.h, lib/gnutls.h.in, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/cli.c: added some kind of support for X509 Extensions
+
+2001-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/cover.tex, doc/tex/ex3.tex, doc/tex/gnutls.tex,
+ doc/tex/macros.tex: [no log message]
+
+2001-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/cover.tex, doc/tex/fdl.tex,
+ doc/tex/gnutls.tex, doc/tex/macros.tex: documentation updates
+
+2001-08-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/ex1.tex, doc/tex/ex2.tex, doc/tex/ex3.tex,
+ doc/tex/gnutls.tex, doc/tex/serv1.tex, doc/tex/srp1.tex,
+ lib/gnutls_auth.c, lib/gnutls_record.c: documentation fixes
+
+2001-07-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, doc/tex/Makefile.am, doc/tex/gnutls.tex,
+ lib/auth_anon.c, lib/auth_anon.h, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/ext_srp.c, lib/gnutls_anon_cred.c,
+ lib/gnutls_srp.c: fixed api documentation (for srp and anon cred
+ allocation)
+
+2001-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/tex/Makefile.am, doc/tex/serv1.tex,
+ lib/gnutls_global.c, lib/gnutls_int.h: [no log message]
+
+2001-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: added profiler option
+
+2001-07-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_sb64.c, lib/cert_b64.c, lib/debug.c,
+ lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_constate.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_record.c,
+ lib/gnutls_sig_check.c, lib/gnutls_v2_compat.c: added log function
+ (no longer use fprintf).
+
+2001-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_record.c: fixes in EOF handling
+ in handshake.
+
+2001-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: detect EOF
+
+2001-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, doc/tex/.cvsignore, doc/tex/Makefile.am: [no log
+ message]
+
+2001-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, doc/tex/.cvsignore, doc/tex/gnutls.tex: [no log
+ message]
+
+2001-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-07-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am, doc/tex/gnutls.tex, doc/tex/serv1.tex,
+ doc/tex/srp1.tex: documentation updates
+
+2001-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/gnutls.tex: [no log message]
+
+2001-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/scripts/gdoc, doc/tex/Makefile.am: fixes in tex production
+ (gdoc)
+
+2001-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2001-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/tex/Makefile.am: [no log message]
+
+2001-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/API-template.html, doc/Makefile.am,
+ doc/scripts/gdoc, doc/tex/Makefile.am, doc/tex/ex1.tex,
+ doc/tex/ex2.tex, doc/tex/ex3.tex, doc/tex/gnutls.tex,
+ lib/gnutls_record.c: Added documentation in TEX
+
+2001-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API-template.html: [no log message]
+
+2001-07-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API-template.html, doc/Makefile.am, doc/scripts/gdoc,
+ lib/gnutls.h.in, lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_global.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_sig_check.c: added some
+ documentation. Bug fixes in CHANGECIPHER_SPEC packet.
+
+2001-07-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/gnutls.h.in, lib/gnutls_buffers.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_global.c, lib/gnutls_record.c,
+ src/cli.c, src/serv.c: changed gnutls_read() semantics
+
+2001-07-26 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * doc/TODO: Tools for Certificate
+
+2001-07-26 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/cert_der.c: get time bug fixed
+
+2001-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/srp/.cvsignore, src/x509/.cvsignore: [no log message]
+
+2001-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: moving to 0.1.9
+
+2001-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_verify.c: fixed/updated compare_dn() function.
+
+2001-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_cert.c, src/serv.c: [no log message]
+
+2001-07-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_sig_check.c: updated sig_check()
+
+2001-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/auth_rsa.c, lib/cert_verify.c, lib/cert_verify.h,
+ lib/gnutls.h.in, lib/gnutls_auth.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_sig_check.c,
+ src/cli.c: gnutls now checks the certificate's CN to see if it
+ matches the peer's name.
+
+2001-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_pk.c, lib/gnutls_record.c: bugfixes
+
+2001-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: support for multiple protocol versions.
+
+2001-07-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/cert_b64.c, lib/gnutls.h.in, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_constate.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_priority.c,
+ lib/gnutls_priority.h, lib/gnutls_record.c, lib/gnutls_v2_compat.c,
+ src/serv.c: corrected bug in b64 decoding. Added support for
+ multiple TLS protocol versions.
+
+2001-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: ignores some errors
+
+2001-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, lib/auth_rsa.c, lib/cert_verify.c, lib/gnutls_cert.c,
+ lib/gnutls_int.h, lib/gnutls_pk.c, lib/gnutls_pk.h,
+ lib/gnutls_sig_check.c: [no log message]
+
+2001-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/cert_ASN.y, lib/cert_asn1.c, lib/cert_der.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_compress_int.c,
+ lib/gnutls_handshake.c, lib/gnutls_privkey.c, lib/gnutls_record.c,
+ src/serv.c: corrected memory leaks
+
+2001-07-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/Makefile.am, lib/cert_asn1.h, lib/cert_verify.c,
+ lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_int.h, lib/gnutls_privkey.c,
+ lib/gnutls_record.c, lib/gnutls_sig_check.c, src/.cvsignore,
+ src/asn1c.c, src/ca.pem, src/cli.c, src/pkcs1.asn, src/serv.c:
+ several fixes cleanups etc.
+
+2001-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.c: [no log message]
+
+2001-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/cert_asn1.c, lib/cert_asn1.h,
+ lib/gnutls.h.in, lib/gnutls_global.c, lib/pkcs1.asn,
+ lib/pkcs1_asn1_tab.c, lib/pkix.asn, src/Makefile.am,
+ src/PkixTabExample.c, src/asn1c.c, src/cli.c, src/pkix.asn,
+ src/serv.c, src/srp/Makefile.am, src/x509/Makefile.am: updated file
+ structure
+
+2001-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cert.pem, src/key.pem, src/serv.c,
+ src/srp/tpasswd, src/srp/tpasswd.conf, src/tpasswd,
+ src/tpasswd.conf, src/x509/ca.pem, src/x509/cert.pem,
+ src/x509/key.pem: updated directory structure
+
+2001-07-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/protocol/draft-ietf-tls-srp-00.txt,
+ doc/protocol/draft-ietf-tls-srp-01.txt, doc/protocol/rfc2313.txt,
+ lib/Makefile.am, lib/auth_rsa.c, lib/cert_verify.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_pk.c, lib/gnutls_pk.h, lib/gnutls_sig.h,
+ lib/gnutls_sig_check.c, src/ca.pem, src/cert.pem, src/key.pem,
+ src/pkcs1.asn: added some kind of certificate checking
+
+2001-07-19 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * doc/ASN1.readme.txt, lib/cert_ASN.y, lib/cert_asn1.c,
+ lib/cert_asn1.h, src/CertificateExample.c, src/CrlExample.c: ""
+
+2001-07-19 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/pkcs1_asn1_tab.c, lib/pkix_asn1_tab.c: C structure management
+
+2001-07-19 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * src/PkixTabExample.c: C structure management
+
+2001-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c: added mhash 0.8.10 support
+
+2001-07-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_constate.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ src/cli.c: more certificate fields parsed. Cleanups
+
+2001-07-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/cert_verify.c, lib/cert_verify.h, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_cert.h,
+ lib/gnutls_constate.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h, lib/gnutls_int.h,
+ src/cli.c, src/serv.c: several cleanups. Added check for
+ certificate's expiration time.
+
+2001-07-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_rsa.c, lib/cert_verify.c,
+ lib/cert_verify.h, lib/gnutls.h.in, lib/gnutls_cert.c,
+ lib/gnutls_int.h, src/cli.c: updated cert_verify
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/CertificateExample.c: corrected copyright notice
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, lib/gnutls_anon_cred.c, lib/gnutls_srp.c: minor
+ cleanups
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, src/cli.c: updated API
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_anon_cred.c: added missing file
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_x509.h, lib/cert_verify.c,
+ lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_srp.c,
+ src/cli.c, src/serv.c: several bug fixes in ASN handling.
+ Fixes/additions in X509 structures handling.
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_rsa.c, lib/auth_srp.c, lib/auth_srp.h, lib/auth_x509.h,
+ lib/ext_srp.c, lib/gnutls.h.in, lib/gnutls_auth.c,
+ lib/gnutls_cert.c, lib/gnutls_global.c, lib/gnutls_privkey.c,
+ lib/gnutls_srp.c, src/cli.c, src/serv.c: several cleanups
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_ASN.y: corrected copyright statement
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/README.autoconf: [no log message]
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_x509.h, lib/cert_verify.c,
+ lib/gnutls.h.in, lib/gnutls_cert.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h: improved certificate handling
+
+2001-07-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: updated
+
+2001-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf: added autoconf2.50 (for debian)
+
+2001-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acinclude.m4: added required .m4s
+
+2001-07-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsusers: corrected fabio's entry
+
+2001-07-12 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * lib/cert_ASN.y, lib/cert_asn1.h, lib/cert_der.c, lib/cert_der.h,
+ src/CertificateExample.c, src/CrlExample.c, src/pkix.asn: [no log
+ message]
+
+2001-07-12 Fabio Fiorina <fiorinaf@gnutls.org>
+
+ * doc/ASN1.readme.txt, lib/cert_asn1.c: [no log message]
+
+2001-07-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_record.c: bug fixes
+
+2001-07-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_srp.c, lib/crypt_bcrypt.c, lib/crypt_bcrypt.h,
+ lib/crypt_srpsha1.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_srp.c, lib/gnutls_srp.h:
+ optimizations in hash functions (removed a lot of mallocs)
+
+2001-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_global.h, src/cert.pem, src/key.pem: [no log message]
+
+2001-07-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/ASN1.readme.txt, lib/Makefile.am, lib/auth_rsa.c,
+ lib/cert_ASN.y, lib/cert_asn1.c, lib/cert_asn1.h, lib/cert_der.c,
+ lib/cert_der.h, lib/gnutls_cert.c, lib/gnutls_global.c,
+ lib/gnutls_int.h, lib/gnutls_privkey.c, src/CertificateExample.c,
+ src/Makefile.am, src/pkix.asn, src/serv.c: Updated ASN.1 Parser
+ (Fabio - commited by me).
+
+2001-07-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
+ lib/gnutls_privkey.c: cleanups
+
+2001-06-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_srp_passwd.c, lib/ext_srp.c,
+ lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_db.c, lib/gnutls_errors.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, src/.cvsignore, src/cli.c,
+ src/serv.c: Cleanups. Mostly while sending client certificate (and
+ client certificate verify)
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/README.der: removed
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/ext_dnsname.c, lib/gnutls.h.in, lib/gnutls_constate.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ src/cli.c, src/serv.c: added support for DNSNAME extension
+ (draft-ietf-tls-extensions)
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-ecc-01.txt,
+ doc/protocol/draft-ietf-tn3270e-telnet-tls-05.txt: [no log message]
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-pkix-ac509prof-05.txt,
+ doc/protocol/draft-ietf-tls-camellia-00.txt,
+ doc/protocol/draft-ietf-tls-extensions-00.txt,
+ doc/protocol/draft-ietf-tls-https-04.txt,
+ doc/protocol/draft-ietf-tls-misty1-00.txt,
+ doc/protocol/draft-ietf-tls-openpgp-00.txt,
+ doc/protocol/draft-ietf-tls-openpgp-01.txt,
+ doc/protocol/draft-ietf-tls-seedhas-00.txt,
+ doc/protocol/draft-ietf-tls-wireless-00.txt,
+ doc/protocol/rfc2817.txt: added more up to date documentation
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/x509guide.txt: added gutman's x509guide
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO: [no log message]
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_priority.c: some portability
+ fixes
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/Makefile.am, lib/auth_anon.c,
+ lib/auth_dhe_dss.c, lib/auth_rsa.c, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/auth_srp_sb64.c, lib/cert_ASN.y,
+ lib/cert_asn1.c, lib/cert_b64.c, lib/cert_der.c, lib/crypt.c,
+ lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/debug.c,
+ lib/ext_dnsname.c, lib/ext_srp.c, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h,
+ lib/gnutls_cipher_int.c, lib/gnutls_compress.c,
+ lib/gnutls_compress_int.c, lib/gnutls_constate.c,
+ lib/gnutls_constate.h, lib/gnutls_datum.c, lib/gnutls_db.c,
+ lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_extensions.c,
+ lib/gnutls_gcry.c, lib/gnutls_global.c, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_num.c, lib/gnutls_pk.c, lib/gnutls_priority.c,
+ lib/gnutls_privkey.c, lib/gnutls_privkey.h, lib/gnutls_random.c,
+ lib/gnutls_record.c, lib/gnutls_session.c, lib/gnutls_srp.c,
+ lib/gnutls_v2_compat.c, src/cli.c, src/serv.c: fixes in
+ ChangeCipherSpec handling (this also fixes rehandshake). Several
+ cleanups.
+
+2001-06-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/debug.c, lib/gnutls_buffers.c,
+ lib/gnutls_cert.c, lib/gnutls_cert.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress_int.c, lib/gnutls_datum.c, lib/gnutls_datum.h,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_record.c, lib/gnutls_v2_compat.c:
+ several cleanups
+
+2001-06-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls_global.c: added checks for signals
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, src/serv.c: corrected bug in stream
+ decryption..
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_rsa.c, lib/auth_x509.h, lib/gnutls.h.in,
+ lib/gnutls_cert.c, lib/gnutls_cert.h: added internal representation
+ of pkcs1 rsa private keys.
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, src/Makefile.am, src/serv.c: [no log message]
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, README, configure.in, doc/Makefile.am, doc/TODO,
+ lib/Makefile.am, lib/gnutls.h.in, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cert.c, lib/gnutls_global.c,
+ lib/gnutls_record.c, src/cli.c, src/pk.h, src/serv.c: added global
+ state.
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_cert.c,
+ lib/gnutls_cert.h, lib/gnutls_int.h, src/cli.c, src/serv.c: minor
+ cleanups
+
+2001-06-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in: gnutls_cert is not defined here
+
+2001-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cert.h, src/pk.h: added missing files
+
+2001-06-21 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO, lib/Makefile.am, lib/auth_rsa.c,
+ lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_algorithms.c,
+ lib/gnutls_auth.c, lib/gnutls_cert.c, lib/gnutls_datum.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_priority.c, lib/gnutls_v2_compat.c, src/serv.c: Updated
+ Ciphersuite selection algorithm. Added internal representation of
+ x509 structures.
+
+2001-06-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/auth_rsa.c, lib/cert_asn1.c, lib/cert_der.c,
+ lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_pk.c, src/pkix.asn: client side RSA works (no certificate
+ checking)
+
+2001-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/auth_anon.c, lib/auth_rsa.c, lib/auth_srp.c,
+ lib/auth_x509.h, lib/gnutls.h.in, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_kx.h, lib/gnutls_v2_compat.c, src/cli.c, src/serv.c:
+ removed unneeded code and added some kind of client support for RSA
+ ciphersuites
+
+2001-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2001-06-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/auth_rsa.c, lib/debug.c, lib/debug.h,
+ lib/gnutls.h.in, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_kx.h,
+ lib/gnutls_record.c, lib/gnutls_session.c, lib/gnutls_v2_compat.c,
+ src/serv.c: fixes in session resuming..
+
+2001-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_record.c,
+ lib/gnutls_v2_compat.c: fixes in session resuming
+
+2001-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_gcry.c, lib/gnutls_gcry.h: added missing files
+
+2001-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/debug.c, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_plaintext.c, lib/gnutls_plaintext.h,
+ lib/gnutls_record.c, lib/gnutls_v2_compat.c, src/serv.c: several
+ cleanups in the low level record layer (the old code was a mess).
+ several other fixes.
+
+2001-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_x509.h, lib/ext_dnsname.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_record.h, lib/gnutls_v2_compat.c:
+ cleanups. No longer checks for alerts between messages.
+
+2001-06-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, doc/TODO, doc/protocol/draft-ietf-tls-https-04.txt,
+ lib/Makefile.am, lib/defines.h, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_int.h, lib/gnutls_record.c,
+ src/cli.c, src/serv.c: cleanups and addition of a test http server
+ (serv.c)
+
+2001-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_record.c, lib/gnutls_v2_compat.c, src/serv.c: fixes in V2
+ client hello.
+
+2001-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_rsa.c, lib/gnutls_algorithms.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_pk.c,
+ lib/gnutls_v2_compat.c, src/pkcs1.asn, src/serv.c: several fixes for
+ RSA. gnutls server can now work with rsa certificates.
+
+2001-06-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_rsa.c, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/auth_x509.h, lib/cert_asn1.h,
+ lib/cert_b64.c, lib/cert_b64.h, lib/crypt_bcrypt.c,
+ lib/crypt_srpsha1.c, lib/gnutls.c, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_cert.c, lib/gnutls_cipher.c,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_num.h, lib/gnutls_pk.c,
+ lib/gnutls_pk.h, lib/gnutls_random.c, lib/gnutls_random.h,
+ lib/gnutls_record.c, lib/gnutls_srp.c, lib/gnutls_v2_compat.c:
+ several additions for RSA (mostly unstable)
+
+2001-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_pk.c, lib/gnutls_pk.h: some support for public key
+ encryption (rsa)
+
+2001-06-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_anon.c, lib/auth_dhe_dss.c,
+ lib/auth_rsa.c, lib/auth_srp.c, lib/auth_x509.h, lib/defines.h,
+ lib/ext_dnsname.c, lib/ext_dnsname.h, lib/gnutls.c,
+ lib/gnutls.h.in, lib/gnutls_auth_int.h, lib/gnutls_dh.c,
+ lib/gnutls_extensions.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, lib/gnutls_srp.c: more rsa fixes.
+ Added dnsname extension.
+
+2001-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_rsa.c, lib/auth_srp.c, lib/auth_x509.h,
+ lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_auth.h,
+ lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, src/serv.c: more rsa stuff -- and cleanups
+
+2001-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/pkcs1.asn: removed <CR>
+
+2001-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Certificate.txt, src/CertificateExample.c, src/pkcs1.asn,
+ src/pkix.asn: updated ASN.1 files.
+
+2001-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Certificate.txt: [no log message]
+
+2001-06-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, lib/Makefile.am, lib/auth_rsa.c,
+ lib/auth_x509.h, lib/cert_asn1.h, lib/gnutls.h.in,
+ lib/gnutls_datum.c, lib/gnutls_datum.h, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.c: several
+ additions in order to support KX_RSA and X509PKI.
+
+2001-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_auth.c: updated get_auth_info()
+
+2001-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, buildconf, src/cli.c, src/serv.c: changed the setting
+ of credentials
+
+2001-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore, lib/auth_anon.c, lib/auth_anon.h, lib/auth_srp.c,
+ lib/auth_srp_passwd.c, lib/ext_srp.c, lib/gnutls.h.in,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_auth.c, lib/gnutls_auth_int.h, lib/gnutls_int.h: better
+ handling of set/get credentials.
+
+2001-06-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_auth_int.h, lib/gnutls_buffers.c,
+ lib/gnutls_int.h: added gnutls_datum structure.
+
+2001-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: [no log message]
+
+2001-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/.cvsignore: [no log message]
+
+2001-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsignore, .cvsusers, AUTHORS, Makefile.am, changelog-update.sh:
+ added Fabio in AUTHORS, fixed the way ChangeLog is created.
+
+2001-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: added a warning for the addition of new
+ algorithms
+
+2001-06-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/rfc2631.txt: added rfc on DH key exchange
+
+2001-06-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf, lib/cert_der.asn1: [no log message]
+
+2001-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/ASN1.readme.txt: [no log message]
+
+2001-06-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/cert_ASN.y, lib/cert_asn1.c,
+ lib/cert_asn1.h, lib/cert_der.c, lib/cert_der.h, lib/gnutls_der.c,
+ lib/gnutls_der.h, src/CertificateExample.c, src/Makefile.am: Added
+ Fabio's ASN1/DER parser.
+
+2001-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.c: more descriptive comments
+
+2001-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in: [no log message]
+
+2001-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_sb64.c, lib/crypt.c, lib/crypt_bcrypt.c,
+ lib/crypt_bcrypt.h, lib/crypt_srpsha1.c, lib/gnutls_srp.c,
+ src/crypt.c: bugfixes in sbase64 decoding/encoding. Changes in the
+ included bcrypt algorithm.
+
+2001-06-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_srp_passwd.h, lib/auth_srp_sb64.c,
+ lib/cert_b64.h, lib/cert_sb64.c, lib/crypt_bcrypt.c,
+ lib/crypt_srpsha1.c: renamed cert_sb64.c to auth_srp_sb64.c (since
+ it is only used in SRP KX)
+
+2001-06-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, acinclude.m4, configure.in: [no log message]
+
+2001-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in: updated
+
+2001-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h, lib/gnutls.c, lib/gnutls_cipher.c,
+ lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_num.c,
+ lib/gnutls_num.h: better handling of 64bit integers
+
+2001-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypt_bcrypt.c, lib/crypt_srpsha1.c: better checking of return
+ value of rindex
+
+2001-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: updated to new api
+
+2001-06-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls.h.in, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_priority.h,
+ src/Makefile.am: updated documentation and functions
+
+2001-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, lib/crypt.c, lib/defines.h, lib/ext_srp.c,
+ lib/gnutls.c, lib/gnutls.h.in, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_num.c, lib/gnutls_num.h,
+ lib/gnutls_srp.c, src/prime.c, src/tpasswd: gnutls now handles
+ uint64 even in systems without a native one. several bug fixes.
+
+2001-06-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypt_bcrypt.c, lib/crypt_srpsha1.c: corrected bug in verify
+
+2001-05-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf, configure.in, lib/gnutls.h.in: updated configuration
+ scripts to comply to autoconf 2.50
+
+2001-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2001-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/scripts/gdoc: gdoc is now included in the cvs
+
+2001-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/Makefile.am: [no log message]
+
+2001-05-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, doc/Makefile.am, doc/TODO, lib/gnutls.c,
+ lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_auth.c,
+ lib/gnutls_auth_int.h, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_db.c, lib/gnutls_errors.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_plaintext.c,
+ lib/gnutls_plaintext.h, lib/gnutls_priority.c,
+ lib/gnutls_session.c, src/cli.c, src/serv.c: updated API and
+ documentation. Now we use the gnome way for creating API docs.
+
+2001-05-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-05-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/README.crypt: [no log message]
+
+2001-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.h.in: [no log message]
+
+2001-05-27 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/README: [no log message]
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c: some cleanups in Diffie Hellman key exchange
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/auth_anon.c, lib/auth_anon.h, lib/auth_dhe_dss.c,
+ lib/auth_dhe_dss.h, lib/cert_b64.c, lib/cert_sb64.c,
+ lib/gnutls_algorithms.c, lib/gnutls_auth.c, lib/gnutls_dh.c,
+ lib/gnutls_dh.h, lib/gnutls_int.h, lib/gnutls_srp.c: removed
+ DHE_DSS. Added parameters to DH_ANON (size of prime). cleanups.
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/prime.c, src/serv.c: several updates
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_passwd.c, lib/cert_sb64.c, lib/crypt_bcrypt.c,
+ lib/crypt_srpsha1.c, lib/gnutls_int.h, src/crypt.c: Added decoding
+ function for the base64 encoding used in SRP. (this function is
+ more strict in characters than the previous one)
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_b64.c: corrected memory leaks
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe_dss.c, lib/auth_srp.c,
+ lib/gnutls.c, lib/gnutls_extensions.c, lib/gnutls_handshake.c,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_v2_compat.c: several
+ cleanups in numbers' handling
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am: [no log message]
+
+2001-05-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_num.c, lib/gnutls_num.h, src/.cvsignore: updated uint24
+ functions.
+
+2001-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe_dss.c, lib/auth_srp.c,
+ lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_v2_compat.c: Cleanups
+ in endian handling (convertions).
+
+2001-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c: several bug fixes
+
+2001-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API: updated documentation
+
+2001-05-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: updated
+
+2001-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API: updated
+
+2001-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: [no log message]
+
+2001-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, configure.in, doc/API, lib/gnutls.c, lib/gnutls_errors.c,
+ lib/gnutls_errors_int.h, lib/gnutls_handshake.c, src/cli.c: [no log
+ message]
+
+2001-05-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c: sets the resumed_security_parameters to null
+ after initialization
+
+2001-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/API: [no log message]
+
+2001-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: updated to new api
+
+2001-05-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls.h.in, lib/gnutls_db.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h:
+ Updated API (gnutls_deinit()) gnutls_db: does not store anything if
+ db has not been opened for reading. Added some kind of support for
+ renegotiation of parameters.
+
+2001-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h.in, lib/gnutls_algorithms.c, lib/gnutls_handshake.h:
+ cleanups
+
+2001-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h, lib/gnutls.c, lib/gnutls_db.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_session.c:
+ cleanups and several fixes(and speedups) in the resume DB
+
+2001-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: updated client and servers
+
+2001-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: cleanups
+
+2001-05-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2001-05-20 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/gnutls.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_dh.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_priority.c, lib/gnutls_priority.h,
+ src/cli.c, src/serv.c: Changed gnutls_set_*_priority functions.
+
+2001-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/crypt-gaa.c, src/crypt-gaa.h, src/crypt.c,
+ src/gaa.h, src/gaaout.c, src/prime-gaa.c, src/prime-gaa.h,
+ src/prime.c, src/prime.gaa, src/tpasswd, src/tpasswd.conf: [no log
+ message]
+
+2001-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/crypt.c: updated
+
+2001-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_errors.c, lib/gnutls_errors_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_srp.c, lib/gnutls_srp.h: [no log
+ message]
+
+2001-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_sb64.c: bugfixes
+
+2001-05-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/crypt.c, src/crypt.gaa, src/gaa.h, src/gaaout.c,
+ src/tpasswd, src/tpasswd.conf: added option to generate random
+ primes (instead of using a default). Added option to specify a
+ specific prime to use (index)
+
+2001-05-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-05-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/README.autoconf, lib/libgnutls-config.in: [no
+ log message]
+
+2001-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/libgnutls.m4: updated
+
+2001-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.c, lib/libgnutls.m4: corrected scripts
+
+2001-05-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, acinclude.m4, changelog-update.sh, configure.in,
+ lib/Makefile.am, lib/gnutls.c, lib/gnutls.h, lib/gnutls.h.in,
+ lib/gnutls_auth.c, lib/gnutls_errors.h, lib/gnutls_errors_int.h,
+ lib/libgnutls-config.in, lib/libgnutls.m4, src/Makefile.am,
+ src/serv.c: Added libgnutls-config script gnutls.h is automaticaly
+ generated by configure script Added libgnutls.m4
+
+2001-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * changelog-update.sh: [no log message]
+
+2001-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2001-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_srp.c: Added missing length in username.
+
+2001-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/API, lib/auth_anon.c, lib/auth_dhe_dss.c,
+ lib/auth_srp.c, lib/auth_srp.h, lib/ext_srp.c, lib/gnutls.c,
+ lib/gnutls.h, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
+ lib/gnutls_cipher.c, lib/gnutls_db.c, lib/gnutls_int.h,
+ lib/gnutls_session.c, lib/gnutls_session.h, src/cli.c, src/serv.c:
+ added functions to access authentication data (like username), and
+ the key exchange algorithm used.
+
+2001-05-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/API, lib/gnutls_db.c: [no log message]
+
+2001-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_sb64.c: cleanups
+
+2001-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls_db.c: clean_db() now clears expired entries
+ only
+
+2001-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/tpasswd, src/tpasswd.conf: example tpasswd files.
+
+2001-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp_passwd.c, lib/cert_sb64.c, lib/gnutls_int.h,
+ src/crypt.c: minor updates and fixes
+
+2001-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/TODO: [no log message]
+
+2001-05-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_srp.c, lib/auth_srp_passwd.c,
+ lib/auth_srp_passwd.h, lib/crypt.c, lib/crypt.h,
+ lib/crypt_bcrypt.c, lib/crypt_bcrypt.h, lib/crypt_srpsha1.c,
+ lib/crypt_srpsha1.h, lib/gnutls.h, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, src/Makefile.am, src/README.crypt, src/cli.c,
+ src/crypt.c, src/crypt.gaa, src/gaa.h, src/gaaout.c, src/serv.c:
+ Added compatibility with Tom Wu's libsrp's password files.
+
+2001-05-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_sb64.c: [no log message]
+
+2001-05-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/auth_srp.c, lib/auth_srp.h,
+ lib/auth_srp_passwd.c, lib/cert_b64.c, lib/cert_b64.h, lib/debug.c,
+ lib/gnutls.h, lib/gnutls_int.h, lib/gnutls_srp.c, src/port.h,
+ src/serv.c: added support for Tom Wu's srp library tpasswd and
+ tpasswd.conf files.
+
+2001-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-05-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.c, lib/gnutls_int.h: fixes in memory
+ allocation
+
+2001-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_buffers.c, lib/gnutls_db.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h: corrected memory leaks
+
+2001-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/Makefile.am: [no log message]
+
+2001-05-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/gnutls.h, lib/gnutls_auth.c, lib/gnutls_auth_int.h,
+ src/cli.c, src/serv.c: credentials are now kept globaly (in order to
+ minimize memory usage). This makes no harm since these are never
+ modified by gnutls.
+
+2001-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/gnutls.h: [no log message]
+
+2001-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: [no log message]
+
+2001-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: updated TODO list
+
+2001-05-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/auth_srp_passwd.c, lib/cert_b64.c,
+ lib/crypt_bcrypt.c, lib/crypt_srpsha1.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_srp.c, lib/gnutls_srp.h, src/cli.c,
+ src/serv.c: several fixes for srp. Seems to work now!
+
+2001-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_v2_compat.c: better version handling
+
+2001-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, doc/TODO, lib/Makefile.am, lib/gnutls.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_v2_compat.c,
+ lib/gnutls_v2_compat.h, src/cli.c: added support for SSL 2.0 client
+ hello
+
+2001-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/auth_srp.c, lib/auth_srp_passwd.c,
+ lib/ext_srp.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_srp.c, src/cli.c, src/serv.c: several fixes for srp
+
+2001-05-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/auth_srp.c, lib/auth_srp_passwd.c, lib/ext_srp.c,
+ lib/gnutls_auth.c, lib/gnutls_auth_int.h, lib/gnutls_handshake.c:
+ gnutls_get_kx_cred() now returns err value. set_kx_cred() now
+ accepts size.
+
+2001-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am: added missing gaa.h
+
+2001-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_srp.c: some modulo fixes
+
+2001-05-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/auth_srp_passwd.c, lib/auth_srp_passwd.h,
+ lib/ext_srp.c, lib/gnutls_srp.c, lib/gnutls_srp.h: more srp related
+ fixes. No longer fails authentication if wrong username is provided.
+
+2001-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/crypt.c, lib/crypt_bcrypt.c,
+ lib/crypt_bcrypt.h, lib/crypt_srpsha1.c, lib/gnutls.h,
+ lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_int.h, lib/gnutls_srp.c, lib/gnutls_srp.h: some hacks in
+ order to exchange the algorithm used to hash the password...
+
+2001-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/gnutls_srp.c, lib/gnutls_srp.h: cleanups for
+ srp. Most mpi code has moved to gnutls_srp.c
+
+2001-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/.cvsignore: [no log message]
+
+2001-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/ext_srp.c, lib/gnutls_int.h: more srp related
+ fixes
+
+2001-05-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/gnutls.h, lib/gnutls_algorithms.c,
+ lib/gnutls_auth_int.h, lib/gnutls_extensions.c,
+ lib/gnutls_handshake.c: some fixes - srp related
+
+2001-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c: [no log message]
+
+2001-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_srp.c, lib/auth_srp.h, lib/auth_srp_passwd.c,
+ lib/auth_srp_passwd.h: more srp stuff
+
+2001-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/crypt_bcrypt.c, lib/crypt_srpsha1.c,
+ lib/ext_srp.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
+ lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_auth_int.h,
+ lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_int.h, lib/gnutls_kx.c, lib/gnutls_srp.c,
+ lib/gnutls_srp.h, src/crypt.c: more additions for SRP
+
+2001-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/crypt.c: fixed default case when no -s was specified
+
+2001-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/cert_b64.h, lib/crypt.c, lib/crypt_bcrypt.c,
+ lib/crypt_srpsha1.c, lib/crypt_srpsha1.h, lib/gnutls.h,
+ lib/gnutls_dh.c, lib/gnutls_srp.c, lib/gnutls_srp.h, src/crypt.c,
+ src/crypt.gaa, src/gaa.h, src/gaaout.c: More adds for SRP - SRPSHA1
+ and bcrypt
+
+2001-05-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_b64.c: corrected bug in decoding function
+
+2001-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/crypt_bcrypt.h: for bcrypt support
+
+2001-05-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, configure.in, lib/Makefile.am, lib/cert_b64.c,
+ lib/crypt.c, lib/crypt_bcrypt.c, lib/defines.h, lib/gnutls.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher_int.h,
+ lib/gnutls_handshake.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_random.c, lib/gnutls_random.h, src/Makefile.am,
+ src/crypt.c, src/crypt.gaa, src/gaa.h, src/gaaout.c: Changes in
+ random number handling. Added bcrypt (for use with SRP). Added test
+ program crypt for creating bcrypt passwd files.
+
+2001-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/Makefile.am, lib/gnutls.c, lib/gnutls.h,
+ lib/gnutls_auth.c, lib/gnutls_auth.h, lib/gnutls_auth_int.h,
+ lib/gnutls_int.h: added support for setting authentication
+ algorithms' credentials
+
+2001-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_kx.c: cleanups... and more
+ modular design.
+
+2001-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsignore: [no log message]
+
+2001-05-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/auth_anon.c, lib/auth_dhe_dss.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_auth.h, lib/gnutls_handshake.c,
+ lib/gnutls_kx.c, lib/gnutls_kx.h: Added client kx0 and server kx2 in
+ order to be used with SRP
+
+2001-05-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf: updated
+
+2001-03-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/ssl-2.txt: added SSL v2 spec
+
+2001-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_extensions.c: in case there are no extensions ext_gen()
+ does not return anything (NULL);
+
+2001-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.h, lib/gnutls.c, lib/gnutls_algorithms.c,
+ lib/gnutls_handshake.c: more cleanups
+
+2001-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/ext_srp.c, lib/gnutls_extensions.c: send extensions feature
+ was added.
+
+2001-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/auth_anon.c, lib/auth_dhe_dss.c, lib/debug.c,
+ lib/gnutls_buffers.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, src/serv.c: several bugfixes and cleanups
+
+2001-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/ext_srp.c, lib/ext_srp.h,
+ lib/gnutls_extensions.c, lib/gnutls_extensions.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: Added some preliminary
+ support for TLS extensions;
+
+2001-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: updated todo list
+
+2001-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/rfc2945.txt: added RFC for srp protocol
+
+2001-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: updated with new files
+
+2001-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/auth_anon.c, lib/auth_anon.h,
+ lib/auth_dhe_dss.c, lib/auth_dhe_dss.h, lib/gnutls_anon.c,
+ lib/gnutls_anon.h, lib/gnutls_dhe_dss.c, lib/gnutls_dhe_dss.h: moved
+ gnutls_anon and gnutls_dhe_dss to auth_*
+
+2001-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-srp-00.txt: added srp draft
+
+2001-03-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_anon.c, lib/gnutls_anon.h,
+ lib/gnutls_auth.h, lib/gnutls_dhe_dss.c, lib/gnutls_dhe_dss.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c: Key
+ exchange (authentication) algorithms were reorganized, and now are
+ more modular. Most changes however are not much tested and only
+ anonymous authentication is currently used.
+
+2001-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_der.c: updated some functionality - no longer uses
+ stdin
+
+2001-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * THANKS: added Tarun
+
+2001-02-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: corrected bug with dmalloc mode
+
+2001-02-04 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: [no log message]
+
+2001-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/protocol/draft-ietf-tls-kerb-00.txt: added kerberos
+ ciphersuites
+
+2001-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_plaintext.c:
+ TLS version handling is now more simple (no structures)
+
+2001-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c: corrected
+ rijndael256
+
+2001-02-03 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_db.c, lib/gnutls_int.h: added rijndael-256 as described
+ in draft-ietf-tls-ciphersuite-03
+
+2001-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c: comments are now more clear
+
+2001-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c: gnutls_send_int() no longer
+ sends the packets with 2 Write() calls. One Write() call is enough
+ for everybody!
+
+2001-02-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/draft-ietf-tls-camellia-00.txt,
+ doc/draft-ietf-tls-ciphersuite-02.txt,
+ doc/draft-ietf-tls-https-04.txt, doc/draft-ietf-tls-misty1-00.txt,
+ doc/draft-ietf-tls-openpgp-00.txt,
+ doc/draft-ietf-tls-seedhas-00.txt,
+ doc/draft-ietf-tls-wireless-00.txt,
+ doc/draft-ietf-tn3270e-telnet-tls-05.txt,
+ doc/protocol/draft-ietf-pkix-ac509prof-05.txt,
+ doc/protocol/draft-ietf-tls-camellia-00.txt,
+ doc/protocol/draft-ietf-tls-ciphersuite-03.txt,
+ doc/protocol/draft-ietf-tls-https-04.txt,
+ doc/protocol/draft-ietf-tls-misty1-00.txt,
+ doc/protocol/draft-ietf-tls-openpgp-00.txt,
+ doc/protocol/draft-ietf-tls-seedhas-00.txt,
+ doc/protocol/draft-ietf-tls-wireless-00.txt,
+ doc/protocol/draft-ietf-tn3270e-telnet-tls-05.txt,
+ doc/protocol/rfc1422.txt, doc/protocol/rfc1423.txt,
+ doc/protocol/rfc2246.txt, doc/protocol/rfc2279.txt,
+ doc/protocol/rfc2459.txt, doc/protocol/rfc2818.txt,
+ doc/protocol/ssl-draft302.txt, doc/rfc1422.txt, doc/rfc1423.txt,
+ doc/rfc2246.txt, doc/rfc2459.txt, doc/rfc2818.txt,
+ doc/ssl-draft302.txt: drafts and rfcs were moved to protocol/
+ directory
+
+2001-01-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: updated
+
+2001-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.h, lib/defines.h, lib/gnutls_algorithms.h,
+ lib/gnutls_buffers.h, lib/gnutls_cipher.h, lib/gnutls_cipher_int.h,
+ lib/gnutls_compress.h, lib/gnutls_compress_int.h, lib/gnutls_db.h,
+ lib/gnutls_dh.h, lib/gnutls_errors.h, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h, lib/gnutls_kx.h,
+ lib/gnutls_num.h, lib/gnutls_plaintext.h, lib/gnutls_priority.h,
+ lib/gnutls_session.h: added copyright notice
+
+2001-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_cipher.h: removed
+ large buffer
+
+2001-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, README, configure.in, src/cli.c, src/port.h: [no log
+ message]
+
+2001-01-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/cert_der.asn1, lib/gnutls_cert.lex: removed
+ unneeded files
+
+2001-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: corrected wrong buffer size
+
+2001-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am: [no log message]
+
+2001-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_cipher.h: changes in
+ gnutls_encrypt()
+
+2001-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_int.h: tls packets are now send using one
+ write(that way ssldump understands us)
+
+2001-01-25 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: updated todo list
+
+2001-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_b64.c: corrected license
+
+2001-01-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_der.asn1: added asn1 rules for snacc (DER extended)
+ compiler
+
+2001-01-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/draft-ietf-tls-wireless-00.txt: added draft-ietf-tls-wireless
+
+2001-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS: updated authors - tarun left
+
+2001-01-16 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: updated todo list
+
+2001-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: removed time_t declarations. We need
+ exactly 32 bits.
+
+2001-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_der.h: corrected typo
+
+2001-01-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/cert_b64.c: added some support for pem encoded x509
+ certificates
+
+2001-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: session gets deleted from the db if it is not
+ resumable
+
+2001-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_db.c, lib/gnutls_db.h: added db files
+
+2001-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: more fixes
+
+2001-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, src/cli.c: fixes for release
+
+2001-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acinclude.m4: added hooks for new libgcrypt
+
+2001-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/API, lib/Makefile.am, lib/gnutls.c,
+ lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_session.c,
+ src/Makefile.am, src/cli.c, src/port.h, src/serv.c: added server
+ side session resuming (using gdbm)
+
+2001-01-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * acconfig.h, configure.in, lib/gnutls_dh.c, lib/gnutls_int.h,
+ src/Makefile.am: added hooks for dmalloc
+
+2001-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli.c, src/serv.c: corrected client/server
+
+2001-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls.c, lib/gnutls.h,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: corrected buffer overruns
+
+2001-01-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/rfc1423.txt: [no log message]
+
+2001-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/rfc1422.txt: added PEM rfc
+
+2001-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: corrected return value
+
+2001-01-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: added a check in read return value
+
+2000-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_compress_int.c: more checks for zlib
+
+2000-12-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API: [no log message]
+
+2000-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/gnutls.c, lib/gnutls.h, lib/gnutls_int.h: added a
+ function to control the lowat size (the RCVLOWAT in socket)
+
+2000-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am: removed file
+
+2000-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, configure.in, doc/API, doc/TODO, lib/gnutls.c,
+ lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_buffers.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, src/cli.c, src/port.h, src/serv.c: added some
+ support for non blocking IO and socket flags. Some function names
+ have been changed.
+
+2000-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: qsort seems to work now
+
+2000-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_compress_int.c: added check for zlib.h
+
+2000-12-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c: updated sorting algorithm - it was a mess
+ - it is more than a mess now
+
+2000-12-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/API, doc/TODO, lib/gnutls.c, lib/gnutls.h,
+ lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_compress_int.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, src/cli.c, src/port.h,
+ src/serv.c: some minor updates
+
+2000-12-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: added a better(?) - not sure - xor function.
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.h: added missing file
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: added option for profiling
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_handshake.c, lib/gnutls_kx.c: improved some things found
+ from gcov
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_int.h: improved peek data handling - now
+ keeps only 1 byte in kernel buffer
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/.cvsignore, lib/gnutls.c: more changes
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: removed debug definitions
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS, lib/Makefile.am, lib/debug.h, lib/gnutls.c,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_errors.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ src/cli.c, src/serv.c: cleanups for gcc -Wall
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/HACKING: removed file. replaced by API
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, lib/gnutls.c, lib/gnutls.h, lib/gnutls_buffers.c,
+ lib/gnutls_int.h, lib/gnutls_session.c, src/cli.c: added some new
+ functions in the API. documentation updated.
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, doc/TODO: updated documentation
+
+2000-12-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: corrected peek data handling
+
+2000-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/TODO, lib/defines.h, lib/gnutls.c,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_int.h,
+ src/cli.c: used MSG_PEEK flag in recv in order to used gnutls_recv()
+ with select(). This change will order select to treat the socket as
+ read even if we have read and localy buffered all data - but the
+ user hasn't call gnutls_recv() to get that data.
+
+2000-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c: [no log message]
+
+2000-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/serv.c: updated client
+
+2000-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/gnutls.c, lib/gnutls_buffers.c,
+ lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_int.h:
+ changes in close notify- alert handling
+
+2000-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_compress_int.c: changes in compression handling
+
+2000-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * NEWS: [no log message]
+
+2000-12-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : moved to r2
+
+2000-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_session.c, lib/gnutls_session.h: added support for
+ session resuming
+
+2000-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls.c, lib/gnutls.h, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h:
+ added some support for session resuming (in client) It does not seem
+ to work yet
+
+2000-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/gnutls.h, lib/gnutls_cipher.c, lib/gnutls_int.h:
+ removed all things about exportable algorithms
+
+2000-12-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: gnutls_handshake was broken to
+ gnutls_handshake_begin and gnutls_handshake_finish. This will help
+ the use of certificate API to check received certificates
+
+2000-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: added a warning if zlib was not found
+
+2000-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: Added default algorithm priorities so it can work
+ even if the user hasn't specified any
+
+2000-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_compress_int.c, lib/gnutls_compress_int.h: added
+ compression (ZLIB)
+
+2000-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsignore, configure.in, lib/Makefile.am, lib/gnutls.c,
+ lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cipher.c, lib/gnutls_compress.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_priority.c, src/cli.c, src/port.h, src/serv.c: Added
+ compression support (ZLIB)
+
+2000-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, src/cli.c, src/port.h: SSL3 support was added
+
+2000-12-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: major cleanups
+
+2000-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_buffers.c, lib/gnutls_buffers.h,
+ lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_hash_int.c,
+ lib/gnutls_hash_int.h, lib/gnutls_int.h: more ssl3 fixes
+
+2000-12-06 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher_int.c, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c: A lot of fixes for SSL3
+
+2000-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am: added API
+
+2000-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/API, doc/TODO: documentation update
+
+2000-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_priority.c, src/cli.c, src/serv.c:
+ Bugfixes mainly for the priority (which was moved to the state)
+
+2000-12-05 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c, lib/gnutls_priority.c: Priorities were moved to the
+ state (were global)
+
+2000-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.c, lib/gnutls_cipher.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h:
+ added ssl3 key generation function - more fixes in ssl3 mac
+
+2000-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: more bugfixes
+
+2000-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c: corrected nasty bugs
+
+2000-11-22 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: added support for
+ the MAC used in SSLv3
+
+2000-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: updated readme
+
+2000-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: removed unneeded check
+
+2000-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/ssl3-vs-tls: cleanups
+
+2000-11-19 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: updated todo
+
+2000-11-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher_int.c: added ARCFOUR support when using gcrypt
+
+2000-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/draft-ietf-tls-ciphersuite-01.txt: removed old draft
+
+2000-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/draft-ietf-tls-ciphersuite-02.txt, lib/gnutls_algorithms.c:
+ added the new tls-ciphersuite draft, and the ciphersuite
+ TLS_DH_anon_RIJNDAEL_CBC_SHA
+
+2000-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/gnutls.c, lib/gnutls.h,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cipher.c, lib/gnutls_cipher.h, lib/gnutls_cipher_int.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h: several cleanups in order to support ssl3
+
+2000-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * : Moving to release 2
+
+2000-11-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/ssl3-vs-tls: added
+
+2000-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: updated for mhash
+
+2000-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: updated todo
+
+2000-11-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/debug.h, lib/gnutls.c, lib/gnutls.h,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cipher.c, lib/gnutls_dh.c, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c: added some support for ssl3 (with mhash only)
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/rfc2818.txt, doc/ssl-draft302.txt: more drafs added
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/draft-ietf-tls-camellia-00.txt,
+ doc/draft-ietf-tls-https-04.txt, doc/draft-ietf-tls-misty1-00.txt,
+ doc/draft-ietf-tls-seedhas-00.txt,
+ doc/draft-ietf-tn3270e-telnet-tls-05.txt: added more draft's
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_der.c: removed main()
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: updated todo list
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.h, lib/gnutls_algorithms.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_int.h: added preliminary support for AES (rijndael)
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/draft-ietf-tls-openpgp-00.txt: added
+ draft-ietf-tls-openpgp-00.txt
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am, doc/draft-ietf-tls-ciphersuite-01.txt: added
+ draft-ietf-tls-ciphersuite-01.txt
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher_int.c: fix for DES in mcrypt
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c: fixes for the server... and
+ change_cipher_spec type packet.
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
+ lib/gnutls_cipher.c, lib/gnutls_int.h: Changes in the client in
+ order to interoperate with an openssl server.
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, acconfig.h, configure.in, lib/gnutls_algorithms.c,
+ lib/gnutls_cipher.c, lib/gnutls_cipher_int.c,
+ lib/gnutls_cipher_int.h, lib/gnutls_hash_int.c, lib/gnutls_int.h:
+ added hooks for both mhash and mcrypt
+
+2000-11-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h, lib/gnutls_int.h:
+ clean-ups
+
+2000-11-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_int.h:
+ corrected bugs in hmac and more.
+
+2000-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: corrected problem in our PRF function
+
+2000-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: removed mhash definitions
+
+2000-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_hash_int.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c: more fixes
+
+2000-11-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls.c, lib/gnutls_cipher.c,
+ lib/gnutls_hash_int.c, lib/gnutls_kx.c: minor fixes and cleanups
+
+2000-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c: more fixes...
+
+2000-11-02 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO, lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c: more fixes and bugs introduced
+
+2000-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_kx.c: cvs should stop messing with MY files
+
+2000-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_kx.c: [no log message]
+
+2000-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_algorithms.c, lib/gnutls_dh.c,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
+ lib/gnutls_kx.c, lib/gnutls_kx.h, src/cli.c, src/port.h: Some more
+ fixes and additions in order to interoperate with openssl
+
+2000-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/TODO: added a small todo list
+
+2000-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: memory leaks and overruns eliminated
+
+2000-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_handshake.c: corrected bug which made us to send the
+ double bytes of ciphersuites we had.
+
+2000-11-01 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h, lib/gnutls.c, lib/gnutls_algorithms.c,
+ lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c: added some preliminary support for DHE_DSS and
+ DHE_RSA algorithms... of course not certificates are used
+
+2000-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: some need gcry_ functions added. (for malloc etc)
+
+2000-10-31 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/HACKING, lib/defines.h, lib/gnutls.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, src/port.h, src/serv.c:
+ added assert() and some bug fixes
+
+2000-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/HACKING: some kind of updates
+
+2000-10-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_algorithms.h, lib/gnutls_handshake.c,
+ lib/gnutls_hash_int.c, lib/gnutls_int.h, lib/gnutls_kx.c: added
+ ability to receive certificates...
+
+2000-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, doc/HACKING: [no log message]
+
+2000-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/README.der: added Tarun's README.der
+
+2000-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher_int.c, lib/gnutls_cipher_int.h: added missing
+ files. They are to handle foreign encryption functions
+
+2000-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls_der.c, lib/gnutls_der.h: Added Tarun's
+ files
+
+2000-10-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, configure.in, lib/gnutls_cert.lex, src/Makefile.am,
+ src/cli.c: added a DER parser from Tarun and updated authors
+
+2000-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/Makefile.am: changed in order for rfc's to be included in the
+ distribution
+
+2000-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, acinclude.m4, configure.in: added checks for gcrypt
+
+2000-10-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/rfc2246.txt, doc/rfc2459.txt: Added rfc's which refer to what
+ we are implementing
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c: corrected bug which made gnutls to wait for a second
+ closure alert after having received the first.
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/serv.c: [no log message]
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore, lib/Makefile.am, lib/gnutls.c,
+ lib/gnutls_cipher.c, lib/gnutls_dh.c, lib/gnutls_handshake.c,
+ lib/gnutls_hash.c, lib/gnutls_hash.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c: The encryption api was fixed and gnutls_cipher.c
+ was cleaned up a bit.
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash_int.c, lib/gnutls_hash_int.h: there files were
+ renamed
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore, src/.cvsignore: corrected cvsignore files
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/.cvsignore: [no log message]
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, configure.in, src/Makefile.am: removed mhash support and
+ some changes in the docs
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_hash.c: bugfixes in gcrypt md functions handling
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls.c, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_hash.c, lib/gnutls_hash.h,
+ lib/gnutls_int.h: Added support for the gcrypt hash and hmac
+ functions. Mhash support is almost removed.
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c, lib/gnutls_dh.h, lib/gnutls_kx.c: corrected the
+ problem with the double underscore
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * .cvsignore, doc/.cvsignore, lib/.cvsignore, src/.cvsignore: added
+ .cvsignore files
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: updated version number
+
+2000-10-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_dh.c, lib/gnutls_kx.c: removed double underscores
+
+2000-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: added some needed stuff
+
+2000-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/HACKING: outdated
+
+2000-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_priority.c: the file that handles some of the priority
+ stuff (most of the API things)
+
+2000-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/defines.h, lib/gnutls.h,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cipher.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, src/cli.c, src/port.h, src/serv.c: Added support
+ for priorities. Some function names were renamed to be more
+ rational.
+
+2000-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_algorithms.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_kx.c: some fixes in the comments, and
+ replaced KX_* with GNUTLS_KX_*
+
+2000-10-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_kx.c: more inline documentation
+
+2000-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS: added my name
+
+2000-10-07 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cipher.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_kx.c: Added some kind of priorities for algorithms. Still
+ experimental.
+
+2000-05-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h, src/cli.c, src/port.h, src/serv.c: Improved
+ client/server examples.
+
+2000-04-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_int.h: removed an unneeded variable.
+
+2000-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/gnutls.c, lib/gnutls.h, lib/gnutls_algorithms.c,
+ lib/gnutls_buffers.c, lib/gnutls_cipher.c, lib/gnutls_compress.c,
+ lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_handshake.c,
+ lib/gnutls_kx.c, lib/gnutls_num.c, lib/gnutls_plaintext.c,
+ src/cli.c, src/serv.c: Added copyright notices.
+
+2000-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ src/Makefile.am, src/port.h: [no log message]
+
+2000-04-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/defines.h, lib/gnutls.c, lib/gnutls_algorithms.c,
+ lib/gnutls_algorithms.h, lib/gnutls_cipher.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, src/Makefile.am: Better
+ mac algorithms handling.
+
+2000-04-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/HACKING, lib/defines.h, lib/gnutls.c,
+ lib/gnutls_algorithms.h, lib/gnutls_buffers.c,
+ lib/gnutls_buffers.h, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_handshake.h, lib/gnutls_int.h, lib/gnutls_kx.c,
+ src/Makefile.am, src/port.h: Changes in handshake messages handling.
+
+2000-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_int.h: [no log message]
+
+2000-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c: [no log message]
+
+2000-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_dh.c,
+ lib/gnutls_handshake.c, lib/gnutls_int.h, lib/gnutls_kx.c,
+ lib/gnutls_plaintext.c, lib/gnutls_plaintext.h, src/Makefile.am,
+ src/port.h: Corrected bug in gnutls_cipher.c that caused the library
+ to fail in certain (random) situations.
+
+2000-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_kx.c, src/serv.c: Better memory allocation in key
+ exchange.
+
+2000-04-12 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_handshake.c, lib/gnutls_int.h,
+ lib/gnutls_kx.c, src/cli.c, src/port.h: Some changes in peer's
+ version checks.
+
+2000-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_cipher.c, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, src/port.h: Corrected bugs in MAC calculation.
+
+2000-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls_cipher.c, lib/gnutls_errors.h, lib/gnutls_handshake.c:
+ Corrected bugs when setting cipher and mac.
+
+2000-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/Makefile.am, lib/gnutls.c, lib/gnutls.h, lib/gnutls_errors.c,
+ lib/gnutls_errors.h, lib/gnutls_handshake.c, lib/gnutls_kx.c,
+ lib/gnutls_kx.h, src/serv.c: Better error control. Moved key
+ exchange functions to gnutls_kx.c/h
+
+2000-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README: [no log message]
+
+2000-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_handshake.c, src/port.h: [no log message]
+
+2000-04-11 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/gnutls.c, lib/gnutls_handshake.c, src/port.h: [no log message]
+
+2000-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/debug.h, lib/gnutls_dh.c,
+ lib/gnutls_handshake.c, src/port.h: Bugfixes in the diffie hellman.
+
+2000-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * lib/debug.c, lib/defines.h, lib/gnutls.c,
+ lib/gnutls_algorithms.c, lib/gnutls_buffers.c, lib/gnutls_cipher.c,
+ lib/gnutls_compress.c, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_errors.c, lib/gnutls_errors.h, lib/gnutls_handshake.c,
+ lib/gnutls_int.h, lib/gnutls_num.c, lib/gnutls_plaintext.c,
+ src/port.h: Added anonymous diffie-hellman key exchange. It does not
+ work yet, and the whole code is mess.
+
+2000-04-10 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, lib/Makefile.am, lib/gnutls.c,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_cipher.c, lib/gnutls_dh.c, lib/gnutls_dh.h,
+ lib/gnutls_handshake.c, lib/gnutls_int.h: Added the basics for key
+ exchange.
+
+2000-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * COPYING: Added ChangeLog and COPYING.
+
+2000-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, src/cli.c, src/serv.c: [no log message]
+
+2000-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * Makefile.am, doc/Makefile.am, lib/Makefile.am, lib/debug.c,
+ lib/debug.h, lib/defines.h, lib/gnutls.c, lib/gnutls.h,
+ lib/gnutls_algorithms.c, lib/gnutls_algorithms.h,
+ lib/gnutls_buffers.c, lib/gnutls_buffers.h, lib/gnutls_cipher.c,
+ lib/gnutls_cipher.h, lib/gnutls_compress.c, lib/gnutls_compress.h,
+ lib/gnutls_dh.c, lib/gnutls_errors.c, lib/gnutls_errors.h,
+ lib/gnutls_handshake.c, lib/gnutls_handshake.h, lib/gnutls_int.h,
+ lib/gnutls_num.c, lib/gnutls_num.h, lib/gnutls_plaintext.c,
+ lib/gnutls_plaintext.h, src/Makefile.am, src/debug.c, src/debug.h,
+ src/defines.h, src/gnutls.c, src/gnutls.h, src/gnutls_algorithms.c,
+ src/gnutls_algorithms.h, src/gnutls_buffers.c,
+ src/gnutls_buffers.h, src/gnutls_cipher.c, src/gnutls_cipher.h,
+ src/gnutls_compress.c, src/gnutls_compress.h, src/gnutls_dh.c,
+ src/gnutls_errors.c, src/gnutls_errors.h, src/gnutls_handshake.c,
+ src/gnutls_handshake.h, src/gnutls_int.h, src/gnutls_num.c,
+ src/gnutls_num.h, src/gnutls_plaintext.c, src/gnutls_plaintext.h:
+ Changed directory structure.
+
+2000-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: corrected configure script
+
+2000-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in: [no log message]
+
+2000-04-09 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls_handshake.c, src/gnutls_handshake.h,
+ src/gnutls_int.h, src/port.h: corrected bugs in handshake.
+
+2000-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls_algorithms.c, src/gnutls_algorithms.h,
+ src/gnutls_cipher.c, src/gnutls_handshake.c,
+ src/gnutls_handshake.h, src/gnutls_int.h: Added some basics for key
+ exchange.
+
+2000-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls_dh.c: I've add gnutls_dh.c but is not ready yet, I have
+ to eat something first:) It is taken from gsti.
+
+2000-04-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/debug.c, src/gnutls.c, src/gnutls_algorithms.c,
+ src/gnutls_buffers.c, src/gnutls_cipher.c, src/gnutls_compress.c,
+ src/gnutls_errors.c, src/gnutls_errors.h, src/gnutls_handshake.c,
+ src/gnutls_handshake.h, src/gnutls_int.h, src/gnutls_num.c,
+ src/gnutls_plaintext.c, src/port.h, src/serv.c: Handshake
+ implementation was improved. Still no key exchange algorithm.
+
+2000-03-30 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls_algorithms.c, src/gnutls_algorithms.h,
+ src/gnutls_cipher.c: Corrected bugs in gnutls_algorithms and added
+ _gnutls_get_iv_size().
+
+2000-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/gnutls_algorithms.c,
+ src/gnutls_algorithms.h, src/gnutls_cipher.c: Algorithms/Ciphers
+ interface has changes.
+
+2000-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/cli.c, src/gnutls.c, src/gnutls_buffers.c,
+ src/gnutls_errors.c, src/serv.c: The gnutls_recv() semantics were
+ changed. It may return less data than the specified. It operates
+ similar to read().
+
+2000-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls_handshake.c, src/gnutls_handshake.h,
+ src/port.h: Server now generates a session_id.
+
+2000-03-29 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli.c, src/gnutls.c, src/gnutls.h,
+ src/gnutls_errors.c, src/gnutls_errors.h, src/gnutls_num.c,
+ src/gnutls_num.h, src/port.h, src/serv.c: [no log message]
+
+2000-03-28 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli.c, src/gnutls.c, src/gnutls.h,
+ src/gnutls_buffers.c, src/gnutls_errors.h, src/gnutls_handshake.c,
+ src/gnutls_handshake.h, src/gnutls_int.h, src/serv.c: Corrected a
+ lot of bugs. Handshake protocol is ready to be coded.
+
+2000-03-26 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls.h, src/gnutls_buffers.c,
+ src/gnutls_buffers.h: Included a reliable version of read/write
+ (that read/write will return exactly the bytes specified).
+
+2000-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/cli.c, src/gnutls.c, src/gnutls.h,
+ src/gnutls_handshake.c, src/gnutls_handshake.h, src/serv.c,
+ src/test.c: [no log message]
+
+2000-03-24 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls_buffers.c, src/gnutls_buffers.h,
+ src/gnutls_handshake.c: [no log message]
+
+2000-03-23 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls_cipher.c, src/gnutls_handshake.c,
+ src/gnutls_int.h: Changes in the handshake.
+
+2000-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c: Some memory leaks were fixed.
+
+2000-03-18 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls.c, src/gnutls_cipher.c, src/gnutls_handshake.c,
+ src/gnutls_int.h: Corrected bug in the record protocol. Now it holds
+ 2 states, 1 for encryption and 1 for decryption
+ (mac/cipher/iv/compression).
+
+2000-03-17 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/defines.h, src/gnutls.c,
+ src/gnutls_handshake.c, src/gnutls_handshake.h, src/gnutls_int.h:
+ Added the client hello handshake message.
+
+2000-03-15 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * doc/HACKING: documentation.
+
+2000-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/gnutls_handshake.h, src/gnutls_record.h: Incorporated in
+ gnutls_int.h
+
+2000-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * src/Makefile.am, src/debug.c, src/gnutls.c, src/gnutls_buffers.c,
+ src/gnutls_buffers.h, src/gnutls_cipher.c, src/gnutls_compress.c,
+ src/gnutls_errors.h, src/gnutls_int.h, src/gnutls_plaintext.c:
+ gnutls_recv() can now receive fatal alerts and closure alerts.
+
+2000-03-14 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * README, src/Makefile.am, src/debug.c, src/gnutls.c, src/gnutls.h,
+ src/gnutls_buffers.c, src/gnutls_buffers.h, src/gnutls_cipher.c,
+ src/gnutls_compress.c, src/gnutls_errors.h, src/gnutls_handshake.h,
+ src/gnutls_int.h, src/gnutls_plaintext.c, src/gnutls_record.h,
+ src/test.c: In case of failure gnutls_recv, sends an alert message.
+ but, it still cannot receive any.
+
+2000-03-13 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * configure.in, src/Makefile.am, src/gnutls.c, src/gnutls.h,
+ src/gnutls_cipher.c, src/test.c: Added gnutls_recv... Works only for
+ application data, and it is not tested.
+
+2000-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * AUTHORS, Makefile.am, acconfig.h, buildconf, configure.in,
+ src/Makefile.am, src/debug.c, src/debug.h, src/defines.h,
+ src/gnutls.c, src/gnutls.h, src/gnutls_cipher.c,
+ src/gnutls_cipher.h, src/gnutls_compress.c, src/gnutls_compress.h,
+ src/gnutls_plaintext.c, src/gnutls_plaintext.h, src/test.c: [no log
+ message]
+
+2000-03-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
+
+ * buildconf: [no log message]
+
+2000-03-07 Werner Koch <wk@gnupg.org>
+
+ * Initialized repository for GNU TLS
+
+ -----
+
+ Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+ Foundation, Inc.
+
+ Copying and distribution of this file, with or without
+ modification, are permitted provided the copyright notice
+ and this notice are preserved.
--- /dev/null
+# Having a separate GNUmakefile lets me `include' the dynamically
+# generated rules created via cfg.mk (package-local configuration)
+# as well as maint.mk (generic maintainer rules).
+# This makefile is used only if you run GNU Make.
+# It is necessary if you want to build targets usually of interest
+# only to the maintainer.
+
+# Copyright (C) 2001, 2003, 2006-2011 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# Systems where /bin/sh is not the default shell need this. The $(shell)
+# command below won't work with e.g. stock DOS/Windows shells.
+ifeq ($(wildcard /bin/s[h]),/bin/sh)
+SHELL = /bin/sh
+else
+# will be used only with the next shell-test line, then overwritten
+# by a configured-in value
+SHELL = sh
+endif
+
+# If the user runs GNU make but has not yet run ./configure,
+# give them a diagnostic.
+_have-Makefile := $(shell test -f Makefile && echo yes)
+ifeq ($(_have-Makefile),yes)
+
+# Make tar archive easier to reproduce.
+export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner
+
+# Allow the user to add to this in the Makefile.
+ALL_RECURSIVE_TARGETS =
+
+include Makefile
+
+# Some projects override e.g., _autoreconf here.
+-include $(srcdir)/cfg.mk
+include $(srcdir)/maint.mk
+
+# Allow cfg.mk to override these.
+_build-aux ?= build-aux
+_autoreconf ?= autoreconf -v
+
+# Ensure that $(VERSION) is up to date for dist-related targets, but not
+# for others: rerunning autoreconf and recompiling everything isn't cheap.
+_have-git-version-gen := \
+ $(shell test -f $(srcdir)/$(_build-aux)/git-version-gen && echo yes)
+ifeq ($(_have-git-version-gen)0,yes$(MAKELEVEL))
+ _is-dist-target ?= $(filter-out %clean, \
+ $(filter maintainer-% dist% alpha beta stable,$(MAKECMDGOALS)))
+ _is-install-target ?= $(filter-out %check, $(filter install%,$(MAKECMDGOALS)))
+ ifneq (,$(_is-dist-target)$(_is-install-target))
+ _curr-ver := $(shell cd $(srcdir) \
+ && $(_build-aux)/git-version-gen \
+ .tarball-version \
+ $(git-version-gen-tag-sed-script))
+ ifneq ($(_curr-ver),$(VERSION))
+ ifeq ($(_curr-ver),UNKNOWN)
+ $(info WARNING: unable to verify if $(VERSION) is the correct version)
+ else
+ ifneq (,$(_is-install-target))
+ # GNU Coding Standards state that 'make install' should not cause
+ # recompilation after 'make all'. But as long as changing the version
+ # string alters config.h, the cost of having 'make all' always have an
+ # up-to-date version is prohibitive. So, as a compromise, we merely
+ # warn when installing a version string that is out of date; the user
+ # should run 'autoreconf' (or something like 'make distcheck') to
+ # fix the version, 'make all' to propagate it, then 'make install'.
+ $(info WARNING: version string $(VERSION) is out of date;)
+ $(info run '$(MAKE) _version' to fix it)
+ else
+ $(info INFO: running autoreconf for new version string: $(_curr-ver))
+GNUmakefile: _version
+ touch GNUmakefile
+ endif
+ endif
+ endif
+ endif
+endif
+
+.PHONY: _version
+_version:
+ cd $(srcdir) && rm -rf autom4te.cache .version && $(_autoreconf)
+ $(MAKE) $(AM_MAKEFLAGS) Makefile
+
+else
+
+.DEFAULT_GOAL := abort-due-to-no-makefile
+srcdir = .
+
+# The package can override .DEFAULT_GOAL to run actions like autoreconf.
+-include ./cfg.mk
+include ./maint.mk
+
+ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile)
+$(MAKECMDGOALS): abort-due-to-no-makefile
+endif
+
+abort-due-to-no-makefile:
+ @echo There seems to be no Makefile in this directory. 1>&2
+ @echo "You must run ./configure before running \`make'." 1>&2
+ @exit 1
+
+endif
+
+# Tell version 3.79 and up of GNU make to not build goals in this
+# directory in parallel, in case someone tries to build multiple
+# targets, and one of them can cause a recursive target to be invoked.
+
+# Only set this if Automake doesn't provide it.
+AM_RECURSIVE_TARGETS ?= $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) \
+ dist distcheck tags ctags
+
+ALL_RECURSIVE_TARGETS += $(AM_RECURSIVE_TARGETS)
+
+ifneq ($(word 2, $(MAKECMDGOALS)), )
+ifneq ($(filter $(ALL_RECURSIVE_TARGETS), $(MAKECMDGOALS)), )
+.NOTPARALLEL:
+endif
+endif
--- /dev/null
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without warranty of any kind.
+
+Basic Installation
+==================
+
+ Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package. The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package. Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below. The lack of an optional feature in a given package is not
+necessarily a bug. More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+ It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring. Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+ The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'. You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+ The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system.
+
+ Running `configure' might take a while. While running, it prints
+ some messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package, generally using the just-built uninstalled binaries.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation. When installing into a prefix owned by root, it is
+ recommended that the package be configured and built as a regular
+ user, and only the `make install' phase executed with root
+ privileges.
+
+ 5. Optionally, type `make installcheck' to repeat any self-tests, but
+ this time using the binaries in their final installed location.
+ This target does not install anything. Running this target as a
+ regular user, particularly if the prior `make install' required
+ root privileges, verifies that the installation completed
+ correctly.
+
+ 6. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+ 7. Often, you can also type `make uninstall' to remove the installed
+ files again. In practice, not all packages have tested that
+ uninstallation works correctly, even though it is required by the
+ GNU Coding Standards.
+
+ 8. Some packages, particularly those that use Automake, provide `make
+ distcheck', which can by used by developers to test that all other
+ targets like `make install' and `make uninstall' work correctly.
+ This target is generally not run by end users.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+ You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment. Here
+is an example:
+
+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+ *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you can use GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'. This
+is known as a "VPATH" build.
+
+ With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory. After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+ On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor. Like
+this:
+
+ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CPP="gcc -E" CXXCPP="g++ -E"
+
+ This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+ By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc. You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files. Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them. In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+ The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+ The first method involves providing an override variable for each
+affected directory. For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'. Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated. The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the `DESTDIR' variable. For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names. The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters. On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+ Some packages offer the ability to configure how verbose the
+execution of `make' will be. For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
+Particular systems
+==================
+
+ On HP-UX, the default C compiler is not ANSI C compatible. If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file. The option `-nodtk' can be used as
+a workaround. If GNU CC is not installed, it is therefore recommended
+to try
+
+ ./configure CC="cc"
+
+and if that doesn't work, try
+
+ ./configure CC="cc -nodtk"
+
+ On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+ On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'. It is recommended to use the following options:
+
+ ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+ There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on. Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+ CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+ OS
+ KERNEL-OS
+
+ See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+ If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+ If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+ Variables not defined in a site shell script can be set in the
+environment passed to `configure'. However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost. In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'. For example:
+
+ ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug. Until the bug is fixed you can use this workaround:
+
+ CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+ `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+ Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+ Print a summary of the options unique to this package's
+ `configure', and exit. The `short' variant lists options used
+ only in the top level, while the `recursive' variant lists options
+ also present in any nested packages.
+
+`--version'
+`-V'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`--cache-file=FILE'
+ Enable the cache: use and save the results of the tests in FILE,
+ traditionally `config.cache'. FILE defaults to `/dev/null' to
+ disable caching.
+
+`--config-cache'
+`-C'
+ Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+ Use DIR as the installation prefix. *note Installation Names::
+ for more details, including other options available for fine-tuning
+ the installation locations.
+
+`--no-create'
+`-n'
+ Run the configure checks, but stop before creating any output
+ files.
+
+`configure' also accepts some other, not widely useful, options. Run
+`configure --help' for more details.
+
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2009, 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Changes
+# Make library only
+#DISTCHECK_CONFIGURE_FLAGS = --enable-gtk-doc
+#SUBDIRS = lib libextra gl src doc tests
+#if HAVE_GUILE
+#SUBDIRS += guile
+#endif
+#
+
+
+SUBDIRS = lib
+
+#ACLOCAL_AMFLAGS = -I m4 -I gl/m4 -I lib/gl/m4 -I libextra/gl/m4 -I lib/m4 -I libextra/m4
+ACLOCAL_AMFLAGS = -I m4 -I lib/m4
+
+EXTRA_DIST = cfg.mk maint.mk .clcopying
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2009, 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Changes
+# Make library only
+#DISTCHECK_CONFIGURE_FLAGS = --enable-gtk-doc
+#SUBDIRS = lib libextra gl src doc tests
+#if HAVE_GUILE
+#SUBDIRS += guile
+#endif
+#
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+ $(top_srcdir)/configure ABOUT-NLS AUTHORS COPYING.LIB \
+ ChangeLog INSTALL NEWS THANKS config.guess config.rpath \
+ config.sub depcomp install-sh ltmain.sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/lib/m4/hooks.m4 \
+ $(top_srcdir)/m4/gtk-doc.m4 $(top_srcdir)/m4/guile.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+ { test ! -d "$(distdir)" \
+ || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -fr "$(distdir)"; }; }
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+GZIP_ENV = --best
+DIST_ARCHIVES = $(distdir).tar.bz2
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GAA = @GAA@
+GREP = @GREP@
+GTKDOC_CHECK = @GTKDOC_CHECK@
+GTKDOC_MKPDF = @GTKDOC_MKPDF@
+GTKDOC_REBASE = @GTKDOC_REBASE@
+GUILE = @GUILE@
+GUILE_CFLAGS = @GUILE_CFLAGS@
+GUILE_CONFIG = @GUILE_CONFIG@
+GUILE_LDFLAGS = @GUILE_LDFLAGS@
+GUILE_SITE = @GUILE_SITE@
+GUILE_TOOLS = @GUILE_TOOLS@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HTML_DIR = @HTML_DIR@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBTASN1 = @LTLIBTASN1@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+guile_snarf = @guile_snarf@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+subdirs = @subdirs@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = lib
+
+#ACLOCAL_AMFLAGS = -I m4 -I gl/m4 -I lib/gl/m4 -I libextra/gl/m4 -I lib/m4 -I libextra/m4
+ACLOCAL_AMFLAGS = -I m4 -I lib/m4
+EXTRA_DIST = cfg.mk maint.mk .clcopying
+all: config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+ @:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
+ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ echo ' $(SHELL) ./config.status'; \
+ $(SHELL) ./config.status;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ $(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ $(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+ @if test ! -f $@; then \
+ rm -f stamp-h1; \
+ $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+ else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: $(am__configure_deps)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f config.h stamp-h1
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool config.lt
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ $(am__remove_distdir)
+ test -d "$(distdir)" || mkdir "$(distdir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ -test -n "$(am__skip_mode_fix)" \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-lzma: distdir
+ tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+ $(am__remove_distdir)
+
+dist-xz: distdir
+ tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+ $(am__remove_distdir)
+
+dist-tarZ: distdir
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__remove_distdir)
+
+dist-shar: distdir
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__remove_distdir)
+
+dist-zip: distdir
+ -rm -f $(distdir).zip
+ zip -rq $(distdir).zip $(distdir)
+ $(am__remove_distdir)
+
+dist dist-all: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration. Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.lzma*) \
+ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+ *.tar.xz*) \
+ xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+ chmod -R a-w $(distdir); chmod a+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ chmod a-w $(distdir)
+ test -d $(distdir)/_build || exit 0; \
+ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
+ && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+ && $(MAKE) $(AM_MAKEFLAGS) install \
+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+ && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+ distuninstallcheck \
+ && chmod -R a-w "$$dc_install_base" \
+ && ({ \
+ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+ } || { rm -rf "$$dc_destdir"; exit 1; }) \
+ && rm -rf "$$dc_destdir" \
+ && $(MAKE) $(AM_MAKEFLAGS) dist \
+ && rm -rf $(DIST_ARCHIVES) \
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+ && cd "$$am__cwd" \
+ || exit 1
+ $(am__remove_distdir)
+ @(echo "$(distdir) archives ready for distribution: "; \
+ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+ @$(am__cd) '$(distuninstallcheck_dir)' \
+ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ || { echo "ERROR: files left after uninstall:" ; \
+ if test -n "$(DESTDIR)"; then \
+ echo " (check DESTDIR support)"; \
+ fi ; \
+ $(distuninstallcheck_listfiles) ; \
+ exit 1; } >&2
+distcleancheck: distclean
+ @if test '$(srcdir)' = . ; then \
+ echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+ exit 1 ; \
+ fi
+ @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+ || { echo "ERROR: files left in build directory after distclean:" ; \
+ $(distcleancheck_listfiles) ; \
+ exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile config.h
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr \
+ distclean-libtool distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf $(top_srcdir)/autom4te.cache
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+ ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am am--refresh check check-am clean clean-generic \
+ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \
+ dist-gzip dist-lzma dist-shar dist-tarZ dist-xz dist-zip \
+ distcheck distclean distclean-generic distclean-hdr \
+ distclean-libtool distclean-tags distcleancheck distdir \
+ distuninstallcheck dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ installdirs-am maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags tags-recursive uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+GnuTLS NEWS -- History of user-visible changes. -*- outline -*-
+Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005,
+ 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
+See the end for copying conditions.
+
+* Version 2.xx.y (unreleased)
+
+** certtool: Warns on generation of DSA keys of over 1024 bits, about
+the incompatibility with TLS other than 1.2.
+
+** libgnutls: Modified signature algorithm selection in client
+certificate request, to avoid failures in DSA certificates.
+
+** libgnutls: Instead of failing with internal error, return
+GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL if an incompatible DSA
+key with the negotiated protocol is encountered.
+
+** libgnutls: Bug fixes in the RSA ciphersuite behavior with openpgp keys.
+
+** libgnutls: Force state update when fork is detected in the nettle
+rng.
+
+** libgnutls: modified gnutls_pubkey_import_openpgp() to use the preferred
+subkey instead of setting explicitly one.
+
+** libgnutls: Corrected default behavior in record version of Client Hellos.
+
+** libgnutls-openssl: modified to use modern gnutls' functions.
+This introduces an ABI incompatibility with previous versions.
+
+** API and ABI modifications:
+gnutls_pubkey_import_openpgp: MODIFIED
+
+No changes since last version.
+
+* Version 2.11.7 (released 2011-03-09)
+
+** libgnutls: Corrected signature generation and verification
+in the Certificate Verify message when in TLS 1.2. Reported
+by Todd A. Ouska.
+
+** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored
+the PSK callback.
+
+** libgnutls: SRP and PSK are no longer set on the default priorities.
+They have to be explicitly set.
+
+** libgnutls: During handshake message verification using DSS
+use the hash algorithm required by it.
+
+** libgnutls: gnutls_x509_privkey_sign_hash() is deprecated.
+Use gnutls_privkey_sign_hash() instead.
+
+** libgnutls: gnutls_transport_set_lowat() is deprecated. Support
+for this functionality will be dropped in later versions.
+
+** libgnutls: gnutls_pubkey_verify_data, gnutls_pubkey_verify_hash,
+gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data,
+gnutls_x509_crt_verify_hash return the negative error code
+GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error
+checking.
+
+** libgnutls: Added helper functions for signature verification:
+gnutls_pubkey_verify_data() and gnutls_pubkey_import_privkey().
+
+** libgnutls: Modified gnutls_privkey_sign_data().
+
+** gnutls_x509_crl_privkey_sign2(), gnutls_x509_crq_sign2()
+gnutls_x509_privkey_sign_hash(), gnutls_x509_privkey_sign_data(),
+gnutls_x509_crt_verify_hash(), gnutls_x509_crt_verify_data(), were
+deprecated for gnutls_x509_crl_privkey_sign(),
+gnutls_x509_crq_privkey_sign(), gnutls_privkey_sign_hash(),
+gnutls_privkey_sign_data(), gnutls_pubkey_verify_hash()
+gnutls_pubkey_verify_data() respectively.
+
+** libgnutls: gnutls_*_export_raw() functions now add leading zero in
+integers.
+
+** libgnutls: Added gnutls_transport_set_vec_push_function() that
+can be used to specify a writev() like function. Using that gnutls
+can provide more efficient writes to network layer in systems that
+support it.
+
+** crypto.h: Fix use with C++.
+Reported by "Brendan Doherty" <brendand@gentrack.com>.
+
+** API and ABI modifications:
+gnutls_transport_set_vec_push_function: ADDED
+gnutls_x509_crl_get_raw_issuer_dn: ADDED
+gnutls_pubkey_import_privkey: ADDED
+gnutls_pubkey_verify_data: ADDED
+gnutls_privkey_sign_hash: MODIFIED (was added in 2.11.0)
+gnutls_privkey_sign_data: MODIFIED (was added in 2.11.0)
+gnutls_x509_crq_sign2: DEPRECATED (use: gnutls_x509_crq_privkey_sign)
+gnutls_x509_crq_sign: DEPRECATED (use: gnutls_x509_crq_privkey_sign)
+gnutls_x509_crq_get_preferred_hash_algorithm: REMOVED (was added in 2.11.0)
+gnutls_x509_crl_sign: DEPRECATED (use: gnutls_x509_crl_privkey_sign)
+gnutls_x509_crl_sign2: DEPRECATED (use: gnutls_x509_crl_privkey_sign)
+gnutls_x509_privkey_sign_data: DEPRECATED (use: gnutls_privkey_sign_data)
+gnutls_x509_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash)
+gnutls_x509_privkey_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data)
+gnutls_psk_netconf_derive_key: DEPRECATED
+gnutls_session_set_finished_function: DEPRECATED
+gnutls_ext_register: DEPRECATED
+gnutls_certificate_get_x509_crls: DEPRECATED
+gnutls_certificate_get_x509_cas: DEPRECATED
+gnutls_certificate_get_openpgp_keyring: DEPRECATED
+gnutls_session_get_server_random: DEPRECATED
+gnutls_session_get_client_random: DEPRECATED
+gnutls_session_get_master_secret: DEPRECATED
+gnutls_transport_set_lowat: DEPRECATED
+gnutls_x509_crt_verify_hash: DEPRECATED (use: gnutls_pubkey_verify_hash)
+gnutls_x509_crt_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data)
+gnutls_x509_crt_get_verify_algorithm: DEPRECATED (use: gnutls_pubkey_get_verify_algorithm)
+gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED (use: gnutls_pubkey_get_preferred_hash_algorithm)
+gnutls_openpgp_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash)
+gnutls_openpgp_privkey_decrypt_data: REMOVED (was added in 2.11.0)
+gnutls_pkcs11_privkey_sign_hash: REMOVED (was added in 2.11.0)
+gnutls_pkcs11_privkey_decrypt_data: REMOVED (was added in 2.11.0)
+gnutls_pkcs11_privkey_sign_data: REMOVED (was added in 2.11.0)
+gnutls_x509_privkey_sign_data2: REMOVED (was added in 2.11.0)
+
+* Version 2.11.6 (released 2010-12-06)
+
+** libgnutls: Record version of Client Hellos is now set by default to
+SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION
+priority string.
+
+** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures.
+This makes us comply with RFC3279. Reported by Michael Rommel.
+
+** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.11.5 (released 2010-12-01)
+
+** libgnutls: Reverted default behavior for verification and
+introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default
+V1 trusted CAs are allowed, unless the new flag is specified.
+
+** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key.
+Reported by Jeffrey Walton.
+
+** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL
+as priority strings. Those allow to set all the supported algorithms
+at once.
+
+** p11tool: Introduced. It allows manipulating pkcs 11 tokens.
+
+** gnutls-cli: Print channel binding only in verbose mode.
+Before it printed it after the 'Compression:' output, thus breaking
+Emacs starttls.el string searches.
+
+** API and ABI modifications:
+gnutls_pkcs11_token_init: New function
+gnutls_pkcs11_token_set_pin: New function
+
+* Version 2.11.4 (released 2010-10-15)
+
+** libgnutls: Add new API gnutls_session_channel_binding.
+The function is used to get the channel binding data. Currently only
+the "tls-unique" (RFC 5929) channel binding type is supported, through
+the GNUTLS_CB_TLS_UNIQUE type. See new section "Channel Bindings" in
+the manual.
+
+** gnutls-cli, gnutls-serv: Print 'tls-unique' Channel Bindings.
+
+** doc: Added pkcs11.h header file to GTK-DOC manual.
+
+** build: Update gnulib files.
+
+** i18n: Update translations.
+
+** tests: Add self tests gendh.c. Speed up Guile self checks.
+
+** API and ABI modifications:
+gnutls_session_channel_binding: New function.
+gnutls_channel_binding_t: New enumeration.
+GNUTLS_CB_TLS_UNIQUE: New gnutls_channel_binding_t enum member.
+GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE: New error code.
+
+* Version 2.11.3 (released 2010-10-14)
+
+** Indent code to follow the GNU Coding Standard.
+You should be able to unpack the 2.11.2 release and run 'make indent'
+twice to get exactly the same content as 2.11.3 except for generated
+files. Using GNU Indent 2.2.11.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.11.2 (released 2010-10-08)
+
+** libgnutls: Several bug fixes on session resumption
+and session tickets support.
+
+** libgnutls: Add new extended key usage ipsecIKE.
+
+** certtool: Renamed PKCS #11 options to: --p11-provider,
+--p11-export-url, --p11-list-certs, --p11-list-certs,
+--p11-list-privkeys, --p11-list-trusted, --p11-list-all-certs,
+--p11-list-all, --p11-list-tokens, --p11-login, --p11-write,
+--p11-write-label, --p11-write-trusted, --p11-detailed-url,
+--p11-delete-url
+
+** libgnutls: Corrected bug that caused importing DSA keys as RSA,
+introduced with the new nettle code.
+
+** libgnutls: Corrected advertizing issue for session tickets.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_subject_unique_id: ADDED.
+gnutls_x509_crt_get_issuer_unique_id: ADDED.
+
+* Version 2.11.1 (released 2010-09-14)
+
+** libgnutls: Nettle is the default crypto back end. Use --with-libgcrypt
+to use the libgcrypt back end.
+
+** libgnutls: Depend on nettle 2.1. This makes nettle a fully working
+backend crypto library.
+
+** libgnutls: Added RSA_NULL_SHA1 and SHA256 ciphersuites.
+
+** libgnutls: Several updates in the buffering internal interface.
+
+** libgnutls: Is now more liberal in the PEM decoding. That is spaces and
+tabs are being skipped.
+
+** libgnutls: Added support for draft-pechanec-pkcs11uri-02.
+
+** libgnutls: The %COMPAT flag now allows larger records that violate the
+TLS spec.
+
+** libgnutls: by default lowat level has been set to zero to avoid unnecessary
+system calls. Applications that depended on it being 1 should explicitly call
+gnutls_transport_set_lowat().
+
+** libgnutls: Updated documentation and gnutls_pk_params_t mappings
+to ECRYPT II recommendations. Mappings were moved to a single location
+and DSA keys are handled differently (since DSA2 allows for 1024,2048
+and 3072 keys only).
+
+** libgnutls: gnutls_x509_privkey_import() will fallback to
+gnutls_x509_privkey_import_pkcs8() without a password, if it
+is unable to decode the key.
+
+** libgnutls: HMAC-MD5 no longer used by default.
+
+** API and ABI modifications:
+gnutls_openpgp_privkey_sec_param: ADDED
+gnutls_x509_privkey_sec_param: ADDED
+
+* Version 2.11.0 (released 2010-07-22)
+
+** libgnutls: support scattered write using writev(). This takes
+advantage of the new buffering layer and allows queuing of packets
+and flushing them. This is currently used for handshake messages
+only.
+
+** libgnutls: Added gnutls_global_set_mutex() to allow setting
+alternative locking procedures. By default the system available
+locking is used. In *NIX pthreads are used and in windows the
+critical section API. This follows a different approach than the
+previous versions that depended on libgcrypt initialization. The
+locks are now set by default in systems that support it. Programs
+that used gcry_control() to set thread locks should insert it into
+a block of
+#if GNUTLS_VERSION_NUMBER <= 0x020b00
+ gcry_control(...)
+#endif
+
+** libgnutls: Added support for reading DN from EV-certificates.
+New DN values:
+jurisdictionOfIncorporationLocalityName,
+jurisdictionOfIncorporationStateOrProvinceName,
+jurisdictionOfIncorporationCountryName
+
+** libgnutls: Added support for DSA signing/verifying with bit
+length over 1024.
+
+** libgnutls-extra: When in FIPS mode gnutls_global_init_extra()
+has to be called to register any required md5 handlers.
+
+** libgnutls: Internal buffering code was replaced by simpler
+code contributed by Jonathan Bastien-Filiatrault.
+
+** libgnutls: Internal API for extensions augmented to allow
+safe storing and loading of data on resumption. This allows writing
+self-contained extensions (when possible). As a side effect
+the OPRFI extension was removed.
+
+** libgnutls: Added support for DSA-SHA256 and DSA-SHA224
+
+** libgnutls: Added PKCS #11 support and an API to access objects in
+gnutls/pkcs11.h. Currently certificates and public keys can be
+imported from tokens, and operations can be performed on private keys.
+
+** libgnutls: Added abstract gnutls_privkey_t and gnutls_pubkey_t
+
+** libgnutls: Added initial support for the nettle library. It uses
+the system's random generator for seeding. That is /dev/urandom in Linux,
+system calls in Win32 and EGD on other systems.
+
+** libgnutls: Corrected issue on the %SSL3_RECORD_VERSION priority string. It now
+ works even when resuming a session.
+
+** libgnutls: Added gnutls_certificate_set_retrieve_function() to replace the
+similar gnutls_certificate_set_server_retrieve_function() and
+gnutls_certificate_set_client_retrieve_function(). In addition it support
+PKCS #11 private keys.
+
+** libgnutls: Added gnutls_pkcs11_copy_x509_crt(), gnutls_pkcs11_copy_x509_privkey(),
+and gnutls_pkcs11_delete_url() to allow copying and deleting data in tokens.
+
+** libgnutls: Added gnutls_sec_param_to_pk_bits() et al. to allow select bit
+sizes for private keys using a human understandable scale.
+
+** certtool: Added new options: --pkcs11-list-tokens, --pkcs11-list-all
+--pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs,
+--pkcs11-delete-url, --pkcs11-write
+
+certtool: The --pkcs-cipher is taken into account when generating a
+private key. The default cipher used now is aes-128. The old behavior can
+be simulated by specifying "--pkcs-cipher 3des-pkcs12".
+
+certtool: Added --certificate-pubkey to print the public key of the
+certificate.
+
+** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile
+can now accept a PKCS #11 URL in addition to a file. This will allow for
+example to use the Gnome-keyring trusted certificate list to verify
+connections using a url such as:
+pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring
+
+** API and ABI modifications:
+gnutls_certificate_set_server_retrieve_function: DEPRECATED
+gnutls_certificate_set_client_retrieve_function: DEPRECATED
+gnutls_sign_callback_set: DEPRECATED
+gnutls_global_set_mutex: ADDED
+gnutls_pubkey_get_preferred_hash_algorithm: ADDED
+gnutls_x509_crt_get_preferred_hash_algorithm: ADDED
+gnutls_x509_privkey_export_rsa_raw2: ADDED
+gnutls_rnd: ADDED
+gnutls_sec_param_to_pk_bits: ADDED
+gnutls_pk_bits_to_sec_param: ADDED
+gnutls_sec_param_get_name: ADDED
+gnutls_pkcs11_type_get_name: ADDED
+gnutls_certificate_set_retrieve_function: ADDED
+gnutls_pkcs11_init: ADDED
+gnutls_pkcs11_deinit: ADDED
+gnutls_pkcs11_set_pin_function: ADDED
+gnutls_pkcs11_set_token_function: ADDED
+gnutls_pkcs11_add_provider: ADDED
+gnutls_pkcs11_obj_init: ADDED
+gnutls_pkcs11_obj_import_url: ADDED
+gnutls_pkcs11_obj_export_url: ADDED
+gnutls_pkcs11_obj_deinit: ADDED
+gnutls_pkcs11_obj_export: ADDED
+gnutls_pkcs11_obj_list_import_url: ADDED
+gnutls_pkcs11_obj_export: ADDED
+gnutls_x509_crt_import_pkcs11: ADDED
+gnutls_pkcs11_obj_get_type: ADDED
+gnutls_x509_crt_list_import_pkcs11: ADDED
+gnutls_x509_crt_import_pkcs11_url: ADDED
+gnutls_pkcs11_obj_get_info: ADDED
+gnutls_pkcs11_token_get_info: ADDED
+gnutls_pkcs11_token_get_url: ADDED
+gnutls_pkcs11_privkey_init: ADDED
+gnutls_pkcs11_privkey_deinit: ADDED
+gnutls_pkcs11_privkey_get_pk_algorithm: ADDED
+gnutls_pkcs11_privkey_get_info: ADDED
+gnutls_pkcs11_privkey_import_url: ADDED
+gnutls_pkcs11_privkey_sign_data: ADDED
+gnutls_pkcs11_privkey_sign_hash: ADDED
+gnutls_pkcs11_privkey_decrypt_data: ADDED
+gnutls_privkey_init: ADDED
+gnutls_privkey_deinit: ADDED
+gnutls_privkey_get_pk_algorithm: ADDED
+gnutls_privkey_get_type: ADDED
+gnutls_privkey_import_pkcs11: ADDED
+gnutls_privkey_import_x509: ADDED
+gnutls_privkey_import_openpgp: ADDED
+gnutls_privkey_sign_data: ADDED
+gnutls_privkey_sign_hash: ADDED
+gnutls_privkey_decrypt_data: ADDED
+gnutls_pkcs11_privkey_export_url: ADDED
+gnutls_x509_crq_privkey_sign: ADDED
+gnutls_x509_crl_privkey_sign: ADDED
+gnutls_x509_crt_privkey_sign: ADDED
+gnutls_pubkey_init: ADDED
+gnutls_pubkey_deinit: ADDED
+gnutls_pubkey_get_pk_algorithm: ADDED
+gnutls_pubkey_import_x509: ADDED
+gnutls_pubkey_import_openpgp: ADDED
+gnutls_pubkey_get_pk_rsa_raw: ADDED
+gnutls_pubkey_get_pk_dsa_raw: ADDED
+gnutls_pubkey_export: ADDED
+gnutls_pubkey_get_key_id: ADDED
+gnutls_pubkey_get_key_usage: ADDED
+gnutls_pubkey_verify_hash: ADDED
+gnutls_pubkey_get_verify_algorithm: ADDED
+gnutls_pkcs11_type_get_name: ADDED
+gnutls_pubkey_import_pkcs11_url: ADDED
+gnutls_pubkey_import: ADDED
+gnutls_pubkey_import_pkcs11: ADDED
+gnutls_pubkey_import_dsa_raw: ADDED
+gnutls_pubkey_import_rsa_raw: ADDED
+gnutls_x509_crt_set_pubkey: ADDED
+gnutls_x509_crq_set_pubkey: ADDED
+gnutls_pkcs11_copy_x509_crt: ADDED
+gnutls_pkcs11_copy_x509_privkey: ADDED
+gnutls_pkcs11_delete_url: ADDED
+
+* Version 2.10.1 (released 2010-07-25)
+
+** libgnutls: Added support for broken certificates that indicate RSA
+with strange OIDs.
+
+** gnutls-cli: Allow verification using V1 CAs.
+
+** libgnutls: gnutls_x509_privkey_import() will fallback to
+gnutls_x509_privkey_import_pkcs8() without a password, if it
+is unable to decode the key.
+
+** libgnutls: Correctly deinitialize crypto API functions to prevent
+a memory leak. Reported by Mads Kiilerich.
+
+** certtool: If asked to generate DSA keys of size more than 1024 bits,
+issue a warning, that the output key might not be working everywhere.
+
+** certtool: The --pkcs-cipher is taken into account when generating a
+private key. The default cipher used now is aes-128. The old behavior
+can be simulated by specifying "--pkcs-cipher 3des-pkcs12".
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.10.0 (released 2010-06-25)
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.12 (released 2010-06-17)
+
+** gnutls-cli: Make --starttls work again.
+Problem introduced in patch to use read() instead of fgets() committed
+on 2010-01-27.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.11 (released 2010-06-07)
+
+** libgnutls: Removed two APIs related to safe renegotiation.
+Use priority strings instead. The APIs were
+gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set.
+(Remember that we don't promise ABI stability during development
+series, so this doesn't cause an shared library ABI increment.)
+
+** tests: More self testing of safe renegotiation extension.
+See tests/safe-renegotiation/README for more information.
+
+** doc: a PDF version of the API reference manual (GTK-DOC) is now built.
+
+** doc: Terms 'GNUTLS' and 'GNU TLS' were changed to 'GnuTLS' for consistency.
+
+** API and ABI modifications:
+gnutls_safe_negotiation_set_initial: REMOVED.
+gnutls_safe_renegotiation_set: REMOVED.
+
+* Version 2.9.10 (released 2010-04-22)
+
+** libgnutls: Time verification extended to trusted certificate list.
+Unless new constant GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS flag is
+specified.
+
+** certtool: Display postalCode and Name X.509 DN attributes correctly.
+Based on patch by Pavan Konjarla. Adds new constant
+GNUTLS_OID_X520_POSTALCODE and GNUTLS_OID_X520_NAME.
+
+** libgnutls: Added Steve Dispensa's patch for safe renegotiation (RFC 5746)
+Solves the issue discussed in:
+<http://www.ietf.org/mail-archive/web/tls/current/msg03928.html> and
+<http://www.ietf.org/mail-archive/web/tls/current/msg03948.html>.
+Note that to allow connecting to unpatched servers the full protection
+is only enabled if the priority string %SAFE_RENEGOTIATION is
+specified. You can check whether protection is in place by querying
+gnutls_safe_renegotiation_status(). New error codes
+GNUTLS_E_SAFE_RENEGOTIATION_FAILED and
+GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED added.
+
+** libgnutls: When checking openpgp self signature also check the signatures
+** of all subkeys.
+Ilari Liusvaara noticed and reported the issue and provided test
+vectors as well.
+
+** libgnutls: Added cryptodev support (/dev/crypto).
+Tested with http://www.logix.cz/michal/devel/cryptodev/. Added
+benchmark utility for AES. Adds new error codes
+GNUTLS_E_CRYPTODEV_IOCTL_ERROR and GNUTLS_E_CRYPTODEV_DEVICE_ERROR.
+
+** libgnutls: Exported API to access encryption and hash algorithms.
+The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit,
+gnutls_cipher_encrypt, gnutls_cipher_get_block_size,
+gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast,
+gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output,
+gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast,
+gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output. New API
+constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224.
+
+** libgnutls: Added gnutls_certificate_set_verify_function() to allow
+verification of certificate upon receipt rather than waiting until the
+end of the handshake.
+
+** libgnutls: Don't send alerts during handshake.
+Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added.
+
+** certtool: Corrected two issues that affected certificate request generation.
+(1) Null padding is added on integers (found thanks to Wilankar Trupti),
+(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA
+parameters were added. Those were rejected by Verisign. Gnutls no longer adds
+those parameters there since other implementations don't do either and having
+them does not seem to offer anything (anyway you need the signer's certificate
+to verify thus public key will be available). Found thanks to Boyan Kasarov.
+This however has the side-effect that public key IDs shown by certtool are
+now different than previous gnutls releases.
+(3) the option --pgp-certificate-info will verify self signatures
+
+** certtool: Allow exporting of Certificate requests on DER format.
+
+** certtool: New option --no-crq-extensions to avoid extensions in CSRs.
+
+** gnutls-cli: Handle reading binary data from server.
+Reported by and tiny patch from Vitaly Mayatskikh
+<v.mayatskih@gmail.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/4096>.
+
+** minitasn1: Upgraded to libtasn1 version 2.6.
+
+** i18n: Updated Czech, Dutch, French, Polish, Swedish translation.
+** Added Italian and Simplified Chinese translation.
+Thanks to Petr Pisar, Erwin Poeze, Nicolas Provost, Jakub Bogusz,
+Daniel Nylander, Sergio Zanchetta, Tao Wei, and Aron Xu.
+
+** doc: The GTK-DOC manual is significantly improved.
+
+** API and ABI modifications:
+%DISABLE_SAFE_RENEGOTIATION: Added to priority strings (do not use).
+%INITIAL_SAFE_RENEGOTIATION: Added to priority strings.
+%UNSAFE_RENEGOTIATION: Added to priority strings.
+GNUTLS_DIG_SHA224: ADDED.
+GNUTLS_E_CRYPTODEV_DEVICE_ERROR: ADDED.
+GNUTLS_E_CRYPTODEV_IOCTL_ERROR: ADDED.
+GNUTLS_E_SAFE_RENEGOTIATION_FAILED: ADDED.
+GNUTLS_E_UNKNOWN_SRP_USERNAME: ADDED.
+GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED: ADDED.
+GNUTLS_MAC_SHA224: ADDED.
+GNUTLS_OID_X520_NAME: ADDED.
+GNUTLS_OID_X520_POSTALCODE: ADDED.
+GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: ADDED.
+GNUTLS_VERSION_MAX: ADDED.
+gnutls_certificate_set_verify_function: ADDED.
+gnutls_cipher_decrypt: ADDED.
+gnutls_cipher_deinit: ADDED.
+gnutls_cipher_encrypt: ADDED.
+gnutls_cipher_get_block_size: ADDED.
+gnutls_cipher_init: ADDED.
+gnutls_hash: ADDED.
+gnutls_hash_deinit: ADDED.
+gnutls_hash_fast: ADDED.
+gnutls_hash_get_len: ADDED.
+gnutls_hash_init: ADDED.
+gnutls_hash_output: ADDED.
+gnutls_hmac: ADDED.
+gnutls_hmac_deinit: ADDED.
+gnutls_hmac_fast: ADDED.
+gnutls_hmac_get_len: ADDED.
+gnutls_hmac_init: ADDED.
+gnutls_hmac_output: ADDED.
+gnutls_safe_negotiation_set_initial: ADDED.
+gnutls_safe_renegotiation_set: ADDED.
+gnutls_safe_renegotiation_status: ADDED.
+
+* Version 2.9.9 (released 2009-11-09)
+
+** libgnutls: Cleanups and several bug fixes.
+Found by Steve Grubb and Tomas Mraz.
+
+** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.
+
+** Fix --disable-valgrind-tests.
+Reported by Ingmar Vanhassel in
+<https://savannah.gnu.org/support/?107029>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.8 (released 2009-11-05)
+
+** libgnutls: Fix for memory leaks on interrupted handshake.
+Reported by Tang Tong.
+
+** libgnutls: Addition of support for TLS 1.2 signature algorithms
+** extension and certificate verify field.
+This requires changes for TLS 1.2 servers and clients that use
+callbacks for certificate retrieval. They are now required to check
+with gnutls_sign_algorithm_get_requested() whether the certificate
+they send complies with the peer's preferences in signature
+algorithms.
+
+** libgnutls: In server side when resuming a session do not overwrite the
+** initial session data with the resumed session data.
+
+** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8
+** encryption.
+This affects also PKCS #12 encoded files. This adds the following new
+enums: GNUTLS_CIPHER_AES_192_CBC, GNUTLS_PKCS_USE_PBES2_AES_128,
+GNUTLS_PKCS_USE_PBES2_AES_192, GNUTLS_PKCS_USE_PBES2_AES_256.
+
+** libgnutls: Fix PKCS#12 encoding.
+The error you would get was "The OID is not supported.". Problem
+introduced for the v2.8.x branch in 2.7.6.
+
+** certtool: Added the --pkcs-cipher option.
+To explicitely specify the encryption algorithm to use.
+
+** tests: Added "pkcs12_encode" self-test to check PKCS#12 functions.
+
+** tests: Fix time bomb in chainverify self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
+
+** tests: Fix expired cert in chainverify self-test.
+
+** i18n: Vietnamese translation updated.
+Thanks to Clytie Siddall.
+
+** API and ABI modifications:
+GNUTLS_CIPHER_AES_192_CBC: ADDED to gnutls/gnutls.h.
+GNUTLS_PKCS_USE_PBES2_AES_128: ADDED to gnutls/x509.h.
+GNUTLS_PKCS_USE_PBES2_AES_192: ADDED to gnutls/x509.h.
+GNUTLS_PKCS_USE_PBES2_AES_256: ADDED to gnutls/x509.h.
+GNUTLS_BAG_SECRET: ADDED to gnutls/pkcs12.h.
+GNUTLS_DIG_UNKNOWN: ADDED to gnutls/gnutls.h.
+gnutls_sign_algorithm_get_requested: ADDED.
+
+* Version 2.9.7 (released 2009-10-06)
+
+** libgnutls: TLS 1.2 server mode fixes.
+Now interoperates against Opera. Contributed by Daiki Ueno.
+
+** libgnutlsxx: Fix link problems.
+Tiny patch from Boyan Kasarov <bkasarov@gmail.com>.
+
+** guile: Compatibility with guile 2.x.
+By Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.6 (released 2009-09-22)
+
+** libgnutls: Enable Camellia ciphers by default.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.5 (released 2009-09-10)
+
+** libgnutls: Add new functions to extract X.509 Issuer Alternative Names.
+The new functions are gnutls_x509_crt_get_issuer_alt_name2,
+gnutls_x509_crt_get_issuer_alt_name, and
+gnutls_x509_crt_get_issuer_alt_othername_oid. Contributed by Brad
+Hards <bradh@frogmouth.net>.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_issuer_alt_name2: ADDED.
+gnutls_x509_crt_get_issuer_alt_name: ADDED.
+gnutls_x509_crt_get_issuer_alt_othername_oid: ADDED.
+
+* Version 2.9.4 (released 2009-09-03)
+
+** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works.
+The new supported ciphersuites are AES-128/256 in CBC mode with
+ANON-DH/RSA/DHE-DSS/DHE-RSA. Contributed by Daiki Ueno. Further,
+SHA-256 is now the preferred default MAC (however it is only used with
+TLS 1.2).
+
+** libgnutls: Make OpenPGP hostname checking work again.
+The patch to resolve the X.509 CN/SAN issue accidentally broken
+OpenPGP hostname comparison.
+
+** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
+Reported by Howard Chu <hyc@symas.com> in
+<https://savannah.gnu.org/support/?106975>.
+
+** Fix use of deprecated types internally.
+Use of deprecated types in GnuTLS from now on will lead to a compile
+error, to prevent this from happening again.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.3 (released 2009-08-19)
+
+** libgnutls: Support for TLS tickets was contributed by Daiki Ueno.
+The new APIs are gnutls_session_ticket_enable_client,
+gnutls_session_ticket_enable_server, and
+gnutls_session_ticket_key_generate.
+
+** gnutls-cli, gnutls-serv: New parameter --noticket to disable TLS tickets.
+
+** API and ABI modifications:
+gnutls_session_ticket_key_generate: ADDED.
+gnutls_session_ticket_enable_client: ADDED.
+gnutls_session_ticket_enable_server: ADDED.
+
+* Version 2.9.2 (released 2009-08-14)
+
+** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
+By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
+into 1) not printing the entire CN/SAN field value when printing a
+certificate and 2) cause incorrect positive matches when matching a
+hostname against a certificate. Some CAs apparently have poor
+checking of CN/SAN values and issue these (arguable invalid)
+certificates. Combined, this can be used by attackers to become a
+MITM on server-authenticated TLS sessions. The problem is mitigated
+since attackers needs to get one certificate per site they want to
+attack, and the attacker reveals his tracks by applying for a
+certificate at the CA. It does not apply to client authenticated TLS
+sessions. Research presented independently by Dan Kaminsky and Moxie
+Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com>
+for providing one part of the patch. [GNUTLS-SA-2009-4] [CVE-2009-2730].
+
+** libgnutls: Fix rare failure in gnutls_x509_crt_import.
+The function may fail incorrectly when an earlier certificate was
+imported to the same gnutls_x509_crt_t structure.
+
+** minitasn1: Internal copy updated to libtasn1 v2.3.
+
+** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
+Before it always returned false. Reported by Peter Hendrickson
+<pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
+
+** libgnutls: Fix off-by-one size computation error in unknown DN printing.
+The error resulted in truncated strings when printing unknown OIDs in
+X.509 certificate DNs. Reported by Tim Kosse
+<tim.kosse@filezilla-project.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
+
+** libgnutls: Fix PKCS#12 decryption from password.
+The encryption key derived from the password was incorrect for (on
+average) 1 in every 128 input for random inputs. Reported by "Kukosa,
+Tomas" <tomas.kukosa@siemens-enterprise.com> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
+
+** libgnutls: Return correct bit lengths of some MPIs.
+gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
+gnutls_dh_get_peers_public_bits. Before the reported value was
+overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
+
+** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
+Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
+and
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
+
+** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
+Before we required that the runtime library used the same (or more
+recent) libgcrypt/libtasn1 as it was compiled with. Now we just check
+that the runtime usage is above the minimum required. Reported by
+Marco d'Itri <md@linux.it> via Andreas Metzler
+<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.
+
+** tests: Added new self-test pkcs12_s2k_pem to detect MPI bit length error.
+
+** tests: Improved test vectors in self-test pkcs12_s2k.
+
+** tests: Added new self-test dn2 to detect off-by-one size error.
+
+** tests: Fix failure in "chainverify" because a certificate have expired.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.1 (released 2009-06-08)
+
+** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle.
+Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
+<http://bugs.gentoo.org/272388>.
+
+** tests: Added new self-tests init_roundtrip.c to detect previous problem.
+
+** Reduce stack usage for some CRQ functions.
+
+** Doc fixes for CRQ functions.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.9.0 (released 2009-05-28)
+
+** Doc fixes.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.6 (released 2010-03-15)
+
+** libgnutls: For CSRs, don't null pad integers for RSA/DSA value.
+VeriSign rejected CSRs with this padding. Reported by Wilankar Trupti
+<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>.
+
+Note: As a side effect of this change, the "public key identifier"
+value computed for a certificate using this version of GnuTLS will be
+different from values computed using earlier versions of GnuTLS.
+
+** libgnutls: For CSRs on DSA keys, don't add DSA parameters to the
+** optional SignatureAlgorithm parameter field.
+VeriSign rejected these CSRs. They are stricly speaking not needed
+since you need the signer's certificate to verify the certificate
+signature anyway. Reported by Wilankar Trupti
+<trupti.wilankar@hp.com> and Boyan Kasarov <bkasarov@gmail.com>.
+
+** libgnutls: When checking openpgp self signature also check the signatures
+** of all subkeys.
+Ilari Liusvaara noticed and reported the issue and provided test
+vectors as well.
+
+** libgnutls: Cleanups and several bug fixes.
+Found by Steve Grubb and Tomas Mraz.
+
+** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv.
+
+** Fix --disable-valgrind-tests.
+Reported by Ingmar Vanhassel in
+<https://savannah.gnu.org/support/?107029>.
+
+** examples: Use the new APIs for printing X.509 certificate information.
+
+** Fix build failures on Solaris.
+Thanks to Dagobert Michelsen <dam@opencsw.org>.
+
+** i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese
+** translations. Added Simplified Chinese translation.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.5 (released 2009-11-02)
+
+** libgnutls: In server side when resuming a session do not overwrite the
+** initial session data with the resumed session data.
+
+** libgnutls: Fix PKCS#12 encoding.
+The error you would get was "The OID is not supported.". Problem
+introduced for the v2.8.x branch in 2.7.6.
+
+** guile: Compatibility with guile 2.x.
+By Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** tests: Fix expired cert in chainverify self-test.
+
+** tests: Fix time bomb in chainverify self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3925>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.4 (released 2009-09-18)
+
+** libgnutls: Enable Camellia ciphers by default.
+
+** libgnutls: Make OpenPGP hostname checking work again.
+The patch to resolve the X.509 CN/SAN issue accidentally broken
+OpenPGP hostname comparison.
+
+** libgnutls: When printing X.509 certificates, handle XMPP SANs better.
+Reported by Howard Chu <hyc@symas.com> in
+<https://savannah.gnu.org/support/?106975>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.3 (released 2009-08-13)
+
+** libgnutls: Fix patch for NUL in CN/SAN in last release.
+Code intended to be removed would lead to an read-out-bound error in
+some situations. Reported by Tomas Hoger <thoger@redhat.com>. A CVE
+code have been allocated for the vulnerability: [CVE-2009-2730].
+
+** libgnutls: Fix rare failure in gnutls_x509_crt_import.
+The function may fail incorrectly when an earlier certificate was
+imported to the same gnutls_x509_crt_t structure.
+
+** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build error.
+
+** tests: Made self-test mini-eagain take less time.
+
+** doc: Typo fixes.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.2 (released 2009-08-10)
+
+** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields.
+By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS
+into 1) not printing the entire CN/SAN field value when printing a
+certificate and 2) cause incorrect positive matches when matching a
+hostname against a certificate. Some CAs apparently have poor
+checking of CN/SAN values and issue these (arguable invalid)
+certificates. Combined, this can be used by attackers to become a
+MITM on server-authenticated TLS sessions. The problem is mitigated
+since attackers needs to get one certificate per site they want to
+attack, and the attacker reveals his tracks by applying for a
+certificate at the CA. It does not apply to client authenticated TLS
+sessions. Research presented independently by Dan Kaminsky and Moxie
+Marlinspike at BlackHat09. Thanks to Tomas Hoger <thoger@redhat.com>
+for providing one part of the patch. [GNUTLS-SA-2009-4].
+
+** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
+Before it always returned false. Reported by Peter Hendrickson
+<pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
+
+** libgnutls: Fix off-by-one size computation error in unknown DN printing.
+The error resulted in truncated strings when printing unknown OIDs in
+X.509 certificate DNs. Reported by Tim Kosse
+<tim.kosse@filezilla-project.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3651>.
+
+** libgnutls: Return correct bit lengths of some MPIs.
+gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and
+gnutls_dh_get_peers_public_bits. Before the reported value was
+overestimated. Reported by Peter Hendrickson <pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3607>.
+
+** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN.
+Report and patch by Tim Kosse <tim.kosse@filezilla-project.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3671>
+and
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3670>.
+
+** libgnutls: Relax checking of required libtasn1/libgcrypt versions.
+Before we required that the runtime library used the same (or more
+recent) libgcrypt/libtasn1 as it was compiled with. Now we just check
+that the runtime usage is above the minimum required. Reported by
+Marco d'Itri <md@linux.it> via Andreas Metzler
+<ametzler@downhill.at.eu.org> in <http://bugs.debian.org/540449>.
+
+** minitasn1: Internal copy updated to libtasn1 v2.3.
+
+** tests: Fix failure in "chainverify" because a certificate have expired.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.1 (released 2009-06-10)
+
+** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle.
+Forwarded by Martin von Gagern <Martin.vGagern@gmx.net> from
+<http://bugs.gentoo.org/272388>.
+
+** libgnutls: Fix PKCS#12 decryption from password.
+The encryption key derived from the password was incorrect for (on
+average) 1 in every 128 input for random inputs. Reported by "Kukosa,
+Tomas" <tomas.kukosa@siemens-enterprise.com> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1663>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.8.0 (released 2009-05-27)
+
+** doc: Fix gnutls_dh_get_prime_bits. Fix error codes and algorithm lists.
+
+** Major changes compared to the v2.4 branch:
+
+*** lib: Linker version scripts reduces number of exported symbols.
+
+*** lib: Limit exported symbols on systems without LD linker scripts.
+
+*** libgnutls: Fix namespace issue with version symbols.
+
+*** libgnutls: Add functions to verify a hash against a certificate.
+gnutls_x509_crt_verify_hash: ADDED
+gnutls_x509_crt_get_verify_algorithm: ADDED
+
+*** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6.
+
+*** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'.
+
+*** certtool: Query for multiple dnsName subjectAltName in interactive mode.
+
+*** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.
+
+*** gnutls-serv: No longer disable MAC padding by default.
+
+*** gnutls-cli: Certificate information output format changed.
+
+*** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5
+*** and %VERIFY_ALLOW_X509_V1_CA_CRT.
+
+*** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.
+
+*** libgnutls: gnutls_openpgp_crt_print supports oneline mode.
+
+*** libgnutls: gnutls_handshake when sending client hello during a
+rehandshake, will not offer a version number larger than the current.
+
+*** libgnutls: New interface to get key id for certificate requests.
+gnutls_x509_crq_get_key_id: ADDED.
+
+*** libgnutls: gnutls_x509_crq_print will now also print public key id.
+
+*** certtool: --verify-chain now prints results of using library verification.
+
+*** libgnutls: Libgcrypt initialization changed.
+
+*** libgnutls: Small byte reads via gnutls_record_recv() optimized.
+
+*** gnutls-cli: Return non-zero exit code on error conditions.
+
+*** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
+
+*** certtool: allow setting arbitrary key purpose object identifiers.
+
+*** libgnutls: Change detection of when to use a linker version script.
+Use --enable-ld-version-script or --disable-ld-version-script to
+override auto-detection logic.
+
+*** Fix warnings and build GnuTLS with more warnings enabled.
+
+*** New API to set X.509 credentials from PKCS#12 memory structure.
+gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED
+
+*** Old libgnutls.m4 and libgnutls-config scripts removed.
+Please use pkg-config instead.
+
+*** libgnutls: Added functions to handle CRL extensions.
+gnutls_x509_crl_get_authority_key_id: ADDED
+gnutls_x509_crl_get_number: ADDED
+gnutls_x509_crl_get_extension_oid: ADDED
+gnutls_x509_crl_get_extension_info: ADDED
+gnutls_x509_crl_get_extension_data: ADDED
+gnutls_x509_crl_set_authority_key_id: ADDED
+gnutls_x509_crl_set_number: ADDED
+
+*** libgnutls: Added functions to handle X.509 extensions in Certificate
+Requests.
+gnutls_x509_crq_get_key_rsa_raw: ADDED
+gnutls_x509_crq_get_attribute_info: ADDED
+gnutls_x509_crq_get_attribute_data: ADDED
+gnutls_x509_crq_get_extension_info: ADDED
+gnutls_x509_crq_get_extension_data: ADDED
+gnutls_x509_crq_get_key_usage: ADDED
+gnutls_x509_crq_get_basic_constraints: ADDED
+gnutls_x509_crq_get_subject_alt_name: ADDED
+gnutls_x509_crq_get_subject_alt_othername_oid: ADDED
+gnutls_x509_crq_get_extension_by_oid: ADDED
+gnutls_x509_crq_set_subject_alt_name: ADDED
+gnutls_x509_crq_set_basic_constraints: ADDED
+gnutls_x509_crq_set_key_usage: ADDED
+gnutls_x509_crq_get_key_purpose_oid: ADDED
+gnutls_x509_crq_set_key_purpose_oid: ADDED
+gnutls_x509_crq_print: ADDED
+gnutls_x509_crt_set_crq_extensions: ADDED
+
+*** certtool: Print and set CRL and CRQ extensions.
+
+*** minitasn1: Internal copy updated to libtasn1 v2.1.
+
+*** examples: Now released into the public domain.
+
+*** The Texinfo and GTK-DOC manuals were improved.
+
+*** Several self-tests were added and others improved.
+
+*** API/ABI changes in GnuTLS 2.8 compared to GnuTLS 2.6.x
+No offically supported interfaces have been modified or removed. The
+library should be completely backwards compatible on both the source
+and binary level.
+
+The shared library no longer exports some symbols that have never been
+officially supported, i.e., not mentioned in any of the header files.
+The symbols are:
+
+ _gnutls*
+ gnutls_asn1_tab
+
+Normally when symbols are removed, the shared library version has to
+be incremented. This leads to a significant cost for everyone using
+the library. Because none of the above symbols have ever been
+intended for use by well-behaved applications, we decided that the it
+would be better for those applications to pay the price rather than
+incurring problems on the majority of applications.
+
+If it turns out that applications have been using unofficial
+interfaces, we will need to release a follow-on release on the v2.8
+branch to exports additional interfaces. However, initial testing
+suggests that few if any applications have been using any of the
+internal symbols.
+
+Although not a new change compared to 2.6.x, we'd like to remind you
+interfaces have been modified so that X.509 chain verification now
+also checks activation/expiration times on certificates. The affected
+functions are:
+
+gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
+gnutls_certificate_verify_peers: Likewise.
+gnutls_certificate_verify_peers2: Likewise.
+GNUTLS_CERT_NOT_ACTIVATED: ADDED.
+GNUTLS_CERT_EXPIRED: ADDED.
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
+
+This change in behaviour was made during the GnuTLS 2.6.x cycle, and
+we gave our rationale for it in earlier release notes.
+
+The following symbols have been added to the library:
+
+gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED
+gnutls_x509_crl_get_authority_key_id: ADDED
+gnutls_x509_crl_get_extension_data: ADDED
+gnutls_x509_crl_get_extension_info: ADDED
+gnutls_x509_crl_get_extension_oid: ADDED
+gnutls_x509_crl_get_number: ADDED
+gnutls_x509_crl_set_authority_key_id: ADDED
+gnutls_x509_crl_set_number: ADDED
+gnutls_x509_crq_get_attribute_data: ADDED
+gnutls_x509_crq_get_attribute_info: ADDED
+gnutls_x509_crq_get_basic_constraints: ADDED
+gnutls_x509_crq_get_extension_by_oid: ADDED
+gnutls_x509_crq_get_extension_data: ADDED
+gnutls_x509_crq_get_extension_info: ADDED
+gnutls_x509_crq_get_key_id: ADDED.
+gnutls_x509_crq_get_key_purpose_oid: ADDED
+gnutls_x509_crq_get_key_rsa_raw: ADDED
+gnutls_x509_crq_get_key_usage: ADDED
+gnutls_x509_crq_get_subject_alt_name: ADDED
+gnutls_x509_crq_get_subject_alt_othername_oid: ADDED
+gnutls_x509_crq_print: ADDED
+gnutls_x509_crq_set_basic_constraints: ADDED
+gnutls_x509_crq_set_key_purpose_oid: ADDED
+gnutls_x509_crq_set_key_usage: ADDED
+gnutls_x509_crq_set_subject_alt_name: ADDED
+gnutls_x509_crt_get_verify_algorithm: ADDED
+gnutls_x509_crt_set_crq_extensions: ADDED
+gnutls_x509_crt_verify_hash: ADDED
+
+The following interfaces have been added to the header files:
+
+GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION.
+GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR.
+GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR.
+GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH.
+GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER.
+GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION.
+
+The following interfaces have been deprecated:
+
+LIBGNUTLS_VERSION: DEPRECATED.
+LIBGNUTLS_VERSION_MAJOR: DEPRECATED.
+LIBGNUTLS_VERSION_MINOR: DEPRECATED.
+LIBGNUTLS_VERSION_PATCH: DEPRECATED.
+LIBGNUTLS_VERSION_NUMBER: DEPRECATED.
+LIBGNUTLS_EXTRA_VERSION: DEPRECATED.
+
+* Version 2.7.14 (released 2009-05-26)
+
+** libgnutls: Fix namespace issue with version symbol for libgnutls-extra.
+The symbol LIBGNUTLS_EXTRA_VERSION were renamed to
+GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is
+deprecated.
+
+** Doc: Several typo fixes in documentation.
+Reported by Peter Hendrickson <pdh@wiredyne.com>.
+
+** API and ABI modifications:
+GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION.
+LIBGNUTLS_EXTRA_VERSION: DEPRECATED.
+
+* Version 2.7.13 (released 2009-05-25)
+
+** libgnutls: Fix version of some exported symbols in the shared library.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3576>.
+
+** tests: Handle recently expired certificates in chainverify self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3580>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.12 (released 2009-05-20)
+
+** gnutls-serv, gnutls-cli-debug: Make them work on Windows.
+
+** tests/crq_key_id: Don't read entropy from /dev/random in self-test.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3570>.
+
+** Fix build failures.
+Missing sa_family_t and vsnprintf on IRIX. Reported by "Tom
+G. Christensen" <tgc@jupiterrise.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3571>.
+
+** minitasn1: Internal copy updated to libtasn1 v2.2.
+GnuTLS should work fine with libtasn1 v1.x and that is still
+supported.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.11 (released 2009-05-18)
+
+** minitasn1: Fix build failure when using internal libtasn1.
+Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3548>.
+
+** libgnutls: Fix build failure with --disable-cxx.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3557>.
+
+** gnutls-serv: Fix build failure for unportable NI_MAXHOST/NI_MAXSERV.
+Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3560>
+
+** Building with many warning flags now requires --enable-gcc-warnings.
+This avoids crying wolf for normal compiles.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.10 (released 2009-05-13)
+
+** examples: Now released into the public domain.
+This makes the license of the example code compatible with more
+licenses, including the (L)GPL.
+
+** minitasn1: Internal copy updated to libtasn1 v2.1.
+GnuTLS should work fine with libtasn1 v1.x and that is still
+supported.
+
+** libgnutls: Fix crash in signature verification
+The fix for the CVE-2009-1415 problem wasn't merged completely.
+
+** doc: Fixes for GTK-DOC output.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.9 (released 2009-05-11)
+
+** doc: Fix strings in man page of gnutls_priority_init.
+
+** doc: Fix tables of error codes and supported algorithms.
+
+** Fix build failure when cross-compiled using MinGW.
+
+** Fix build failure when LZO is enabled.
+Reported by Arfrever Frehtes Taifersar Arahesis
+<arfrever.fta@gmail.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3522>.
+
+** Fix build failure on systems without AF_INET6, e.g., Solaris 2.6.
+Reported by "Tom G. Christensen" <tgc@jupiterrise.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3524>.
+
+** Fix warnings in self-tests.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.8 (released 2009-05-03)
+
+** libgnutls: Fix DSA key generation.
+Merged from stable branch. [GNUTLS-SA-2009-2] [CVE-2009-1416]
+
+** libgnutls: Check expiration/activation time on untrusted certificates.
+Merged from stable branch. Reported by Romain Francoise
+<romain@orebokech.com>. This changes the semantics of
+gnutls_x509_crt_list_verify, which in turn is used by
+gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2.
+We add two new gnutls_certificate_status_t codes for reporting the new
+error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED.
+We also add a new gnutls_certificate_verify_flags flag,
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
+behaviour. [GNUTLS-SA-2009-3] [CVE-2009-1417]
+
+** lib: Linker version scripts reduces number of exported symbols.
+The linker version script now lists all exported ABIs explicitly, to
+avoid accidentally exporting unintended functions. Compared to
+before, most symbols beginning with _gnutls* are no longer exported.
+These functions have never been intended for use by applications, and
+there were no prototypes for these function in the public header
+files. Thus we believe it is possible to do this without incrementing
+the library ABI version which normally has to be done when removing an
+interface.
+
+** lib: Limit exported symbols on systems without LD linker scripts.
+Before all symbols were exported. Now we limit the exported symbols
+to (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls)
+_gnutls*. This is a superset of the actual supported ABI, but still
+an improvement compared to before. This is implemented using Libtool
+-export-symbols-regex. It is more portable than linker version
+scripts.
+
+** libgnutls: Incremented CURRENT/AGE libtool version to reflect new symbols.
+This should have been done in the last release.
+
+** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6.
+Reported by Peter Hendrickson <pdh@wiredyne.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3476>.
+
+** doc: Improved sections for the info manual.
+We now follow the advice given by the texinfo manual on which
+directory categories to use. In particular, libgnutls moved from the
+'GNU Libraries' section to the 'Software libraries' and the command
+line tools moved from 'Network Applications' to 'System
+Administration'.
+
+** API and ABI modifications:
+gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
+gnutls_certificate_verify_peers: Likewise.
+gnutls_certificate_verify_peers2: Likewise.
+GNUTLS_CERT_NOT_ACTIVATED: ADDED.
+GNUTLS_CERT_EXPIRED: ADDED.
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
+
+* Version 2.7.7 (released 2009-04-20)
+
+** libgnutls: Applied patch by Cedric Bail to add functions
+gnutls_x509_crt_verify_hash() and gnutls_x509_crt_get_verify_algorithm().
+
+** gnutls.pc: Add -ltasn1 to 'pkg-config --libs --static gnutls' output.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3467>.
+
+** minitasn1: Internal copy updated to libtasn1 v1.8.
+GnuTLS is also internally ready to be used with libtasn1 v2.0.
+
+** doc: Fix build failure of errcodes/printlist.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3435>.
+
+** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'.
+It is currently only used by the core library. This will enable a new
+domain 'gnutls' for translations of the command line tools.
+
+** Corrected possible memory corruption on signature verification failure.
+Reported by Miroslav Kratochvil <exa.exa@gmail.com>
+
+** API and ABI modifications:
+gnutls_x509_crt_verify_hash: ADDED
+gnutls_x509_crt_get_verify_algorithm: ADDED
+
+* Version 2.7.6 (released 2009-02-27)
+
+** certtool: Query for multiple dnsName subjectAltName in interactive mode.
+This applies both to generating certificates and certificate requests.
+
+** pkix.asn: Removed unneeded definitions to reduce memory usage.
+
+** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify.
+Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to
+be used for chain verification.
+
+** gnutls-serv: No longer disable MAC padding by default.
+Use --priority NORMAL:%COMPAT to disable MAC padding again.
+
+** gnutls-cli: Certificate information output format changed.
+The tool now uses libgnutls' functions to print certificate
+information. This avoids code duplication.
+
+** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5
+** and %VERIFY_ALLOW_X509_V1_CA_CRT.
+They can be used to override the default certificate chain validation
+behaviour.
+
+** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
+specify the client hello message record version. Used to overcome buggy
+TLS servers. Report by Martin von Gagern.
+
+** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode.
+
+** libgnutls: gnutls_openpgp_crt_print supports oneline mode.
+
+** doc: Update gnutls-cli and gnutls-serv --help output descriptions.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.5 (released 2009-02-06)
+
+** libgnutls: Accept chains where intermediary certs are trusted.
+Before GnuTLS needed to validate the entire chain back to a
+self-signed certificate. GnuTLS will now stop looking when it has
+found an intermediary trusted certificate. The new behaviour is
+useful when chains, for example, contains a top-level CA, an
+intermediary CA signed using RSA-MD5, and an end-entity certificate.
+To avoid chain validation errors due to the RSA-MD5 cert, you can
+explicitly add the intermediary RSA-MD5 cert to your trusted certs.
+The signature on trusted certificates are not checked, so the chain
+has a chance to validate correctly. Reported by "Douglas E. Engert"
+<deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: result_size in gnutls_hex_encode now holds
+the size of the result. Report by John Brooks <special@dereferenced.net>.
+
+** libgnutls: gnutls_handshake when sending client hello during a
+rehandshake, will not offer a version number larger than the current.
+Reported by Tristan Hill <stan@saticed.me.uk>.
+
+** libgnutls: Permit V1 Certificate Authorities properly.
+Before they were mistakenly rejected even though
+GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
+GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
+"Douglas E. Engert" <deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.4 (released 2009-01-07)
+
+** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
+This is a bugfix -- the previous attempt to do this from internal x509
+certificate verification procedures did not return the correct value
+for certificates using a weak hash. Reported by Daniel Kahn Gillmor
+<dkg@fifthhorseman.net> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
+debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
+Gillmor <dkg@fifthhorseman.net>.
+
+** libgnutls: New interface to get key id for certificate requests.
+Patch from David Marín Carreño <davefx@gmail.com> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3321>.
+
+** libgnutls: gnutls_x509_crq_print will now also print public key id.
+
+** certtool: --verify-chain now prints results of using library verification.
+Earlier, certtool --verify-chain used its own validation algorithm
+which wasn't guaranteed to give the same result as the libgnutls
+internal validation algorithm. Now this command print a new final
+line with header 'Chain verification output:' that contains the result
+from using the internal verification algorithm on the same chain.
+
+** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id.
+
+** API and ABI modifications:
+gnutls_x509_crq_get_key_id: ADDED.
+
+* Version 2.7.3 (released 2008-12-10)
+
+** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
+Reported by Michael Kiefer <Michael-Kiefer@web.de> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by
+Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>.
+
+** libgnutls: Libgcrypt initialization changed.
+If libgcrypt has not already been initialized, GnuTLS will now
+initialize libgcrypt with disabled secure memory. Initialize
+libgcrypt explicitly in your application if you want to enable secure
+memory. Before GnuTLS initialized libgcrypt to use GnuTLS's memory
+allocation functions, which doesn't use secure memory, so there is no
+real change in behaviour.
+
+** libgnutls: Fix memory leak in PSK authentication.
+Reported by Michael Weiser <michael@weiser.dinsnail.net> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1465>.
+
+** libgnutls: Small byte reads via gnutls_record_recv() optimized.
+
+** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.
+It needs to be invoked before libgcrypt is initialized.
+
+** gnutls-cli: Return non-zero exit code on error conditions.
+
+** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
+
+** tests: Added chainverify self-test that tests X.509 chain verifications.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.2 (released 2008-11-18)
+
+** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
+The flaw makes it possible for man in the middle attackers (i.e.,
+active attackers) to assume any name and trick GnuTLS clients into
+trusting that name. Thanks for report and analysis from Martin von
+Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]
+
+Any updates with more details about this vulnerability will be added
+to <http://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix namespace issue with version symbols.
+The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR,
+LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and
+LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER,
+GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and
+GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to
+work but are deprecated.
+
+** certtool: allow setting arbitrary key purpose object identifiers.
+
+** libgnutls: Fix detection of C99 macros, to make debug logging work again.
+
+** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
+Reported by Kevin Quick <quick@sparq.org> in
+<https://savannah.gnu.org/support/index.php?106454>.
+
+** libgnutls-extra: Make building with LZO compression work again.
+Build failure reported by Arfrever Frehtes Taifersar Arahesis
+<arfrever.fta@gmail.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3194>.
+
+** libgnutls: Change detection of when to use a linker version script.
+Use --enable-ld-version-script or --disable-ld-version-script to
+override auto-detection logic.
+
+** doc: Change license on the manual to GFDLv1.3+.
+
+** doc: GTK-DOC fixes for new splitted configuration system.
+
+** doc: Texinfo stylesheet uses white background.
+
+** tests: Add cve-2008-4989.c self-test.
+Tests regressions of the GNUTLS-SA-2008-3 security problem, and the
+follow-on problem with crashes on length 1 certificate chains.
+
+** gnulib: Deprecated modules removed.
+Modules include memchr and memcmp.
+
+** Fix warnings and build GnuTLS with more warnings enabled.
+
+** minitasn1: Internal copy updated to libtasn1 v1.7.
+
+** API and ABI modifications:
+gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED
+GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION.
+GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR.
+GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR.
+GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH.
+GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER.
+LIBGNUTLS_VERSION: DEPRECATED.
+LIBGNUTLS_VERSION_MAJOR: DEPRECATED.
+LIBGNUTLS_VERSION_MINOR: DEPRECATED.
+LIBGNUTLS_VERSION_PATCH: DEPRECATED.
+LIBGNUTLS_VERSION_NUMBER: DEPRECATED.
+
+* Version 2.7.1 (released 2008-10-31)
+
+** certtool: print a PKCS #8 key even if it is not encrypted.
+
+** Old libgnutls.m4 and libgnutls-config scripts removed.
+Please use pkg-config instead.
+
+** Configuration system modified.
+There is now a configure script in lib/ and libextra/ as well, because
+gnulib works better with a config.h per gnulib directory.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.7.0 (released 2008-10-16)
+
+** libgnutls: Added functions to handle CRL extensions.
+
+** libgnutls: Added functions to handle X.509 extensions in Certificate
+Requests.
+
+** libgnutls: Improved error string for GNUTLS_E_AGAIN.
+Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" <lavr@ncbi.nlm.nih.gov>.
+
+** certtool: Print and set CRL and CRQ extensions.
+
+** libgnutls-extra: Protect internal symbols with static.
+Fixes problem when linking certtool statically. Tiny patch from Aaron
+Ucko <ucko@ncbi.nlm.nih.gov>.
+
+** libgnutls-openssl: fix out of bounds access.
+Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch
+from Thomas Viehmann <tv@beamnet.de>.
+
+** libgnutlsxx: Define server_session::get_srp_username even if no SRP.
+
+** tests: Make tests compile when using internal libtasn1.
+Patch by ludo@gnu.org (Ludovic Courtès).
+
+** Changed detection of libtasn1 and libgcrypt to avoid depending on *-config.
+We now require a libgcrypt that has Camellia constants declared in
+gcrypt.h, which means v1.3.0 or later.
+
+** API and ABI modifications:
+gnutls_x509_crl_get_authority_key_id: ADDED
+gnutls_x509_crl_get_number: ADDED
+gnutls_x509_crl_get_extension_oid: ADDED
+gnutls_x509_crl_get_extension_info: ADDED
+gnutls_x509_crl_get_extension_data: ADDED
+gnutls_x509_crl_set_authority_key_id: ADDED
+gnutls_x509_crl_set_number: ADDED
+gnutls_x509_crq_get_key_rsa_raw: ADDED
+gnutls_x509_crq_get_attribute_info: ADDED
+gnutls_x509_crq_get_attribute_data: ADDED
+gnutls_x509_crq_get_extension_info: ADDED
+gnutls_x509_crq_get_extension_data: ADDED
+gnutls_x509_crq_get_key_usage: ADDED
+gnutls_x509_crq_get_basic_constraints: ADDED
+gnutls_x509_crq_get_subject_alt_name: ADDED
+gnutls_x509_crq_get_subject_alt_othername_oid: ADDED
+gnutls_x509_crq_get_extension_by_oid: ADDED
+gnutls_x509_crq_set_subject_alt_name: ADDED
+gnutls_x509_crq_set_basic_constraints: ADDED
+gnutls_x509_crq_set_key_usage: ADDED
+gnutls_x509_crq_get_key_purpose_oid: ADDED
+gnutls_x509_crq_set_key_purpose_oid: ADDED
+gnutls_x509_crq_print: ADDED
+gnutls_x509_crt_set_crq_extensions: ADDED
+
+* Version 2.6.6 (released 2009-04-30)
+
+** libgnutls: Corrected double free on signature verification failure.
+Reported by Miroslav Kratochvil <exa.exa@gmail.com>. See the advisory
+for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415]
+
+** libgnutls: Fix DSA key generation.
+Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All
+DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory
+for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416]
+
+** libgnutls: Check expiration/activation time on untrusted certificates.
+Reported by Romain Francoise <romain@orebokech.com>. Before the
+library did not check activation/expiration times on certificates, and
+was documented as not doing so. We have realized that many
+applications that use libgnutls, including gnutls-cli, fail to perform
+proper checks. Implementing similar logic in all applications leads
+to code duplication. Hence, we decided to check whether the current
+time (as reported by the time function) is within the
+activation/expiration period of certificates when verifying untrusted
+certificates.
+
+This changes the semantics of gnutls_x509_crt_list_verify, which in
+turn is used by gnutls_certificate_verify_peers and
+gnutls_certificate_verify_peers2. We add two new
+gnutls_certificate_status_t codes for reporting the new error
+condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
+add a new gnutls_certificate_verify_flags flag,
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
+behaviour.
+
+More details about the vulnerabilities will be posted at
+<http://www.gnu.org/software/gnutls/security.html>.
+
+** gnutls-cli, gnutls-cli-debug: Fix AIX build problem.
+Reported by LAUPRETRE François (P) <francois.laupretre@ratp.fr> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3468>.
+
+** tests: Fix linking of tests/openpgp/keyring self-test.
+Reported by Daniel Black in <https://savannah.gnu.org/support/?106543>.
+
+** API and ABI modifications:
+gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times.
+gnutls_certificate_verify_peers: Likewise.
+gnutls_certificate_verify_peers2: Likewise.
+GNUTLS_CERT_NOT_ACTIVATED: ADDED.
+GNUTLS_CERT_EXPIRED: ADDED.
+GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED.
+
+* Version 2.6.5 (released 2009-04-11)
+
+** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to
+specify the client hello message record version. Used to overcome buggy
+TLS servers. Report by Martin von Gagern.
+
+** GnuTLS no longer uses the libtasn1-config script to find libtasn1.
+Libtasn1 0.3.4 or later is required. This is to align with the
+upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.4 (released 2009-02-06)
+
+** libgnutls: Accept chains where intermediary certs are trusted.
+Before GnuTLS needed to validate the entire chain back to a
+self-signed certificate. GnuTLS will now stop looking when it has
+found an intermediary trusted certificate. The new behaviour is
+useful when chains, for example, contains a top-level CA, an
+intermediary CA signed using RSA-MD5, and an end-entity certificate.
+To avoid chain validation errors due to the RSA-MD5 cert, you can
+explicitly add the intermediary RSA-MD5 cert to your trusted certs.
+The signature on trusted certificates are not checked, so the chain
+has a chance to validate correctly. Reported by "Douglas E. Engert"
+<deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: result_size in gnutls_hex_encode now holds
+the size of the result. Report by John Brooks <special@dereferenced.net>.
+
+** libgnutls: gnutls_handshake when sending client hello during a
+rehandshake, will not offer a version number larger than the current.
+Reported by Tristan Hill <stan@saticed.me.uk>.
+
+** libgnutls: Permit V1 Certificate Authorities properly.
+Before they were mistakenly rejected even though
+GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
+GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
+"Douglas E. Engert" <deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
+This is a bugfix -- the previous attempt to do this from internal x509
+certificate verification procedures did not return the correct value
+for certificates using a weak hash. Reported by Daniel Kahn Gillmor
+<dkg@fifthhorseman.net> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
+debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
+Gillmor <dkg@fifthhorseman.net>.
+
+** libgnutls: Fix compile error with Sun CC.
+Reported by Jeff Cai <jeff.cai@sun.com> in
+<https://savannah.gnu.org/support/?106549>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.3 (released 2008-12-12)
+
+** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
+Reported by Michael Kiefer <Michael-Kiefer@web.de> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by
+Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>.
+
+** libgnutls: Fix memory leak in PSK authentication.
+Reported by Michael Weiser <michael@weiser.dinsnail.net> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1465>.
+
+** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier.
+It needs to be invoked before libgcrypt is initialized.
+
+** gnutls-cli: Return non-zero exit code on error conditions.
+
+** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.2 (released 2008-11-12)
+
+** libgnutls: Fix crash in X.509 validation code for self-signed certificates.
+The patch to fix the security problem GNUTLS-SA-2008-3 introduced a
+problem for certificate chains that contained just one self-signed
+certificate. Reported by Michael Meskes <meskes@debian.org> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.1 (released 2008-11-10)
+
+** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
+The flaw makes it possible for man in the middle attackers (i.e.,
+active attackers) to assume any name and trick GnuTLS clients into
+trusting that name. Thanks for report and analysis from Martin von
+Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]
+
+Any updates with more details about this vulnerability will be added
+to <http://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits.
+Reported by Kevin Quick <quick@sparq.org> in
+<https://savannah.gnu.org/support/index.php?106454>.
+
+** libgnutls-extra: Protect internal symbols with static.
+Fixes problem when linking certtool statically. Tiny patch from Aaron
+Ucko <ucko@ncbi.nlm.nih.gov>.
+
+** libgnutls-openssl: Fix patch against X509_get_issuer_name.
+It incorrectly returned the subject DN instead of issuer DN in v2.6.0.
+Thanks to Thomas Viehmann <tv@beamnet.de> for report.
+
+** certtool: Print a PKCS #8 key even if it is not encrypted.
+
+** tests: Make tests compile when using internal libtasn1.
+Patch by ludo@gnu.org (Ludovic Courtès).
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.6.0 (released 2008-10-06)
+
+** libgnutls: Correct printing and parsing of IPv6 addresses.
+
+** libgnutls-openssl: fix out of bounds access.
+Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch
+from Thomas Viehmann <tv@beamnet.de>.
+
+** certtool: Use inet_pton for parsing IPv6 addresses.
+
+** Major changes compared to the v2.4 branch:
+
+*** Added API to replace and update the crypto backend.
+
+*** certtool: can add several subject alternative names via template file.
+
+*** opencdk: Parse (but not decrypt) encrypted secret keys.
+
+*** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can
+either set or append alternative names. It can also handle binary structures
+such as IP addresses.
+
+*** libgnutls: New function to set minimum acceptable SRP bits.
+The function is gnutls_srp_set_prime_bits.
+
+*** libgnutls: Add interface to deal with public key and signature algorithms.
+The functions are called gnutls_pk_list, gnutls_pk_get_id,
+gnutls_sign_list, and gnutls_sign_get_id.
+
+*** libgnutls: New interfaces to get name of public key and signing algorithms.
+The functions are gnutls_sign_get_name and gnutls_pk_get_name.
+
+*** libgnutls: New API to get a string corresponding to a error symbol.
+The function is gnutls_strerror_name.
+
+*** libgnutls: New API to set the public parameters in a certificate request
+*** from a private key.
+The function is gnutls_x509_crq_set_key_rsa_raw.
+
+*** libgnutls: New API to set a callback to extract TLS Finished data.
+The function to register is gnutls_session_set_finished_function and
+it takes a callback of the gnutls_finished_callback_func type.
+
+*** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE.
+
+*** libgnutls: New interface to register a new TLS extension handler.
+The new function gnutls_ext_register can be used to register handlers
+for specific TLS extension types. The callback functions have the new
+types gnutls_ext_recv_func and gnutls_ext_send_func. A type to
+classify TLS extensions, gnutls_ext_parse_type_t, has been added as
+well.
+
+*** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode.
+The function is gnutls_register_md5_handler. When libgcrypt is in
+FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in
+the PRF.
+
+*** API/ABI changes in GnuTLS 2.6
+No functions have been removed or modified. The library should be
+fully backwards compatible on both the source and binary level.
+
+A new header file <gnutls/crypto.h> have been added. It contains
+definitions related to replacing the internal crypto functionality.
+All definitions and the header itself is experimental but supported.
+
+We have realized that the symbols TLS_MASTER_SIZE and TLS_RANDOM_SIZE
+does not use the normal namespace. We have added GNUTLS_MASTER_SIZE
+and GNUTLS_RANDOM_SIZE, but the old symbols are still defined.
+
+The following functions have been added to libgnutls:
+
+GNUTLS_MASTER_SIZE
+GNUTLS_RANDOM_SIZE
+gnutls_crypto_bigint_register2
+gnutls_crypto_cipher_register2
+gnutls_crypto_digest_register2
+gnutls_crypto_mac_register2
+gnutls_crypto_pk_register2
+gnutls_crypto_rnd_register2
+gnutls_crypto_single_cipher_register2
+gnutls_crypto_single_digest_register2
+gnutls_crypto_single_mac_register2
+gnutls_ext_register
+gnutls_pk_get_id
+gnutls_pk_get_name
+gnutls_pk_list
+gnutls_session_set_finished_function
+gnutls_sign_get_id
+gnutls_sign_get_name
+gnutls_sign_list
+gnutls_srp_set_prime_bits:
+gnutls_strerror_name
+gnutls_x509_crq_set_key_rsa_raw
+gnutls_x509_crt_set_crl_dist_points2
+gnutls_x509_crt_set_subject_alt_name
+
+The following functions have been added to libgnutls-extra:
+
+gnutls_register_md5_handler
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.5.9 (released 2008-09-29)
+
+** libgnutls: Fix several memory leaks.
+Reported by Sam Varshavchik <mrsam@courier-mta.com>.
+
+** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import.
+Report and patch by Jonathan Manktelow.
+
+** libgnutls: crypto.h gnutls_pk_params_st changes allocation strategy.
+The parameters are now allocated in the structure itself.
+
+** doc: Texinfo HTML manual uses a stylesheet to improve readability.
+
+** tests: Scripts now use EXEEXT properly.
+Modern libtool doesn't create wrapper script, so the self tests need
+to invoke certtool.exe under MinGW32+Wine.
+
+** Uses autoconf 2.63, automake 1.10.1, libtool 2.2.6a.
+Automake warnings are now also enabled.
+
+** API and ABI modifications:
+gnutls_pk_params_st: MODIFIED
+
+* Version 2.5.8 (released 2008-09-21)
+
+** certtool: updated so it can add several subject alternative names using
+the template file.
+
+** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can
+either set or append alternative names. It can also handle binary structures
+such as IP addresses.
+
+** libgnutls: Fix crash in hashing code when using non-libgcrypt handlers.
+
+** libgnutls: New function to set minimum acceptable SRP bits.
+The function is gnutls_srp_set_prime_bits. Tiny patch by Kevin Quick
+<quick@sparq.org> in <https://savannah.gnu.org/support/index.php?106454>.
+
+** libgnutls: Check for overflows in gnutls_calloc and gnutls_secure_calloc.
+Also fix overflows in calls to those functions. Reported by Werner
+Koch <wk@gnupg.org>.
+
+** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode.
+The function is gnutls_register_md5_handler. When libgcrypt is in
+FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in
+the PRF.
+
+** Opencdk: Add calls to gnutls_assert to ease debugging.
+
+** Indent code.
+
+** API and ABI modifications:
+gnutls_srp_set_prime_bits: ADDED
+gnutls_register_md5_handler: ADDED
+gnutls_x509_crt_set_crl_dist_points2: ADDED
+gnutls_x509_crt_set_subject_alt_name: ADDED
+
+* Version 2.5.7 (released 2008-09-16)
+
+** libgnutls: New interfaces to get name of public key and signing algorithms.
+The functions are gnutls_sign_get_name and gnutls_pk_get_name.
+
+** libgnutls: Don't crash when gnutls_credentials_set is called twice.
+
+** libgnutls: Fix libgnutls shared library version.
+It wasn't properly incremented after adding symbols in the last
+release.
+
+** manual: Now mention supported public key and public key signing algorithms.
+
+** tests/openssl: initialize gnutls before use.
+
+** tests/setcredcrash: New test to catch regressions of gnutls_credentials_set.
+
+** GTK-DOC manual: mention new symbols in 2.6.x. Mention crypto.h functions.
+
+** API and ABI modifications:
+gnutls_sign_get_name: ADDED
+gnutls_pk_get_name: ADDED
+
+* Version 2.5.6 (released 2008-09-08)
+
+** libgnutls: Add interface to deal with public key and signature algorithms.
+The functions are called gnutls_pk_list, gnutls_pk_get_id,
+gnutls_sign_list, and gnutls_sign_get_id. Suggested by Sam
+Varshavchik <mrsam@courier-mta.com>.
+
+** libgnutls: Refactor and clean up some code.
+
+** libgnutls: Fix compile error with Sun CC.
+
+** gnutls-cli: Improve --list output to include public key and signature algs.
+
+** gnutls-cli, gnutls-serv: Remove --copyright parameter.
+Use standard --version to get license info.
+
+** gnutls-cli.1: Document all new parameters.
+Thanks to James Westby <jw+debian@jameswestby.net>.
+
+** tests: New self-test pgps2kgnu to test parsing of encrypted secrets.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** API and ABI modifications:
+gnutls_pk_list: ADDED
+gnutls_pk_get_id: ADDED
+gnutls_sign_list: ADDED
+gnutls_sign_get_id: ADDED
+
+* Version 2.5.5 (released 2008-08-29)
+
+** libgnutls: New API to get a string corresponding to a error symbol.
+The function is gnutls_strerror_name.
+
+** libgnutls: Fix include paths so that building with internal libtasn1 works.
+Reported by "jth.net ApS" <info@jth.net>.
+
+** libgnutls: Fix segmentation fault when generating private keys.
+Reported by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** libgnutls: Remove code to import certificate chains in PKCS#7 format.
+The code has not worked since v0.9.0 and apparently nobody has missed
+it, so we decided to remove the code rather than fix it. If you have
+old certificate chains stored in PKCS#7 format, you can convert them
+to a list of PEM certificates by using 'certtool --p7-info'. Reported
+by Christian Grothoff <christian@grothoff.org>.
+
+** opencdk: Parse (but not decrypt) encrypted secret keys.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** libgnutls: Fix many warnings.
+
+** Included copy of libtasn1 is upgraded to version 1.5.
+
+** Add French translation, thanks to Nicolas Provost.
+
+** API and ABI modifications:
+gnutls_strerror_name: ADDED
+
+* Version 2.5.4 (released 2008-08-19)
+
+** Fix secure memory initialization of libgcrypt.
+Reported by Joe Orton <joe@manyfish.co.uk> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2992>.
+
+** Doc fixes.
+Reference to NIST SP 800-57 in the manual on key size recommendations.
+Added 'Since:' tags to new APIs for gtk-doc.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.5.3 (released 2008-08-14)
+
+** libgnutls: New API to set the public parameters in a certificate request
+** from a private key.
+The function is gnutls_x509_crq_set_key_rsa_raw. Inspired by
+discussion with "Zach C." <fxchip@gmail.com>.
+
+** libgnutls: New API to set a callback to extract TLS Finished data.
+The function to register is gnutls_session_set_finished_function and
+it takes a callback of the gnutls_finished_callback_func type.
+
+** libgnutls: Drop final comma after GNUTLS_CRT_PRINT_UNSIGNED_FULL in enum.
+Reported in <https://savannah.gnu.org/support/?106453>.
+
+** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE.
+The new names are GNUTLS_MASTER_SIZE and GNUTLS_RANDOM_SIZE. The old
+names are mapped to the new names in compat.h. These mappings will
+likely be removed more quickly than other mappings in that file due to
+the namespace violation.
+
+** libgnutlsxx: Make it build when SRP is disabled.
+
+** doc: Add doxygen files in doc/doxygen/.
+
+** API and ABI modifications:
+gnutls_x509_crq_set_key_rsa_raw: ADDED
+gnutls_session_set_finished_function: ADDED
+gnutls_finished_callback_func: ADDED
+GNUTLS_MASTER_SIZE: ADDED
+GNUTLS_RANDOM_SIZE: ADDED
+TLS_MASTER_SIZE: DEPRECATED
+TLS_RANDOM_SIZE: DEPRECATED
+
+* Version 2.5.2 (released 2008-07-08)
+
+** libgnutls: Fix bug in gnutls_dh_params_generate2.
+The prime and generator was swapped.
+
+** libgnutls: New interface to register a new TLS extension handler.
+The new function gnutls_ext_register can be used to register handlers
+for specific TLS extension types. The callback functions have the new
+types gnutls_ext_recv_func and gnutls_ext_send_func. A type to
+classify TLS extensions, gnutls_ext_parse_type_t, has been added as
+well.
+
+** Move more code for TLS/IA extension from libgnutls to libgnutls-extra.
+This was made possible by using the new gnutls_ext_register interface.
+The TLS/IA functionality has only been supported through the
+libgnutls-extra library, so it makes sense for the code to belong
+there too.
+
+** API and ABI modifications:
+gnutls_ext_recv_func: ADDED
+gnutls_ext_send_func: ADDED
+gnutls_ext_parse_type_t: ADDED
+gnutls_ext_register: ADDED
+
+* Version 2.5.1 (released 2008-07-02)
+
+** Indent code.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.5.0 (released 2008-07-02)
+
+** Port fixes from v2.4.1 release, see below.
+
+** Added API to replace and update the crypto backend.
+The header gnutls/crypto.h is now officially supported, and declares
+the symbols below.
+
+** Rewritten opencdk crypto backend, to use the gnutls internal one.
+
+** Update gnulib and translations.
+The gnulib gc crypto code has been removed since it was never finished
+and is no longer even used. An internal non-libgcrypt crypto
+implementation may be added in the future, but we'll decide that later
+on.
+
+** API and ABI modifications:
+gnutls_crypto_bigint_register2: ADDED.
+gnutls_crypto_cipher_register2: ADDED.
+gnutls_crypto_digest_register2: ADDED.
+gnutls_crypto_mac_register2: ADDED.
+gnutls_crypto_pk_register2: ADDED.
+gnutls_crypto_rnd_register2: ADDED.
+gnutls_crypto_single_cipher_register2: ADDED.
+gnutls_crypto_single_digest_register2: ADDED.
+gnutls_crypto_single_mac_register2: ADDED.
+
+* Version 2.4.3 (released 2009-02-06)
+
+** libgnutls: Accept chains where intermediary certs are trusted.
+Before GnuTLS needed to validate the entire chain back to a
+self-signed certificate. GnuTLS will now stop looking when it has
+found an intermediary trusted certificate. The new behaviour is
+useful when chains, for example, contains a top-level CA, an
+intermediary CA signed using RSA-MD5, and an end-entity certificate.
+To avoid chain validation errors due to the RSA-MD5 cert, you can
+explicitly add the intermediary RSA-MD5 cert to your trusted certs.
+The signature on trusted certificates are not checked, so the chain
+has a chance to validate correctly. Reported by "Douglas E. Engert"
+<deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: Permit V1 Certificate Authorities properly.
+Before they were mistakenly rejected even though
+GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or
+GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by
+"Douglas E. Engert" <deengert@anl.gov> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351>.
+
+** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures.
+This is a bugfix -- the previous attempt to do this from internal x509
+certificate verification procedures did not return the correct value
+for certificates using a weak hash. Reported by Daniel Kahn Gillmor
+<dkg@fifthhorseman.net> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3332>,
+debugged and patch by Tomas Mraz <tmraz@redhat.com> and Daniel Kahn
+Gillmor <dkg@fifthhorseman.net>.
+
+** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs.
+Reported by Michael Kiefer <Michael-Kiefer@web.de> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507633> forwarded by
+Andreas Metzler <ametzler@downhill.at.eu.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3309>.
+
+** libgnutls: Fix crash in X.509 validation code for self-signed certificates.
+The patch to fix the security problem GNUTLS-SA-2008-3 introduced a
+problem for certificate chains that contained just one self-signed
+certificate. Reported by Michael Meskes <meskes@debian.org> in
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505279>.
+
+** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3]
+The flaw makes it possible for man in the middle attackers (i.e.,
+active attackers) to assume any name and trick GnuTLS clients into
+trusting that name. Thanks for report and analysis from Martin von
+Gagern <Martin.vGagern@gmx.net>. [CVE-2008-4989]
+
+Any updates with more details about this vulnerability will be added
+to <http://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import.
+Report and patch by Jonathan Manktelow.
+
+** libgnutls: Avoid use of non-thread safe strerror.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.4.2 (released 2008-09-15)
+
+** libgnutls: Don't crash when gnutls_credentials_set is called twice.
+
+** libgnutls: Corrected memory leak in X.509 functions.
+Thanks to Colin Leroy <colin@colino.net>.
+
+** libgnutls: Fix compile error with Sun CC.
+
+** gnutls-cli.1: Document all new parameters.
+Thanks to James Westby <jw+debian@jameswestby.net>.
+
+** tests/openssl: initialize gnutls before use.
+Fixes crash with libgcrypt 1.4.2. Reported by Ludovic Courtes
+<ludovic.courtes@laas.fr>.
+
+** doc/: Fix texinfo markup for old texinfo versions.
+
+** Included copy of libtasn1 is upgraded to version 1.5.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.4.1 (released 2008-06-30)
+
+** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2]
+If the gnutls_handshake function is called for a normal session, which
+can happen for re-handshakes, the library would crash because it tried
+to hash some data using a libgcrypt handle that had been deallocated.
+Report and tiny patch from Tomas Mraz <tmraz@redhat.com>. Any updates
+with more details about this vulnerability will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+** libgnutls: Fix memory leaks when doing a re-handshake.
+Reported by Sam Varshavchik <mrsam@courier-mta.com> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2928>.
+
+** Fix compiler warnings.
+Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://thread.gmane.org/gmane.network.gnutls.general/1281>.
+
+** Fix ordering of -I's to avoid opencdk.h conflict with system headers.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2930>.
+
+** srptool: Fix a problem where --verify check does not succeed.
+Report and tiny patch by Matthias Koenig <mkoenig@suse.de> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2944>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.4.0 (released 2008-06-19)
+
+** Major changes compared to the v2.2 branch:
+
+*** The OpenPGP sub-system has been improved and now supports subkeys.
+
+*** The PSK sub-system has been improved and now supports password
+*** derivation and PSK identity hints.
+The password derivation algorithms support is documented in
+draft-ietf-netconf-tls-02.txt.
+
+*** The certtool --inder and --outder has been replaced by --inraw and --outraw.
+This aligns terminology with OpenPGP, which doesn't use DER encoding.
+The old parameters will continue to work for some time.
+
+*** Certtool now confirm passwords and changes permissions of private key files.
+
+*** The default handshake size limit has been increased to 48kb.
+It appears as if some valid handshakes are large due to sending many
+CA certificates. (The earlier limit was 16kb.)
+
+*** LZO compression is now disabled by default.
+The main reason is that LZO compression in TLS is not standardized,
+but license compatiblity issues with minilzo triggered us to make this
+decision now.
+
+*** Improvements for cross-compilation to Windows and OpenWRT.
+
+*** The look of the GTK-DOC manual has been improved.
+Major developer visible changes compared to the v2.2 branch:
+
+*** Full OpenPGP support is part of libgnutls, licensed under the LGPL.
+
+*** New APIs to access the raw X.509 Subject and Issuer DN's and
+*** elements from the certificate credentials structure.
+Thanks to Joe Orton.
+
+*** New APIs to improve working with username/passwords and PSK.
+
+*** Names of constants to affect certificate printing changed.
+The constants are used for OpenPGP too, which the names didn't
+reflect, so the following name change has been made:
+
+ Old name New name
+ GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL
+ GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE
+ GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL
+
+The old names will be mapped to the new names for some time.
+
+*** The function gnutls_openpgp_privkey_get_id has been renamed to
+*** gnutls_openpgp_privkey_get_key_id.
+A compatibility mapping exists to avoid breaking API backwards
+compatibility.
+
+*** Replaced all uses of alloca with malloc and free.
+
+*** We no longer build with -D_REENTRANT -D_THREAD_SAFE.
+We have been unable to find a documented rationale for this practice.
+
+*** Of course, many smaller fixes have been made, see the ChangeLog file.
+
+*** API/ABI changes in GnuTLS 2.4
+All OpenPGP related functions have been moved from libgnutls-extra to
+libgnutls, and several new functions have been added (see below).
+Before making the release, we discussed whether moving functions from
+libgnutls-extra to libgnutls would require us to increment the ABI
+version, but the general opinion was that this would not be required.
+All older functions continue to work the same. We are open to the
+possibility that this decision will lead to problem on some platform,
+and if it turns out that the Right Thing should have been to increment
+the shared library version, we would need to release an update within
+the 2.4.x branch that increments the shared library version.
+
+This release adds the following functions:
+
+ gnutls_psk_client_get_hint
+ gnutls_psk_set_server_credentials_hint
+ gnutls_psk_netconf_derive_key
+
+ Used to get/set the PSK identity hint, and derive PSK keys from
+ passwords a'la netconf.
+
+ gnutls_x509_dn_deinit
+ gnutls_x509_dn_export
+ gnutls_x509_dn_import
+ gnutls_x509_dn_init
+
+ Used to handle X.509 Certificate DN's directly.
+
+ gnutls_hex2bin
+
+ Converts a data buffer to hex. Useful for handling PSK/SRP shared
+ secrets.
+
+ gnutls_certificate_get_x509_cas
+ gnutls_certificate_get_x509_crls
+ gnutls_certificate_get_openpgp_keyring
+
+ Functions for direct access to credential elements.
+
+ gnutls_openpgp_crt_get_auth_subkey
+ gnutls_openpgp_crt_get_key_id
+ gnutls_openpgp_crt_get_pk_dsa_raw
+ gnutls_openpgp_crt_get_pk_rsa_raw
+ gnutls_openpgp_crt_get_preferred_key_id
+ gnutls_openpgp_crt_get_revoked_status
+ gnutls_openpgp_crt_get_subkey_count
+ gnutls_openpgp_crt_get_subkey_creation_time
+ gnutls_openpgp_crt_get_subkey_expiration_time
+ gnutls_openpgp_crt_get_subkey_fingerprint
+ gnutls_openpgp_crt_get_subkey_id
+ gnutls_openpgp_crt_get_subkey_idx
+ gnutls_openpgp_crt_get_subkey_pk_algorithm
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw
+ gnutls_openpgp_crt_get_subkey_revoked_status
+ gnutls_openpgp_crt_get_subkey_usage
+ gnutls_openpgp_crt_print
+ gnutls_openpgp_crt_set_preferred_key_id
+ gnutls_openpgp_keyring_get_crt
+ gnutls_openpgp_keyring_get_crt_count
+ gnutls_openpgp_privkey_export
+ gnutls_openpgp_privkey_export_dsa_raw
+ gnutls_openpgp_privkey_export_rsa_raw
+ gnutls_openpgp_privkey_export_subkey_dsa_raw
+ gnutls_openpgp_privkey_export_subkey_rsa_raw
+ gnutls_openpgp_privkey_get_fingerprint
+ gnutls_openpgp_privkey_get_key_id
+ gnutls_openpgp_privkey_get_pk_algorithm
+ gnutls_openpgp_privkey_get_preferred_key_id
+ gnutls_openpgp_privkey_get_revoked_status
+ gnutls_openpgp_privkey_get_subkey_count
+ gnutls_openpgp_privkey_get_subkey_creation_time
+ gnutls_openpgp_privkey_get_subkey_expiration_time
+ gnutls_openpgp_privkey_get_subkey_fingerprint
+ gnutls_openpgp_privkey_get_subkey_id
+ gnutls_openpgp_privkey_get_subkey_idx
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm
+ gnutls_openpgp_privkey_get_subkey_revoked_status
+ gnutls_openpgp_privkey_set_preferred_key_id
+
+ New OpenPGP related functions.
+
+ The function gnutls_openpgp_crt_get_key_id is the same as the old
+ from gnutls_openpgp_crt_get_id, see above.
+
+The release also adds a new header file 'gnutls/crypto.h', however it
+is currently not used.
+
+** libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys.
+Contributed by Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>.
+
+** API and ABI modifications:
+gnutls_openpgp_crt_get_subkey_fingerprint: ADDED.
+gnutls_openpgp_privkey_get_subkey_fingerprint: ADDED.
+
+* Version 2.3.15 (released 2008-06-15)
+
+** Disable the openpgp-certs self-tests.
+It results in failure under Wine and doesn't work on Debian buildds.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.14 (released 2008-06-11)
+
+** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour.
+An OpenPGP certificate is now only considered verified if all the user
+IDs are verified.
+
+** Examples: Make C++ example compile.
+Earlier it may have failed with an unresolved reference to strlen.
+
+** Documentation: Doc fix for gnutls_x509_crt_get_extension_oid.
+Reported by Sam Varshavchik <mrsam@courier-mta.com>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.13 (released 2008-06-07)
+
+** libgnutls [OpenPGP]: Make OpenPGP handshakes work again.
+
+** doc/: Add psktool to info index. Some minor cleanups.
+
+** tests/: Added non-forking TLS handshake test, see tests/mini.c.
+
+** tests/: Added libgcrypt.supp which can be used with valgrind.
+The file suppresses the known libgcrypt memory leaks, so they aren't
+printed when you run valgrind on the gnutls self-tests. Use it as
+follows: valgrind --suppressions=libgcrypt.supp ./x509self or add
+'--suppressions=/home/you/src/gnutls/tests/libgcrypt.supp' to your
+~/.valgrindrc file.
+
+** tests/: Reduce amount of debugging output by default.
+Use --verbose for each test to get the full output.
+
+** tests/: Fix memory leaks in several self-tests.
+None of the self tests should be leaking memory when running valgrind
+or similar tools. (Known exceptions are dhepskself, pskself, and
+set_pkcs12_cred, which appear likely to be due to memory leaks in the
+library.)
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.12 (released 2008-06-04)
+
+** Merge gnutls_with_netconf branch.
+
+*** libgnutls [PSK]: New API to retrieve PSK identity hint in client.
+The function is gnutls_psk_client_get_hint.
+
+*** libgnutls [PSK]: New API to set PSK identity hint in server.
+The function is gnutls_psk_set_server_credentials_hint.
+
+*** libgnutls [PSK]: Support server key exchange with PSK identity hint.
+In the client, the message is parsed and the application can use
+gnutls_psk_client_get_hint to retrieve the hint. In the server, the
+message is sent if the application has specified a PSK identity hint
+using gnutls_psk_set_server_credentials_hint.
+
+*** libgnutls [PSK]: Support Netconf PSK key derivation.
+The function gnutls_psk_netconf_derive_key supports the PSK key
+derivation as specified in draft-ietf-netconf-tls-02.txt. New self
+test netconf-psk.c.
+
+*** psktool: Support new --netconf-hint to generate PSK key from password.
+Uses the Netconf algorithm to derive PSK key from password.
+
+*** gnutls-serv: Support new --pskhint parameter to set PSK identity hint.
+
+*** gnutls-cli: Always support PSK modes, through a callback.
+The callback will derive a PSK key using Netconf algorithm. It will
+print the PSK identity hint to help the user.
+
+*** New PSK example client and server.
+See doc/examples/ex-client-psk.c and doc/examples/ex-serv-psk.c.
+
+** libgnutls: Fix gnutls_x509_crl_set_version on arm platforms.
+The code didn't work properly on platforms where 'char' is unsigned,
+when you set version 0. Reported by Laurence Withers
+<l@lwithers.me.uk> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2825>.
+
+** libgnutls-openssl: added RAND_pseudo_bytes API.
+Patch from Robert Millan <rmh@aybabtu.com>.
+
+** API and ABI modifications:
+RAND_pseudo_bytes: ADDED to libgnutls-openssl.
+gnutls_psk_client_get_hint: ADDED.
+gnutls_psk_set_server_credentials_hint: ADDED.
+gnutls_psk_netconf_derive_key: ADDED
+
+* Version 2.3.11 (released 2008-05-20)
+
+** Fix flaw in fix for GNUTLS-SA-2008-1-3.
+The flaw would result in incorrectly terminated sessions with the
+error "Decryption has failed" when the server sends a small packet
+(typically when the session is closed). Reported by Andreas Metzler
+<ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>.
+
+** Don't use gnulib headers when building C++ library.
+Fixes builds under Windows.
+
+** Make umask a requirement.
+We don't know of any system that lacks it, even GNU CoreUtils use it
+unconditionally.
+
+** Update gnulib files.
+Fixes a problem where it pulled in a replacement for memcmp under
+MinGW, which caused the C++ example to fail to build.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.10 (released 2008-05-19)
+
+** Added wide wildcard hostname matching.
+Tiny patch by Jean-Philippe Garcia Ballester.
+
+** Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
+Thanks to CERT-FI for finding the bugs and providing detailed reports,
+which allowed the bugs to be reproduced and fixed easily. Patches
+developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates
+with more details about these vulnerabilities will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+*** [GNUTLS-SA-2008-1-1]
+*** libgnutls: Fix crash when sending invalid server name.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to store more session resumption data than what was
+allocated for, thus overwriting unallocated memory.
+
+*** [GNUTLS-SA-2008-1-2]
+*** libgnutls: Fix crash when sending repeated client hellos.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+triggers a null-pointer dereference.
+
+*** [GNUTLS-SA-2008-1-3]
+*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to read memory beyond the end of the received record.
+
+** libgnutlsxx: Updated API according to patches from Eduardo
+Villanueva Che (discussion at
+<http://lists.gnu.org/archive/html/gnutls-devel/2007-02/msg00017.html>)
+
+** Use umask to restrict permissions to owner before creating a file.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.9 (released 2008-05-16)
+
+** libgnutls: Fix build failures if SRP/OpenPGP is disabled.
+Based on report and tiny patches from
+<jared.jennings.ctr@eglin.af.mil>, see
+<https://savannah.gnu.org/support/index.php?106342>.
+
+** libgnutls: Translation fixes.
+
+** gnutls-cli: Fix so that PSK authentication works.
+Also improve manual to give example for gnutls-cli PSK authentication.
+
+** certtool: Encrypting a private key now require a confirmed password.
+Before './certtool -k -8' would merely ask for a password once.
+Reported by Daniel 'NebuchadnezzaR' Dehennin
+<nebuchadnezzar@asgardr.info> see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364287>.
+
+** certtool: When writing private keys to files, change permissions of file.
+Now the file which the private key is saved to is chmod'ed 0600.
+Reported by martin f krafft <madduck@debian.org> see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=373169>.
+
+** guile: Fix -fgnu89-inline test.
+
+** Removed --enable-profile-mode.
+The code linked gnutls with the libfc project (Function Check) which
+appears to have been stalled since around 2002.
+
+** Clean up header file checks by ./configure.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.8 (released 2008-04-29)
+
+** libgnutls: Increase default handshake packet size limit to 48kb.
+The old limit was 16kb and some servers send huge list of trusted CAs,
+thus running into the limit. FYI, applications can further increase
+this limit using gnutls_handshake_set_max_packet_length. Thanks to
+Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente"
+<marc@mclemente.net> for reporting and providing test servers.
+
+** libgnutls: Add new error code: GNUTLS_E_HANDSHAKE_TOO_LARGE
+Returned when the handshake data size is too large. Before
+GNUTLS_E_MEMORY_ERROR was used, which could be confused with other
+error situations.
+
+** libgnutls: Hide definitions in crypto.h.
+We have decided that the APIs defined in crypto.h are not stable
+enough for v2.4, so don't use any of those functions.
+
+** gnutls-cli: exit when hostname doesn't match certificate.
+Use --insecure to avoid hostname comparison.
+
+** certtool: --inder and --outder replaced by --inraw and --outraw.
+The reason is to align terminology with OpenPGP, which doesn't use
+DER. The old parameters will continue to work for some time.
+
+** doc: Add section 'Index of new symbols in 2.4.0' to the GTK-DOC manual.
+
+** doc: Many cosmetic fixes, to silence (most) gtk-doc warnings.
+
+** Mingw32: Revert libgcrypt vasprintf work-around added in last release.
+Use libgcrypt 1.4.1 or later when building on MinGW32, it removes the
+vasprintf symbol from the libgcrypt library which caused problems.
+
+** Update of gnulib files.
+
+** tests: New self-test of crypto.h RNG code tests/crypto_rng.
+
+** API and ABI modifications:
+GNUTLS_E_HANDSHAKE_TOO_LARGE: ADDED.
+
+* Version 2.3.7 (released 2008-04-21)
+
+** opencdk now properly sets the key usage bits into openpgp keys.
+
+** gnutls-cli: Fix crash on TLS handshake failures.
+Reported by "Marc F. Clemente" <marc@mclemente.net> in Debian BTS #466477.
+This is similar to <http://bugs.debian.org/429183>.
+
+** certtool: with --generate-request and newly generated keys, print the key.
+
+** Build fixes for MinGW.
+Missing rpl_fseeko symbol in lib/opencdk/. Better checks for linking
+with -lws2_32 when needed. Use ASCII only isprint() when printing
+X.509 certificate information, to avoid non-ASCII but printable
+characters. Thanks to Massimo Gaspari <massimo.gaspari@alice.it> for
+reports.
+
+** Update internal copy of libtasn1 to version 1.4.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.6 (released 2008-04-17)
+
+** Make gnutls_x509_crq_sign2 set certificate request version if not set.
+** Improve documentation for gnutls_x509_crq_sign2.
+Based on report from "John Brooks" <aspecialj@gmail.com> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1154>.
+
+** tests/pathlen: run diff without parameters to improve portability.
+Based on HPUX build hints in
+<http://hpux.cs.utah.edu/hppd/cgi-bin/wwwtar?/hpux/Gnu/gnutls-2.3.4/gnutls-2.3.4-src-11.11.tar.gz+gnutls-2.3.4/HPUX.Install+text>.
+
+** Don't use %e specifier with strftime, it doesn't work under Windows.
+Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1170>.
+
+** Remove all uses of gnutls_alloca/gnutls_afree.
+Use normal gnutls_malloc instead. One reason is increased portability
+to Windows, the other is that several of the uses may be unsafe
+because the size of data allocated could be large. Reported by
+Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1170>.
+
+** Build Guile code with -fgnu89-inline only when supported.
+Reported by Kris Karas <ktk@enterprise.bidmc.harvard.edu> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2708>.
+
+** Several GTK-DOC related fixes.
+
+** Clean up OpenCDK related code.
+GnuTLS now requires its internal OpenCDK code rather than the external
+GPL library OpenCDK. Unfortunately, we don't have resources to
+maintain an external library (help welcome).
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.3.5 (released 2008-04-14)
+
+** Build fix for MinGW and --disable-shared.
+Reported by Massimo Gaspari <massimo.gaspari@alice.it> in
+<http://permalink.gmane.org/gmane.network.gnutls.general/1145>.
+
+** Document how to generate CRLs.
+Suggested by "Rainer Gerhards" <rgerhards@gmail.com>.
+
+** Documented the --priority option to gnutls-cli and gnutls-serv.
+
+** Several minor fixes in the OpenPGP interface.
+Thanks to Daniel Kahn Gillmor.
+
+** Fix fopen file descriptor leak in PSK server code.
+Thanks to Laurence Withers <l@lwithers.me.uk>, see
+<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>.
+
+** Translations files not stored directly in git to avoid merge conflicts.
+
+** New APIs to let applications replace the RNG used.
+Update all RNG callers in the code to use the new interface.
+
+** Guile code now built with -fgnu89-inline to fix inline semantic problem.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+gnutls_crypto_rnd_register: ADDED
+gnutls_rnd_level_t: ADDED
+GNUTLS_RND_KEY: ADDED, gnutls_rnd_level_t member
+GNUTLS_RND_RANDOM: ADDED, gnutls_rnd_level_t member
+GNUTLS_RND_NONCE: ADDED, gnutls_rnd_level_t member
+gnutls_crypto_rnd_st: ADDED
+GNUTLS_DIG_SHA224: ADDED
+GNUTLS_SIGN_RSA_SHA224: ADDED
+gnutls_openpgp_crt_get_auth_subkey: MODIFIED
+
+* Version 2.3.4 (released 2008-03-19)
+
+** Finish renaming of gnutls_certificate_export_x509_cas etc.
+They weren't renamed in the public header file.
+
+** Added functions to register a cipher/mac/digest. This allows to
+override the included ones.
+
+** Fix a bunch of compiler warnings.
+
+** API and ABI modifications:
+gnutls_crypto_cipher_st: ADDED
+gnutls_crypto_mac_st: ADDED
+gnutls_crypto_digest_st: ADDED
+gnutls_crypto_cipher_register: ADDED
+gnutls_crypto_mac_register: ADDED
+gnutls_crypto_digest_register: ADDED
+GNUTLS_E_CRYPTO_ALREADY_REGISTERED: ADDED
+
+* Version 2.3.3 (released 2008-03-10)
+
+** Fix build failure in libextra/gnutls_extra.c that needed opencdk.h.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org>.
+
+** No longer compiled using -D_REENTRANT -D_THREAD_SAFE.
+We could not find any modern justification for enabling these flags by
+default. If you know of some platform that needs one of the flags to
+work properly, please let us know. (Actually introduced in v2.3.0 but
+not documented until now.)
+
+** Importing many CA certificates are now considerably faster.
+This affect gnutls_certificate_set_x509_trust_mem,
+gnutls_certificate_set_x509_trust, and
+gnutls_certificate_set_x509_trust_file. The complexity was reduced
+from O(2*n^2) to O(n). When adding 206 files containing 408
+certificates, using gnutls_certificate_set_x509_trust_file, the time
+dropped from 40 seconds to 0.3 seconds. Thanks to Edgar Fuß for code
+to trigger the problem. See also
+<http://blog.josefsson.org/2008/02/27/real-world-performance-tuning-with-callgrind/>.
+
+** Clarify documentation for gnutls_x509_crt_set_subject_alternative_name
+** to be explicit that it takes zero terminated data.
+
+** gnutls-cli --print-cert now print PKCS#3 format Diffie-Hellman parameters.
+
+** Documentation fixes for the GTK-DOC manual.
+
+** Fix compilation error related to __FUNCTION__ on some systems.
+Reported by Tim Mooney, see
+<https://savannah.gnu.org/support/?106267>.
+
+** Updated translations.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+gnutls_hex2bin: MODIFIED, uses size_t instead of int for string length,
+ and char* instead of void* for output buffer.
+
+* Version 2.3.2 (released 2008-02-26)
+
+** Fix srcdir!=objdir failure in openpgpself test.
+
+** Improved API documentation output from GTK-DOC.
+
+** Added gnutls_x509_dn_export(). Patch by Joe Orton.
+
+** Renamed gnutls_certificate_export_x509_cas and friends.
+See <http://lists.gnu.org/archive/html/gnutls-devel/2008-02/msg00043.html>.
+
+** Internal header files cleanup.
+
+** API and ABI modifications:
+gnutls_certificate_export_x509_cas: RENAMED to gnutls_certificate_get_x509_cas
+gnutls_certificate_export_x509_crls: RENAMED to gnutls_certificate_get_x509_crls
+gnutls_certificate_export_openpgp_keyring: RENAMED to gnutls_certificate_get_openpgp_keyring
+gnutls_x509_dn_export: ADDED
+
+* Version 2.3.1 (released 2008-02-21)
+
+** OpenPGP support merged into libgnutls and is now licensed under LGPL.
+The included copy of OpenCDK has been stripped down and re-licensed
+under the LGPL.
+
+** Cipher priority string handling now handle strings that starts with NULL.
+Thanks to Laurence Withers <l@lwithers.me.uk>.
+
+** gnutls-cli: When -d is used, also prints RNG information from libgcrypt.
+
+** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
+by Daniel Stenberg.
+
+** Increased the default certificate verification chain limits and allowed
+for checks without limitation.
+
+** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
+and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
+strings and return the proper size.
+
+** Add section 'On Record Padding' to the manual.
+This collects all problems related to record padding with
+Nokia/Sony-Ericsson phones that we know about.
+
+** Several improvements in the OpenPGP authentication.
+Now subkeys can be used for authentication, according to
+draft-mavrogiannopoulos-rfc5081bis-00.txt.
+
+** certtool can print information on OpenPGP certificates and keys.
+
+** Added gnutls_x509_dn_import/init/deinit() to access raw DER DN.
+Patch by Joe Orton.
+
+** Added gnutls_certificate_export_x509_cas and other functions to
+export elements from the certificate credentials structure. Based on
+suggestion from Joe Orton.
+
+** Doc fixes.
+Clarify that srp_base64 is not the same as normal base64.
+
+** Fix non-portable use of brace expansion in makefiles.
+
+** API and ABI modifications:
+gnutls_certificate_export_x509_cas: ADDED
+gnutls_certificate_export_x509_crls: ADDED
+gnutls_certificate_export_openpgp_keyring: ADDED
+gnutls_openpgp_keyid_t: ADDED, instead of hard-coded 'unsigned char[8]'.
+gnutls_openpgp_crt_get_key_id: ADDED, obsoletes gnutls_openpgp_crt_get_id.
+gnutls_openpgp_crt_get_revoked_status: ADDED
+gnutls_openpgp_crt_get_subkey_count: ADDED
+gnutls_openpgp_crt_get_subkey_idx: ADDED
+gnutls_openpgp_crt_get_subkey_revoked_status: ADDED
+gnutls_openpgp_crt_get_subkey_pk_algorithm: ADDED
+gnutls_openpgp_crt_get_subkey_creation_time: ADDED
+gnutls_openpgp_crt_get_subkey_expiration_time: ADDED
+gnutls_openpgp_crt_get_subkey_id: ADDED
+gnutls_openpgp_crt_get_subkey_usage: ADDED
+gnutls_openpgp_privkey_get_fingerprint: ADDED
+gnutls_openpgp_privkey_get_key_id: ADDED
+gnutls_openpgp_privkey_get_subkey_count: ADDED
+gnutls_openpgp_privkey_get_subkey_idx: ADDED
+gnutls_openpgp_privkey_get_subkey_revoked_status: ADDED
+gnutls_openpgp_privkey_get_revoked_status: ADDED
+gnutls_openpgp_privkey_get_subkey_pk_algorithm: ADDED
+gnutls_openpgp_privkey_get_subkey_expiration_time: ADDED
+gnutls_openpgp_privkey_get_subkey_id: ADDED
+gnutls_openpgp_privkey_get_subkey_creation_time: ADDED
+gnutls_openpgp_crt_get_subkey_pk_dsa_raw: ADDED
+gnutls_openpgp_crt_get_subkey_pk_rsa_raw: ADDED
+gnutls_openpgp_crt_get_pk_dsa_raw: ADDED
+gnutls_openpgp_crt_get_pk_rsa_raw: ADDED
+gnutls_openpgp_privkey_export_subkey_dsa_raw: ADDED
+gnutls_openpgp_privkey_export_subkey_rsa_raw: ADDED
+gnutls_openpgp_privkey_export_dsa_raw: ADDED
+gnutls_openpgp_privkey_export_rsa_raw: ADDED
+gnutls_openpgp_privkey_export: ADDED
+gnutls_certificate_set_openpgp_key_file2: ADDED
+gnutls_certificate_set_openpgp_key_mem2: ADDED
+gnutls_x509_dn_init: ADDED
+gnutls_x509_dn_import: ADDED
+gnutls_x509_dn_deinit: ADDED
+GNUTLS_E_OPENPGP_SUBKEY_ERROR: ADDED
+gnutls_hex2bin: ADDED
+GNUTLS_CRT_PRINT_FULL: ADDED, same as old GNUTLS_X509_CRT_FULL.
+GNUTLS_CRT_PRINT_ONELINE: ADDED, same as old GNUTLS_X509_CRT_ONELINE.
+GNUTLS_CRT_PRINT_UNSIGNED_FULL: ADDED, same as
+ old GNUTLS_X509_CRT_UNSIGNED_FULL.
+
+* Version 2.3.0 (released 2008-01-08)
+
+** LZO compression is now disabled by default.
+The reason is that LZO compression is not standardized in TLS. If you
+wish to experiment with it, you will have to supply --with-lzo when
+invoking ./configure. The internal copy of minilzo is no longer
+included with GnuTLS, so you will need to install liblzo or liblzo2 on
+your system to have --with-lzo to be effective.
+
+** More than one server name field is now sent to the server properly.
+Thanks to mark.phillips@virgin.net.
+
+** Fixes the post_client_hello_function(). The extensions are now parsed
+in a callback friendly way.
+
+** Fix for certificate selection in servers with certificate callbacks.
+
+** Updated translations.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.5 (released 2008-05-19)
+
+** Fix flaw in fix for GNUTLS-SA-2008-1-3.
+The flaw would result in incorrectly terminated sessions with the
+error "Decryption has failed" when the server sends a small packet
+(typically when the session is closed). Reported by Andreas Metzler
+<ametzler@downhill.at.eu.org> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2807>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.4 (released 2008-05-19)
+
+** Fix three security vulnerabilities. [GNUTLS-SA-2008-1]
+Thanks to CERT-FI for finding the bugs and providing detailed reports,
+which allowed the bugs to be reproduced and fixed easily. Patches
+developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates
+with more details about these vulnerabilities will be added to
+<http://www.gnu.org/software/gnutls/security.html>
+
+*** [GNUTLS-SA-2008-1-1]
+*** libgnutls: Fix crash when sending invalid server name.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to store more session resumption data than what was
+allocated for, thus overwriting unallocated memory.
+
+*** [GNUTLS-SA-2008-1-2]
+*** libgnutls: Fix crash when sending repeated client hellos.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+triggers a null-pointer dereference.
+
+*** [GNUTLS-SA-2008-1-3]
+*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths.
+The crash can be triggered remotely before authentication, which can
+lead to a Daniel of Service attack to disable the server. The bug
+cause gnutls to read memory beyond the end of the received record.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.3 (released 2008-05-06)
+
+** Increase default handshake packet size limit to 48kb.
+The old limit was 16kb and some servers send huge list of trusted CAs,
+thus running into the limit. FYI, applications can further increase
+this limit using gnutls_handshake_set_max_packet_length. Thanks to
+Marc Haber <mh+debian-bugs@zugschlus.de> and "Marc F. Clemente"
+<marc@mclemente.net> for reporting and providing test servers.
+
+** Fix compilation error related to __FUNCTION__ on some systems.
+Reported by Tim Mooney, see
+<https://savannah.gnu.org/support/?106267>.
+
+** Documented the --priority option to gnutls-cli and gnutls-serv.
+
+** Fix fopen file descriptor leak in PSK server code.
+Thanks to Laurence Withers <l@lwithers.me.uk>, see
+<http://lists.gnu.org/archive/html/gnutls-devel/2008-04/msg00002.html>.
+
+** Build Guile code with -fgnu89-inline only when supported.
+Reported by Kris Karas <ktk@enterprise.bidmc.harvard.edu> in
+<http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2708>.
+
+** Make Camellia encryption work.
+Reported by Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp> in
+<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/2746>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.2 (released 2008-02-21)
+
+** Cipher priority string handling now handle strings that starts with NULL.
+Thanks to Laurence Withers <l@lwithers.me.uk>.
+
+** Corrected memory leaks in session resuming and DHE ciphersuites. Reported
+by Daniel Stenberg.
+
+** Increased the default certificate verification chain limits and allowed
+for checks without limitation.
+
+** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name()
+and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary
+strings and return the proper size.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.1 (released 2008-01-17)
+
+** Prevent linking libextra against previously installed libgnutls.
+Tiny patch from "Alon Bar-Lev" <alon.barlev@gmail.com>, see
+<http://bugs.gentoo.org/show_bug.cgi?id=202269>.
+
+** Fixes the post_client_hello_function(). The extensions are now parsed
+in a callback friendly way.
+
+** Fix for certificate selection in servers with certificate callbacks.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.2.0 (released 2007-12-14)
+
+** Update internal copy of libtasn1 to version 1.2.
+
+** Certtool --verify-chain now handle inputs larger than 64kb.
+This fixes the self-test "rsa-md5-collision" under MinGW+Wine with
+recent versions of libgcrypt. The problem was that Wine with the
+libgcrypt RNG generates huge amounts of debugging output.
+
+** Translation updates.
+Added Dutch translation. Updated Polish and Swedish translation.
+
+** Major changes compared to the v2.0 branch:
+
+*** SRP support aligned with newly published RFC 5054.
+
+*** OpenPGP support aligned with newly published RFC 5081.
+
+*** Support for DSA2 keys.
+
+*** Support for Camellia cipher.
+
+*** Support for Opaque PRF Input extension.
+
+*** PKCS#8 parser now handle DSA keys.
+
+*** Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc.
+Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier
+versions, such as 2.01 which is included with GnuTLS, is available
+under GPLv2 or later. If this incompatibility causes problems, we
+recommend you to disable LZO using --without-lzo. LZO compression is
+not a standard TLS compression algorithm, so the impact should be
+minimal.
+
+*** Functions for disabling record protocol padding.
+Works around bugs on Nokia/Ericsson phones.
+
+*** New functions gnutls_priority_set() for setting cipher priorities easily.
+Priorities like "COMPAT" also enables other work arounds, such as
+disabling padding.
+
+*** Other minor improvements and bug fixes.
+
+** Backwards incompatible API/ABI changes in GnuTLS 2.2
+To adapt to changes in the TLS extension specifications for OpenPGP
+and SRP, the GnuTLS API had to be modified. This means breaking the
+API and ABI backwards compatibility. That is something we try to
+avoid unless it is necessary. We decided to also remove the already
+deprecated stub functions for X.509 to XML conversion and TLS
+authorization (see below) when we had the opportunity.
+
+Generally, most applications does not need to be modified. Just
+re-compile them against the latest GnuTLS release, and it should work
+fine.
+
+Applications that use the OpenPGP or SRP features needs to be
+modified. Below is a list of the modified APIs and discussion of what
+the minimal things you need to modify in your application to make it
+work with GnuTLS 2.2.
+
+Note that GnuTLS 2.2 also introduces new APIs -- such as
+gnutls_set_priority() that is superior to
+gnutls_set_default_priority() -- that you may want to start using.
+However, using those new APIs is not required to use GnuTLS 2.2 since
+the old functions continue are still supported. This text only
+discuss what you minimally have to modify.
+
+*** XML related changes
+The function `gnutls_x509_crt_to_xml' has been removed. It has been
+deprecated and only returned an error code since GnuTLS version
+1.2.11. Nobody has complained, so users doesn't seem to miss the
+functionality. We don't know of any other library to convert X.509
+certificates into XML format, but we decided (long ago) that GnuTLS
+isn't the right place for this kind of functionality. If you want
+help to find some other library to use here, please explain and
+discuss your use case on help-gnutls@gnu.org.
+
+*** TLS Authorization related changes
+Everything related to TLS authorizations have been removed, they were
+only stub functions that returned an error code:
+
+ GNUTLS_SUPPLEMENTAL_AUTHZ_DATA
+ gnutls_authz_data_format_type_t
+ gnutls_authz_recv_callback_func
+ gnutls_authz_send_callback_func
+ gnutls_authz_enable
+ gnutls_authz_send_x509_attr_cert
+ gnutls_authz_send_saml_assertion
+ gnutls_authz_send_x509_attr_cert_url
+ gnutls_authz_send_saml_assertion_url
+
+*** SRP related changes
+The callback gnutls_srp_client_credentials_function has a new
+prototype, and its semantic has changed. You need to rewrite the
+callback, see the updated function documentation and SRP example code
+(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more
+information.
+
+The alert codes GNUTLS_A_MISSING_SRP_USERNAME and
+GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP
+specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is
+used. There are #define's to map the old names to the new. You may
+run into problems if you have a switch-case with cases for both SRP
+alerts, since they are now mapped to the same value. The solution is
+to drop the SRP alerts from such switch cases, as they are now
+deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY.
+
+*** OpenPGP related changes
+The function `gnutls_certificate_set_openpgp_keyserver' have been
+removed. There is no replacement functionality inside GnuTLS. If you
+need keyserver functionality, consider using the GnuPG tools.
+
+All functions, types, and error codes related to OpenPGP trustdb
+format have been removed. The trustdb format is a non-standard
+GnuPG-specific format, and we recommend you to use key rings instead.
+The following have been removed:
+
+ gnutls_certificate_set_openpgp_trustdb
+ gnutls_openpgp_trustdb_init
+ gnutls_openpgp_trustdb_deinit
+ gnutls_openpgp_trustdb_import
+ gnutls_openpgp_key_verify_trustdb
+ gnutls_openpgp_trustdb_t
+ GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED
+
+The following functions has an added parameter of the (new) type
+`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data
+(binary or base64). The functions are:
+ gnutls_certificate_set_openpgp_key_file
+ gnutls_certificate_set_openpgp_key_mem
+ gnutls_certificate_set_openpgp_keyring_mem
+ gnutls_certificate_set_openpgp_keyring_file
+
+To improve terminology and align with the X.509 interface, some
+functions have been renamed. Compatibility mappings exists. The old
+and new names of the affected functions and types are:
+
+ Old name New name
+ gnutls_openpgp_key_t gnutls_openpgp_crt_t
+ gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
+ gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
+ GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
+ GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
+ gnutls_openpgp_key_init gnutls_openpgp_crt_init
+ gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
+ gnutls_openpgp_key_import gnutls_openpgp_crt_import
+ gnutls_openpgp_key_export gnutls_openpgp_crt_export
+ gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
+ gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
+ gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
+ gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
+ gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
+ gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
+ gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
+ gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
+ gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
+ gnutls_openpgp_send_key gnutls_openpgp_send_cert
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.1.8 (released 2007-12-10)
+
+** The GPL version has been changed from version 2 to version 3.
+This affects the self-tests, command-line tools, the libgnutls-extra
+library, the relevant guile parts, and the build environment.
+
+** Added gnutls_x509_crt_get_subject_alt_name2().
+
+** Corrected a segfault when setting an empty gnutls_priority_t
+at gnutls_priority_set().
+
+** Use gettext 0.17 which updates m4/lib-*.m4 macros.
+Fixes a problem with spurious -L/usr/lib additions.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_subject_alt_name2: ADD.
+
+* Version 2.1.7 (released 2007-11-29)
+
+** PKCS #8 parser can now encode/decode DSA keys.
+
+** Updated gnutls_set_default_priority2() now renamed to
+gnutls_priority_set() and gnutls_priority_set_direct() which
+accept a string to indicate preferences of ciphersuite parameters.
+
+** gnutls-cli and gnutls-serv now have a --priority option to set
+the priority string.
+
+** The gnutls_*_convert_priority() functions were deprecated by
+the gnutls_priority_set() and gnutls_priority_set_direct().
+
+** Internal copy of OpenCDK upgraded to version 0.6.6.
+
+** API and ABI modifications:
+gnutls_priority_init: ADD.
+gnutls_priority_deinit: ADD.
+gnutls_priority_set: ADD.
+gnutls_priority_set_direct: ADD.
+gnutls_set_default_priority2: RENAMED to gnutls_priority_set_direct()
+gnutls_mac_convert_priority: REMOVED
+gnutls_compression_convert_priority: REMOVED
+gnutls_protocol_convert_priority: REMOVED
+gnutls_kx_convert_priority: REMOVED
+gnutls_cipher_convert_priority: REMOVED
+gnutls_certificate_type_convert_priority: REMOVED
+gnutls_set_default_priority: UNDEPRECATED
+gnutls_set_default_priority_export: UNDEPRECATED
+
+** Undocumented API and ABI modifications earlier in the 2.1.x series:
+GNUTLS_CIPHER_UNKNOWN: ADD.
+GNUTLS_CIPHER_CAMELLIA_128_CBC: ADD.
+GNUTLS_CIPHER_CAMELLIA_256_CBC: ADD.
+GNUTLS_KX_UNKNOWN: ADD.
+GNUTLS_COMP_UNKNOWN: ADD.
+GNUTLS_CRT_UNKNOWN: ADD.
+gnutls_mac_get_id: ADD.
+gnutls_compression_get_id: ADD.
+gnutls_cipher_get_id: ADD.
+gnutls_kx_get_id: ADD.
+gnutls_protocol_get_id: ADD.
+gnutls_certificate_type_get_id: ADD.
+gnutls_handshake_post_client_hello_func: ADD.
+gnutls_certificate_send_x509_rdn_sequence: ADD prototype to gnutls.h.in.
+
+* Version 2.1.6 (released 2007-11-15)
+
+** Corrected bug in decompression of expanded compression data.
+
+** Added the --to-p8 option to certtool to convert private keys
+to PKCS #8 keys.
+
+** Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code.
+
+** gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted
+private keys.
+
+** Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM.
+During the 2.1.x series the GNUTLS_E_UNKNOWN_HASH_ALGORITHM error code
+was renamed to GNUTLS_E_UNKNOWN_ALGORITHM, unfortunately without being
+documented. This caused some problems (e.g., debian #450854). To
+avoid backwards compatibility problems, this release revert this
+change, so that GNUTLS_E_UNKNOWN_HASH_ALGORITHM works just like it has
+done in GnuTLS 2.0.x and earlier, and add a new error code
+GNUTLS_E_UNKNOWN_ALGORITHM.
+
+** Fixes several gtk-doc warnings.
+
+** API and ABI modifications:
+GNUTLS_E_UNKNOWN_ALGORITHM: CHANGED.
+GNUTLS_E_UNKNOWN_HASH_ALGORITHM: CHANGED.
+GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR: ADD.
+
+* Version 2.1.5 (released 2007-11-01)
+
+** Fix PKCS#3 parameter export problem.
+
+** Improve certtool queries, they now print the default value.
+
+** Fix ABI version.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.1.4 (released 2007-10-27)
+
+** Added the --v1 option to certtool, to allow generating X.509
+version 1 certificates.
+
+** certtool: Add option --disable-quick-random to enable the old behaviour
+of using /dev/random to generate keys.
+
+** Added priority functions that accept strings.
+
+** Added gnutls_set_default_priority2() which accepts a flag to indicate
+priorities preferences.
+
+** Added gnutls_record_disable_padding() to allow servers talking to
+buggy clients that complain if the TLS 1.0 record protocol padding is
+used.
+
+** Introduced gnutls_session_enable_compatibility_mode() to allow enabling
+all supported compatibility options (like disabling padding).
+
+** The gnutls_certificate_set_openpgp_* functions were modified to include
+the format. This makes the interface consistent with the x509 functions.
+
+** Internal copy of OpenCDK upgraded to version 0.6.5.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+gnutls_certificate_set_openpgp_key_mem: MODIFIED
+gnutls_certificate_set_openpgp_key_file: MODIFIED
+gnutls_certificate_set_openpgp_keyring_mem: MODIFIED
+gnutls_certificate_set_openpgp_keyring_file: MODIFIED
+gnutls_set_default_priority: DEPRECATED
+gnutls_set_default_priority_export: DEPRECATED
+gnutls_set_default_priority2: ADDED
+gnutls_session_enable_compatibility_mode: ADDED
+gnutls_record_disable_padding: ADDED
+gnutls_mac_convert_priority: ADDED
+gnutls_compression_convert_priority: ADDED
+gnutls_protocol_convert_priority: ADDED
+gnutls_kx_convert_priority: ADDED
+gnutls_cipher_convert_priority: ADDED
+gnutls_certificate_type_convert_priority: ADDED
+gnutls_openpgp_key_t: RENAMED to gnutls_openpgp_crt_t
+gnutls_openpgp_key_status_t: RENAMED to gnutls_openpgp_crt_status_t
+gnutls_openpgp_send_key: RENAMED to gnutls_openpgp_send_cert
+gnutls_openpgp_key_init: RENAMED to gnutls_openpgp_crt_init
+gnutls_openpgp_key_import: RENAMED to gnutls_openpgp_crt_import
+gnutls_openpgp_key_export: RENAMED to gnutls_openpgp_crt_export
+gnutls_openpgp_key_check_hostname: RENAMED to gnutls_openpgp_crt_check_hostname
+gnutls_openpgp_key_get_creation_time: RENAMED to gnutls_openpgp_crt_get_creation_time
+gnutls_openpgp_key_get_expiration_time: RENAMED to gnutls_openpgp_crt_get_expiration_time
+gnutls_openpgp_key_get_fingerprint: RENAMED to gnutls_openpgp_crt_get_fingerprint
+gnutls_openpgp_key_get_version: RENAMED to gnutls_openpgp_crt_get_version
+gnutls_openpgp_key_get_pk_algorithm: RENAMED to gnutls_openpgp_crt_get_pk_algorithm
+gnutls_openpgp_key_get_name: RENAMED to gnutls_openpgp_crt_get_name
+gnutls_openpgp_key_deinit: RENAMED to gnutls_openpgp_crt_deinit
+gnutls_openpgp_key_get_id: RENAMED to gnutls_openpgp_crt_get_id
+gnutls_openpgp_key_get_key_usage: RENAMED to gnutls_openpgp_crt_get_key_usage
+gnutls_openpgp_key_verify_ring: RENAMED to gnutls_openpgp_crt_verify_ring
+gnutls_openpgp_key_verify_self: RENAMED to gnutls_openpgp_crt_verify_self
+
+* Version 2.1.3 (released 2007-10-17)
+
+** TLS authorization support removed.
+This technique may be patented in the future, and it is not of crucial
+importance for the Internet community. After deliberation we have
+concluded that the best thing we can do in this situation is to
+encourage society not to adopt this technique. We have decided to
+lead the way with our own actions.
+
+** Re-enabled the 256 bit ciphers in the default priorities.
+
+** Corrected bugs in openpgp key verification using a keyring (both in
+gnutls and opencdk)
+
+** API and ABI modifications:
+gnutls_certificate_set_openpgp_keyserver: REMOVED
+gnutls_authz_data_format_type_t,
+gnutls_authz_recv_callback_func,
+gnutls_authz_send_callback_func,
+gnutls_authz_enable,
+gnutls_authz_send_x509_attr_cert,
+gnutls_authz_send_saml_assertion,
+gnutls_authz_send_x509_attr_cert_url,
+gnutls_authz_send_saml_assertion_url: REMOVED.
+GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the
+ gnutls_supplemental_data_format_type_t enum type becomes empty.
+
+* Version 2.1.2 (released 2007-10-14)
+
+** Removed all the trustdb code from openpgp authentication.
+We now use only the well-specified keyrings.
+
+** The 256 bit ciphers are not enabled in the default priorities.
+
+** Added support for DSA2 using libgcrypt 1.3.0.
+
+** certtool: Fixed data corruption when using --outder.
+
+** Removed all the xml related stubs and functions.
+
+** Added capability to set a callback after the client hello is received
+by the server in order to adjust parameters before the handshake.
+
+** SRP was corrected to adhere to the latest draft (published soon as RFC)
+
+** Corrected bug which did not allow a server to run without supporting
+certificates.
+
+** Updated the DN parser which now prints wrongly decoded values as hex
+strings.
+
+** certtool: Add option --quick-random.
+For generating low security test credentials.
+
+** API and ABI modifications:
+gnutls_x509_crt_to_xml: REMOVED
+gnutls_openpgp_key_to_xml: REMOVED
+gnutls_openpgp_key_verify_trustdb: REMOVED
+gnutls_openpgp_trustdb_init: REMOVED
+gnutls_openpgp_trustdb_deinit: REMOVED
+gnutls_openpgp_trustdb_import: REMOVED
+gnutls_certificate_set_openpgp_trustdb: REMOVED
+gnutls_srp_client_credentials_function: CHANGED
+gnutls_handshake_set_post_client_hello_function: ADDED
+gnutls_mac_get_key_size: ADDED
+GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED: DEPRECATED.
+GNUTLS_A_MISSING_SRP_USERNAME: DEPRECATED
+GNUTLS_A_UNKNOWN_SRP_USERNAME: DEPRECATED
+
+* Version 2.1.1 (released 2007-09-24)
+
+** Added support for Camellia cipher, thanks to Yoshisato YANAGISAWA.
+Camellia is only enabled in GnuTLS if the installed libgcrypt has been
+compiled with Camellia support. See the libgcrypt documentation on
+how to enable it. Unconditionally disable it using the configure
+option --disable-camellia. Fixes #1.
+
+** Properly document in the NEWS file the API change in the last release.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.1.0 (released 2007-09-20)
+
+** Support for draft-rescorla-tls-opaque-prf-input-00.txt.
+The support is disabled by default. Since no value has been allocated
+by the IANA for this extension yet, you will need to provide one
+yourself by invoking './configure --enable-opaque-prf-input=42'.
+Fixes #2.
+
+** Example code: Fix compilation flaw under MinGW.
+
+** API and ABI modifications:
+gnutls_oprfi_callback_func: ADD, new typedef function prototype.
+gnutls_oprfi_enable_client: ADD, new function.
+gnutls_oprfi_enable_server: ADD, new function.
+
+* Version 2.0.4 (released 2007-11-16)
+
+** Corrected bug in decompression of expanded compression data.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.0.3 (released 2007-11-10)
+
+** This version backports several fixes from the 2.1.x branch.
+
+** Fixed PKCS #3 parameter export.
+
+** Added gnutls_record_disable_padding() to allow servers talking to
+buggy clients that complain if the TLS 1.0 record protocol padding is
+used.
+
+** Introduced gnutls_session_enable_compatibility_mode() to allow enabling
+all supported compatibility options (like disabling padding).
+
+** Corrected bug which did not allow a server to run without supporting
+certificates.
+
+** API and ABI modifications:
+gnutls_session_enable_compatibility_mode: ADDED
+gnutls_record_disable_padding: ADDED
+
+* Version 2.0.2 (released 2007-10-17)
+
+** TLS authorization support removed.
+This technique may be patented in the future, and it is not of crucial
+importance for the Internet community. After deliberation we have
+concluded that the best thing we can do in this situation is to
+encourage society not to adopt this technique. We have decided to
+lead the way with our own actions.
+
+** certtool: Fixed data corruption when using --outder.
+
+** Fix configure-time Guile detection.
+
+** API and ABI modifications:
+GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the
+ gnutls_supplemental_data_format_type_t enum type becomes empty.
+
+* Version 2.0.1 (released 2007-09-20)
+
+** New directory doc/credentials/ with test credentials.
+This collects the test credentials from the web page and from src/.
+The script gnutls-http-serv has also been moved to that directory.
+
+** Update SRP extension type and cipher suite with official IANA values.
+This breaks backwards compatibility with SRP in older versions of
+GnuTLS, but this is intentional to speed up the adoption of the
+official values. The old values we used were incorrect.
+
+** Guile: Fix `x509-certificate-dn-oid'
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 2.0.0 (released 2007-09-04)
+
+** Included copy of Libtasn1 upgraded to version 1.1.
+
+** Disable building of some examples if anonymous ciphers are disabled.
+
+** Don't build examples for disabled features.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.19 (released 2007-08-27)
+
+** Fix gnutls_error_is_fatal so that positive "errors" are non-critical.
+This solves connection problems in mutt, see
+<http://bugs.debian.org/439640>.
+
+** Update gnulib files.
+In particular, the getpass module -- with its dependencies on getline,
+getdelim, fseeko etc -- where moved from the lgl/ (used by the core
+library) directory to the gl/ directory (only used by the command line
+tools). The reason is that getpass is now only used by the
+command-line tools, and reducing the number of gnulib modules linked
+to the core library helps portability and reduces size.
+
+** Fix warnings.
+
+** Disable building of PGP examples if PGP is disabled.
+
+** Included copy of OpenCDK upgraded to version 0.6.4.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.18 (released 2007-08-16)
+
+** Install images for the info manual.
+This has a side effect of renaming the images. See
+<http://thread.gmane.org/gmane.comp.tex.texinfo.bugs/3533> for
+discussions on the approach chosen.
+
+** Fix pointer mix to variables of different size.
+Patch extracted from
+<http://cvs.fedora.redhat.com/viewcvs/devel/gnutls/gnutls-1.6.3-incompat-pointers.patch?rev=1.1&view=auto>.
+
+** Fix warnings during build.
+Thanks to Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.17 (released 2007-08-15)
+
+** New functions to perform external signing.
+Set the signing callback function (of the gnutls_sign_func prototype)
+using the gnutls_sign_callback_set function. In the callback, you may
+find the new functions gnutls_x509_privkey_sign_hash and
+gnutls_openpgp_privkey_sign_hash useful. A new function
+gnutls_sign_callback_get is also added, to retrieve the function
+pointer. Thanks to "Alon Bar-Lev" <alon.barlev@gmail.com> for
+comments and testing.
+
+** New self test of client and server authenticated X.509 TLS sessions.
+See tests/x509self.c and tests/x509signself.c. The latter also tests
+the new external signing callback interface.
+
+** New errors GNUTLS_E_APPLICATION_ERROR_MIN..GNUTLS_E_APPLICATION_ERROR_MAX.
+These two actually describe the outer limits of a range of error codes
+reserved to the application. All of the errors are treated as fatal
+by the library (it has to since it doesn't know the semantics of the
+error codes). This can be useful in callbacks, to signal some
+application-specific error condition, which will usually eventually
+cause some gnutls API to return the same error code as the callback,
+which then can be inspected by the application. Note that error codes
+are negative.
+
+** gnutls_set_default_priority now disable TLS 1.2 by default.
+The RFC is not released yet, and we're approaching a major release so
+let's not enable it just yet.
+
+** Fix namespace so that gnutls_*_t is used consistently.
+Before, many places in the GnuTLS code used the old deprecated type
+names without the '_t' suffix.
+
+** Build fixes for Guile code.
+Patch from Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** More documentation fixes.
+In particular, the section headings were modified for casing. By
+Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** Updated Polish and Swedish translations.
+Thanks to Jakub Bogusz <qboosh@pld-linux.org> and Daniel Nylander
+<po@danielnylander.se>.
+
+** API and ABI modifications:
+gnutls_sign_func: ADD, new type for sign callback.
+gnutls_sign_callback_set: ADD, new function to set sign callback.
+gnutls_sign_callback_get: ADD, new function to retrieve sign callback.
+gnutls_x509_privkey_sign_hash,
+gnutls_openpgp_privkey_sign_hash: ADD, new functions useful in sign callback.
+GNUTLS_E_APPLICATION_ERROR_MIN,
+GNUTLS_E_APPLICATION_ERROR_MAX: ADD, new CPP #defines for error codes.
+
+* Version 1.7.16 (released 2007-08-07)
+
+** Fix sanity checks and return values in certificate selection.
+In some cases, GnuTLS omitted to report suitable error codes when no
+suitable certificate was found.
+
+** Fix gnutls-cli starttls EOF on Mac OS X.
+Thanks to Hal Eden <n.mavrogiannopoulos@gmail.com>.
+
+** Documentation fixes.
+In particular, the section headings were modified for casing. By
+Ludovic Courtes <ludovic.courtes@laas.fr>.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.15 (released 2007-07-02)
+
+** Fix self-tests key-id under mingw32.
+
+** Test that the Guile header files are recent enough to work.
+Before we just tested that the command line tool 'guile' was recent
+enough, which may not be sufficient if you still have an old
+libguile.h header installed.
+
+** Guile bindings are now installed under $prefix by default.
+Use --without-guile-site-dir to install it under $pkgdatadir/site/
+where $pkgdatadir is as returned by "guile-config info pkgdatadir".
+Use --with-guile-site-dir=/your/own/path to specify the path manually.
+The default, --with-guile-site-dir, will install the Guile bindings
+under $datadir/guile/site. There is a new section 'Guile
+Preparations' in the manual that discuss these issues.
+
+** Fix run-time library path ordering in linking the Guile bindings.
+
+** Improved manual on downloading, installing, getting help, bug reports etc.
+Suggested by Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Add Malay message translations.
+Thanks to Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.14 (released 2007-06-26)
+
+** Don't enable Guile bindings unless we have Guile 1.8 or later.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Fix memory leak during DSA signature verification.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Fix crash in gnutls-cli when TLS handshake fails.
+Reported by Marc Haber <mh+debian-bugs@zugschlus.de> and Andreas
+Metzler <ametzler@downhill.at.eu.org> via Debian BTS #429183, see
+<http://bugs.debian.org/429183>.
+
+** Minor OpenPGP fixes in stream_to_datum.
+Patch from Timo Schulz <twoaday@freakmail.de> and Ludovic Courtès
+<ludovic.courtes@laas.fr>.
+
+** Fix off-by-one in TLS 1.2 handshake.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Minor Guile binding self-test cleanup.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.13 (released 2007-06-11)
+
+** OpenCDK copy updated to version 0.6.3.
+
+** Build fixes for GnuTLS Guile bindings.
+Patch from Ludovic Courtès <ludovic.courtes@laas.fr>.
+
+** Build fix for GTK-DOC manual.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.12 (released 2007-06-08)
+
+** Guile bindings for GnuTLS have been included.
+Contributed by Ludovic Courtès <ludovic.courtes@laas.fr>. There is a
+new chapter 'Guile Bindings' in the manual.
+
+** Have PKCS8 parser return better error codes.
+Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>.
+
+** Fix mem leak for sessions with client authentication via certificates.
+Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>.
+
+** Fix mem leaks.
+Reported by Dennis Vshivkov <walrus@amur.ru>, see
+<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333050>. Added
+self-test tests/parse_ca.c to test regressions.
+
+** Fix build failures related to missing images in manual.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Update gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.11 (released 2007-05-26)
+
+** Include opencdk.h in the release.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.10 (released 2007-05-25)
+
+** New API functions to extract DER encoded X.509 Subject/Issuer DN.
+Suggested by Nate Nielsen <nielsen-list@memberwebs.com>.
+
+** Update of gnulib files.
+
+** GnuTLS is now developed in GIT instead of CVS.
+See <http://repo.or.cz/w/gnutls.git> for a public repository.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_raw_issuer_dn: ADD.
+gnutls_x509_crt_get_raw_dn: ADD.
+
+* Version 1.7.9 (released 2007-05-12)
+
+** X.509 certificates are preferred over OpenPGP keys.
+This is a change in the semantics of gnutls_set_default_priority.
+
+** The included copy of OpenCDK has been updated to 0.6.1.
+There has been some API changes in OpenCDK, and the GnuTLS layer have
+been modified as well. Note that while there are API/ABI incompatible
+changes in OpenCDK, this does not influence GnuTLS's API/ABI because
+its API/ABI have not changed. From this version on, GnuTLS requires
+OpenCDK 0.6.0 or later.
+
+** Fix build failure caused by missing doc/gnutls-logo.pdf.
+
+** Change certtool's default serial number from 0 to a time-based value.
+
+** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
+Before, we remove the parameters field, which resulted in a slightly
+different DER encoding which in turn caused signature verification
+failures of GnuTLS-generated RSA certificates in some other
+implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs
+you read, this may or may not be correct, but our new behaviour appear
+to be consistent with other widely used implementations.
+
+** Fix mem leaks in gnutls_x509_crt_print.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.8 (released 2007-04-16)
+
+** Added examples for the authorization extension.
+See doc/examples/ex-client-authz.c and doc/examples/ex-serv-authz.c.
+
+** The examples only use gnutls_set_default_priority().
+The exception is when DH_ANON is needed.
+
+** Improve gnutls_set_default_priority() priorities.
+The new approach is for it to try and negotiate all secure and
+standard mechanisms available. Currently, DH_ANON ciphersuites and
+LZO compressions are not enabled by default, because they are,
+respectively, insecure and non-standardized. Note that TLS 1.2 will
+not be enabled by default in non-experimental release until it has
+been approved by the IETF.
+
+** gnutls-cli and gnutls-serv now uses the library's default priorities.
+This means that to get DH_ANON and LZO compression, you'll need to
+specify that manually using '--kx anon' or '--comp lzo'.
+
+** Minor fixes to the human display format of X.509 certificates.
+
+** New APIs to extract Distinguished Name's from X.509 certificates.
+Based on patch from Howard Chu <hyc@symas.com>.
+
+** Improved library searching for opencdk.
+It will now add the appropriate -R or -Wl,-rpath flags as necessary.
+The deprecated opencdk.m4 is no longer used.
+
+** New APIs to list supported algorithms in the library.
+The APIs are gnutls_cipher_list, gnutls_mac_list,
+gnutls_compression_list, gnutls_protocol_list,
+gnutls_certificate_type_list, gnutls_kx_list, and
+gnutls_cipher_suite_info. Suggested by Howard Chu <hyc@symas.com>.
+
+** The gnutls_x509_crt_get_key_id API now handle non-RSA/DSA keys.
+
+** New configure option --disable-tls-authorization to disable tls-authz.
+
+** Fix prototype for `gnutls_psk_set_client_credentials'.
+The last parameter was renamed from 'flags' to 'format' and the type
+changed from 'unsigned int' to 'gnutls_psk_key_flags' (an enum type),
+which shouldn't cause any ABI changes. Reported by ludo@chbouib.org
+(Ludovic Courtès).
+
+** Fix allocation in gnutls_certificate_set_openpgp_key.
+Tiny patch from ludo@chbouib.org (Ludovic Courtès).
+
+** API and ABI modifications:
+gnutls_x509_dn_t: ADD.
+gnutls_x509_ava_st: ADD.
+gnutls_x509_crt_get_subject,
+gnutls_x509_crt_get_issuer: ADD.
+gnutls_x509_dn_get_rdn_ava: ADD.
+gnutls_cipher_list: ADD.
+gnutls_mac_list: ADD.
+gnutls_compression_list: ADD.
+gnutls_protocol_list: ADD.
+gnutls_certificate_type_list: ADD.
+gnutls_kx_list: ADD.
+gnutls_cipher_suite_info: ADD.
+
+* Version 1.7.7 (released 2007-02-22)
+
+** Support for supplemental handshake messages and authorization data.
+Supplemental data is described in RFC 4680 and the authorization
+extensions in draft-housley-tls-authz-extns-07.
+
+** Support for authorization data in gnutls-cli and gnutls-serv.
+New parameters --authz-x509-attr-cert and --authz-saml-assertion.
+
+** Fix for gnutls_x509_crt_check_hostname.
+Before it would have reported that the certificate matched a hostname
+when it did not have any dNSName or any CN field. Report and tiny
+patch from "Richard W.M. Jones" <rjones@redhat.com>.
+
+** New self test for RFC 2818 comparison in gnutls_x509_crt_check_hostname.
+Tests regressions of the bug, and several other features.
+
+** GnuTLS now matches URI's with IP Addresses against iPAddress SAN's.
+Before there were no support for iPAddress SAN's during comparison.
+
+** New API to print information about CRL's.
+The function is gnutls_x509_crl_print.
+
+** New API to extract signature value from CRL's.
+The function is gnutls_x509_crl_get_signature.
+
+** Support for directoryName Subject Alternative Name's.
+The gnutls_x509_crt_get_subject_alt_name function returns the DN as a
+string in the provided buffer.
+
+** Internal improvements to certtool.
+It uses gnutls_x509_crl_print to print CRL information. It uses some
+more gnulib modules to simplify error handling.
+
+** API and ABI modifications:
+GNUTLS_HANDSHAKE_SUPPLEMENTAL: ADD, new gnutls_handshake_description_t element.
+gnutls_supplemental_data_format_type_t: ADD.
+gnutls_authz_data_format_type_t: ADD.
+gnutls_supplemental_get_name: ADD.
+gnutls_authz_recv_callback_func,
+gnutls_authz_send_callback_func: ADD, callback prototypes.
+gnutls_authz_enable: ADD.
+gnutls_authz_send_x509_attr_cert,
+gnutls_authz_send_saml_assertion,
+gnutls_authz_send_x509_attr_cert_url,
+gnutls_authz_send_saml_assertion_url: ADD.
+GNUTLS_SAN_DN: ADD, new gnutls_x509_subject_alt_name_t element.
+gnutls_x509_crl_print: ADD.
+gnutls_x509_crl_get_signature: ADD.
+
+* Version 1.7.6 (released 2007-02-12)
+
+** Support for 'otherName' Subject Alternative Names.
+The existing API gnutls_x509_crt_get_subject_alt_name may now return
+the new type GNUTLS_SAN_OTHERNAME together with the otherName value.
+To find out the otherName OID (necessary for proper parsing of the
+value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid.
+For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will
+return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to
+simplify OID matching. Suggested by Matthias Wimmer <m@tthias.eu>.
+
+** Certtool can print otherName SAN values for certificates.
+For known otherName OIDs (currently only id-on-xmppAddr as defined by
+RFC 3920), it will also print the name.
+
+** Fix TLS 1.2 RSA signing in servers.
+Before it used the old-style MD5+SHA1 signature, but the TLS
+signatures should be normal PKCS#1 signatures. FYI, we use and
+require that DigestInfo parameters are present and NULL for TLS 1.2.
+
+** Add APIs to access X.509 extensions sequentially.
+The existing APIs gnutls_x509_crt_get_extension_oid() and
+gnutls_x509_crt_get_extension_by_oid() does not permit callers to
+inspect the extensions in the order defined by the certificate.
+
+** Add API to extract signature value from X.509 certificates.
+The function is gnutls_x509_crt_get_signature.
+
+** Fix crash when generating proxy certificates in batch mode.
+If you don't specify a proxy policy in batch mode, it will use
+id-ppl-inheritALL.
+
+** Add API to print information about X.509 certificates.
+The function is gnutls_x509_crt_print.
+
+** Certtool uses the new API gnutls_x509_crt_print to print certificate info.
+One consequence of this is that the output syntax has changed
+slightly. Some more fields are printed.
+
+** Doc fixes.
+
+** API and ABI modifications:
+gnutls_x509_crt_print: ADD
+gnutls_certificate_print_formats_t: ADD, new enum.
+gnutls_x509_crt_get_signature: ADD.
+gnutls_x509_crt_get_extension_data: ADD.
+gnutls_x509_crt_get_extension_info: ADD.
+gnutls_x509_crt_get_subject_alt_othername_oid: ADD.
+GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element.
+GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element.
+
+* Version 1.7.5 (released 2007-02-06)
+
+** Servers won't negotiate SRP RSA/DSS cipher suites if no SRP credential
+** is set.
+
+** Default behaviour for the gnutls-cli and gnutls-serv tools improved.
+
+** Fix --list output for gnutls-cli and gnutls-serv.
+Mention TLS1.2, SHA512 etc.
+
+** Manual contains new section on setting up a test HTTP server.
+A server set up following those descriptions are available online via
+<http://www.gnutls.org/server.html>.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.4 (released 2007-02-05)
+
+** Support for RSA signing using SHA-256/384/512.
+A new self test "sha2" tries to build a long X.509 certificate chain
+testing all new hashes.
+
+** The gnutls-serv tool now use static DH parameters if none are supplied.
+
+** Discuss proxy certificates in the manual.
+
+** Improve bibliographical citations in the manual.
+
+** Update of gnulib files.
+
+** Fix certtool template handling of pathLenConstraints.
+It now defaults to -1 instead of 0, which causes the field to be
+missing unless the template specify it.
+
+** API and ABI modifications:
+GNUTLS_MAC_SHA256,
+GNUTLS_MAC_SHA384,
+GNUTLS_MAC_SHA512: New gnutls_mac_algorithm_t values.
+GNUTLS_DIG_SHA256,
+GNUTLS_DIG_SHA384,
+GNUTLS_DIG_SHA512: New gnutls_digest_algorithm_t values.
+GNUTLS_SIGN_RSA_SHA256,
+GNUTLS_SIGN_RSA_SHA384,
+GNUTLS_SIGN_RSA_SHA512: New gnutls_sign_algorithm_t values.
+
+* Version 1.7.3 (released 2007-02-01)
+
+** New option to certtool: --generate-proxy.
+This will generate a Proxy Certificate from an end entity certificate.
+Proxy Certificates are documented in RFC 3820. You will need to
+specify the proxy certificate's private key with --load-privkey, the
+user certificate with --load-certificate and the private key used to
+sign the new proxy certificate with --load-ca-privkey. Certtool will
+query for proxy path length and the policy language OID. Currently
+only OIDs that have an empty policy are supported (which includes the
+two OIDs defined by RFC 3820).
+
+** Certtool --certificate-info now prints information for Proxy Certificates.
+Before the proxy extension was just printed as DER encoded data.
+
+** New APIs to set proxy subject names and get/set proxy cert extension.
+
+** Fix parsing of pathLenConstraints in BasicConstraints with missing cA.
+
+** Added self-test to test for regressions of pathLenConstraint bug.
+Incidentally, this also test (some) other regressions or changes in
+the output from certtool --certificate-info.
+
+** When certtool generates CA certificates, pressing enter on the path
+** length constraint query will now remove the field.
+Before it set the path length constraint to 0, which is a rather poor
+default.
+
+** Certtool now print times in UTC when printing certificate/CRL info.
+
+** Add better fix to work around C++ compiler bug on Mac OS X.
+Reported and tiny patch provided by Matthias Scheler <tron@NetBSD.org>.
+
+** Fix import of ASCII armored OpenPGP keys.
+Patch by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+gnutls_x509_crt_set_proxy_dn: ADD.
+gnutls_x509_crt_set_proxy: ADD.
+gnutls_x509_crt_get_proxy: ADD.
+
+* Version 1.7.2 (released 2007-01-14)
+
+** Certtool now print the value of the pathLenConstraints field for certs.
+
+** Certtool now query for path length constraints when generating CA certs.
+For batch uses, the certtool configuration name is "path_len".
+Suggested by Sascha Ziemann <sascha.ziemann@secunet.com>.
+
+** Add new API to get/set pathLenConstraint in the Basic Constraints.
+The new functions gnutls_x509_crt_get_basic_constraints and
+gnutls_x509_crt_set_basic_constraints provide a superset of the
+functionality in the old gnutls_x509_crt_get_ca_status and
+gnutls_x509_crt_set_ca_status (respectively), but the old functions
+will continue to be supported.
+
+** Add new API in OpenCDK to extract public/secret OpenPGP key to S-expr.
+The functions are cdk_pubkey_to_sexp and cdk_seckey_to_sexp. A proper
+OpenCDK release with this patch will be made soon, which should bump
+the OpenCDK version number. Patch by Mario Lenz <mario.lenz@gmx.net>.
+
+** Certtool --to-p12 can now store more than one certificate in the blob.
+Before it could only store one certificate, but now it will read and
+store as many certificate there are from the --load-certificate file.
+Suggested by Sascha Ziemann <sascha.ziemann@secunet.com>.
+
+** Clean up separation of gnutls and gnutls-extra for OpenPGP.
+In particular, the OpenPGP function variables are no longer part of
+the exported libgnutls interface, and no header files from
+libgnutls-extra (GPL) are needed by libgnutls (LGPL). The variables
+were never intended for non-internal purposes, and thus this does not
+imply a change in the external API/ABI.
+
+** Print URL to gaa when missing, and fix srcdir!=builddir for GAA files.
+Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** GnuTLS no longer uses -mms-bitfields --enable-runtime-pseudo-reloc.
+Before these parameters were set to make GnuTLS build under mingw32,
+however, they appear to no longer be necessary.
+
+** A minor fix to the C++ library to make it build.
+Reported by Pavlov Konstantin <thresh@altlinux.ru>.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_basic_constraints: ADD.
+gnutls_x509_crt_set_basic_constraints: ADD.
+cdk_pubkey_to_sexp: ADD (in opencdk).
+cdk_seckey_to_sexp: ADD (in opencdk).
+
+* Version 1.7.1 (released 2006-12-28)
+
+** TLS 1.2 server side fix.
+The Certificate Request sent did not contain the list of supported
+hashes field, thus violating the protocol. It will now contain an
+empty list. Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** TLS 1.2 DSA signature verification fix.
+Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** Fix the list of trusted CAs that server's send to clients.
+Before, the list contained issuer DN's instead of subject DN's of the
+trusted CAs. Reported by Max Kellermann <max@duempel.org>.
+
+** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it.
+Also added a self-test in tests/certificate_set_x509_crl.c to test the
+function. Reported by Max Kellermann <max@duempel.org>.
+
+** Encode UID fields in DN's as DirectoryString.
+Before GnuTLS encoded and parsed UID fields as IA5String. This was
+incorrect, it should have used DirectoryString. Now it will use
+DirectoryString for the UID field, but for backwards compatibility it
+will also accept IA5String UID's. Reported by Max Kellermann
+<max@duempel.org>.
+
+** Improve out-of-sourcedir builds from CVS.
+Reported by ludovic.courtes@laas.fr (Ludovic Courtès).
+
+** Bootstrap tools changed.
+We now require autoconf 2.61, automake 1.10, and gettext 0.16, when
+building GnuTLS from CVS. Libtool 1.5.22 is used.
+
+** Fixed a syntax error in lib/gnutls.asn.
+Reported by Paul Millar <p.millar@physics.gla.ac.uk>.
+
+** Added German translation of GnuTLS messages.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.7.0 (released 2006-11-29)
+
+** The default protocol priority try TLS 1.1 and TLS 1.2 too.
+The details is that the protocol priority set by
+`gnutls_set_default_priority' has been changed from TLS 1.0 and SSL
+3.0 to TLS 1.2, TLS 1.1, TLS 1.0 and SSL 3.0.
+
+** Preliminary support for TLS 1.2.
+The client has been successfully tested against
+https://www.mikestoolbox.org:4433/.
+
+** Anonself test now print a lot of debugging info, including TLS version.
+
+** Doc fixes in OpenCDK, to avoid some gtk-doc warnings.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+GNUTLS_TLS1_2: New gnutls_protocol_t enum member.
+
+*** Pulled up from stable 1.6.x branch:
+
+** Fix ./configure failure with non-GCC compilers.
+This fixes the following error message:
+configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined.
+Reported by "Michael C. Vergallen" <mvergall@telenet.be>.
+
+* Version 1.6.3 (released 2007-05-26)
+
+** New API functions to extract DER encoded X.509 Subject/Issuer DN.
+Suggested by Nate Nielsen <nielsen-list@memberwebs.com>. Backported
+from the 1.7.x branch, see
+<http://lists.gnu.org/archive/html/help-gnutls/2007-05/msg00029.html>.
+
+** Have PKCS8 parser return better error codes.
+Reported by Nate Nielsen <nielsen-list@memberwebs.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001653.html> and
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-May/001654.html>.
+
+** Fix mem leak for sessions with client authentication via certificates.
+Reported by Andrew W. Nosenko <andrew.w.nosenko@gmail.com>, see
+<http://lists.gnupg.org/pipermail/gnutls-dev/2007-April/001539.html>.
+
+** Fix building of 'tlsia' self test.
+Earlier some gcc are known to build tlsia linking to
+$prefix/lib/libgnutls-extra.so rather than the libgnutls-extra.so in
+the build directory, even though command line parameters look OK.
+Changing order of some parameters fixes it.
+
+** API and ABI modifications:
+gnutls_x509_crt_get_raw_issuer_dn: ADD.
+gnutls_x509_crt_get_raw_dn: ADD.
+
+* Version 1.6.2 (released 2007-04-18)
+
+** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields.
+Before, we remove the parameters field, which resulted in a slightly
+different DER encoding which in turn caused signature verification
+failures of GnuTLS-generated RSA certificates in some other
+implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs
+you read, this may or may not be correct, but our new behaviour appear
+to be consistent with other widely used implementations.
+
+** Regenerate the PKIX ASN.1 syntax tree.
+For some reason, after changing the ASN.1 type of ldap-UID in the last
+release, the generated C file built from the ASN.1 schema was not
+refreshed. This can cause problems when reading/writing UID
+components inside X.500 Distinguished Names. Reported by devel
+<dev001@pas-world.com>.
+
+** Updated translations.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.6.1 (released 2006-12-28)
+
+** Fix the list of trusted CAs that server's send to clients.
+Before, the list contained issuer DN's instead of subject DN's of the
+trusted CAs. Reported by Max Kellermann <max@duempel.org>.
+
+** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it.
+Reported by Max Kellermann <max@duempel.org>.
+
+** Encode UID fields in DN's as DirectoryString.
+Before GnuTLS encoded and parsed UID fields as IA5String. This was
+incorrect, it should have used DirectoryString. Now it will use
+DirectoryString for the UID field, but for backwards compatibility it
+will also accept IA5String UID's. Reported by Max Kellermann
+<max@duempel.org>.
+
+** Fix ./configure failure with non-GCC compilers.
+This fixes the following error message:
+configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined.
+Reported by "Michael C. Vergallen" <mvergall@telenet.be>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.6.0 (released 2006-11-17)
+
+** No changes since 1.5.5.
+The major changes compared to the 1.4.x branch are:
+
+*** A GnuTLS C++ library is part of the official distribution.
+Currently there are no examples or documentation, but hopefully this
+will change. See gnutlsxx.h for the API.
+
+*** Windows is a supported platform.
+There are, however, two know bugs. One is related to select() in
+command line tools (not, nota bene, in the library), the other is a
+problem with libgcrypt that causes delays. Help is needed to resolve
+those issues, so we feel we can't delay the release because of this.
+
+*** New APIs for custom push/pull function error reporting.
+The new APIs are gnutls_transport_set_errno and
+gnutls_transport_set_global_errno. See the release notes for version
+1.5.4 for more information.
+
+*** Self tests are run under valgrind, if available. See --disable-valgrind.
+
+* Version 1.5.5 (released 2006-11-16)
+
+** Correctly bump shared library version after adding new APIs.
+This was forgotten in the last release.
+
+** Fix unsigned vs signed problem in ex-x509-info.c example.
+Reported by Tim Kosse <tim.kosse@filezilla-project.org>.
+
+** Fix the rsa-md5-collision self test to work for MinGW+Wine.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.4 (released 2006-11-07)
+
+** New API functions to set errno in push/pull functions.
+Under Windows, setting the errno variable in a push/pull replacement
+may end up setting the wrong errno variable, and GnuTLS send/recv
+functions become confused about the real errno returned from a failed
+push/pull function. Therefor, we have added two APIs to set the errno
+variable used by GnuTLS. The APIs can also help to keep things
+thread-safe, by avoiding potentially global variables. Typically,
+instead of setting errno in your push/pull function, you will call one
+of these functions. It is recommended to use
+gnutls_transport_set_errno, but if you don't have the session variable
+easily accessible in the push/pull replacement function, you can use
+gnutls_transport_set_global_errno. Suggested by Tim Kosse
+<tim.kosse@filezilla-project.org>.
+
+void gnutls_transport_set_errno (gnutls_session_t session, int err);
+void gnutls_transport_set_global_errno (int err);
+
+** When calling `recv' or `send' Windows errors are handled properly.
+The Windows recv/send functions doesn't use errno, and GnuTLS now use
+WSAGetLastError to access the error condition instead.
+
+** Several OpenPGP API fixes.
+All suggested by ludovic.courtes@laas.fr (Ludovic Courtès). The most
+important fix is to change the return value of
+gnutls_openpgp_privkey_get_pk_algorithm and
+gnutls_openpgp_key_get_pk_algorithm from 'int' to
+'gnutls_pk_algorithm_t', which is an enum type (and thus API/ABI
+compatible with 'int').
+
+** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+** version, try to negotiate the highest version support by the GnuTLS server,
+** instead of the lowest.
+Reported by <Pasi.Eronen@nokia.com>.
+
+** Replace old constructs with use of gnulib modules.
+For example, we can now assume unistd.h, sys/stat.h, sys/socket.h in
+the code. If the headers doesn't exist on the target system, gnulib
+will make sure its replacement header files are used instead.
+
+** Fix SOVERSION computation for *.def files.
+This fixes build errors similar to "No rule to make target
+`libgnutls-`expr', needed by `all-am'." when building for Windows.
+
+** gnutls_check-version uses strverscmp from gnulib.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+gnutls_transport_set_errno: ADD
+gnutls_transport_set_global_errno: ADD
+
+* Version 1.5.3 (released 2006-10-26)
+
+** Add new self-test of RSA-MD5 signature chains.
+Note that we already, since GnuTLS 1.2.9, reject RSA-MD5 signatures
+when verifying X.509 chains. The code is in tests/rsa-md5-collision/
+and is based on the work by Marc Stevens et al, see
+<http://www.win.tue.nl/hashclash/TargetCollidingCertificates/>.
+
+** Re-factor self tests.
+
+** The include copy of Libtasn1 is updated to version 0.3.7.
+
+** The included copy of OpenCDK is updated to version 0.5.11.
+
+** Fix the filename of the *.def file on Windows after library version bump.
+
+** Separated the gnulib directory into one for LGPL modules and one for GPL.
+This allows the GPL'd part of GnuTLS to take advantage of the GPL'd
+gnulib modules. Earlier we could only use the LGPL'ed module from
+gnulib, because two gnulib directories in the same project didn't
+work.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.2 (released 2006-10-03)
+
+** Decrement the shared library version back to 13 (as in the 1.4.x branch).
+Note that if you installed 1.5.0 or 1.5.1, they will have a higher
+shared library version than this version, so you'll have to remove
+them and possibly relink your applications. The reason for this is
+that no API/ABI changes have been made since the 1.4.x branch, and
+that incrementing the shared library version was a mistake. Reported
+by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Fix off-by-one error when computing length to malloc.
+The code is used by gnutls_openpgp_add_keyring_file and
+gnutls_openpgp_add_keyring_mem. Reported by "Adam Langley"
+<agl@imperialviolet.org>.
+
+** Add version script for the GnuTLS C++ library.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Fix the C++ compiler detection logic.
+Reported by Andreas Metzler <ametzler@downhill.at.eu.org>.
+
+** Update of gnulib files.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.1 (released 2006-09-21)
+
+** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
+** Crypto 06 rump session attack.
+In particular, we check that the digestAlgorithm.parameters field is
+missing or empty, to avoid that it can contain "garbage" that may be
+used to alter the numeric properties of the signature. See
+<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
+not exactly the same as the problem we fix here). Reported by Yutaka
+OIWA <y.oiwa@aist.go.jp>.
+
+See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
+up to date information.
+
+** Add self test to test for above flaw.
+
+** Fix gnutls-cli-debug regarding resume support detection.
+Earlier, if the session-id from the server had a length of 0, it would
+indicate that the server supports resumption, which isn't the case.
+Reported by Kataja Kai <kai.kataja@op.fi>.
+
+** Fix building of examples on FreeBSD by including netinet/in.h.
+Reported by Roman Bogorodskiy <novel@FreeBSD.org>.
+
+** Fix certtool bug that caused the private key to not be loaded when
+generating a certificate with --load-request, which in turn triggered
+another unrelated bug in gnutls_x509_crt_sign2 (also fixed). Reported
+by Sascha Ziemann <sascha.ziemann@secunet.com>.
+
+** gnutls-cli and gnutls-serv works on Windows.
+The problem was the select() call that doesn't work on file
+descriptors (stdin) on Windows. We borrowed some code from plibc to
+solve this. It appears to be somewhat unreliable though.
+
+** Autoconf 2.60 is now used.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.5.0 (released 2006-08-13)
+
+** Change SRP and Cert-Type extensions to match IANA registry.
+
+** Fixed bug in OpenPGP authentication handshake.
+
+** Improvements for building under MinGW.
+Provides internal inet_ntop and inet_pton functions and arpa/inet.h
+header. Calls WSAStartup and WSACleanup in gnutls_global_init and
+gnutls_global_deinit, respectively. Loads getaddrinfo and getnameinfo
+at run-time from ws2_32.dll, and falls back on a simple replacement if
+it is not available. Builds the library with -mms-bitfields
+-Wl,--enable-runtime-pseudo-reloc. Links with --output-def, to
+create *.def files, which are installed.
+
+** The examples now (conditionally) include config.h and link to gnulib.
+No other source changes were necessary, so the examples should
+continue to be possible to use stand-alone without any autoconf or
+gnulib stuff.
+
+** Added C++ header "gnutlsxx.h" and library "libgnutlsxx".
+You may unconditionally disable it with --disable-cxx. See
+includes/gnutls/gnutlsxx.h and lib/gnutlsxx.cpp for the
+implementation.
+
+** Made command line tool '--version' behave according to GNU Standards.
+This enables 'make distcheck' to succeed.
+
+** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support.
+
+** Make --without-included-libtasn1 work.
+Reported by Daniel Black <dragonheart@gentoo.org>.
+
+** Fix a crash (strcmp() on a NULL value) in the certificate verification logic.
+See http://www.gnu.org/software/gnutls/security.html regardging
+GNUTLS-SA-2006-2 for more up to date information. Reported by
+satyakumar <satyam_kkd@hyd.hellosoft.com>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.5 (released 2006-11-06)
+
+** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS
+** version, try to negotiate the highest version support by the GnuTLS server,
+** instead of the lowest.
+Reported by <Pasi.Eronen@nokia.com>.
+
+** Fix typo in doc/examples/ex-serv-pgp.c.
+Reported by Adam Langley" <agl@imperialviolet.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.4 (released 2006-09-12)
+
+** Relax the test that caught signatures that exploit the variant of
+** Bleichenbacher's Crypto 06 rump session attack on our
+** verification logic flaw.
+In particular, we now permit the digestAlgorithm.parameters field to
+be present but empty, whereas in 1.4.3 we actually checked that the
+field was absent.
+
+** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem.
+The messages are only printed in debug mode, which is not recommended
+for normal use, and thus logging this situation cannot be abused as an
+oracle in typical recommended situations.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.3 (released 2006-09-08)
+
+** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's
+** Crypto 06 rump session attack.
+In particular, we check that the digestAlgorithm.parameters field is
+empty, to avoid that it can contain "garbage" that may be used to
+alter the numeric properties of the signature. See
+<http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html> (which is
+not exactly the same as the problem we fix here). Reported by Yutaka
+OIWA <y.oiwa@aist.go.jp>.
+
+See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more
+up to date information.
+
+** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack.
+See <http://www.bell-labs.com/user/bleichen/papers/pkcs.ps.gz>.
+Reported by Werner Koch <wk@gnupg.org>.
+
+See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more
+up to date information.
+
+** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.2 (released 2006-08-12)
+
+** Fix a crash (strcmp() on a NULL value) in the certificate verification logic.
+This can happen if you call gnutls_certificate_verify_peers2 and have
+a certain mix of local CA certificates and the peer send special
+certificates, that together trigger certain behaviour. It is not
+known at this point whether the crash can be triggered without the
+special local CA certificate, and thus turn this into a remote crash
+of clients that verify server certificates when they talk to a server
+with the special server certificate. See GNUTLS-SA-2006-2 on
+http://www.gnu.org/software/gnutls/security.html for more up to date
+information. Reported by satyakumar <satyam_kkd@hyd.hellosoft.com>.
+
+** Change SRP and Cert-Type extensions to match IANA registry.
+
+** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support.
+
+** Make --without-included-libtasn1 work.
+Reported by Daniel Black <dragonheart@gentoo.org>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.1 (released 2006-06-14)
+
+** Replaced inactive ifdefs to enable openpgp support in test programs.
+
+** Fixed bug in OpenPGP authentication handshake.
+
+** Fixed typographical in man pages.
+
+** Build fixes of the manual.
+
+** Added Swedish translation.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.4.0 (released 2006-05-15)
+
+** Remove GnuTLS 0.8.x compatibility functions.
+
+** The libgcrypt RNG is initialized in gnutls_global_init().
+
+** TLS/IA API changes from Emile van Bergen.
+A dummy credential structure is not needed now, if you wish to use the
+low-level TLS/IA API, simply call gnutls_ia_enable to enable TLS/IA on
+a session.
+
+** The self-tests are now run under valgrind, if it is installed.
+
+** Libtasn1 is updated to 0.3.4, and that version is now required.
+
+** The command line tools now use getaddrinfo and support IPv6.
+
+** API and ABI modifications:
+_gnutls_x509_get_raw_crt_activation_time,
+_gnutls_x509_get_raw_crt_expiration_time: Removed.
+gnutls_ia_require_inner_phase: Removed, replaced by gnutls_ia_enable.
+gnutls_ia_enable: Added.
+
+* Version 1.3.5 (released 2006-03-08)
+
+** Error messages are now translated using GNU Gettext.
+
+** The function gnutls_x509_crt_to_xml now return an internal error.
+This means that the code to convert X.509 certificates to XML format
+does not work any more. The reason is that the function called
+libtasn1 internal functions. It seems unclean for libtasn1 to export
+the APIs needed here. Instead it would be better to implement XML
+support inside libtasn1 properly. If you need this functionality
+strongly, please consider looking into implementing this suggested
+approach instead. As a workaround, you may also modify lib/x509/xml.c
+(change '#if 1' to '#if 0') and build using --with-included-libtasn1.
+
+** Libraries are now built with libtool's -no-undefined.
+This helps producing libraries for Windows using mingw32.
+
+** Doc fixes to explain that gnutls_record_send can block.
+
+** Libtasn1 0.3.1 or later is now required.
+The include copy has been updated too.
+
+** gnutls-cli can now recognize services and port numbers with the -p option.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.3.4 (released 2006-02-09)
+
+** Fix read of out bounds bug in DER parser.
+Reported by Evgeny Legerov <admin@gleg.net>, and debugging help from
+Protover SSL. Libtasn1 0.2.18 is now required, which contains the
+previous bug fix. The included libtasn1 version in GnuTLS has been
+updated.
+
+** Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no
+longer invalidate a session if the underlying send fails, but it will
+prevent future writes. That is to allow reading the already received data.
+Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org>
+
+** Corrected bugs in gnutls_certificate_set_x509_crl() and
+gnutls_certificate_set_x509_trust(), that caused memory corruption if
+more than one certificates were added. Report and patch by Max Kellermann.
+
+** Fix build problems of OpenCDK on AIX.
+Thanks to "Heiden, John" <JHeiden@UTNet.UToledo.Edu>.
+
+** API and ABI modifications:
+No changes since last version.
+
+* Version 1.3.3 (released 2006-01-12)
+
+** New API to access the TLS master secret.
+When possible, you should use the TLS PRF functions instead.
+Suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
+
+** Improved handling when multiple libraries use GnuTLS at the same time.
+Now gnutls_global_init() can be called multiple times, and
+gnutls_global_deinit() will only deallocate the structure when it has
+been called as many times as gnutls_global_init() was called.
+
+** Added a self test of TLS resume functionality.
+
+** Fix crash in TLS resume code, caused by TLS/IA changes.
+
+** Documentation fixes about thread unsafety, prompted by
+** discussion with bryanh@giraffe-data.com (Bryan Henderson).
+In particular, gnutls_global_init() and gnutls_global_deinit() are not
+thread safe. Careful callers may want to protect the call using a
+mutex. The problem could also be ignored, which would cause a memory
+leak under rare conditions when two threads invoke the function
+roughly at the same time.
+
+** Add 'const' keywords in various places, from Frediano ZIGLIO.
+
+** The code was indented again, including the external header files.
+
+** API and ABI modifications:
+New functions to retrieve the master secret value:
+ gnutls_session_get_master_secret
+
+Add a 'const' keyword to existing API:
+ gnutls_x509_crq_get_challenge_password
+
+* Version 1.3.2 (released 2005-12-15)
+
+** GnuTLS now support TLS Inner application (TLS/IA).
+This is per draft-funk-tls-inner-application-extension-01. This
+functionality is added to libgnutls-extra, so it is licensed under the
+GNU General Public License.
+
+** New APIs to access the TLS Pseudo-Random-Function (PRF).
+The PRF is used by some protocols building on TLS, such as EAP-PEAP
+and EAP-TTLS. One function to access the raw PRF and one to access
+the PRF seeded with the client/server random fields are provided.
+Suggested by Jouni Malinen <jkmaline@cc.hut.fi>.
+
+** New APIs to acceess the client and server random fields in a session.
+These fields can be useful by protocols using TLS. Note that these
+fields are typically used as input to the TLS PRF, and if this is your
+intended use, you should use the TLS PRF API that use the
+client/server random field directly. Suggested by Jouni Malinen
+<jkmaline@cc.hut.fi>.
+
+** Internal type cleanups.
+The uint8, uint16, uint32 types have been replaced by uint8_t,
+uint16_t, uint32_t. Gnulib is used to guarantee the presence of
+correct types on platforms that lack them. The uint type have been
+replaced by unsigned.
+
+** API and ABI modifications:
+New functions to invoke the TLS Pseudo-Random-Function (PRF):
+ gnutls_prf
+ gnutls_prf_raw
+
+New functions to retrieve the session's client and server random values:
+ gnutls_session_get_server_random
+ gnutls_session_get_client_random
+
+New function, to perform TLS/IA handshake:
+ gnutls_ia_handshake
+
+New function to decide whether to do a TLS/IA handshake:
+ gnutls_ia_handshake_p
+
+New functions to allocate a TLS/IA credential:
+ gnutls_ia_allocate_client_credentials
+ gnutls_ia_free_client_credentials
+ gnutls_ia_allocate_server_credentials
+ gnutls_ia_free_server_credentials
+
+New functions to handle the AVP callback:
+ gnutls_ia_set_client_avp_function
+ gnutls_ia_set_client_avp_ptr
+ gnutls_ia_get_client_avp_ptr
+ gnutls_ia_set_server_avp_function
+ gnutls_ia_set_server_avp_ptr
+ gnutls_ia_get_server_avp_ptr
+
+New functions, to toggle TLS/IA application phases:
+ gnutls_ia_require_inner_phase
+
+New function to mix session keys with inner secret:
+ gnutls_ia_permute_inner_secret
+
+Low-level API (used internally by gnutls_ia_handshake):
+ gnutls_ia_endphase_send
+ gnutls_ia_send
+ gnutls_ia_recv
+
+New functions that can be used after successful TLS/IA negotiation:
+ gnutls_ia_generate_challenge
+ gnutls_ia_extract_inner_secret
+
+Enum type with TLS/IA modes:
+ gnutls_ia_mode_t
+
+Enum type with TLS/IA packet types:
+ gnutls_ia_apptype_t
+
+Enum values for TLS/IA alerts:
+ GNUTLS_A_INNER_APPLICATION_FAILURE
+ GNUTLS_A_INNER_APPLICATION_VERIFICATION
+
+New error codes, to signal when an application phase has finished:
+ GNUTLS_E_WARNING_IA_IPHF_RECEIVED
+ GNUTLS_E_WARNING_IA_FPHF_RECEIVED
+
+New error code to signal TLS/IA verify failure:
+ GNUTLS_E_IA_VERIFY_FAILED
+
+* Version 1.3.1 (released 2005-12-08)
+
+** Support for DHE-PSK cipher suites has been added.
+This method offers perfect forward secrecy.
+
+** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to
+Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>.
+
+** Corrected a bug in certtool for 64 bit machines. Reported
+by Max Kellermann <max@duempel.org>.
+
+** New function to set a X.509 private key and certificate pairs, and/or
+CRLs, from an PKCS#12 file, suggested by Emile van Bergen
+<emile@e-advies.nl>.
+
+The integrity of the PKCS#12 file is protected through a password
+based MAC; public-key based signatures for integrity protection are
+not supported. PKCS#12 bags may be encrypted using password derived
+symmetric keys, public-key based encryption is not supported. The
+PKCS#8 keys may be encrypted using passwords. The API use the same
+password for all operations. We believe that any more flexibility
+create too much complexity that would hurt overall security, but may
+add more PKCS#12 related APIs if real-world experience indicate
+otherwise.
+
+** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys,
+reported by Emile van Bergen <emile@e-advies.nl>.
+This will enable "certtool -k -8" to parse those keys.
+
+** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords.
+Use "certtool -p -8" and press press enter at the prompt. Earlier,
+certtool would have encrypted the key using an empty password.
+
+** Certtool now accept --password for --key-info and encrypted PKCS#8 keys.
+Earlier it would have prompted the user for it, even if --password was
+supplied.
+
+** Added self test of PKCS#8 parsing.
+Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and
+pbeWithSHAAnd40BitRC2-CBC) formats are tested. The test is in
+tests/pkcs8.
+
+** API and ABI modifications:
+New function to set X.509 credentials from a PKCS#12 file:
+ gnutls_certificate_set_x509_simple_pkcs12_file
+
+New gnutls_kx_algorithm_t enum type:
+ GNUTLS_KX_DHE_PSK
+
+New API to return session data (basically same as gnutls_session_get_data):
+ gnutls_session_get_data2
+
+New API to set PSK Diffie-Hellman parameters:
+ gnutls_psk_set_server_dh_params
+
+* Version 1.3.0 (2005-11-15)
+
+** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added.
+This add several new APIs, see below. Read the updated manual for
+more information. A new self test "pskself" has been added, that will
+test this functionality.
+
+** The session resumption data are now system independent.
+
+** The code has been re-indented to conform to the GNU coding style.
+
+** Removed the RIPEMD ciphersuites.
+
+** Added a discussion of the internals of gnutls in manual.
+
+** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin.
+
+** Remove trailing comma in enums, for IBM C v6, from Albert Chin.
+
+** Make sure config.h is included first in a few files, from Albert Chin.
+
+** Don't use C++ comments ("//") as they are invalid, from Albert Chin.
+
+** Don't install SRP programs and man pages if --disable-srp-authentication,
+from Albert Chin.
+
+** API and ABI modifications:
+New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK
+
+New gnutls_credentials_type_t credential type:
+ GNUTLS_CRD_PSK
+
+New credential types:
+ gnutls_psk_server_credentials_t
+ gnutls_psk_client_credentials_t
+
+New functions to allocate PSK credentials:
+ gnutls_psk_allocate_client_credentials
+ gnutls_psk_free_client_credentials
+ gnutls_psk_free_server_credentials
+ gnutls_psk_allocate_server_credentials
+
+New enum type for PSK key flags:
+ gnutls_psk_key_flags
+
+New function prototypes for credential callback:
+ gnutls_psk_client_credentials_function
+ gnutls_psk_server_credentials_function
+
+New function to set PSK username and key:
+ gnutls_psk_set_client_credentials
+
+New function to set PSK passwd file:
+ gnutls_psk_set_server_credentials_file
+
+New function to extract PSK user in server:
+ gnutls_psk_server_get_username
+
+New functions to set PSK callback:
+ gnutls_psk_set_server_credentials_function
+ gnutls_psk_set_client_credentials_function
+
+Use size_t instead of int for output size parameter:
+ gnutls_srp_base64_encode
+ gnutls_srp_base64_decode
+
+* Version 1.2.11 (2006-05-11)
+- The function gnutls_x509_crt_to_xml is not supported any more, and
+ return an internal error. The reason is that the function called
+ internal libtasn1 functions which are no longer exported from
+ libtasn1.
+- Updated libtasn1 requirement to 0.3.4 and refreshed internal mintiasn1.
+- Updated gnulib compatibility files.
+- Fixed _gnutls_x509_get_raw_crt_expiration_time and
+ _gnutls_x509_get_raw_crt_activation_time to return (time_t)-1 on errors.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.10 (2006-02-09)
+- Fix read out bounds bug in DER parser. Reported by Evgeny Legerov
+ <admin@gleg.net>, and debugging help from Protover SSL.
+- Libtasn1 0.2.18 is now required (contains the previous bug fix).
+ The included version has been updated too.
+- Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to
+ Otto Maddox <ottomaddox@fastmail.fm> and Nozomu Ando <nand@mac.com>.
+- Corrected a bug in certtool for 64 bit machines. Reported
+ by Max Kellermann <max@duempel.org>.
+- Corrected bugs in gnutls_certificate_set_x509_crl() and
+ gnutls_certificate_set_x509_trust(), that caused memory corruption if
+ more than one certificates were added. Report and patch by Max Kellermann.
+- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no
+ longer invalidate a session if the underlying send fails, but it will
+ prevent future writes. That is to allow reading the already received data.
+ Patches and bug reports by Yoann Vandoorselaere <yoann@prelude-ids.org>
+
+* Version 1.2.9 (2005-11-07)
+- Documentation was updated and improved.
+- RSA-MD2 is now supported for verifying digital signatures.
+- Due to cryptographic advances, verifying untrusted X.509
+ certificates signed with RSA-MD2 or RSA-MD5 will now fail with a
+ GNUTLS_CERT_INSECURE_ALGORITHM verification output. For
+ applications that must remain interoperable, you can use the
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5
+ flags when verifying certificates. Naturally, this is not
+ recommended default behaviour for applications. To enable the
+ broken algorithms, call gnutls_certificate_set_verify_flags with the
+ proper flag, to change the verification mode used by
+ gnutls_certificate_verify_peers2.
+- Make it possible to send empty data through gnutls_record_send,
+ to align with the send(2) API.
+- Some changes in the certificate receiving part of handshake to prevent
+ some possible errors with non-blocking servers.
+- Added numeric version symbols to permit simple CPP-based feature
+ tests, suggested by Daniel Stenberg <daniel@haxx.se>.
+- The (experimental) low-level crypto alternative to libgcrypt used
+ earlier (Nettle) has been replaced with crypto code from gnulib.
+ This leads to easier re-use of these components in other projects,
+ leading to more review and simpler maintenance. The new configure
+ parameter --with-builtin-crypto replace the old --with-nettle, and
+ must be used if you wish to enable this functionality. See README
+ under "Experimental" for more information. Internally, GnuTLS has
+ been updated to use the new "Generic Crypto" API in gl/gc.h. The
+ API is similar to the old crypto/gc.h, because the gnulib code were
+ based on GnuTLS's gc.h.
+- Fix compiler warning in the "anonself" self test.
+- API and ABI modifications:
+gnutls_x509_crt_list_verify: Added 'const' to prototype in <gnutls/x509.h>.
+ This doesn't reflect a change in behaviour,
+ so we don't break backwards compatibility.
+GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value.
+GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value.
+GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2,
+GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values.
+ Use when calling
+ gnutls_x509_crt_list_verify,
+ gnutls_x509_crt_verify, or
+ gnutls_certificate_set_verify_flags.
+GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value,
+ used when broken signature algorithms
+ is used (currently RSA-MD2/MD5).
+LIBGNUTLS_VERSION_MAJOR,
+LIBGNUTLS_VERSION_MINOR,
+LIBGNUTLS_VERSION_PATCH,
+LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS
+ version number, can be used for feature existence
+ tests.
+
+* Version 1.2.8 (2005-10-07)
+- Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers.
+- Don't install the auxilliary libexamples library used by the
+ examples in doc/examples/ on "make install", report and tiny patch
+ from Thomas Klausner <tk@giga.or.at>.
+- If you pass a X.509 CA or PGP trust database to the command line
+ tool, it will now abort the connection if the server certificate
+ validation fails. Use the parameter --insecure to continue even
+ after certificate validation failures. Inspired from discussion
+ with Alexander Kotelnikov <sacha@myxomop.com>.
+- The test for socklen_t has been moved to gnulib.
+- Link failures for duplicate or missing "program_name" symbol has been fixed,
+ patch from Martin Lambers <marlam@marlam.de>.
+- The command line tool and the examples no longer uses mmap or bzero,
+ to make them more portable, patch from Martin Lambers
+ <marlam@marlam.de>.
+- Made the PKCS #12 API handle null passwords. Based on patch by
+ Anton Altaparmakov <aia21@cam.ac.uk>.
+- The GTK-DOC manual should build with current released tools.
+ (But a copy of the output is included, so the tools are not required.)
+- The inet_ntop function is now used through gnulib.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.7 (2005-09-09)
+- The GnuTLS and GnuTLS-extra libraries are now built with versioned symbols.
+- Certtool now complains when reading out-of-range X.509 serial
+ numbers, suggested by Fran <e_agf@yahoo.es>.
+- Certtool now uses the readline library (when available) when reading
+ X.509 serial numbers.
+- Fixed build problems in getpass on uClibc and Mingw32 platforms.
+- Fixed compile warning regarding socklen_t on Mingw32, reported by
+ Martin Lambers <marlam@marlam.de>.
+- Fixed examples in doc/examples/, suggested by Fran <e_agf@yahoo.es>.
+- Gnulib is now used for the core library, enabling future code cleanups.
+- The gnutls-cli tool now use gnutls_certificate_verify_peers2,
+ suggested by Daniel Stenberg <daniel@haxx.se>.
+- Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull.
+- Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros).
+- Disable zlib support if zlib.h is not present.
+- A number of internal cleanups.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.6 (2005-07-16)
+- MiniLZO updated to version 2.01 and moved to separate directory.
+- Collision between system LZO header files and MiniLZO header file
+ fixed, reported by Matthias Urlichs <smurf@smurf.noris.de>.
+- Will now test for liblzo functionality in liblzo2 too, reported by
+ Thomas Klausner <tk@giga.or.at>.
+- Minilibtasn1 is now 0.2.14 (no code changes).
+- Some code changes to avoid GTK-DOC warnings.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.5 (2005-07-03)
+- More builddir != srcdir fixes, reported by Mike Castle
+ <dalgoda@ix.netcom.com>.
+- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn,
+ reported by Adam Langley <alangley@gmail.com>.
+- Corrected some stuff in minilzo detection. Pointed out by
+ Sergey Lipnevich.
+- MiniLZO updated to version 2.00.
+- gnutls_x509_crt_list_import now accept a DER formatted CRL.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.4 (2005-05-28)
+- Corrected some bugs that could affect 64 bit systems.
+- Some corrections in the header files to include the prototype
+ of memmem properly (affected 64 bit systems). Report and patch
+ by Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- Introduced the --fix-key option to certtool, which can be used to
+ regenerate the (optional) parameters in a private key. It should
+ be used together with --key-info.
+- Corrected a bug in certificate chain verification that could lead
+ to marking a trusted chain as non trusted, if the last certificate in
+ the chain was a self signed one.
+- Gnulib portability files were updated.
+- License were updated to reflect new FSF address.
+- API and ABI modifications:
+ No changes since last version.
+
+* Version 1.2.3 (2005-04-28)
+- Corrected bug in record packet parsing that could lead
+ to a denial of service attack.
+- Corrected bug in RSA key export. Previously exported keys
+ can be fixed using certtool. Use certtool -k <infile >outfile
+- API and ABI modifications:
+ gnutls_x509_privkey_fix(): Add.
+
+* Version 1.2.2 (2005-04-25)
+- gnutls_error_to_alert() now considers
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET.
+- Fixed error in session resuming that could cause a crash in a session.
+- Fixed pkcs12 friendly name and local key identifier decoding.
+- Internal cleanups, removed duplicate typedef/struct definitions,
+ and made source code include external include file, to check
+ function prototypes during compile time.
+- API and ABI modifications:
+ No changes since last version. At least not intentional, but due
+ to the include header changes, there may be inadvertant changes,
+ please let us know if you find any.
+
+* Version 1.2.1 (2005-04-04)
+- gnutls_bye() will no longer fail when RDWR is used and application
+ data are available for reading.
+- Added more strict checks for the SRP parameters (g,n), when they
+ are not in the included list.
+- Added warning to certtool when MD5 is being used for digital
+ signatures.
+- Optimizations ("-O2 -finline-functions") are not enabled by default,
+ instead the standard autoconf defaults are used. Use `./configure
+ CFLAGS="-O2 -finline-functions"' to get the old optimizations.
+- Added the option --get-dh-params to certtool, in order to get the
+ parameters included in the library primes and generators.
+- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to
+ allow only trusted Version 1 CAs and introduced
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics.
+- Nettle self tests now build properly, reported by Pierre
+ <pierre42d@9online.fr>.
+- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites.
+ Reported by Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- If the library has been compiled with features disabled, a warning is
+ issued during the compilation of any program.
+- API and ABI modifications:
+ gnutls_x509_crt_list_import(): Add
+ gnutls_x509_crq_get_attribute_by_oid(): Add.
+ gnutls_x509_crq_set_attribute_by_oid(): Add
+ gnutls_x509_crt_set_extension_by_oid(): Add.
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Modify semantics.
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Add, old behaviour.
+
+* Version 1.2.0 (2005-01-27)
+- Added the definitions and OIDs for the RIPEMD-160 hash algorithm.
+- Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and
+ gnutls_x509_crl_sign2().
+- Fixed license header in source code files.
+
+* Version 1.1.23 (2005-01-18)
+- It is now possible to generate PKCS#12 structures without private
+ keys using "certtool --to-p12", suggested by Fabian Fagerholm
+ <fabbe@paniq.net>.
+- Certtool now prints information for the RSA and DSA parameters of
+ certificates and private keys.
+- Corrected the write of CRL distribution points.
+- The certificate chain verification function now checks certificates
+ in the reverse order to minimize the spent resources.
+- Corrected several bugs found by Marcin Garski <mgarski@post.pl>
+- The functions gnutls_x509_crl_get_issuer_dn, gnutls_x509_crq_get_dn,
+ gnutls_x509_crt_get_issuer_dn, gnutls_x509_crt_get_dn, and
+ gnutls_x509_rdn_get now set *sizeof_buf to the buffer length that is
+ required, instead of the string length. That is, the value has been
+ incremented by 1 to account for the terminating zero. Reported by
+ Martin Lambers <marlam@web.de>.
+- Debug output shouldn't crash on platforms that doesn't handle NULL
+ printf %s values. Reported by Michael.Ringe@aachen.utimaco.de.
+- Sync included copy of libtasn1 with version 0.2.13.
+- Client X.509 authenticated connections via gnutls-cli should now work again.
+
+* Version 1.1.22 (2004-11-04)
+- Replace GNU LD version script with Libtool -export-symbols-regex,
+ from Joe Orton <joe@manyfish.co.uk>.
+- Documentation improvements.
+- Code indented using 'indent -i4 -kr'.
+- The API manual is included in Devhelp format. (Was in last release too,
+ but the NEWS entry was forgotten.)
+- The OpenSSL compatibility code now use the internal crypto interface.
+- Added simple self test of OpenSSL compatibility library.
+- Internally, libtool convenience libraries are used.
+- Cleanups to configure.ac.
+
+* Version 1.1.21 (2004-10-27)
+- Print DN of certificates with unknown characters in them, but in hexform
+ only.
+- Added second precision to the X.509 parsing and generation functions.
+- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the
+ actual OID.
+- Add parameter --la-file to libgnutls-config and libgnutls-extra-config,
+ tiny patch contributed by Joe Orton <joe@manyfish.co.uk>.
+- Add pkg-config meta files, suggested by Stéphane LOEUILLET
+ <stephane.loeuillet@tiscali.fr>.
+- Fix memory initializaion bug in gnutls_certificate_set_x509_trust,
+ tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>.
+- Add self test of PKCS#12 functionality in "certtool", based on test
+ vectors from Joe Orton <joe@manyfish.co.uk>.
+- Fix library order in libgnutls*-config --libs output, to permit
+ static linking, reported by Yoann Vandoorselaere
+ <yoann@prelude-ids.org>.
+
+* Version 1.1.20 (2004-10-12)
+- Fix compile problem in gl/getpass.c on some systems.
+
+* Version 1.1.19 (2004-10-07)
+- Fix memory leak in gnutls_certificate_verify_peers and
+ gnutls_certificate_free_credentials, report and patch by Simon
+ Posnjak <simon.posnjak@cetrtapot.si>.
+- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting
+ a key and no certificate to PKCS#12.
+- Fix objdir != srcdir builds, reported by "Gerrit P. Haase"
+ <gp@familiehaase.de>.
+- Fixes faulty getpass implementation in libextra/opencdk/, reported
+ by Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- Uses memmem instead of strnstr in lib/.
+- Using more GNULib portability files, although not yet inside lib/.
+- Added gnutls_certificate_verify_peers to gnutls/compat.h.
+ Nikos deprecated gnutls_certificate_verify_peers in favor of
+ gnutls_certificate_verify_peers2 earlier in the 1.1 branch.
+- Improvements to the manual.
+- Add new example "ex-rfc2818" for certificate verification, from Nikos.
+- Known bug: the library require snprintf. This has not yet been
+ fixed, but will be handled via GNULib later on.
+
+* Version 1.1.18 (2004-08-24)
+- Corrected handling of certificate with dates after year 2038.
+- Corrected DER decoder which could incorrectly treat input as BER and fail.
+- Correct certtool --smime-to-p7 end of line character handling.
+- Added example client and server for anonymous authentication.
+- Added self test that tests anonymous TLS client and server.
+- Added self tests of Nettle and generic crypto layer.
+- Added API reference manual in HTML format in doc/reference/ using GTK-DOC.
+ Online version at <http://www.gnu.org/software/gnutls/reference/>.
+- Assume C89 or better; removed checks for size_t, ptrdiff_t and time_t.
+- Man pages for API functions are included.
+
+* Version 1.1.17 (2004-08-18)
+- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption,
+ reported by Robey Pointer <robey@danger.com>.
+- Generic crypto interface for secret key ciphers, hashes and randomness added.
+ See section "Experimental" within section "COMPILATION ISSUES" in README.
+- Removed length limit on passwords read by 'certtool'.
+- Documentation fixes.
+
+* Version 1.1.16 (2004-08-15)
+- Fix missing gnulib linker parameter when building certtool.
+- Add gnulib module 'progname', needed by module 'error'.
+- Improve building with srcdir != objdir.
+
+* Version 1.1.15 (2004-08-15)
+- Certtool has simplistic --smime-to-p7 to translate RFC 2633 messages into
+ PKCS #7 format.
+- Ported to Mac OS X / Darwin.
+- Ported to FreeBSD.
+
+* Version 1.1.14 (2004-08-09)
+- Documentation converted to Texinfo format.
+- Bug fix of test suite.
+- Configure now print build information, used by Autobuild.
+
+* Version 1.1.13 (2004-08-05)
+- Added simple self test suite.
+
+* Version 1.1.12 (2004-08-02)
+- Updated the SRP authentication to conform to the
+ latest (yet unreleased) draft. Unfortunately this breaks
+ compatibility with previous versions.
+- Changed the makefiles to be more portable.
+- SRP ciphersuites were moved to the gnutls library.
+- Added some default limits in the verification of certificate
+ chains, to avoid denial of service attacks. Also added
+ gnutls_certificate_set_verify_limits() to override them.
+ Issue pointed out by Patrik Hornik <patrik@hornik.sk>.
+- Added gnutls_certificate_verify_peers2().
+
+* Version 1.1.11 (2004-07-16)
+- Added the '_t' suffix to all exported symbols.
+- Fixed bug in RSA encryption, report and patch by Martijn Koster
+ <mak@greenhills.co.uk>.
+- Corrected a bug in certificate verification. Pointed out by
+ Yoann Vandoorselaere <yoann@prelude-ids.org>
+- Added the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flags to the
+ verification functions.
+- The ephemeral DH and RSA parameters are no longer stored in the
+ session resume DB.
+- Do not free the SRP (prime and generator) parameters obtained from the
+ callback if they are the static ones defined in extra.h
+- Eliminated some memory leaks. Reported by Yoann Vandoorselaere.
+
+* Version 1.1.10 (2004-06-12)
+- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name()
+- Corrected bug in TLS renegotiation.
+- Corrected bug in OpenPGP key loading using a callback.
+- gnutls-srpcrypt was renamed to srptool
+- Allow handshake requests by the client.
+- Automatically disable certificate types that do not have corresponding
+ certificates.
+- Added gnutls_auth_client_get_type() and gnutls_auth_server_get_type()
+- Opencdk library is being included if not found.
+- certtool can now add ip address SAN extension.
+- certtool has now support for more X.520 DN attribute types.
+- Better handling of EOF in gnutls_record_recv().
+- _gnutls_deinit() is no longer used. Sessions are not
+ automatically removed any more, on abnormal termination.
+- Corrected session resuming in SRP ciphersuites.
+- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07)
+- Added new functions to allow access to the ephemeral
+ Diffie Hellman parameters.
+- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and
+ gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates.
+- Added the functions gnutls_dh_get_group(), gnutls_dh_get_pubkey() and
+ gnutls_rsa_export_get_pubkey() to retrieve parameters of the DH or
+ RSA-EXPORT key exchange.
+- Some fixes in the session resuming code.
+- Added gnutls_openpgp_keyring_check_id().
+
+* Version 1.1.9 (2004-04-14)
+- Added support for authority key identifier and the extended key usage
+ X.509 extension fields. The certtoool was updated to support them.
+- The RC2 cipher is no more included. The one in libgcrypt is now used.
+- Added batch support to certtool. Now it can use templates.
+
+* Version 1.1.8 (2004-04-07)
+- Implemented all the tests for the SRP group parameters in
+ client side. This may lead to incompatibility with very
+ old gnutls servers.
+- Corrected bug in RSA parameters handling which could cause
+ unexpected crashes.
+- Optimized the copying of rsa_params.
+
+* Version 1.1.7 (2004-03-29)
+- Added gnutls_certificate_set_params_function() and
+ gnutls_anon_set_params_function() that set the RSA or DH
+ parameters using a callback.
+- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()
+ and gnutls_x509_privkey_cpy().
+- Corrected a compilation issue when opencdk was installed in a
+ non standard directory.
+- Deprecated: gnutls_srp_server_set_select_function(),
+ gnutls_certificate_client_set_select_function(), gnutls_srp_server_set_select_function().
+
+* Version 1.1.6 (2004-02-24)
+- Several bug fixes, by Arne Thomassen.
+- Fixed a bug where 'server name' extension was always sent.
+
+* Version 1.1.5 (2004-01-06)
+- Added the gnutls_sign_algorithm type.
+
+* Version 1.1.4 (2004-01-04)
+- Improved gnutls-cli's SRP behaviour in SRP ciphersuites.
+ If they are of highest priority then the abbreviated handshake
+ is used.
+- Removed all references of missing files.
+- Changed handshake behaviour to send the lowest TLS version
+ when an unsupported version was advertized. The current behaviour
+ is to send the maximum version we support.
+- Corrected problem printing the DC attributes in a DN.
+
+* Version 1.1.3 (2003-12-30)
+- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection
+ hack).
+
+* Version 1.1.2 (2003-12-28)
+- Added CRL verification functionality to certtool.
+- Corrected the CRL distribution point extension handling.
+
+* Version 1.1.1 (2003-12-26)
+- Added PKCS #7 support to certtool utility.
+- Added support for reading and generating CRL distribution
+ points extensions in certificates.
+- Added support for generating CRLs in the library and the
+ certtool utility.
+- Added support for the Subject Key ID PKIX extension.
+
+* Version 1.1.0 (2003-12-21)
+- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
+ are no longer returned by the handshake function. Ciphersuites that
+ require temporary parameters are removed when such parameters do not exist.
+- Added the callbacks gnutls_certificate_client_retrieve_function() and
+ gnutls_certificate_server_retrieve_function(), to allow a client or a server
+ to specify certificates for the handshake without storing them to the
+ credentials structure.
+- Added support for generating and exporting DSA private keys.
+- Added gnutls_x509_crt_set_key_usage() and certtool can now set the
+ certificate's key usage.
+- Added gnutls_openpgp_key_get_key_usage().
+
+* Version 1.0.25 (2005-04-27)
+- Corrected bug in record packet parsing that could lead
+ to a denial of service attack.
+- Corrected bug in RSA key export.
+
+* Version 1.0.24 (2005-01-18)
+- Corrected several bugs found by Marcin Garski <mgarski@post.pl>
+
+* Version 1.0.23 (2004-11-13)
+- Replace GNU LD version script with Libtool -export-symbols-regex,
+ from Joe Orton <joe@manyfish.co.uk>.
+- Copy libtasn1 has been updated to version 0.2.11.
+- Corrected the write of CRL distribution points.
+- It is now possible to generate PKCS#12 structures without private
+ keys using "certtool --to-p12", suggested by Fabian Fagerholm
+ <fabbe@paniq.net>.
+
+* Version 1.0.22 (2004-10-28)
+- Print DN of certificates with unknown characters in them, but in hexform
+ only.
+- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the
+ actual OID.
+- Added second precision to the X.509 parsing functions.
+- Add parameter --la-file to libgnutls-config and libgnutls-extra-config,
+ tiny patch contributed by Joe Orton <joe@manyfish.co.uk>.
+- Add pkg-config meta files, suggested by Stéphane LOEUILLET
+ <stephane.loeuillet@tiscali.fr>.
+- Fix memory initializaion bug in gnutls_certificate_set_x509_trust,
+ tiny patch by Aleix Conchillo Flaque <aleix@member.fsf.org>.
+- Fix certtool --password for PKCS #12, back ported from 1.1.x branch.
+- Fix library order in libgnutls*-config --libs output, to permit
+ static linking, reported by Yoann Vandoorselaere
+ <yoann@prelude-ids.org>.
+
+* Version 1.0.21 (2004-10-07)
+- Fix memory leak in gnutls_certificate_verify_peers and
+ gnutls_certificate_free_credentials, report and patch by Simon
+ Posnjak <simon.posnjak@cetrtapot.si>.
+- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting
+ a key and no certificate to PKCS#12.
+- Fix objdir != srcdir builds, reported by "Gerrit P. Haase"
+ <gp@familiehaase.de>.
+- Avoid redefining getpass if system already has it, reported by
+ Yoann Vandoorselaere <yoann@prelude-ids.org>.
+- Add new example "ex-rfc2818" for certificate verification, from Nikos.
+- Known bug: the library require snprintf.
+
+* Version 1.0.20 (2004-08-18)
+- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption,
+ reported by Robey Pointer <robey@danger.com>.
+
+* Version 1.0.19 (2004-08-09)
+- Bug fix of test suite.
+
+* Version 1.0.18 (2004-08-05)
+- Added simple self test suite.
+
+* Version 1.0.17 (2004-08-02)
+- Updated the SRP authentication to conform to the
+ latest (yet unreleased) draft. Unfortunately this breaks
+ compatibility with previous versions.
+- Changed the makefiles to be more portable.
+- Added some default limits in the verification of certificate
+ chains, to avoid denial of service attacks. Also added
+ gnutls_certificate_set_verify_limits() to override them.
+ Issue pointed out by Patrik Hornik <patrik@hornik.sk>.
+- Added gnutls_certificate_verify_peers2().
+
+* Version 1.0.16 (2004-07-10)
+- Do not free the SRP (prime and generator) parameters obtained from the
+ callback if they are the static ones defined in extra.h.
+- Eliminated some memory leaks. Reported by Yoann Vandoorselaere.
+- Some fixes in the makefiles.
+
+* Version 1.0.15 (2004-06-29)
+- Fixed bug in RSA encryption, report and patch by Martijn Koster
+ <mak@greenhills.co.uk>.
+- Corrected a bug in certificate verification. Pointed out by
+ Yoann Vandoorselaere <yoann@prelude-ids.org>.
+
+* Version 1.0.14 (2004-06-12)
+- Automatically disable certificate types that do not have corresponding
+ certificates.
+- Updates in the documentation.
+- certtool can now add ip address SAN extension.
+- certtool has now support for more X.520 DN attribute types.
+- Opencdk library is being included if not found.
+- Added gnutls_openpgp_keyring_check_id().
+- Corrected a serious bug in the included libtasn1 library.
+- Corrected session resuming in SRP ciphersuites.
+- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07)
+- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and
+ gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates.
+- Some fixes in the session resuming code.
+
+* Version 1.0.13 (2004-04-29)
+- Some complilation fixes.
+- Added the --xml parameter to the certtool utility.
+
+* Version 1.0.12 (2004-04-23)
+- Corrected bug in OpenPGP key loading using a callback.
+- Renamed gnutls-srpcrypt to srptool
+- Allow handshake requests by the client.
+* Things backported from the development branch:
+- Added support for authority key identifier and the extended key usage
+ X.509 extension fields. The certtoool was updated to support them.
+- Added batch support to certtool. Now it can use templates.
+- The RC2 cipher is no more included. The one in libgcrypt is now used.
+
+* Version 1.0.11 (2004-04-17)
+- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name()
+- Corrected bug in TLS renegotiation.
+
+* Version 1.0.10 (2004-04-03)
+- Corrected bug in RSA parameters handling which could cause
+ unexpected crashes.
+- Corrected bug in SSL 3.0 authentication.
+
+* Version 1.0.9 (2004-03-29)
+- Added gnutls_certificate_set_params_function() and
+ gnutls_anon_set_params_function() that set the RSA or DH
+ parameters using a callback.
+- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy()
+ and gnutls_x509_privkey_cpy().
+- Corrected a compilation issue when opencdk was installed in a
+ non standard directory.
+- Documented the changes need in multi-threaded application due
+ to the new libgcrypt.
+
+* Version 1.0.8 (2004-02-28)
+- Corrected bug in mutual certificate authentication in SSL 3.0.
+
+* Version 1.0.7 (2004-02-25)
+- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection
+ hack).
+- Some updates in the documentation.
+
+* Version 1.0.6 (2004-02-12)
+* Backported things from the development branch (while maintaining
+ backwards compatibility):
+- Improved gnutls-cli's SRP behaviour in SRP ciphersuites.
+ If they are of highest priority then the abbreviated handshake
+ is used.
+- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS
+ are no longer returned by the handshake function. Ciphersuites that
+ require temporary parameters are removed when such parameters do not exist.
+- Added the callbacks gnutls_certificate_client_retrieve_function() and
+ gnutls_certificate_server_retrieve_function(), to allow a client or a server
+ to specify certificates for the handshake without storing them to the
+ credentials structure.
+- Added support for generating and exporting DSA private keys.
+
+* Version 1.0.5 (2004-02-11)
+- Fixed a bug where 'server name' extension was always sent.
+* Backported things from the development branch:
+- Added CRL verification functionality to certtool.
+- Corrected the CRL distribution point extension handling.
+- Added PKCS #7 support to certtool utility.
+- Added support for reading and generating CRL distribution
+ points extensions in certificates.
+- Added support for generating CRLs in the library and the
+ certtool utility.
+- Added support for the Subject Key ID PKIX extension.
+- Added the gnutls_sign_algorithm type.
+
+* Version 1.0.4 (2004-01-04)
+- Changed handshake behaviour to send the lowest TLS version
+ when an unsupported version was advertized. The current behaviour
+ is to send the maximum version we support.
+- certtool no longer asks the password in unencrypted private
+ keys.
+- The source is now compiled to use the reentrant libc functions.
+
+* Version 1.0.3 (2003-12-21)
+- Corrected bug in gnutls_bye() which made it return an error code
+ of INVALID_REQUEST instead of success.
+- Corrected a bug in the GNUTLS_KEY key usage definitions.
+
+* Version 1.0.2 (2003-12-18)
+- Corrected a bug in the RSA key generation. This was
+ generating unusable RSA keys.
+
+* Version 1.0.1 (2003-12-10)
+- Some minor fixes in the makefiles. They now include CFLAGS
+ from libgcrypt or opencdk if installed in a non standard directory.
+- Fixed the SRP detection test in gnutls-cli-debug.
+- Added gnutls_rsa_params_export_pkcs1() and gnutls_rsa_params_import_pkcs1().
+
+* Version 1.0.0 (2003-12-04)
+- Exported the static SRP group parameters.
+- Some fixes in the certificate authenticated SRP ciphersuites.
+- Improved the support for draft-ietf-tls-srp-05. The two-phase
+ handshake is now fully supported without any interaction with
+ the application layer (except for a callback).
+
+* Version 0.9.99 (2003-11-28)
+- Some fixes in the gnutls.h header for the gnutls_server_name_set()
+ and gnutls_server_name_get() prototypes.
+- Exported the gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data()
+ and gnutls_x509_crt_verify_data().
+- Some fixes in the openpgp authentication.
+- Removed the Twofish cipher.
+
+* Version 0.9.98 (2003-11-16)
+- The openssl compatibility layer was moved to gnutls-openssl
+ library instead of being included in the gnutls-extra library.
+- Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04.
+- Building with openpgp support is now mandatory.
+- gnutls4 compatibility header is no longer included by default in
+ gnutls.h.
+- gnutls8 function usage yelds a deprecation warning in gcc3.
+- gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid()
+ functions have a raw_flag parameter added.
+- Added gnutls_x509_*_get_dn_oid() and gnutls_x509_crt_get_extension_oid()
+ functions which return the available OIDs.
+
+* Version 0.9.97 (2003-11-11)
+- The certtool utility can now generate PKCS #12 structures
+ without specifying a certificate.
+- Added capability to read CRLs to certtool.
+- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER
+ to properly set the required buffer size.
+- Corrected a bug in libgcrypt detection.
+
+* Version 0.9.96 (2003-11-09)
+- Some changes to allow compilation with mingw32.
+- Several code cleanups.
+
+* Version 0.9.95 (2003-11-02)
+- Improved the verification functions. Added new verification
+ output flags and removed the unused and redundant ones.
+- Improved the OpenPGP key support.
+- The prime utility was removed, and its functionality was moved
+ to certtool.
+
+* Version 0.9.94 (2003-10-30)
+- Added manpages for the included programs.
+- Documented and improved the certtool utility.
+- Added PKCS #12 support to certtool utility.
+
+* Version 0.9.93 (2003-10-26)
+- Corrected some compilation issues.
+- Improved the certtool command line utility.
+
+* Version 0.9.92 (2003-10-25)
+- The RFC2818 hostname verification is now case insensitive.
+- Added support for generating X.509 certificates.
+- Added the certtool, a tool for generating X.509 certificates
+
+* Version 0.9.91 (2003-10-17)
+- Fixed a compilation issue in the openpgp authentication part.
+
+* Version 0.9.90 (2003-10-08)
+- Updated the openpgp key API (depends on the unreleased new
+ opencdk).
+
+* Version 0.9.8 (2003-10-02)
+- Updated the SRP implementation to follow the latest draft
+ (draft-ietf-tls-srp-05).
+- Improved the gnutls-cli behaviour in error handling,
+ and added a check for the peer's hostname.
+- Use versioned symbols in the library (where available).
+- RIJNDAEL ciphersuites were renamed to AES.
+
+* Version 0.9.7 (2003-08-25)
+- The tex files are now included in the distribution.
+- The library can now decrypt PKCS #12 files encrypted with
+ the RC2-40 cipher.
+- The missing rfc2818_hostname object is now included.
+- Several corrections and bug fixes in the library by
+ Arne Thomassen <arne@arne-thomassen.de>.
+- CR is now allowed in the base64 decoder.
+
+* Version 0.9.6 (2003-06-28)
+- Added gnutls_x509_privkey_get_key_id() and gnutls_x509_crt_get_key_id()
+ functions which return a unique (per public key) ID. These can
+ be used to check if the private key corresponds to a given certificate.
+- Corrections in the TLS layer openpgp certificate packet parser.
+- Corrected a bug in the record layer buffering, which affected
+ the case where external pull function was used. Report and patch
+ by Sergey Poznyakoff <gray@Mirddin.farlep.net>.
+- Corrected a bug in gnutls-srpcrypt where a non allocated variable
+ was freed.
+- SRP programs are now built by default.
+- Added API to read and write to PKCS #12 structures. Prototypes
+ in gnutls/pkcs12.h.
+- The gnutls_transport_ptr type was changed to a pointer type (void*).
+
+* Version 0.9.5 (2003-04-06)
+- Several improvements in the PKCS #7 handling
+- Eliminated several hard coded constants in MPI parameters.
+
+* Version 0.9.4 (2003-03-28)
+- Corrected a parsing error in the Certificate request message.
+- Corrected behaviour when a certificate request message is received.
+ Now a certificate packet is always sent, and in SSL 3.0 cipher suites
+ a no_certificate alert is sent instead.
+- Added functionality to generate PKCS #7 structures (with certificates).
+
+* Version 0.9.3 (2003-03-24)
+- Support for MD2 was dropped.
+- Improved the error logging functions, by adding a level, and
+ by allowing debugging messages just by increasing the level.
+- The diffie Hellman ciphersuites are now of higher priority than
+ the plain RSA.
+- The RSA premaster secret version check can no longer be disabled.
+- Implemented the counter measure discussed in the paper "Attacking
+ RSA-based Sessions in SSL/TLS", against the attack described in the
+ same paper.
+- Added the functions: gnutls_handshake_get_last_in(),
+ gnutls_handshake_get_last_out().
+- The gnutls_certificate_set_rsa_params() was renamed to
+ gnutls_certificate_set_rsa_export_params().
+- Added the new functions: gnutls_certificate_set_x509_key()
+ gnutls_certificate_set_x509_trust(), gnutls_certificate_set_x509_crl(),
+ gnutls_x509_crt_export(), gnutls_x509_crl_export().
+- Added support for encoding and decoding PKCS #8 2.0 encrypted
+ RSA private keys.
+
+* Version 0.9.2 (2003-03-15)
+- Some corrections in the memory mapping code (file is unmapped after
+ it is read).
+- Added support for PKCS#10 certificate requests generation.
+
+* Version 0.9.1 (2003-03-12)
+- Corrected a bug in 64 bit architectures, which affected the
+ serial number calculation in the record layer.
+- Added gnutls_certificate_free_keys() which deletes all the
+ private keys and certificates from the credentials structure.
+- Corrected a broken buffer check in _gnutls_io_read_buffered(),
+ which caused some unexpected packet length errors. Report and patch
+ by Ian Peters <itp@ximian.com>.
+- Added ability to generate RSA keys.
+- Increased the maximum parameter size in order to read some large keys
+ by some CAs. Patch by Ian Peters <itp@ximian.com>.
+- Added an strnstr() function and the requirement in some functions to
+ use null terminated PEM structures is no more.
+- Use mmap() if available to read files.
+- Fixed a memory leak in SRP code reported by Rupert Kittinger
+ <r.kittinger@efkon.com>.
+
+* Version 0.9.0 (2003-03-03)
+- This version is not binary compatible with the previous ones.
+- The library notifies the application on empty and illegal SRP usernames,
+ so that proper notification (via an alert) is sent to the peer.
+- Added ability to send some messages back to the application using
+ the gnutls_global_set_log_function().
+- gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use
+ gnutls_malloc() to allocate the output parameters.
+- Added support for MD2 algorithm in certificate signature verification.
+- The RSA and DH parameter generation interface was changed. Added
+ ability to import and export from and to PKCS3 structures. This
+ was needed to read parameters generated using the openssl dhparam tool.
+- Several changes in the temporary (DH/RSA) parameter codebase. No DH
+ parameters are now included in the library. Also the credentials structure
+ can now hold only one temporary parameter of a kind.
+- Added a new Certificate, CRL, Private key and PKCS7 structures handling
+ API, defined in gnutls/x509.h
+- Added gnutls_certificate_set_verify_flags() function to allow setting the
+ verification flags in the credentials structure. They will be used in the
+ *verify_peers functions.
+- Added protection against the new TLS 1.0 record layer timing attack.
+- Added support for Certificate revocation lists. Functions defined
+ in gnutls/x509.h
+- The only functions that were removed are:
+ gnutls_x509_certificate_to_xml()
+ gnutls_x509_extract_dn_string()
+- Ported to libtasn1 0.2.x
+
+* Version 0.8.1 (2003-01-22)
+- Improved the SRP support, to prevent attackers guessing the
+ available usernames by brute force.
+- Improved the SRP detection in gnutls-cli-debug
+- Some fixes which now allow compilation.
+
+* Version 0.8.0 (2003-01-20)
+- Added gnutls_x509_extract_dn_string() which returns a
+ distinguished name in a single string.
+- Added gnutls_openpgp_extract_key_name_string() which returns
+ an openpgp user ID in a single string.
+- Added gnutls_x509_extract_certificate_ca_status() which returns
+ the CA status of the given certificate.
+- Added SRP-6 support. Follows draft-ietf-tls-srp-04.
+- If libtasn1 is not present in the system, it is included in
+ the main gnutls library.
+- If liblzo is present in the system, then the included minilzo
+ will not be used, and libgnutls-extra will depend on liblzo.
+- GNUTLS_E_PARSING_ERROR error code was replaced by GNUTLS_E_BASE64_DECODING_ERROR,
+ and GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also
+ replaced by GNUTLS_E_BASE64_DECODING_ERROR.
+
+* Version 0.6.0 (2002-12-08)
+- Added "gnutls/compat4.h" header. This is included in gnutls.h
+ to emulate the old 0.4.x API.
+- Example programs are now stored in doc/examples/
+- Several improvements and updates in the documentation.
+- Added the certificate authenticated SRP cipher suites.
+- gnutls_x509_extract_certificate_dn_string() was updated to return
+ an RFC2253 conforming string.
+- Added the SRP related functions:
+ gnutls_srp_verifier()
+ gnutls_srp_base64_encode()
+ gnutls_srp_base64_decode()
+- Added the function gnutls_srp_set_server_credentials_function()
+ to allow retrieving SRP parameters from an external backend - other
+ than password files.
+- Added the function gnutls_openpgp_set_recv_key_function()
+ which can be used to set a callback, to get OpenPGP keys.
+- Exported the functions:
+ gnutls_malloc()
+ gnutls_free()
+ which should be used by callback functions.
+- Changed the semantics of gnutls_pem_base64_encode_alloc()
+ and gnutls_pem_base64_decode_alloc(). In the default case
+ were the gnutls library is used with malloc/realloc/free,
+ these are binary compatible.
+
+* Version 0.5.11 (2002-11-05)
+- Some fixes in 'gnutls-cli' client program to prevent some segmentation
+ faults at exit.
+- Example programs found in the documentation can now be generated by
+ running "make examples" in doc/tex directory.
+- Added more descriptive error strings, to gnutls_strerror().
+- Documented error codes, and the function reference list is now sorted.
+- Optimized buffering code.
+- gnutls_x509_extract_certificate_dn_string() was rewritten.
+- Added GNUTLS_E_SHORT_MEMORY_BUFFER error code, which is returned in the
+ case where the memory buffer provided is not long enough.
+- Depends on the new OpenCDK 0.3.2.
+
+* Version 0.5.10 (2002-10-13)
+- Updated documentation.
+- Added server name extension. This allows clients to specify the
+ name of the server they connect to. Useful to HTTPS.
+- Several corrections in the code base, mostly in signed/unsigned,
+ checkings.
+
+* Version 0.5.9 (2002-10-10)
+- Corrected some code which worked fine in gcc 3.2, but not with any
+ other compiler.
+- Updated 'gnutls-cli' with the '--starttls' option, to allow testing
+ starttls implementations.
+- Added gnutls_x509_extract_key_pk_algorithm() function which extracts
+ the private key type, of a DER encoded key.
+- Added gnutls_x509_extract_certificate_dn_string() which returns the
+ certificate's distinguished name in a single string.
+- Added gnutls_set_default_priority() and gnutls_set_default_export_priority()
+ functions, to avoid calling all the *_priority() functions if the defaults
+ are acceptable.
+- Added int gnutls_x509_check_certificates_hostname() which check whether
+ the given hostname matches the owner of the given X.509 certificate.
+
+* Version 0.5.8 (2002-09-25)
+- Updated documentation.
+- Added gnutls_record_get_direction() which replaces the obsolete
+ gnutls_handshake_get_direction().
+- Added function to convert error codes to alert descriptions
+- Added LZO compression
+
+* Version 0.5.7 (2002-09-11)
+- Some fixes in the memory allocation functions (realloc).
+- Improved the string functions used in XML certificate generation.
+- Removed dependency on libgdbm.
+- Corrected bug in gnutls_dh_params_set() which affected
+ gnutls_dh_params_deinit().
+- Corrected bug in session resuming code in server side.
+
+* Version 0.5.6 (2002-09-06)
+- Corrected bugs in SRP implementation, which prevented gnutls
+ to interoperate with other implementations. (interoperability testing
+ was done by David Taylor)
+- Corrected bug in cert_type extension.
+- Corrected extension type checks which used an 8 bit extension size,
+ instead of 16 bits.
+- Added versioning in the XML output of certificate functions.
+- Removed the X.509 test suite.
+
+* Version 0.5.5 (2002-09-03)
+- Updated the SRP implementation to the latest draft. The blowfish
+ crypt implementation was removed, since the new draft does not allow
+ other hash algorithms except for the srpsha.
+- Renamed all the constructed types in order to have more consistent
+ names.
+- Improved the certificate and key read functions. Now they can read
+ the certificate and the private key from the same file.
+- Updated and corrected documentation.
+
+* Version 0.5.4 (2002-08-27)
+- Fixes in TLS 1.0 PRF and SSL3 random functions.
+- gnutls_handshake_set_exportable_detection() was obsoleted.
+- Added gnutls_openpgp_extract_key_id() which returns the key ID.
+- Corrected bug in DHE key exchange
+- Added support for temporary RSA keys which are needed for the
+ export cipher suites.
+- Added the TLS_RSA_EXPORT_ARCFOUR_40_MD5 ciphersuite.
+
+* Version 0.5.3 (2002-08-23)
+- No changes. Replaces the tarball of 0.5.2 which accidentally contained
+ code from the unstable branch.
+
+* Version 0.5.2 (2002-08-22)
+- Added an error code that is returned in clients which connect
+ to export only servers. This must be enabled using the
+ gnutls_handshake_set_exportable_detection() function.
+- Updated openssl compatibility layer.
+- Added gnutls_handshake_get_direction() function which returns
+ the state of the handshake when interrupted.
+
+* Version 0.5.1 (2002-07-17)
+- Corrected the m4 macros which used <gnutls.h> instead of
+ <gnutls/gnutls.h>
+- Documentation fixes
+- Added gnutls_transport_set_ptr2() function, which accepts two
+ different pointers, to be used while receiving, and
+ while sending data.
+- Semantic changes in gnutls_record_set_max_size(). The requested
+ size is now immediately enforced at the output buffers.
+- gnutls_global_init_extra() now fails if the library versions do
+ not match.
+- Fixes in client and server example programs. Null encryption can
+ be used in these programs, to assist in debuging.
+- Fixes in zlib compression code.
+
+* Version 0.5.0 (2002-07-06)
+- Added X.509 certificate tests in tests/ directory
+- Removed stubs for SRP and Anonymous authentication. They served
+ no purpose since they are always included, unless it was requested
+ not to do so.
+- Added gnutls_handshake_set_private_extensions() function. This
+ function can be used to enable private (gnutls specific) cipher suites
+ and compression algorithms.
+- Added check for C99 macro support by the compiler.
+- Added functions gnutls_b64_encode_fmt2() and gnutls_b64_decode_fmt2()
+- Added the new libtasn1 library.
+- Removed the gdbm backend. Applications are now responsible for the
+ session resuming backend. The gnutls-serv application contains an
+ simple example on how to use gdbm for resuming.
+- Headers for the gnutls library are now installed in $(includedir)/gnutls
+- Added an OpenSSL compatible interface (with some limitations).
+- Added functions to convert DER encoded certificates to XML format.
+
+* Version 0.4.4 (2002-06-24)
+- Corrected bug in PKCS-1 RSA encryption which prevented gnutls to encrypt
+ using keys of some specific size.
+
+* Version 0.4.3 (2002-05-23)
+- The gnutls-extra library now compiles fine, if the opencdk library is
+ not present.
+- Several bug fixes.
+- Added gnutls_global_set_mem_func() function, to set the memory allocation
+ functions, if other than the defaults are to be used.
+- The default memory allocation functions are now the ones in libc.
+
+* Version 0.4.2 (2002-05-21)
+- Separated ASN.1 structures parser documentation and TLS library
+ documentation.
+- Added gnutls_handshake_set_rsa_pms() function, which disables the
+ version check in RSA premaster secret.
+- Added gnutls_session_is_resumed() function, which reports if a session
+ is a resumed one.
+- Added gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to
+ assist in callback functions.
+- Replaced the included 1024 bit prime for Diffie Hellman, with a new
+ random one.
+- Relicensed the library under the GNU Lesser General Public License
+- Added gnutls-extra library which contains the GPL covered code of gnutls.
+
+* Version 0.4.1 (2002-04-07)
+- Now uses alloca() for temporary variables
+- Optimized RSA signing
+- Added functions to return the peer's certificate activation and
+ expiration time.
+- Corrected time function's behaviour (the time value returned no longer
+ relate to local timezone).
+
+* Version 0.4.0 (2002-04-01)
+- Added support for RFC2630 (PKCS7) X.509 certificate sets
+- Added new functions: gnutls_x509_extract_certificate_pk_algorithm(),
+ gnutls_openpgp_extract_key_pk_algorithm().
+- Several optimizations in the Handshake protocol
+- Several optimizations in RSA algorithm
+- Unified the return values because of small buffers.
+
+* Version 0.3.92 (2002-03-23)
+- Updated documentation
+- Combined error codes of ASN.1 parser and gnutls
+- Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration
+- Added protection against CBC chosen plaintext attack (disabled by default)
+- Improved and optimized compression support
+
+* Version 0.3.91 (2002-03-03)
+- Added gnutls-cli-debug program
+- Corrections in session resumption
+- Rehandshake can now handle negotiation of different authentication
+ type.
+- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are
+ now being installed.
+
+* Version 0.3.90 (2002-02-24)
+- Handshake messages are not kept in memory any more. Now we use
+ less memory during a handshake
+- Added support for certificates with DSA parameters
+- Added DHE_DSS cipher suites
+- Key exchange methods changed so they do not depend on the
+ certificate type. Added certificate type negotiation TLS extension.
+- Added openpgp key support (EXPERIMENTAL)
+- Improved Diffie Hellman key exchange support.
+- Bug fixes in the RSA key exchange.
+- Added check for the requested TLS extensions
+- TLS extensions now use a 16 bit type field.
+- Added a minimal string library to assist in ASN.1 parsing
+- Changes in ASN.1 parser to work with the new bison
+- Added gnutls_x509_extract_subject_alt_name(), which deprecates
+ gnutls_x509_extract_subject_dns_name()
+- gnutls_x509_set_trust_(file/mem) can now be called multiple times
+- gnutls_srp_server_set_cred_file() can now be called multiple times
+
+* Version 0.3.5 (2002-01-25)
+- Corrected the RSA key exchange method, to avoid attacks against
+ PKCS-1 formating.
+
+* Version 0.3.4 (2002-01-20)
+- Corrected bugs in DHE_RSA key exchange method
+
+* Version 0.3.3 (2002-01-19)
+- Added gnutls_x509pki_verify_certificate()
+- Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem()
+- Bug fixes in srpcrypt (based on patch by Marc Huber)
+- Bug fixes in the Handshake protocol (based on patch by Guillaume Morin)
+- Corrected library versioning
+
+* Version 0.3.2 (2002-01-05)
+- Corrected bug which did not allow a client to accept multiple CA names
+- Added gnutls_fingerprint()
+- Added gnutls_x509pki_extract_certificate_serial()
+- Added gnutls_b64_encode_fmt() and gnutls_b64_decode_fmt()
+- Corrected behaviour in version advertizing
+- Updated documentation
+- Prefixed all types in gnutls.h with 'GNUTLS_' to avoid namespace collisions
+
+* Version 0.3.1 (2001-12-21)
+- Corrections in the configuration files
+- Fixes a bug in anonymous authentication
+
+* Version 0.3.0 (2001-12-17)
+- Corrected bug in new integer formatting (now we use the old format again)
+- Several corrections and usual cleanups
+
+* Version 0.2.91 (2001-12-10)
+- Fixes in MPI handling (fixes possible bug with signed integers)
+- Removed name indication extension
+- Added gnutls_transport_get_ptr() and gnutls_db_get_ptr()
+- Optimizations in server certificate callback.
+- Fixes in anonymous authentication
+- Corrections in client ciphersuite selection
+
+* Version 0.2.90 (2001-12-07)
+- gnutls_handshake(), gnutls_read() etc. functions no longer require
+ the 'SOCKET cd' argument. This argument is set using the function
+ gnutls_set_transport_ptr().
+- introduced gnutls_x509pki_get_peer_certificate_list(). This function returns
+ a list containing peer's certificate and issuers DER encoded.
+- Updated X.509 certificate handling API
+- Added callback to select the server certificate
+- More consistent function naming (changes in several function names)
+- Buffer overflow checking in ASN.1 structures parser
+- Updated documentation
+
+* Version 0.2.11 (2001-11-16)
+- Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value
+ is returned, then the caller should perform a handshake or send
+ an alert to the peer.
+- Made receive buffer dynamic. Normally if no large chunks are received
+ it occupies less space.
+- Added max_record_size extension
+- Bugfixes in session handling
+- Improved non blocking IO support in the Handshake Protocol
+- Usual bugfixes and cleanups
+- Documentation updated (includes ASN.1 documentation)
+
+* Version 0.2.10 (2001-11-05)
+- Corrected bugs and improved non blocking IO
+- Added hooks to use external database to store sessions
+- Usual cleanups
+
+* Version 0.2.9 (2001-10-27)
+- AUTH_INFO types and structures were moved to library internals
+- AUTH_FAILED is no longer returned in SRP authentication
+ (any fatal error in SRP means auth failed)
+- Introduced GNUTLS_E_INTERRUPTED
+- Added support for non blocking IO
+- gnutls_recv() and gnutls_send() are now obsolete
+- Changed semantics of gnutls_rehandshake()
+
+* Version 0.2.4 (2001-10-12)
+- Better handling of X.509 certificate extensions
+- Added DHE_RSA ciphersuites
+- Updated the Name Indication (dnsname) extension
+- Improvements in Diffie Hellman primes handling
+
+* Version 0.2.3 (2001-09-19)
+- Memory optimizations in gnutls_recv()
+- Fixed several memory leaks
+- Added ability to specify callback for x509 client certificate selection
+- Better documentation
+
+* Version 0.2.2 (2001-08-21)
+- Several bugfixes (library and documentation)
+
+* Version 0.2.1 (2001-08-07)
+- SRP fixes
+
+* Version 0.2.0 (2001-08-07)
+- Partial support for X.509v3 Certificate extensions.
+- Added Internal memory handlers
+- Removed gnutls_x509_set_cn()
+- Added X.509 client authentication
+- Several bug fixes and protocol fixes
+
+* Version 0.1.9 (2001-07-30)
+- Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate)
+- SRP is updated to conform to the newest draft.
+- Added support for DNSNAME extension.
+- Reentracy fixes in ASN.1 Parsing.
+- Optimizations in hash/hmac functions
+- (Error) message handling has changed
+- Better Protocol Version handling
+- Added X.509 Certificate Verification
+- gnutls_read() semantics are now closer to read(2) - added EOF
+- Documented some part of gnutls in doc/tex/ using Latex
+
+* Version 0.1.4 (2001-06-22)
+- Corrected (srp) base64 encoding.
+- Changed bcrypt algorithm to include username.
+- Added RSA Ciphersuites (no certificate checking).
+- Fixes in SSL 2.0 client hello parsing.
+- Added ASN.1 and DER parsers.
+- Bugfixes in session resuming
+- Updated Ciphersuite selection algorithm
+- Added internal representation of X.509 structures.
+- Added global state
+
+* Version 0.1.3 (2001-06-01)
+- Updated API (and the way it is documented - we use inline documentation)
+- Added function to access alert messages.
+- Added support for renegotiating parameters.
+- Better and Faster Resume Database handling.
+- Several bugfixes
+
+* Version 0.1.2 (2001-05-14)
+- Updated API
+- Fixes in extension handling
+
+* Version 0.1.1 (2001-05-13)
+- Added compatibility with Stanford's libsrp library
+
+* Version 0.1.0 (2001-05-09)
+- Added SSL 2.0 client hello support
+- GNUTLS is a gnu library
+- Added support for TLS extensions.
+- Added support for SRP
+
+* Version 0.0.7 (2001-01-11)
+- Added server side session resuming (using gdbm)
+- Added twofish algorithm
+
+* Version 0.0.6 (2000-12-20)
+- Added client side session resuming
+- Better documentation (check doc/API)
+- Better socket handling (gnutls can be used with select())
+- Some primitive support for non blocking IO and socket options has been added.
+
+* Version 0.0.5 (2000-12-07)
+- Added Compression (using ZLIB)
+- Added SSL 3.0 support
+
+----------------------------------------------------------------------
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
--- /dev/null
+GnuTLS README -- Important introductory notes.
+Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007,
+ 2008, 2009, 2010 Free Software Foundation, Inc.
+See the end of this document for copying conditions.
+
+GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure
+Sockets Layer) protocol. GnuTLS is a GNU project. Additional
+information can be found at <http://www.gnu.org/software/gnutls/>
+and <http://www.gnutls.org/>.
+
+
+README
+------
+This README is targeted for users of the library who build from
+sources but do not necessarily develop. If you are interested
+in developing and contributing to the GnuTLS project, please
+see README-alpha and visit
+http://www.gnu.org/software/gnutls/manual/html_node/Contributing.html.
+
+
+COMPILATION
+-----------
+A typical command sequence for building the library is shown below.
+A complete list of options available for configure can be found
+by running './configure --help'.
+
+ cd gnutls-2.10.3
+ ./configure --prefix=/usr
+ make
+ sudo make install
+
+The commands above build and install the static archives (libgnutls.a
+and libgnutls-extra.a), the shared object (libgnutls.so and
+libgnutls-extra.so), and additional binaries such as certtool and
+gnutls-cli.
+
+The library depends on libnettle OR libgcrypt (but never both). GnuTLS
+currently uses libnettle as the default cryptographic library. Versions
+2.10.3 and prior used libgcrypt as the default cryptographic library.
+Nettle can be found at http://www.gnu.org/software/nettle/, while
+libgcrypt can be found at <ftp://ftp.gnupg.org/pub/gcrypt/libgcrypt/>.
+
+To configure libnettle for installation and use by GnuTLS, a typical
+command sequence would be:
+
+ cd nettle-2.1
+ ./configure --prefix=/usr --disable-openssl --enable-shared
+ make
+ sudo make install
+
+For the Nettle project, --enable-shared will instruct automake and
+friends to build and install both the static archive (libnettle.a)
+and the shared object (libnettle.so).
+
+In case you are compiling for an embedded system, you can disable
+unneeded features of GnuTLS. In general, it is usually best not to
+disable anything (for future mailing list questions and possible bugs).
+
+Depending on your installation, additional libraries, such as libtasn1
+and zlib, may be required.
+
+
+DOCUMENTATION
+-------------
+See the documentation in doc/ and online at
+http://www.gnu.org/software/gnutls/manual/html_node/index.htm.
+
+
+EXAMPLES
+--------
+See the examples in doc/examples/ and online at 'How To Use GnuTLS in
+Applications' at http://www.gnu.org/software/gnutls/manual/html_node/How-
+to-use-GnuTLS-in-applications.html#How-to-use-GnuTLS-in-applications.
+The examples include client, server, and multi-threaded examples.
+
+
+SECURITY ADVISORIES
+-------------------
+The project collects and publishes information on past security
+incidents and vulnerabilities. Open information exchange, including
+information which is [sometimes] suppressed in non-open or non-free
+projects, is one of the goals of the GnuTLS project. Please visit
+http://www.gnu.org/software/gnutls/security.html.
+
+
+MAILING LISTS
+-------------
+The GnuTLS project maintains mailing lists for users, developers, and
+commits. Please see http://www.gnu.org/software/gnutls/lists.html.
+
+
+LICENSING
+---------
+Since version 0.4.2, the GnuTLS library has been released under the GNU
+Lesser General Public License (LGPL). Previous versions were licensed
+under the GNU General Public License (GPL).
+
+We changed the license for most of the GnuTLS components because other
+free libraries exist and offer similar functionality with lax licenses.
+We want GnuTLS to be usable in the same places as those other libraries.
+We kept some parts of GnuTLS under the GPL because they are unique, and
+the terms of the license under GPL provides free software projects (which
+deserve our help) an advantage over non-free projects (which do not
+deserve our help, since they refuse to share with us). For information, see
+http://www.gnu.org/philosophy/why-not-lgpl.html.
+
+The GNU LPGL applies to the main gnutls library, while
+the gnutls-extra library is under the GPL. The gnutls-extra library
+contains the code for "GnuTLS Inner Application" support and the
+OpenSSL compatibility layer. The gnutls library is located in the
+lib/ directory, while the gnutls-extra library is at libextra/.
+
+
+BUGS
+----
+Currently GnuTLS needs testing. Thorough testing is very important and
+expensive. Often times, the developers do not have access to a particular
+piece of hardware or configuration to reproduce a scenario. Notifying
+the developers about a possible bug will greatly help the project.
+
+If you believe you have found a bug, please report it to bug-gnutls@gnu.org
+together with any applicable information. A web interface for the system
+is available at http://savannah.gnu.org/support/?group=gnutls.
+
+Applicable information would include why the issue is a GnuTLS bug (if
+not readily apparent), output from 'uname -a', the version of the library or
+tool being used, a stack trace if available ('bt full' if under gdb), and
+perhaps a network trace. Vague queries or piecemeal messages are difficult
+to act upon and don't help the development effort.
+
+Additional information can be found at the project's Bug Report page at
+http://www.gnu.org/software/gnutls/manual/html_node/Bug-Reports.html.
+
+
+PATCHES
+-------
+Patches are welcome and encouraged. Details of contributing can be found
+at http://www.gnu.org/software/gnutls/manual/html_node/Contributing.html.
+
+Patches are submitted through the bug tracking system or to the
+mailing list. When submitting patches, please be sure to use sources
+from the git repository, and preferrably from the master branch. To
+create a patch for the project from a local git repository, please use
+the following commands. 'gnutls' should be the local directory of a
+previous git clone.
+
+ cd gnutls
+ git add the-file-you-modified.c another-file.c
+ git commit the-file-you-modified.c another-file.c
+ git format-patch
+
+For more information on use of Git, visit http://git-scm.com/
+
+----------------------------------------------------------------------
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
--- /dev/null
+GnuTLS THANKS -- Acknowledgements.
+Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavrogiannopoulos
+See the end for copying conditions.
+
+Here is a list of people, who helped in GnuTLS development. Please
+help us to keep it complete and free of errors. We apologise to those
+whom we no doubt have forgotten.
+
+Werner Koch <wk@gnupg.org>
+Tarun Upadhyay <tarun@poboxes.com>
+Neil Spring <nspring@saavie.org>
+Paul Sheer <psheer@icon.co.za>
+Jon Nelson <jnelson@securepipe.com>
+Simon Josefsson <jas@extundo.com>
+Marco d'Itri <md@linux.it>
+Mike Siers <mikes@poliac.com>
+Marc Huber <Marc.Huber@web.de>
+Guillaume Morin <guillaume@morinfr.org>
+Jeff Johnson <jbj@redhat.com>
+David Taylor <dtaylor@swiftdsl.com.au>
+Ivo Timmermans <ivo@o2w.nl>
+Ian Peters <itp@ximian.com>
+Arne Thomassen <arne@arne-thomassen.de>
+Casey Marshall <rsdio@metastatic.org>
+Dimitri Papadopoulos-Orfanos <papadopo@shfj.cea.fr>
+Michael Heironimus <mkh01@earthlink.net>
+Niels Bjergstrom <njb@chi-publishing.com>
+Robey Pointer <robey@danger.com>
+Simon Posnjak <simon.posnjak@cetrtapot.si>
+Gerrit P. Haase <gp@familiehaase.de>
+Yoann Vandoorselaere <yoann@prelude-ids.org>
+Joe Orton <joe@manyfish.co.uk>
+Stéphane LOEUILLET <stephane.loeuillet@tiscali.fr>
+Aleix Conchillo Flaque <aleix@member.fsf.org>
+Martijn Koster <mak@greenhills.co.uk>
+Marcin Garski <mgarski@post.pl>
+Martin Lambers <marlam@web.de>
+Michael Ringe <Michael.Ringe@aachen.utimaco.de>
+Daniel Black <dragonheart@gentoo.org>
+Scott Bronson <bronson@rinspin.com>
+Rupert Kittinger <rkit@mur.at>
+Eric Leblond <eleblond@inl.fr>
+Adam Langley <alangley@gmail.com>
+Sergey Lipnevich <sergey@optimaltec.com>
+Mike Castle <dalgoda@ix.netcom.com>
+Thomas Klausner <tk@giga.or.at>
+Matthias Urlichs <smurf@smurf.noris.de>
+Ralph Giles <giles@onlinegamegroup.com>
+Daniel Stenberg <daniel@haxx.se>
+Jouni Malinen <jkmaline@cc.hut.fi>
+Evgeny Legerov <admin@gleg.net>
+John Heiden <JHeiden@UTNet.UToledo.Edu>
+Andreas Metzler <ametzler@downhill.at.eu.org>
+Mario Lenz <mario.lenz@gmx.net>
+Jefferson Ogata <Jefferson.Ogata@noaa.gov>
+Sascha Ziemann <sascha.ziemann@secunet.com>
+Roman Bogorodskiy <novel@FreeBSD.org>
+Robert Millan <rmillan@ackstorm.es>
+Kataja Kai <kai.kataja@op.fi>
+Georg Schwarz <georg.schwarz@freenet.de>
+Michael C. Vergallen <mvergall@telenet.be>
+Andrey Nosenko <andrew.w.nosenko@gmail.com>
+Nate Nielsen <nielsen-list@memberwebs.com>
+Max Kellermann <max@duempel.org>
+Ludovic Courtès <ludovic.courtes@laas.fr>
+Paul Millar <p.millar@physics.gla.ac.uk>
+Pavlov Konstantin <thresh@altlinux.ru>
+Matthias Wimmer <m@tthias.eu>
+Howard Chu <hyc@symas.com>
+Dennis Vshivkov <walrus@amur.ru>
+Kristofer T. Karas <ktk@enterprise.bidmc.harvard.edu>
+Marc Haber <mh+debian-bugs@zugschlus.de>
+Tim Mooney <tim@tim-the-enchanter.org>
+Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+Rainer Gerhards <rgerhards@gmail.com>
+John Brooks <aspecialj@gmail.com>
+Massimo Gaspari <massimo.gaspari@alice.it>
+Marc F. Clemente <marc@mclemente.net>
+Daniel Dehennin <nebuchadnezzar@asgardr.info>
+martin f krafft <madduck@debian.org>
+Sam Varshavchik <mrsam@courier-mta.com>
+Tomas Mraz <tmraz@redhat.com>
+Matthias Koenig <mkoenig@suse.de>
+Christian Grothoff <christian@grothoff.org>
+James Westby <jw+debian@jameswestby.net>
+Kevin Quick <quick@sparq.org>
+Arfrever Frehtes Taifersar Arahesis <arfrever.fta@gmail.com>
+Jonathan Manktelow <jonathan@dyalog.com>
+Thomas Viehmann <tv@beamnet.de>
+Aaron Ucko <ucko@ncbi.nlm.nih.gov>
+Anton Lavrentiev <lavr@ncbi.nlm.nih.gov>
+Martin von Gagern <Martin.vGagern@gmx.net>
+Douglas E. Engert <deengert@anl.gov>
+Dagobert Michelsen <dam@opencsw.org>
+Tom G. Christensen <tgc@jupiterrise.com>
+Peter Hendrickson <pdh@wiredyne.com>
+Tim Kosse <tim.kosse@filezilla-project.org>
+Fabian Keil <fk@fabiankeil.de>
+Brad Hards <bradh@frogmouth.net>
+Daiki Ueno <ueno@unixuser.org>
+Tomas Hoger <thoger@redhat.com>
+Fabian Keil <fk@fabiankeil.de>
+Jason Pettiss <jpettiss@yahoo.com>
+Ilari Liusvaara <ilari.liusvaara@elisanet.fi>
+Steve Dispensa <dispensa@phonefactor.com>
+Vitaly Mayatskikh <v.mayatskih@gmail.com>
+Claudio Saavedra <csaavedra@igalia.com>
+Vincent Torri <vincent.torri@gmail.com>
+Sjoerd Simons <sjoerd.simons@collabora.co.uk>
+Micah Anderson <micah@riseup.net>
+Michael Rommel <rommel@layer-7.net>
+
+----------------------------------------------------------------------
+Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved.
--- /dev/null
+# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
+[m4_warning([this file was generated for autoconf 2.67.
+You have another version of autoconf. It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version. Point them to the right macro.
+m4_if([$1], [1.11.1], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too. Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11.1])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery. Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
+ [$1], CXX, [depcc="$CXX" am_compiler_list=],
+ [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+ [$1], UPC, [depcc="$UPC" am_compiler_list=],
+ [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
+ [depcc="$$1" am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+ [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_$1_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+ fi
+ am__universal=false
+ m4_case([$1], [CC],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac],
+ [CXX],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac])
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_$1_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking. -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`AS_DIRNAME("$mf")`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`AS_DIRNAME(["$file"])`
+ AS_MKDIR_P([$dirpart/$fdir])
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled. FIXME. This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+ [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS.
+AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)])
+
+# Do all the work for Automake. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much. Some checks are only needed if
+# your package does certain things. But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out. PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition. After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names. We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+ [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+ [_AM_DEPENDENCIES(OBJC)],
+ [define([AC_PROG_OBJC],
+ defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+ [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated. The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot. For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+ [[\\/$]]* | ?:[[\\/]]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME. Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[[\\\"\#\$\&\'\`$am_lf]]*)
+ AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+ *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
+ AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$[*]" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$[*]" != "X $srcdir/configure conftest.file" \
+ && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
+alias in your environment])
+ fi
+
+ test "$[2]" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 1
+
+# AM_SILENT_RULES([DEFAULT])
+# --------------------------
+# Enable less verbose build rules; with the default set to DEFAULT
+# (`yes' being less verbose, `no' or empty being verbose).
+AC_DEFUN([AM_SILENT_RULES],
+[AC_ARG_ENABLE([silent-rules],
+[ --enable-silent-rules less verbose build output (undo: `make V=1')
+ --disable-silent-rules verbose build output (undo: `make V=0')])
+case $enable_silent_rules in
+yes) AM_DEFAULT_VERBOSITY=0;;
+no) AM_DEFAULT_VERBOSITY=1;;
+*) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
+esac
+AC_SUBST([AM_DEFAULT_VERBOSITY])dnl
+AM_BACKSLASH='\'
+AC_SUBST([AM_BACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
+])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries. This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+ AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball. -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+# tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+# $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+ [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [m4_case([$1], [ustar],, [pax],,
+ [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ AM_RUN_LOG([$_am_tar --version]) && break
+ done
+ am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x $1 -w "$$tardir"'
+ am__tar_='pax -L -x $1 -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+ am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+ am__untar='cpio -i -H $1 -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_$1}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ AM_RUN_LOG([$am__untar <conftest.tar])
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
+m4_include([lib/m4/hooks.m4])
+m4_include([m4/gtk-doc.m4])
+m4_include([m4/guile.m4])
+m4_include([m4/lib-ld.m4])
+m4_include([m4/lib-link.m4])
+m4_include([m4/lib-prefix.m4])
+m4_include([m4/libtool.m4])
+m4_include([m4/ltoptions.m4])
+m4_include([m4/ltsugar.m4])
+m4_include([m4/ltversion.m4])
+m4_include([m4/lt~obsolete.m4])
+m4_include([m4/pkg.m4])
--- /dev/null
+# Copyright (C) 2006, 2007, 2008, 2009, 2010 Free Software Foundation,
+# Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This file is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this file; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+WFLAGS ?= --enable-gcc-warnings
+ADDFLAGS ?=
+CFGFLAGS ?= --enable-gtk-doc --enable-gtk-doc-pdf $(ADDFLAGS) $(WFLAGS)
+
+INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./lib/minitasn1/ -e ^./lib/build-aux/ -e ^./lib/gl/ -e ^./gl/ -e ^./libextra/gl/ -e ^./src/cfg/ -e -gaa.[ch] -e asn1_tab.c -e ^./tests/suite/`
+
+ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile)
+.DEFAULT_GOAL := bootstrap
+endif
+
+PODIR := lib/po
+PO_DOMAIN := libgnutls
+
+local-checks-to-skip = sc_prohibit_strcmp sc_prohibit_atoi_atof \
+ sc_error_message_uppercase sc_prohibit_have_config_h \
+ sc_require_config_h sc_require_config_h_first \
+ sc_trailing_blank sc_unmarked_diagnostics sc_immutable_NEWS \
+ sc_prohibit_magic_number_exit sc_texinfo_acronym
+VC_LIST_ALWAYS_EXCLUDE_REGEX = \
+ ^(((lib/|libextra/)?(gl|build-aux))|tests/suite)/.*
+
+autoreconf:
+ for f in $(PODIR)/*.po.in; do \
+ cp $$f `echo $$f | sed 's/.in//'`; \
+ done
+ mv lib/build-aux/config.rpath lib/build-aux/config.rpath-
+ test -f ./configure || autoreconf --install
+ test `hostname` = "gaggia" && cp lib/gl/m4/size_max.m4 lib/m4/ || true
+ mv lib/build-aux/config.rpath- lib/build-aux/config.rpath
+
+update-po: refresh-po
+ for f in `ls $(PODIR)/*.po | grep -v quot.po`; do \
+ cp $$f $$f.in; \
+ done
+ git add $(PODIR)/*.po.in
+ git commit -m "Sync with TP." $(PODIR)/LINGUAS $(PODIR)/*.po.in
+
+bootstrap: autoreconf
+ ./configure $(CFGFLAGS)
+
+glimport:
+ gnulib-tool --m4-base gl/m4 --add-import
+ cd lib && gnulib-tool --m4-base gl/m4 --add-import
+ cd libextra && gnulib-tool --m4-base gl/m4 --add-import
+
+# Code Coverage
+
+pre-coverage:
+ ln -sf /usr/local/share/gaa/gaa.skel src/gaa.skel
+
+web-coverage:
+ rm -fv `find $(htmldir)/coverage -type f | grep -v CVS`
+ cp -rv doc/coverage/* $(htmldir)/coverage/
+
+upload-web-coverage:
+ cd $(htmldir) && \
+ cvs commit -m "Update." coverage
+
+# Mingw32
+
+W32ROOT ?= $(HOME)/gnutls4win/inst
+
+mingw32: autoreconf
+ ./configure $(CFGFLAGS) --host=i586-mingw32msvc --build=`build-aux/config.guess` --with-libtasn1-prefix=$(W32ROOT) --with-libgcrypt-prefix=$(W32ROOT) --prefix $(W32ROOT)
+
+.PHONY: bootstrap autoreconf mingw32
+
+# Release
+
+ChangeLog:
+ git log --pretty --numstat --summary --since="2005 November 07" -- | git2cl > ChangeLog
+ cat .clcopying >> ChangeLog
+
+tag = $(PACKAGE)_`echo $(VERSION) | sed 's/\./_/g'`
+htmldir = ../www-$(PACKAGE)
+
+release: prepare upload web upload-web
+
+prepare:
+ ! git tag -l $(tag) | grep $(PACKAGE) > /dev/null
+ rm -f ChangeLog
+ $(MAKE) ChangeLog distcheck
+ git commit -m Generated. ChangeLog
+ git tag -u b565716f! -m $(VERSION) $(tag)
+
+upload:
+ git push
+ git push --tags
+ build-aux/gnupload --to alpha.gnu.org:$(PACKAGE) $(distdir).tar.bz2
+ scp $(distdir).tar.bz2 $(distdir).tar.bz2.sig igloo.linux.gr:~ftp/pub/gnutls/devel/
+ ssh igloo.linux.gr 'cd ~ftp/pub/gnutls/devel/ && sha1sum *.tar.bz2 > CHECKSUMS'
+ cp $(distdir).tar.bz2 $(distdir).tar.bz2.sig ../releases/$(PACKAGE)/
+
+web:
+ cd doc && $(SHELL) ../build-aux/gendocs.sh \
+ --html "--css-include=texinfo.css" \
+ -o ../$(htmldir)/devel/manual/ $(PACKAGE) "$(PACKAGE_NAME)"
+ cd doc/doxygen && doxygen && cd ../.. && cp -v doc/doxygen/html/* $(htmldir)/devel/doxygen/ && cd doc/doxygen/latex && make refman.pdf && cd ../../../ && cp doc/doxygen/latex/refman.pdf $(htmldir)/devel/doxygen/$(PACKAGE).pdf
+ cp -v doc/reference/$(PACKAGE).pdf doc/reference/html/*.html doc/reference/html/*.png doc/reference/html/*.devhelp doc/reference/html/*.css $(htmldir)/devel/reference/
+ cp -v doc/cyclo/cyclo-$(PACKAGE).html $(htmldir)/cyclo/
+
+upload-web:
+ cd $(htmldir) && \
+ cvs commit -m "Update." manual/ reference/ \
+ doxygen/ devel/ cyclo/
--- /dev/null
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
+
+timestamp='2011-05-11'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ELF__
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[4567])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ case ${UNAME_MACHINE} in
+ pc98)
+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ *:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=${UNAME_MACHINE}el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=${UNAME_MACHINE}
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-tilera-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
--- /dev/null
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* C99 macros are supported */
+#undef C99_MACROS
+
+/* enable anonymous authentication */
+#undef ENABLE_ANON
+
+/* enable camellia block cipher */
+#undef ENABLE_CAMELLIA
+
+/* Enable cryptodev support */
+#undef ENABLE_CRYPTODEV
+
+/* use openpgp authentication */
+#undef ENABLE_OPENPGP
+
+/* enable Opaque PRF Input */
+#undef ENABLE_OPRFI
+
+/* whether to include all the PKCS/PKI stuff */
+#undef ENABLE_PKI
+
+/* enable PSK authentication */
+#undef ENABLE_PSK
+
+/* enable SessionTicket extension */
+#undef ENABLE_SESSION_TICKET
+
+/* enable SRP authentication */
+#undef ENABLE_SRP
+
+/* Make sure we don't use old features in code. */
+#undef GNUTLS_COMPAT_H
+
+/* Additional cast to bring void* to a type castable to int. */
+#undef GNUTLS_POINTER_TO_INT_CAST
+
+/* Hard-code for src/cfg/. */
+#undef HAVE_CTYPE_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Hard-code for src/cfg/. */
+#undef HAVE_ERRNO_H
+
+/* Hard-code for src/cfg/. */
+#undef HAVE_FLOAT_H
+
+/* Define to 1 if you have the `fork' function. */
+#undef HAVE_FORK
+
+/* whether the gcrypt library is in use */
+#undef HAVE_GCRYPT
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
+/* Define if you have the gcrypt library. */
+#undef HAVE_LIBGCRYPT
+
+/* Define if you have the nettle library. */
+#undef HAVE_LIBNETTLE
+
+/* Define if you have the pakchois library. */
+#undef HAVE_LIBPAKCHOIS
+
+/* Define to 1 if you have the `pthread' library (-lpthread). */
+#undef HAVE_LIBPTHREAD
+
+/* Define if you have the tasn1 library. */
+#undef HAVE_LIBTASN1
+
+/* Hard-code for src/cfg/. */
+#undef HAVE_LIMITS_H
+
+/* Define to 1 if you have the <lzo1x.h> header file. */
+#undef HAVE_LZO1X_H
+
+/* Define to 1 if you have the <lzo/lzo1x.h> header file. */
+#undef HAVE_LZO_LZO1X_H
+
+/* Hard-code for src/cfg/. */
+#undef HAVE_MATH_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `scm_gc_malloc_pointerless' function. */
+#undef HAVE_SCM_GC_MALLOC_POINTERLESS
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Hard-code for src/cfg/. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if the system has the type `uint'. */
+#undef HAVE_UINT
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#undef LT_OBJDIR
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of `int', as computed by sizeof. */
+#undef SIZEOF_INT
+
+/* The size of `long', as computed by sizeof. */
+#undef SIZEOF_LONG
+
+/* The size of `void *', as computed by sizeof. */
+#undef SIZEOF_VOID_P
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* whether to use the LZO compression */
+#undef USE_LZO
+
+/* Version number of package */
+#undef VERSION
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+#undef inline
+#endif
--- /dev/null
+#! /bin/sh
+# Output a system dependent set of variables, describing how to set the
+# run time search path of shared libraries in an executable.
+#
+# Copyright 1996-2011 Free Software Foundation, Inc.
+# Taken from GNU libtool, 2001
+# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# The first argument passed to this file is the canonical host specification,
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
+# should be set by the caller.
+#
+# The set of defined variables is at the end of this script.
+
+# Known limitations:
+# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
+# than 256 bytes, otherwise the compiler driver will dump core. The only
+# known workaround is to choose shorter directory names for the build
+# directory and/or the installation directory.
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+shrext=.so
+
+host="$1"
+host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+# Code taken from libtool.m4's _LT_CC_BASENAME.
+
+for cc_temp in $CC""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`
+
+# Code taken from libtool.m4's _LT_COMPILER_PIC.
+
+wl=
+if test "$GCC" = yes; then
+ wl='-Wl,'
+else
+ case "$host_os" in
+ aix*)
+ wl='-Wl,'
+ ;;
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ wl='-Wl,'
+ ;;
+ irix5* | irix6* | nonstopux*)
+ wl='-Wl,'
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ ecc*)
+ wl='-Wl,'
+ ;;
+ icc* | ifort*)
+ wl='-Wl,'
+ ;;
+ lf95*)
+ wl='-Wl,'
+ ;;
+ nagfor*)
+ wl='-Wl,-Wl,,'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
+ wl='-Wl,'
+ ;;
+ ccc*)
+ wl='-Wl,'
+ ;;
+ xl* | bgxl* | bgf* | mpixl*)
+ wl='-Wl,'
+ ;;
+ como)
+ wl='-lopt='
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ F* | *Sun*Fortran*)
+ wl=
+ ;;
+ *Sun\ C*)
+ wl='-Wl,'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ newsos6)
+ ;;
+ *nto* | *qnx*)
+ ;;
+ osf3* | osf4* | osf5*)
+ wl='-Wl,'
+ ;;
+ rdos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
+ wl='-Qoption ld '
+ ;;
+ *)
+ wl='-Wl,'
+ ;;
+ esac
+ ;;
+ sunos4*)
+ wl='-Qoption ld '
+ ;;
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ wl='-Wl,'
+ ;;
+ sysv4*MP*)
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ wl='-Wl,'
+ ;;
+ unicos*)
+ wl='-Wl,'
+ ;;
+ uts4*)
+ ;;
+ esac
+fi
+
+# Code taken from libtool.m4's _LT_LINKER_SHLIBS.
+
+hardcode_libdir_flag_spec=
+hardcode_libdir_separator=
+hardcode_direct=no
+hardcode_minus_L=no
+
+case "$host_os" in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+esac
+
+ld_shlibs=yes
+if test "$with_gnu_ld" = yes; then
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ # Unlike libtool, we use -rpath here, not --rpath, since the documented
+ # option of GNU ld is called -rpath, not --rpath.
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ case "$host_os" in
+ aix[3-9]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ fi
+ ;;
+ amigaos*)
+ case "$host_cpu" in
+ powerpc)
+ ;;
+ m68k)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ cygwin* | mingw* | pw32* | cegcc*)
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ haiku*)
+ ;;
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ netbsd*)
+ ;;
+ solaris*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+ sunos4*)
+ hardcode_direct=yes
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ if test "$ld_shlibs" = no; then
+ hardcode_libdir_flag_spec=
+ fi
+else
+ case "$host_os" in
+ aix3*)
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ else
+ aix_use_runtimelinking=no
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+ fi
+ hardcode_direct=yes
+ hardcode_libdir_separator=':'
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ fi
+ # Begin _LT_AC_SYS_LIBPATH_AIX.
+ echo 'int main () { return 0; }' > conftest.c
+ ${CC} ${LDFLAGS} conftest.c -o conftest
+ aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+ if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+ fi
+ if test -z "$aix_libpath"; then
+ aix_libpath="/usr/lib:/lib"
+ fi
+ rm -f conftest.c conftest
+ # End _LT_AC_SYS_LIBPATH_AIX.
+ if test "$aix_use_runtimelinking" = yes; then
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ else
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ fi
+ fi
+ ;;
+ amigaos*)
+ case "$host_cpu" in
+ powerpc)
+ ;;
+ m68k)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+ bsdi[45]*)
+ ;;
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ libext=lib
+ ;;
+ darwin* | rhapsody*)
+ hardcode_direct=no
+ if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ dgux*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+ freebsd2.2*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ freebsd2*)
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ ;;
+ freebsd* | dragonfly*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ hpux9*)
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ hpux10*)
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+ hpux11*)
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ ;;
+ *)
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+ irix5* | irix6* | nonstopux*)
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ netbsd*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ newsos6)
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ *nto* | *qnx*)
+ ;;
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ else
+ case "$host_os" in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ osf3*)
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ osf4* | osf5*)
+ if test "$GCC" = yes; then
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ # Both cc and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ hardcode_libdir_separator=:
+ ;;
+ solaris*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ sunos4*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ ;;
+ sysv4)
+ case $host_vendor in
+ sni)
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ hardcode_direct=no
+ ;;
+ motorola)
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ ;;
+ sysv4.3*)
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ ld_shlibs=yes
+ fi
+ ;;
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ ;;
+ sysv5* | sco3.2v5* | sco5v6*)
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ hardcode_libdir_separator=':'
+ ;;
+ uts4*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+fi
+
+# Check dynamic linker characteristics
+# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER.
+# Unlike libtool.m4, here we don't care about _all_ names of the library, but
+# only about the one the linker finds when passed -lNAME. This is the last
+# element of library_names_spec in libtool.m4, or possibly two of them if the
+# linker has special search rules.
+library_names_spec= # the last element of library_names_spec in libtool.m4
+libname_spec='lib$name'
+case "$host_os" in
+ aix3*)
+ library_names_spec='$libname.a'
+ ;;
+ aix[4-9]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ amigaos*)
+ case "$host_cpu" in
+ powerpc*)
+ library_names_spec='$libname$shrext' ;;
+ m68k)
+ library_names_spec='$libname.a' ;;
+ esac
+ ;;
+ beos*)
+ library_names_spec='$libname$shrext'
+ ;;
+ bsdi[45]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ cygwin* | mingw* | pw32* | cegcc*)
+ shrext=.dll
+ library_names_spec='$libname.dll.a $libname.lib'
+ ;;
+ darwin* | rhapsody*)
+ shrext=.dylib
+ library_names_spec='$libname$shrext'
+ ;;
+ dgux*)
+ library_names_spec='$libname$shrext'
+ ;;
+ freebsd* | dragonfly*)
+ case "$host_os" in
+ freebsd[123]*)
+ library_names_spec='$libname$shrext$versuffix' ;;
+ *)
+ library_names_spec='$libname$shrext' ;;
+ esac
+ ;;
+ gnu*)
+ library_names_spec='$libname$shrext'
+ ;;
+ haiku*)
+ library_names_spec='$libname$shrext'
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $host_cpu in
+ ia64*)
+ shrext=.so
+ ;;
+ hppa*64*)
+ shrext=.sl
+ ;;
+ *)
+ shrext=.sl
+ ;;
+ esac
+ library_names_spec='$libname$shrext'
+ ;;
+ interix[3-9]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ irix5* | irix6* | nonstopux*)
+ library_names_spec='$libname$shrext'
+ case "$host_os" in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
+ *) libsuff= shlibsuff= ;;
+ esac
+ ;;
+ esac
+ ;;
+ linux*oldld* | linux*aout* | linux*coff*)
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ library_names_spec='$libname$shrext'
+ ;;
+ knetbsd*-gnu)
+ library_names_spec='$libname$shrext'
+ ;;
+ netbsd*)
+ library_names_spec='$libname$shrext'
+ ;;
+ newsos6)
+ library_names_spec='$libname$shrext'
+ ;;
+ *nto* | *qnx*)
+ library_names_spec='$libname$shrext'
+ ;;
+ openbsd*)
+ library_names_spec='$libname$shrext$versuffix'
+ ;;
+ os2*)
+ libname_spec='$name'
+ shrext=.dll
+ library_names_spec='$libname.a'
+ ;;
+ osf3* | osf4* | osf5*)
+ library_names_spec='$libname$shrext'
+ ;;
+ rdos*)
+ ;;
+ solaris*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sunos4*)
+ library_names_spec='$libname$shrext$versuffix'
+ ;;
+ sysv4 | sysv4.3*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sysv4*MP*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ library_names_spec='$libname$shrext'
+ ;;
+ tpf*)
+ library_names_spec='$libname$shrext'
+ ;;
+ uts4*)
+ library_names_spec='$libname$shrext'
+ ;;
+esac
+
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
+shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
+escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+
+LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
+
+# How to pass a linker flag through the compiler.
+wl="$escaped_wl"
+
+# Static library suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally "so").
+shlibext="$shlibext"
+
+# Format of library name prefix.
+libname_spec="$escaped_libname_spec"
+
+# Library names that the linker finds when passed -lNAME.
+library_names_spec="$escaped_library_names_spec"
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator="$hardcode_libdir_separator"
+
+# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct="$hardcode_direct"
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L="$hardcode_minus_L"
+
+EOF
--- /dev/null
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
+
+timestamp='2011-03-23'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray | -microblaze)
+ os=
+ basic_machine=$1
+ ;;
+ -bluegene*)
+ os=-cnk
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fido | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nds32 | nds32le | nds32be \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | open8 \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
+ | pyramid \
+ | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
+ basic_machine=$basic_machine-unknown
+ ;;
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | picochip)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64octeon-* | mips64octeonel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+ | pyramid-* \
+ | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile-* | tilegx-* \
+ | tron-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
+ | xstormy16-* | xtensa*-* \
+ | ymp-* \
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16 | cr16-*)
+ basic_machine=cr16-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc | ppcbe) basic_machine=powerpc-unknown
+ ;;
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ # This must be matched before tile*.
+ tilegx*)
+ basic_machine=tilegx-unknown
+ os=-linux-gnu
+ ;;
+ tile*)
+ basic_machine=tile-unknown
+ os=-linux-gnu
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* | -aros* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mep-*)
+ os=-elf
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -cnk*|-aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
--- /dev/null
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.67 for GnuTLS 2.12.0.
+#
+# Report bugs to <bug-gnutls@gnu.org>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ # We cannot yet assume a decent shell, so we have to provide a
+ # neutralization value for shells without unset; and this also
+ # works around shells that cannot unset nonexistent variables.
+ BASH_ENV=/dev/null
+ ENV=/dev/null
+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and bug-gnutls@gnu.org
+$0: about your system, including any error possibly output
+$0: before this message. Then install a modern shell, or
+$0: manually run the script under such a shell if you do
+$0: have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
+ ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<_LT_EOF
+$*
+_LT_EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+ if test "X${echo_test_string+set}" != Xset; then
+ # find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+ { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+ then
+ break
+ fi
+ done
+ fi
+
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+ else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$ECHO" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ ECHO='print -r'
+ elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+ else
+ # Try using printf.
+ ECHO='printf %s\n'
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+ if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "$0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ ECHO=echo
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+ lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='GnuTLS'
+PACKAGE_TARNAME='gnutls'
+PACKAGE_VERSION='2.12.0'
+PACKAGE_STRING='GnuTLS 2.12.0'
+PACKAGE_BUGREPORT='bug-gnutls@gnu.org'
+PACKAGE_URL=''
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+enable_option_checking=no
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+subdirs
+CXXCPP
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+lt_ECHO
+RANLIB
+AR
+OBJDUMP
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+SED
+LIBTOOL
+HAVE_LIBCFG_FALSE
+HAVE_LIBCFG_TRUE
+HAVE_GCC_FALSE
+HAVE_GCC_TRUE
+HAVE_GCC_GNU89_INLINE_OPTION_FALSE
+HAVE_GCC_GNU89_INLINE_OPTION_TRUE
+HAVE_GUILE_FALSE
+HAVE_GUILE_TRUE
+GUILE_SITE
+GUILE_LDFLAGS
+GUILE_CFLAGS
+GUILE_TOOLS
+GUILE_CONFIG
+GUILE
+guile_snarf
+HAVE_FORK_FALSE
+HAVE_FORK_TRUE
+ENABLE_SESSION_TICKET_FALSE
+ENABLE_SESSION_TICKET_TRUE
+ENABLE_OPENPGP_FALSE
+ENABLE_OPENPGP_TRUE
+ENABLE_PKI_FALSE
+ENABLE_PKI_TRUE
+ENABLE_ANON_FALSE
+ENABLE_ANON_TRUE
+ENABLE_PSK_FALSE
+ENABLE_PSK_TRUE
+ENABLE_SRP_FALSE
+ENABLE_SRP_TRUE
+ENABLE_OPRFI_FALSE
+ENABLE_OPRFI_TRUE
+USE_LZO_FALSE
+USE_LZO_TRUE
+EGREP
+GREP
+CPP
+LZO_LIBS
+ENABLE_LOCAL_PAKCHOIS_FALSE
+ENABLE_LOCAL_PAKCHOIS_TRUE
+LIBPAKCHOIS_PREFIX
+LTLIBPAKCHOIS
+LIBPAKCHOIS
+HAVE_LIBPAKCHOIS
+ENABLE_MINITASN1_FALSE
+ENABLE_MINITASN1_TRUE
+LIBTASN1_PREFIX
+LTLIBTASN1
+LIBTASN1
+HAVE_LIBTASN1
+ENABLE_NETTLE_FALSE
+ENABLE_NETTLE_TRUE
+NETTLE_LIBS
+LIBNETTLE_PREFIX
+LTLIBNETTLE
+LIBNETTLE
+HAVE_LIBNETTLE
+LIBGCRYPT_PREFIX
+LTLIBGCRYPT
+LIBGCRYPT
+HAVE_LIBGCRYPT
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+DLL_VERSION
+CXX_LT_AGE
+CXX_LT_REVISION
+CXX_LT_CURRENT
+LT_SSL_AGE
+LT_SSL_REVISION
+LT_SSL_CURRENT
+LT_AGE
+LT_REVISION
+LT_CURRENT
+ENABLE_CXX_FALSE
+ENABLE_CXX_TRUE
+am__fastdepCXX_FALSE
+am__fastdepCXX_TRUE
+CXXDEPMODE
+ac_ct_CXX
+CXXFLAGS
+CXX
+GAA
+GTK_DOC_USE_REBASE_FALSE
+GTK_DOC_USE_REBASE_TRUE
+GTK_DOC_USE_LIBTOOL_FALSE
+GTK_DOC_USE_LIBTOOL_TRUE
+GTK_DOC_BUILD_PDF_FALSE
+GTK_DOC_BUILD_PDF_TRUE
+GTK_DOC_BUILD_HTML_FALSE
+GTK_DOC_BUILD_HTML_TRUE
+ENABLE_GTK_DOC_FALSE
+ENABLE_GTK_DOC_TRUE
+PKG_CONFIG
+HTML_DIR
+GTKDOC_MKPDF
+GTKDOC_REBASE
+GTKDOC_CHECK
+LN_S
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+AM_BACKSLASH
+AM_DEFAULT_VERBOSITY
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_silent_rules
+enable_dependency_tracking
+with_html_dir
+enable_gtk_doc
+enable_gtk_doc_html
+enable_gtk_doc_pdf
+enable_cxx
+with_libgcrypt
+with_gnu_ld
+enable_rpath
+with_libgcrypt_prefix
+with_libnettle_prefix
+with_included_libtasn1
+with_libtasn1_prefix
+with_included_pakchois
+with_libpakchois_prefix
+with_lzo
+enable_opaque_prf_input
+enable_srp_authentication
+enable_psk_authentication
+enable_anon_authentication
+enable_camellia
+enable_extra_pki
+enable_openpgp_authentication
+enable_session_ticket
+enable_cryptodev
+enable_guile
+with___with_guile_site_dir
+with_included_libcfg
+enable_shared
+enable_static
+with_pic
+enable_fast_install
+enable_libtool_lock
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+PKG_CONFIG
+CXX
+CXXFLAGS
+CCC
+CPP
+CXXCPP'
+ac_subdirs_all='lib'
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used" >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures GnuTLS 2.12.0 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking ...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/gnutls]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of GnuTLS 2.12.0:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --enable-silent-rules less verbose build output (undo: `make V=1')
+ --disable-silent-rules verbose build output (undo: `make V=0')
+ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors
+ --enable-gtk-doc use gtk-doc to build documentation [[default=no]]
+ --enable-gtk-doc-html build documentation in html format [[default=yes]]
+ --enable-gtk-doc-pdf build documentation in pdf format [[default=no]]
+ --disable-cxx unconditionally disable the C++ library
+ --disable-rpath do not hardcode runtime library paths
+ --enable-opaque-prf-input=DD
+ enable Opaque PRF input using DD as extension type
+ --disable-srp-authentication
+ disable the SRP authentication support
+ --disable-psk-authentication
+ disable the PSK authentication support
+ --disable-anon-authentication
+ disable the anonymous authentication support
+ --disable-camellia disable Camellia cipher
+ --disable-extra-pki only enable the basic PKI stuff
+ --disable-openpgp-authentication
+ disable the OpenPGP authentication support
+ --disable-session-ticket
+ disable the SessionTicket extension support
+ --enable-cryptodev enable cryptodev support
+ --enable-guile build GNU Guile bindings
+ --enable-shared[=PKGS] build shared libraries [default=yes]
+ --enable-static[=PKGS] build static libraries [default=yes]
+ --enable-fast-install[=PKGS]
+ optimize for fast installation [default=yes]
+ --disable-libtool-lock avoid locking (might break parallel builds)
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-html-dir=PATH path to installed docs
+ --with-libgcrypt use libgcrypt as crypto library
+ --with-gnu-ld assume the C compiler uses GNU ld default=no
+ --with-libgcrypt-prefix[=DIR] search for libgcrypt in DIR/include and DIR/lib
+ --without-libgcrypt-prefix don't search for libgcrypt in includedir and libdir
+ --with-libnettle-prefix[=DIR] search for libnettle in DIR/include and DIR/lib
+ --without-libnettle-prefix don't search for libnettle in includedir and libdir
+ --with-included-libtasn1
+ use the included libtasn1
+ --with-libtasn1-prefix[=DIR] search for libtasn1 in DIR/include and DIR/lib
+ --without-libtasn1-prefix don't search for libtasn1 in includedir and libdir
+ --with-included-pakchois
+ use the included pakchois
+ --with-libpakchois-prefix[=DIR] search for libpakchois in DIR/include and DIR/lib
+ --without-libpakchois-prefix don't search for libpakchois in includedir and libdir
+ --with-lzo use experimental LZO compression
+ --with-guile-site-dir use the given directory as the Guile site (use with
+ care)
+ --with-included-libcfg use the included libcfg+ (certtool only)
+ --with-pic try to use only PIC/non-PIC objects [default=use
+ both]
+ --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ PKG_CONFIG path to pkg-config utility
+ CXX C++ compiler command
+ CXXFLAGS C++ compiler flags
+ CPP C preprocessor
+ CXXCPP C++ preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <bug-gnutls@gnu.org>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+GnuTLS configure 2.12.0
+generated by GNU Autoconf 2.67
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_cxx_try_compile LINENO
+# ----------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval "test \"\${$3+set}\"" = set; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## --------------------------------- ##
+## Report this to bug-gnutls@gnu.org ##
+## --------------------------------- ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_type
+
+# ac_fn_cxx_try_cpp LINENO
+# ------------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_cpp
+
+# ac_fn_cxx_try_link LINENO
+# -------------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_link
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by GnuTLS $as_me 2.12.0, which was
+generated by GNU Autoconf 2.67. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5 ; }
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+#AC_CONFIG_AUX_DIR([build-aux])
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[\\\"\#\$\&\'\`$am_lf]*)
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;;
+esac
+case $srcdir in
+ *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
+ as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
+alias in your environment" "$LINENO" 5
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+ program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+ if test "${ac_cv_path_mkdir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in mkdir gmkdir; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+ case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir (GNU coreutils) '* | \
+ 'mkdir (coreutils) '* | \
+ 'mkdir (fileutils) '4.1*)
+ ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ break 3;;
+ esac
+ done
+ done
+ done
+IFS=$as_save_IFS
+
+fi
+
+ test -d ./--version && rmdir ./--version
+ if test "${ac_cv_path_mkdir+set}" = set; then
+ MKDIR_P="$ac_cv_path_mkdir -p"
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for MKDIR_P within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ MKDIR_P="$ac_install_sh -d"
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+ [\\/$]* | ?:[\\/]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ SET_MAKE=
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ am__isrc=' -I$(srcdir)'
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='gnutls'
+ VERSION='2.12.0'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+# Check whether --enable-silent-rules was given.
+if test "${enable_silent_rules+set}" = set; then :
+ enableval=$enable_silent_rules;
+fi
+
+case $enable_silent_rules in
+yes) AM_DEFAULT_VERBOSITY=0;;
+no) AM_DEFAULT_VERBOSITY=1;;
+*) AM_DEFAULT_VERBOSITY=0;;
+esac
+AM_BACKSLASH='\'
+
+ac_config_headers="$ac_config_headers config.h"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ***
+*** Checking for compilation programs...
+" >&5
+$as_echo "***
+*** Checking for compilation programs...
+" >&6; }
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5 ; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5 ; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5 ; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then :
+ enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+ AMDEP_TRUE=
+ AMDEP_FALSE='#'
+else
+ AMDEP_TRUE='#'
+ AMDEP_FALSE=
+fi
+
+
+
+depcc="$CC" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+ ac_pt_PKG_CONFIG=$PKG_CONFIG
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ac_pt_PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_pt_PKG_CONFIG" = x; then
+ PKG_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PKG_CONFIG=$ac_pt_PKG_CONFIG
+ fi
+else
+ PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=0.9.0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ PKG_CONFIG=""
+ fi
+
+fi
+
+
+ # Extract the first word of "gtkdoc-check", so it can be a program name with args.
+set dummy gtkdoc-check; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GTKDOC_CHECK+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GTKDOC_CHECK in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GTKDOC_CHECK="$GTKDOC_CHECK" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GTKDOC_CHECK="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GTKDOC_CHECK=$ac_cv_path_GTKDOC_CHECK
+if test -n "$GTKDOC_CHECK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_CHECK" >&5
+$as_echo "$GTKDOC_CHECK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ for ac_prog in gtkdoc-rebase
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GTKDOC_REBASE+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GTKDOC_REBASE in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GTKDOC_REBASE="$GTKDOC_REBASE" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GTKDOC_REBASE="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GTKDOC_REBASE=$ac_cv_path_GTKDOC_REBASE
+if test -n "$GTKDOC_REBASE"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_REBASE" >&5
+$as_echo "$GTKDOC_REBASE" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$GTKDOC_REBASE" && break
+done
+test -n "$GTKDOC_REBASE" || GTKDOC_REBASE="true"
+
+ # Extract the first word of "gtkdoc-mkpdf", so it can be a program name with args.
+set dummy gtkdoc-mkpdf; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GTKDOC_MKPDF+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GTKDOC_MKPDF in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GTKDOC_MKPDF="$GTKDOC_MKPDF" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GTKDOC_MKPDF="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GTKDOC_MKPDF=$ac_cv_path_GTKDOC_MKPDF
+if test -n "$GTKDOC_MKPDF"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_MKPDF" >&5
+$as_echo "$GTKDOC_MKPDF" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+# Check whether --with-html-dir was given.
+if test "${with_html_dir+set}" = set; then :
+ withval=$with_html_dir;
+else
+ with_html_dir='${datadir}/gtk-doc/html'
+fi
+
+ HTML_DIR="$with_html_dir"
+
+
+ # Check whether --enable-gtk-doc was given.
+if test "${enable_gtk_doc+set}" = set; then :
+ enableval=$enable_gtk_doc;
+else
+ enable_gtk_doc=no
+fi
+
+
+ if test x$enable_gtk_doc = xyes; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gtk-doc >= 1.1\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "gtk-doc >= 1.1") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ :
+else
+ as_fn_error $? "You need to have gtk-doc >= 1.1 installed to build $PACKAGE_NAME" "$LINENO" 5
+fi
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build gtk-doc documentation" >&5
+$as_echo_n "checking whether to build gtk-doc documentation... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_gtk_doc" >&5
+$as_echo "$enable_gtk_doc" >&6; }
+
+ # Check whether --enable-gtk-doc-html was given.
+if test "${enable_gtk_doc_html+set}" = set; then :
+ enableval=$enable_gtk_doc_html;
+else
+ enable_gtk_doc_html=yes
+fi
+
+ # Check whether --enable-gtk-doc-pdf was given.
+if test "${enable_gtk_doc_pdf+set}" = set; then :
+ enableval=$enable_gtk_doc_pdf;
+else
+ enable_gtk_doc_pdf=no
+fi
+
+
+ if test -z "$GTKDOC_MKPDF"; then
+ enable_gtk_doc_pdf=no
+ fi
+
+
+ if test x$enable_gtk_doc = xyes; then
+ ENABLE_GTK_DOC_TRUE=
+ ENABLE_GTK_DOC_FALSE='#'
+else
+ ENABLE_GTK_DOC_TRUE='#'
+ ENABLE_GTK_DOC_FALSE=
+fi
+
+ if test x$enable_gtk_doc_html = xyes; then
+ GTK_DOC_BUILD_HTML_TRUE=
+ GTK_DOC_BUILD_HTML_FALSE='#'
+else
+ GTK_DOC_BUILD_HTML_TRUE='#'
+ GTK_DOC_BUILD_HTML_FALSE=
+fi
+
+ if test x$enable_gtk_doc_pdf = xyes; then
+ GTK_DOC_BUILD_PDF_TRUE=
+ GTK_DOC_BUILD_PDF_FALSE='#'
+else
+ GTK_DOC_BUILD_PDF_TRUE='#'
+ GTK_DOC_BUILD_PDF_FALSE=
+fi
+
+ if test -n "$LIBTOOL"; then
+ GTK_DOC_USE_LIBTOOL_TRUE=
+ GTK_DOC_USE_LIBTOOL_FALSE='#'
+else
+ GTK_DOC_USE_LIBTOOL_TRUE='#'
+ GTK_DOC_USE_LIBTOOL_FALSE=
+fi
+
+ if test -n "$GTKDOC_REBASE"; then
+ GTK_DOC_USE_REBASE_TRUE=
+ GTK_DOC_USE_REBASE_FALSE='#'
+else
+ GTK_DOC_USE_REBASE_TRUE='#'
+ GTK_DOC_USE_REBASE_FALSE=
+fi
+
+
+# Extract the first word of "gaa", so it can be a program name with args.
+set dummy gaa; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GAA+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GAA in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GAA="$GAA" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GAA="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GAA=$ac_cv_path_GAA
+if test -n "$GAA"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GAA" >&5
+$as_echo "$GAA" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test "x$GAA" = "x"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ***
+*** GAA was not found. It is only needed if you wish to modify
+*** the source code or command-line description files. In this case,
+*** you may want to get it from http://gaa.sourceforge.net/ and
+*** read doc/README.gaa.
+***" >&5
+$as_echo "$as_me: WARNING: ***
+*** GAA was not found. It is only needed if you wish to modify
+*** the source code or command-line description files. In this case,
+*** you may want to get it from http://gaa.sourceforge.net/ and
+*** read doc/README.gaa.
+***" >&2;}
+fi
+
+gl_EARLY
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5
+$as_echo_n "checking for inline... " >&6; }
+if test "${ac_cv_c_inline+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_inline=no
+for ac_kw in inline __inline__ __inline; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __cplusplus
+typedef int foo_t;
+static $ac_kw foo_t static_foo () {return 0; }
+$ac_kw foo_t foo () {return 0; }
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_inline=$ac_kw
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ test "$ac_cv_c_inline" != no && break
+done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5
+$as_echo "$ac_cv_c_inline" >&6; }
+
+case $ac_cv_c_inline in
+ inline | yes) ;;
+ *)
+ case $ac_cv_c_inline in
+ no) ac_val=;;
+ *) ac_val=$ac_cv_c_inline;;
+ esac
+ cat >>confdefs.h <<_ACEOF
+#ifndef __cplusplus
+#define inline $ac_val
+#endif
+_ACEOF
+ ;;
+esac
+
+
+# For the C++ code
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+ if test -n "$CCC"; then
+ CXX=$CCC
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CXX"; then
+ ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CXX" && break
+ done
+fi
+if test -z "$CXX"; then
+ ac_ct_CXX=$CXX
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CXX"; then
+ ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CXX="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CXX" && break
+done
+
+ if test "x$ac_ct_CXX" = x; then
+ CXX="g++"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CXX=$ac_ct_CXX
+ fi
+fi
+
+ fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GXX=yes
+else
+ GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if test "${ac_cv_prog_cxx_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+ ac_cxx_werror_flag=yes
+ ac_cv_prog_cxx_g=no
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+else
+ CXXFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+ CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+ if test "$GXX" = yes; then
+ CXXFLAGS="-g -O2"
+ else
+ CXXFLAGS="-g"
+ fi
+else
+ if test "$GXX" = yes; then
+ CXXFLAGS="-O2"
+ else
+ CXXFLAGS=
+ fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CXX" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CXX_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CXX_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+ am__fastdepCXX_TRUE=
+ am__fastdepCXX_FALSE='#'
+else
+ am__fastdepCXX_TRUE='#'
+ am__fastdepCXX_FALSE=
+fi
+
+
+# Check whether --enable-cxx was given.
+if test "${enable_cxx+set}" = set; then :
+ enableval=$enable_cxx; use_cxx=$enableval
+else
+ use_cxx=yes
+fi
+
+if test "$use_cxx" != "no"; then
+ ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ use_cxx=yes
+else
+ use_cxx=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+ if test "$use_cxx" != "no"; then
+ ENABLE_CXX_TRUE=
+ ENABLE_CXX_FALSE='#'
+else
+ ENABLE_CXX_TRUE='#'
+ ENABLE_CXX_FALSE=
+fi
+
+
+
+ if test "X$prefix" = "XNONE"; then
+ acl_final_prefix="$ac_default_prefix"
+ else
+ acl_final_prefix="$prefix"
+ fi
+ if test "X$exec_prefix" = "XNONE"; then
+ acl_final_exec_prefix='${prefix}'
+ else
+ acl_final_exec_prefix="$exec_prefix"
+ fi
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
+ prefix="$acl_save_prefix"
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by GCC" >&5
+$as_echo_n "checking for ld used by GCC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | [A-Za-z]:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the path of ld
+ ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${acl_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ acl_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break ;;
+ *)
+ test "$with_gnu_ld" != yes && break ;;
+ esac
+ fi
+ done
+ IFS="$ac_save_ifs"
+else
+ acl_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$acl_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${acl_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ acl_cv_prog_gnu_ld=yes ;;
+*)
+ acl_cv_prog_gnu_ld=no ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_prog_gnu_ld" >&5
+$as_echo "$acl_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$acl_cv_prog_gnu_ld
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5
+$as_echo_n "checking for shared library run path origin... " >&6; }
+if test "${acl_cv_rpath+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
+ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
+ . ./conftest.sh
+ rm -f ./conftest.sh
+ acl_cv_rpath=done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5
+$as_echo "$acl_cv_rpath" >&6; }
+ wl="$acl_cv_wl"
+ acl_libext="$acl_cv_libext"
+ acl_shlibext="$acl_cv_shlibext"
+ acl_libname_spec="$acl_cv_libname_spec"
+ acl_library_names_spec="$acl_cv_library_names_spec"
+ acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
+ acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
+ acl_hardcode_direct="$acl_cv_hardcode_direct"
+ acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
+ # Check whether --enable-rpath was given.
+if test "${enable_rpath+set}" = set; then :
+ enableval=$enable_rpath; :
+else
+ enable_rpath=yes
+fi
+
+
+
+ acl_libdirstem=lib
+ searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
+ if test -n "$searchpath"; then
+ acl_save_IFS="${IFS= }"; IFS=":"
+ for searchdir in $searchpath; do
+ if test -d "$searchdir"; then
+ case "$searchdir" in
+ */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
+ *) searchdir=`cd "$searchdir" && pwd`
+ case "$searchdir" in
+ */lib64 ) acl_libdirstem=lib64 ;;
+ esac ;;
+ esac
+ fi
+ done
+ IFS="$acl_save_IFS"
+ fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+ # Library code modified: REVISION++
+ # Interfaces changed/added/removed: CURRENT++ REVISION=0
+ # Interfaces added: AGE++
+ # Interfaces removed: AGE=0
+ LT_CURRENT=44
+
+ LT_REVISION=7
+
+ LT_AGE=18
+
+
+ LT_SSL_CURRENT=27
+
+ LT_SSL_REVISION=0
+
+ LT_SSL_AGE=0
+
+
+ CXX_LT_CURRENT=27
+
+ CXX_LT_REVISION=0
+
+ CXX_LT_AGE=0
+
+
+ # Used when creating the Windows libgnutls-XX.def files.
+ DLL_VERSION=`expr ${LT_CURRENT} - ${LT_AGE}`
+
+
+ cryptolib="nettle"
+
+
+# Check whether --with-libgcrypt was given.
+if test "${with_libgcrypt+set}" = set; then :
+ withval=$with_libgcrypt; libgcrypt=$withval
+else
+ libgcrypt=no
+fi
+
+ if test "$libgcrypt" = "yes"; then
+ cryptolib=libgcrypt
+
+$as_echo "#define HAVE_GCRYPT 1" >>confdefs.h
+
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libgcrypt-prefix was given.
+if test "${with_libgcrypt_prefix+set}" = set; then :
+ withval=$with_libgcrypt_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBGCRYPT=
+ LTLIBGCRYPT=
+ INCGCRYPT=
+ LIBGCRYPT_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='gcrypt gpg-error'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ else
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_a"
+ else
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBGCRYPT_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCGCRYPT="${INCGCRYPT}${INCGCRYPT:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$dep"
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-l$name"
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCGCRYPT; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libgcrypt" >&5
+$as_echo_n "checking for libgcrypt... " >&6; }
+if test "${ac_cv_libgcrypt+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBGCRYPT"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <gcrypt.h>
+int
+main ()
+{
+enum gcry_cipher_algos i = GCRY_CIPHER_CAMELLIA128
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libgcrypt=yes
+else
+ ac_cv_libgcrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libgcrypt" >&5
+$as_echo "$ac_cv_libgcrypt" >&6; }
+ if test "$ac_cv_libgcrypt" = yes; then
+ HAVE_LIBGCRYPT=yes
+
+$as_echo "#define HAVE_LIBGCRYPT 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libgcrypt" >&5
+$as_echo_n "checking how to link with libgcrypt... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT" >&5
+$as_echo "$LIBGCRYPT" >&6; }
+ else
+ HAVE_LIBGCRYPT=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBGCRYPT=
+ LTLIBGCRYPT=
+ LIBGCRYPT_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_libgcrypt" != yes; then
+ as_fn_error $? "
+***
+*** Libgcrypt v1.4.0 or later was not found. You may want to get it from
+*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+***
+ " "$LINENO" 5
+ fi
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use nettle" >&5
+$as_echo_n "checking whether to use nettle... " >&6; }
+if test "$cryptolib" = "nettle";then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libnettle-prefix was given.
+if test "${with_libnettle_prefix+set}" = set; then :
+ withval=$with_libnettle_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBNETTLE=
+ LTLIBNETTLE=
+ INCNETTLE=
+ LIBNETTLE_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='nettle '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ else
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_a"
+ else
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBNETTLE_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCNETTLE="${INCNETTLE}${INCNETTLE:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$dep"
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-l$name"
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCNETTLE; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnettle" >&5
+$as_echo_n "checking for libnettle... " >&6; }
+if test "${ac_cv_libnettle+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBNETTLE"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <nettle/aes.h>
+int
+main ()
+{
+nettle_aes_invert_key (0, 0)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libnettle=yes
+else
+ ac_cv_libnettle=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libnettle" >&5
+$as_echo "$ac_cv_libnettle" >&6; }
+ if test "$ac_cv_libnettle" = yes; then
+ HAVE_LIBNETTLE=yes
+
+$as_echo "#define HAVE_LIBNETTLE 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libnettle" >&5
+$as_echo_n "checking how to link with libnettle... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBNETTLE" >&5
+$as_echo "$LIBNETTLE" >&6; }
+ else
+ HAVE_LIBNETTLE=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBNETTLE=
+ LTLIBNETTLE=
+ LIBNETTLE_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_libnettle" != yes; then
+ as_fn_error $? "
+ ***
+ *** Libnettle 2.1 was not found.
+ " "$LINENO" 5
+ fi
+ NETTLE_LIBS="-lgmp -lpthread -lhogweed"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "$cryptolib" = "nettle"; then
+ ENABLE_NETTLE_TRUE=
+ ENABLE_NETTLE_FALSE='#'
+else
+ ENABLE_NETTLE_TRUE='#'
+ ENABLE_NETTLE_FALSE=
+fi
+
+
+
+# Check whether --with-included-libtasn1 was given.
+if test "${with_included_libtasn1+set}" = set; then :
+ withval=$with_included_libtasn1; included_libtasn1=$withval
+else
+ included_libtasn1=no
+fi
+
+ if test "$included_libtasn1" = "no"; then
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libtasn1-prefix was given.
+if test "${with_libtasn1_prefix+set}" = set; then :
+ withval=$with_libtasn1_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBTASN1=
+ LTLIBTASN1=
+ INCTASN1=
+ LIBTASN1_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='tasn1 '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ else
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_a"
+ else
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBTASN1_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCTASN1="${INCTASN1}${INCTASN1:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$dep"
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-l$name"
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCTASN1; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libtasn1" >&5
+$as_echo_n "checking for libtasn1... " >&6; }
+if test "${ac_cv_libtasn1+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBTASN1"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libtasn1.h>
+int
+main ()
+{
+asn1_check_version (NULL)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libtasn1=yes
+else
+ ac_cv_libtasn1=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libtasn1" >&5
+$as_echo "$ac_cv_libtasn1" >&6; }
+ if test "$ac_cv_libtasn1" = yes; then
+ HAVE_LIBTASN1=yes
+
+$as_echo "#define HAVE_LIBTASN1 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libtasn1" >&5
+$as_echo_n "checking how to link with libtasn1... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBTASN1" >&5
+$as_echo "$LIBTASN1" >&6; }
+ else
+ HAVE_LIBTASN1=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBTASN1=
+ LTLIBTASN1=
+ LIBTASN1_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_libtasn1" != yes; then
+ included_libtasn1=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+ ***
+ *** Libtasn1 was not found. Will use the included one.
+ " >&5
+$as_echo "$as_me: WARNING:
+ ***
+ *** Libtasn1 was not found. Will use the included one.
+ " >&2;}
+ fi
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the included minitasn1" >&5
+$as_echo_n "checking whether to use the included minitasn1... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $included_libtasn1" >&5
+$as_echo "$included_libtasn1" >&6; }
+ if test "$included_libtasn1" = "yes"; then
+ ENABLE_MINITASN1_TRUE=
+ ENABLE_MINITASN1_FALSE='#'
+else
+ ENABLE_MINITASN1_TRUE='#'
+ ENABLE_MINITASN1_FALSE=
+fi
+
+
+ if test "$included_libtasn1" = "no"; then
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libtasn1"
+ fi
+
+
+# Check whether --with-included-pakchois was given.
+if test "${with_included_pakchois+set}" = set; then :
+ withval=$with_included_pakchois; included_pakchois=$withval
+else
+ included_pakchois=no
+fi
+
+ if test "$included_pakchois" = "no"; then
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libpakchois-prefix was given.
+if test "${with_libpakchois_prefix+set}" = set; then :
+ withval=$with_libpakchois_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBPAKCHOIS=
+ LTLIBPAKCHOIS=
+ INCPAKCHOIS=
+ LIBPAKCHOIS_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='pakchois '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ else
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_a"
+ else
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBPAKCHOIS_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCPAKCHOIS="${INCPAKCHOIS}${INCPAKCHOIS:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$dep"
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-l$name"
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCPAKCHOIS; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libpakchois" >&5
+$as_echo_n "checking for libpakchois... " >&6; }
+if test "${ac_cv_libpakchois+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBPAKCHOIS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <pakchois/pakchois.h>
+int
+main ()
+{
+pakchois_module_load(0,0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libpakchois=yes
+else
+ ac_cv_libpakchois=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libpakchois" >&5
+$as_echo "$ac_cv_libpakchois" >&6; }
+ if test "$ac_cv_libpakchois" = yes; then
+ HAVE_LIBPAKCHOIS=yes
+
+$as_echo "#define HAVE_LIBPAKCHOIS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libpakchois" >&5
+$as_echo_n "checking how to link with libpakchois... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBPAKCHOIS" >&5
+$as_echo "$LIBPAKCHOIS" >&6; }
+ else
+ HAVE_LIBPAKCHOIS=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBPAKCHOIS=
+ LTLIBPAKCHOIS=
+ LIBPAKCHOIS_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_pakchois" != yes; then
+ included_pakchois=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+ ***
+ *** Pakchois was not found. Will use the included one.
+ " >&5
+$as_echo "$as_me: WARNING:
+ ***
+ *** Pakchois was not found. Will use the included one.
+ " >&2;}
+ fi
+ fi
+ #not other option for now. The released pakchois cannot open an arbitrary PKCS11 module,
+ #and the author is reluctant to add such feature.
+ included_pakchois=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the included pakchois" >&5
+$as_echo_n "checking whether to use the included pakchois... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $included_pakchois" >&5
+$as_echo "$included_pakchois" >&6; }
+ if test "$included_pakchois" = "yes"; then
+ ENABLE_LOCAL_PAKCHOIS_TRUE=
+ ENABLE_LOCAL_PAKCHOIS_FALSE='#'
+else
+ ENABLE_LOCAL_PAKCHOIS_TRUE='#'
+ ENABLE_LOCAL_PAKCHOIS_FALSE=
+fi
+
+ if test "$included_pakchois" = "yes";then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_lock in -lpthread" >&5
+$as_echo_n "checking for pthread_mutex_lock in -lpthread... " >&6; }
+if test "${ac_cv_lib_pthread_pthread_mutex_lock+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpthread $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pthread_mutex_lock ();
+int
+main ()
+{
+return pthread_mutex_lock ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pthread_pthread_mutex_lock=yes
+else
+ ac_cv_lib_pthread_pthread_mutex_lock=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_mutex_lock" >&5
+$as_echo "$ac_cv_lib_pthread_pthread_mutex_lock" >&6; }
+if test "x$ac_cv_lib_pthread_pthread_mutex_lock" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPTHREAD 1
+_ACEOF
+
+ LIBS="-lpthread $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: could not find pthread_mutex_lock" >&5
+$as_echo "$as_me: WARNING: could not find pthread_mutex_lock" >&2;}
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: could not find dlopen" >&5
+$as_echo "$as_me: WARNING: could not find dlopen" >&2;}
+fi
+
+
+ fi
+
+
+# Check whether --with-lzo was given.
+if test "${with_lzo+set}" = set; then :
+ withval=$with_lzo; use_lzo=$withval
+else
+ use_lzo=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include LZO compression support" >&5
+$as_echo_n "checking whether to include LZO compression support... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_lzo" >&5
+$as_echo "$use_lzo" >&6; }
+ LZO_LIBS=
+ if test "$use_lzo" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_1_compress in -llzo2" >&5
+$as_echo_n "checking for lzo1x_1_compress in -llzo2... " >&6; }
+if test "${ac_cv_lib_lzo2_lzo1x_1_compress+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-llzo2 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char lzo1x_1_compress ();
+int
+main ()
+{
+return lzo1x_1_compress ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_lzo2_lzo1x_1_compress=yes
+else
+ ac_cv_lib_lzo2_lzo1x_1_compress=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo2_lzo1x_1_compress" >&5
+$as_echo "$ac_cv_lib_lzo2_lzo1x_1_compress" >&6; }
+if test "x$ac_cv_lib_lzo2_lzo1x_1_compress" = x""yes; then :
+ LZO_LIBS=-llzo2
+fi
+
+ if test "$LZO_LIBS" = ""; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_1_compress in -llzo" >&5
+$as_echo_n "checking for lzo1x_1_compress in -llzo... " >&6; }
+if test "${ac_cv_lib_lzo_lzo1x_1_compress+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-llzo $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char lzo1x_1_compress ();
+int
+main ()
+{
+return lzo1x_1_compress ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_lzo_lzo1x_1_compress=yes
+else
+ ac_cv_lib_lzo_lzo1x_1_compress=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo_lzo1x_1_compress" >&5
+$as_echo "$ac_cv_lib_lzo_lzo1x_1_compress" >&6; }
+if test "x$ac_cv_lib_lzo_lzo1x_1_compress" = x""yes; then :
+ LZO_LIBS=-llzo
+else
+
+ use_lzo=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ***
+ *** Could not find liblzo or liblzo2. Disabling LZO compression.
+ " >&5
+$as_echo "$as_me: WARNING: ***
+ *** Could not find liblzo or liblzo2. Disabling LZO compression.
+ " >&2;}
+
+fi
+
+ fi
+ fi
+
+ if test "$use_lzo" = "yes"; then
+
+$as_echo "#define USE_LZO 1" >>confdefs.h
+
+ if test "$LZO_LIBS" = "-llzo"; then
+ for ac_header in lzo1x.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "lzo1x.h" "ac_cv_header_lzo1x_h" "$ac_includes_default"
+if test "x$ac_cv_header_lzo1x_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LZO1X_H 1
+_ACEOF
+
+fi
+
+done
+
+ elif test "$LZO_LIBS" = "-llzo2"; then
+ for ac_header in lzo/lzo1x.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "lzo/lzo1x.h" "ac_cv_header_lzo_lzo1x_h" "$ac_includes_default"
+if test "x$ac_cv_header_lzo_lzo1x_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LZO_LZO1X_H 1
+_ACEOF
+
+fi
+
+done
+
+ fi
+ fi
+ if test "$use_lzo" = "yes"; then
+ USE_LZO_TRUE=
+ USE_LZO_FALSE='#'
+else
+ USE_LZO_TRUE='#'
+ USE_LZO_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C99 macros are supported" >&5
+$as_echo_n "checking whether C99 macros are supported... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ #define test_mac(...)
+ int z,y,x;
+ test_mac(x,y,z);
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define C99_MACROS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: C99 macros not supported. This may affect compiling." >&5
+$as_echo "$as_me: WARNING: C99 macros not supported. This may affect compiling." >&2;}
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Opaque PRF input support" >&5
+$as_echo_n "checking whether to enable Opaque PRF input support... " >&6; }
+ # Check whether --enable-opaque-prf-input was given.
+if test "${enable_opaque_prf_input+set}" = set; then :
+ enableval=$enable_opaque_prf_input; ac_opaque_prf_input=$enableval
+else
+ ac_opaque_prf_input=no
+fi
+
+ if test "$ac_opaque_prf_input" != "no"; then
+ if ! echo $ac_opaque_prf_input | egrep -q '^[0-9]+$'; then
+ ac_opaque_prf_input=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+ *** Could not parse Opaque PRF Input extension type.
+ *** Use --enable-opaque-prf-input=XX where XX is decimal, for example
+ *** to use extension value 42 use --enable-opqaue-prf-input=42" >&5
+$as_echo "$as_me: WARNING:
+ *** Could not parse Opaque PRF Input extension type.
+ *** Use --enable-opaque-prf-input=XX where XX is decimal, for example
+ *** to use extension value 42 use --enable-opqaue-prf-input=42" >&2;}
+ fi
+ fi
+ if test "$ac_opaque_prf_input" != "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (extension value $ac_opaque_prf_input)" >&5
+$as_echo "yes (extension value $ac_opaque_prf_input)" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define ENABLE_OPRFI $ac_opaque_prf_input
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ if test "$ac_opaque_prf_input" != "no"; then
+ ENABLE_OPRFI_TRUE=
+ ENABLE_OPRFI_FALSE='#'
+else
+ ENABLE_OPRFI_TRUE='#'
+ ENABLE_OPRFI_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable SRP authentication support" >&5
+$as_echo_n "checking whether to disable SRP authentication support... " >&6; }
+ # Check whether --enable-srp-authentication was given.
+if test "${enable_srp_authentication+set}" = set; then :
+ enableval=$enable_srp_authentication; ac_enable_srp=no
+fi
+
+ if test x$ac_enable_srp != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_SRP 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_srp" != "no"; then
+ ENABLE_SRP_TRUE=
+ ENABLE_SRP_FALSE='#'
+else
+ ENABLE_SRP_TRUE='#'
+ ENABLE_SRP_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable PSK authentication support" >&5
+$as_echo_n "checking whether to disable PSK authentication support... " >&6; }
+ # Check whether --enable-psk-authentication was given.
+if test "${enable_psk_authentication+set}" = set; then :
+ enableval=$enable_psk_authentication; ac_enable_psk=no
+fi
+
+ if test x$ac_enable_psk != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_PSK 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_psk" != "no"; then
+ ENABLE_PSK_TRUE=
+ ENABLE_PSK_FALSE='#'
+else
+ ENABLE_PSK_TRUE='#'
+ ENABLE_PSK_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable anonymous authentication support" >&5
+$as_echo_n "checking whether to disable anonymous authentication support... " >&6; }
+ # Check whether --enable-anon-authentication was given.
+if test "${enable_anon_authentication+set}" = set; then :
+ enableval=$enable_anon_authentication; ac_enable_anon=no
+fi
+
+ if test x$ac_enable_anon != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_ANON 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_anon" != "no"; then
+ ENABLE_ANON_TRUE=
+ ENABLE_ANON_FALSE='#'
+else
+ ENABLE_ANON_TRUE='#'
+ ENABLE_ANON_FALSE=
+fi
+
+
+ # Allow disabling Camellia
+ if test "$nettle" != "yes";then
+ # Check whether --enable-camellia was given.
+if test "${enable_camellia+set}" = set; then :
+ enableval=$enable_camellia; enable_camellia=$enableval
+else
+ enable_camellia=yes
+fi
+
+ else
+ enable_camellia=no
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable Camellia cipher" >&5
+$as_echo_n "checking whether to disable Camellia cipher... " >&6; }
+ if test "$enable_camellia" != "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_CAMELLIA 1" >>confdefs.h
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable extra PKI stuff" >&5
+$as_echo_n "checking whether to disable extra PKI stuff... " >&6; }
+ # Check whether --enable-extra-pki was given.
+if test "${enable_extra_pki+set}" = set; then :
+ enableval=$enable_extra_pki; enable_pki=$enableval
+else
+ enable_pki=yes
+fi
+
+ if test "$enable_pki" != "yes"; then
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_PKI 1" >>confdefs.h
+
+ fi
+ if test "$enable_pki" = "yes"; then
+ ENABLE_PKI_TRUE=
+ ENABLE_PKI_FALSE='#'
+else
+ ENABLE_PKI_TRUE='#'
+ ENABLE_PKI_FALSE=
+fi
+
+
+ ac_enable_openpgp=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable OpenPGP Certificate authentication support" >&5
+$as_echo_n "checking whether to disable OpenPGP Certificate authentication support... " >&6; }
+ # Check whether --enable-openpgp-authentication was given.
+if test "${enable_openpgp_authentication+set}" = set; then :
+ enableval=$enable_openpgp_authentication; ac_enable_openpgp=no
+fi
+
+ if test x$ac_enable_openpgp = xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ac_full=0
+ else
+
+$as_echo "#define ENABLE_OPENPGP 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ if test "$ac_enable_openpgp" = "yes"; then
+ ENABLE_OPENPGP_TRUE=
+ ENABLE_OPENPGP_FALSE='#'
+else
+ ENABLE_OPENPGP_TRUE='#'
+ ENABLE_OPENPGP_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable SessionTicket extension support" >&5
+$as_echo_n "checking whether to disable SessionTicket extension support... " >&6; }
+ # Check whether --enable-session-ticket was given.
+if test "${enable_session_ticket+set}" = set; then :
+ enableval=$enable_session_ticket; ac_session_ticket=no
+fi
+
+ if test x$ac_session_ticket != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_SESSION_TICKET 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_session_ticket" != "no"; then
+ ENABLE_SESSION_TICKET_TRUE=
+ ENABLE_SESSION_TICKET_FALSE='#'
+else
+ ENABLE_SESSION_TICKET_TRUE='#'
+ ENABLE_SESSION_TICKET_FALSE=
+fi
+
+
+ # For cryptodev
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to add cryptodev support" >&5
+$as_echo_n "checking whether to add cryptodev support... " >&6; }
+ # Check whether --enable-cryptodev was given.
+if test "${enable_cryptodev+set}" = set; then :
+ enableval=$enable_cryptodev; enable_cryptodev=yes
+else
+ enable_cryptodev=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_cryptodev" >&5
+$as_echo "$enable_cryptodev" >&6; }
+
+ if test "$enable_cryptodev" = "yes"; then
+
+$as_echo "#define ENABLE_CRYPTODEV 1" >>confdefs.h
+
+ fi
+
+ # For storing integers in pointers without warnings
+ # http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void *" >&5
+$as_echo_n "checking size of void *... " >&6; }
+if test "${ac_cv_sizeof_void_p+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void *))" "ac_cv_sizeof_void_p" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_void_p" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (void *)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_void_p=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_void_p" >&5
+$as_echo "$ac_cv_sizeof_void_p" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_VOID_P $ac_cv_sizeof_void_p
+_ACEOF
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
+$as_echo_n "checking size of long... " >&6; }
+if test "${ac_cv_sizeof_long+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_long=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
+$as_echo "$ac_cv_sizeof_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG $ac_cv_sizeof_long
+_ACEOF
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
+$as_echo_n "checking size of int... " >&6; }
+if test "${ac_cv_sizeof_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (int)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
+$as_echo "$ac_cv_sizeof_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_INT $ac_cv_sizeof_int
+_ACEOF
+
+
+ case $ac_cv_sizeof_void_p in
+ $ac_cv_sizeof_long)
+
+$as_echo "#define GNUTLS_POINTER_TO_INT_CAST (long)" >>confdefs.h
+
+ ;;
+ *)
+ $as_echo "#define GNUTLS_POINTER_TO_INT_CAST /**/" >>confdefs.h
+
+ ;;
+ esac
+
+#LIBGNUTLS_EXTRA_HOOKS
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+
+$as_echo "#define HAVE_STRINGS_H 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_FLOAT_H 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_LIMITS_H 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_MATH_H 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_CTYPE_H 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_ERRNO_H 1" >>confdefs.h
+
+
+# No fork on MinGW, disable some self-tests until we fix them.
+for ac_func in fork
+do :
+ ac_fn_c_check_func "$LINENO" "fork" "ac_cv_func_fork"
+if test "x$ac_cv_func_fork" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_FORK 1
+_ACEOF
+
+fi
+done
+
+ if test "$ac_cv_func_fork" != "no"; then
+ HAVE_FORK_TRUE=
+ HAVE_FORK_FALSE='#'
+else
+ HAVE_FORK_TRUE='#'
+ HAVE_FORK_FALSE=
+fi
+
+
+ac_fn_c_check_type "$LINENO" "uint" "ac_cv_type_uint" "
+# include <sys/types.h>
+
+"
+if test "x$ac_cv_type_uint" = x""yes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_UINT 1
+_ACEOF
+
+
+fi
+
+
+# For Guile bindings.
+#opt_guile_bindings=yes
+opt_guile_bindings=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether building Guile bindings" >&5
+$as_echo_n "checking whether building Guile bindings... " >&6; }
+# Check whether --enable-guile was given.
+if test "${enable_guile+set}" = set; then :
+ enableval=$enable_guile; opt_guile_bindings=$enableval
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $opt_guile_bindings" >&5
+$as_echo "$opt_guile_bindings" >&6; }
+
+
+# Check whether --with---with-guile-site-dir was given.
+if test "${with___with_guile_site_dir+set}" = set; then :
+ withval=$with___with_guile_site_dir;
+fi
+
+
+if test "$opt_guile_bindings" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ***
+*** Detecting GNU Guile...
+" >&5
+$as_echo "***
+*** Detecting GNU Guile...
+" >&6; }
+
+ # Extract the first word of "guile-snarf", so it can be a program name with args.
+set dummy guile-snarf; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_guile_snarf+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $guile_snarf in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_guile_snarf="$guile_snarf" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_guile_snarf="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+guile_snarf=$ac_cv_path_guile_snarf
+if test -n "$guile_snarf"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $guile_snarf" >&5
+$as_echo "$guile_snarf" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test "x$guile_snarf" = "x"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`guile-snarf' from Guile 1.8 not found. Guile bindings not built." >&5
+$as_echo "$as_me: WARNING: \`guile-snarf' from Guile 1.8 not found. Guile bindings not built." >&2;}
+ opt_guile_bindings=no
+ else
+ # Extract the first word of "guile", so it can be a program name with args.
+set dummy guile; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GUILE+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GUILE in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GUILE="$GUILE" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GUILE="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GUILE=$ac_cv_path_GUILE
+if test -n "$GUILE"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE" >&5
+$as_echo "$GUILE" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test "$GUILE" = "" ; then
+ as_fn_error $? "guile required but not found" "$LINENO" 5
+ fi
+
+ # Extract the first word of "guile-config", so it can be a program name with args.
+set dummy guile-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GUILE_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GUILE_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GUILE_CONFIG="$GUILE_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GUILE_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GUILE_CONFIG=$ac_cv_path_GUILE_CONFIG
+if test -n "$GUILE_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_CONFIG" >&5
+$as_echo "$GUILE_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test "$GUILE_CONFIG" = "" ; then
+ as_fn_error $? "guile-config required but not found" "$LINENO" 5
+ fi
+
+ # Extract the first word of "guile-tools", so it can be a program name with args.
+set dummy guile-tools; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GUILE_TOOLS+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GUILE_TOOLS in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GUILE_TOOLS="$GUILE_TOOLS" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GUILE_TOOLS="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+GUILE_TOOLS=$ac_cv_path_GUILE_TOOLS
+if test -n "$GUILE_TOOLS"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_TOOLS" >&5
+$as_echo "$GUILE_TOOLS" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking libguile compile flags" >&5
+$as_echo_n "checking libguile compile flags... " >&6; }
+ GUILE_CFLAGS="`$GUILE_CONFIG compile`"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_CFLAGS" >&5
+$as_echo "$GUILE_CFLAGS" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking libguile link flags" >&5
+$as_echo_n "checking libguile link flags... " >&6; }
+ GUILE_LDFLAGS="`$GUILE_CONFIG link`"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_LDFLAGS" >&5
+$as_echo "$GUILE_LDFLAGS" >&6; }
+
+
+
+
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ CFLAGS="$CFLAGS $GUILE_CFLAGS"
+ LIBS="$LIBS $GUILE_LDFLAGS"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GNU Guile is recent enough" >&5
+$as_echo_n "checking whether GNU Guile is recent enough... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char scm_from_locale_string ();
+int
+main ()
+{
+return scm_from_locale_string ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+else
+ opt_guile_bindings=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+
+ if test "$opt_guile_bindings" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ case "x$with_guile_site_dir" in
+ xno)
+ # Use the default $(GUILE_SITE).
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile site directory" >&5
+$as_echo_n "checking for Guile site directory... " >&6; }
+ GUILE_SITE=`$GUILE_CONFIG info pkgdatadir`/site
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_SITE" >&5
+$as_echo "$GUILE_SITE" >&6; }
+
+
+ ;;
+ x|xyes)
+ # Automatically derive $(GUILE_SITE) from $(pkgdatadir). This
+ # hack is used to allow `distcheck' to work (see
+ # `DISTCHECK_CONFIGURE_FLAGS' in the top-level `Makefile.am').
+ GUILE_SITE="\$(datadir)/guile/site"
+
+ ;;
+ *)
+ # Use the user-specified directory as $(GUILE_SITE).
+ GUILE_SITE="$with_guile_site_dir"
+
+ ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether gcc supports -fgnu89-inline" >&5
+$as_echo_n "checking whether gcc supports -fgnu89-inline... " >&6; }
+ _gcc_cflags_save="$CFLAGS"
+ CFLAGS="${CFLAGS} -fgnu89-inline"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ gnu89_inline=yes
+else
+ gnu89_inline=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnu89_inline" >&5
+$as_echo "$gnu89_inline" >&6; }
+ CFLAGS="$_gcc_cflags_save"
+
+ # Optional Guile functions.
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ CFLAGS="$CFLAGS $GUILE_CFLAGS"
+ LIBS="$LIBS $GUILE_LDFLAGS"
+ for ac_func in scm_gc_malloc_pointerless
+do :
+ ac_fn_c_check_func "$LINENO" "scm_gc_malloc_pointerless" "ac_cv_func_scm_gc_malloc_pointerless"
+if test "x$ac_cv_func_scm_gc_malloc_pointerless" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_SCM_GC_MALLOC_POINTERLESS 1
+_ACEOF
+
+fi
+done
+
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: A sufficiently recent GNU Guile not found. Guile bindings not built." >&5
+$as_echo "$as_me: WARNING: A sufficiently recent GNU Guile not found. Guile bindings not built." >&2;}
+ opt_guile_bindings=no
+ fi
+ fi
+fi
+ if test "$opt_guile_bindings" = "yes"; then
+ HAVE_GUILE_TRUE=
+ HAVE_GUILE_FALSE='#'
+else
+ HAVE_GUILE_TRUE='#'
+ HAVE_GUILE_FALSE=
+fi
+
+ if test "$gnu89_inline" = "yes"]; then
+ HAVE_GCC_GNU89_INLINE_OPTION_TRUE=
+ HAVE_GCC_GNU89_INLINE_OPTION_FALSE='#'
+else
+ HAVE_GCC_GNU89_INLINE_OPTION_TRUE='#'
+ HAVE_GCC_GNU89_INLINE_OPTION_FALSE=
+fi
+
+ if test "$GCC" = "yes"; then
+ HAVE_GCC_TRUE=
+ HAVE_GCC_FALSE='#'
+else
+ HAVE_GCC_TRUE='#'
+ HAVE_GCC_FALSE=
+fi
+
+
+
+SAVED_LIBS=$LIBS
+
+# Check whether --with-included-libcfg was given.
+if test "${with_included_libcfg+set}" = set; then :
+ withval=$with_included_libcfg; libcfg_enabled=$withval
+else
+ libcfg_enabled=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cfg_get_context in -lcfg+" >&5
+$as_echo_n "checking for cfg_get_context in -lcfg+... " >&6; }
+if test "${ac_cv_lib_cfgp_cfg_get_context+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lcfg+ $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char cfg_get_context ();
+int
+main ()
+{
+return cfg_get_context ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_cfgp_cfg_get_context=yes
+else
+ ac_cv_lib_cfgp_cfg_get_context=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cfgp_cfg_get_context" >&5
+$as_echo "$ac_cv_lib_cfgp_cfg_get_context" >&6; }
+if test "x$ac_cv_lib_cfgp_cfg_get_context" = x""yes; then :
+ :
+else
+ libcfg_enabled=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+***
+*** Libcfg+ was not found. Will use the included one." >&5
+$as_echo "$as_me: WARNING:
+***
+*** Libcfg+ was not found. Will use the included one." >&2;}
+fi
+
+fi
+
+
+ if test "$libcfg_enabled" = "no"; then
+ HAVE_LIBCFG_TRUE=
+ HAVE_LIBCFG_FALSE='#'
+else
+ HAVE_LIBCFG_TRUE='#'
+ HAVE_LIBCFG_FALSE=
+fi
+
+LIBS=$SAVED_LIBS
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the included libcfg" >&5
+$as_echo_n "checking whether to use the included libcfg... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libcfg_enabled" >&5
+$as_echo "$libcfg_enabled" >&6; }
+
+#AC_LIBTOOL_WIN32_DLL
+case `pwd` in
+ *\ * | *\ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.2.6b'
+macro_revision='1.3017'
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if test "${ac_cv_path_SED+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+ for ac_i in 1 2 3 4 5 6 7; do
+ ac_script="$ac_script$as_nl$ac_script"
+ done
+ echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+ { ac_script=; unset ac_script;}
+ if test -z "$SED"; then
+ ac_path_SED_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
+# Check for GNU ac_path_SED and select it if it is found.
+ # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+ ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo '' >> "conftest.nl"
+ "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_SED_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_SED="$ac_path_SED"
+ ac_path_SED_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_SED_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_SED"; then
+ as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+ fi
+else
+ ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+ rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if test "${ac_cv_path_FGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+ then ac_cv_path_FGREP="$GREP -F"
+ else
+ if test -z "$FGREP"; then
+ ac_path_FGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in fgrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+ # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'FGREP' >> "conftest.nl"
+ "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_FGREP="$ac_path_FGREP"
+ ac_path_FGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_FGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_FGREP"; then
+ as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_FGREP=$FGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test "${lt_cv_path_NM+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ : ${lt_cv_path_NM=no}
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
+if test "$lt_cv_path_NM" != "no"; then
+ NM="$lt_cv_path_NM"
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DUMPBIN"; then
+ ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$DUMPBIN" && break
+ done
+fi
+if test -z "$DUMPBIN"; then
+ ac_ct_DUMPBIN=$DUMPBIN
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DUMPBIN"; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_DUMPBIN" && break
+done
+
+ if test "x$ac_ct_DUMPBIN" = x; then
+ DUMPBIN=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DUMPBIN=$ac_ct_DUMPBIN
+ fi
+fi
+
+
+ if test "$DUMPBIN" != ":"; then
+ NM="$DUMPBIN"
+ fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if test "${lt_cv_nm_interface+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:9844: $ac_compile\"" >&5)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:9847: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:9850: output\"" >&5)
+ cat conftest.out >&5
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
+
+# find the maximum length of command line arguments
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8 ; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+ = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
+$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+ test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,, \
+ && eval 'test $(( 1 + 1 )) -eq 2 \
+ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+ && xsi_shell=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
+$as_echo "$xsi_shell" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
+$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
+ >/dev/null 2>&1 \
+ && lt_shell_append=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
+$as_echo "$lt_shell_append" >&6; }
+
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if test "${lt_cv_ld_reload_flag+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_reload_flag='-r'
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OBJDUMP" = x; then
+ OBJDUMP="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OBJDUMP=$ac_ct_OBJDUMP
+ fi
+else
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if test "${lt_cv_deplibs_check_method+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[3-9]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_AR="ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDEGRST]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris*)
+ symcode='[BDRT]'
+ ;;
+sco3.2v5*)
+ symcode='[DT]'
+ ;;
+sysv4.2uw2*)
+ symcode='[DT]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[ABDT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function
+ # and D for any global variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK '"\
+" {last_section=section; section=\$ 3};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+" s[1]~/^[@?]/{print s[1], s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5
+ (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then :
+ enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '#line 11044 "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if test "${lt_cv_cc_needs_belf+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_cc_needs_belf=yes
+else
+ lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+ case $host_os in
+ rhapsody* | darwin*)
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DSYMUTIL"; then
+ ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+ ac_ct_DSYMUTIL=$DSYMUTIL
+ # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DSYMUTIL"; then
+ ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_DSYMUTIL" = x; then
+ DSYMUTIL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DSYMUTIL=$ac_ct_DSYMUTIL
+ fi
+else
+ DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NMEDIT"; then
+ ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+ ac_ct_NMEDIT=$NMEDIT
+ # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_NMEDIT"; then
+ ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_NMEDIT="nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_NMEDIT" = x; then
+ NMEDIT=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ NMEDIT=$ac_ct_NMEDIT
+ fi
+else
+ NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$LIPO"; then
+ ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+ ac_ct_LIPO=$LIPO
+ # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_LIPO"; then
+ ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_LIPO="lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_LIPO" = x; then
+ LIPO=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ LIPO=$ac_ct_LIPO
+ fi
+else
+ LIPO="$ac_cv_prog_LIPO"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL"; then
+ ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+ ac_ct_OTOOL=$OTOOL
+ # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL"; then
+ ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL="otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL" = x; then
+ OTOOL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL=$ac_ct_OTOOL
+ fi
+else
+ OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL64"; then
+ ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+ ac_ct_OTOOL64=$OTOOL64
+ # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL64"; then
+ ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL64="otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL64" = x; then
+ OTOOL64=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL64=$ac_ct_OTOOL64
+ fi
+else
+ OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if test "${lt_cv_apple_cc_single_mod+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_apple_cc_single_mod=no
+ if test -z "${LT_MULTI_MODULE}"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&5
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if test "${lt_cv_ld_exported_symbols_list+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_ld_exported_symbols_list=yes
+else
+ lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ 10.[012]*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ 10.*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+ _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ if test "$DSYMUTIL" != ":"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+
+for ac_header in dlfcn.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DLFCN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+ if test -n "$CCC"; then
+ CXX=$CCC
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CXX"; then
+ ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CXX" && break
+ done
+fi
+if test -z "$CXX"; then
+ ac_ct_CXX=$CXX
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CXX"; then
+ ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CXX="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CXX" && break
+done
+
+ if test "x$ac_ct_CXX" = x; then
+ CXX="g++"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CXX=$ac_ct_CXX
+ fi
+fi
+
+ fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GXX=yes
+else
+ GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if test "${ac_cv_prog_cxx_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+ ac_cxx_werror_flag=yes
+ ac_cv_prog_cxx_g=no
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+else
+ CXXFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+ CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+ if test "$GXX" = yes; then
+ CXXFLAGS="-g -O2"
+ else
+ CXXFLAGS="-g"
+ fi
+else
+ if test "$GXX" = yes; then
+ CXXFLAGS="-O2"
+ else
+ CXXFLAGS=
+ fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CXX" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CXX_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CXX_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+ am__fastdepCXX_TRUE=
+ am__fastdepCXX_FALSE='#'
+else
+ am__fastdepCXX_TRUE='#'
+ am__fastdepCXX_FALSE=
+fi
+
+
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5
+$as_echo_n "checking how to run the C++ preprocessor... " >&6; }
+if test -z "$CXXCPP"; then
+ if test "${ac_cv_prog_CXXCPP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CXXCPP needs to be expanded
+ for CXXCPP in "$CXX -E" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CXXCPP=$CXXCPP
+
+fi
+ CXXCPP=$ac_cv_prog_CXXCPP
+else
+ ac_cv_prog_CXXCPP=$CXXCPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5
+$as_echo "$CXXCPP" >&6; }
+ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+_lt_caught_CXX_error=yes; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+else
+ _lt_caught_CXX_error=yes
+fi
+
+
+
+
+# Set options
+
+
+
+ enable_dlopen=no
+
+
+ enable_win32_dll=no
+
+
+ # Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+ enableval=$enable_shared; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+ # Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+ enableval=$enable_static; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_static=yes
+fi
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then :
+ withval=$with_pic; pic_mode="$withval"
+else
+ pic_mode=default
+fi
+
+
+test -z "$pic_mode" && pic_mode=default
+
+
+
+
+
+
+
+ # Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then :
+ enableval=$enable_fast_install; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if test "${lt_cv_objdir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LT_OBJDIR "$lt_cv_objdir/"
+_ACEOF
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/${ac_tool_prefix}file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:12832: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:12836: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+
+
+
+
+
+ lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[3-9]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='--shared'
+ lt_prog_compiler_static='--static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ xl*)
+ # IBM XL C 8.0/Fortran 10.1 on PPC
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-qpic'
+ lt_prog_compiler_static='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C 5.9
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ *Sun\ F*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl=''
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ rdos*)
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5
+$as_echo "$lt_prog_compiler_pic" >&6; }
+
+
+
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:13171: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:13175: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_pic_works=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_static_works=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ else
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works" = xyes; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:13276: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:13280: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:13331: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:13335: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+ runpath_var=
+ allow_undefined_flag=
+ always_export_symbols=no
+ archive_cmds=
+ archive_expsym_cmds=
+ compiler_needs_object=no
+ enable_shared_with_static_runtimes=no
+ export_dynamic_flag_spec=
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ hardcode_automatic=no
+ hardcode_direct=no
+ hardcode_direct_absolute=no
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld=
+ hardcode_libdir_separator=
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ inherit_rpath=no
+ link_all_deplibs=unknown
+ module_cmds=
+ module_expsym_cmds=
+ old_archive_from_new_cmds=
+ old_archive_from_expsyms_cmds=
+ thread_safe_flag_spec=
+ whole_archive_flag_spec=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ linux* | k*bsd*-gnu)
+ link_all_deplibs=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[3-9]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ tmp_diet=no
+ if test "$host_os" = linux-dietlibc; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test "$tmp_diet" = no
+ then
+ tmp_addflag=
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ whole_archive_flag_spec=
+ tmp_sharedflag='--shared' ;;
+ xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ compiler_needs_object=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ xlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ file_list_spec='${wl}-f,'
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ link_all_deplibs=no
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ export_dynamic_flag_spec='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' ${wl}-bernotok'
+ allow_undefined_flag=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec='$convenience'
+ archive_cmds_need_lc=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_from_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ darwin* | rhapsody*)
+
+
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ whole_archive_flag_spec=''
+ link_all_deplibs=yes
+ allow_undefined_flag="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+
+ else
+ ld_shlibs=no
+ fi
+
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld='+b $libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ *)
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int foo(void) {}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ inherit_rpath=yes
+ link_all_deplibs=yes
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ hardcode_direct_absolute=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_separator=:
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z defs'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='${wl}'
+ archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test "$GCC" = yes; then
+ whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ else
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag='${wl}-z,text'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag='${wl}-z,text'
+ allow_undefined_flag='${wl}-z,nodefs'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-R,$libdir'
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ export_dynamic_flag_spec='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+
+ if test x$host_vendor = xsni; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
+test "$ld_shlibs" = no && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ pic_flag=$lt_prog_compiler_pic
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+ (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ archive_cmds_need_lc=no
+ else
+ archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5
+$as_echo "$archive_cmds_need_lc" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+if test "$GCC" = yes; then
+ case $host_os in
+ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+ *) lt_awk_arg="/^libraries:/" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary.
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+ else
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+ lt_foo="";
+ lt_count=0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo="/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[lt_foo]++; }
+ if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+ sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[4-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[3-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+ shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+ test -n "$runpath_var" ||
+ test "X$hardcode_automatic" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$hardcode_direct" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
+ test "$hardcode_minus_L" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
+
+if test "$hardcode_action" = relink ||
+ test "$inherit_rpath" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+
+
+
+
+ if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_shl_load=yes
+else
+ ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
+else
+ ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_svld_dlopen=yes
+else
+ ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_dld_link=yes
+else
+ ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = x""yes; then :
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 15715 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self_static+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 15811 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ ;;
+ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+ # Report which library types will actually be built
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+archive_cmds_need_lc_CXX=no
+allow_undefined_flag_CXX=
+always_export_symbols_CXX=no
+archive_expsym_cmds_CXX=
+compiler_needs_object_CXX=no
+export_dynamic_flag_spec_CXX=
+hardcode_direct_CXX=no
+hardcode_direct_absolute_CXX=no
+hardcode_libdir_flag_spec_CXX=
+hardcode_libdir_flag_spec_ld_CXX=
+hardcode_libdir_separator_CXX=
+hardcode_minus_L_CXX=no
+hardcode_shlibpath_var_CXX=unsupported
+hardcode_automatic_CXX=no
+inherit_rpath_CXX=no
+module_cmds_CXX=
+module_expsym_cmds_CXX=
+link_all_deplibs_CXX=unknown
+old_archive_cmds_CXX=$old_archive_cmds
+no_undefined_flag_CXX=
+whole_archive_flag_spec_CXX=
+enable_shared_with_static_runtimes_CXX=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+objext_CXX=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_caught_CXX_error" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="int some_variable = 0;"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code='int main(int, char *[]) { return(0); }'
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+ # save warnings/boilerplate of simple test code
+ ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC=$CC
+ lt_save_LD=$LD
+ lt_save_GCC=$GCC
+ GCC=$GXX
+ lt_save_with_gnu_ld=$with_gnu_ld
+ lt_save_path_LD=$lt_cv_path_LD
+ if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+ else
+ $as_unset lt_cv_prog_gnu_ld
+ fi
+ if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+ else
+ $as_unset lt_cv_path_LD
+ fi
+ test -z "${LDCXX+set}" || LD=$LDCXX
+ CC=${CXX-"c++"}
+ compiler=$CC
+ compiler_CXX=$CC
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+ if test -n "$compiler"; then
+ # We don't want -fno-exception when compiling C++ code, so set the
+ # no_builtin_flag separately
+ if test "$GXX" = yes; then
+ lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
+ else
+ lt_prog_compiler_no_builtin_flag_CXX=
+ fi
+
+ if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+ $GREP 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_CXX=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+ fi
+
+ # PORTME: fill in a description of your system's C++ link characteristics
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+ ld_shlibs_CXX=yes
+ case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_CXX=''
+ hardcode_direct_CXX=yes
+ hardcode_direct_absolute_CXX=yes
+ hardcode_libdir_separator_CXX=':'
+ link_all_deplibs_CXX=yes
+ file_list_spec_CXX='${wl}-f,'
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct_CXX=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_CXX=yes
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ hardcode_libdir_separator_CXX=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ export_dynamic_flag_spec_CXX='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to
+ # export.
+ always_export_symbols_CXX=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_CXX='-berok'
+ # Determine the default libpath from the value encoded in an empty
+ # executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ archive_expsym_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_CXX="-z nodefs"
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_CXX=' ${wl}-bernotok'
+ allow_undefined_flag_CXX=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_CXX='$convenience'
+ archive_cmds_need_lc_CXX=yes
+ # This is similar to how AIX traditionally builds its shared
+ # libraries.
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag_CXX=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ allow_undefined_flag_CXX=unsupported
+ always_export_symbols_CXX=no
+ enable_shared_with_static_runtimes_CXX=yes
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+
+
+ archive_cmds_need_lc_CXX=no
+ hardcode_direct_CXX=no
+ hardcode_automatic_CXX=yes
+ hardcode_shlibpath_var_CXX=unsupported
+ whole_archive_flag_spec_CXX=''
+ link_all_deplibs_CXX=yes
+ allow_undefined_flag_CXX="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ module_expsym_cmds_CXX="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+ if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+ archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+ archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+ fi
+
+ else
+ ld_shlibs_CXX=no
+ fi
+
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ freebsd[12]*)
+ # C++ shared libraries reported to be fairly broken before
+ # switch to ELF
+ ld_shlibs_CXX=no
+ ;;
+
+ freebsd-elf*)
+ archive_cmds_need_lc_CXX=no
+ ;;
+
+ freebsd* | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ ld_shlibs_CXX=yes
+ ;;
+
+ gnu*)
+ ;;
+
+ hpux9*)
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ hardcode_direct_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ archive_cmds_CXX='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ archive_cmds_CXX='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ ;;
+ *)
+ hardcode_direct_CXX=yes
+ hardcode_direct_absolute_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+
+ interix[3-9]*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+ fi
+ fi
+ link_all_deplibs_CXX=yes
+ ;;
+ esac
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ inherit_rpath_CXX=yes
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc* | ecpc* )
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ archive_cmds_need_lc_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ case `$CC -V` in
+ *pgCC\ [1-5]* | *pgcpp\ [1-5]*)
+ prelink_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+ compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+ old_archive_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+ $RANLIB $oldlib'
+ archive_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ archive_expsym_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ *) # Version 6 will use weak symbols
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ esac
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ xl*)
+ # IBM XL 8.0 on PPC, with GNU ld
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ archive_cmds_CXX='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds_CXX='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ no_undefined_flag_CXX=' -zdefs'
+ archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ compiler_needs_object_CXX=yes
+
+ # Not sure whether something based on
+ # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+ # would be better.
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ m88k*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+
+ *nto* | *qnx*)
+ ld_shlibs_CXX=yes
+ ;;
+
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ ld_shlibs_CXX=no
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ hardcode_direct_absolute_CXX=yes
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd=echo
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ case $host in
+ osf3*) old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;;
+ *) old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;;
+ esac
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ cxx*)
+ case $host in
+ osf3*)
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ ;;
+ *)
+ allow_undefined_flag_CXX=' -expect_unresolved \*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+ $RM $lib.exp'
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ ;;
+ esac
+
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ case $host in
+ osf3*)
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ esac
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+
+ psos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ archive_cmds_need_lc_CXX=yes
+ no_undefined_flag_CXX=' -zdefs'
+ archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_shlibpath_var_CXX=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract'
+ ;;
+ esac
+ link_all_deplibs_CXX=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
+ if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag_CXX='${wl}-z,text'
+ archive_cmds_need_lc_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag_CXX='${wl}-z,text'
+ allow_undefined_flag_CXX='${wl}-z,nodefs'
+ archive_cmds_need_lc_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-R,$libdir'
+ hardcode_libdir_separator_CXX=':'
+ link_all_deplibs_CXX=yes
+ export_dynamic_flag_spec_CXX='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+ test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+ GCC_CXX="$GXX"
+ LD_CXX="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ # Dependencies to place before and after the object being linked:
+predep_objects_CXX=
+postdep_objects_CXX=
+predeps_CXX=
+postdeps_CXX=
+compiler_lib_search_path_CXX=
+
+cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+_LT_EOF
+
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ for p in `eval "$output_verbose_link_cmd"`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" ||
+ test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$compiler_lib_search_path_CXX"; then
+ compiler_lib_search_path_CXX="${prev}${p}"
+ else
+ compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$postdeps_CXX"; then
+ postdeps_CXX="${prev}${p}"
+ else
+ postdeps_CXX="${postdeps_CXX} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$predep_objects_CXX"; then
+ predep_objects_CXX="$p"
+ else
+ predep_objects_CXX="$predep_objects_CXX $p"
+ fi
+ else
+ if test -z "$postdep_objects_CXX"; then
+ postdep_objects_CXX="$p"
+ else
+ postdep_objects_CXX="$postdep_objects_CXX $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling CXX test program"
+fi
+
+$RM -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+case $host_os in
+interix[3-9]*)
+ # Interix 3.5 installs completely hosed .la files for C++, so rather than
+ # hack all around it, let's just trust "g++" to DTRT.
+ predep_objects_CXX=
+ postdep_objects_CXX=
+ postdeps_CXX=
+ ;;
+
+linux*)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ if test "$solaris_use_stlport4" != yes; then
+ postdeps_CXX='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+
+solaris*)
+ case $cc_basename in
+ CC*)
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ if test "$solaris_use_stlport4" != yes; then
+ postdeps_CXX='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+esac
+
+
+case " $postdeps_CXX " in
+*" -lc "*) archive_cmds_need_lc_CXX=no ;;
+esac
+ compiler_lib_search_dirs_CXX=
+if test -n "${compiler_lib_search_path_CXX}"; then
+ compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ lt_prog_compiler_wl_CXX=
+lt_prog_compiler_pic_CXX=
+lt_prog_compiler_static_CXX=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | cygwin* | os2* | pw32* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_CXX='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ lt_prog_compiler_pic_CXX=
+ ;;
+ interix[3-9]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_CXX=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic_CXX='-fPIC -shared'
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix[4-9]*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ else
+ lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+ if test "$host_cpu" != ia64; then
+ lt_prog_compiler_pic_CXX='+Z'
+ fi
+ ;;
+ aCC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ interix*)
+ # This is c89, which is MS Visual C++ (no shared libs)
+ # Anyone wants to do a port?
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ ecpc* )
+ # old Intel C++ for x86_64 which still supported -KPIC.
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-static'
+ ;;
+ icpc* )
+ # Intel C++, used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-fPIC'
+ lt_prog_compiler_static_CXX='-static'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-fpic'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ xlc* | xlC*)
+ # IBM XL 8.0 on PPC
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-qpic'
+ lt_prog_compiler_static_CXX='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ lt_prog_compiler_wl_CXX='-Qoption ld '
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ lt_prog_compiler_pic_CXX='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd* | netbsdelf*-gnu)
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic_CXX='-fPIC -shared'
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ lt_prog_compiler_wl_CXX='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ lt_prog_compiler_wl_CXX='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ lt_prog_compiler_pic_CXX='-pic'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ vxworks*)
+ ;;
+ *)
+ lt_prog_compiler_can_build_shared_CXX=no
+ ;;
+ esac
+ fi
+
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_CXX=
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic_CXX" >&5
+$as_echo "$lt_prog_compiler_pic_CXX" >&6; }
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_pic_works_CXX=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:17767: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:17771: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_pic_works_CXX=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works_CXX" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works_CXX" = xyes; then
+ case $lt_prog_compiler_pic_CXX in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
+ esac
+else
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_can_build_shared_CXX=no
+fi
+
+fi
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_static_works_CXX=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_static_works_CXX=yes
+ fi
+ else
+ lt_cv_prog_compiler_static_works_CXX=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_static_works_CXX" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works_CXX" = xyes; then
+ :
+else
+ lt_prog_compiler_static_CXX=
+fi
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o_CXX=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:17866: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:17870: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_CXX=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o_CXX=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:17918: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:17922: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_CXX=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix[4-9]*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ export_symbols_cmds_CXX="$ltdll_cmds"
+ ;;
+ cygwin* | mingw* | cegcc*)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;/^.*[ ]__nm__/s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ linux* | k*bsd*-gnu)
+ link_all_deplibs_CXX=no
+ ;;
+ *)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+ exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+with_gnu_ld_CXX=$with_gnu_ld
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_CXX" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_CXX=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_CXX in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_CXX
+ pic_flag=$lt_prog_compiler_pic_CXX
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
+ allow_undefined_flag_CXX=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+ (eval $archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ archive_cmds_need_lc_CXX=no
+ else
+ archive_cmds_need_lc_CXX=yes
+ fi
+ allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc_CXX" >&5
+$as_echo "$archive_cmds_need_lc_CXX" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[4-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[3-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl_CXX\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec_CXX\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+ shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action_CXX=
+if test -n "$hardcode_libdir_flag_spec_CXX" ||
+ test -n "$runpath_var_CXX" ||
+ test "X$hardcode_automatic_CXX" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$hardcode_direct_CXX" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
+ test "$hardcode_minus_L_CXX" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_CXX=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_CXX=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_CXX=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action_CXX" >&5
+$as_echo "$hardcode_action_CXX" >&6; }
+
+if test "$hardcode_action_CXX" = relink ||
+ test "$inherit_rpath_CXX" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+
+
+
+
+
+ fi # test -n "$compiler"
+
+ CC=$lt_save_CC
+ LDCXX=$LD
+ LD=$lt_save_LD
+ GCC=$lt_save_GCC
+ with_gnu_ld=$lt_save_with_gnu_ld
+ lt_cv_path_LDCXX=$lt_cv_path_LD
+ lt_cv_path_LD=$lt_save_path_LD
+ lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+ lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test "$_lt_caught_CXX_error" != yes
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+
+#gl_INIT
+
+#AC_ARG_ENABLE([gcc-warnings],
+# [AS_HELP_STRING([--enable-gcc-warnings],
+# [turn on lots of GCC warnings (for developers)])],
+# [case $enableval in
+# yes|no) ;;
+# *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
+# esac
+# gl_gcc_warnings=$enableval],
+# [gl_gcc_warnings=no]
+#)
+
+#if test "$gl_gcc_warnings" = yes; then
+# gl_WARN_ADD([-Werror], [WERROR_CFLAGS])
+# gl_WARN_ADD([-Wframe-larger-than=5120], [WSTACK_CFLAGS])
+#
+# nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings
+# nw="$nw -Wc++-compat" # We don't care about C++ compilers
+# nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib
+# nw="$nw -Wtraditional" # Warns on #elif which we use often
+# nw="$nw -Wlogical-op" # Too many false positives
+# nw="$nw -Wold-style-definition" #
+# nw="$nw -Wpadded" # Our structs are not padded
+# nw="$nw -Wunreachable-code" # Too many false positives
+# nw="$nw -Wtraditional-conversion" # Too many warnings for now
+# nw="$nw -Wcast-qual" # Too many warnings for now
+# nw="$nw -Waggregate-return" # Too many warnings for now
+# nw="$nw -Wshadow" # Too many warnings for now
+# nw="$nw -Wswitch-default" # Too many warnings for now
+# nw="$nw -Wswitch-enum" # Too many warnings for now
+# nw="$nw -Wconversion" # Too many warnings for now
+# nw="$nw -Wsign-conversion" # Too many warnings for now
+# nw="$nw -Wformat-y2k" # Too many warnings for now
+# nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays
+# nw="$nw -Wformat-nonliteral" # Incompatible with gettext _()
+# nw="$nw -Wunsafe-loop-optimizations"
+# nw="$nw -Wstrict-overflow"
+# nw="$nw -Wmissing-noreturn"
+#
+# gl_MANYWARN_ALL_GCC([ws])
+# gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
+# for w in $ws; do
+# gl_WARN_ADD([$w])
+# done
+#
+# gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
+# gl_WARN_ADD([-Wno-sign-compare]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-pointer-sign]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-stack-protector]) # Some functions cannot be protected
+# gl_WARN_ADD([-Wno-int-to-pointer-cast]) # Some files cannot be compiled with that (gl_fd_to_handle)
+# gl_WARN_ADD([-fdiagnostics-show-option])
+#fi
+
+# Export things for */configure.ac.
+export WERROR_CFLAGS
+export WSTACK_CFLAGS
+export WARN_CFLAGS
+export use_cxx
+
+
+$as_echo "#define GNUTLS_COMPAT_H 1" >>confdefs.h
+
+
+
+
+subdirs="$subdirs lib"
+
+#AC_CONFIG_SUBDIRS([libextra])
+
+#AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
+ac_config_files="$ac_config_files Makefile"
+
+
+# doc/Makefile
+# doc/credentials/Makefile
+# doc/credentials/openpgp/Makefile
+# doc/credentials/srp/Makefile
+# doc/credentials/x509/Makefile
+# doc/cyclo/Makefile
+# doc/doxygen/Doxyfile
+# doc/examples/Makefile
+# doc/manpages/Makefile
+# doc/reference/Makefile
+# doc/scripts/Makefile
+# gl/Makefile
+# gl/tests/Makefile
+# guile/Makefile
+# guile/modules/Makefile
+# guile/src/Makefile
+# guile/tests/Makefile
+# src/Makefile
+# src/cfg/Makefile
+# src/cfg/platon/Makefile
+# src/cfg/platon/str/Makefile
+# tests/Makefile
+# tests/key-id/Makefile
+# tests/dsa/Makefile
+# tests/openpgp-certs/Makefile
+# tests/safe-renegotiation/Makefile
+# tests/pathlen/Makefile
+# tests/pkcs1-padding/Makefile
+# tests/pkcs12-decode/Makefile
+# tests/pkcs8-decode/Makefile
+# tests/rsa-md5-collision/Makefile
+# tests/sha2/Makefile
+# tests/userid/Makefile
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ test "x$cache_file" != "x/dev/null" &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ cat confcache >$cache_file
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+ am__EXEEXT_TRUE=
+ am__EXEEXT_FALSE='#'
+else
+ am__EXEEXT_TRUE='#'
+ am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+ as_fn_error $? "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_GTK_DOC_TRUE}" && test -z "${ENABLE_GTK_DOC_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_GTK_DOC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GTK_DOC_BUILD_HTML_TRUE}" && test -z "${GTK_DOC_BUILD_HTML_FALSE}"; then
+ as_fn_error $? "conditional \"GTK_DOC_BUILD_HTML\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GTK_DOC_BUILD_PDF_TRUE}" && test -z "${GTK_DOC_BUILD_PDF_FALSE}"; then
+ as_fn_error $? "conditional \"GTK_DOC_BUILD_PDF\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GTK_DOC_USE_LIBTOOL_TRUE}" && test -z "${GTK_DOC_USE_LIBTOOL_FALSE}"; then
+ as_fn_error $? "conditional \"GTK_DOC_USE_LIBTOOL\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${GTK_DOC_USE_REBASE_TRUE}" && test -z "${GTK_DOC_USE_REBASE_FALSE}"; then
+ as_fn_error $? "conditional \"GTK_DOC_USE_REBASE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_CXX_TRUE}" && test -z "${ENABLE_CXX_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_CXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_NETTLE_TRUE}" && test -z "${ENABLE_NETTLE_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_NETTLE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_MINITASN1_TRUE}" && test -z "${ENABLE_MINITASN1_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_MINITASN1\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_LOCAL_PAKCHOIS_TRUE}" && test -z "${ENABLE_LOCAL_PAKCHOIS_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_LOCAL_PAKCHOIS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_LZO_TRUE}" && test -z "${USE_LZO_FALSE}"; then
+ as_fn_error $? "conditional \"USE_LZO\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_OPRFI_TRUE}" && test -z "${ENABLE_OPRFI_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_OPRFI\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_SRP_TRUE}" && test -z "${ENABLE_SRP_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_SRP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_PSK_TRUE}" && test -z "${ENABLE_PSK_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_PSK\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_ANON_TRUE}" && test -z "${ENABLE_ANON_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_ANON\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_PKI_TRUE}" && test -z "${ENABLE_PKI_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_PKI\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_OPENPGP_TRUE}" && test -z "${ENABLE_OPENPGP_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_OPENPGP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_SESSION_TICKET_TRUE}" && test -z "${ENABLE_SESSION_TICKET_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_SESSION_TICKET\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_FORK_TRUE}" && test -z "${HAVE_FORK_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_FORK\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_GUILE_TRUE}" && test -z "${HAVE_GUILE_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_GUILE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_GCC_GNU89_INLINE_OPTION_TRUE}" && test -z "${HAVE_GCC_GNU89_INLINE_OPTION_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_GCC_GNU89_INLINE_OPTION\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_GCC_TRUE}" && test -z "${HAVE_GCC_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_GCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HAVE_LIBCFG_TRUE}" && test -z "${HAVE_LIBCFG_FALSE}"; then
+ as_fn_error $? "conditional \"HAVE_LIBCFG\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by GnuTLS $as_me 2.12.0, which was
+generated by GNU Autoconf 2.67. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-gnutls@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+GnuTLS config.status 2.12.0
+configured by $0, generated by GNU Autoconf 2.67,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
+enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
+host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
+host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
+host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
+build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
+build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
+build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
+SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
+Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
+GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
+EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
+FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
+LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
+NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
+LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
+exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
+AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
+GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
+SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
+ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
+need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
+LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
+libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
+version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
+striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_dirs='`$ECHO "X$compiler_lib_search_dirs" | $Xsed -e "$delay_single_quote_subst"`'
+predep_objects='`$ECHO "X$predep_objects" | $Xsed -e "$delay_single_quote_subst"`'
+postdep_objects='`$ECHO "X$postdep_objects" | $Xsed -e "$delay_single_quote_subst"`'
+predeps='`$ECHO "X$predeps" | $Xsed -e "$delay_single_quote_subst"`'
+postdeps='`$ECHO "X$postdeps" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_path='`$ECHO "X$compiler_lib_search_path" | $Xsed -e "$delay_single_quote_subst"`'
+LD_CXX='`$ECHO "X$LD_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds_CXX='`$ECHO "X$old_archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_CXX='`$ECHO "X$compiler_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+GCC_CXX='`$ECHO "X$GCC_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag_CXX='`$ECHO "X$lt_prog_compiler_no_builtin_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl_CXX='`$ECHO "X$lt_prog_compiler_wl_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic_CXX='`$ECHO "X$lt_prog_compiler_pic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static_CXX='`$ECHO "X$lt_prog_compiler_static_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o_CXX='`$ECHO "X$lt_cv_prog_compiler_c_o_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc_CXX='`$ECHO "X$archive_cmds_need_lc_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes_CXX='`$ECHO "X$enable_shared_with_static_runtimes_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec_CXX='`$ECHO "X$export_dynamic_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec_CXX='`$ECHO "X$whole_archive_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object_CXX='`$ECHO "X$compiler_needs_object_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds_CXX='`$ECHO "X$old_archive_from_new_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds_CXX='`$ECHO "X$old_archive_from_expsyms_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_CXX='`$ECHO "X$archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds_CXX='`$ECHO "X$archive_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds_CXX='`$ECHO "X$module_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds_CXX='`$ECHO "X$module_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld_CXX='`$ECHO "X$with_gnu_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag_CXX='`$ECHO "X$allow_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag_CXX='`$ECHO "X$no_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_CXX='`$ECHO "X$hardcode_libdir_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld_CXX='`$ECHO "X$hardcode_libdir_flag_spec_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator_CXX='`$ECHO "X$hardcode_libdir_separator_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_CXX='`$ECHO "X$hardcode_direct_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute_CXX='`$ECHO "X$hardcode_direct_absolute_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L_CXX='`$ECHO "X$hardcode_minus_L_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var_CXX='`$ECHO "X$hardcode_shlibpath_var_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic_CXX='`$ECHO "X$hardcode_automatic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath_CXX='`$ECHO "X$inherit_rpath_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs_CXX='`$ECHO "X$link_all_deplibs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path_CXX='`$ECHO "X$fix_srcfile_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols_CXX='`$ECHO "X$always_export_symbols_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds_CXX='`$ECHO "X$export_symbols_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms_CXX='`$ECHO "X$exclude_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms_CXX='`$ECHO "X$include_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds_CXX='`$ECHO "X$prelink_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec_CXX='`$ECHO "X$file_list_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action_CXX='`$ECHO "X$hardcode_action_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_dirs_CXX='`$ECHO "X$compiler_lib_search_dirs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+predep_objects_CXX='`$ECHO "X$predep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+postdep_objects_CXX='`$ECHO "X$postdep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+predeps_CXX='`$ECHO "X$predeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+postdeps_CXX='`$ECHO "X$postdeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_path_CXX='`$ECHO "X$compiler_lib_search_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+AR \
+AR_FLAGS \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+SHELL \
+ECHO \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_wl \
+lt_prog_compiler_pic \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_flag_spec_ld \
+hardcode_libdir_separator \
+fix_srcfile_path \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+finish_eval \
+old_striplib \
+striplib \
+compiler_lib_search_dirs \
+predep_objects \
+postdep_objects \
+predeps \
+postdeps \
+compiler_lib_search_path \
+LD_CXX \
+compiler_CXX \
+lt_prog_compiler_no_builtin_flag_CXX \
+lt_prog_compiler_wl_CXX \
+lt_prog_compiler_pic_CXX \
+lt_prog_compiler_static_CXX \
+lt_cv_prog_compiler_c_o_CXX \
+export_dynamic_flag_spec_CXX \
+whole_archive_flag_spec_CXX \
+compiler_needs_object_CXX \
+with_gnu_ld_CXX \
+allow_undefined_flag_CXX \
+no_undefined_flag_CXX \
+hardcode_libdir_flag_spec_CXX \
+hardcode_libdir_flag_spec_ld_CXX \
+hardcode_libdir_separator_CXX \
+fix_srcfile_path_CXX \
+exclude_expsyms_CXX \
+include_expsyms_CXX \
+file_list_spec_CXX \
+compiler_lib_search_dirs_CXX \
+predep_objects_CXX \
+postdep_objects_CXX \
+predeps_CXX \
+postdeps_CXX \
+compiler_lib_search_path_CXX; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+sys_lib_dlsearch_path_spec \
+old_archive_cmds_CXX \
+old_archive_from_new_cmds_CXX \
+old_archive_from_expsyms_cmds_CXX \
+archive_cmds_CXX \
+archive_expsym_cmds_CXX \
+module_cmds_CXX \
+module_expsym_cmds_CXX \
+export_symbols_cmds_CXX \
+prelink_cmds_CXX; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
+ ;;
+esac
+
+ac_aux_dir='$ac_aux_dir'
+xsi_shell='$xsi_shell'
+lt_shell_append='$lt_shell_append'
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ TIMESTAMP='$TIMESTAMP'
+ RM='$RM'
+ ofile='$ofile'
+
+
+
+
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp=
+ trap 'exit_status=$?
+ { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -n "$tmp" && test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = "\a"
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_t"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = "\a"
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+ ac_MKDIR_P=$MKDIR_P
+ case $MKDIR_P in
+ [\\/$]* | ?:[\\/]* ) ;;
+ */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$tmp/stdin"
+ case $ac_file in
+ -) cat "$tmp/out" && rm -f "$tmp/out";;
+ *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+ } >"$tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
+ fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$_am_arg" : 'X\(//\)[^/]' \| \
+ X"$_am_arg" : 'X\(//\)$' \| \
+ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+
+ :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+ esac
+
+
+ case $ac_file$ac_mode in
+ "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$mf" : 'X\(//\)[^/]' \| \
+ X"$mf" : 'X\(//\)$' \| \
+ X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$file" : 'X\(//\)[^/]' \| \
+ X"$file" : 'X\(//\)$' \| \
+ X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir=$dirpart/$fdir; as_fn_mkdir_p
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+ ;;
+ "libtool":C)
+
+ # See if we are running on zsh, and set the options which allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile="${ofile}T"
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags="CXX "
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that does not interpret backslashes.
+ECHO=$lt_ECHO
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking. This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects
+postdep_objects=$lt_postdep_objects
+predeps=$lt_predeps
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ case $xsi_shell in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=${1%%=*}
+ func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=$(( $* ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=${#1}
+}
+
+_LT_EOF
+ ;;
+ *) # Bourne compatible functions.
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+ esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[^=]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+ func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "$@"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1+=\$2"
+}
+_LT_EOF
+ ;;
+ *)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1=\$$1\$2"
+}
+
+_LT_EOF
+ ;;
+ esac
+
+
+ sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+
+ cat <<_LT_EOF >> "$ofile"
+
+# ### BEGIN LIBTOOL TAG CONFIG: CXX
+
+# The linker used to build libraries.
+LD=$lt_LD_CXX
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds_CXX
+
+# A language specific compiler.
+CC=$lt_compiler_CXX
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC_CXX
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_CXX
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_CXX
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_CXX
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_CXX
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object_CXX
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds_CXX
+archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds_CXX
+module_expsym_cmds=$lt_module_expsym_cmds_CXX
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld_CXX
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_CXX
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_CXX
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking. This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct_CXX
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute_CXX
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L_CXX
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic_CXX
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath_CXX
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_CXX
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path_CXX
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols_CXX
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_CXX
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_CXX
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_CXX
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds_CXX
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec_CXX
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_CXX
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects_CXX
+postdep_objects=$lt_postdep_objects_CXX
+predeps=$lt_predeps_CXX
+postdeps=$lt_postdeps_CXX
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
+
+# ### END LIBTOOL TAG CONFIG: CXX
+_LT_EOF
+
+ ;;
+
+ esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit 1
+fi
+
+#
+# CONFIG_SUBDIRS section.
+#
+if test "$no_recursion" != yes; then
+
+ # Remove --cache-file, --srcdir, and --disable-option-checking arguments
+ # so they do not pile up.
+ ac_sub_configure_args=
+ ac_prev=
+ eval "set x $ac_configure_args"
+ shift
+ for ac_arg
+ do
+ if test -n "$ac_prev"; then
+ ac_prev=
+ continue
+ fi
+ case $ac_arg in
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* \
+ | --c=*)
+ ;;
+ --config-cache | -C)
+ ;;
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ ;;
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ ;;
+ --disable-option-checking)
+ ;;
+ *)
+ case $ac_arg in
+ *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append ac_sub_configure_args " '$ac_arg'" ;;
+ esac
+ done
+
+ # Always prepend --prefix to ensure using the same prefix
+ # in subdir configurations.
+ ac_arg="--prefix=$prefix"
+ case $ac_arg in
+ *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ ac_sub_configure_args="'$ac_arg' $ac_sub_configure_args"
+
+ # Pass --silent
+ if test "$silent" = yes; then
+ ac_sub_configure_args="--silent $ac_sub_configure_args"
+ fi
+
+ # Always prepend --disable-option-checking to silence warnings, since
+ # different subdirs can have different --enable and --with options.
+ ac_sub_configure_args="--disable-option-checking $ac_sub_configure_args"
+
+ ac_popdir=`pwd`
+ for ac_dir in : $subdirs; do test "x$ac_dir" = x: && continue
+
+ # Do not complain, so a configure script can configure whichever
+ # parts of a large source tree are present.
+ test -d "$srcdir/$ac_dir" || continue
+
+ ac_msg="=== configuring in $ac_dir (`pwd`/$ac_dir)"
+ $as_echo "$as_me:${as_lineno-$LINENO}: $ac_msg" >&5
+ $as_echo "$ac_msg" >&6
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ cd "$ac_dir"
+
+ # Check for guested configure; otherwise get Cygnus style configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ ac_sub_configure=$ac_srcdir/configure.gnu
+ elif test -f "$ac_srcdir/configure"; then
+ ac_sub_configure=$ac_srcdir/configure
+ elif test -f "$ac_srcdir/configure.in"; then
+ # This should be Cygnus configure.
+ ac_sub_configure=$ac_aux_dir/configure
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: no configuration information is in $ac_dir" >&5
+$as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2;}
+ ac_sub_configure=
+ fi
+
+ # The recursion is here.
+ if test -n "$ac_sub_configure"; then
+ # Make the cache file name correct relative to the subdirectory.
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) ac_sub_cache_file=$cache_file ;;
+ *) # Relative name.
+ ac_sub_cache_file=$ac_top_build_prefix$cache_file ;;
+ esac
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&5
+$as_echo "$as_me: running $SHELL $ac_sub_configure $ac_sub_configure_args --cache-file=$ac_sub_cache_file --srcdir=$ac_srcdir" >&6;}
+ # The eval makes quoting arguments work.
+ eval "\$SHELL \"\$ac_sub_configure\" $ac_sub_configure_args \
+ --cache-file=\"\$ac_sub_cache_file\" --srcdir=\"\$ac_srcdir\"" ||
+ as_fn_error $? "$ac_sub_configure failed for $ac_dir" "$LINENO" 5
+ fi
+
+ cd "$ac_popdir"
+ done
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: summary of build options:
+
+ version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
+ Host type: ${host}
+ Install prefix: ${prefix}
+ Compiler: ${CC}
+ Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
+ Library types: Shared=${enable_shared}, Static=${enable_static}
+ Valgrind: $opt_valgrind_tests ${VALGRIND}
+ Guile wrappers: $opt_guile_bindings
+ C++ library: $use_cxx
+ OpenSSL library: $enable_openssl
+ /dev/crypto: $enable_cryptodev
+ Crypto library: $cryptolib
+" >&5
+$as_echo "$as_me: summary of build options:
+
+ version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
+ Host type: ${host}
+ Install prefix: ${prefix}
+ Compiler: ${CC}
+ Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
+ Library types: Shared=${enable_shared}, Static=${enable_static}
+ Valgrind: $opt_valgrind_tests ${VALGRIND}
+ Guile wrappers: $opt_guile_bindings
+ C++ library: $use_cxx
+ OpenSSL library: $enable_openssl
+ /dev/crypto: $enable_cryptodev
+ Crypto library: $cryptolib
+" >&6;}
--- /dev/null
+dnl Process this file with autoconf to produce a configure script.
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2009, 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos, Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
+# USA
+
+AC_PREREQ(2.61)
+AC_INIT([GnuTLS], [2.12.0], [bug-gnutls@gnu.org])
+#AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_MACRO_DIR([m4])
+
+AM_INIT_AUTOMAKE([1.10 no-dist-gzip dist-bzip2 -Wall -Werror -Wno-override])
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+AM_CONFIG_HEADER(config.h)
+
+AC_MSG_RESULT([***
+*** Checking for compilation programs...
+])
+
+dnl Checks for programs.
+AC_PROG_CC
+AC_PROG_LN_S
+GTK_DOC_CHECK(1.1)
+AC_PATH_PROG([GAA], [gaa])
+if test "x$GAA" = "x"; then
+ AC_MSG_WARN([[***
+*** GAA was not found. It is only needed if you wish to modify
+*** the source code or command-line description files. In this case,
+*** you may want to get it from http://gaa.sourceforge.net/ and
+*** read doc/README.gaa.
+***]])
+fi
+
+gl_EARLY
+AC_C_INLINE
+
+# For the C++ code
+AC_PROG_CXX
+AC_ARG_ENABLE(cxx,
+ AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]),
+ use_cxx=$enableval, use_cxx=yes)
+if test "$use_cxx" != "no"; then
+ AC_LANG_PUSH(C++)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no)
+ AC_LANG_POP(C++)
+fi
+AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
+
+LIBGNUTLS_HOOKS
+#LIBGNUTLS_EXTRA_HOOKS
+
+AC_HEADER_STDC
+AC_DEFINE([HAVE_STRINGS_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_FLOAT_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_LIMITS_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_MATH_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_CTYPE_H], 1, [Hard-code for src/cfg/.])
+AC_DEFINE([HAVE_ERRNO_H], 1, [Hard-code for src/cfg/.])
+
+# No fork on MinGW, disable some self-tests until we fix them.
+AC_CHECK_FUNCS(fork,,)
+AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no")
+
+AC_CHECK_TYPES(uint,,, [
+# include <sys/types.h>
+])
+
+# For Guile bindings.
+#opt_guile_bindings=yes
+opt_guile_bindings=no
+AC_MSG_CHECKING([whether building Guile bindings])
+AC_ARG_ENABLE(guile,
+ AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]),
+opt_guile_bindings=$enableval)
+AC_MSG_RESULT($opt_guile_bindings)
+
+AC_ARG_WITH([--with-guile-site-dir],
+ [AS_HELP_STRING([--with-guile-site-dir],
+ [use the given directory as the Guile site (use with care)])])
+
+if test "$opt_guile_bindings" = "yes"; then
+ AC_MSG_RESULT([***
+*** Detecting GNU Guile...
+])
+
+ AC_PATH_PROG([guile_snarf], [guile-snarf])
+ if test "x$guile_snarf" = "x"; then
+ AC_MSG_WARN([`guile-snarf' from Guile 1.8 not found. Guile bindings not built.])
+ opt_guile_bindings=no
+ else
+ GUILE_PROGS
+ GUILE_FLAGS
+
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ CFLAGS="$CFLAGS $GUILE_CFLAGS"
+ LIBS="$LIBS $GUILE_LDFLAGS"
+ AC_MSG_CHECKING([whether GNU Guile is recent enough])
+ AC_LINK_IFELSE(AC_LANG_CALL([], [scm_from_locale_string]),
+ [], [opt_guile_bindings=no])
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+
+ if test "$opt_guile_bindings" = "yes"; then
+ AC_MSG_RESULT([yes])
+ case "x$with_guile_site_dir" in
+ xno)
+ # Use the default $(GUILE_SITE).
+ GUILE_SITE_DIR
+ ;;
+ x|xyes)
+ # Automatically derive $(GUILE_SITE) from $(pkgdatadir). This
+ # hack is used to allow `distcheck' to work (see
+ # `DISTCHECK_CONFIGURE_FLAGS' in the top-level `Makefile.am').
+ GUILE_SITE="\$(datadir)/guile/site"
+ AC_SUBST(GUILE_SITE)
+ ;;
+ *)
+ # Use the user-specified directory as $(GUILE_SITE).
+ GUILE_SITE="$with_guile_site_dir"
+ AC_SUBST(GUILE_SITE)
+ ;;
+ esac
+ AC_MSG_CHECKING([whether gcc supports -fgnu89-inline])
+ _gcc_cflags_save="$CFLAGS"
+ CFLAGS="${CFLAGS} -fgnu89-inline"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+ gnu89_inline=yes, gnu89_inline=no)
+ AC_MSG_RESULT($gnu89_inline)
+ CFLAGS="$_gcc_cflags_save"
+
+ # Optional Guile functions.
+ save_CFLAGS="$CFLAGS"
+ save_LIBS="$LIBS"
+ CFLAGS="$CFLAGS $GUILE_CFLAGS"
+ LIBS="$LIBS $GUILE_LDFLAGS"
+ AC_CHECK_FUNCS([scm_gc_malloc_pointerless])
+ CFLAGS="$save_CFLAGS"
+ LIBS="$save_LIBS"
+ else
+ AC_MSG_RESULT([no])
+ AC_MSG_WARN([A sufficiently recent GNU Guile not found. Guile bindings not built.])
+ opt_guile_bindings=no
+ fi
+ fi
+fi
+AM_CONDITIONAL(HAVE_GUILE, test "$opt_guile_bindings" = "yes")
+AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"])
+AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes")
+
+dnl Check for libcfg+
+
+SAVED_LIBS=$LIBS
+AC_ARG_WITH(included-libcfg,
+ AS_HELP_STRING([--with-included-libcfg],
+ [use the included libcfg+ (certtool only)]),
+ libcfg_enabled=$withval,
+ libcfg_enabled=no
+dnl We search for libcfg+ which is used by certtool
+dnl
+ AC_CHECK_LIB(cfg+, cfg_get_context,:,
+ libcfg_enabled=yes
+ AC_MSG_WARN([[
+***
+*** Libcfg+ was not found. Will use the included one.]])))
+
+AM_CONDITIONAL(HAVE_LIBCFG, test "$libcfg_enabled" = "no")
+LIBS=$SAVED_LIBS
+
+AC_MSG_CHECKING([whether to use the included libcfg])
+AC_MSG_RESULT($libcfg_enabled)
+
+#AC_LIBTOOL_WIN32_DLL
+AC_PROG_LIBTOOL
+
+#gl_INIT
+
+#AC_ARG_ENABLE([gcc-warnings],
+# [AS_HELP_STRING([--enable-gcc-warnings],
+# [turn on lots of GCC warnings (for developers)])],
+# [case $enableval in
+# yes|no) ;;
+# *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;;
+# esac
+# gl_gcc_warnings=$enableval],
+# [gl_gcc_warnings=no]
+#)
+
+#if test "$gl_gcc_warnings" = yes; then
+# gl_WARN_ADD([-Werror], [WERROR_CFLAGS])
+# gl_WARN_ADD([-Wframe-larger-than=5120], [WSTACK_CFLAGS])
+#
+# nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings
+# nw="$nw -Wc++-compat" # We don't care about C++ compilers
+# nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib
+# nw="$nw -Wtraditional" # Warns on #elif which we use often
+# nw="$nw -Wlogical-op" # Too many false positives
+# nw="$nw -Wold-style-definition" #
+# nw="$nw -Wpadded" # Our structs are not padded
+# nw="$nw -Wunreachable-code" # Too many false positives
+# nw="$nw -Wtraditional-conversion" # Too many warnings for now
+# nw="$nw -Wcast-qual" # Too many warnings for now
+# nw="$nw -Waggregate-return" # Too many warnings for now
+# nw="$nw -Wshadow" # Too many warnings for now
+# nw="$nw -Wswitch-default" # Too many warnings for now
+# nw="$nw -Wswitch-enum" # Too many warnings for now
+# nw="$nw -Wconversion" # Too many warnings for now
+# nw="$nw -Wsign-conversion" # Too many warnings for now
+# nw="$nw -Wformat-y2k" # Too many warnings for now
+# nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays
+# nw="$nw -Wformat-nonliteral" # Incompatible with gettext _()
+# nw="$nw -Wunsafe-loop-optimizations"
+# nw="$nw -Wstrict-overflow"
+# nw="$nw -Wmissing-noreturn"
+#
+# gl_MANYWARN_ALL_GCC([ws])
+# gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw])
+# for w in $ws; do
+# gl_WARN_ADD([$w])
+# done
+#
+# gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one
+# gl_WARN_ADD([-Wno-sign-compare]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-pointer-sign]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now
+# gl_WARN_ADD([-Wno-stack-protector]) # Some functions cannot be protected
+# gl_WARN_ADD([-Wno-int-to-pointer-cast]) # Some files cannot be compiled with that (gl_fd_to_handle)
+# gl_WARN_ADD([-fdiagnostics-show-option])
+#fi
+
+# Export things for */configure.ac.
+export WERROR_CFLAGS
+export WSTACK_CFLAGS
+export WARN_CFLAGS
+export use_cxx
+
+AC_DEFINE([GNUTLS_COMPAT_H], 1, [Make sure we don't use old features in code.])
+
+AC_CONFIG_SUBDIRS([lib])
+#AC_CONFIG_SUBDIRS([libextra])
+
+#AC_CONFIG_FILES([guile/pre-inst-guile], [chmod +x guile/pre-inst-guile])
+AC_CONFIG_FILES([
+ Makefile
+])
+
+# doc/Makefile
+# doc/credentials/Makefile
+# doc/credentials/openpgp/Makefile
+# doc/credentials/srp/Makefile
+# doc/credentials/x509/Makefile
+# doc/cyclo/Makefile
+# doc/doxygen/Doxyfile
+# doc/examples/Makefile
+# doc/manpages/Makefile
+# doc/reference/Makefile
+# doc/scripts/Makefile
+# gl/Makefile
+# gl/tests/Makefile
+# guile/Makefile
+# guile/modules/Makefile
+# guile/src/Makefile
+# guile/tests/Makefile
+# src/Makefile
+# src/cfg/Makefile
+# src/cfg/platon/Makefile
+# src/cfg/platon/str/Makefile
+# tests/Makefile
+# tests/key-id/Makefile
+# tests/dsa/Makefile
+# tests/openpgp-certs/Makefile
+# tests/safe-renegotiation/Makefile
+# tests/pathlen/Makefile
+# tests/pkcs1-padding/Makefile
+# tests/pkcs12-decode/Makefile
+# tests/pkcs8-decode/Makefile
+# tests/rsa-md5-collision/Makefile
+# tests/sha2/Makefile
+# tests/userid/Makefile
+
+AC_OUTPUT
+
+AC_MSG_NOTICE([summary of build options:
+
+ version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE
+ Host type: ${host}
+ Install prefix: ${prefix}
+ Compiler: ${CC}
+ Warning flags: errors: ${WERROR_CFLAGS} warnings: ${WARN_CFLAGS}
+ Library types: Shared=${enable_shared}, Static=${enable_static}
+ Valgrind: $opt_valgrind_tests ${VALGRIND}
+ Guile wrappers: $opt_guile_bindings
+ C++ library: $use_cxx
+ OpenSSL library: $enable_openssl
+ /dev/crypto: $enable_cryptodev
+ Crypto library: $cryptolib
+])
--- /dev/null
+Uses cdbs with simple-patchsys.mk.
+
+Patches in debian/patches (i.e. *diff *patch) are applied automatically in
+alphanumeric order.
+
+Use
+debian/rules apply-patches
+to see the patched source.
+
+See cdbs-edit-patch for a useful way to make modifications.
+
+
+----------------------------------------
+Rebuilding PDF documentation:
+
+apt-get install texlive-latex-base texlive-fonts-recommended \
+ texlive-generic-recommended
+
+make pdf
--- /dev/null
+gnutls26 (2.12.0-3) unstable; urgency=low
+
+ * Renamed tag
+ * Git: pkgs/l/libgnutls26
+ * Tag: gnutls26_2.12.0-3
+
+ -- Taeksu Shin <taeksu.shin@samsung.com> Thu, 15 Dec 2011 12:24:21 +0900
+
+gnutls26 (2.12.0-1tizen) unstable; urgency=low
+
+ * Ported to Tizen
+ * Git: pkgs/l/libgnutls26
+ * Tag: gnutls26_2.12.0-1tizen
+
+ -- Taeksu Shin <taeksu.shin@samsung.com> Wed, 07 Dec 2011 11:30:27 +0900
+
--- /dev/null
+Source: gnutls26
+Section: libs
+Priority: optional
+Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>, Dongwook Lee <dwmax.lee@samsung.com>, Taeksu Shin <taeksu.shin@samsung.com>
+Uploaders: Dongwook Lee <dwmax.lee@samsung.com>, Taeksu Shin <taeksu.shin@samsung.com>
+Build-Depends: debhelper (>= 7.0.14), libgcrypt11-dev (>= 1.4.0), zlib1g-dev,
+ cdbs (>= 0.4.53), gtk-doc-tools, texinfo (>= 4.8),
+ autotools-dev
+Build-Conflicts: libgnutls-dev
+Standards-Version: 3.9.1
+Vcs-Svn: svn://svn.debian.org/svn/pkg-gnutls/packages/gnutls26/trunk
+Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnutls/packages/gnutls26/trunk/
+Homepage: http://www.gnutls.org/
+
+Package: libgnutls-dev
+Priority: optional
+Section: libdevel
+Architecture: any
+Provides: gnutls-dev
+Depends: libgnutls26 (= ${binary:Version}),
+ libgcrypt11-dev (>= 1.4.0), libc6-dev | libc-dev, zlib1g-dev,
+ ${misc:Depends}
+Suggests: gnutls-doc, gnutls-bin, guile-gnutls
+Conflicts: libgnutls11-dev, gnutls-dev (<< 0.4.0-0), gnutls0.4-dev
+Replaces: libgnutls11-dev, gnutls-dev (<< 0.4.0-0), gnutls0.4-dev
+Description: the GNU TLS library - development files
+ GnuTLS is a portable library which implements the Transport Layer
+ Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols.
+ .
+ GnuTLS features support for:
+ - TLS extensions: server name indication, max record size, opaque PRF
+ input, etc.
+ - authentication using the SRP protocol.
+ - authentication using both X.509 certificates and OpenPGP keys.
+ - TLS Pre-Shared-Keys (PSK) extension.
+ - Inner Application (TLS/IA) extension.
+ - X.509 and OpenPGP certificate handling.
+ - X.509 Proxy Certificates (RFC 3820).
+ - all the strong encryption algorithms (including SHA-256/384/512 and
+ Camellia (RFC 4132)).
+ .
+ This package contains the GnuTLS development files.
+
+Package: libgnutls26
+Priority: standard
+Architecture: any
+Section: libs
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Replaces: gnutls0, gnutls3, gnutls0.4
+Conflicts: gnutls0, gnutls0.4
+# Bug 587755. - This could be removed after a libgnutls soname bump.
+Breaks: libsoup2.4-1 (<= 2.30.1-1), libsoup2.4-1 (= 2.31.2-1)
+Suggests: gnutls-bin
+Description: the GNU TLS library - runtime library
+ GnuTLS is a portable library which implements the Transport Layer
+ Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols.
+ .
+ GnuTLS features support for:
+ - TLS extensions: server name indication, max record size, opaque PRF
+ input, etc.
+ - authentication using the SRP protocol.
+ - authentication using both X.509 certificates and OpenPGP keys.
+ - TLS Pre-Shared-Keys (PSK) extension.
+ - Inner Application (TLS/IA) extension.
+ - X.509 and OpenPGP certificate handling.
+ - X.509 Proxy Certificates (RFC 3820).
+ - all the strong encryption algorithms (including SHA-256/384/512 and
+ Camellia (RFC 4132)).
+ .
+ This package contains the runtime libraries.
+
+Package: libgnutls26-dbg
+Priority: extra
+Architecture: any
+Section: debug
+Depends: libgnutls26 (= ${binary:Version}), ${misc:Depends}
+Conflicts: libgnutls13-dbg
+Description: GNU TLS library - debugger symbols
+ GnuTLS is a portable library which implements the Transport Layer
+ Security (TLS 1.0, 1.1, 1.2) and Secure Sockets Layer (SSL) 3.0 protocols.
+ .
+ This package contains the debugger symbols.
+
--- /dev/null
+This package was debianized by Ivo Timmermans <ivo@debian.org> on
+Fri, 3 Aug 2001 10:00:42 +0200.
+It was later taken over by Matthias Urlichs <smurf@debian.org> and is now
+maintained by Andreas Metzler <ametzler@debian.org> Eric Dorland
+<eric@debian.org>, James Westby <jw+debian@jameswestby.net>
+
+
+It was downloaded from ftp://gnutls.hellug.gr/pub/gnutls
+
+Upstream Authors:
+ Nikos Mavroyanopoulos <nmav@gnutls.org>
+ Fabio Fiorina <Fabio.Fiorina@alcatel.it>
+ Simon Josefsson <jas@gnutls.org>
+ Timo Schulz <twoaday@freakmail.de>
+ Andrew McDonald <andrew@mcdonald.org.uk>
+ Ludovic Courtes <ludovic.courtes@laas.fr>
+ Mario Lenz <m@riolenz.de>
+ Howard Chu <hyc@symas.com>
+ Ivo Timmermans <ivo@o2w.nl>
+ Stefan Walter <stef@memberwebs.com>
+ Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp>
+ Emile Van Bergen <emile@e-advies.nl>
+ Joe Orton <jorton@redhat.com>
+ Daniel Kahn Gillmor <dkg-debian.org@fifthhorseman.net>
+ David Marín Carreño <davefx@gmail.com>
+ Daiki Ueno <ueno@unixuser.org>
+ Brad Hards <bradh@frogmouth.net>
+ Boyan Kasarov <bkasarov@gmail.com>
+ Steve Dispensa <dispensa@phonefactor.com>
+ Jonathan Bastien-Filiatrault <joe@x2a.org>
+
+
+License: The main library is licensed under GNU Lesser General Public
+License (LGPL) version 2.1+, Gnutls Extra (i.e. openssl wrapper library,
+and library for code for "GnuTLS Inner Application" support) build system,
+testsuite and commandline utilities are licenced under the GNU General
+Public License version 3+. The Guile bindings use the same license as the
+respective underlying library, i.e. LGPLv2.1+ for the main library and
+GPLv3+ for Gnutls extra.
+
+Copyright:
+--------------------
+ * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+ * 2010 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+--------------------
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS-EXTRA.
+ *
+ * GnuTLS-extra is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation; either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * GnuTLS-extra is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS-EXTRA; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+--------------------
+
+The documentation is distributed under the terms of the GNU Free
+Documentation License (FDL):
+--------------------
+Copyright @copyright{} 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+
+@quotation
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the GNU Free Documentation License, Version 1.3 or
+any later version published by the Free Software Foundation; with no
+Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
+copy of the license is included in the section entitled ``GNU Free
+Documentation License''.
+@end quotation
+--------------------
+
+On Debian GNU/Linux systems, the complete text of the latest version of the GNU
+Lesser General Public License can be found in `/usr/share/common-licenses/LGPL'
+v2.1 of the license in `/usr/share/common-licenses/LGPL-2.1'; the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'. The GNU Free
+Documentation License is available under /usr/share/common-licenses/GFDL-1.3.
+
+
+
+Excerpt from upstream's README:
+LICENSE ISSUES
+--------------
+
+Since the 0.4.2 version the gnutls library is covered under the GNU
+Lesser GPL. Previously released versions were licensed under the GNU
+GPL.
+
+We changed the license for most of GNUTLS because other free libraries
+already exist that do the same jobs and have lax licenses. We want
+GNUTLS to be usable in all the same places as those other libraries.
+We kept some parts of GNUTLS under the GPL because they are unique,
+and with the GPL they provide free software projects (which deserve
+our help) an advantage over non-free projects (which do not deserve
+our help, since they refuse to share with us). For more explanation,
+see http://www.gnu.org/philosophy/why-not-lgpl.html.
+
+The GNU Lesser GPL license applies to the main gnutls library, while
+the gnutls-extra library is under the GPL. The gnutls-extra library
+contains the code for "GnuTLS Inner Application" support and the
+OpenSSL compatibility layer. The gnutls library is located in the
+lib/ directory, while the gnutls-extra library is at libextra/.
+
+=========== Foreign code included in tarball ==================
+
+/lib/pakchois/ includes a modified copy of the PaKChoiS library.
+The original library was downloaded from
+http://www.manyfish.co.uk/pakchois/ and is also licensed under
+LGPLv2.1+.
+
+Copyright:
+/*
+ pakchois PKCS#11 interface -- error mapping
+ Copyright (C) 2008, Joe Orton <joe@manyfish.co.uk>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ MA 02111-1307, USA
+*/
+
+/*
+ This code is directly derived from the scute.org PKCS#11 cryptoki
+ interface, which is:
+
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.
+*/
+
--- /dev/null
+libgnutls-config is patched to only list stuff needed for dynamic
+linking against libgnutls (i.e. "-lgnutls") on Debian. Static linking
+requires using either
+
+a) libtool
+b) "pkg-config --libs --static gnutls" instead of libgnutls-config --libs.
+
+This also applies to libgnutls-extra-config.
+
+Andreas Metzler
--- /dev/null
+debian/tmp/usr/include/* usr/include
+debian/tmp/usr/lib/libgnutls*.so usr/lib
+debian/tmp/usr/lib/libgnutls*.a usr/lib
+debian/tmp/usr/lib/libgnutls.la usr/lib
+#Don't install extra library.
+#debian/tmp/usr/lib/libgnutls-*.la usr/lib
+debian/tmp/usr/lib/pkgconfig/gnutls.pc usr/lib/pkgconfig
+#debian/tmp/usr/lib/pkgconfig/gnutls-extra.pc usr/lib/pkgconfig
--- /dev/null
+gnutls26 (2.6.6-1) unstable; urgency=high
+
+ libgnutls: Check expiration/activation time on untrusted certificates.
+ Before the library did not check activation/expiration times on
+ certificates, and was documented as not doing so. We have realized that
+ many applications that use libgnutls, including gnutls-cli, fail to
+ perform proper checks. Implementing similar logic in all applications
+ leads to code duplication. Hence, we decided to check whether the
+ current time (as reported by the time function) is within the
+ activation/expiration period of certificates when verifying untrusted
+ certificates.
+
+ This changes the semantics of gnutls_x509_crt_list_verify, which in
+ turn is used by gnutls_certificate_verify_peers and
+ gnutls_certificate_verify_peers2. We add two new
+ gnutls_certificate_status_t codes for reporting the new error
+ condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also
+ add a new gnutls_certificate_verify_flags flag,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new
+ behaviour.
+ GNUTLS-SA-2009-3 CVE-2009-1417
+ http://www.gnu.org/software/gnutls/security.html
+
+ -- Andreas Metzler <ametzler@debian.org> Thu, 30 Apr 2009 19:00:21 +0200
+
+gnutls26 (2.4.2-5) unstable; urgency=medium
+
+ * The gnutls certificate verification code has been changed to stop
+ trusting some weak algoritms. Verifying untrusted X.509 certificates
+ signed with RSA-MD2 or RSA-MD5 will now fail with a
+ GNUTLS_CERT_INSECURE_ALGORITHM verification output.
+
+ See <http://www.win.tue.nl/hashclash/rogue-ca/>,
+ <http://bugs.debian.org/514578> and
+ <http://www.gnu.org/software/gnutls/manual/gnutls.html#Digital-signatures>
+
+ "certtool -i < signature.pem" will inform about the algoritm used for
+ signing (Search for "Signature Algorithm" in its output.). The proper
+ fix is to re-issue the certificates with a more secure algoritm. As a
+ hotfix the respective certicate itself can be added to the list of
+ trusted certificates. Obviously this should only be done after
+ verifying the certificate by different means than relying on the weak
+ signature.
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 07 Feb 2009 12:58:51 +0100
--- /dev/null
+debian/tmp/usr/lib/libgnutls.so.* usr/lib
+#Don't install extra library.
+#debian/tmp/usr/lib/libgnutls-e*.so.* usr/lib
+debian/tmp/usr/share/locale/* /usr/share/locale
--- /dev/null
+diff -NurbB gnutls-2.7.10.orig/lib/po/Makevars gnutls-2.7.10/lib/po/Makevars
+--- gnutls-2.7.10.orig/lib/po/Makevars 2009-05-11 18:15:43.000000000 +0200
++++ gnutls-2.7.10/lib/po/Makevars 2009-05-14 19:29:24.000000000 +0200
+@@ -1,7 +1,7 @@
+ # Makefile variables for PO directory in any package using GNU gettext.
+
+ # Usually the message domain is the same as the package name.
+-DOMAIN = $(PACKAGE)
++DOMAIN = $(PACKAGE)26
+
+ # These two variables depend on the location of this directory.
+ subdir = po
--- /dev/null
+diff -NurBbp gnutls-2.8.6.orig/configure gnutls-2.8.6/configure
+--- gnutls-2.8.6.orig/configure 2010-03-15 11:29:16.000000000 +0100
++++ gnutls-2.8.6/configure 2010-03-20 16:01:07.000000000 +0100
+@@ -7026,7 +7026,7 @@ fi
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+- names_next_round='gcrypt gpg-error'
++ names_next_round='gcrypt'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+diff -NurBbp gnutls-2.8.6.orig/lib/configure gnutls-2.8.6/lib/configure
+--- gnutls-2.8.6.orig/lib/configure 2010-03-15 11:28:38.000000000 +0100
++++ gnutls-2.8.6/lib/configure 2010-03-20 16:00:59.000000000 +0100
+@@ -12102,7 +12102,7 @@ fi
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+- names_next_round='gcrypt gpg-error'
++ names_next_round='gcrypt'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+diff -NurBbp gnutls-2.8.6.orig/libextra/configure gnutls-2.8.6/libextra/configure
+--- gnutls-2.8.6.orig/libextra/configure 2010-03-15 11:28:58.000000000 +0100
++++ gnutls-2.8.6/libextra/configure 2010-03-20 16:00:53.000000000 +0100
+@@ -11509,7 +11509,7 @@ fi
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+- names_next_round='gcrypt gpg-error'
++ names_next_round='gcrypt'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
--- /dev/null
+From 93dee00c4ece2ff287ef6c6e60d8a8d8c057dfbf Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Fri, 25 Mar 2011 20:18:00 +0100
+Subject: [PATCH] Fix size of gnutls_openpgp_keyid_t by using the GNUTLS_OPENPGP_KEYID_SIZE definition.
+ Reported by Andreas Metzler.
+
+---
+ lib/includes/gnutls/openpgp.h | 3 ++-
+ lib/openpgp/gnutls_openpgp.c | 6 +++---
+ lib/openpgp/pgp.c | 4 ++--
+ lib/openpgp/privkey.c | 4 ++--
+ 4 files changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h
+index 4b0d853..6dfa786 100644
+--- a/lib/includes/gnutls/openpgp.h
++++ b/lib/includes/gnutls/openpgp.h
+@@ -53,7 +53,8 @@ extern "C"
+ GNUTLS_OPENPGP_FMT_BASE64
+ } gnutls_openpgp_crt_fmt_t;
+
+- typedef unsigned char gnutls_openpgp_keyid_t[8];
++#define GNUTLS_OPENPGP_KEYID_SIZE 8
++ typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
+
+ /* gnutls_openpgp_cert_t should be defined in gnutls.h
+ */
+diff --git a/lib/openpgp/gnutls_openpgp.c b/lib/openpgp/gnutls_openpgp.c
+index ba7cd27..5917447 100644
+--- a/lib/openpgp/gnutls_openpgp.c
++++ b/lib/openpgp/gnutls_openpgp.c
+@@ -321,7 +321,7 @@ gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res,
+ static int
+ get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
+ {
+- size_t keyid_size = sizeof (keyid);
++ size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE;
+
+ if (strlen (str) != 16)
+ {
+@@ -744,7 +744,7 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)
+
+ _gnutls_debug_log
+ ("Importing Openpgp cert and using openpgp sub key: %s\n",
+- _gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf),
++ _gnutls_bin2hex (keyid, GNUTLS_OPENPGP_KEYID_SIZE, err_buf, sizeof (err_buf),
+ NULL));
+
+ KEYID_IMPORT (kid32, keyid);
+@@ -762,7 +762,7 @@ _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)
+ gnutls_openpgp_crt_get_subkey_usage (cert, idx, &gcert->key_usage);
+ gcert->use_subkey = 1;
+
+- memcpy (gcert->subkey_id, keyid, sizeof (keyid));
++ memcpy (gcert->subkey_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ ret =
+ _gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params,
+diff --git a/lib/openpgp/pgp.c b/lib/openpgp/pgp.c
+index 229b69d..77a931d 100644
+--- a/lib/openpgp/pgp.c
++++ b/lib/openpgp/pgp.c
+@@ -1568,7 +1568,7 @@ gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+- memcpy (keyid, key->preferred_keyid, sizeof (gnutls_openpgp_keyid_t));
++ memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+@@ -1606,7 +1606,7 @@ gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
+ }
+
+ key->preferred_set = 1;
+- memcpy (key->preferred_keyid, keyid, sizeof (gnutls_openpgp_keyid_t));
++ memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
+index 4b26a8c..7fef5ad 100644
+--- a/lib/openpgp/privkey.c
++++ b/lib/openpgp/privkey.c
+@@ -1186,7 +1186,7 @@ gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+- memcpy (keyid, key->preferred_keyid, sizeof (gnutls_openpgp_keyid_t));
++ memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+@@ -1224,7 +1224,7 @@ gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
+ }
+
+ key->preferred_set = 1;
+- memcpy (key->preferred_keyid, keyid, sizeof (gnutls_openpgp_keyid_t));
++ memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+ }
+--
+1.7.2.5
+
--- /dev/null
+From 504f2a10130b5c9592e3b570eab50dfcaa3d3456 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Fri, 25 Mar 2011 20:23:35 +0100
+Subject: [PATCH 1/8] Define ext_mod_ia in gnutls_ia.c only.
+
+---
+ libextra/ext_inner_application.h | 2 +-
+ libextra/gnutls_ia.c | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/libextra/ext_inner_application.h b/libextra/ext_inner_application.h
+index a137c08..c641a99 100644
+--- a/libextra/ext_inner_application.h
++++ b/libextra/ext_inner_application.h
+@@ -31,7 +31,7 @@
+ #define IA_ENABLE (1 << 3)
+ #define IA_ALLOW_SKIP (1 << 4)
+
+-extension_entry_st ext_mod_ia;
++extern extension_entry_st ext_mod_ia;
+
+ typedef struct
+ {
+diff --git a/libextra/gnutls_ia.c b/libextra/gnutls_ia.c
+index e692bde..12a049f 100644
+--- a/libextra/gnutls_ia.c
++++ b/libextra/gnutls_ia.c
+@@ -30,6 +30,8 @@
+
+ #define CHECKSUM_SIZE 12
+
++extension_entry_st ext_mod_ia;
++
+ struct gnutls_ia_client_credentials_st
+ {
+ gnutls_ia_avp_func avp_func;
+--
+1.7.2.5
+
--- /dev/null
+From 24a7f63c4abb84786dec5d2eaeaa455b7bf24cb0 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Fri, 25 Mar 2011 20:31:11 +0100
+Subject: [PATCH 2/8] Corrected uninitialized var deinitiation. Reported by Vitaly Kruglikov.
+
+---
+ lib/opencdk/verify.c | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/lib/opencdk/verify.c b/lib/opencdk/verify.c
+index 957eb98..397b3ed 100644
+--- a/lib/opencdk/verify.c
++++ b/lib/opencdk/verify.c
+@@ -179,6 +179,8 @@ file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
+ int err;
+ cdk_error_t rc;
+
++ memset(&md, 0, sizeof(md));
++
+ if (output)
+ {
+ rc = cdk_stream_create (output, &out);
+--
+1.7.2.5
+
--- /dev/null
+From e8df5a70b7ee05e7f835348350e06533732d05aa Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
+Date: Sat, 26 Mar 2011 01:01:17 +0100
+Subject: [PATCH 6/8] Corrected access to freed memory location. Reported by Vitaly Kruglikov.
+
+---
+ lib/opencdk/stream.c | 4 +++-
+ 1 files changed, 3 insertions(+), 1 deletions(-)
+
+diff --git a/lib/opencdk/stream.c b/lib/opencdk/stream.c
+index 29bea09..a9e0af3 100644
+--- a/lib/opencdk/stream.c
++++ b/lib/opencdk/stream.c
+@@ -761,6 +761,7 @@ stream_fp_replace (cdk_stream_t s, FILE ** tmp)
+ rc = fclose (s->fp);
+ if (rc)
+ {
++ s->fp = NULL;
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+@@ -822,6 +823,7 @@ stream_filter_write (cdk_stream_t s)
+ {
+ _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp));
+ fclose (f->tmp);
++ f->tmp = NULL;
+ break;
+ }
+ }
+@@ -960,7 +962,7 @@ cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen)
+ if (rc)
+ {
+ s->error = rc;
+- if (feof (s->fp))
++ if (s->fp && feof (s->fp))
+ s->flags.eof = 1;
+ gnutls_assert ();
+ return EOF;
+--
+1.7.2.5
+
--- /dev/null
+14_version_gettextcat.diff
+16_unnecessarydep.diff
+17_sizeof_gnutls_openpgp_keyid_t.diff
+18_ext_mod_iadef.diff
+19_uninitializedvar.diff
+20_access_freedmemory.diff
--- /dev/null
+#! /usr/bin/make -f
+# Build the gnutls package for Debian.
+
+include /usr/share/cdbs/1/rules/debhelper.mk
+include /usr/share/cdbs/1/class/autotools.mk
+
+#Disable c++ library (cxx)
+#DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script --enable-cxx --without-lzo --cache-file=$(CURDIR)/config.cache --with-libgcrypt --with-packager=Debian --with-packager-bug-reports=http://bugs.debian.org.org/ --with-packager-version="$(DEB_VERSION)" --with-included-libtasn1
+
+DEB_CONFIGURE_EXTRA_FLAGS = --enable-ld-version-script --disable-cxx --without-lzo --cache-file=$(CURDIR)/config.cache --with-libgcrypt --with-packager=Debian --with-packager-bug-reports=http://bugs.debian.org.org/ --with-packager-version="$(DEB_VERSION)" --with-included-libtasn1
+
+DEB_MAKE_CHECK_TARGET = check
+DEB_DH_MAKESHLIBS_ARGS_libgnutls26 := -V 'libgnutls26 (>= 2.11.7-0)'
+#DEB_DH_MAKESHLIBS_ARGS_guile-gnutls := -V 'guile-gnutls (>= 2.11.7-0)'
+#DEB_COMPRESS_EXCLUDE := gnutls.pdf
+
+CFLAGS += -Wall
+
+# pre-clean rule: save gnutls.pdf since it is expensive to regenerate.
+# See README.source
+#cleanbuilddir/gnutls-doc::
+# if [ -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf doc/gnutls.pdf.debbackup ; fi
+
+
+# additional commands for clean
+clean::
+ mkdir -p m4
+
+ -rm -rf autom4te.cache
+
+ -rm -f tests/stamp-tests
+ # stupid conflicts
+ -rm -f doc/*.info* lib/po/libgnutls26.pot
+ # restore gnutls.pdf
+ #if [ -e doc/gnutls.pdf.debbackup ] && [ ! -e doc/gnutls.pdf ] ; then mv doc/gnutls.pdf.debbackup doc/gnutls.pdf ; fi
+
+# additional comands for build rule
+build/gnutls-doc::
+ $(MAKE) html
+
+# add post deb preparation (including debhelper stuff) actions
+# generate symlinks manually and use dh_link to make them policy-conform.
+#binary-install/gnutls-doc::
+# cd debian/gnutls-doc && \
+# for i in usr/share/doc/gnutls-doc/html/gnutls*.png ; do \
+# i=`basename "$$i"` ; \
+# ln -s "/usr/share/doc/gnutls-doc/html/$$i" \
+# usr/share/info/ ; \
+# done && \
+# cd ../.. && \
+# dh_link -pgnutls-doc
+
+install/libgnutls-dev::
+ find debian/tmp/usr/lib -name "*.la" -exec \
+ sed -i -e "s,^dependency_libs=.*,dependency_libs=''," {} +
+
--- /dev/null
+3.0 (quilt)
--- /dev/null
+version=3
+ftp://ftp.gnutls.org/pub/gnutls/devel/gnutls-(.*)\.tar\.bz2 debian uupdate
--- /dev/null
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+ '')
+ echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+ depmode Dependency tracking mode.
+ source Source file read by `PROGRAMS ARGS'.
+ object Object file output by `PROGRAMS ARGS'.
+ DEPDIR directory where to store dependencies.
+ depfile Dependency file to output.
+ tmpdepfile Temporary file to use when outputing dependencies.
+ libtool Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "depcomp $scriptversion"
+ exit $?
+ ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+ echo "depcomp: Variables source, object and depmode must be set" 1>&2
+ exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+ sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags. We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write. Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+ # HP compiler uses -M and no extra arg.
+ gccflag=-M
+ depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+ # This is just like dashmstdout with a different argument.
+ dashmflag=-xM
+ depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+ # This is just like msvisualcpp but w/o cygpath translation.
+ # Just convert the backslash-escaped backslashes to single forward
+ # slashes to satisfy depend.m4
+ cygpath_u="sed s,\\\\\\\\,/,g"
+ depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want. Yay! Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff. Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am. Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+ for arg
+ do
+ case $arg in
+ -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+ *) set fnord "$@" "$arg" ;;
+ esac
+ shift # fnord
+ shift # $arg
+ done
+ "$@"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ mv "$tmpdepfile" "$depfile"
+ ;;
+
+gcc)
+## There are various ways to get dependency output from gcc. Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+## up in a subdir. Having to rename by hand is ugly.
+## (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+## -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+## than renaming).
+ if test -z "$gccflag"; then
+ gccflag=-MD,
+ fi
+ "$@" -Wp,"$gccflag$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+ sed -e 's/^[^:]*: / /' \
+ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header). We avoid this by adding
+## dummy dependencies for each header file. Too bad gcc doesn't do
+## this for us directly.
+ tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'. On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+sgi)
+ if test "$libtool" = yes; then
+ "$@" "-Wp,-MDupdate,$tmpdepfile"
+ else
+ "$@" -MDupdate "$tmpdepfile"
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+
+ if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
+ echo "$object : \\" > "$depfile"
+
+ # Clip off the initial element (the dependent). Don't try to be
+ # clever and replace this with sed code, as IRIX sed won't handle
+ # lines with more than a fixed number of characters (4096 in
+ # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
+ # the IRIX cc adds comments like `#:fec' to the end of the
+ # dependency line.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+ tr '
+' ' ' >> "$depfile"
+ echo >> "$depfile"
+
+ # The second pass generates a dummy entry for each header file.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+ >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+aix)
+ # The C for AIX Compiler uses -M and outputs the dependencies
+ # in a .u file. In older versions, this file always lives in the
+ # current directory. Also, the AIX compiler puts `$object:' at the
+ # start of each line; $object doesn't have directory information.
+ # Version 6 uses the directory in both cases.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+ if test "$libtool" = yes; then
+ tmpdepfile1=$dir$base.u
+ tmpdepfile2=$base.u
+ tmpdepfile3=$dir.libs/$base.u
+ "$@" -Wc,-M
+ else
+ tmpdepfile1=$dir$base.u
+ tmpdepfile2=$dir$base.u
+ tmpdepfile3=$dir$base.u
+ "$@" -M
+ fi
+ stat=$?
+
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ # Each line is of the form `foo.o: dependent.h'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a tab and a space in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+icc)
+ # Intel's C compiler understands `-MD -MF file'. However on
+ # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+ # ICC 7.0 will fill foo.d with something like
+ # foo.o: sub/foo.c
+ # foo.o: sub/foo.h
+ # which is wrong. We want:
+ # sub/foo.o: sub/foo.c
+ # sub/foo.o: sub/foo.h
+ # sub/foo.c:
+ # sub/foo.h:
+ # ICC 7.1 will output
+ # foo.o: sub/foo.c sub/foo.h
+ # and will wrap long lines using \ :
+ # foo.o: sub/foo.c ... \
+ # sub/foo.h ... \
+ # ...
+
+ "$@" -MD -MF "$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ # Each line is of the form `foo.o: dependent.h',
+ # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+ # Some versions of the HPUX 10.20 sed can't process this invocation
+ # correctly. Breaking it into two sed invocations is a workaround.
+ sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+ sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp2)
+ # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+ # compilers, which have integrated preprocessors. The correct option
+ # to use with these is +Maked; it writes dependencies to a file named
+ # 'foo.d', which lands next to the object file, wherever that
+ # happens to be.
+ # Much of this is similar to the tru64 case; see comments there.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+ if test "$libtool" = yes; then
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir.libs/$base.d
+ "$@" -Wc,+Maked
+ else
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir$base.d
+ "$@" +Maked
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+ # Add `dependent.h:' lines.
+ sed -ne '2,${
+ s/^ *//
+ s/ \\*$//
+ s/$/:/
+ p
+ }' "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile" "$tmpdepfile2"
+ ;;
+
+tru64)
+ # The Tru64 compiler uses -MD to generate dependencies as a side
+ # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+ # dependencies in `foo.d' instead, so we check for that too.
+ # Subdirectories are respected.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+ if test "$libtool" = yes; then
+ # With Tru64 cc, shared objects can also be used to make a
+ # static library. This mechanism is used in libtool 1.4 series to
+ # handle both shared and static libraries in a single compilation.
+ # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+ #
+ # With libtool 1.5 this exception was removed, and libtool now
+ # generates 2 separate objects for the 2 libraries. These two
+ # compilations output dependencies in $dir.libs/$base.o.d and
+ # in $dir$base.o.d. We have to check for both files, because
+ # one of the two compilations can be disabled. We should prefer
+ # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+ # automatically cleaned when .libs/ is deleted, while ignoring
+ # the former would cause a distcleancheck panic.
+ tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4
+ tmpdepfile2=$dir$base.o.d # libtool 1.5
+ tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5
+ tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504
+ "$@" -Wc,-MD
+ else
+ tmpdepfile1=$dir$base.o.d
+ tmpdepfile2=$dir$base.d
+ tmpdepfile3=$dir$base.d
+ tmpdepfile4=$dir$base.d
+ "$@" -MD
+ fi
+
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a tab and a space in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+#nosideeffect)
+ # This comment above is used by automake to tell side-effect
+ # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout, regardless of -o.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ test -z "$dashmflag" && dashmflag=-M
+ # Require at least two characters before searching for `:'
+ # in the target name. This is to cope with DOS-style filenames:
+ # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+ "$@" $dashmflag |
+ sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+dashXmstdout)
+ # This case only exists to satisfy depend.m4. It is never actually
+ # run, as this mode is specially recognized in the preamble.
+ exit 1
+ ;;
+
+makedepend)
+ "$@" || exit $?
+ # Remove any Libtool call
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+ # X makedepend
+ shift
+ cleared=no eat=no
+ for arg
+ do
+ case $cleared in
+ no)
+ set ""; shift
+ cleared=yes ;;
+ esac
+ if test $eat = yes; then
+ eat=no
+ continue
+ fi
+ case "$arg" in
+ -D*|-I*)
+ set fnord "$@" "$arg"; shift ;;
+ # Strip any option that makedepend may not understand. Remove
+ # the object too, otherwise makedepend will parse it as a source file.
+ -arch)
+ eat=yes ;;
+ -*|$object)
+ ;;
+ *)
+ set fnord "$@" "$arg"; shift ;;
+ esac
+ done
+ obj_suffix=`echo "$object" | sed 's/^.*\././'`
+ touch "$tmpdepfile"
+ ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile" "$tmpdepfile".bak
+ ;;
+
+cpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ "$@" -E |
+ sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+ sed '$ s: \\$::' > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ cat < "$tmpdepfile" >> "$depfile"
+ sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvisualcpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ IFS=" "
+ for arg
+ do
+ case "$arg" in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+ set fnord "$@"
+ shift
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift
+ shift
+ ;;
+ esac
+ done
+ "$@" -E 2>/dev/null |
+ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
+ echo " " >> "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvcmsys)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+none)
+ exec "$@"
+ ;;
+
+*)
+ echo "Unknown depmode $depmode" 1>&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+# -*- mode: makefile -*-
+
+####################################
+# Everything below here is generic #
+####################################
+
+if GTK_DOC_USE_LIBTOOL
+GTKDOC_CC = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+GTKDOC_LD = $(LIBTOOL) --tag=CC --mode=link $(CC) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS)
+GTKDOC_RUN = $(LIBTOOL) --mode=execute
+else
+GTKDOC_CC = $(CC) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+GTKDOC_LD = $(CC) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS)
+GTKDOC_RUN =
+endif
+
+# We set GPATH here; this gives us semantics for GNU make
+# which are more like other make's VPATH, when it comes to
+# whether a source that is a target of one rule is then
+# searched for in VPATH/GPATH.
+#
+GPATH = $(srcdir)
+
+TARGET_DIR=$(HTML_DIR)/$(DOC_MODULE)
+
+EXTRA_DIST = \
+ $(content_files) \
+ $(HTML_IMAGES) \
+ $(DOC_MAIN_SGML_FILE) \
+ $(DOC_MODULE)-sections.txt \
+ $(DOC_MODULE)-overrides.txt
+
+DOC_STAMPS=scan-build.stamp tmpl-build.stamp sgml-build.stamp html-build.stamp \
+ pdf-build.stamp \
+ $(srcdir)/tmpl.stamp $(srcdir)/sgml.stamp $(srcdir)/html.stamp \
+ $(srcdir)/pdf.stamp
+
+SCANOBJ_FILES = \
+ $(DOC_MODULE).args \
+ $(DOC_MODULE).hierarchy \
+ $(DOC_MODULE).interfaces \
+ $(DOC_MODULE).prerequisites \
+ $(DOC_MODULE).signals
+
+REPORT_FILES = \
+ $(DOC_MODULE)-undocumented.txt \
+ $(DOC_MODULE)-undeclared.txt \
+ $(DOC_MODULE)-unused.txt
+
+CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS)
+
+if ENABLE_GTK_DOC
+if GTK_DOC_BUILD_HTML
+HTML_BUILD_STAMP=html-build.stamp
+else
+HTML_BUILD_STAMP=
+endif
+if GTK_DOC_BUILD_PDF
+PDF_BUILD_STAMP=pdf-build.stamp
+else
+PDF_BUILD_STAMP=
+endif
+
+all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP)
+else
+all-local:
+endif
+
+docs: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP)
+
+$(REPORT_FILES): sgml-build.stamp
+
+#### scan ####
+
+scan-build.stamp: $(HFILE_GLOB) $(CFILE_GLOB)
+ @echo 'gtk-doc: Scanning header files'
+ @-chmod -R u+w $(srcdir)
+ @_source_dir='' ; for i in $(DOC_SOURCE_DIR) ; do \
+ _source_dir="$${_source_dir} --source-dir=$$i" ; \
+ done ; \
+ cd $(srcdir) && \
+ gtkdoc-scan --module=$(DOC_MODULE) --ignore-headers="$(IGNORE_HFILES)" $${_source_dir} $(SCAN_OPTIONS) $(EXTRA_HFILES)
+ @if grep -l '^..*$$' $(srcdir)/$(DOC_MODULE).types > /dev/null 2>&1 ; then \
+ CC="$(GTKDOC_CC)" LD="$(GTKDOC_LD)" RUN="$(GTKDOC_RUN)" CFLAGS="$(GTKDOC_CFLAGS) $(CFLAGS)" LDFLAGS="$(GTKDOC_LIBS) $(LDFLAGS)" gtkdoc-scangobj $(SCANGOBJ_OPTIONS) --module=$(DOC_MODULE) --output-dir=$(srcdir) ; \
+ else \
+ cd $(srcdir) ; \
+ for i in $(SCANOBJ_FILES) ; do \
+ test -f $$i || touch $$i ; \
+ done \
+ fi
+ @touch scan-build.stamp
+
+$(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt: scan-build.stamp
+ @true
+
+#### templates ####
+
+tmpl-build.stamp: $(DOC_MODULE)-decl.txt $(SCANOBJ_FILES) $(DOC_MODULE)-sections.txt $(DOC_MODULE)-overrides.txt
+ @echo 'gtk-doc: Rebuilding template files'
+ @-chmod -R u+w $(srcdir)
+ @cd $(srcdir) && gtkdoc-mktmpl --module=$(DOC_MODULE) $(MKTMPL_OPTIONS)
+ @touch tmpl-build.stamp
+
+tmpl.stamp: tmpl-build.stamp
+ @true
+
+$(srcdir)/tmpl/*.sgml:
+ @true
+
+#### xml ####
+
+sgml-build.stamp: tmpl.stamp $(DOC_MODULE)-sections.txt $(srcdir)/tmpl/*.sgml $(expand_content_files)
+ @echo 'gtk-doc: Building XML'
+ @-chmod -R u+w $(srcdir)
+ @_source_dir='' ; for i in $(DOC_SOURCE_DIR) ; do \
+ _source_dir="$${_source_dir} --source-dir=$$i" ; \
+ done ; \
+ cd $(srcdir) && \
+ gtkdoc-mkdb --module=$(DOC_MODULE) --output-format=xml --expand-content-files="$(expand_content_files)" --main-sgml-file=$(DOC_MAIN_SGML_FILE) $${_source_dir} $(MKDB_OPTIONS)
+ @touch sgml-build.stamp
+
+sgml.stamp: sgml-build.stamp
+ @true
+
+#### html ####
+
+html-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files)
+ @echo 'gtk-doc: Building HTML'
+ @-chmod -R u+w $(srcdir)
+ @rm -rf $(srcdir)/html
+ @mkdir $(srcdir)/html
+ @mkhtml_options=""; \
+ gtkdoc-mkhtml 2>&1 --help | grep >/dev/null "\-\-path"; \
+ if test "$(?)" = "0"; then \
+ mkhtml_options=--path="$(srcdir)"; \
+ fi; \
+ cd $(srcdir)/html && gtkdoc-mkhtml $$mkhtml_options $(MKHTML_OPTIONS) $(DOC_MODULE) ../$(DOC_MAIN_SGML_FILE)
+ @test "x$(HTML_IMAGES)" = "x" || ( cd $(srcdir) && cp $(HTML_IMAGES) html )
+ @echo 'gtk-doc: Fixing cross-references'
+ @cd $(srcdir) && gtkdoc-fixxref --module=$(DOC_MODULE) --module-dir=html --html-dir=$(HTML_DIR) $(FIXXREF_OPTIONS)
+ @touch html-build.stamp
+
+#### pdf ####
+
+pdf-build.stamp: sgml.stamp $(DOC_MAIN_SGML_FILE) $(content_files)
+ @echo 'gtk-doc: Building PDF'
+ @-chmod -R u+w $(srcdir)
+ @rm -rf $(srcdir)/$(DOC_MODULE).pdf
+ @mkpdf_imgdirs=""; \
+ if test "x$(HTML_IMAGES)" != "x"; then \
+ for img in $(HTML_IMAGES); do \
+ part=`dirname $$img`; \
+ echo $$mkpdf_imgdirs | grep >/dev/null "\-\-imgdir=$$part "; \
+ if test $$? != 0; then \
+ mkpdf_imgdirs="$$mkpdf_imgdirs --imgdir=$$part"; \
+ fi; \
+ done; \
+ fi; \
+ cd $(srcdir) && gtkdoc-mkpdf --path="$(abs_srcdir)" $$mkpdf_imgdirs $(DOC_MODULE) $(DOC_MAIN_SGML_FILE) $(MKPDF_OPTIONS)
+ @touch pdf-build.stamp
+
+##############
+
+clean-local:
+ rm -f *~ *.bak
+ rm -rf .libs
+
+distclean-local:
+ cd $(srcdir) && \
+ rm -rf xml $(REPORT_FILES) $(DOC_MODULE).pdf \
+ $(DOC_MODULE)-decl-list.txt $(DOC_MODULE)-decl.txt
+
+maintainer-clean-local: clean
+ cd $(srcdir) && rm -rf xml html
+
+install-data-local:
+ @installfiles=`echo $(srcdir)/html/*`; \
+ if test "$$installfiles" = '$(srcdir)/html/*'; \
+ then echo '-- Nothing to install' ; \
+ else \
+ if test -n "$(DOC_MODULE_VERSION)"; then \
+ installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \
+ else \
+ installdir="$(DESTDIR)$(TARGET_DIR)"; \
+ fi; \
+ $(mkinstalldirs) $${installdir} ; \
+ for i in $$installfiles; do \
+ echo '-- Installing '$$i ; \
+ $(INSTALL_DATA) $$i $${installdir}; \
+ done; \
+ if test -n "$(DOC_MODULE_VERSION)"; then \
+ mv -f $${installdir}/$(DOC_MODULE).devhelp2 \
+ $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp2; \
+ mv -f $${installdir}/$(DOC_MODULE).devhelp \
+ $${installdir}/$(DOC_MODULE)-$(DOC_MODULE_VERSION).devhelp; \
+ fi; \
+ $(GTKDOC_REBASE) --relative --dest-dir=$(DESTDIR) --html-dir=$${installdir}; \
+ fi
+
+uninstall-local:
+ @if test -n "$(DOC_MODULE_VERSION)"; then \
+ installdir="$(DESTDIR)$(TARGET_DIR)-$(DOC_MODULE_VERSION)"; \
+ else \
+ installdir="$(DESTDIR)$(TARGET_DIR)"; \
+ fi; \
+ rm -rf $${installdir}
+
+#
+# Require gtk-doc when making dist
+#
+if ENABLE_GTK_DOC
+dist-check-gtkdoc:
+else
+dist-check-gtkdoc:
+ @echo "*** gtk-doc must be installed and enabled in order to make dist"
+ @false
+endif
+
+dist-hook: dist-check-gtkdoc dist-hook-local
+ mkdir $(distdir)/tmpl
+ mkdir $(distdir)/html
+ -cp $(srcdir)/tmpl/*.sgml $(distdir)/tmpl
+ -cp $(srcdir)/html/* $(distdir)/html
+ -cp $(srcdir)/$(DOC_MODULE).pdf $(distdir)/
+ -cp $(srcdir)/$(DOC_MODULE).types $(distdir)/
+ -cp $(srcdir)/$(DOC_MODULE)-sections.txt $(distdir)/
+ cd $(distdir) && rm -f $(DISTCLEANFILES)
+ $(GTKDOC_REBASE) --online --relative --html-dir=$(distdir)/html
+
+.PHONY : dist-hook-local docs
--- /dev/null
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" "" $nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+ doit_exec=exec
+else
+ doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+ test "$posix_glob" != "?" || {
+ if (set -f) 2>/dev/null; then
+ posix_glob=
+ else
+ posix_glob=:
+ fi
+ }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+ or: $0 [OPTION]... SRCFILES... DIRECTORY
+ or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+ or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+ --help display this help and exit.
+ --version display version info and exit.
+
+ -c (ignored)
+ -C install only if different (preserve the last data modification time)
+ -d create directories instead of installing files.
+ -g GROUP $chgrpprog installed files to GROUP.
+ -m MODE $chmodprog installed files to MODE.
+ -o USER $chownprog installed files to USER.
+ -s $stripprog installed files.
+ -t DIRECTORY install into DIRECTORY.
+ -T report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+ CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+ RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+ case $1 in
+ -c) ;;
+
+ -C) copy_on_change=true;;
+
+ -d) dir_arg=true;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift;;
+
+ --help) echo "$usage"; exit $?;;
+
+ -m) mode=$2
+ case $mode in
+ *' '* | *' '* | *'
+'* | *'*'* | *'?'* | *'['*)
+ echo "$0: invalid mode: $mode" >&2
+ exit 1;;
+ esac
+ shift;;
+
+ -o) chowncmd="$chownprog $2"
+ shift;;
+
+ -s) stripcmd=$stripprog;;
+
+ -t) dst_arg=$2
+ shift;;
+
+ -T) no_target_directory=true;;
+
+ --version) echo "$0 $scriptversion"; exit $?;;
+
+ --) shift
+ break;;
+
+ -*) echo "$0: invalid option: $1" >&2
+ exit 1;;
+
+ *) break;;
+ esac
+ shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+ # When -d is used, all remaining arguments are directories to create.
+ # When -t is used, the destination is already specified.
+ # Otherwise, the last argument is the destination. Remove it from $@.
+ for arg
+ do
+ if test -n "$dst_arg"; then
+ # $@ is not empty: it contains at least $arg.
+ set fnord "$@" "$dst_arg"
+ shift # fnord
+ fi
+ shift # arg
+ dst_arg=$arg
+ done
+fi
+
+if test $# -eq 0; then
+ if test -z "$dir_arg"; then
+ echo "$0: no input file specified." >&2
+ exit 1
+ fi
+ # It's OK to call `install-sh -d' without argument.
+ # This can happen when creating conditional directories.
+ exit 0
+fi
+
+if test -z "$dir_arg"; then
+ trap '(exit $?); exit' 1 2 13 15
+
+ # Set umask so as not to create temps with too-generous modes.
+ # However, 'strip' requires both read and write access to temps.
+ case $mode in
+ # Optimize common cases.
+ *644) cp_umask=133;;
+ *755) cp_umask=22;;
+
+ *[0-7])
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw='% 200'
+ fi
+ cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+ *)
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw=,u+rw
+ fi
+ cp_umask=$mode$u_plus_rw;;
+ esac
+fi
+
+for src
+do
+ # Protect names starting with `-'.
+ case $src in
+ -*) src=./$src;;
+ esac
+
+ if test -n "$dir_arg"; then
+ dst=$src
+ dstdir=$dst
+ test -d "$dstdir"
+ dstdir_status=$?
+ else
+
+ # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+ # might cause directories to be created, which would be especially bad
+ # if $src (and thus $dsttmp) contains '*'.
+ if test ! -f "$src" && test ! -d "$src"; then
+ echo "$0: $src does not exist." >&2
+ exit 1
+ fi
+
+ if test -z "$dst_arg"; then
+ echo "$0: no destination specified." >&2
+ exit 1
+ fi
+
+ dst=$dst_arg
+ # Protect names starting with `-'.
+ case $dst in
+ -*) dst=./$dst;;
+ esac
+
+ # If destination is a directory, append the input filename; won't work
+ # if double slashes aren't ignored.
+ if test -d "$dst"; then
+ if test -n "$no_target_directory"; then
+ echo "$0: $dst_arg: Is a directory" >&2
+ exit 1
+ fi
+ dstdir=$dst
+ dst=$dstdir/`basename "$src"`
+ dstdir_status=0
+ else
+ # Prefer dirname, but fall back on a substitute if dirname fails.
+ dstdir=`
+ (dirname "$dst") 2>/dev/null ||
+ expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$dst" : 'X\(//\)[^/]' \| \
+ X"$dst" : 'X\(//\)$' \| \
+ X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+ echo X"$dst" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'
+ `
+
+ test -d "$dstdir"
+ dstdir_status=$?
+ fi
+ fi
+
+ obsolete_mkdir_used=false
+
+ if test $dstdir_status != 0; then
+ case $posix_mkdir in
+ '')
+ # Create intermediate dirs using mode 755 as modified by the umask.
+ # This is like FreeBSD 'install' as of 1997-10-28.
+ umask=`umask`
+ case $stripcmd.$umask in
+ # Optimize common cases.
+ *[2367][2367]) mkdir_umask=$umask;;
+ .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+ *[0-7])
+ mkdir_umask=`expr $umask + 22 \
+ - $umask % 100 % 40 + $umask % 20 \
+ - $umask % 10 % 4 + $umask % 2
+ `;;
+ *) mkdir_umask=$umask,go-w;;
+ esac
+
+ # With -d, create the new directory with the user-specified mode.
+ # Otherwise, rely on $mkdir_umask.
+ if test -n "$dir_arg"; then
+ mkdir_mode=-m$mode
+ else
+ mkdir_mode=
+ fi
+
+ posix_mkdir=false
+ case $umask in
+ *[123567][0-7][0-7])
+ # POSIX mkdir -p sets u+wx bits regardless of umask, which
+ # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+ ;;
+ *)
+ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+ if (umask $mkdir_umask &&
+ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+ then
+ if test -z "$dir_arg" || {
+ # Check for POSIX incompatibilities with -m.
+ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+ # other-writeable bit of parent directory when it shouldn't.
+ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+ ls_ld_tmpdir=`ls -ld "$tmpdir"`
+ case $ls_ld_tmpdir in
+ d????-?r-*) different_mode=700;;
+ d????-?--*) different_mode=755;;
+ *) false;;
+ esac &&
+ $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+ ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+ }
+ }
+ then posix_mkdir=:
+ fi
+ rmdir "$tmpdir/d" "$tmpdir"
+ else
+ # Remove any dirs left behind by ancient mkdir implementations.
+ rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+ fi
+ trap '' 0;;
+ esac;;
+ esac
+
+ if
+ $posix_mkdir && (
+ umask $mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+ )
+ then :
+ else
+
+ # The umask is ridiculous, or mkdir does not conform to POSIX,
+ # or it failed possibly due to a race condition. Create the
+ # directory the slow way, step by step, checking for races as we go.
+
+ case $dstdir in
+ /*) prefix='/';;
+ -*) prefix='./';;
+ *) prefix='';;
+ esac
+
+ eval "$initialize_posix_glob"
+
+ oIFS=$IFS
+ IFS=/
+ $posix_glob set -f
+ set fnord $dstdir
+ shift
+ $posix_glob set +f
+ IFS=$oIFS
+
+ prefixes=
+
+ for d
+ do
+ test -z "$d" && continue
+
+ prefix=$prefix$d
+ if test -d "$prefix"; then
+ prefixes=
+ else
+ if $posix_mkdir; then
+ (umask=$mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+ # Don't fail if two instances are running concurrently.
+ test -d "$prefix" || exit 1
+ else
+ case $prefix in
+ *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) qprefix=$prefix;;
+ esac
+ prefixes="$prefixes '$qprefix'"
+ fi
+ fi
+ prefix=$prefix/
+ done
+
+ if test -n "$prefixes"; then
+ # Don't fail if two instances are running concurrently.
+ (umask $mkdir_umask &&
+ eval "\$doit_exec \$mkdirprog $prefixes") ||
+ test -d "$dstdir" || exit 1
+ obsolete_mkdir_used=true
+ fi
+ fi
+ fi
+
+ if test -n "$dir_arg"; then
+ { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+ { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+ else
+
+ # Make a couple of temp file names in the proper directory.
+ dsttmp=$dstdir/_inst.$$_
+ rmtmp=$dstdir/_rm.$$_
+
+ # Trap to clean up those temp files at exit.
+ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+ # Copy the file name to the temp name.
+ (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+ # and set any options; do chmod last to preserve setuid bits.
+ #
+ # If any of these fail, we abort the whole thing. If we want to
+ # ignore errors from any of these, just make sure not to ignore
+ # errors from the above "$doit $cpprog $src $dsttmp" command.
+ #
+ { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+ { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+ { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+ # If -C, don't bother to copy if it wouldn't change the file.
+ if $copy_on_change &&
+ old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
+ new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
+
+ eval "$initialize_posix_glob" &&
+ $posix_glob set -f &&
+ set X $old && old=:$2:$4:$5:$6 &&
+ set X $new && new=:$2:$4:$5:$6 &&
+ $posix_glob set +f &&
+
+ test "$old" = "$new" &&
+ $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+ then
+ rm -f "$dsttmp"
+ else
+ # Rename the file to the real destination.
+ $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+ # The rename failed, perhaps because mv can't rename something else
+ # to itself, or perhaps because mv is so ancient that it does not
+ # support -f.
+ {
+ # Now remove or move aside any old file at destination location.
+ # We try this two ways since rm can't unlink itself on some
+ # systems and the destination file might be busy for other
+ # reasons. In this case, the final cleanup might fail but the new
+ # file should still install successfully.
+ {
+ test ! -f "$dst" ||
+ $doit $rmcmd -f "$dst" 2>/dev/null ||
+ { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+ { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+ } ||
+ { echo "$0: cannot unlink or rename $dst" >&2
+ (exit 1); exit 1
+ }
+ } &&
+
+ # Now rename the file to the real destination.
+ $doit $mvcmd "$dsttmp" "$dst"
+ }
+ fi || exit 1
+
+ trap '' 0
+ fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+1 Notes on the Free Translation Project
+***************************************
+
+Free software is going international! The Free Translation Project is
+a way to get maintainers of free software, translators, and users all
+together, so that free software will gradually become able to speak many
+languages. A few packages already provide translations for their
+messages.
+
+ If you found this `ABOUT-NLS' file inside a distribution, you may
+assume that the distributed package does use GNU `gettext' internally,
+itself available at your nearest GNU archive site. But you do _not_
+need to install GNU `gettext' prior to configuring, installing or using
+this package with messages translated.
+
+ Installers will find here some useful hints. These notes also
+explain how users should proceed for getting the programs to use the
+available translations. They tell how people wanting to contribute and
+work on translations can contact the appropriate team.
+
+ When reporting bugs in the `intl/' directory or bugs which may be
+related to internationalization, you should tell about the version of
+`gettext' which is used. The information can be found in the
+`intl/VERSION' file, in internationalized packages.
+
+1.1 Quick configuration advice
+==============================
+
+If you want to exploit the full power of internationalization, you
+should configure it using
+
+ ./configure --with-included-gettext
+
+to force usage of internationalizing routines provided within this
+package, despite the existence of internationalizing capabilities in the
+operating system where this package is being installed. So far, only
+the `gettext' implementation in the GNU C library version 2 provides as
+many features (such as locale alias, message inheritance, automatic
+charset conversion or plural form handling) as the implementation here.
+It is also not possible to offer this additional functionality on top
+of a `catgets' implementation. Future versions of GNU `gettext' will
+very likely convey even more functionality. So it might be a good idea
+to change to GNU `gettext' as soon as possible.
+
+ So you need _not_ provide this option if you are using GNU libc 2 or
+you have installed a recent copy of the GNU gettext package with the
+included `libintl'.
+
+1.2 INSTALL Matters
+===================
+
+Some packages are "localizable" when properly installed; the programs
+they contain can be made to speak your own native language. Most such
+packages use GNU `gettext'. Other packages have their own ways to
+internationalization, predating GNU `gettext'.
+
+ By default, this package will be installed to allow translation of
+messages. It will automatically detect whether the system already
+provides the GNU `gettext' functions. If not, the included GNU
+`gettext' library will be used. This library is wholly contained
+within this package, usually in the `intl/' subdirectory, so prior
+installation of the GNU `gettext' package is _not_ required.
+Installers may use special options at configuration time for changing
+the default behaviour. The commands:
+
+ ./configure --with-included-gettext
+ ./configure --disable-nls
+
+will, respectively, bypass any pre-existing `gettext' to use the
+internationalizing routines provided within this package, or else,
+_totally_ disable translation of messages.
+
+ When you already have GNU `gettext' installed on your system and run
+configure without an option for your new package, `configure' will
+probably detect the previously built and installed `libintl.a' file and
+will decide to use this. This might not be desirable. You should use
+the more recent version of the GNU `gettext' library. I.e. if the file
+`intl/VERSION' shows that the library which comes with this package is
+more recent, you should use
+
+ ./configure --with-included-gettext
+
+to prevent auto-detection.
+
+ The configuration process will not test for the `catgets' function
+and therefore it will not be used. The reason is that even an
+emulation of `gettext' on top of `catgets' could not provide all the
+extensions of the GNU `gettext' library.
+
+ Internationalized packages usually have many `po/LL.po' files, where
+LL gives an ISO 639 two-letter code identifying the language. Unless
+translations have been forbidden at `configure' time by using the
+`--disable-nls' switch, all available translations are installed
+together with the package. However, the environment variable `LINGUAS'
+may be set, prior to configuration, to limit the installed set.
+`LINGUAS' should then contain a space separated list of two-letter
+codes, stating which languages are allowed.
+
+1.3 Using This Package
+======================
+
+As a user, if your language has been installed for this package, you
+only have to set the `LANG' environment variable to the appropriate
+`LL_CC' combination. If you happen to have the `LC_ALL' or some other
+`LC_xxx' environment variables set, you should unset them before
+setting `LANG', otherwise the setting of `LANG' will not have the
+desired effect. Here `LL' is an ISO 639 two-letter language code, and
+`CC' is an ISO 3166 two-letter country code. For example, let's
+suppose that you speak German and live in Germany. At the shell
+prompt, merely execute `setenv LANG de_DE' (in `csh'),
+`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash').
+This can be done from your `.login' or `.profile' file, once and for
+all.
+
+ You might think that the country code specification is redundant.
+But in fact, some languages have dialects in different countries. For
+example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The
+country code serves to distinguish the dialects.
+
+ The locale naming convention of `LL_CC', with `LL' denoting the
+language and `CC' denoting the country, is the one use on systems based
+on GNU libc. On other systems, some variations of this scheme are
+used, such as `LL' or `LL_CC.ENCODING'. You can get the list of
+locales supported by your system for your language by running the
+command `locale -a | grep '^LL''.
+
+ Not all programs have translations for all languages. By default, an
+English message is shown in place of a nonexistent translation. If you
+understand other languages, you can set up a priority list of languages.
+This is done through a different environment variable, called
+`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG'
+for the purpose of message handling, but you still need to have `LANG'
+set to the primary language; this is required by other parts of the
+system libraries. For example, some Swedish users who would rather
+read translations in German than English for when Swedish is not
+available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'.
+
+ Special advice for Norwegian users: The language code for Norwegian
+bokma*l changed from `no' to `nb' recently (in 2003). During the
+transition period, while some message catalogs for this language are
+installed under `nb' and some older ones under `no', it's recommended
+for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and
+older translations are used.
+
+ In the `LANGUAGE' environment variable, but not in the `LANG'
+environment variable, `LL_CC' combinations can be abbreviated as `LL'
+to denote the language's main dialect. For example, `de' is equivalent
+to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT'
+(Portuguese as spoken in Portugal) in this context.
+
+1.4 Translating Teams
+=====================
+
+For the Free Translation Project to be a success, we need interested
+people who like their own language and write it well, and who are also
+able to synergize with other translators speaking the same language.
+Each translation team has its own mailing list. The up-to-date list of
+teams can be found at the Free Translation Project's homepage,
+`http://translationproject.org/', in the "Teams" area.
+
+ If you'd like to volunteer to _work_ at translating messages, you
+should become a member of the translating team for your own language.
+The subscribing address is _not_ the same as the list itself, it has
+`-request' appended. For example, speakers of Swedish can send a
+message to `sv-request@li.org', having this message body:
+
+ subscribe
+
+ Keep in mind that team members are expected to participate
+_actively_ in translations, or at solving translational difficulties,
+rather than merely lurking around. If your team does not exist yet and
+you want to start one, or if you are unsure about what to do or how to
+get started, please write to `coordinator@translationproject.org' to
+reach the coordinator for all translator teams.
+
+ The English team is special. It works at improving and uniformizing
+the terminology in use. Proven linguistic skills are praised more than
+programming skills, here.
+
+1.5 Available Packages
+======================
+
+Languages are not equally supported in all packages. The following
+matrix shows the current state of internationalization, as of November
+2007. The matrix shows, in regard of each package, for which languages
+PO files have been submitted to translation coordination, with a
+translation percentage of at least 50%.
+
+ Ready PO files af am ar az be bg bs ca cs cy da de el en en_GB eo
+ +----------------------------------------------------+
+ Compendium | [] [] [] [] |
+ a2ps | [] [] [] [] [] |
+ aegis | () |
+ ant-phone | () |
+ anubis | [] |
+ ap-utils | |
+ aspell | [] [] [] [] [] |
+ bash | [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | |
+ bison | [] [] |
+ bison-runtime | [] |
+ bluez-pin | [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] [] [] |
+ console-tools | [] [] |
+ coreutils | [] [] [] [] |
+ cpio | |
+ cpplib | [] [] [] |
+ cryptonit | [] |
+ dialog | |
+ diffutils | [] [] [] [] [] [] |
+ doodle | [] |
+ e2fsprogs | [] [] |
+ enscript | [] [] [] [] |
+ fetchmail | [] [] () [] [] |
+ findutils | [] |
+ findutils_stable | [] [] [] |
+ flex | [] [] [] |
+ fslint | |
+ gas | |
+ gawk | [] [] [] |
+ gcal | [] |
+ gcc | [] |
+ gettext-examples | [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] |
+ gettext-tools | [] [] |
+ gip | [] |
+ gliv | [] [] |
+ glunarclock | [] |
+ gmult | [] [] |
+ gnubiff | () |
+ gnucash | [] [] () () [] |
+ gnuedu | |
+ gnulib | [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | [] |
+ gpe-aerial | [] [] |
+ gpe-beam | [] [] |
+ gpe-calendar | |
+ gpe-clock | [] [] |
+ gpe-conf | [] [] |
+ gpe-contacts | |
+ gpe-edit | [] |
+ gpe-filemanager | |
+ gpe-go | [] |
+ gpe-login | [] [] |
+ gpe-ownerinfo | [] [] |
+ gpe-package | |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] |
+ gpe-taskmanager | [] [] |
+ gpe-timesheet | [] |
+ gpe-today | [] [] |
+ gpe-todo | |
+ gphoto2 | [] [] [] [] |
+ gprof | [] [] |
+ gpsdrive | |
+ gramadoir | [] [] |
+ grep | [] [] |
+ gretl | () |
+ gsasl | |
+ gss | |
+ gst-plugins-bad | [] [] |
+ gst-plugins-base | [] [] |
+ gst-plugins-good | [] [] [] |
+ gst-plugins-ugly | [] [] |
+ gstreamer | [] [] [] [] [] [] [] |
+ gtick | () |
+ gtkam | [] [] [] [] |
+ gtkorphan | [] [] |
+ gtkspell | [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] [] |
+ indent | [] [] [] [] |
+ iso_15924 | |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | |
+ iso_4217 | [] [] [] |
+ iso_639 | [] [] [] [] |
+ jpilot | [] |
+ jtag | |
+ jwhois | |
+ kbd | [] [] [] [] |
+ keytouch | [] [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] |
+ latrine | () |
+ ld | [] |
+ leafpad | [] [] [] [] [] |
+ libc | [] [] [] [] |
+ libexif | [] |
+ libextractor | [] |
+ libgpewidget | [] [] [] |
+ libgpg-error | [] |
+ libgphoto2 | [] [] |
+ libgphoto2_port | [] [] |
+ libgsasl | |
+ libiconv | [] [] |
+ libidn | [] [] [] |
+ lifelines | [] () |
+ lilypond | [] |
+ lingoteach | |
+ lprng | |
+ lynx | [] [] [] [] |
+ m4 | [] [] [] [] |
+ mailfromd | |
+ mailutils | [] |
+ make | [] [] |
+ man-db | [] [] [] |
+ minicom | [] [] [] |
+ nano | [] [] [] |
+ opcodes | [] |
+ parted | [] [] |
+ pilot-qof | |
+ popt | [] [] [] |
+ psmisc | [] |
+ pwdutils | |
+ qof | |
+ radius | [] |
+ recode | [] [] [] [] [] [] |
+ rpm | [] |
+ screem | |
+ scrollkeeper | [] [] [] [] [] [] [] [] |
+ sed | [] [] [] |
+ shared-mime-info | [] [] [] [] () [] [] [] |
+ sharutils | [] [] [] [] [] [] |
+ shishi | |
+ skencil | [] () |
+ solfege | |
+ soundtracker | [] [] |
+ sp | [] |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] |
+ texinfo | [] [] [] |
+ tin | () () |
+ tuxpaint | [] [] [] [] [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] [] [] |
+ util-linux-ng | [] [] [] [] |
+ vorbis-tools | [] |
+ wastesedge | () |
+ wdiff | [] [] [] [] |
+ wget | [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] |
+ xpad | [] [] [] |
+ +----------------------------------------------------+
+ af am ar az be bg bs ca cs cy da de el en en_GB eo
+ 6 0 2 1 8 26 2 40 48 2 56 88 15 1 15 18
+
+ es et eu fa fi fr ga gl gu he hi hr hu id is it
+ +--------------------------------------------------+
+ Compendium | [] [] [] [] [] |
+ a2ps | [] [] [] () |
+ aegis | |
+ ant-phone | [] |
+ anubis | [] |
+ ap-utils | [] [] |
+ aspell | [] [] [] |
+ bash | [] |
+ bfd | [] [] |
+ bibshelf | [] [] [] |
+ binutils | [] [] [] |
+ bison | [] [] [] [] [] [] |
+ bison-runtime | [] [] [] [] [] |
+ bluez-pin | [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] [] |
+ console-tools | |
+ coreutils | [] [] [] [] [] [] |
+ cpio | [] [] [] |
+ cpplib | [] [] |
+ cryptonit | [] |
+ dialog | [] [] [] |
+ diffutils | [] [] [] [] [] [] [] [] [] |
+ doodle | [] [] |
+ e2fsprogs | [] [] [] |
+ enscript | [] [] [] |
+ fetchmail | [] |
+ findutils | [] [] [] |
+ findutils_stable | [] [] [] [] |
+ flex | [] [] [] |
+ fslint | |
+ gas | [] [] |
+ gawk | [] [] [] [] () |
+ gcal | [] [] |
+ gcc | [] |
+ gettext-examples | [] [] [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] [] |
+ gettext-tools | [] [] [] [] |
+ gip | [] [] [] [] |
+ gliv | () |
+ glunarclock | [] [] [] |
+ gmult | [] [] [] |
+ gnubiff | () () |
+ gnucash | () () () |
+ gnuedu | [] |
+ gnulib | [] [] [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | |
+ gpe-aerial | [] [] |
+ gpe-beam | [] [] |
+ gpe-calendar | |
+ gpe-clock | [] [] [] [] |
+ gpe-conf | [] |
+ gpe-contacts | [] [] |
+ gpe-edit | [] [] [] [] |
+ gpe-filemanager | [] |
+ gpe-go | [] [] [] |
+ gpe-login | [] [] [] |
+ gpe-ownerinfo | [] [] [] [] [] |
+ gpe-package | [] |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] [] [] |
+ gpe-taskmanager | [] [] [] |
+ gpe-timesheet | [] [] [] [] |
+ gpe-today | [] [] [] [] |
+ gpe-todo | [] |
+ gphoto2 | [] [] [] [] [] |
+ gprof | [] [] [] [] [] |
+ gpsdrive | [] |
+ gramadoir | [] [] |
+ grep | [] [] [] |
+ gretl | [] [] [] () |
+ gsasl | [] [] |
+ gss | [] [] |
+ gst-plugins-bad | [] [] [] [] |
+ gst-plugins-base | [] [] [] [] |
+ gst-plugins-good | [] [] [] [] [] |
+ gst-plugins-ugly | [] [] [] [] |
+ gstreamer | [] [] [] |
+ gtick | [] [] [] |
+ gtkam | [] [] [] [] |
+ gtkorphan | [] [] |
+ gtkspell | [] [] [] [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] [] [] [] [] |
+ indent | [] [] [] [] [] [] [] [] [] [] |
+ iso_15924 | [] |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | [] |
+ iso_4217 | [] [] [] [] [] [] |
+ iso_639 | [] [] [] [] [] [] |
+ jpilot | [] [] |
+ jtag | [] |
+ jwhois | [] [] [] [] [] |
+ kbd | [] [] |
+ keytouch | [] [] [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] [] |
+ latrine | [] [] |
+ ld | [] [] [] [] |
+ leafpad | [] [] [] [] [] [] |
+ libc | [] [] [] [] [] |
+ libexif | [] |
+ libextractor | [] |
+ libgpewidget | [] [] [] [] [] |
+ libgpg-error | [] |
+ libgphoto2 | [] [] [] |
+ libgphoto2_port | [] [] |
+ libgsasl | [] [] |
+ libiconv | [] [] [] |
+ libidn | [] [] |
+ lifelines | () |
+ lilypond | [] [] [] |
+ lingoteach | [] [] [] |
+ lprng | |
+ lynx | [] [] [] |
+ m4 | [] [] [] [] |
+ mailfromd | |
+ mailutils | [] [] |
+ make | [] [] [] [] [] [] [] [] |
+ man-db | [] |
+ minicom | [] [] [] [] |
+ nano | [] [] [] [] [] [] [] |
+ opcodes | [] [] [] [] |
+ parted | [] [] [] |
+ pilot-qof | |
+ popt | [] [] [] [] |
+ psmisc | [] [] |
+ pwdutils | |
+ qof | [] |
+ radius | [] [] |
+ recode | [] [] [] [] [] [] [] [] |
+ rpm | [] [] |
+ screem | |
+ scrollkeeper | [] [] [] |
+ sed | [] [] [] [] [] |
+ shared-mime-info | [] [] [] [] [] [] |
+ sharutils | [] [] [] [] [] [] [] [] |
+ shishi | [] |
+ skencil | [] [] |
+ solfege | [] |
+ soundtracker | [] [] [] |
+ sp | [] |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] [] [] [] |
+ texinfo | [] [] [] |
+ tin | [] () |
+ tuxpaint | [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | [] [] |
+ util-linux | [] [] [] [] [] [] [] |
+ util-linux-ng | [] [] [] [] [] [] [] |
+ vorbis-tools | |
+ wastesedge | () |
+ wdiff | [] [] [] [] [] [] [] [] |
+ wget | [] [] [] [] [] [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ es et eu fa fi fr ga gl gu he hi hr hu id is it
+ 85 22 14 2 48 101 61 12 2 8 2 6 53 29 1 52
+
+ ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn
+ +--------------------------------------------------+
+ Compendium | [] |
+ a2ps | () [] [] |
+ aegis | () |
+ ant-phone | [] |
+ anubis | [] [] [] |
+ ap-utils | [] |
+ aspell | [] [] |
+ bash | [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | |
+ bison | [] [] [] |
+ bison-runtime | [] [] [] |
+ bluez-pin | [] [] [] |
+ cflow | |
+ clisp | [] |
+ console-tools | |
+ coreutils | [] |
+ cpio | [] |
+ cpplib | [] |
+ cryptonit | [] |
+ dialog | [] [] |
+ diffutils | [] [] [] |
+ doodle | |
+ e2fsprogs | [] |
+ enscript | [] |
+ fetchmail | [] [] |
+ findutils | [] |
+ findutils_stable | [] |
+ flex | [] [] |
+ fslint | |
+ gas | |
+ gawk | [] [] |
+ gcal | |
+ gcc | |
+ gettext-examples | [] [] [] |
+ gettext-runtime | [] [] [] |
+ gettext-tools | [] [] |
+ gip | [] [] |
+ gliv | [] |
+ glunarclock | [] [] |
+ gmult | [] [] [] |
+ gnubiff | |
+ gnucash | () () () |
+ gnuedu | |
+ gnulib | [] [] |
+ gnunet | |
+ gnunet-gtk | |
+ gnutls | [] |
+ gpe-aerial | [] |
+ gpe-beam | [] |
+ gpe-calendar | [] |
+ gpe-clock | [] [] [] |
+ gpe-conf | [] [] [] |
+ gpe-contacts | [] |
+ gpe-edit | [] [] [] |
+ gpe-filemanager | [] [] |
+ gpe-go | [] [] [] |
+ gpe-login | [] [] [] |
+ gpe-ownerinfo | [] [] |
+ gpe-package | [] [] |
+ gpe-sketchbook | [] [] |
+ gpe-su | [] [] [] |
+ gpe-taskmanager | [] [] [] [] |
+ gpe-timesheet | [] |
+ gpe-today | [] [] |
+ gpe-todo | [] |
+ gphoto2 | [] [] |
+ gprof | [] |
+ gpsdrive | [] |
+ gramadoir | () |
+ grep | [] [] |
+ gretl | |
+ gsasl | [] |
+ gss | |
+ gst-plugins-bad | [] |
+ gst-plugins-base | [] |
+ gst-plugins-good | [] |
+ gst-plugins-ugly | [] |
+ gstreamer | [] |
+ gtick | [] |
+ gtkam | [] [] |
+ gtkorphan | [] |
+ gtkspell | [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] |
+ herrie | [] |
+ hylafax | |
+ idutils | [] |
+ indent | [] [] |
+ iso_15924 | [] |
+ iso_3166 | [] [] [] [] [] [] [] [] |
+ iso_3166_2 | [] |
+ iso_4217 | [] [] [] |
+ iso_639 | [] [] [] [] |
+ jpilot | () () |
+ jtag | |
+ jwhois | [] |
+ kbd | [] |
+ keytouch | [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | |
+ latrine | [] |
+ ld | |
+ leafpad | [] [] |
+ libc | [] [] [] |
+ libexif | |
+ libextractor | |
+ libgpewidget | [] |
+ libgpg-error | |
+ libgphoto2 | [] |
+ libgphoto2_port | [] |
+ libgsasl | [] |
+ libiconv | [] |
+ libidn | [] [] |
+ lifelines | [] |
+ lilypond | [] |
+ lingoteach | [] |
+ lprng | |
+ lynx | [] [] |
+ m4 | [] [] |
+ mailfromd | |
+ mailutils | |
+ make | [] [] [] |
+ man-db | |
+ minicom | [] |
+ nano | [] [] [] |
+ opcodes | [] |
+ parted | [] [] |
+ pilot-qof | |
+ popt | [] [] [] |
+ psmisc | [] [] [] |
+ pwdutils | |
+ qof | |
+ radius | |
+ recode | [] |
+ rpm | [] [] |
+ screem | [] |
+ scrollkeeper | [] [] [] [] |
+ sed | [] [] |
+ shared-mime-info | [] [] [] [] [] [] [] |
+ sharutils | [] [] |
+ shishi | |
+ skencil | |
+ solfege | () () |
+ soundtracker | |
+ sp | () |
+ system-tools-ba... | [] [] [] [] |
+ tar | [] [] [] |
+ texinfo | [] [] |
+ tin | |
+ tuxpaint | () [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] |
+ util-linux-ng | [] [] |
+ vorbis-tools | |
+ wastesedge | [] |
+ wdiff | [] [] |
+ wget | [] [] |
+ xchat | [] [] [] [] |
+ xkeyboard-config | [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ ja ka ko ku ky lg lt lv mk mn ms mt nb ne nl nn
+ 51 2 25 3 2 0 6 0 2 2 20 0 11 1 103 6
+
+ or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta
+ +--------------------------------------------------+
+ Compendium | [] [] [] [] [] |
+ a2ps | () [] [] [] [] [] [] |
+ aegis | () () |
+ ant-phone | [] [] |
+ anubis | [] [] [] |
+ ap-utils | () |
+ aspell | [] [] [] |
+ bash | [] [] |
+ bfd | |
+ bibshelf | [] |
+ binutils | [] [] |
+ bison | [] [] [] [] [] |
+ bison-runtime | [] [] [] [] [] |
+ bluez-pin | [] [] [] [] [] [] [] [] [] |
+ cflow | [] |
+ clisp | [] |
+ console-tools | [] |
+ coreutils | [] [] [] [] |
+ cpio | [] [] [] |
+ cpplib | [] |
+ cryptonit | [] [] |
+ dialog | [] |
+ diffutils | [] [] [] [] [] [] |
+ doodle | [] [] |
+ e2fsprogs | [] [] |
+ enscript | [] [] [] [] [] |
+ fetchmail | [] [] [] |
+ findutils | [] [] [] |
+ findutils_stable | [] [] [] [] [] [] |
+ flex | [] [] [] [] [] |
+ fslint | [] |
+ gas | |
+ gawk | [] [] [] [] |
+ gcal | [] |
+ gcc | [] [] |
+ gettext-examples | [] [] [] [] [] [] [] [] |
+ gettext-runtime | [] [] [] [] [] [] [] [] |
+ gettext-tools | [] [] [] [] [] [] [] |
+ gip | [] [] [] [] |
+ gliv | [] [] [] [] [] [] |
+ glunarclock | [] [] [] [] [] [] |
+ gmult | [] [] [] [] |
+ gnubiff | () [] |
+ gnucash | () [] |
+ gnuedu | |
+ gnulib | [] [] [] |
+ gnunet | |
+ gnunet-gtk | [] |
+ gnutls | [] [] |
+ gpe-aerial | [] [] [] [] [] [] [] |
+ gpe-beam | [] [] [] [] [] [] [] |
+ gpe-calendar | [] [] [] [] |
+ gpe-clock | [] [] [] [] [] [] [] [] |
+ gpe-conf | [] [] [] [] [] [] [] |
+ gpe-contacts | [] [] [] [] [] |
+ gpe-edit | [] [] [] [] [] [] [] [] [] |
+ gpe-filemanager | [] [] |
+ gpe-go | [] [] [] [] [] [] [] [] |
+ gpe-login | [] [] [] [] [] [] [] [] |
+ gpe-ownerinfo | [] [] [] [] [] [] [] [] |
+ gpe-package | [] [] |
+ gpe-sketchbook | [] [] [] [] [] [] [] [] |
+ gpe-su | [] [] [] [] [] [] [] [] |
+ gpe-taskmanager | [] [] [] [] [] [] [] [] |
+ gpe-timesheet | [] [] [] [] [] [] [] [] |
+ gpe-today | [] [] [] [] [] [] [] [] |
+ gpe-todo | [] [] [] [] |
+ gphoto2 | [] [] [] [] [] [] |
+ gprof | [] [] [] |
+ gpsdrive | [] [] |
+ gramadoir | [] [] |
+ grep | [] [] [] [] |
+ gretl | [] [] [] |
+ gsasl | [] [] [] |
+ gss | [] [] [] [] |
+ gst-plugins-bad | [] [] [] |
+ gst-plugins-base | [] [] |
+ gst-plugins-good | [] [] |
+ gst-plugins-ugly | [] [] [] |
+ gstreamer | [] [] [] [] |
+ gtick | [] |
+ gtkam | [] [] [] [] [] |
+ gtkorphan | [] |
+ gtkspell | [] [] [] [] [] [] [] [] |
+ gutenprint | [] |
+ hello | [] [] [] [] [] [] [] [] |
+ herrie | [] [] [] |
+ hylafax | |
+ idutils | [] [] [] [] [] |
+ indent | [] [] [] [] [] [] [] |
+ iso_15924 | |
+ iso_3166 | [] [] [] [] [] [] [] [] [] [] [] [] [] |
+ iso_3166_2 | |
+ iso_4217 | [] [] [] [] [] [] [] |
+ iso_639 | [] [] [] [] [] [] [] |
+ jpilot | |
+ jtag | [] |
+ jwhois | [] [] [] [] |
+ kbd | [] [] [] |
+ keytouch | [] |
+ keytouch-editor | [] |
+ keytouch-keyboa... | [] |
+ latrine | |
+ ld | [] |
+ leafpad | [] [] [] [] [] [] |
+ libc | [] [] [] [] |
+ libexif | [] [] |
+ libextractor | [] [] |
+ libgpewidget | [] [] [] [] [] [] [] [] |
+ libgpg-error | [] [] [] |
+ libgphoto2 | [] |
+ libgphoto2_port | [] [] [] |
+ libgsasl | [] [] [] [] |
+ libiconv | [] [] [] |
+ libidn | [] [] () |
+ lifelines | [] [] |
+ lilypond | |
+ lingoteach | [] |
+ lprng | [] |
+ lynx | [] [] [] |
+ m4 | [] [] [] [] [] |
+ mailfromd | [] |
+ mailutils | [] [] [] |
+ make | [] [] [] [] |
+ man-db | [] [] [] [] |
+ minicom | [] [] [] [] [] |
+ nano | [] [] [] [] |
+ opcodes | [] [] |
+ parted | [] |
+ pilot-qof | |
+ popt | [] [] [] [] |
+ psmisc | [] [] |
+ pwdutils | [] [] |
+ qof | [] [] |
+ radius | [] [] |
+ recode | [] [] [] [] [] [] [] |
+ rpm | [] [] [] [] |
+ screem | |
+ scrollkeeper | [] [] [] [] [] [] [] |
+ sed | [] [] [] [] [] [] [] [] [] |
+ shared-mime-info | [] [] [] [] [] [] |
+ sharutils | [] [] [] [] |
+ shishi | [] |
+ skencil | [] [] [] |
+ solfege | [] |
+ soundtracker | [] [] |
+ sp | |
+ system-tools-ba... | [] [] [] [] [] [] [] [] [] |
+ tar | [] [] [] [] |
+ texinfo | [] [] [] [] |
+ tin | () |
+ tuxpaint | [] [] [] [] [] [] |
+ unicode-han-tra... | |
+ unicode-transla... | |
+ util-linux | [] [] [] [] |
+ util-linux-ng | [] [] [] [] |
+ vorbis-tools | [] |
+ wastesedge | |
+ wdiff | [] [] [] [] [] [] [] |
+ wget | [] [] [] [] |
+ xchat | [] [] [] [] [] [] [] |
+ xkeyboard-config | [] [] [] |
+ xpad | [] [] [] |
+ +--------------------------------------------------+
+ or pa pl pt pt_BR rm ro ru rw sk sl sq sr sv ta
+ 0 5 77 31 53 4 58 72 3 45 46 9 45 122 3
+
+ tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu
+ +---------------------------------------------------+
+ Compendium | [] [] [] [] | 19
+ a2ps | [] [] [] | 19
+ aegis | [] | 1
+ ant-phone | [] [] | 6
+ anubis | [] [] [] | 11
+ ap-utils | () [] | 4
+ aspell | [] [] [] | 16
+ bash | [] | 6
+ bfd | | 2
+ bibshelf | [] | 7
+ binutils | [] [] [] [] | 9
+ bison | [] [] [] [] | 20
+ bison-runtime | [] [] [] [] | 18
+ bluez-pin | [] [] [] [] [] [] | 28
+ cflow | [] [] | 5
+ clisp | | 9
+ console-tools | [] [] | 5
+ coreutils | [] [] [] | 18
+ cpio | [] [] [] [] | 11
+ cpplib | [] [] [] [] [] | 12
+ cryptonit | [] | 6
+ dialog | [] [] [] | 9
+ diffutils | [] [] [] [] [] | 29
+ doodle | [] | 6
+ e2fsprogs | [] [] | 10
+ enscript | [] [] [] | 16
+ fetchmail | [] [] | 12
+ findutils | [] [] [] | 11
+ findutils_stable | [] [] [] [] | 18
+ flex | [] [] | 15
+ fslint | [] | 2
+ gas | [] | 3
+ gawk | [] [] [] | 16
+ gcal | [] | 5
+ gcc | [] [] [] | 7
+ gettext-examples | [] [] [] [] [] [] | 29
+ gettext-runtime | [] [] [] [] [] [] | 28
+ gettext-tools | [] [] [] [] [] | 20
+ gip | [] [] | 13
+ gliv | [] [] | 11
+ glunarclock | [] [] [] | 15
+ gmult | [] [] [] [] | 16
+ gnubiff | [] | 2
+ gnucash | () [] | 5
+ gnuedu | [] | 2
+ gnulib | [] | 10
+ gnunet | | 0
+ gnunet-gtk | [] [] | 3
+ gnutls | | 4
+ gpe-aerial | [] [] | 14
+ gpe-beam | [] [] | 14
+ gpe-calendar | [] [] | 7
+ gpe-clock | [] [] [] [] | 21
+ gpe-conf | [] [] [] | 16
+ gpe-contacts | [] [] | 10
+ gpe-edit | [] [] [] [] [] | 22
+ gpe-filemanager | [] [] | 7
+ gpe-go | [] [] [] [] | 19
+ gpe-login | [] [] [] [] [] | 21
+ gpe-ownerinfo | [] [] [] [] | 21
+ gpe-package | [] | 6
+ gpe-sketchbook | [] [] | 16
+ gpe-su | [] [] [] [] | 21
+ gpe-taskmanager | [] [] [] [] | 21
+ gpe-timesheet | [] [] [] [] | 18
+ gpe-today | [] [] [] [] [] | 21
+ gpe-todo | [] [] | 8
+ gphoto2 | [] [] [] [] | 21
+ gprof | [] [] | 13
+ gpsdrive | [] | 5
+ gramadoir | [] | 7
+ grep | [] | 12
+ gretl | | 6
+ gsasl | [] [] [] | 9
+ gss | [] | 7
+ gst-plugins-bad | [] [] [] | 13
+ gst-plugins-base | [] [] | 11
+ gst-plugins-good | [] [] [] [] [] | 16
+ gst-plugins-ugly | [] [] [] | 13
+ gstreamer | [] [] [] | 18
+ gtick | [] [] | 7
+ gtkam | [] | 16
+ gtkorphan | [] | 7
+ gtkspell | [] [] [] [] [] [] | 27
+ gutenprint | | 4
+ hello | [] [] [] [] [] | 38
+ herrie | [] [] | 8
+ hylafax | | 0
+ idutils | [] [] | 15
+ indent | [] [] [] [] [] | 28
+ iso_15924 | [] [] | 4
+ iso_3166 | [] [] [] [] [] [] [] [] [] | 54
+ iso_3166_2 | [] [] | 4
+ iso_4217 | [] [] [] [] [] | 24
+ iso_639 | [] [] [] [] [] | 26
+ jpilot | [] [] [] [] | 7
+ jtag | [] | 3
+ jwhois | [] [] [] | 13
+ kbd | [] [] [] | 13
+ keytouch | [] | 8
+ keytouch-editor | [] | 5
+ keytouch-keyboa... | [] | 5
+ latrine | [] [] | 5
+ ld | [] [] [] [] | 10
+ leafpad | [] [] [] [] [] | 24
+ libc | [] [] [] | 19
+ libexif | [] | 5
+ libextractor | [] | 5
+ libgpewidget | [] [] [] | 20
+ libgpg-error | [] | 6
+ libgphoto2 | [] [] | 9
+ libgphoto2_port | [] [] [] | 11
+ libgsasl | [] | 8
+ libiconv | [] [] | 11
+ libidn | [] [] | 11
+ lifelines | | 4
+ lilypond | [] | 6
+ lingoteach | [] | 6
+ lprng | [] | 2
+ lynx | [] [] [] | 15
+ m4 | [] [] [] | 18
+ mailfromd | [] [] | 3
+ mailutils | [] [] | 8
+ make | [] [] [] | 20
+ man-db | [] | 9
+ minicom | [] | 14
+ nano | [] [] [] | 20
+ opcodes | [] [] | 10
+ parted | [] [] [] | 11
+ pilot-qof | [] | 1
+ popt | [] [] [] [] | 18
+ psmisc | [] [] | 10
+ pwdutils | [] | 3
+ qof | [] | 4
+ radius | [] [] | 7
+ recode | [] [] [] | 25
+ rpm | [] [] [] [] | 13
+ screem | [] | 2
+ scrollkeeper | [] [] [] [] | 26
+ sed | [] [] [] [] | 23
+ shared-mime-info | [] [] [] | 29
+ sharutils | [] [] [] | 23
+ shishi | [] | 3
+ skencil | [] | 7
+ solfege | [] | 3
+ soundtracker | [] [] | 9
+ sp | [] | 3
+ system-tools-ba... | [] [] [] [] [] [] [] | 38
+ tar | [] [] [] | 17
+ texinfo | [] [] [] | 15
+ tin | | 1
+ tuxpaint | [] [] [] | 19
+ unicode-han-tra... | | 0
+ unicode-transla... | | 2
+ util-linux | [] [] [] | 20
+ util-linux-ng | [] [] [] | 20
+ vorbis-tools | [] [] | 4
+ wastesedge | | 1
+ wdiff | [] [] | 23
+ wget | [] [] [] | 20
+ xchat | [] [] [] [] | 29
+ xkeyboard-config | [] [] [] | 14
+ xpad | [] [] [] | 15
+ +---------------------------------------------------+
+ 76 teams tg th tk tr uk ven vi wa xh zh_CN zh_HK zh_TW zu
+ 163 domains 0 3 1 74 51 0 143 21 1 57 7 45 0 2036
+
+ Some counters in the preceding matrix are higher than the number of
+visible blocks let us expect. This is because a few extra PO files are
+used for implementing regional variants of languages, or language
+dialects.
+
+ For a PO file in the matrix above to be effective, the package to
+which it applies should also have been internationalized and
+distributed as such by its maintainer. There might be an observable
+lag between the mere existence a PO file and its wide availability in a
+distribution.
+
+ If November 2007 seems to be old, you may fetch a more recent copy
+of this `ABOUT-NLS' file on most GNU archive sites. The most
+up-to-date matrix with full percentage details can be found at
+`http://translationproject.org/extra/matrix.html'.
+
+1.6 Using `gettext' in new packages
+===================================
+
+If you are writing a freely available program and want to
+internationalize it you are welcome to use GNU `gettext' in your
+package. Of course you have to respect the GNU Library General Public
+License which covers the use of the GNU `gettext' library. This means
+in particular that even non-free programs can use `libintl' as a shared
+library, whereas only free software can use `libintl' as a static
+library or use modified versions of `libintl'.
+
+ Once the sources are changed appropriately and the setup can handle
+the use of `gettext' the only thing missing are the translations. The
+Free Translation Project is also available for packages which are not
+developed inside the GNU project. Therefore the information given above
+applies also for every other Free Software Project. Contact
+`coordinator@translationproject.org' to make the `.pot' files available
+to the translation teams.
+
--- /dev/null
+See ../AUTHORS.
--- /dev/null
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+\f
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+\f
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+\f
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+\f
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+\f
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+\f
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+\f
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+\f
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+\f
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the library's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ <signature of Ty Coon>, 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
+
+
--- /dev/null
+Installation Instructions
+*************************
+
+Copyright (C) 1994, 1995, 1996, 1999, 2000, 2001, 2002, 2004, 2005,
+2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+
+ Copying and distribution of this file, with or without modification,
+are permitted in any medium without royalty provided the copyright
+notice and this notice are preserved. This file is offered as-is,
+without warranty of any kind.
+
+Basic Installation
+==================
+
+ Briefly, the shell commands `./configure; make; make install' should
+configure, build, and install this package. The following
+more-detailed instructions are generic; see the `README' file for
+instructions specific to this package. Some packages provide this
+`INSTALL' file but do not implement all of the features documented
+below. The lack of an optional feature in a given package is not
+necessarily a bug. More recommendations for GNU packages can be found
+in *note Makefile Conventions: (standards)Makefile Conventions.
+
+ The `configure' shell script attempts to guess correct values for
+various system-dependent variables used during compilation. It uses
+those values to create a `Makefile' in each directory of the package.
+It may also create one or more `.h' files containing system-dependent
+definitions. Finally, it creates a shell script `config.status' that
+you can run in the future to recreate the current configuration, and a
+file `config.log' containing compiler output (useful mainly for
+debugging `configure').
+
+ It can also use an optional file (typically called `config.cache'
+and enabled with `--cache-file=config.cache' or simply `-C') that saves
+the results of its tests to speed up reconfiguring. Caching is
+disabled by default to prevent problems with accidental use of stale
+cache files.
+
+ If you need to do unusual things to compile the package, please try
+to figure out how `configure' could check whether to do them, and mail
+diffs or instructions to the address given in the `README' so they can
+be considered for the next release. If you are using the cache, and at
+some point `config.cache' contains results you don't want to keep, you
+may remove or edit it.
+
+ The file `configure.ac' (or `configure.in') is used to create
+`configure' by a program called `autoconf'. You need `configure.ac' if
+you want to change it or regenerate `configure' using a newer version
+of `autoconf'.
+
+ The simplest way to compile this package is:
+
+ 1. `cd' to the directory containing the package's source code and type
+ `./configure' to configure the package for your system.
+
+ Running `configure' might take a while. While running, it prints
+ some messages telling which features it is checking for.
+
+ 2. Type `make' to compile the package.
+
+ 3. Optionally, type `make check' to run any self-tests that come with
+ the package, generally using the just-built uninstalled binaries.
+
+ 4. Type `make install' to install the programs and any data files and
+ documentation. When installing into a prefix owned by root, it is
+ recommended that the package be configured and built as a regular
+ user, and only the `make install' phase executed with root
+ privileges.
+
+ 5. Optionally, type `make installcheck' to repeat any self-tests, but
+ this time using the binaries in their final installed location.
+ This target does not install anything. Running this target as a
+ regular user, particularly if the prior `make install' required
+ root privileges, verifies that the installation completed
+ correctly.
+
+ 6. You can remove the program binaries and object files from the
+ source code directory by typing `make clean'. To also remove the
+ files that `configure' created (so you can compile the package for
+ a different kind of computer), type `make distclean'. There is
+ also a `make maintainer-clean' target, but that is intended mainly
+ for the package's developers. If you use it, you may have to get
+ all sorts of other programs in order to regenerate files that came
+ with the distribution.
+
+ 7. Often, you can also type `make uninstall' to remove the installed
+ files again. In practice, not all packages have tested that
+ uninstallation works correctly, even though it is required by the
+ GNU Coding Standards.
+
+ 8. Some packages, particularly those that use Automake, provide `make
+ distcheck', which can by used by developers to test that all other
+ targets like `make install' and `make uninstall' work correctly.
+ This target is generally not run by end users.
+
+Compilers and Options
+=====================
+
+ Some systems require unusual options for compilation or linking that
+the `configure' script does not know about. Run `./configure --help'
+for details on some of the pertinent environment variables.
+
+ You can give `configure' initial values for configuration parameters
+by setting variables in the command line or in the environment. Here
+is an example:
+
+ ./configure CC=c99 CFLAGS=-g LIBS=-lposix
+
+ *Note Defining Variables::, for more details.
+
+Compiling For Multiple Architectures
+====================================
+
+ You can compile the package for more than one kind of computer at the
+same time, by placing the object files for each architecture in their
+own directory. To do this, you can use GNU `make'. `cd' to the
+directory where you want the object files and executables to go and run
+the `configure' script. `configure' automatically checks for the
+source code in the directory that `configure' is in and in `..'. This
+is known as a "VPATH" build.
+
+ With a non-GNU `make', it is safer to compile the package for one
+architecture at a time in the source code directory. After you have
+installed the package for one architecture, use `make distclean' before
+reconfiguring for another architecture.
+
+ On MacOS X 10.5 and later systems, you can create libraries and
+executables that work on multiple system types--known as "fat" or
+"universal" binaries--by specifying multiple `-arch' options to the
+compiler but only a single `-arch' option to the preprocessor. Like
+this:
+
+ ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+ CPP="gcc -E" CXXCPP="g++ -E"
+
+ This is not guaranteed to produce working output in all cases, you
+may have to build one architecture at a time and combine the results
+using the `lipo' tool if you have problems.
+
+Installation Names
+==================
+
+ By default, `make install' installs the package's commands under
+`/usr/local/bin', include files under `/usr/local/include', etc. You
+can specify an installation prefix other than `/usr/local' by giving
+`configure' the option `--prefix=PREFIX', where PREFIX must be an
+absolute file name.
+
+ You can specify separate installation prefixes for
+architecture-specific files and architecture-independent files. If you
+pass the option `--exec-prefix=PREFIX' to `configure', the package uses
+PREFIX as the prefix for installing programs and libraries.
+Documentation and other data files still use the regular prefix.
+
+ In addition, if you use an unusual directory layout you can give
+options like `--bindir=DIR' to specify different values for particular
+kinds of files. Run `configure --help' for a list of the directories
+you can set and what kinds of files go in them. In general, the
+default for these options is expressed in terms of `${prefix}', so that
+specifying just `--prefix' will affect all of the other directory
+specifications that were not explicitly provided.
+
+ The most portable way to affect installation locations is to pass the
+correct locations to `configure'; however, many packages provide one or
+both of the following shortcuts of passing variable assignments to the
+`make install' command line to change installation locations without
+having to reconfigure or recompile.
+
+ The first method involves providing an override variable for each
+affected directory. For example, `make install
+prefix=/alternate/directory' will choose an alternate location for all
+directory configuration variables that were expressed in terms of
+`${prefix}'. Any directories that were specified during `configure',
+but not in terms of `${prefix}', must each be overridden at install
+time for the entire installation to be relocated. The approach of
+makefile variable overrides for each directory variable is required by
+the GNU Coding Standards, and ideally causes no recompilation.
+However, some platforms have known limitations with the semantics of
+shared libraries that end up requiring recompilation when using this
+method, particularly noticeable in packages that use GNU Libtool.
+
+ The second method involves providing the `DESTDIR' variable. For
+example, `make install DESTDIR=/alternate/directory' will prepend
+`/alternate/directory' before all installation names. The approach of
+`DESTDIR' overrides is not required by the GNU Coding Standards, and
+does not work on platforms that have drive letters. On the other hand,
+it does better at avoiding recompilation issues, and works well even
+when some directory options were not specified in terms of `${prefix}'
+at `configure' time.
+
+Optional Features
+=================
+
+ If the package supports it, you can cause programs to be installed
+with an extra prefix or suffix on their names by giving `configure' the
+option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
+
+ Some packages pay attention to `--enable-FEATURE' options to
+`configure', where FEATURE indicates an optional part of the package.
+They may also pay attention to `--with-PACKAGE' options, where PACKAGE
+is something like `gnu-as' or `x' (for the X Window System). The
+`README' should mention any `--enable-' and `--with-' options that the
+package recognizes.
+
+ For packages that use the X Window System, `configure' can usually
+find the X include and library files automatically, but if it doesn't,
+you can use the `configure' options `--x-includes=DIR' and
+`--x-libraries=DIR' to specify their locations.
+
+ Some packages offer the ability to configure how verbose the
+execution of `make' will be. For these packages, running `./configure
+--enable-silent-rules' sets the default to minimal output, which can be
+overridden with `make V=1'; while running `./configure
+--disable-silent-rules' sets the default to verbose, which can be
+overridden with `make V=0'.
+
+Particular systems
+==================
+
+ On HP-UX, the default C compiler is not ANSI C compatible. If GNU
+CC is not installed, it is recommended to use the following options in
+order to use an ANSI C compiler:
+
+ ./configure CC="cc -Ae -D_XOPEN_SOURCE=500"
+
+and if that doesn't work, install pre-built binaries of GCC for HP-UX.
+
+ On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot
+parse its `<wchar.h>' header file. The option `-nodtk' can be used as
+a workaround. If GNU CC is not installed, it is therefore recommended
+to try
+
+ ./configure CC="cc"
+
+and if that doesn't work, try
+
+ ./configure CC="cc -nodtk"
+
+ On Solaris, don't put `/usr/ucb' early in your `PATH'. This
+directory contains several dysfunctional programs; working variants of
+these programs are available in `/usr/bin'. So, if you need `/usr/ucb'
+in your `PATH', put it _after_ `/usr/bin'.
+
+ On Haiku, software installed for all users goes in `/boot/common',
+not `/usr/local'. It is recommended to use the following options:
+
+ ./configure --prefix=/boot/common
+
+Specifying the System Type
+==========================
+
+ There may be some features `configure' cannot figure out
+automatically, but needs to determine by the type of machine the package
+will run on. Usually, assuming the package is built to be run on the
+_same_ architectures, `configure' can figure that out, but if it prints
+a message saying it cannot guess the machine type, give it the
+`--build=TYPE' option. TYPE can either be a short name for the system
+type, such as `sun4', or a canonical name which has the form:
+
+ CPU-COMPANY-SYSTEM
+
+where SYSTEM can have one of these forms:
+
+ OS
+ KERNEL-OS
+
+ See the file `config.sub' for the possible values of each field. If
+`config.sub' isn't included in this package, then this package doesn't
+need to know the machine type.
+
+ If you are _building_ compiler tools for cross-compiling, you should
+use the option `--target=TYPE' to select the type of system they will
+produce code for.
+
+ If you want to _use_ a cross compiler, that generates code for a
+platform different from the build platform, you should specify the
+"host" platform (i.e., that on which the generated programs will
+eventually be run) with `--host=TYPE'.
+
+Sharing Defaults
+================
+
+ If you want to set default values for `configure' scripts to share,
+you can create a site shell script called `config.site' that gives
+default values for variables like `CC', `cache_file', and `prefix'.
+`configure' looks for `PREFIX/share/config.site' if it exists, then
+`PREFIX/etc/config.site' if it exists. Or, you can set the
+`CONFIG_SITE' environment variable to the location of the site script.
+A warning: not all `configure' scripts look for a site script.
+
+Defining Variables
+==================
+
+ Variables not defined in a site shell script can be set in the
+environment passed to `configure'. However, some packages may run
+configure again during the build, and the customized values of these
+variables may be lost. In order to avoid this problem, you should set
+them in the `configure' command line, using `VAR=value'. For example:
+
+ ./configure CC=/usr/local2/bin/gcc
+
+causes the specified `gcc' to be used as the C compiler (unless it is
+overridden in the site shell script).
+
+Unfortunately, this technique does not work for `CONFIG_SHELL' due to
+an Autoconf bug. Until the bug is fixed you can use this workaround:
+
+ CONFIG_SHELL=/bin/bash /bin/bash ./configure CONFIG_SHELL=/bin/bash
+
+`configure' Invocation
+======================
+
+ `configure' recognizes the following options to control how it
+operates.
+
+`--help'
+`-h'
+ Print a summary of all of the options to `configure', and exit.
+
+`--help=short'
+`--help=recursive'
+ Print a summary of the options unique to this package's
+ `configure', and exit. The `short' variant lists options used
+ only in the top level, while the `recursive' variant lists options
+ also present in any nested packages.
+
+`--version'
+`-V'
+ Print the version of Autoconf used to generate the `configure'
+ script, and exit.
+
+`--cache-file=FILE'
+ Enable the cache: use and save the results of the tests in FILE,
+ traditionally `config.cache'. FILE defaults to `/dev/null' to
+ disable caching.
+
+`--config-cache'
+`-C'
+ Alias for `--cache-file=config.cache'.
+
+`--quiet'
+`--silent'
+`-q'
+ Do not print messages saying which checks are being made. To
+ suppress all normal output, redirect it to `/dev/null' (any error
+ messages will still be shown).
+
+`--srcdir=DIR'
+ Look for the package's source code in directory DIR. Usually
+ `configure' can determine that directory automatically.
+
+`--prefix=DIR'
+ Use DIR as the installation prefix. *note Installation Names::
+ for more details, including other options available for fine-tuning
+ the installation locations.
+
+`--no-create'
+`-n'
+ Run the configure checks, but stop before creating any output
+ files.
+
+`configure' also accepts some other, not widely useful, options. Run
+`configure --help' for more details.
+
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2009, 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+ACLOCAL_AMFLAGS = -I m4 -I gl/m4
+#ACLOCAL_AMFLAGS = -I m4
+
+SUBDIRS = gl po includes x509
+#SUBDIRS = po includes x509
+if ENABLE_MINITASN1
+SUBDIRS += minitasn1
+endif
+
+localedir = $(datadir)/locale
+
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = \
+ -DLOCALEDIR=\"$(localedir)\" \
+ -I$(srcdir)/gl \
+ -I$(builddir)/gl \
+ -I$(srcdir)/includes \
+ -I$(builddir)/includes \
+ -I$(srcdir)/x509
+
+
+
+
+if ENABLE_OPENPGP
+SUBDIRS += opencdk
+SUBDIRS += openpgp
+AM_CPPFLAGS += -I$(srcdir)/opencdk
+endif
+
+if ENABLE_MINITASN1
+AM_CPPFLAGS += -I$(srcdir)/minitasn1
+endif
+
+# Pkg-config script.
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = gnutls.pc
+DISTCLEANFILES = $(pkgconfig_DATA)
+
+lib_LTLIBRARIES = libgnutls.la
+
+SRP_COBJECTS = ext_srp.c gnutls_srp.c auth_srp.c auth_srp_passwd.c \
+ auth_srp_sb64.c auth_srp_rsa.c
+
+PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
+ auth_dhe_psk.c gnutls_psk_netconf.c
+
+SESSION_TICKET_COBJECTS = ext_session_ticket.c
+
+COBJECTS = gnutls_record.c gnutls_compress.c debug.c gnutls_cipher.c \
+ gnutls_mbuffers.c gnutls_buffers.c gnutls_handshake.c gnutls_num.c \
+ gnutls_errors.c gnutls_algorithms.c gnutls_dh.c gnutls_kx.c \
+ gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c \
+ gnutls_session.c gnutls_db.c x509_b64.c auth_anon.c \
+ gnutls_extensions.c gnutls_auth.c gnutls_v2_compat.c \
+ gnutls_datum.c auth_rsa.c gnutls_session_pack.c gnutls_mpi.c \
+ gnutls_pk.c gnutls_cert.c gnutls_global.c gnutls_constate.c \
+ gnutls_anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \
+ gnutls_mem.c auth_cert.c gnutls_ui.c gnutls_sig.c auth_dhe.c \
+ gnutls_dh_primes.c ext_max_record.c gnutls_alert.c \
+ gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \
+ gnutls_rsa_export.c auth_rsa_export.c ext_server_name.c \
+ auth_dh_common.c gnutls_helper.c gnutls_supplemental.c \
+ crypto.c random.c ext_signature.c cryptodev.c system.c \
+ crypto-api.c ext_safe_renegotiation.c gnutls_privkey.c \
+ pkcs11.c pkcs11_privkey.c gnutls_pubkey.c pkcs11_write.c locks.c \
+ pkcs11_secret.c
+
+
+if ENABLE_NETTLE
+SUBDIRS += nettle
+else
+SUBDIRS += gcrypt
+endif
+
+HFILES = abstract_int.h debug.h gnutls_compress.h gnutls_cipher.h \
+ gnutls_buffers.h gnutls_errors.h gnutls_int.h \
+ gnutls_handshake.h gnutls_num.h gnutls_algorithms.h \
+ gnutls_dh.h gnutls_kx.h gnutls_hash_int.h gnutls_cipher_int.h \
+ gnutls_db.h gnutls_auth.h auth_anon.h gnutls_extensions.h \
+ x509_b64.h gnutls_v2_compat.h gnutls_datum.h auth_cert.h \
+ gnutls_mpi.h gnutls_pk.h gnutls_record.h gnutls_cert.h \
+ gnutls_constate.h gnutls_global.h gnutls_sig.h gnutls_mem.h \
+ ext_max_record.h gnutls_session_pack.h gnutls_str.h \
+ gnutls_state.h gnutls_x509.h ext_cert_type.h \
+ gnutls_rsa_export.h ext_server_name.h auth_dh_common.h \
+ ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h \
+ gnutls_helper.h auth_psk.h auth_psk_passwd.h \
+ gnutls_supplemental.h crypto.h random.h system.h \
+ ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
+ ext_safe_renegotiation.h locks.h gnutls_mbuffers.h \
+ pkcs11_int.h
+
+if ENABLE_LOCAL_PAKCHOIS
+COBJECTS+=pakchois/pakchois.c pakchois/errors.c pakchois/dlopen.c
+HFILES+=pakchois/pakchois.h pakchois/pakchois11.h pakchois/dlopen.h
+endif
+
+# Separate so we can create the documentation
+
+libgnutls_la_SOURCES = $(HFILES) $(COBJECTS) $(SRP_COBJECTS) \
+ $(PSK_COBJECTS) $(SESSION_TICKET_COBJECTS) \
+ gnutls.asn pkix.asn libgnutls.map
+
+libgnutls_la_LDFLAGS = -no-undefined \
+ -version-info $(LT_CURRENT):$(LT_REVISION):$(LT_AGE)
+
+#libgnutls_la_LIBADD = x509/libgnutls_x509.la
+libgnutls_la_LIBADD = gl/liblgnu.la x509/libgnutls_x509.la \
+ $(LTLIBZ) $(LTLIBINTL) $(LIBSOCKET)
+
+if ENABLE_OPENPGP
+libgnutls_la_LIBADD += openpgp/libgnutls_openpgp.la
+libgnutls_la_LIBADD += opencdk/libminiopencdk.la
+endif
+
+#if HAVE_LD_VERSION_SCRIPT
+libgnutls_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libgnutls.map
+#else
+#libgnutls_la_LDFLAGS += -export-symbols-regex '^(gnutls|_gnutls).*'
+#endif
+
+if ENABLE_MINITASN1
+libgnutls_la_LIBADD += minitasn1/libminitasn1.la
+else
+libgnutls_la_LDFLAGS += $(LTLIBTASN1)
+endif
+
+libgnutls_la_LDFLAGS += $(LTLIBPAKCHOIS)
+
+if ENABLE_NETTLE
+libgnutls_la_LDFLAGS += $(LTLIBNETTLE) $(NETTLE_LIBS)
+libgnutls_la_LIBADD += nettle/libcrypto.la
+else
+libgnutls_la_LDFLAGS += $(LTLIBGCRYPT)
+libgnutls_la_LIBADD += gcrypt/libcrypto.la
+endif
+
+#if HAVE_LD_OUTPUT_DEF
+#libgnutls_la_LDFLAGS += -Wl,--output-def,libgnutls-$(DLL_VERSION).def
+#defexecdir = $(bindir)
+#defexec_DATA = libgnutls-$(DLL_VERSION).def
+#DISTCLEANFILES += $(defexec_DATA)
+#endif
+
+# C++ library
+
+if ENABLE_CXX
+libgnutlsxx_la_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes
+
+AM_CXXFLAGS = -I$(top_srcdir)/includes/
+
+lib_LTLIBRARIES += libgnutlsxx.la
+
+libgnutlsxx_la_SOURCES = gnutlsxx.cpp libgnutlsxx.map
+
+libgnutlsxx_la_LDFLAGS = -no-undefined \
+ -version-info $(CXX_LT_CURRENT):$(CXX_LT_REVISION):$(CXX_LT_AGE)
+
+libgnutlsxx_la_LIBADD = libgnutls.la
+
+#if HAVE_LD_VERSION_SCRIPT
+libgnutlsxx_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libgnutlsxx.map
+#endif
+endif
+
+pkix_asn1_tab.c: pkix.asn
+ -asn1Parser pkix.asn pkix_asn1_tab.c
+
+gnutls_asn1_tab.c: gnutls.asn
+ -asn1Parser gnutls.asn gnutls_asn1_tab.c
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2009, 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+#SUBDIRS = po includes x509
+@ENABLE_MINITASN1_TRUE@am__append_1 = minitasn1
+@ENABLE_OPENPGP_TRUE@am__append_2 = opencdk openpgp
+@ENABLE_OPENPGP_TRUE@am__append_3 = -I$(srcdir)/opencdk
+@ENABLE_MINITASN1_TRUE@am__append_4 = -I$(srcdir)/minitasn1
+@ENABLE_NETTLE_TRUE@am__append_5 = nettle
+@ENABLE_NETTLE_FALSE@am__append_6 = gcrypt
+@ENABLE_LOCAL_PAKCHOIS_TRUE@am__append_7 = pakchois/pakchois.c pakchois/errors.c pakchois/dlopen.c
+@ENABLE_LOCAL_PAKCHOIS_TRUE@am__append_8 = pakchois/pakchois.h pakchois/pakchois11.h pakchois/dlopen.h
+@ENABLE_OPENPGP_TRUE@am__append_9 = openpgp/libgnutls_openpgp.la \
+@ENABLE_OPENPGP_TRUE@ opencdk/libminiopencdk.la
+#else
+#libgnutls_la_LDFLAGS += -export-symbols-regex '^(gnutls|_gnutls).*'
+#endif
+@ENABLE_MINITASN1_TRUE@am__append_10 = minitasn1/libminitasn1.la
+@ENABLE_MINITASN1_FALSE@am__append_11 = $(LTLIBTASN1)
+@ENABLE_NETTLE_TRUE@am__append_12 = $(LTLIBNETTLE) $(NETTLE_LIBS)
+@ENABLE_NETTLE_TRUE@am__append_13 = nettle/libcrypto.la
+@ENABLE_NETTLE_FALSE@am__append_14 = $(LTLIBGCRYPT)
+@ENABLE_NETTLE_FALSE@am__append_15 = gcrypt/libcrypto.la
+@ENABLE_CXX_TRUE@am__append_16 = libgnutlsxx.la
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+ $(srcdir)/gnutls.pc.in $(top_srcdir)/configure \
+ $(top_srcdir)/includes/gnutls/gnutls.h.in ABOUT-NLS AUTHORS \
+ COPYING ChangeLog INSTALL NEWS config.guess config.rpath \
+ config.sub depcomp install-sh ltmain.sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES = gnutls.pc includes/gnutls/gnutls.h
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libgnutls_la_DEPENDENCIES = gl/liblgnu.la x509/libgnutls_x509.la \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_9) \
+ $(am__append_10) $(am__append_13) $(am__append_15)
+am__libgnutls_la_SOURCES_DIST = abstract_int.h debug.h \
+ gnutls_compress.h gnutls_cipher.h gnutls_buffers.h \
+ gnutls_errors.h gnutls_int.h gnutls_handshake.h gnutls_num.h \
+ gnutls_algorithms.h gnutls_dh.h gnutls_kx.h gnutls_hash_int.h \
+ gnutls_cipher_int.h gnutls_db.h gnutls_auth.h auth_anon.h \
+ gnutls_extensions.h x509_b64.h gnutls_v2_compat.h \
+ gnutls_datum.h auth_cert.h gnutls_mpi.h gnutls_pk.h \
+ gnutls_record.h gnutls_cert.h gnutls_constate.h \
+ gnutls_global.h gnutls_sig.h gnutls_mem.h ext_max_record.h \
+ gnutls_session_pack.h gnutls_str.h gnutls_state.h \
+ gnutls_x509.h ext_cert_type.h gnutls_rsa_export.h \
+ ext_server_name.h auth_dh_common.h ext_srp.h gnutls_srp.h \
+ auth_srp.h auth_srp_passwd.h gnutls_helper.h auth_psk.h \
+ auth_psk_passwd.h gnutls_supplemental.h crypto.h random.h \
+ system.h ext_session_ticket.h ext_signature.h \
+ gnutls_cryptodev.h ext_safe_renegotiation.h locks.h \
+ gnutls_mbuffers.h pkcs11_int.h pakchois/pakchois.h \
+ pakchois/pakchois11.h pakchois/dlopen.h gnutls_record.c \
+ gnutls_compress.c debug.c gnutls_cipher.c gnutls_mbuffers.c \
+ gnutls_buffers.c gnutls_handshake.c gnutls_num.c \
+ gnutls_errors.c gnutls_algorithms.c gnutls_dh.c gnutls_kx.c \
+ gnutls_priority.c gnutls_hash_int.c gnutls_cipher_int.c \
+ gnutls_session.c gnutls_db.c x509_b64.c auth_anon.c \
+ gnutls_extensions.c gnutls_auth.c gnutls_v2_compat.c \
+ gnutls_datum.c auth_rsa.c gnutls_session_pack.c gnutls_mpi.c \
+ gnutls_pk.c gnutls_cert.c gnutls_global.c gnutls_constate.c \
+ gnutls_anon_cred.c pkix_asn1_tab.c gnutls_asn1_tab.c \
+ gnutls_mem.c auth_cert.c gnutls_ui.c gnutls_sig.c auth_dhe.c \
+ gnutls_dh_primes.c ext_max_record.c gnutls_alert.c \
+ gnutls_str.c gnutls_state.c gnutls_x509.c ext_cert_type.c \
+ gnutls_rsa_export.c auth_rsa_export.c ext_server_name.c \
+ auth_dh_common.c gnutls_helper.c gnutls_supplemental.c \
+ crypto.c random.c ext_signature.c cryptodev.c system.c \
+ crypto-api.c ext_safe_renegotiation.c gnutls_privkey.c \
+ pkcs11.c pkcs11_privkey.c gnutls_pubkey.c pkcs11_write.c \
+ locks.c pkcs11_secret.c pakchois/pakchois.c pakchois/errors.c \
+ pakchois/dlopen.c ext_srp.c gnutls_srp.c auth_srp.c \
+ auth_srp_passwd.c auth_srp_sb64.c auth_srp_rsa.c auth_psk.c \
+ auth_psk_passwd.c gnutls_psk.c auth_dhe_psk.c \
+ gnutls_psk_netconf.c ext_session_ticket.c gnutls.asn pkix.asn \
+ libgnutls.map
+am__objects_1 =
+am__objects_2 = $(am__objects_1)
+@ENABLE_LOCAL_PAKCHOIS_TRUE@am__objects_3 = pakchois.lo errors.lo \
+@ENABLE_LOCAL_PAKCHOIS_TRUE@ dlopen.lo
+am__objects_4 = gnutls_record.lo gnutls_compress.lo debug.lo \
+ gnutls_cipher.lo gnutls_mbuffers.lo gnutls_buffers.lo \
+ gnutls_handshake.lo gnutls_num.lo gnutls_errors.lo \
+ gnutls_algorithms.lo gnutls_dh.lo gnutls_kx.lo \
+ gnutls_priority.lo gnutls_hash_int.lo gnutls_cipher_int.lo \
+ gnutls_session.lo gnutls_db.lo x509_b64.lo auth_anon.lo \
+ gnutls_extensions.lo gnutls_auth.lo gnutls_v2_compat.lo \
+ gnutls_datum.lo auth_rsa.lo gnutls_session_pack.lo \
+ gnutls_mpi.lo gnutls_pk.lo gnutls_cert.lo gnutls_global.lo \
+ gnutls_constate.lo gnutls_anon_cred.lo pkix_asn1_tab.lo \
+ gnutls_asn1_tab.lo gnutls_mem.lo auth_cert.lo gnutls_ui.lo \
+ gnutls_sig.lo auth_dhe.lo gnutls_dh_primes.lo \
+ ext_max_record.lo gnutls_alert.lo gnutls_str.lo \
+ gnutls_state.lo gnutls_x509.lo ext_cert_type.lo \
+ gnutls_rsa_export.lo auth_rsa_export.lo ext_server_name.lo \
+ auth_dh_common.lo gnutls_helper.lo gnutls_supplemental.lo \
+ crypto.lo random.lo ext_signature.lo cryptodev.lo system.lo \
+ crypto-api.lo ext_safe_renegotiation.lo gnutls_privkey.lo \
+ pkcs11.lo pkcs11_privkey.lo gnutls_pubkey.lo pkcs11_write.lo \
+ locks.lo pkcs11_secret.lo $(am__objects_3)
+am__objects_5 = ext_srp.lo gnutls_srp.lo auth_srp.lo \
+ auth_srp_passwd.lo auth_srp_sb64.lo auth_srp_rsa.lo
+am__objects_6 = auth_psk.lo auth_psk_passwd.lo gnutls_psk.lo \
+ auth_dhe_psk.lo gnutls_psk_netconf.lo
+am__objects_7 = ext_session_ticket.lo
+am_libgnutls_la_OBJECTS = $(am__objects_2) $(am__objects_4) \
+ $(am__objects_5) $(am__objects_6) $(am__objects_7)
+libgnutls_la_OBJECTS = $(am_libgnutls_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+libgnutls_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libgnutls_la_LDFLAGS) $(LDFLAGS) -o $@
+@ENABLE_CXX_TRUE@libgnutlsxx_la_DEPENDENCIES = libgnutls.la
+am__libgnutlsxx_la_SOURCES_DIST = gnutlsxx.cpp libgnutlsxx.map
+@ENABLE_CXX_TRUE@am_libgnutlsxx_la_OBJECTS = \
+@ENABLE_CXX_TRUE@ libgnutlsxx_la-gnutlsxx.lo
+libgnutlsxx_la_OBJECTS = $(am_libgnutlsxx_la_OBJECTS)
+libgnutlsxx_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX \
+ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CXXLD) \
+ $(AM_CXXFLAGS) $(CXXFLAGS) $(libgnutlsxx_la_LDFLAGS) \
+ $(LDFLAGS) -o $@
+@ENABLE_CXX_TRUE@am_libgnutlsxx_la_rpath = -rpath $(libdir)
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CXXFLAGS) $(CXXFLAGS)
+AM_V_CXX = $(am__v_CXX_$(V))
+am__v_CXX_ = $(am__v_CXX_$(AM_DEFAULT_VERBOSITY))
+am__v_CXX_0 = @echo " CXX " $@;
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+ $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CXXLD = $(am__v_CXXLD_$(V))
+am__v_CXXLD_ = $(am__v_CXXLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CXXLD_0 = @echo " CXXLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libgnutls_la_SOURCES) $(libgnutlsxx_la_SOURCES)
+DIST_SOURCES = $(am__libgnutls_la_SOURCES_DIST) \
+ $(am__libgnutlsxx_la_SOURCES_DIST)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+DATA = $(pkgconfig_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = gl po includes x509 minitasn1 opencdk openpgp nettle \
+ gcrypt
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+ { test ! -d "$(distdir)" \
+ || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -fr "$(distdir)"; }; }
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = $(datadir)/locale
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+ACLOCAL_AMFLAGS = -I m4 -I gl/m4
+#ACLOCAL_AMFLAGS = -I m4
+SUBDIRS = gl po includes x509 $(am__append_1) $(am__append_2) \
+ $(am__append_5) $(am__append_6)
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = -DLOCALEDIR=\"$(localedir)\" -I$(srcdir)/gl \
+ -I$(builddir)/gl -I$(srcdir)/includes -I$(builddir)/includes \
+ -I$(srcdir)/x509 $(am__append_3) $(am__append_4)
+
+# Pkg-config script.
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = gnutls.pc
+DISTCLEANFILES = $(pkgconfig_DATA)
+lib_LTLIBRARIES = libgnutls.la $(am__append_16)
+SRP_COBJECTS = ext_srp.c gnutls_srp.c auth_srp.c auth_srp_passwd.c \
+ auth_srp_sb64.c auth_srp_rsa.c
+
+PSK_COBJECTS = auth_psk.c auth_psk_passwd.c gnutls_psk.c \
+ auth_dhe_psk.c gnutls_psk_netconf.c
+
+SESSION_TICKET_COBJECTS = ext_session_ticket.c
+COBJECTS = gnutls_record.c gnutls_compress.c debug.c gnutls_cipher.c \
+ gnutls_mbuffers.c gnutls_buffers.c gnutls_handshake.c \
+ gnutls_num.c gnutls_errors.c gnutls_algorithms.c gnutls_dh.c \
+ gnutls_kx.c gnutls_priority.c gnutls_hash_int.c \
+ gnutls_cipher_int.c gnutls_session.c gnutls_db.c x509_b64.c \
+ auth_anon.c gnutls_extensions.c gnutls_auth.c \
+ gnutls_v2_compat.c gnutls_datum.c auth_rsa.c \
+ gnutls_session_pack.c gnutls_mpi.c gnutls_pk.c gnutls_cert.c \
+ gnutls_global.c gnutls_constate.c gnutls_anon_cred.c \
+ pkix_asn1_tab.c gnutls_asn1_tab.c gnutls_mem.c auth_cert.c \
+ gnutls_ui.c gnutls_sig.c auth_dhe.c gnutls_dh_primes.c \
+ ext_max_record.c gnutls_alert.c gnutls_str.c gnutls_state.c \
+ gnutls_x509.c ext_cert_type.c gnutls_rsa_export.c \
+ auth_rsa_export.c ext_server_name.c auth_dh_common.c \
+ gnutls_helper.c gnutls_supplemental.c crypto.c random.c \
+ ext_signature.c cryptodev.c system.c crypto-api.c \
+ ext_safe_renegotiation.c gnutls_privkey.c pkcs11.c \
+ pkcs11_privkey.c gnutls_pubkey.c pkcs11_write.c locks.c \
+ pkcs11_secret.c $(am__append_7)
+HFILES = abstract_int.h debug.h gnutls_compress.h gnutls_cipher.h \
+ gnutls_buffers.h gnutls_errors.h gnutls_int.h \
+ gnutls_handshake.h gnutls_num.h gnutls_algorithms.h \
+ gnutls_dh.h gnutls_kx.h gnutls_hash_int.h gnutls_cipher_int.h \
+ gnutls_db.h gnutls_auth.h auth_anon.h gnutls_extensions.h \
+ x509_b64.h gnutls_v2_compat.h gnutls_datum.h auth_cert.h \
+ gnutls_mpi.h gnutls_pk.h gnutls_record.h gnutls_cert.h \
+ gnutls_constate.h gnutls_global.h gnutls_sig.h gnutls_mem.h \
+ ext_max_record.h gnutls_session_pack.h gnutls_str.h \
+ gnutls_state.h gnutls_x509.h ext_cert_type.h \
+ gnutls_rsa_export.h ext_server_name.h auth_dh_common.h \
+ ext_srp.h gnutls_srp.h auth_srp.h auth_srp_passwd.h \
+ gnutls_helper.h auth_psk.h auth_psk_passwd.h \
+ gnutls_supplemental.h crypto.h random.h system.h \
+ ext_session_ticket.h ext_signature.h gnutls_cryptodev.h \
+ ext_safe_renegotiation.h locks.h gnutls_mbuffers.h \
+ pkcs11_int.h $(am__append_8)
+
+# Separate so we can create the documentation
+libgnutls_la_SOURCES = $(HFILES) $(COBJECTS) $(SRP_COBJECTS) \
+ $(PSK_COBJECTS) $(SESSION_TICKET_COBJECTS) \
+ gnutls.asn pkix.asn libgnutls.map
+
+
+#if HAVE_LD_VERSION_SCRIPT
+libgnutls_la_LDFLAGS = -no-undefined -version-info \
+ $(LT_CURRENT):$(LT_REVISION):$(LT_AGE) \
+ -Wl,--version-script=$(srcdir)/libgnutls.map $(am__append_11) \
+ $(LTLIBPAKCHOIS) $(am__append_12) $(am__append_14)
+
+#libgnutls_la_LIBADD = x509/libgnutls_x509.la
+libgnutls_la_LIBADD = gl/liblgnu.la x509/libgnutls_x509.la $(LTLIBZ) \
+ $(LTLIBINTL) $(LIBSOCKET) $(am__append_9) $(am__append_10) \
+ $(am__append_13) $(am__append_15)
+
+#if HAVE_LD_OUTPUT_DEF
+#libgnutls_la_LDFLAGS += -Wl,--output-def,libgnutls-$(DLL_VERSION).def
+#defexecdir = $(bindir)
+#defexec_DATA = libgnutls-$(DLL_VERSION).def
+#DISTCLEANFILES += $(defexec_DATA)
+#endif
+
+# C++ library
+@ENABLE_CXX_TRUE@libgnutlsxx_la_CPPFLAGS = -I$(top_srcdir)/includes -I$(top_builddir)/includes
+@ENABLE_CXX_TRUE@AM_CXXFLAGS = -I$(top_srcdir)/includes/
+@ENABLE_CXX_TRUE@libgnutlsxx_la_SOURCES = gnutlsxx.cpp libgnutlsxx.map
+
+#if HAVE_LD_VERSION_SCRIPT
+@ENABLE_CXX_TRUE@libgnutlsxx_la_LDFLAGS = -no-undefined -version-info \
+@ENABLE_CXX_TRUE@ $(CXX_LT_CURRENT):$(CXX_LT_REVISION):$(CXX_LT_AGE) \
+@ENABLE_CXX_TRUE@ -Wl,--version-script=$(srcdir)/libgnutlsxx.map
+@ENABLE_CXX_TRUE@libgnutlsxx_la_LIBADD = libgnutls.la
+all: config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .cpp .lo .o .obj
+am--refresh:
+ @:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
+ $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ echo ' $(SHELL) ./config.status'; \
+ $(SHELL) ./config.status;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ $(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ $(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+ @if test ! -f $@; then \
+ rm -f stamp-h1; \
+ $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+ else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: $(am__configure_deps)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f config.h stamp-h1
+gnutls.pc: $(top_builddir)/config.status $(srcdir)/gnutls.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+includes/gnutls/gnutls.h: $(top_builddir)/config.status $(top_srcdir)/includes/gnutls/gnutls.h.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libgnutls.la: $(libgnutls_la_OBJECTS) $(libgnutls_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(libgnutls_la_LINK) -rpath $(libdir) $(libgnutls_la_OBJECTS) $(libgnutls_la_LIBADD) $(LIBS)
+libgnutlsxx.la: $(libgnutlsxx_la_OBJECTS) $(libgnutlsxx_la_DEPENDENCIES)
+ $(AM_V_CXXLD)$(libgnutlsxx_la_LINK) $(am_libgnutlsxx_la_rpath) $(libgnutlsxx_la_OBJECTS) $(libgnutlsxx_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_anon.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_cert.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_dh_common.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_dhe.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_dhe_psk.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_psk.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_psk_passwd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_rsa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_rsa_export.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_srp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_srp_passwd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_srp_rsa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/auth_srp_sb64.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto-api.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cryptodev.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/debug.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dlopen.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/errors.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_cert_type.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_max_record.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_safe_renegotiation.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_server_name.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_session_ticket.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_signature.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ext_srp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_alert.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_algorithms.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_anon_cred.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_asn1_tab.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_auth.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_buffers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_cert.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_cipher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_cipher_int.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_compress.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_constate.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_datum.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_db.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_dh.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_dh_primes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_errors.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_extensions.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_global.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_handshake.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_hash_int.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_helper.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_kx.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_mbuffers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_mem.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_mpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_num.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_pk.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_priority.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_privkey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_psk.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_psk_netconf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_pubkey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_record.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_rsa_export.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_session.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_session_pack.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_sig.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_srp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_state.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_str.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_supplemental.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_ui.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_v2_compat.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libgnutlsxx_la-gnutlsxx.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/locks.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pakchois.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_privkey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_secret.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs11_write.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkix_asn1_tab.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/random.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_b64.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+pakchois.lo: pakchois/pakchois.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pakchois.lo -MD -MP -MF $(DEPDIR)/pakchois.Tpo -c -o pakchois.lo `test -f 'pakchois/pakchois.c' || echo '$(srcdir)/'`pakchois/pakchois.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/pakchois.Tpo $(DEPDIR)/pakchois.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pakchois/pakchois.c' object='pakchois.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pakchois.lo `test -f 'pakchois/pakchois.c' || echo '$(srcdir)/'`pakchois/pakchois.c
+
+errors.lo: pakchois/errors.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT errors.lo -MD -MP -MF $(DEPDIR)/errors.Tpo -c -o errors.lo `test -f 'pakchois/errors.c' || echo '$(srcdir)/'`pakchois/errors.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/errors.Tpo $(DEPDIR)/errors.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pakchois/errors.c' object='errors.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o errors.lo `test -f 'pakchois/errors.c' || echo '$(srcdir)/'`pakchois/errors.c
+
+dlopen.lo: pakchois/dlopen.c
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT dlopen.lo -MD -MP -MF $(DEPDIR)/dlopen.Tpo -c -o dlopen.lo `test -f 'pakchois/dlopen.c' || echo '$(srcdir)/'`pakchois/dlopen.c
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/dlopen.Tpo $(DEPDIR)/dlopen.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pakchois/dlopen.c' object='dlopen.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o dlopen.lo `test -f 'pakchois/dlopen.c' || echo '$(srcdir)/'`pakchois/dlopen.c
+
+.cpp.o:
+@am__fastdepCXX_TRUE@ $(AM_V_CXX)$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCXX_FALSE@ $(AM_V_CXX) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ $<
+
+.cpp.obj:
+@am__fastdepCXX_TRUE@ $(AM_V_CXX)$(CXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCXX_FALSE@ $(AM_V_CXX) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cpp.lo:
+@am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LTCXXCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCXX_FALSE@ $(AM_V_CXX) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(LTCXXCOMPILE) -c -o $@ $<
+
+libgnutlsxx_la-gnutlsxx.lo: gnutlsxx.cpp
+@am__fastdepCXX_TRUE@ $(AM_V_CXX)$(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libgnutlsxx_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT libgnutlsxx_la-gnutlsxx.lo -MD -MP -MF $(DEPDIR)/libgnutlsxx_la-gnutlsxx.Tpo -c -o libgnutlsxx_la-gnutlsxx.lo `test -f 'gnutlsxx.cpp' || echo '$(srcdir)/'`gnutlsxx.cpp
+@am__fastdepCXX_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/libgnutlsxx_la-gnutlsxx.Tpo $(DEPDIR)/libgnutlsxx_la-gnutlsxx.Plo
+@am__fastdepCXX_FALSE@ $(AM_V_CXX) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ source='gnutlsxx.cpp' object='libgnutlsxx_la-gnutlsxx.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@ $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libgnutlsxx_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o libgnutlsxx_la-gnutlsxx.lo `test -f 'gnutlsxx.cpp' || echo '$(srcdir)/'`gnutlsxx.cpp
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool config.lt
+install-pkgconfigDATA: $(pkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)"
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
+ done
+
+uninstall-pkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(pkgconfigdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(pkgconfigdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ $(am__remove_distdir)
+ test -d "$(distdir)" || mkdir "$(distdir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ -test -n "$(am__skip_mode_fix)" \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-lzma: distdir
+ tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+ $(am__remove_distdir)
+
+dist-xz: distdir
+ tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+ $(am__remove_distdir)
+
+dist-tarZ: distdir
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__remove_distdir)
+
+dist-shar: distdir
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__remove_distdir)
+
+dist-zip: distdir
+ -rm -f $(distdir).zip
+ zip -rq $(distdir).zip $(distdir)
+ $(am__remove_distdir)
+
+dist dist-all: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration. Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.lzma*) \
+ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+ *.tar.xz*) \
+ xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+ chmod -R a-w $(distdir); chmod a+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ chmod a-w $(distdir)
+ test -d $(distdir)/_build || exit 0; \
+ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
+ && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+ && $(MAKE) $(AM_MAKEFLAGS) install \
+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+ && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+ distuninstallcheck \
+ && chmod -R a-w "$$dc_install_base" \
+ && ({ \
+ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+ } || { rm -rf "$$dc_destdir"; exit 1; }) \
+ && rm -rf "$$dc_destdir" \
+ && $(MAKE) $(AM_MAKEFLAGS) dist \
+ && rm -rf $(DIST_ARCHIVES) \
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+ && cd "$$am__cwd" \
+ || exit 1
+ $(am__remove_distdir)
+ @(echo "$(distdir) archives ready for distribution: "; \
+ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+ @$(am__cd) '$(distuninstallcheck_dir)' \
+ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ || { echo "ERROR: files left after uninstall:" ; \
+ if test -n "$(DESTDIR)"; then \
+ echo " (check DESTDIR support)"; \
+ fi ; \
+ $(distuninstallcheck_listfiles) ; \
+ exit 1; } >&2
+distcleancheck: distclean
+ @if test '$(srcdir)' = . ; then \
+ echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+ exit 1 ; \
+ fi
+ @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+ || { echo "ERROR: files left in build directory after distclean:" ; \
+ $(distcleancheck_listfiles) ; \
+ exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES) $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(libdir)" "$(DESTDIR)$(pkgconfigdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-hdr distclean-libtool distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-pkgconfigDATA
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf $(top_srcdir)/autom4te.cache
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+ ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am am--refresh check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags ctags-recursive dist \
+ dist-all dist-bzip2 dist-gzip dist-lzma dist-shar dist-tarZ \
+ dist-xz dist-zip distcheck distclean distclean-compile \
+ distclean-generic distclean-hdr distclean-libtool \
+ distclean-tags distcleancheck distdir distuninstallcheck dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-libLTLIBRARIES \
+ install-man install-pdf install-pdf-am install-pkgconfigDATA \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-recursive uninstall uninstall-am \
+ uninstall-libLTLIBRARIES uninstall-pkgconfigDATA
+
+#endif
+
+pkix_asn1_tab.c: pkix.asn
+ -asn1Parser pkix.asn pkix_asn1_tab.c
+
+gnutls_asn1_tab.c: gnutls.asn
+ -asn1Parser gnutls.asn gnutls_asn1_tab.c
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+See ../NEWS.
--- /dev/null
+See ../README.
--- /dev/null
+#ifndef _ABSTRACT_INT_H
+# define _ABSTRACT_INT_H
+
+#include <gnutls/abstract.h>
+
+int _gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
+ bigint_t * params, int *params_size);
+
+#endif
--- /dev/null
+# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
+[m4_warning([this file was generated for autoconf 2.67.
+You have another version of autoconf. It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version. Point them to the right macro.
+m4_if([$1], [1.11.1], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too. Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11.1])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery. Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
+ [$1], CXX, [depcc="$CXX" am_compiler_list=],
+ [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+ [$1], UPC, [depcc="$UPC" am_compiler_list=],
+ [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
+ [depcc="$$1" am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+ [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_$1_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+ fi
+ am__universal=false
+ m4_case([$1], [CC],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac],
+ [CXX],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac])
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_$1_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking. -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`AS_DIRNAME("$mf")`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`AS_DIRNAME(["$file"])`
+ AS_MKDIR_P([$dirpart/$fdir])
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled. FIXME. This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+ [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 8
+
+# AM_CONFIG_HEADER is obsolete. It has been replaced by AC_CONFIG_HEADERS.
+AU_DEFUN([AM_CONFIG_HEADER], [AC_CONFIG_HEADERS($@)])
+
+# Do all the work for Automake. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much. Some checks are only needed if
+# your package does certain things. But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out. PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition. After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names. We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+ [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+ [_AM_DEPENDENCIES(OBJC)],
+ [define([AC_PROG_OBJC],
+ defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+ [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated. The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot. For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Check to see how 'make' treats includes. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+ [[\\/$]]* | ?:[[\\/]]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME. Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[[\\\"\#\$\&\'\`$am_lf]]*)
+ AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+ *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
+ AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$[*]" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$[*]" != "X $srcdir/configure conftest.file" \
+ && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
+alias in your environment])
+ fi
+
+ test "$[2]" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 1
+
+# AM_SILENT_RULES([DEFAULT])
+# --------------------------
+# Enable less verbose build rules; with the default set to DEFAULT
+# (`yes' being less verbose, `no' or empty being verbose).
+AC_DEFUN([AM_SILENT_RULES],
+[AC_ARG_ENABLE([silent-rules],
+[ --enable-silent-rules less verbose build output (undo: `make V=1')
+ --disable-silent-rules verbose build output (undo: `make V=0')])
+case $enable_silent_rules in
+yes) AM_DEFAULT_VERBOSITY=0;;
+no) AM_DEFAULT_VERBOSITY=1;;
+*) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);;
+esac
+AC_SUBST([AM_DEFAULT_VERBOSITY])dnl
+AM_BACKSLASH='\'
+AC_SUBST([AM_BACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
+])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries. This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+ AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball. -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+# tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+# $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+ [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [m4_case([$1], [ustar],, [pax],,
+ [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ AM_RUN_LOG([$_am_tar --version]) && break
+ done
+ am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x $1 -w "$$tardir"'
+ am__tar_='pax -L -x $1 -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+ am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+ am__untar='cpio -i -H $1 -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_$1}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ AM_RUN_LOG([$am__untar <conftest.tar])
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
+m4_include([gl/m4/extensions.m4])
+m4_include([gl/m4/gnulib-comp.m4])
+m4_include([m4/gettext.m4])
+m4_include([m4/hooks.m4])
+m4_include([m4/iconv.m4])
+m4_include([m4/intlmacosx.m4])
+m4_include([m4/lib-ld.m4])
+m4_include([m4/lib-link.m4])
+m4_include([m4/lib-prefix.m4])
+m4_include([m4/libtool.m4])
+m4_include([m4/ltoptions.m4])
+m4_include([m4/ltsugar.m4])
+m4_include([m4/ltversion.m4])
+m4_include([m4/lt~obsolete.m4])
+m4_include([m4/nls.m4])
+m4_include([m4/po.m4])
+m4_include([m4/progtest.m4])
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the Anonymous Diffie-Hellman key exchange part of
+ * the anonymous authentication. The functions here are used in the
+ * handshake.
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_ANON
+
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "auth_anon.h"
+#include "gnutls_num.h"
+#include "gnutls_mpi.h"
+#include <gnutls_state.h>
+#include <auth_dh_common.h>
+
+static int gen_anon_server_kx (gnutls_session_t, opaque **);
+static int proc_anon_client_kx (gnutls_session_t, opaque *, size_t);
+static int proc_anon_server_kx (gnutls_session_t, opaque *, size_t);
+
+const mod_auth_st anon_auth_struct = {
+ "ANON",
+ NULL,
+ NULL,
+ gen_anon_server_kx,
+ _gnutls_gen_dh_common_client_kx, /* this can be shared */
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_anon_server_kx,
+ proc_anon_client_kx,
+ NULL,
+ NULL
+};
+
+static int
+gen_anon_server_kx (gnutls_session_t session, opaque ** data)
+{
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_anon_server_credentials_t cred;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = _gnutls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
+ sizeof (anon_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_dh_set_group (session, g, p);
+
+ ret = _gnutls_dh_common_print_server_kx (session, g, p, data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+}
+
+
+static int
+proc_anon_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ gnutls_anon_server_credentials_t cred;
+ int ret;
+ bigint_t p, g;
+ gnutls_dh_params_t dh_params;
+ const bigint_t *mpis;
+
+ cred = (gnutls_anon_server_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_ANON, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = _gnutls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ ret = _gnutls_proc_dh_common_client_kx (session, data, _data_size, g, p);
+
+ return ret;
+
+}
+
+int
+proc_anon_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+
+ int ret;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
+ sizeof (anon_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+#endif /* ENABLE_ANON */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* this is not to be included by gnutls_anon.c */
+#include <gnutls_auth.h>
+#include <auth_dh_common.h>
+
+typedef struct gnutls_anon_server_credentials_st
+{
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
+} anon_server_credentials_st;
+
+typedef struct gnutls_anon_client_credentials_st
+{
+ int dummy;
+} anon_client_credentials_st;
+
+typedef struct anon_auth_info_st
+{
+ dh_info_st dh;
+} *anon_auth_info_t;
+
+typedef struct anon_auth_info_st anon_auth_info_st;
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ * 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* The certificate authentication functions which are needed in the handshake,
+ * and are common to RSA and DHE key exchange, are in this file.
+ */
+
+#include <gnutls_int.h>
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include <gnutls_cert.h>
+#include <auth_cert.h>
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "libtasn1.h"
+#include "gnutls_datum.h"
+#include "ext_signature.h"
+#include <gnutls_pk.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_global.h>
+#include <gnutls_record.h>
+#include <gnutls_sig.h>
+#include <gnutls_state.h>
+#include <gnutls_pk.h>
+#include <gnutls_x509.h>
+#include <gnutls/abstract.h>
+#include "debug.h"
+
+#ifdef ENABLE_OPENPGP
+#include "openpgp/gnutls_openpgp.h"
+
+static gnutls_privkey_t alloc_and_load_pgp_key (const gnutls_openpgp_privkey_t
+ key, int deinit);
+static gnutls_cert *alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert);
+
+#endif
+
+static gnutls_cert *alloc_and_load_x509_certs (gnutls_x509_crt_t * certs,
+ unsigned);
+static gnutls_privkey_t alloc_and_load_x509_key (gnutls_x509_privkey_t key,
+ int deinit);
+
+static gnutls_privkey_t alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t
+ key, int deinit);
+
+
+/* Copies data from a internal certificate struct (gnutls_cert) to
+ * exported certificate struct (cert_auth_info_t)
+ */
+static int
+_gnutls_copy_certificate_auth_info (cert_auth_info_t info,
+ gnutls_cert * cert, size_t ncerts)
+{
+ /* Copy peer's information to auth_info_t
+ */
+ int ret;
+ size_t i, j;
+
+ if (info->raw_certificate_list != NULL)
+ {
+ for (j = 0; j < info->ncerts; j++)
+ _gnutls_free_datum (&info->raw_certificate_list[j]);
+ gnutls_free (info->raw_certificate_list);
+ }
+
+ if (ncerts == 0)
+ {
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
+ return 0;
+ }
+
+ info->raw_certificate_list =
+ gnutls_calloc (ncerts, sizeof (gnutls_datum_t));
+ if (info->raw_certificate_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < ncerts; i++)
+ {
+ if (cert->raw.size > 0)
+ {
+ ret =
+ _gnutls_set_datum (&info->raw_certificate_list[i],
+ cert[i].raw.data, cert[i].raw.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto clear;
+ }
+ }
+ }
+ info->ncerts = ncerts;
+
+ info->cert_type = cert[0].cert_type;
+ info->sign_algo = cert[0].sign_algo;
+
+#ifdef ENABLE_OPENPGP
+ if (cert[0].cert_type == GNUTLS_CRT_OPENPGP)
+ {
+ info->use_subkey = cert[0].use_subkey;
+ memcpy (info->subkey_id, cert[0].subkey_id, sizeof (info->subkey_id));
+ }
+#endif
+
+ return 0;
+
+clear:
+
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum (&info->raw_certificate_list[j]);
+
+ gnutls_free (info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
+
+ return ret;
+}
+
+
+
+
+/* returns 0 if the algo_to-check exists in the pk_algos list,
+ * -1 otherwise.
+ */
+inline static int
+_gnutls_check_pk_algo_in_list (const gnutls_pk_algorithm_t *
+ pk_algos, int pk_algos_length,
+ gnutls_pk_algorithm_t algo_to_check)
+{
+ int i;
+ for (i = 0; i < pk_algos_length; i++)
+ {
+ if (algo_to_check == pk_algos[i])
+ {
+ return 0;
+ }
+ }
+ return -1;
+}
+
+
+/* Returns the issuer's Distinguished name in odn, of the certificate
+ * specified in cert.
+ */
+static int
+_gnutls_cert_get_issuer_dn (gnutls_cert * cert, gnutls_datum_t * odn)
+{
+ ASN1_TYPE dn;
+ int len, result;
+ int start, end;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&dn, cert->raw.data, cert->raw.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+ gnutls_assert ();
+ asn1_delete_structure (&dn);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding_startEnd (dn, cert->raw.data, cert->raw.size,
+ "tbsCertificate.issuer", &start, &end);
+
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+ gnutls_assert ();
+ asn1_delete_structure (&dn);
+ return _gnutls_asn2err (result);
+ }
+ asn1_delete_structure (&dn);
+
+ len = end - start + 1;
+
+ odn->size = len;
+ odn->data = &cert->raw.data[start];
+
+ return 0;
+}
+
+
+/* Locates the most appropriate x509 certificate using the
+ * given DN. If indx == -1 then no certificate was found.
+ *
+ * That is to guess which certificate to use, based on the
+ * CAs and sign algorithms supported by the peer server.
+ */
+static int
+_find_x509_cert (const gnutls_certificate_credentials_t cred,
+ opaque * _data, size_t _data_size,
+ const gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
+{
+ unsigned size;
+ gnutls_datum_t odn = { NULL, 0 };
+ opaque *data = _data;
+ ssize_t data_size = _data_size;
+ unsigned i, j;
+ int result, cert_pk;
+
+ *indx = -1;
+
+ do
+ {
+
+ DECR_LENGTH_RET (data_size, 2, 0);
+ size = _gnutls_read_uint16 (data);
+ DECR_LENGTH_RET (data_size, size, 0);
+ data += 2;
+
+ for (i = 0; i < cred->ncerts; i++)
+ {
+ for (j = 0; j < cred->cert_list_length[i]; j++)
+ {
+ if ((result =
+ _gnutls_cert_get_issuer_dn (&cred->cert_list[i][j],
+ &odn)) < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (odn.size != size)
+ continue;
+
+ /* If the DN matches and
+ * the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ cert_pk = cred->cert_list[i][0].subject_pk_algorithm;
+
+ if ((memcmp (odn.data, data, size) == 0) &&
+ (_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length, cert_pk) == 0))
+ {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
+
+ if (*indx != -1)
+ break;
+
+ /* move to next record */
+ data += size;
+
+ }
+ while (1);
+
+ return 0;
+
+}
+
+#ifdef ENABLE_OPENPGP
+/* Locates the most appropriate openpgp cert
+ */
+static int
+_find_openpgp_cert (const gnutls_certificate_credentials_t cred,
+ gnutls_pk_algorithm_t * pk_algos,
+ int pk_algos_length, int *indx)
+{
+ unsigned i, j;
+
+ *indx = -1;
+
+ for (i = 0; i < cred->ncerts; i++)
+ {
+ for (j = 0; j < cred->cert_list_length[i]; j++)
+ {
+
+ /* If the *_SIGN algorithm matches
+ * the cert is our cert!
+ */
+ if ((_gnutls_check_pk_algo_in_list
+ (pk_algos, pk_algos_length,
+ cred->cert_list[i][0].subject_pk_algorithm) == 0)
+ && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP))
+ {
+ *indx = i;
+ break;
+ }
+ }
+ if (*indx != -1)
+ break;
+ }
+
+ return 0;
+}
+#endif
+
+/* Returns the number of issuers in the server's
+ * certificate request packet.
+ */
+static int
+get_issuers_num (gnutls_session_t session, opaque * data, ssize_t data_size)
+{
+ int issuers_dn_len = 0, result;
+ unsigned size;
+
+ /* Count the number of the given issuers;
+ * This is used to allocate the issuers_dn without
+ * using realloc().
+ */
+
+ if (data_size == 0 || data == NULL)
+ return 0;
+
+ if (data_size > 0)
+ do
+ {
+ /* This works like DECR_LEN()
+ */
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM (data_size, 2, goto error);
+ size = _gnutls_read_uint16 (data);
+
+ result = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ DECR_LENGTH_COM (data_size, size, goto error);
+
+ data += 2;
+
+ if (size > 0)
+ {
+ issuers_dn_len++;
+ data += size;
+ }
+
+ if (data_size == 0)
+ break;
+
+ }
+ while (1);
+
+ return issuers_dn_len;
+
+error:
+ return result;
+}
+
+/* Returns the issuers in the server's certificate request
+ * packet.
+ */
+static int
+get_issuers (gnutls_session_t session,
+ gnutls_datum_t * issuers_dn, int issuers_len,
+ opaque * data, size_t data_size)
+{
+ int i;
+ unsigned size;
+
+ if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509)
+ return 0;
+
+ /* put the requested DNs to req_dn, only in case
+ * of X509 certificates.
+ */
+ if (issuers_len > 0)
+ {
+
+ for (i = 0; i < issuers_len; i++)
+ {
+ /* The checks here for the buffer boundaries
+ * are not needed since the buffer has been
+ * parsed above.
+ */
+ data_size -= 2;
+
+ size = _gnutls_read_uint16 (data);
+
+ data += 2;
+
+ issuers_dn[i].data = data;
+ issuers_dn[i].size = size;
+
+ data += size;
+ }
+ }
+
+ return 0;
+}
+
+static void
+st_to_st2 (gnutls_retr2_st * st2, gnutls_retr_st * st)
+{
+ st2->cert_type = st->type;
+ if (st->type == GNUTLS_CRT_OPENPGP)
+ {
+ st2->key_type = GNUTLS_PRIVKEY_OPENPGP;
+ }
+ else
+ {
+ st2->key_type = GNUTLS_PRIVKEY_X509;
+ }
+ st2->ncerts = st->ncerts;
+ st2->deinit_all = st->deinit_all;
+
+ switch (st2->cert_type)
+ {
+ case GNUTLS_CRT_OPENPGP:
+ st2->cert.pgp = st->cert.pgp;
+ st2->key.pgp = st->key.pgp;
+ break;
+ case GNUTLS_CRT_X509:
+ st2->cert.x509 = st->cert.x509;
+ st2->key.x509 = st->key.x509;
+ break;
+ default:
+ return;
+ }
+
+}
+
+/* Calls the client get callback.
+ */
+static int
+call_get_cert_callback (gnutls_session_t session,
+ const gnutls_datum_t * issuers_dn,
+ int issuers_dn_length,
+ gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+{
+ unsigned i;
+ gnutls_cert *local_certs = NULL;
+ gnutls_privkey_t local_key = NULL;
+ int ret = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_certificate_type_t type = gnutls_certificate_type_get (session);
+ gnutls_certificate_credentials_t cred;
+ gnutls_retr2_st st2;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ memset (&st2, 0, sizeof (st2));
+
+ if (cred->get_cert_callback)
+ {
+ ret = cred->get_cert_callback (session, issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length, &st2);
+
+ }
+ else
+ { /* compatibility mode */
+ gnutls_retr_st st;
+ memset (&st, 0, sizeof (st));
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ if (cred->server_get_cert_callback == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->server_get_cert_callback (session, &st);
+ if (ret >= 0)
+ st_to_st2 (&st2, &st);
+ }
+ else
+ { /* CLIENT */
+
+ if (cred->client_get_cert_callback == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ ret = cred->client_get_cert_callback (session,
+ issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length,
+ &st);
+ if (ret >= 0)
+ st_to_st2 (&st2, &st);
+ }
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (st2.ncerts == 0)
+ return 0; /* no certificate was selected */
+
+ if (type != st2.cert_type)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+
+ if (type == GNUTLS_CRT_X509)
+ {
+ local_certs = alloc_and_load_x509_certs (st2.cert.x509, st2.ncerts);
+ }
+ else
+ { /* PGP */
+ if (st2.ncerts > 1)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+#ifdef ENABLE_OPENPGP
+ {
+ local_certs = alloc_and_load_pgp_certs (st2.cert.pgp);
+ }
+#else
+ ret = GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ goto cleanup;
+#endif
+ }
+
+ if (local_certs == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ switch (st2.key_type)
+ {
+ case GNUTLS_PRIVKEY_OPENPGP:
+#ifdef ENABLE_OPENPGP
+ if (st2.key.pgp != NULL)
+ {
+ local_key = alloc_and_load_pgp_key (st2.key.pgp, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
+ break;
+#endif
+ case GNUTLS_PRIVKEY_PKCS11:
+ if (st2.key.pkcs11 != NULL)
+ {
+ local_key =
+ alloc_and_load_pkcs11_key (st2.key.pkcs11, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
+ break;
+ case GNUTLS_PRIVKEY_X509:
+ if (st2.key.x509 != NULL)
+ {
+ local_key = alloc_and_load_x509_key (st2.key.x509, st2.deinit_all);
+ if (local_key == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+ }
+ break;
+ }
+
+ _gnutls_selected_certs_set (session, local_certs,
+ (local_certs != NULL) ? st2.ncerts : 0,
+ local_key, 1);
+
+ ret = 0;
+
+cleanup:
+
+ if (st2.cert_type == GNUTLS_CRT_X509)
+ {
+ if (st2.deinit_all)
+ {
+ for (i = 0; i < st2.ncerts; i++)
+ {
+ gnutls_x509_crt_deinit (st2.cert.x509[i]);
+ }
+ }
+ }
+ else
+ {
+#ifdef ENABLE_OPENPGP
+ if (st2.deinit_all)
+ {
+ gnutls_openpgp_crt_deinit (st2.cert.pgp);
+ }
+#endif
+ }
+
+ if (ret < 0)
+ {
+ if (local_key != NULL)
+ gnutls_privkey_deinit (local_key);
+ }
+
+ return ret;
+}
+
+/* Finds the appropriate certificate depending on the cA Distinguished name
+ * advertized by the server. If none matches then returns 0 and -1 as index.
+ * In case of an error a negative value, is returned.
+ *
+ * 20020128: added ability to select a certificate depending on the SIGN
+ * algorithm (only in automatic mode).
+ */
+static int
+_select_client_cert (gnutls_session_t session,
+ opaque * _data, size_t _data_size,
+ gnutls_pk_algorithm_t * pk_algos, int pk_algos_length)
+{
+ int result;
+ int indx = -1;
+ gnutls_certificate_credentials_t cred;
+ opaque *data = _data;
+ ssize_t data_size = _data_size;
+ int issuers_dn_length;
+ gnutls_datum_t *issuers_dn = NULL;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (cred->client_get_cert_callback != NULL
+ || cred->get_cert_callback != NULL)
+ {
+
+ /* use a callback to get certificate
+ */
+ if (session->security_parameters.cert_type != GNUTLS_CRT_X509)
+ issuers_dn_length = 0;
+ else
+ {
+ issuers_dn_length = get_issuers_num (session, data, data_size);
+ if (issuers_dn_length < 0)
+ {
+ gnutls_assert ();
+ return issuers_dn_length;
+ }
+
+ if (issuers_dn_length > 0)
+ {
+ issuers_dn =
+ gnutls_malloc (sizeof (gnutls_datum_t) * issuers_dn_length);
+ if (issuers_dn == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ get_issuers (session, issuers_dn, issuers_dn_length,
+ data, data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ }
+
+ result =
+ call_get_cert_callback (session, issuers_dn, issuers_dn_length,
+ pk_algos, pk_algos_length);
+ goto cleanup;
+
+ }
+ else
+ {
+ /* If we have no callbacks, try to guess.
+ */
+ result = 0;
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509)
+ result =
+ _find_x509_cert (cred, _data, _data_size,
+ pk_algos, pk_algos_length, &indx);
+
+#ifdef ENABLE_OPENPGP
+ if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP)
+ result = _find_openpgp_cert (cred, pk_algos, pk_algos_length, &indx);
+#endif
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (indx >= 0)
+ {
+ _gnutls_selected_certs_set (session,
+ &cred->cert_list[indx][0],
+ cred->cert_list_length[indx],
+ cred->pkey[indx], 0);
+ }
+ else
+ {
+ _gnutls_selected_certs_set (session, NULL, 0, NULL, 0);
+ }
+
+ result = 0;
+ }
+
+cleanup:
+ gnutls_free (issuers_dn);
+ return result;
+
+}
+
+/* Generate client certificate
+ */
+
+static int
+_gnutls_gen_x509_crt (gnutls_session_t session, opaque ** data)
+{
+ int ret, i;
+ opaque *pdata;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate
+ */
+ if ((ret =
+ _gnutls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = 3;
+ for (i = 0; i < apr_cert_list_length; i++)
+ {
+ ret += apr_cert_list[i].raw.size + 3;
+ /* hold size
+ * for uint24 */
+ }
+
+ /* if no certificates were found then send:
+ * 0B 00 00 03 00 00 00 // Certificate with no certs
+ * instead of:
+ * 0B 00 00 00 // empty certificate handshake
+ *
+ * ( the above is the whole handshake message, not
+ * the one produced here )
+ */
+
+ (*data) = gnutls_malloc (ret);
+ pdata = (*data);
+
+ if (pdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_write_uint24 (ret - 3, pdata);
+ pdata += 3;
+ for (i = 0; i < apr_cert_list_length; i++)
+ {
+ _gnutls_write_datum24 (pdata, apr_cert_list[i].raw);
+ pdata += (3 + apr_cert_list[i].raw.size);
+ }
+
+ return ret;
+}
+
+enum PGPKeyDescriptorType
+{ PGP_KEY_FINGERPRINT, PGP_KEY, PGP_KEY_SUBKEY, PGP_KEY_FINGERPRINT_SUBKEY };
+
+#ifdef ENABLE_OPENPGP
+static int
+_gnutls_gen_openpgp_certificate (gnutls_session_t session, opaque ** data)
+{
+ int ret;
+ opaque *pdata;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = 3 + 1 + 3;
+
+
+ if (apr_cert_list_length > 0)
+ {
+ if (apr_cert_list[0].use_subkey != 0)
+ ret += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */
+
+ ret += apr_cert_list[0].raw.size;
+ }
+
+ (*data) = gnutls_malloc (ret);
+ pdata = (*data);
+
+ if (pdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_write_uint24 (ret - 3, pdata);
+ pdata += 3;
+
+
+ if (apr_cert_list_length > 0)
+ {
+ if (apr_cert_list[0].use_subkey != 0)
+ {
+ *pdata = PGP_KEY_SUBKEY;
+ pdata++;
+ *pdata = sizeof (apr_cert_list[0].subkey_id);
+ pdata++;
+ memcpy (pdata, apr_cert_list[0].subkey_id,
+ sizeof (apr_cert_list[0].subkey_id));
+ pdata += sizeof (apr_cert_list[0].subkey_id);
+ }
+ else
+ {
+ *pdata = PGP_KEY;
+ pdata++;
+ }
+
+ _gnutls_write_datum24 (pdata, apr_cert_list[0].raw);
+ pdata += (3 + apr_cert_list[0].raw.size);
+ }
+ else /* empty - no certificate */
+ {
+ *pdata = PGP_KEY;
+ pdata++;
+ _gnutls_write_uint24 (0, pdata);
+ }
+
+ return ret;
+}
+
+static int
+_gnutls_gen_openpgp_certificate_fpr (gnutls_session_t session, opaque ** data)
+{
+ int ret, packet_size;
+ size_t fpr_size;
+ opaque *pdata;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ packet_size = 3 + 1;
+
+ if (apr_cert_list[0].use_subkey)
+ packet_size += 1 + sizeof (apr_cert_list[0].subkey_id); /* for the keyid */
+
+ /* Only v4 fingerprints are sent
+ */
+ if (apr_cert_list_length > 0 && apr_cert_list[0].version == 4)
+ packet_size += 20 + 1;
+ else /* empty certificate case */
+ return _gnutls_gen_openpgp_certificate (session, data);
+
+ (*data) = gnutls_malloc (packet_size);
+ pdata = (*data);
+
+ if (pdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_write_uint24 (packet_size - 3, pdata);
+ pdata += 3;
+
+ if (apr_cert_list[0].use_subkey)
+ {
+ *pdata = PGP_KEY_FINGERPRINT_SUBKEY;
+ pdata++;
+ *pdata = sizeof (apr_cert_list[0].subkey_id);
+ pdata++;
+ memcpy (pdata, apr_cert_list[0].subkey_id,
+ sizeof (apr_cert_list[0].subkey_id));
+ pdata += sizeof (apr_cert_list[0].subkey_id);
+ }
+ else
+ {
+ *pdata = PGP_KEY_FINGERPRINT; /* key fingerprint */
+ pdata++;
+ }
+
+ *pdata = 20;
+ pdata++;
+
+ fpr_size = 20;
+
+ if ((ret =
+ _gnutls_openpgp_fingerprint (&apr_cert_list[0].raw, pdata,
+ &fpr_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return packet_size;
+}
+#endif
+
+
+int
+_gnutls_gen_cert_client_certificate (gnutls_session_t session, opaque ** data)
+{
+ switch (session->security_parameters.cert_type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_CRT_OPENPGP:
+ if (_gnutls_openpgp_send_fingerprint (session) == 0)
+ return _gnutls_gen_openpgp_certificate (session, data);
+ else
+ return _gnutls_gen_openpgp_certificate_fpr (session, data);
+#endif
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt (session, data);
+
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+}
+
+int
+_gnutls_gen_cert_server_certificate (gnutls_session_t session, opaque ** data)
+{
+ switch (session->security_parameters.cert_type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_gen_openpgp_certificate (session, data);
+#endif
+ case GNUTLS_CRT_X509:
+ return _gnutls_gen_x509_crt (session, data);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+}
+
+/* Process server certificate
+ */
+
+#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x])
+static int
+_gnutls_proc_x509_server_certificate (gnutls_session_t session,
+ opaque * data, size_t data_size)
+{
+ int size, len, ret;
+ opaque *p = data;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize = data_size;
+ int i;
+ gnutls_cert *peer_certificate_list;
+ size_t peer_certificate_list_size = 0, j, x;
+ gnutls_datum_t tmp;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
+ sizeof (cert_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+
+ if (data == NULL || data_size == 0)
+ {
+ gnutls_assert ();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN (dsize, 3);
+ size = _gnutls_read_uint24 (p);
+ p += 3;
+
+ /* some implementations send 0B 00 00 06 00 00 03 00 00 00
+ * instead of just 0B 00 00 03 00 00 00 as an empty certificate message.
+ */
+ if (size == 0 || size == 3)
+ {
+ gnutls_assert ();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ i = dsize;
+ while (i > 0)
+ {
+ DECR_LEN (dsize, 3);
+ len = _gnutls_read_uint24 (p);
+ p += 3;
+ DECR_LEN (dsize, len);
+ peer_certificate_list_size++;
+ p += len;
+ i -= len + 3;
+ }
+
+ if (peer_certificate_list_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* Ok we now allocate the memory to hold the
+ * certificate list
+ */
+
+ peer_certificate_list =
+ gnutls_malloc (sizeof (gnutls_cert) * (peer_certificate_list_size));
+
+ if (peer_certificate_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
+ peer_certificate_list_size);
+
+ p = data + 3;
+
+ /* Now we start parsing the list (again).
+ * We don't use DECR_LEN since the list has
+ * been parsed before.
+ */
+
+ for (j = 0; j < peer_certificate_list_size; j++)
+ {
+ len = _gnutls_read_uint24 (p);
+ p += 3;
+
+ tmp.size = len;
+ tmp.data = p;
+
+ if ((ret =
+ _gnutls_x509_raw_cert_to_gcert (&peer_certificate_list
+ [j], &tmp,
+ CERT_ONLY_EXTENSIONS)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* check if signature algorithm is supported */
+ ret =
+ _gnutls_session_sign_algo_enabled (session,
+ peer_certificate_list
+ [j].sign_algo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ p += len;
+ }
+
+
+ if ((ret =
+ _gnutls_copy_certificate_auth_info (info,
+ peer_certificate_list,
+ peer_certificate_list_size)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_check_key_usage (&peer_certificate_list[0],
+ gnutls_kx_get (session))) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ CLEAR_CERTS;
+ gnutls_free (peer_certificate_list);
+ return ret;
+
+}
+
+#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) _gnutls_gcert_deinit(&peer_certificate_list[x])
+#ifdef ENABLE_OPENPGP
+static int
+_gnutls_proc_openpgp_server_certificate (gnutls_session_t session,
+ opaque * data, size_t data_size)
+{
+ int size, ret, len;
+ opaque *p = data;
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize = data_size;
+ int x, key_type;
+ gnutls_cert *peer_certificate_list = NULL;
+ int peer_certificate_list_size = 0;
+ gnutls_datum_t tmp, akey = { NULL, 0 };
+ gnutls_openpgp_keyid_t subkey_id;
+ unsigned int subkey_id_set = 0;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
+ sizeof (cert_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+
+ if (data == NULL || data_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN (dsize, 3);
+ size = _gnutls_read_uint24 (p);
+ p += 3;
+
+ if (size == 0)
+ {
+ gnutls_assert ();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* Read PGPKeyDescriptor */
+ DECR_LEN (dsize, 1);
+ key_type = *p;
+ p++;
+
+ /* Try to read the keyid if present */
+ if (key_type == PGP_KEY_FINGERPRINT_SUBKEY || key_type == PGP_KEY_SUBKEY)
+ {
+ /* check size */
+ if (*p != sizeof (subkey_id))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ DECR_LEN (dsize, 1);
+ p++;
+
+ DECR_LEN (dsize, sizeof (subkey_id));
+ memcpy (subkey_id, p, sizeof (subkey_id));
+ p += sizeof (subkey_id);
+
+ subkey_id_set = 1;
+
+ }
+
+ /* read the actual key or fingerprint */
+ if (key_type == PGP_KEY_FINGERPRINT
+ || key_type == PGP_KEY_FINGERPRINT_SUBKEY)
+ { /* the fingerprint */
+
+ DECR_LEN (dsize, 1);
+ len = (uint8_t) * p;
+ p++;
+
+ if (len != 20)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED;
+ }
+
+ DECR_LEN (dsize, 20);
+
+ /* request the actual key from our database, or
+ * a key server or anything.
+ */
+ if ((ret =
+ _gnutls_openpgp_request_key (session, &akey, cred, p, 20)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ tmp = akey;
+ peer_certificate_list_size++;
+
+ }
+ else if (key_type == PGP_KEY || key_type == PGP_KEY_SUBKEY)
+ { /* the whole key */
+
+ /* Read the actual certificate */
+ DECR_LEN (dsize, 3);
+ len = _gnutls_read_uint24 (p);
+ p += 3;
+
+ if (len == 0)
+ {
+ gnutls_assert ();
+ /* no certificate was sent */
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ DECR_LEN (dsize, len);
+ peer_certificate_list_size++;
+
+ tmp.size = len;
+ tmp.data = p;
+
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ /* ok we now have the peer's key in tmp datum
+ */
+
+ if (peer_certificate_list_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ peer_certificate_list =
+ gnutls_malloc (sizeof (gnutls_cert) * (peer_certificate_list_size));
+ if (peer_certificate_list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+ memset (peer_certificate_list, 0, sizeof (gnutls_cert) *
+ peer_certificate_list_size);
+
+ if ((ret =
+ _gnutls_openpgp_raw_crt_to_gcert (&peer_certificate_list[0],
+ &tmp,
+ subkey_id_set ? subkey_id : NULL)) <
+ 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_copy_certificate_auth_info (info,
+ peer_certificate_list,
+ peer_certificate_list_size)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_check_key_usage (&peer_certificate_list[0],
+ gnutls_kx_get (session))) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+
+ _gnutls_free_datum (&akey);
+ CLEAR_CERTS;
+ gnutls_free (peer_certificate_list);
+ return ret;
+
+}
+#endif
+
+int
+_gnutls_proc_cert_server_certificate (gnutls_session_t session,
+ opaque * data, size_t data_size)
+{
+ int ret;
+ gnutls_certificate_credentials_t cred;
+
+ cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ switch (session->security_parameters.cert_type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_CRT_OPENPGP:
+ ret = _gnutls_proc_openpgp_server_certificate (session,
+ data, data_size);
+ break;
+#endif
+ case GNUTLS_CRT_X509:
+ ret = _gnutls_proc_x509_server_certificate (session, data, data_size);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (ret == 0 && cred->verify_callback != NULL)
+ {
+ ret = cred->verify_callback (session);
+ if (ret != 0)
+ ret = GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ return ret;
+}
+
+#define MAX_SIGN_ALGOS 2
+typedef enum CertificateSigType
+{ RSA_SIGN = 1, DSA_SIGN
+} CertificateSigType;
+
+/* Checks if we support the given signature algorithm
+ * (RSA or DSA). Returns the corresponding gnutls_pk_algorithm_t
+ * if true;
+ */
+inline static int
+_gnutls_check_supported_sign_algo (CertificateSigType algo)
+{
+ switch (algo)
+ {
+ case RSA_SIGN:
+ return GNUTLS_PK_RSA;
+ case DSA_SIGN:
+ return GNUTLS_PK_DSA;
+ }
+
+ return -1;
+}
+
+int
+_gnutls_proc_cert_cert_req (gnutls_session_t session, opaque * data,
+ size_t data_size)
+{
+ int size, ret;
+ opaque *p;
+ gnutls_certificate_credentials_t cred;
+ ssize_t dsize;
+ int i, j;
+ gnutls_pk_algorithm_t pk_algos[MAX_SIGN_ALGOS];
+ int pk_algos_length;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
+ sizeof (cert_auth_info_st), 0)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ p = data;
+ dsize = data_size;
+
+ DECR_LEN (dsize, 1);
+ size = p[0];
+ p++;
+ /* check if the sign algorithm is supported.
+ */
+ pk_algos_length = j = 0;
+ for (i = 0; i < size; i++, p++)
+ {
+ DECR_LEN (dsize, 1);
+ if ((ret = _gnutls_check_supported_sign_algo (*p)) > 0)
+ {
+ if (j < MAX_SIGN_ALGOS)
+ {
+ pk_algos[j++] = ret;
+ pk_algos_length++;
+ }
+ }
+ }
+
+ if (pk_algos_length == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ /* read supported hashes */
+ int hash_num;
+ DECR_LEN (dsize, 2);
+ hash_num = _gnutls_read_uint16 (p);
+ p += 2;
+ DECR_LEN (dsize, hash_num);
+
+ ret = _gnutls_sign_algorithm_parse_data (session, p, hash_num);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ p += hash_num;
+ }
+
+ /* read the certificate authorities */
+ DECR_LEN (dsize, 2);
+ size = _gnutls_read_uint16 (p);
+ p += 2;
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_OPENPGP
+ && size != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ DECR_LEN (dsize, size);
+
+ /* now we ask the user to tell which one
+ * he wants to use.
+ */
+ if ((ret =
+ _select_client_cert (session, p, size, pk_algos, pk_algos_length)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* We should reply with a certificate message,
+ * even if we have no certificate to send.
+ */
+ session->key->certificate_requested = 1;
+
+ return 0;
+}
+
+int
+_gnutls_gen_cert_client_cert_vrfy (gnutls_session_t session, opaque ** data)
+{
+ int ret;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length, size;
+ gnutls_datum_t signature = { NULL, 0 };
+ int total_data;
+ opaque *p;
+ gnutls_sign_algorithm_t sign_algo;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ *data = NULL;
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (apr_cert_list_length > 0)
+ {
+ if ((ret =
+ _gnutls_handshake_sign_cert_vrfy (session,
+ &apr_cert_list[0],
+ apr_pkey, &signature)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ sign_algo = ret;
+ }
+ else
+ {
+ return 0;
+ }
+
+ total_data = signature.size + 2;
+
+ /* add hash and signature algorithms */
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ total_data += 2;
+ }
+
+ *data = gnutls_malloc (total_data);
+ if (*data == NULL)
+ {
+ _gnutls_free_datum (&signature);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = *data;
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ const sign_algorithm_st *aid;
+ /* error checking is not needed here since we have used those algorithms */
+ aid = _gnutls_sign_to_tls_aid (sign_algo);
+ if (aid == NULL)
+ {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ p[0] = aid->hash_algorithm;
+ p[1] = aid->sign_algorithm;
+ p += 2;
+ }
+
+ size = signature.size;
+ _gnutls_write_uint16 (size, p);
+
+ p += 2;
+ memcpy (p, signature.data, size);
+
+ _gnutls_free_datum (&signature);
+
+ return total_data;
+
+cleanup:
+ _gnutls_free_datum (&signature);
+ gnutls_free(*data);
+ return ret;
+}
+
+int
+_gnutls_proc_cert_client_cert_vrfy (gnutls_session_t session,
+ opaque * data, size_t data_size)
+{
+ int size, ret;
+ ssize_t dsize = data_size;
+ opaque *pdata = data;
+ gnutls_datum_t sig;
+ cert_auth_info_t info = _gnutls_get_auth_info (session);
+ gnutls_cert peer_cert;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ if (info == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ sign_algorithm_st aid;
+
+ DECR_LEN (dsize, 2);
+ aid.hash_algorithm = pdata[0];
+ aid.sign_algorithm = pdata[1];
+
+ sign_algo = _gnutls_tls_aid_to_sign (&aid);
+ if (sign_algo == GNUTLS_PK_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ pdata += 2;
+ }
+
+ ret = _gnutls_session_sign_algo_enabled (session, sign_algo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+
+ DECR_LEN (dsize, 2);
+ size = _gnutls_read_uint16 (pdata);
+ pdata += 2;
+
+ DECR_LEN (dsize, size);
+
+ sig.data = pdata;
+ sig.size = size;
+
+ ret = _gnutls_get_auth_info_gcert (&peer_cert,
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_handshake_verify_cert_vrfy (session, &peer_cert, &sig,
+ sign_algo)) < 0)
+ {
+ gnutls_assert ();
+ _gnutls_gcert_deinit (&peer_cert);
+ return ret;
+ }
+ _gnutls_gcert_deinit (&peer_cert);
+
+ return 0;
+}
+
+
+#define CERTTYPE_SIZE 3
+int
+_gnutls_gen_cert_server_cert_req (gnutls_session_t session, opaque ** data)
+{
+ gnutls_certificate_credentials_t cred;
+ int size, ret;
+ opaque *pdata;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ const int signalgosize = 2 + MAX_SIGNATURE_ALGORITHMS * 2;
+
+ /* Now we need to generate the RDN sequence. This is
+ * already in the CERTIFICATE_CRED structure, to improve
+ * performance.
+ */
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ size = CERTTYPE_SIZE + 2; /* 2 for gnutls_certificate_type_t + 2 for size of rdn_seq
+ */
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
+ session->internals.ignore_rdn_sequence == 0)
+ size += cred->x509_rdn_sequence.size;
+
+ if (_gnutls_version_has_selectable_sighash (ver))
+ /* Need two bytes to announce the number of supported hash
+ functions (see below). */
+ size += signalgosize;
+
+ (*data) = gnutls_malloc (size);
+ pdata = (*data);
+
+ if (pdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ pdata[0] = CERTTYPE_SIZE - 1;
+
+ pdata[1] = RSA_SIGN;
+ pdata[2] = DSA_SIGN; /* only these for now */
+ pdata += CERTTYPE_SIZE;
+
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ ret =
+ _gnutls_sign_algorithm_write_params (session, pdata, signalgosize);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* recalculate size */
+ size = size - signalgosize + ret;
+ pdata += ret;
+ }
+
+ if (session->security_parameters.cert_type == GNUTLS_CRT_X509 &&
+ session->internals.ignore_rdn_sequence == 0)
+ {
+ _gnutls_write_datum16 (pdata, cred->x509_rdn_sequence);
+ /* pdata += cred->x509_rdn_sequence.size + 2; */
+ }
+ else
+ {
+ _gnutls_write_uint16 (0, pdata);
+ /* pdata+=2; */
+ }
+
+ return size;
+}
+
+
+/* This function will return the appropriate certificate to use.
+ * Fills in the apr_cert_list, apr_cert_list_length and apr_pkey.
+ * The return value is a negative value on error.
+ *
+ * It is normal to return 0 with no certificates in client side.
+ *
+ */
+int
+_gnutls_get_selected_cert (gnutls_session_t session,
+ gnutls_cert ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey)
+{
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+
+ /* select_client_cert() has been called before.
+ */
+
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_pkey = session->internals.selected_key;
+ *apr_cert_list_length = session->internals.selected_cert_list_length;
+
+ if (*apr_cert_list_length == 0 || *apr_cert_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ }
+ else
+ { /* CLIENT SIDE
+ */
+
+ /* we have already decided which certificate
+ * to send.
+ */
+ *apr_cert_list = session->internals.selected_cert_list;
+ *apr_cert_list_length = session->internals.selected_cert_list_length;
+ *apr_pkey = session->internals.selected_key;
+
+ }
+
+ return 0;
+}
+
+/* converts the given x509 certificate to gnutls_cert* and allocates
+ * space for them.
+ */
+static gnutls_cert *
+alloc_and_load_x509_certs (gnutls_x509_crt_t * certs, unsigned ncerts)
+{
+ gnutls_cert *local_certs;
+ int ret = 0;
+ unsigned i, j;
+
+ if (certs == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc (sizeof (gnutls_cert) * ncerts);
+ if (local_certs == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ for (i = 0; i < ncerts; i++)
+ {
+ ret = _gnutls_x509_crt_to_gcert (&local_certs[i], certs[i], 0);
+ if (ret < 0)
+ break;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ for (j = 0; j < i; j++)
+ {
+ _gnutls_gcert_deinit (&local_certs[j]);
+ }
+ gnutls_free (local_certs);
+ return NULL;
+ }
+
+ return local_certs;
+}
+
+/* converts the given x509 key to gnutls_privkey* and allocates
+ * space for it.
+ */
+static gnutls_privkey_t
+alloc_and_load_x509_key (gnutls_x509_privkey_t key, int deinit)
+{
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init (&local_key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_x509 (local_key, key,
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE :
+ 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_privkey_deinit (local_key);
+ return NULL;
+ }
+
+ return local_key;
+}
+
+/* converts the given pgp certificate to gnutls_cert* and allocates
+ * space for them.
+ */
+#ifdef ENABLE_OPENPGP
+static gnutls_cert *
+alloc_and_load_pgp_certs (gnutls_openpgp_crt_t cert)
+{
+ gnutls_cert *local_certs;
+ int ret = 0;
+
+ if (cert == NULL)
+ return NULL;
+
+ local_certs = gnutls_malloc (sizeof (gnutls_cert));
+ if (local_certs == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ret = _gnutls_openpgp_crt_to_gcert (local_certs, cert);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_gcert_deinit (local_certs);
+ gnutls_free (local_certs);
+ return NULL;
+ }
+
+ ret =
+ gnutls_openpgp_crt_get_preferred_key_id (cert, local_certs->subkey_id);
+ if (ret < 0)
+ local_certs->use_subkey = 0;
+ else
+ local_certs->use_subkey = 1;
+
+ return local_certs;
+}
+
+/* converts the given raw key to gnutls_privkey* and allocates
+ * space for it.
+ */
+static gnutls_privkey_t
+alloc_and_load_pgp_key (gnutls_openpgp_privkey_t key, int deinit)
+{
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init (&local_key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp (local_key, key,
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_privkey_deinit (local_key);
+ return NULL;
+ }
+
+ return local_key;
+}
+#endif
+
+/* converts the given raw key to gnutls_privkey* and allocates
+ * space for it.
+ */
+static gnutls_privkey_t
+alloc_and_load_pkcs11_key (gnutls_pkcs11_privkey_t key, int deinit)
+{
+ gnutls_privkey_t local_key;
+ int ret = 0;
+
+ if (key == NULL)
+ return NULL;
+
+ ret = gnutls_privkey_init (&local_key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ret =
+ gnutls_privkey_import_pkcs11 (local_key, key,
+ deinit ? GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE
+ : 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_privkey_deinit (local_key);
+ return NULL;
+ }
+
+ return local_key;
+}
+
+void
+_gnutls_selected_certs_deinit (gnutls_session_t session)
+{
+ if (session->internals.selected_need_free != 0)
+ {
+ int i;
+
+ for (i = 0; i < session->internals.selected_cert_list_length; i++)
+ {
+ _gnutls_gcert_deinit (&session->internals.selected_cert_list[i]);
+ }
+ gnutls_free (session->internals.selected_cert_list);
+ session->internals.selected_cert_list = NULL;
+ session->internals.selected_cert_list_length = 0;
+
+ session->internals.selected_key = NULL;
+ }
+
+ return;
+}
+
+void
+_gnutls_selected_certs_set (gnutls_session_t session,
+ gnutls_cert * certs, int ncerts,
+ gnutls_privkey_t key, int need_free)
+{
+ _gnutls_selected_certs_deinit (session);
+
+ session->internals.selected_cert_list = certs;
+ session->internals.selected_cert_list_length = ncerts;
+ session->internals.selected_key = key;
+ session->internals.selected_need_free = need_free;
+
+}
+
+
+/* finds the most appropriate certificate in the cert list.
+ * The 'appropriate' is defined by the user.
+ *
+ * requested_algo holds the parameters required by the peer (RSA, DSA
+ * or -1 for any).
+ *
+ * Returns 0 on success and a negative value on error. The
+ * selected certificate will be in session->internals.selected_*.
+ *
+ */
+int
+_gnutls_server_select_cert (gnutls_session_t session,
+ gnutls_pk_algorithm_t requested_algo)
+{
+ unsigned i;
+ int idx;
+ gnutls_certificate_credentials_t cred;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* If the callback which retrieves certificate has been set,
+ * use it and leave.
+ */
+ if (cred->server_get_cert_callback != NULL)
+ return call_get_cert_callback (session, NULL, 0, NULL, 0);
+
+ /* Otherwise... */
+
+ idx = -1; /* default is use no certificate */
+
+
+ for (i = 0; i < cred->ncerts; i++)
+ {
+ /* find one compatible certificate
+ */
+ if (requested_algo == GNUTLS_PK_ANY ||
+ requested_algo == cred->cert_list[i][0].subject_pk_algorithm)
+ {
+ /* if cert type and signature algorithm matches
+ */
+ /* *INDENT-OFF* */
+ if (session->security_parameters.cert_type
+ == cred->cert_list[i][0].cert_type
+ && (cred->cert_list[i][0].cert_type == GNUTLS_CRT_OPENPGP
+ || /* FIXME: make this a check for certificate
+ type capabilities */
+ !_gnutls_version_has_selectable_sighash
+ (gnutls_protocol_get_version (session))
+ ||
+ _gnutls_session_sign_algo_requested
+ (session, cred->cert_list[i][0].sign_algo) == 0))
+ {
+ idx = i;
+ break;
+ }
+ /* *INDENT-ON* */
+ }
+ }
+
+ /* store the certificate pointer for future use, in the handshake.
+ * (This will allow not calling this callback again.)
+ */
+ if (idx >= 0)
+ {
+ _gnutls_selected_certs_set (session,
+ &cred->cert_list[idx][0],
+ cred->cert_list_length[idx],
+ cred->pkey[idx], 0);
+ }
+ else
+ /* Certificate does not support REQUESTED_ALGO. */
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+
+ return 0;
+}
+
+/* Frees the rsa_info_st structure.
+ */
+void
+_gnutls_free_rsa_info (rsa_info_st * rsa)
+{
+ _gnutls_free_datum (&rsa->modulus);
+ _gnutls_free_datum (&rsa->exponent);
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef AUTH_CERT_H
+#define AUTH_CERT_H
+#include "gnutls_cert.h"
+#include "gnutls_auth.h"
+#include "auth_dh_common.h"
+#include "x509/x509_int.h"
+#include "openpgp/openpgp_int.h"
+#include <gnutls/abstract.h>
+#include <gnutls/compat.h>
+
+/* This structure may be complex, but it's the only way to
+ * support a server that has multiple certificates
+ */
+typedef struct gnutls_certificate_credentials_st
+{
+ gnutls_dh_params_t dh_params;
+ gnutls_rsa_params_t rsa_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
+
+ gnutls_cert **cert_list;
+ /* contains a list of a list of certificates.
+ * eg (X509): [0] certificate1, certificate11, certificate111
+ * (if more than one, one certificate certifies the one before)
+ * [1] certificate2, certificate22, ...
+ */
+ unsigned *cert_list_length;
+ /* contains the number of the certificates in a
+ * row (should be 1 for OpenPGP keys).
+ */
+ unsigned ncerts; /* contains the number of columns in cert_list.
+ * This is the same with the number of pkeys.
+ */
+
+ gnutls_privkey_t *pkey;
+ /* private keys. It contains ncerts private
+ * keys. pkey[i] corresponds to certificate in
+ * cert_list[i][0].
+ */
+
+#ifdef ENABLE_OPENPGP
+ /* OpenPGP specific stuff */
+ gnutls_openpgp_keyring_t keyring;
+#endif
+
+ /* X509 specific stuff */
+
+ gnutls_x509_crt_t *x509_ca_list;
+ unsigned x509_ncas; /* number of CAs in the ca_list
+ */
+
+ gnutls_x509_crl_t *x509_crl_list;
+ unsigned x509_ncrls; /* number of CRLs in the crl_list
+ */
+
+ unsigned int verify_flags; /* flags to be used at
+ * certificate verification.
+ */
+ unsigned int verify_depth;
+ unsigned int verify_bits;
+
+ /* holds a sequence of the
+ * RDNs of the CAs above.
+ * This is better than
+ * generating on every handshake.
+ */
+ gnutls_datum_t x509_rdn_sequence;
+
+ gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
+ gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
+ gnutls_certificate_verify_function *verify_callback;
+
+ gnutls_certificate_retrieve_function *get_cert_callback;
+} certificate_credentials_st;
+
+typedef struct rsa_info_st
+{
+ gnutls_datum_t modulus;
+ gnutls_datum_t exponent;
+} rsa_info_st;
+
+/* This is the information we keep for the peer
+ * certificate.
+ */
+typedef struct cert_auth_info_st
+{
+ /* These (dh/rsa) are just copies from the credentials_t structure.
+ * They must be freed.
+ */
+ dh_info_st dh;
+ rsa_info_st rsa_export;
+
+ gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
+ * peer.
+ */
+ unsigned int ncerts; /* holds the size of the list above */
+
+ gnutls_certificate_type_t cert_type;
+ gnutls_sign_algorithm_t sign_algo;
+#ifdef ENABLE_OPENPGP
+ int use_subkey;
+ gnutls_openpgp_keyid_t subkey_id;
+#endif
+} *cert_auth_info_t;
+
+typedef struct cert_auth_info_st cert_auth_info_st;
+
+void _gnutls_free_rsa_info (rsa_info_st * rsa);
+
+/* AUTH X509 functions */
+int _gnutls_gen_cert_server_certificate (gnutls_session_t, opaque **);
+int _gnutls_gen_cert_client_certificate (gnutls_session_t, opaque **);
+int _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t, opaque **);
+int _gnutls_gen_cert_server_cert_req (gnutls_session_t, opaque **);
+int _gnutls_proc_cert_cert_req (gnutls_session_t, opaque *, size_t);
+int _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t, opaque *, size_t);
+int _gnutls_proc_cert_server_certificate (gnutls_session_t, opaque *, size_t);
+int _gnutls_get_selected_cert (gnutls_session_t session,
+ gnutls_cert ** apr_cert_list,
+ int *apr_cert_list_length,
+ gnutls_privkey_t * apr_pkey);
+
+int _gnutls_server_select_cert (struct gnutls_session_int *,
+ gnutls_pk_algorithm_t);
+void _gnutls_selected_certs_deinit (gnutls_session_t session);
+void _gnutls_selected_certs_set (gnutls_session_t session,
+ gnutls_cert * certs, int ncerts,
+ gnutls_privkey_t key, int need_free);
+
+#define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
+
+gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t
+ rsa_params,
+ gnutls_params_function
+ * func,
+ gnutls_session_t);
+
+int _gnutls_get_auth_info_gcert (gnutls_cert * gcert,
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info,
+ int flags /* OR of ConvFlags */ );
+
+int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
+ res, gnutls_cert * crt, int nr);
+int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
+ gnutls_privkey_t pkey);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains common stuff in Ephemeral Diffie-Hellman (DHE)
+ * and Anonymous DH key exchange(DHA). These are used in the handshake
+ * procedure of the certificate and anoymous authentication.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "gnutls_sig.h"
+#include <gnutls_datum.h>
+#include <gnutls_x509.h>
+#include <gnutls_state.h>
+#include <auth_dh_common.h>
+#include <gnutls_algorithms.h>
+#include <auth_psk.h>
+
+/* Frees the dh_info_st structure.
+ */
+void
+_gnutls_free_dh_info (dh_info_st * dh)
+{
+ dh->secret_bits = 0;
+ _gnutls_free_datum (&dh->prime);
+ _gnutls_free_datum (&dh->generator);
+ _gnutls_free_datum (&dh->public_key);
+}
+
+int
+_gnutls_proc_dh_common_client_kx (gnutls_session_t session,
+ opaque * data, size_t _data_size,
+ bigint_t g, bigint_t p)
+{
+ uint16_t n_Y;
+ size_t _n_Y;
+ int ret;
+ ssize_t data_size = _data_size;
+
+
+ DECR_LEN (data_size, 2);
+ n_Y = _gnutls_read_uint16 (&data[0]);
+ _n_Y = n_Y;
+
+ DECR_LEN (data_size, n_Y);
+ if (_gnutls_mpi_scan_nz (&session->key->client_Y, &data[2], _n_Y))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ _gnutls_dh_set_peer_public (session, session->key->client_Y);
+
+ session->key->KEY =
+ gnutls_calc_dh_key (session->key->client_Y, session->key->dh_secret, p);
+
+ if (session->key->KEY == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_release (&session->key->client_Y);
+ _gnutls_mpi_release (&session->key->dh_secret);
+
+
+ if (_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite)
+ != GNUTLS_KX_DHE_PSK)
+ {
+ ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ }
+ else /* In DHE_PSK the key is set differently */
+ {
+ gnutls_datum_t tmp_dh_key;
+ ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_set_psk_session_key (session, NULL, &tmp_dh_key);
+ _gnutls_free_datum (&tmp_dh_key);
+
+ }
+
+ _gnutls_mpi_release (&session->key->KEY);
+
+ if (ret < 0)
+ {
+ return ret;
+ }
+
+ return 0;
+}
+
+int _gnutls_gen_dh_common_client_kx (gnutls_session_t session, opaque** data)
+{
+ return _gnutls_gen_dh_common_client_kx_int(session, data, NULL);
+}
+
+int
+_gnutls_gen_dh_common_client_kx_int (gnutls_session_t session, opaque ** data, gnutls_datum_t* pskkey)
+{
+ bigint_t x = NULL, X = NULL;
+ size_t n_X;
+ int ret;
+
+ *data = NULL;
+
+ X = gnutls_calc_dh_secret (&x, session->key->client_g,
+ session->key->client_p);
+ if (X == NULL || x == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
+
+ _gnutls_mpi_print (X, NULL, &n_X);
+ (*data) = gnutls_malloc (n_X + 2);
+ if (*data == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ _gnutls_mpi_print (X, &(*data)[2], &n_X);
+ _gnutls_mpi_release (&X);
+
+ _gnutls_write_uint16 (n_X, &(*data)[0]);
+
+ /* calculate the key after calculating the message */
+ session->key->KEY =
+ gnutls_calc_dh_key (session->key->client_Y, x, session->key->client_p);
+
+ _gnutls_mpi_release (&x);
+ if (session->key->KEY == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* THESE SHOULD BE DISCARDED */
+ _gnutls_mpi_release (&session->key->client_Y);
+ _gnutls_mpi_release (&session->key->client_p);
+ _gnutls_mpi_release (&session->key->client_g);
+
+ if (_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite)
+ != GNUTLS_KX_DHE_PSK)
+ {
+ ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ }
+ else /* In DHE_PSK the key is set differently */
+ {
+ gnutls_datum_t tmp_dh_key;
+
+ ret = _gnutls_mpi_dprint (session->key->KEY, &tmp_dh_key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = _gnutls_set_psk_session_key (session, pskkey, &tmp_dh_key);
+ _gnutls_free_datum (&tmp_dh_key);
+ }
+
+ _gnutls_mpi_release (&session->key->KEY);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ return n_X + 2;
+
+error:
+ _gnutls_mpi_release (&x);
+ _gnutls_mpi_release (&X);
+ gnutls_free (*data);
+ *data = NULL;
+ return ret;
+}
+
+int
+_gnutls_proc_dh_common_server_kx (gnutls_session_t session,
+ opaque * data, size_t _data_size, int psk)
+{
+ uint16_t n_Y, n_g, n_p;
+ size_t _n_Y, _n_g, _n_p;
+ uint8_t *data_p;
+ uint8_t *data_g;
+ uint8_t *data_Y;
+ int i, bits, psk_size, ret;
+ ssize_t data_size = _data_size;
+
+ i = 0;
+
+ if (psk != 0)
+ {
+ DECR_LEN (data_size, 2);
+ psk_size = _gnutls_read_uint16 (&data[i]);
+ DECR_LEN (data_size, psk_size);
+ i += 2 + psk_size;
+ }
+
+ DECR_LEN (data_size, 2);
+ n_p = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_p);
+ data_p = &data[i];
+ i += n_p;
+
+ DECR_LEN (data_size, 2);
+ n_g = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ DECR_LEN (data_size, 2);
+ n_Y = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_Y);
+ data_Y = &data[i];
+ i += n_Y;
+
+ _n_Y = n_Y;
+ _n_g = n_g;
+ _n_p = n_p;
+
+ if (_gnutls_mpi_scan_nz (&session->key->client_Y, data_Y, _n_Y) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz (&session->key->client_g, data_g, _n_g) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ if (_gnutls_mpi_scan_nz (&session->key->client_p, data_p, _n_p) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ bits = _gnutls_dh_get_allowed_prime_bits (session);
+ if (bits < 0)
+ {
+ gnutls_assert ();
+ return bits;
+ }
+
+ if (_gnutls_mpi_get_nbits (session->key->client_p) < (size_t) bits)
+ {
+ /* the prime used by the peer is not acceptable
+ */
+ gnutls_assert ();
+ return GNUTLS_E_DH_PRIME_UNACCEPTABLE;
+ }
+
+ _gnutls_dh_set_group (session, session->key->client_g,
+ session->key->client_p);
+ _gnutls_dh_set_peer_public (session, session->key->client_Y);
+
+ ret = n_Y + n_p + n_g + 6;
+ if (psk != 0)
+ ret += 2;
+
+ return ret;
+}
+
+/* If the psk flag is set, then an empty psk_identity_hint will
+ * be inserted */
+int
+_gnutls_dh_common_print_server_kx (gnutls_session_t session,
+ bigint_t g, bigint_t p, opaque ** data,
+ int psk)
+{
+ bigint_t x, X;
+ size_t n_X, n_g, n_p;
+ int ret, data_size, pos;
+ uint8_t *pdata;
+
+ X = gnutls_calc_dh_secret (&x, g, p);
+ if (X == NULL || x == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->key->dh_secret = x;
+ _gnutls_dh_set_secret_bits (session, _gnutls_mpi_get_nbits (x));
+
+ _gnutls_mpi_print (g, NULL, &n_g);
+ _gnutls_mpi_print (p, NULL, &n_p);
+ _gnutls_mpi_print (X, NULL, &n_X);
+
+ data_size = n_g + n_p + n_X + 6;
+ if (psk != 0)
+ data_size += 2;
+
+ (*data) = gnutls_malloc (data_size);
+ if (*data == NULL)
+ {
+ _gnutls_mpi_release (&X);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ pos = 0;
+ pdata = *data;
+
+ if (psk != 0)
+ {
+ _gnutls_write_uint16 (0, &pdata[pos]);
+ pos += 2;
+ }
+
+ _gnutls_mpi_print (p, &pdata[pos + 2], &n_p);
+ _gnutls_write_uint16 (n_p, &pdata[pos]);
+
+ pos += n_p + 2;
+
+ _gnutls_mpi_print (g, &pdata[pos + 2], &n_g);
+ _gnutls_write_uint16 (n_g, &pdata[pos]);
+
+ pos += n_g + 2;
+
+ _gnutls_mpi_print (X, &pdata[pos + 2], &n_X);
+ _gnutls_mpi_release (&X);
+
+ _gnutls_write_uint16 (n_X, &pdata[pos]);
+
+ /* do not use data_size. _gnutls_mpi_print() might
+ * have been pessimist and might have returned initially
+ * more data */
+ ret = n_g + n_p + n_X + 6;
+ if (psk != 0)
+ ret += 2;
+
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef AUTH_DH_COMMON
+#define AUTH_DH_COMMON
+
+typedef struct
+{
+ int secret_bits;
+
+ gnutls_datum_t prime;
+ gnutls_datum_t generator;
+ gnutls_datum_t public_key;
+} dh_info_st;
+
+void _gnutls_free_dh_info (dh_info_st * dh);
+int _gnutls_gen_dh_common_client_kx_int (gnutls_session_t, opaque **, gnutls_datum_t* pskkey);
+int _gnutls_gen_dh_common_client_kx (gnutls_session_t, opaque **);
+int _gnutls_proc_dh_common_client_kx (gnutls_session_t session,
+ opaque * data, size_t _data_size,
+ bigint_t p, bigint_t g);
+int _gnutls_dh_common_print_server_kx (gnutls_session_t, bigint_t g,
+ bigint_t p, opaque ** data, int psk);
+int _gnutls_proc_dh_common_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size, int psk);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains everything for the Ephemeral Diffie-Hellman
+ * (DHE) key exchange. This is used in the handshake procedure of the
+ * certificate authentication.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "gnutls_sig.h"
+#include <gnutls_datum.h>
+#include <gnutls_algorithms.h>
+#include <auth_cert.h>
+#include <gnutls_x509.h>
+#include <gnutls_state.h>
+#include <auth_dh_common.h>
+
+static int gen_dhe_server_kx (gnutls_session_t, opaque **);
+static int proc_dhe_server_kx (gnutls_session_t, opaque *, size_t);
+static int proc_dhe_client_kx (gnutls_session_t, opaque *, size_t);
+
+const mod_auth_st dhe_rsa_auth_struct = {
+ "DHE_RSA",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
+};
+
+const mod_auth_st dhe_dss_auth_struct = {
+ "DHE_DSS",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ gen_dhe_server_kx,
+ _gnutls_gen_dh_common_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ proc_dhe_server_kx,
+ proc_dhe_client_kx,
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
+};
+
+
+static int
+gen_dhe_server_kx (gnutls_session_t session, opaque ** data)
+{
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret = 0, data_size;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum_t signature = { NULL, 0 }, ddata;
+ gnutls_certificate_credentials_t cred;
+ gnutls_dh_params_t dh_params;
+ gnutls_sign_algorithm_t sign_algo;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = _gnutls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
+ sizeof (cert_auth_info_st), 0)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_dh_set_group (session, g, p);
+
+ ret = _gnutls_dh_common_print_server_kx (session, g, p, data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ data_size = ret;
+
+ /* Generate the signature. */
+
+ ddata.data = *data;
+ ddata.size = data_size;
+
+ if (apr_cert_list_length > 0)
+ {
+ if ((ret =
+ _gnutls_handshake_sign_data (session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ ret = data_size; /* do not put a signature - ILLEGAL! */
+ goto cleanup;
+ }
+
+ *data = gnutls_realloc_fast (*data, data_size + signature.size + 4);
+ if (*data == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ const sign_algorithm_st *aid;
+
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ aid = _gnutls_sign_to_tls_aid (sign_algo);
+ if (aid == NULL)
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_UNKNOWN_ALGORITHM;
+ goto cleanup;
+ }
+
+ (*data)[data_size++] = aid->hash_algorithm;
+ (*data)[data_size++] = aid->sign_algorithm;
+ }
+
+ _gnutls_write_datum16 (&(*data)[data_size], signature);
+ data_size += signature.size + 2;
+
+ _gnutls_free_datum (&signature);
+
+ return data_size;
+
+cleanup:
+ _gnutls_free_datum (&signature);
+ gnutls_free(*data);
+ return ret;
+
+}
+
+static int
+proc_dhe_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ int sigsize;
+ opaque *sigdata;
+ gnutls_datum_t vparams, signature;
+ int ret;
+ cert_auth_info_t info = _gnutls_get_auth_info (session);
+ ssize_t data_size = _data_size;
+ gnutls_cert peer_cert;
+ gnutls_sign_algorithm_t sign_algo = GNUTLS_SIGN_UNKNOWN;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ if (info == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* VERIFY SIGNATURE */
+
+ vparams.size = ret;
+ vparams.data = data;
+
+ sigdata = &data[vparams.size];
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ sign_algorithm_st aid;
+
+ DECR_LEN (data_size, 1);
+ aid.hash_algorithm = *sigdata++;
+ DECR_LEN (data_size, 1);
+ aid.sign_algorithm = *sigdata++;
+ sign_algo = _gnutls_tls_aid_to_sign (&aid);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ }
+ DECR_LEN (data_size, 2);
+ sigsize = _gnutls_read_uint16 (sigdata);
+ sigdata += 2;
+
+ DECR_LEN (data_size, sigsize);
+ signature.data = sigdata;
+ signature.size = sigsize;
+
+ if ((ret =
+ _gnutls_get_auth_info_gcert (&peer_cert,
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
+ sign_algo);
+
+ _gnutls_gcert_deinit (&peer_cert);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+}
+
+
+
+static int
+proc_dhe_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ gnutls_certificate_credentials_t cred;
+ int ret;
+ bigint_t p, g;
+ const bigint_t *mpis;
+ gnutls_dh_params_t dh_params;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = _gnutls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ ret = _gnutls_proc_dh_common_client_kx (session, data, _data_size, g, p);
+
+ return ret;
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2005, 2007, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the PSK Diffie-Hellman key exchange part of the
+ * PSK authentication. The functions here are used in the handshake.
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PSK
+
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "auth_psk.h"
+#include "gnutls_num.h"
+#include "gnutls_mpi.h"
+#include <gnutls_state.h>
+#include <auth_dh_common.h>
+#include <gnutls_datum.h>
+
+static int gen_psk_server_kx (gnutls_session_t, opaque **);
+static int gen_psk_client_kx (gnutls_session_t, opaque **);
+static int proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
+static int proc_psk_server_kx (gnutls_session_t, opaque *, size_t);
+
+const mod_auth_st dhe_psk_auth_struct = {
+ "DHE PSK",
+ NULL,
+ NULL,
+ gen_psk_server_kx,
+ gen_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ proc_psk_server_kx,
+ proc_psk_client_kx,
+ NULL,
+ NULL
+};
+
+static int
+gen_psk_client_kx (gnutls_session_t session, opaque ** data)
+{
+ int ret, free;
+ opaque *tmp_data = NULL;
+ int data_size, tmp_data_size;
+ gnutls_psk_client_credentials_t cred;
+ gnutls_datum_t username, key;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+
+ ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ /* The PSK key is set in there */
+ ret = _gnutls_gen_dh_common_client_kx_int (session, &tmp_data, &key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ tmp_data_size = ret;
+ data_size = tmp_data_size + username.size + 2;
+
+ (*data) = gnutls_malloc (data_size);
+ if ((*data) == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_write_datum16 (*data, username);
+ memcpy (&(*data)[username.size + 2], tmp_data, tmp_data_size);
+
+ ret = data_size;
+
+cleanup:
+ gnutls_free (tmp_data);
+ if (free)
+ {
+ _gnutls_free_datum(&username);
+ _gnutls_free_datum(&key);
+ }
+
+ return ret;
+
+}
+
+static int
+gen_psk_server_kx (gnutls_session_t session, opaque ** data)
+{
+ bigint_t g, p;
+ const bigint_t *mpis;
+ int ret;
+ gnutls_dh_params_t dh_params;
+ gnutls_psk_server_credentials_t cred;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = _gnutls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
+ sizeof (psk_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_dh_set_group (session, g, p);
+
+ ret = _gnutls_dh_common_print_server_kx (session, g, p, data, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+}
+
+
+static int
+proc_psk_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ int ret;
+ bigint_t p, g;
+ gnutls_dh_params_t dh_params;
+ const bigint_t *mpis;
+ gnutls_psk_server_credentials_t cred;
+ psk_auth_info_t info;
+ gnutls_datum_t username;
+ ssize_t data_size = _data_size;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
+ sizeof (psk_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ dh_params =
+ _gnutls_get_dh_params (cred->dh_params, cred->params_func, session);
+ mpis = _gnutls_dh_params_to_mpi (dh_params);
+ if (mpis == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_DH_PARAMS;
+ }
+
+ p = mpis[0];
+ g = mpis[1];
+
+ DECR_LEN (data_size, 2);
+ username.size = _gnutls_read_uint16 (&data[0]);
+
+ DECR_LEN (data_size, username.size);
+
+ username.data = &data[2];
+
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info (session);
+
+ if (username.size > MAX_USERNAME_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy (info->username, username.data, username.size);
+ info->username[username.size] = 0;
+
+ /* Adjust the data */
+ data += username.size + 2;
+
+ ret = _gnutls_proc_dh_common_client_kx (session, data, data_size, g, p);
+
+ return ret;
+
+}
+
+int
+proc_psk_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+
+ int ret;
+
+ /* set auth_info */
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
+ sizeof (psk_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_proc_dh_common_server_kx (session, data, _data_size, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+#endif /* ENABLE_PSK */
--- /dev/null
+/*
+ * Copyright (C) 2005, 2007, 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PSK
+
+#include "gnutls_errors.h"
+#include "gnutls_auth.h"
+#include "gnutls_auth.h"
+#include "debug.h"
+#include "gnutls_num.h"
+#include <auth_psk.h>
+#include <auth_psk_passwd.h>
+#include <gnutls_str.h>
+#include <gnutls_datum.h>
+
+int _gnutls_gen_psk_server_kx (gnutls_session_t session, opaque ** data);
+int _gnutls_gen_psk_client_kx (gnutls_session_t, opaque **);
+
+int _gnutls_proc_psk_client_kx (gnutls_session_t, opaque *, size_t);
+
+int _gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size);
+
+const mod_auth_st psk_auth_struct = {
+ "PSK",
+ NULL,
+ NULL,
+ _gnutls_gen_psk_server_kx,
+ _gnutls_gen_psk_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ _gnutls_proc_psk_server_kx,
+ _gnutls_proc_psk_client_kx,
+ NULL,
+ NULL
+};
+
+/* Set the PSK premaster secret.
+ */
+int
+_gnutls_set_psk_session_key (gnutls_session_t session,
+ gnutls_datum_t * ppsk /* key */,
+ gnutls_datum_t * dh_secret)
+{
+ gnutls_datum_t pwd_psk = { NULL, 0 };
+ size_t dh_secret_size;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ { /* SERVER side */
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+
+ /* find the key of this username
+ */
+ ret = _gnutls_psk_pwd_find_entry (session, info->username, &pwd_psk);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ ppsk = &pwd_psk;
+ }
+
+
+ if (dh_secret == NULL)
+ dh_secret_size = ppsk->size;
+ else
+ dh_secret_size = dh_secret->size;
+
+ /* set the session key
+ */
+ session->key->key.size = 4 + dh_secret_size + ppsk->size;
+ session->key->key.data = gnutls_malloc (session->key->key.size);
+ if (session->key->key.data == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* format of the premaster secret:
+ * (uint16_t) psk_size
+ * psk_size bytes of zeros
+ * (uint16_t) psk_size
+ * the psk
+ */
+ _gnutls_write_uint16 (dh_secret_size, session->key->key.data);
+ if (dh_secret == NULL)
+ memset (&session->key->key.data[2], 0, dh_secret_size);
+ else
+ memcpy (&session->key->key.data[2], dh_secret->data, dh_secret->size);
+ _gnutls_write_datum16 (&session->key->key.data[dh_secret_size + 2], *ppsk);
+
+ ret = 0;
+
+error:
+ _gnutls_free_datum (&pwd_psk);
+ return ret;
+}
+
+/* returns the username and they key for the PSK session.
+ * Free is non zero if they have to be freed.
+ */
+int _gnutls_find_psk_key( gnutls_session_t session, gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum* key, int* free)
+{
+char* user_p;
+int ret;
+
+ *free = 0;
+
+ if (cred->username.data != NULL && cred->key.data != NULL)
+ {
+ username->data = cred->username.data;
+ username->size = cred->username.size;
+ key->data = cred->key.data;
+ key->size = cred->key.size;
+ }
+ else if (cred->get_function != NULL)
+ {
+ ret = cred->get_function (session, &user_p, key);
+ if (ret)
+ return gnutls_assert_val(ret);
+
+ username->data = user_p;
+ username->size = strlen(user_p);
+
+ *free = 1;
+ }
+ else
+ return gnutls_assert_val(GNUTLS_E_INSUFFICIENT_CREDENTIALS);
+
+ return 0;
+}
+
+
+/* Generates the PSK client key exchange
+ *
+ *
+ * struct {
+ * select (KeyExchangeAlgorithm) {
+ * opaque psk_identity<0..2^16-1>;
+ * } exchange_keys;
+ * } ClientKeyExchange;
+ *
+ */
+int
+_gnutls_gen_psk_client_kx (gnutls_session_t session, opaque ** data)
+{
+ int ret, free;
+ gnutls_datum_t username;
+ gnutls_datum_t key;
+ gnutls_psk_client_credentials_t cred;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ ret = _gnutls_find_psk_key( session, cred, &username, &key, &free);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_set_psk_session_key (session, &key, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ (*data) = gnutls_malloc (2 + username.size);
+ if ((*data) == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ _gnutls_write_datum16 (*data, username);
+
+cleanup:
+ if (free)
+ {
+ gnutls_free(username.data);
+ gnutls_free(key.data);
+ }
+
+ return (username.size + 2);
+}
+
+
+/* just read the username from the client key exchange.
+ */
+int
+_gnutls_proc_psk_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ ssize_t data_size = _data_size;
+ int ret;
+ gnutls_datum_t username;
+ gnutls_psk_server_credentials_t cred;
+ psk_auth_info_t info;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
+ sizeof (psk_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ DECR_LEN (data_size, 2);
+ username.size = _gnutls_read_uint16 (&data[0]);
+
+ DECR_LEN (data_size, username.size);
+
+ username.data = &data[2];
+
+
+ /* copy the username to the auth info structures
+ */
+ info = _gnutls_get_auth_info (session);
+
+ if (username.size > MAX_USERNAME_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy (info->username, username.data, username.size);
+ info->username[username.size] = 0;
+
+ ret = _gnutls_set_psk_session_key (session, NULL, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = 0;
+
+error:
+ return ret;
+}
+
+
+/* Generates the PSK server key exchange
+ *
+ * struct {
+ * select (KeyExchangeAlgorithm) {
+ * // other cases for rsa, diffie_hellman, etc.
+ * case psk: // NEW
+ * opaque psk_identity_hint<0..2^16-1>;
+ * };
+ * } ServerKeyExchange;
+ *
+ */
+int
+_gnutls_gen_psk_server_kx (gnutls_session_t session, opaque ** data)
+{
+ gnutls_psk_server_credentials_t cred;
+ gnutls_datum_t hint;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* Abort sending this message if there is no PSK identity hint. */
+ if (cred->hint == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INT_RET_0;
+ }
+
+ hint.data = cred->hint;
+ hint.size = strlen (cred->hint);
+
+ (*data) = gnutls_malloc (2 + hint.size);
+ if ((*data) == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_write_datum16 (*data, hint);
+
+ return hint.size + 2;
+}
+
+
+/* just read the hint from the server key exchange.
+ */
+int
+_gnutls_proc_psk_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ ssize_t data_size = _data_size;
+ int ret;
+ gnutls_datum_t hint;
+ gnutls_psk_client_credentials_t cred;
+ psk_auth_info_t info;
+
+ cred = (gnutls_psk_client_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
+ sizeof (psk_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ DECR_LENGTH_RET (data_size, 2, 0);
+ hint.size = _gnutls_read_uint16 (&data[0]);
+
+ DECR_LEN (data_size, hint.size);
+
+ hint.data = &data[2];
+
+ /* copy the hint to the auth info structures
+ */
+ info = _gnutls_get_auth_info (session);
+
+ if (hint.size > MAX_USERNAME_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ memcpy (info->hint, hint.data, hint.size);
+ info->hint[hint.size] = 0;
+
+ ret = _gnutls_set_psk_session_key (session, &cred->key, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = 0;
+
+error:
+ return ret;
+}
+
+#endif /* ENABLE_PSK */
--- /dev/null
+/*
+ * Copyright (C) 2005, 2007, 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef AUTH_PSK_H
+#define AUTH_PSK_H
+
+#include <gnutls_auth.h>
+#include <auth_dh_common.h>
+
+typedef struct gnutls_psk_client_credentials_st
+{
+ gnutls_datum_t username;
+ gnutls_datum_t key;
+ gnutls_psk_client_credentials_function *get_function;
+} psk_client_credentials_st;
+
+typedef struct gnutls_psk_server_credentials_st
+{
+ char *password_file;
+ /* callback function, instead of reading the
+ * password files.
+ */
+ gnutls_psk_server_credentials_function *pwd_callback;
+
+ /* For DHE_PSK */
+ gnutls_dh_params_t dh_params;
+ /* this callback is used to retrieve the DH or RSA
+ * parameters.
+ */
+ gnutls_params_function *params_func;
+
+ /* Identity hint. */
+ char *hint;
+} psk_server_cred_st;
+
+/* these structures should not use allocated data */
+typedef struct psk_auth_info_st
+{
+ char username[MAX_USERNAME_SIZE + 1];
+ dh_info_st dh;
+ char hint[MAX_USERNAME_SIZE + 1];
+} *psk_auth_info_t;
+
+
+#ifdef ENABLE_PSK
+
+typedef struct psk_auth_info_st psk_auth_info_st;
+
+int
+_gnutls_set_psk_session_key (gnutls_session_t session, gnutls_datum_t* key, gnutls_datum_t * psk2);
+
+int _gnutls_find_psk_key( gnutls_session_t session, gnutls_psk_client_credentials_t cred,
+ gnutls_datum_t * username, gnutls_datum* key, int* free);
+
+#else
+#define _gnutls_set_psk_session_key(x,y) GNUTLS_E_INTERNAL_ERROR
+#endif /* ENABLE_PSK */
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2005, 2007, 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions for operating in an PSK passwd file are included here */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PSK
+
+#include "x509_b64.h"
+#include "gnutls_errors.h"
+#include <auth_psk_passwd.h>
+#include "auth_psk.h"
+#include "gnutls_auth.h"
+#include "gnutls_dh.h"
+#include "debug.h"
+#include <gnutls_str.h>
+#include <gnutls_datum.h>
+#include <gnutls_num.h>
+#include <random.h>
+
+
+/* this function parses passwd.psk file. Format is:
+ * string(username):hex(passwd)
+ */
+static int
+pwd_put_values (gnutls_datum_t * psk, char *str)
+{
+ char *p;
+ int len, ret;
+ size_t size;
+
+ p = strchr (str, ':');
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* skip username
+ */
+
+ /* read the key
+ */
+ len = strlen (p);
+ if (p[len - 1] == '\n' || p[len - 1] == ' ')
+ len--;
+
+ size = psk->size = len / 2;
+ psk->data = gnutls_malloc (size);
+ if (psk->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_hex2bin ((opaque *) p, len, psk->data, &size);
+ psk->size = (unsigned int) size;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ return 0;
+
+}
+
+
+/* Randomizes the given password entry. It actually sets a random password.
+ * Returns 0 on success.
+ */
+static int
+_randomize_psk (gnutls_datum_t * psk)
+{
+ int ret;
+
+ psk->data = gnutls_malloc (16);
+ if (psk->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ psk->size = 16;
+
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, (char *) psk->data, 16);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/* Returns the PSK key of the given user.
+ * If the user doesn't exist a random password is returned instead.
+ */
+int
+_gnutls_psk_pwd_find_entry (gnutls_session_t session, char *username,
+ gnutls_datum_t * psk)
+{
+ gnutls_psk_server_credentials_t cred;
+ FILE *fd;
+ char line[2 * 1024];
+ unsigned i, len;
+ int ret;
+
+ cred = (gnutls_psk_server_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_PSK, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* if the callback which sends the parameters is
+ * set, use it.
+ */
+ if (cred->pwd_callback != NULL)
+ {
+ ret = cred->pwd_callback (session, username, psk);
+
+ if (ret == 1)
+ { /* the user does not exist */
+ ret = _randomize_psk (psk);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ return 0;
+ }
+
+ /* The callback was not set. Proceed.
+ */
+ if (cred->password_file == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ /* Open the selected password file.
+ */
+ fd = fopen (cred->password_file, "r");
+ if (fd == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ len = strlen (username);
+ while (fgets (line, sizeof (line), fd) != NULL)
+ {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
+ {
+ i++;
+ }
+
+ if (strncmp (username, line, MAX (i, len)) == 0)
+ {
+ ret = pwd_put_values (psk, line);
+ fclose (fd);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ return 0;
+ }
+ }
+ fclose (fd);
+
+ /* user was not found. Fake him.
+ * the last index found and randomize the entry.
+ */
+ ret = _randomize_psk (psk);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+
+}
+
+
+#endif /* ENABLE PSK */
--- /dev/null
+/*
+ * Copyright (C) 2005, 2007, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifdef ENABLE_PSK
+
+/* this is locally allocated. It should be freed using the provided function */
+int _gnutls_psk_pwd_find_entry (gnutls_session_t, char *username,
+ gnutls_datum_t * key);
+
+#endif /* ENABLE_SRP */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the RSA key exchange part of the certificate
+ * authentication.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "gnutls_datum.h"
+#include "auth_cert.h"
+#include <gnutls_pk.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_global.h>
+#include "debug.h"
+#include <gnutls_sig.h>
+#include <gnutls_x509.h>
+#include <random.h>
+#include <gnutls_mpi.h>
+
+int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
+static int proc_rsa_client_kx (gnutls_session_t, opaque *, size_t);
+
+const mod_auth_st rsa_auth_struct = {
+ "RSA",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ NULL, /* gen server kx */
+ _gnutls_gen_rsa_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ NULL, /* proc server kx */
+ proc_rsa_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
+};
+
+/* This function reads the RSA parameters from peer's certificate;
+ */
+static int
+_gnutls_get_public_rsa_params (gnutls_session_t session,
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE],
+ int *params_len)
+{
+ int ret;
+ cert_auth_info_t info;
+ gnutls_cert peer_cert;
+ int i;
+
+ /* normal non export case */
+
+ info = _gnutls_get_auth_info (session);
+
+ if (info == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_get_auth_info_gcert (&peer_cert,
+ session->security_parameters.cert_type,
+ info, CERT_ONLY_PUBKEY | CERT_NO_COPY);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ /* EXPORT case: */
+ if (_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite) ==
+ GNUTLS_KX_RSA_EXPORT
+ && _gnutls_mpi_get_nbits (peer_cert.params[0]) > 512)
+ {
+
+ _gnutls_gcert_deinit (&peer_cert);
+
+ if (session->key->rsa[0] == NULL || session->key->rsa[1] == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (*params_len < 2)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ *params_len = 2;
+ for (i = 0; i < *params_len; i++)
+ {
+ params[i] = _gnutls_mpi_copy (session->key->rsa[i]);
+ }
+
+ return 0;
+ }
+
+ /* end of export case */
+
+ if (*params_len < peer_cert.params_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ *params_len = peer_cert.params_size;
+
+ for (i = 0; i < *params_len; i++)
+ {
+ params[i] = _gnutls_mpi_copy (peer_cert.params[i]);
+ }
+ _gnutls_gcert_deinit (&peer_cert);
+
+ return 0;
+}
+
+static int
+proc_rsa_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ gnutls_datum_t plaintext;
+ gnutls_datum_t ciphertext;
+ int ret, dsize;
+ int randomize_key = 0;
+ ssize_t data_size = _data_size;
+
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ /* SSL 3.0
+ */
+ ciphertext.data = data;
+ ciphertext.size = data_size;
+ }
+ else
+ {
+ /* TLS 1.0
+ */
+ DECR_LEN (data_size, 2);
+ ciphertext.data = &data[2];
+ dsize = _gnutls_read_uint16 (data);
+
+ if (dsize != data_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ ciphertext.size = dsize;
+ }
+
+ ret =
+ gnutls_privkey_decrypt_data (session->internals.selected_key, 0,
+ &ciphertext, &plaintext);
+
+ if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
+ {
+ /* In case decryption fails then don't inform
+ * the peer. Just use a random key. (in order to avoid
+ * attack against pkcs-1 formating).
+ */
+ gnutls_assert ();
+ _gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
+ }
+ else
+ {
+ /* If the secret was properly formatted, then
+ * check the version number.
+ */
+ if (_gnutls_get_adv_version_major (session) != plaintext.data[0]
+ || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
+ {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
+ }
+
+ if (randomize_key != 0)
+ {
+ session->key->key.size = GNUTLS_MASTER_SIZE;
+ session->key->key.data = gnutls_malloc (session->key->key.size);
+ if (session->key->key.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* we do not need strong random numbers here.
+ */
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
+ session->key->key.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ }
+ else
+ {
+ session->key->key.data = plaintext.data;
+ session->key->key.size = plaintext.size;
+ }
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+ session->key->key.data[0] = _gnutls_get_adv_version_major (session);
+ session->key->key.data[1] = _gnutls_get_adv_version_minor (session);
+
+ return 0;
+}
+
+
+
+/* return RSA(random) using the peers public key
+ */
+int
+_gnutls_gen_rsa_client_kx (gnutls_session_t session, opaque ** data)
+{
+ cert_auth_info_t auth = session->key->auth_info;
+ gnutls_datum_t sdata; /* data to send */
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_len = MAX_PUBLIC_PARAMS_SIZE;
+ int ret, i;
+ gnutls_protocol_t ver;
+
+ if (auth == NULL)
+ {
+ /* this shouldn't have happened. The proc_certificate
+ * function should have detected that.
+ */
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ session->key->key.size = GNUTLS_MASTER_SIZE;
+ session->key->key.data = gnutls_secure_malloc (session->key->key.size);
+
+ if (session->key->key.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, session->key->key.data,
+ session->key->key.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ver = _gnutls_get_adv_version (session);
+
+ if (session->internals.rsa_pms_version[0] == 0)
+ {
+ session->key->key.data[0] = _gnutls_version_get_major (ver);
+ session->key->key.data[1] = _gnutls_version_get_minor (ver);
+ }
+ else
+ { /* use the version provided */
+ session->key->key.data[0] = session->internals.rsa_pms_version[0];
+ session->key->key.data[1] = session->internals.rsa_pms_version[1];
+ }
+
+ /* move RSA parameters to key (session).
+ */
+ if ((ret =
+ _gnutls_get_public_rsa_params (session, params, ¶ms_len)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_pkcs1_rsa_encrypt (&sdata, &session->key->key,
+ params, params_len, 2)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ for (i = 0; i < params_len; i++)
+ _gnutls_mpi_release (¶ms[i]);
+
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ /* SSL 3.0 */
+ *data = sdata.data;
+ return sdata.size;
+ }
+ else
+ { /* TLS 1 */
+ *data = gnutls_malloc (sdata.size + 2);
+ if (*data == NULL)
+ {
+ _gnutls_free_datum (&sdata);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_write_datum16 (*data, sdata);
+ ret = sdata.size + 2;
+ _gnutls_free_datum (&sdata);
+ return ret;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the RSA key exchange part of the certificate
+ * authentication.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "gnutls_datum.h"
+#include "auth_cert.h"
+#include <gnutls_pk.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_global.h>
+#include "debug.h"
+#include <gnutls_sig.h>
+#include <gnutls_x509.h>
+#include <gnutls_rsa_export.h>
+#include <gnutls_state.h>
+#include <random.h>
+
+int _gnutls_gen_rsa_client_kx (gnutls_session_t, opaque **);
+static int gen_rsa_export_server_kx (gnutls_session_t, opaque **);
+static int proc_rsa_export_server_kx (gnutls_session_t, opaque *, size_t);
+static int proc_rsa_export_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size);
+
+const mod_auth_st rsa_export_auth_struct = {
+ "RSA EXPORT",
+ _gnutls_gen_cert_server_certificate,
+ _gnutls_gen_cert_client_certificate,
+ gen_rsa_export_server_kx,
+ _gnutls_gen_rsa_client_kx,
+ _gnutls_gen_cert_client_cert_vrfy, /* gen client cert vrfy */
+ _gnutls_gen_cert_server_cert_req, /* server cert request */
+
+ _gnutls_proc_cert_server_certificate,
+ _gnutls_proc_cert_client_certificate,
+ proc_rsa_export_server_kx,
+ proc_rsa_export_client_kx, /* proc client kx */
+ _gnutls_proc_cert_client_cert_vrfy, /* proc client cert vrfy */
+ _gnutls_proc_cert_cert_req /* proc server cert request */
+};
+
+/* This function reads the RSA parameters from the private key
+ */
+static int
+_gnutls_get_private_rsa_params (gnutls_session_t session,
+ bigint_t ** params, int *params_size)
+{
+ int bits;
+ gnutls_certificate_credentials_t cred;
+ gnutls_rsa_params_t rsa_params;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (session->internals.selected_cert_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ bits =
+ _gnutls_mpi_get_nbits (session->internals.
+ selected_cert_list[0].params[0]);
+
+ if (_gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite)
+ != GNUTLS_KX_RSA_EXPORT || bits < 512)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ rsa_params =
+ _gnutls_certificate_get_rsa_params (cred->rsa_params,
+ cred->params_func, session);
+ /* EXPORT case: */
+ if (rsa_params == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
+ }
+
+ /* In the export case, we do use temporary RSA params
+ * of 512 bits size. The params in the certificate are
+ * used to sign this temporary stuff.
+ */
+ *params_size = RSA_PRIVATE_PARAMS;
+ *params = rsa_params->params;
+
+ return 0;
+}
+
+int
+proc_rsa_export_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ gnutls_datum_t plaintext;
+ gnutls_datum_t ciphertext;
+ int ret, dsize;
+ bigint_t *params;
+ int params_len;
+ int randomize_key = 0;
+ ssize_t data_size = _data_size;
+
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ /* SSL 3.0
+ */
+ ciphertext.data = data;
+ ciphertext.size = data_size;
+ }
+ else
+ {
+ /* TLS 1.0
+ */
+ DECR_LEN (data_size, 2);
+ ciphertext.data = &data[2];
+ dsize = _gnutls_read_uint16 (data);
+
+ if (dsize != data_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ ciphertext.size = dsize;
+ }
+
+ ret = _gnutls_get_private_rsa_params (session, ¶ms, ¶ms_len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_pkcs1_rsa_decrypt (&plaintext, &ciphertext, params, params_len, 2); /* btype==2 */
+
+ if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE)
+ {
+ /* In case decryption fails then don't inform
+ * the peer. Just use a random key. (in order to avoid
+ * attack against pkcs-1 formating).
+ */
+ gnutls_assert ();
+ _gnutls_x509_log ("auth_rsa: Possible PKCS #1 format attack\n");
+ randomize_key = 1;
+ }
+ else
+ {
+ /* If the secret was properly formatted, then
+ * check the version number.
+ */
+ if (_gnutls_get_adv_version_major (session) != plaintext.data[0]
+ || _gnutls_get_adv_version_minor (session) != plaintext.data[1])
+ {
+ /* No error is returned here, if the version number check
+ * fails. We proceed normally.
+ * That is to defend against the attack described in the paper
+ * "Attacking RSA-based sessions in SSL/TLS" by Vlastimil Klima,
+ * Ondej Pokorny and Tomas Rosa.
+ */
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("auth_rsa: Possible PKCS #1 version check format attack\n");
+ }
+ }
+
+ if (randomize_key != 0)
+ {
+ session->key->key.size = GNUTLS_MASTER_SIZE;
+ session->key->key.data = gnutls_malloc (session->key->key.size);
+ if (session->key->key.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* we do not need strong random numbers here.
+ */
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, session->key->key.data,
+ session->key->key.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ }
+ else
+ {
+ session->key->key.data = plaintext.data;
+ session->key->key.size = plaintext.size;
+ }
+
+ /* This is here to avoid the version check attack
+ * discussed above.
+ */
+ session->key->key.data[0] = _gnutls_get_adv_version_major (session);
+ session->key->key.data[1] = _gnutls_get_adv_version_minor (session);
+
+ return 0;
+}
+
+static int
+gen_rsa_export_server_kx (gnutls_session_t session, opaque ** data)
+{
+ gnutls_rsa_params_t rsa_params;
+ const bigint_t *rsa_mpis;
+ size_t n_e, n_m;
+ uint8_t *data_e, *data_m;
+ int ret = 0, data_size;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_datum_t signature, ddata;
+ gnutls_certificate_credentials_t cred;
+ gnutls_sign_algorithm_t sign_algo;
+ unsigned int bits = 0;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* abort sending this message if we have a certificate
+ * of 512 bits or less.
+ */
+ gnutls_privkey_get_pk_algorithm (apr_pkey, &bits);
+ if (apr_pkey && bits <= 512)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INT_RET_0;
+ }
+
+ rsa_params =
+ _gnutls_certificate_get_rsa_params (cred->rsa_params, cred->params_func,
+ session);
+ rsa_mpis = _gnutls_rsa_params_to_mpi (rsa_params);
+ if (rsa_mpis == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_TEMPORARY_RSA_PARAMS;
+ }
+
+ if ((ret = _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
+ sizeof (cert_auth_info_st), 0)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_rsa_export_set_pubkey (session, rsa_mpis[1], rsa_mpis[0]);
+
+ _gnutls_mpi_print (rsa_mpis[0], NULL, &n_m);
+ _gnutls_mpi_print (rsa_mpis[1], NULL, &n_e);
+
+ (*data) = gnutls_malloc (n_e + n_m + 4);
+ if (*data == NULL)
+ {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ data_m = &(*data)[0];
+ _gnutls_mpi_print (rsa_mpis[0], &data_m[2], &n_m);
+
+ _gnutls_write_uint16 (n_m, data_m);
+
+ data_e = &data_m[2 + n_m];
+ _gnutls_mpi_print (rsa_mpis[1], &data_e[2], &n_e);
+
+ _gnutls_write_uint16 (n_e, data_e);
+
+ data_size = n_m + n_e + 4;
+
+
+ /* Generate the signature. */
+
+ ddata.data = *data;
+ ddata.size = data_size;
+
+ if (apr_cert_list_length > 0)
+ {
+ if ((ret =
+ _gnutls_handshake_sign_data (session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (*data);
+ *data = NULL;
+ return ret;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return data_size; /* do not put a signature - ILLEGAL! */
+ }
+
+ *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
+ if (*data == NULL)
+ {
+ _gnutls_free_datum (&signature);
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_write_datum16 (&((*data)[data_size]), signature);
+ data_size += signature.size + 2;
+
+ _gnutls_free_datum (&signature);
+
+ return data_size;
+}
+
+/* if the peer's certificate is of 512 bits or less, returns non zero.
+ */
+int
+_gnutls_peers_cert_less_512 (gnutls_session_t session)
+{
+ gnutls_cert peer_cert;
+ int ret;
+ cert_auth_info_t info = _gnutls_get_auth_info (session);
+
+ if (info == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ /* we need this in order to get peer's certificate */
+ return 0;
+ }
+
+ if ((ret =
+ _gnutls_get_auth_info_gcert (&peer_cert,
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY)) < 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ if (peer_cert.subject_pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ _gnutls_gcert_deinit (&peer_cert);
+ return 0;
+ }
+
+ if (_gnutls_mpi_get_nbits (peer_cert.params[0]) <= 512)
+ {
+ _gnutls_gcert_deinit (&peer_cert);
+ return 1;
+ }
+
+ _gnutls_gcert_deinit (&peer_cert);
+
+ return 0;
+}
+
+static int
+proc_rsa_export_server_kx (gnutls_session_t session,
+ opaque * data, size_t _data_size)
+{
+ uint16_t n_m, n_e;
+ size_t _n_m, _n_e;
+ uint8_t *data_m;
+ uint8_t *data_e;
+ int i, sigsize;
+ gnutls_datum_t vparams, signature;
+ int ret;
+ ssize_t data_size = _data_size;
+ cert_auth_info_t info;
+ gnutls_cert peer_cert;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+ i = 0;
+
+ DECR_LEN (data_size, 2);
+ n_m = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_m);
+ data_m = &data[i];
+ i += n_m;
+
+ DECR_LEN (data_size, 2);
+ n_e = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_e);
+ data_e = &data[i];
+ i += n_e;
+
+ _n_e = n_e;
+ _n_m = n_m;
+
+ if (_gnutls_mpi_scan_nz (&session->key->rsa[0], data_m, _n_m) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz (&session->key->rsa[1], data_e, _n_e) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ _gnutls_rsa_export_set_pubkey (session, session->key->rsa[1],
+ session->key->rsa[0]);
+
+ /* VERIFY SIGNATURE */
+
+ vparams.size = n_m + n_e + 4;
+ vparams.data = data;
+
+ DECR_LEN (data_size, 2);
+ sigsize = _gnutls_read_uint16 (&data[vparams.size]);
+
+ DECR_LEN (data_size, sigsize);
+ signature.data = &data[vparams.size + 2];
+ signature.size = sigsize;
+
+ if ((ret =
+ _gnutls_get_auth_info_gcert (&peer_cert,
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
+ GNUTLS_SIGN_UNKNOWN);
+
+ _gnutls_gcert_deinit (&peer_cert);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_SRP
+
+#include "gnutls_errors.h"
+#include "auth_srp_passwd.h"
+#include "gnutls_auth.h"
+#include "gnutls_auth.h"
+#include "gnutls_srp.h"
+#include "gnutls_num.h"
+#include "auth_srp.h"
+#include <gnutls_str.h>
+#include <gnutls_datum.h>
+#include <ext_srp.h>
+
+const mod_auth_st srp_auth_struct = {
+ "SRP",
+ NULL,
+ NULL,
+ _gnutls_gen_srp_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ NULL,
+ NULL, /* certificate */
+ _gnutls_proc_srp_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
+};
+
+
+#define _b session->key->b
+#define B session->key->B
+#define _a session->key->a
+#define A session->key->A
+#define N session->key->client_p
+#define G session->key->client_g
+#define V session->key->x
+#define S session->key->KEY
+
+/* Checks if b%n==0 which is a fatal srp error.
+ * Returns a proper error code in that case, and 0 when
+ * all are ok.
+ */
+inline static int
+check_b_mod_n (bigint_t b, bigint_t n)
+{
+ int ret;
+ bigint_t r;
+
+ r = _gnutls_mpi_mod (b, n);
+
+ if (r == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_mpi_cmp_ui (r, 0);
+
+ _gnutls_mpi_release (&r);
+
+ if (ret == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ return 0;
+}
+
+/* Checks if a%n==0,+1,-1%n which is a fatal srp error.
+ * Returns a proper error code in that case, and 0 when
+ * all are ok.
+ */
+inline static int
+check_a_mod_n (bigint_t a, bigint_t n)
+{
+ int ret;
+ bigint_t r;
+
+ r = _gnutls_mpi_mod (a, n);
+ if (r == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_mpi_cmp_ui (r, 0);
+
+ _gnutls_mpi_release (&r);
+
+ if (ret == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ return 0;
+}
+
+
+/* Send the first key exchange message ( g, n, s) and append the verifier algorithm number
+ * Data is allocated by the caller, and should have data_size size.
+ */
+int
+_gnutls_gen_srp_server_kx (gnutls_session_t session, opaque ** data)
+{
+ int ret;
+ uint8_t *data_n, *data_s;
+ uint8_t *data_g;
+ char *username;
+ SRP_PWD_ENTRY *pwd_entry;
+ srp_server_auth_info_t info;
+ ssize_t data_size;
+ size_t n_b, tmp_size;
+ char buf[64];
+ uint8_t *data_b;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
+ if (ret < 0) /* peer didn't send a username */
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ if ((ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
+ sizeof (srp_server_auth_info_st), 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+ username = info->username;
+
+ _gnutls_str_cpy (username, MAX_USERNAME_SIZE, priv->username);
+
+ ret = _gnutls_srp_pwd_read_entry (session, username, &pwd_entry);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* copy from pwd_entry to local variables (actually in session) */
+ tmp_size = pwd_entry->g.size;
+ if (_gnutls_mpi_scan_nz (&G, pwd_entry->g.data, tmp_size) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ tmp_size = pwd_entry->n.size;
+ if (_gnutls_mpi_scan_nz (&N, pwd_entry->n.data, tmp_size) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ tmp_size = pwd_entry->v.size;
+ if (_gnutls_mpi_scan_nz (&V, pwd_entry->v.data, tmp_size) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* Calculate: B = (k*v + g^b) % N
+ */
+ B = _gnutls_calc_srp_B (&_b, G, N, V);
+ if (B == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (_gnutls_mpi_print (B, NULL, &n_b) != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+
+ /* Allocate size to hold the N, g, s, B
+ */
+
+ data_size = (pwd_entry->n.size + 2 + pwd_entry->g.size + 2 +
+ pwd_entry->salt.size + 1) + (n_b + 2);
+
+ (*data) = gnutls_malloc (data_size);
+ if ((*data) == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* copy N (mod n)
+ */
+ data_n = *data;
+ _gnutls_write_datum16 (data_n, pwd_entry->n);
+
+
+ /* copy G (generator) to data
+ */
+ data_g = &data_n[2 + pwd_entry->n.size];
+ _gnutls_write_datum16 (data_g, pwd_entry->g);
+
+
+ /* copy the salt
+ */
+ data_s = &data_g[2 + pwd_entry->g.size];
+ _gnutls_write_datum8 (data_s, pwd_entry->salt);
+
+
+ /* Copy the B value
+ */
+
+ data_b = &data_s[1 + pwd_entry->salt.size];
+ if (_gnutls_mpi_print (B, &data_b[2], &n_b) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ _gnutls_write_uint16 (n_b, data_b);
+
+ _gnutls_hard_log ("INT: SRP B[%d]: %s\n", (int) n_b,
+ _gnutls_bin2hex (&data_b[2], n_b, buf, sizeof (buf),
+ NULL));
+
+ _gnutls_srp_entry_free (pwd_entry);
+
+ return data_size;
+}
+
+/* return A = g^a % N */
+int
+_gnutls_gen_srp_client_kx (gnutls_session_t session, opaque ** data)
+{
+ size_t n_a;
+ int ret;
+ uint8_t *data_a;
+ char *username, *password;
+ char buf[64];
+ gnutls_srp_client_credentials_t cred;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
+ if (ret < 0) /* peer didn't send a username */
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ cred = (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (priv->username == NULL)
+ {
+ username = cred->username;
+ password = cred->password;
+ }
+ else
+ {
+
+ username = priv->username;
+ password = priv->password;
+ }
+
+ if (username == NULL || password == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* calc A = g^a % N
+ */
+ if (G == NULL || N == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ A = _gnutls_calc_srp_A (&_a, G, N);
+ if (A == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Rest of SRP calculations
+ */
+
+ /* calculate u */
+ session->key->u = _gnutls_calc_srp_u (A, B, N);
+ if (session->key->u == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log ("SRP U: ", session->key->u);
+
+ /* S = (B - g^x) ^ (a + u * x) % N */
+ S = _gnutls_calc_srp_S2 (B, G, session->key->x, _a, session->key->u, N);
+ if (S == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log ("SRP B: ", B);
+
+ _gnutls_mpi_release (&_b);
+ _gnutls_mpi_release (&V);
+ _gnutls_mpi_release (&session->key->u);
+ _gnutls_mpi_release (&B);
+
+ ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ _gnutls_mpi_release (&S);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (_gnutls_mpi_print (A, NULL, &n_a) != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ (*data) = gnutls_malloc (n_a + 2);
+ if ((*data) == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* copy A */
+ data_a = (*data);
+ if (_gnutls_mpi_print (A, &data_a[2], &n_a) != 0)
+ {
+ gnutls_free (*data);
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ _gnutls_hard_log ("INT: SRP A[%d]: %s\n", (int) n_a,
+ _gnutls_bin2hex (&data_a[2], n_a, buf, sizeof (buf),
+ NULL));
+
+ _gnutls_mpi_release (&A);
+
+ _gnutls_write_uint16 (n_a, data_a);
+
+ return n_a + 2;
+}
+
+
+/* just read A and put it to session */
+int
+_gnutls_proc_srp_client_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ size_t _n_A;
+ ssize_t data_size = _data_size;
+ int ret;
+
+ DECR_LEN (data_size, 2);
+ _n_A = _gnutls_read_uint16 (&data[0]);
+
+ DECR_LEN (data_size, _n_A);
+ if (_gnutls_mpi_scan_nz (&A, &data[2], _n_A) || A == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ _gnutls_mpi_log ("SRP A: ", A);
+ _gnutls_mpi_log ("SRP B: ", B);
+
+ /* Checks if A % n == 0.
+ */
+ if ((ret = check_a_mod_n (A, N)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Start the SRP calculations.
+ * - Calculate u
+ */
+ session->key->u = _gnutls_calc_srp_u (A, B, N);
+ if (session->key->u == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log ("SRP U: ", session->key->u);
+
+ /* S = (A * v^u) ^ b % N
+ */
+ S = _gnutls_calc_srp_S1 (A, _b, session->key->u, V, N);
+ if (S == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_mpi_log ("SRP S: ", S);
+
+ _gnutls_mpi_release (&A);
+ _gnutls_mpi_release (&_b);
+ _gnutls_mpi_release (&V);
+ _gnutls_mpi_release (&session->key->u);
+ _gnutls_mpi_release (&B);
+
+ ret = _gnutls_mpi_dprint (session->key->KEY, &session->key->key);
+ _gnutls_mpi_release (&S);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+
+
+/* Static parameters according to draft-ietf-tls-srp-07
+ * Note that if more parameters are added check_g_n()
+ * and _gnutls_srp_entry_free() should be changed.
+ */
+static const unsigned char srp_params_1024[] = {
+ 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6,
+ 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8,
+ 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B,
+ 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76,
+ 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3,
+ 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0,
+ 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4,
+ 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1,
+ 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6,
+ 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49,
+ 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
+ 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC,
+ 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0,
+ 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A,
+ 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B,
+ 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
+};
+
+static const unsigned char srp_generator = 0x02;
+
+const gnutls_datum_t gnutls_srp_1024_group_prime = {
+ (void *) srp_params_1024, sizeof (srp_params_1024)
+};
+
+const gnutls_datum_t gnutls_srp_1024_group_generator = {
+ (void *) &srp_generator, sizeof (srp_generator)
+};
+
+static const unsigned char srp_params_1536[] = {
+ 0x9D, 0xEF, 0x3C, 0xAF, 0xB9, 0x39, 0x27, 0x7A, 0xB1,
+ 0xF1, 0x2A, 0x86, 0x17, 0xA4, 0x7B, 0xBB, 0xDB, 0xA5,
+ 0x1D, 0xF4, 0x99, 0xAC, 0x4C, 0x80, 0xBE, 0xEE, 0xA9,
+ 0x61, 0x4B, 0x19, 0xCC, 0x4D, 0x5F, 0x4F, 0x5F, 0x55,
+ 0x6E, 0x27, 0xCB, 0xDE, 0x51, 0xC6, 0xA9, 0x4B, 0xE4,
+ 0x60, 0x7A, 0x29, 0x15, 0x58, 0x90, 0x3B, 0xA0, 0xD0,
+ 0xF8, 0x43, 0x80, 0xB6, 0x55, 0xBB, 0x9A, 0x22, 0xE8,
+ 0xDC, 0xDF, 0x02, 0x8A, 0x7C, 0xEC, 0x67, 0xF0, 0xD0,
+ 0x81, 0x34, 0xB1, 0xC8, 0xB9, 0x79, 0x89, 0x14, 0x9B,
+ 0x60, 0x9E, 0x0B, 0xE3, 0xBA, 0xB6, 0x3D, 0x47, 0x54,
+ 0x83, 0x81, 0xDB, 0xC5, 0xB1, 0xFC, 0x76, 0x4E, 0x3F,
+ 0x4B, 0x53, 0xDD, 0x9D, 0xA1, 0x15, 0x8B, 0xFD, 0x3E,
+ 0x2B, 0x9C, 0x8C, 0xF5, 0x6E, 0xDF, 0x01, 0x95, 0x39,
+ 0x34, 0x96, 0x27, 0xDB, 0x2F, 0xD5, 0x3D, 0x24, 0xB7,
+ 0xC4, 0x86, 0x65, 0x77, 0x2E, 0x43, 0x7D, 0x6C, 0x7F,
+ 0x8C, 0xE4, 0x42, 0x73, 0x4A, 0xF7, 0xCC, 0xB7, 0xAE,
+ 0x83, 0x7C, 0x26, 0x4A, 0xE3, 0xA9, 0xBE, 0xB8, 0x7F,
+ 0x8A, 0x2F, 0xE9, 0xB8, 0xB5, 0x29, 0x2E, 0x5A, 0x02,
+ 0x1F, 0xFF, 0x5E, 0x91, 0x47, 0x9E, 0x8C, 0xE7, 0xA2,
+ 0x8C, 0x24, 0x42, 0xC6, 0xF3, 0x15, 0x18, 0x0F, 0x93,
+ 0x49, 0x9A, 0x23, 0x4D, 0xCF, 0x76, 0xE3, 0xFE, 0xD1,
+ 0x35, 0xF9, 0xBB
+};
+
+const gnutls_datum_t gnutls_srp_1536_group_prime = {
+ (void *) srp_params_1536, sizeof (srp_params_1536)
+};
+
+const gnutls_datum_t gnutls_srp_1536_group_generator = {
+ (void *) &srp_generator, sizeof (srp_generator)
+};
+
+static const unsigned char srp_params_2048[] = {
+ 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1,
+ 0x66, 0xDE, 0x5E, 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72,
+ 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, 0xFC, 0x31, 0x92,
+ 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB,
+ 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77,
+ 0x67, 0xA1, 0x3D, 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03,
+ 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, 0xDA, 0x04, 0xFD,
+ 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0,
+ 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66,
+ 0x1A, 0x05, 0xFB, 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18,
+ 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, 0x55, 0xF9, 0x79,
+ 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A,
+ 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5,
+ 0xC3, 0x3E, 0xA7, 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14,
+ 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, 0x23, 0xFB, 0x80,
+ 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81,
+ 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B,
+ 0x9D, 0x32, 0xE6, 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45,
+ 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, 0x5E, 0xA7, 0x7A,
+ 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB,
+ 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04,
+ 0xE5, 0x7A, 0xE6, 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE,
+ 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, 0x7B, 0xC3, 0x08,
+ 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82,
+ 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94,
+ 0xB5, 0xC8, 0x03, 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE,
+ 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, 0x9B, 0x65, 0xE3,
+ 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F,
+ 0x9E, 0x4A, 0xFF, 0x73
+};
+
+const gnutls_datum_t gnutls_srp_2048_group_prime = {
+ (void *) srp_params_2048, sizeof (srp_params_2048)
+};
+
+const gnutls_datum_t gnutls_srp_2048_group_generator = {
+ (void *) &srp_generator, sizeof (srp_generator)
+};
+
+
+/* Check if G and N are parameters from the SRP draft.
+ */
+static int
+check_g_n (const opaque * g, size_t n_g, const opaque * n, size_t n_n)
+{
+
+ if (n_g != 1 || g[0] != srp_generator)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if (n_n == sizeof (srp_params_1024) &&
+ memcmp (srp_params_1024, n, n_n) == 0)
+ {
+ return 0;
+ }
+
+ if (n_n == sizeof (srp_params_1536) &&
+ memcmp (srp_params_1536, n, n_n) == 0)
+ {
+ return 0;
+ }
+
+ if (n_n == sizeof (srp_params_2048) &&
+ memcmp (srp_params_2048, n, n_n) == 0)
+ {
+ return 0;
+ }
+
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+}
+
+/* Check if N is a prime and G a generator of the
+ * group. This is check only done if N is big enough.
+ * Otherwise only the included parameters must be used.
+ */
+static int
+group_check_g_n (gnutls_session_t session, bigint_t g, bigint_t n)
+{
+ bigint_t q = NULL, two = NULL, w = NULL;
+ int ret;
+
+ if (_gnutls_mpi_get_nbits (n) < (session->internals.srp_prime_bits
+ ? session->internals.srp_prime_bits
+ : 2048))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ /* N must be of the form N=2q+1
+ * where q is also a prime.
+ */
+ if (_gnutls_prime_check (n) != 0)
+ {
+ _gnutls_mpi_log ("no prime N: ", n);
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ two = _gnutls_mpi_new (4);
+ if (two == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ q = _gnutls_mpi_alloc_like (n);
+ if (q == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* q = n-1
+ */
+ _gnutls_mpi_sub_ui (q, n, 1);
+
+ /* q = q/2, remember that q is divisible by 2 (prime - 1)
+ */
+ _gnutls_mpi_set_ui (two, 2);
+ _gnutls_mpi_div (q, q, two);
+
+ if (_gnutls_prime_check (q) != 0)
+ {
+ /* N was not on the form N=2q+1, where q = prime
+ */
+ _gnutls_mpi_log ("no prime Q: ", q);
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ /* We also check whether g is a generator,
+ */
+
+ /* check if g < q < N
+ */
+ if (_gnutls_mpi_cmp (g, q) >= 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto error;
+ }
+
+ w = _gnutls_mpi_alloc_like (q);
+ if (w == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* check if g^q mod N == N-1
+ * w = g^q mod N
+ */
+ _gnutls_mpi_powm (w, g, q, n);
+
+ /* w++
+ */
+ _gnutls_mpi_add_ui (w, w, 1);
+
+ if (_gnutls_mpi_cmp (w, n) != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ goto error;
+ }
+
+ ret = 0;
+
+error:
+ _gnutls_mpi_release (&q);
+ _gnutls_mpi_release (&two);
+ _gnutls_mpi_release (&w);
+
+ return ret;
+
+}
+
+/* receive the key exchange message ( n, g, s, B)
+ */
+int
+_gnutls_proc_srp_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ uint8_t n_s;
+ uint16_t n_g, n_n, n_b;
+ size_t _n_s, _n_g, _n_n, _n_b;
+ const uint8_t *data_n;
+ const uint8_t *data_g;
+ const uint8_t *data_s;
+ const uint8_t *data_b;
+ int i, ret;
+ opaque hd[SRP_MAX_HASH_SIZE];
+ char *username, *password;
+ ssize_t data_size = _data_size;
+ gnutls_srp_client_credentials_t cred;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ ret = _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SRP, &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_SRP_USERNAME;
+ }
+ priv = epriv.ptr;
+
+ cred = (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (priv->username == NULL)
+ {
+ username = cred->username;
+ password = cred->password;
+ }
+ else
+ {
+ username = priv->username;
+ password = priv->password;
+ }
+
+ if (username == NULL || password == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ i = 0;
+
+ /* Read N
+ */
+ DECR_LEN (data_size, 2);
+ n_n = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_n);
+ data_n = &data[i];
+ i += n_n;
+
+ /* Read G
+ */
+ DECR_LEN (data_size, 2);
+ n_g = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_g);
+ data_g = &data[i];
+ i += n_g;
+
+ /* Read salt
+ */
+ DECR_LEN (data_size, 1);
+ n_s = data[i];
+ i += 1;
+
+ DECR_LEN (data_size, n_s);
+ data_s = &data[i];
+ i += n_s;
+
+ /* Read B
+ */
+ DECR_LEN (data_size, 2);
+ n_b = _gnutls_read_uint16 (&data[i]);
+ i += 2;
+
+ DECR_LEN (data_size, n_b);
+ data_b = &data[i];
+ i += n_b;
+
+ _n_s = n_s;
+ _n_g = n_g;
+ _n_n = n_n;
+ _n_b = n_b;
+
+ if (_gnutls_mpi_scan_nz (&N, data_n, _n_n) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz (&G, data_g, _n_g) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (_gnutls_mpi_scan_nz (&B, data_b, _n_b) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+
+ /* Check if the g and n are from the SRP
+ * draft. Otherwise check if N is a prime and G
+ * a generator.
+ */
+ if ((ret = check_g_n (data_g, _n_g, data_n, _n_n)) < 0)
+ {
+ _gnutls_x509_log ("Checking the SRP group parameters.\n");
+ if ((ret = group_check_g_n (session, G, N)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ /* Checks if b % n == 0
+ */
+ if ((ret = check_b_mod_n (B, N)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ /* generate x = SHA(s | SHA(U | ":" | p))
+ * (or the equivalent using bcrypt)
+ */
+ if ((ret =
+ _gnutls_calc_srp_x (username, password, (opaque *) data_s, n_s,
+ &_n_g, hd)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (_gnutls_mpi_scan_nz (&session->key->x, hd, _n_g) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+
+ return i; /* return the processed data
+ * needed in auth_srp_rsa.
+ */
+}
+
+#endif /* ENABLE_SRP */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef AUTH_SRP_H
+#define AUTH_SRP_H
+
+#include <gnutls_auth.h>
+
+typedef struct gnutls_srp_client_credentials_st
+{
+ char *username;
+ char *password;
+ gnutls_srp_client_credentials_function *get_function;
+} srp_client_credentials_st;
+
+typedef struct gnutls_srp_server_credentials_st
+{
+ char *password_file;
+ char *password_conf_file;
+ /* callback function, instead of reading the
+ * password files.
+ */
+ gnutls_srp_server_credentials_function *pwd_callback;
+} srp_server_cred_st;
+
+/* these structures should not use allocated data */
+typedef struct srp_server_auth_info_st
+{
+ char username[MAX_USERNAME_SIZE + 1];
+} *srp_server_auth_info_t;
+
+#ifdef ENABLE_SRP
+
+int _gnutls_proc_srp_server_hello (gnutls_session_t state,
+ const opaque * data, size_t data_size);
+int _gnutls_gen_srp_server_hello (gnutls_session_t state, opaque * data,
+ size_t data_size);
+
+int _gnutls_gen_srp_server_kx (gnutls_session_t, opaque **);
+int _gnutls_gen_srp_client_kx (gnutls_session_t, opaque **);
+
+int _gnutls_proc_srp_server_kx (gnutls_session_t, opaque *, size_t);
+int _gnutls_proc_srp_client_kx (gnutls_session_t, opaque *, size_t);
+
+typedef struct srp_server_auth_info_st srp_server_auth_info_st;
+
+#endif /* ENABLE_SRP */
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions for operating in an SRP passwd file are included here */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_SRP
+
+#include "x509_b64.h"
+#include "gnutls_errors.h"
+#include <auth_srp_passwd.h>
+#include "auth_srp.h"
+#include "gnutls_auth.h"
+#include "gnutls_srp.h"
+#include "gnutls_dh.h"
+#include "debug.h"
+#include <gnutls_str.h>
+#include <gnutls_datum.h>
+#include <gnutls_num.h>
+#include <random.h>
+
+static int _randomize_pwd_entry (SRP_PWD_ENTRY * entry);
+
+/* this function parses tpasswd.conf file. Format is:
+ * string(username):base64(v):base64(salt):int(index)
+ */
+static int
+pwd_put_values (SRP_PWD_ENTRY * entry, char *str)
+{
+ char *p;
+ int len, ret;
+ opaque *verifier;
+ size_t verifier_size;
+ int indx;
+
+ p = strrchr (str, ':'); /* we have index */
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ indx = atoi (p);
+ if (indx == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ /* now go for salt */
+ p = strrchr (str, ':'); /* we have salt */
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen (p);
+
+ entry->salt.size = _gnutls_sbase64_decode (p, len, &entry->salt.data);
+
+ if (entry->salt.size <= 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ /* now go for verifier */
+ p = strrchr (str, ':'); /* we have verifier */
+ if (p == NULL)
+ {
+ _gnutls_free_datum (&entry->salt);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen (p);
+ ret = _gnutls_sbase64_decode (p, len, &verifier);
+ if (ret <= 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&entry->salt);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ verifier_size = ret;
+ entry->v.data = verifier;
+ entry->v.size = verifier_size;
+
+ /* now go for username */
+ *p = '\0';
+
+ entry->username = gnutls_strdup (str);
+ if (entry->username == NULL)
+ {
+ _gnutls_free_datum (&entry->salt);
+ _gnutls_free_datum (&entry->v);
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return indx;
+}
+
+
+/* this function parses tpasswd.conf file. Format is:
+ * int(index):base64(n):int(g)
+ */
+static int
+pwd_put_values2 (SRP_PWD_ENTRY * entry, char *str)
+{
+ char *p;
+ int len;
+ opaque *tmp;
+ int ret;
+
+ p = strrchr (str, ':'); /* we have g */
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ /* read the generator */
+ len = strlen (p);
+ if (p[len - 1] == '\n' || p[len - 1] == ' ')
+ len--;
+ ret = _gnutls_sbase64_decode (p, len, &tmp);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ entry->g.data = tmp;
+ entry->g.size = ret;
+
+ /* now go for n - modulo */
+ p = strrchr (str, ':'); /* we have n */
+ if (p == NULL)
+ {
+ _gnutls_free_datum (&entry->g);
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ *p = '\0';
+ p++;
+
+ len = strlen (p);
+ ret = _gnutls_sbase64_decode (p, len, &tmp);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&entry->g);
+ return GNUTLS_E_SRP_PWD_PARSING_ERROR;
+ }
+
+ entry->n.data = tmp;
+ entry->n.size = ret;
+
+ return 0;
+}
+
+
+/* this function opens the tpasswd.conf file and reads the g and n
+ * values. They are put in the entry.
+ */
+static int
+pwd_read_conf (const char *pconf_file, SRP_PWD_ENTRY * entry, int idx)
+{
+ FILE *fd;
+ char line[2 * 1024];
+ unsigned i, len;
+ char indexstr[10];
+
+ snprintf (indexstr, sizeof(indexstr), "%u", (unsigned int)idx);
+
+ fd = fopen (pconf_file, "r");
+ if (fd == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ len = strlen (indexstr);
+ while (fgets (line, sizeof (line), fd) != NULL)
+ {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
+ {
+ i++;
+ }
+ if (strncmp (indexstr, line, MAX (i, len)) == 0)
+ {
+ if ((idx = pwd_put_values2 (entry, line)) >= 0)
+ return 0;
+ else
+ {
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ }
+ }
+ return GNUTLS_E_SRP_PWD_ERROR;
+
+}
+
+int
+_gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
+ SRP_PWD_ENTRY ** _entry)
+{
+ gnutls_srp_server_credentials_t cred;
+ FILE *fd;
+ char line[2 * 1024];
+ unsigned i, len;
+ int ret;
+ int idx, last_idx;
+ SRP_PWD_ENTRY *entry;
+
+ *_entry = gnutls_calloc (1, sizeof (SRP_PWD_ENTRY));
+ if (*_entry == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ entry = *_entry;
+
+ cred = (gnutls_srp_server_credentials_t)
+ _gnutls_get_cred (state->key, GNUTLS_CRD_SRP, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* if the callback which sends the parameters is
+ * set, use it.
+ */
+ if (cred->pwd_callback != NULL)
+ {
+ ret = cred->pwd_callback (state, username, &entry->salt,
+ &entry->v, &entry->g, &entry->n);
+
+ if (ret == 1)
+ { /* the user does not exist */
+ if (entry->g.size != 0 && entry->n.size != 0)
+ {
+ ret = _randomize_pwd_entry (entry);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return ret;
+ }
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ ret = -1; /* error in the callback */
+ }
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ return 0;
+ }
+
+ /* The callback was not set. Proceed.
+ */
+
+ if (cred->password_file == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ /* Open the selected password file.
+ */
+ fd = fopen (cred->password_file, "r");
+ if (fd == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+
+ last_idx = 1; /* a default value */
+
+ len = strlen (username);
+ while (fgets (line, sizeof (line), fd) != NULL)
+ {
+ /* move to first ':' */
+ i = 0;
+ while ((line[i] != ':') && (line[i] != '\0') && (i < sizeof (line)))
+ {
+ i++;
+ }
+
+ if (strncmp (username, line, MAX (i, len)) == 0)
+ {
+ if ((idx = pwd_put_values (entry, line)) >= 0)
+ {
+ /* Keep the last index in memory, so we can retrieve fake parameters (g,n)
+ * when the user does not exist.
+ */
+ /* XXX: last_idx will not be read as both if block branches return. */
+ last_idx = idx;
+ if (pwd_read_conf (cred->password_conf_file, entry, idx) == 0)
+ {
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+ }
+ }
+ }
+
+ /* user was not found. Fake him. Actually read the g,n values from
+ * the last index found and randomize the entry.
+ */
+ if (pwd_read_conf (cred->password_conf_file, entry, last_idx) == 0)
+ {
+ ret = _randomize_pwd_entry (entry);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return ret;
+ }
+
+ return 0;
+ }
+
+ gnutls_assert ();
+ _gnutls_srp_entry_free (entry);
+ return GNUTLS_E_SRP_PWD_ERROR;
+
+}
+
+/* Randomizes the given password entry. It actually sets the verifier
+ * and the salt. Returns 0 on success.
+ */
+static int
+_randomize_pwd_entry (SRP_PWD_ENTRY * entry)
+{
+ unsigned char rnd;
+ int ret;
+
+ if (entry->g.size == 0 || entry->n.size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ entry->salt.size = (rnd % 10) + 9;
+
+ entry->v.data = gnutls_malloc (20);
+ entry->v.size = 20;
+ if (entry->v.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, entry->v.data, 20);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ entry->salt.data = gnutls_malloc (entry->salt.size);
+ if (entry->salt.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, entry->salt.data, entry->salt.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/* Free all the entry parameters, except if g and n are
+ * the static ones defined in extra.h
+ */
+void
+_gnutls_srp_entry_free (SRP_PWD_ENTRY * entry)
+{
+ _gnutls_free_datum (&entry->v);
+ _gnutls_free_datum (&entry->salt);
+
+ if (entry->g.data != gnutls_srp_1024_group_generator.data)
+ _gnutls_free_datum (&entry->g);
+
+ if (entry->n.data != gnutls_srp_1024_group_prime.data &&
+ entry->n.data != gnutls_srp_1536_group_prime.data &&
+ entry->n.data != gnutls_srp_2048_group_prime.data)
+ _gnutls_free_datum (&entry->n);
+
+ gnutls_free (entry->username);
+ gnutls_free (entry);
+}
+
+
+#endif /* ENABLE SRP */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifdef ENABLE_SRP
+
+typedef struct
+{
+ char *username;
+
+ gnutls_datum_t salt;
+ gnutls_datum_t v;
+ gnutls_datum_t g;
+ gnutls_datum_t n;
+} SRP_PWD_ENTRY;
+
+/* this is locally allocated. It should be freed using the provided function */
+int _gnutls_srp_pwd_read_entry (gnutls_session_t state, char *username,
+ SRP_PWD_ENTRY **);
+void _gnutls_srp_entry_free (SRP_PWD_ENTRY * entry);
+int _gnutls_sbase64_decode (uint8_t * data, size_t data_size,
+ uint8_t ** result);
+
+#endif /* ENABLE_SRP */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_SRP
+
+#include "gnutls_errors.h"
+#include "auth_srp_passwd.h"
+#include "gnutls_auth.h"
+#include "gnutls_auth.h"
+#include "gnutls_srp.h"
+#include "debug.h"
+#include "gnutls_num.h"
+#include "auth_srp.h"
+#include <gnutls_str.h>
+#include <auth_cert.h>
+#include <gnutls_datum.h>
+#include <gnutls_sig.h>
+#include <auth_srp.h>
+#include <gnutls_x509.h>
+
+static int gen_srp_cert_server_kx (gnutls_session_t, opaque **);
+static int proc_srp_cert_server_kx (gnutls_session_t, opaque *, size_t);
+
+const mod_auth_st srp_rsa_auth_struct = {
+ "SRP",
+ _gnutls_gen_cert_server_certificate,
+ NULL,
+ gen_srp_cert_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ _gnutls_proc_cert_server_certificate,
+ NULL, /* certificate */
+ proc_srp_cert_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
+};
+
+const mod_auth_st srp_dss_auth_struct = {
+ "SRP",
+ _gnutls_gen_cert_server_certificate,
+ NULL,
+ gen_srp_cert_server_kx,
+ _gnutls_gen_srp_client_kx,
+ NULL,
+ NULL,
+
+ _gnutls_proc_cert_server_certificate,
+ NULL, /* certificate */
+ proc_srp_cert_server_kx,
+ _gnutls_proc_srp_client_kx,
+ NULL,
+ NULL
+};
+
+static int
+gen_srp_cert_server_kx (gnutls_session_t session, opaque ** data)
+{
+ ssize_t ret, data_size;
+ gnutls_datum_t signature, ddata;
+ gnutls_certificate_credentials_t cred;
+ gnutls_cert *apr_cert_list;
+ gnutls_privkey_t apr_pkey;
+ int apr_cert_list_length;
+ gnutls_sign_algorithm_t sign_algo;
+
+ ret = _gnutls_gen_srp_server_kx (session, data);
+
+ if (ret < 0)
+ return ret;
+
+ data_size = ret;
+ ddata.data = *data;
+ ddata.size = data_size;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* find the appropriate certificate */
+ if ((ret =
+ _gnutls_get_selected_cert (session, &apr_cert_list,
+ &apr_cert_list_length, &apr_pkey)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if ((ret =
+ _gnutls_handshake_sign_data (session, &apr_cert_list[0],
+ apr_pkey, &ddata, &signature,
+ &sign_algo)) < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (*data);
+ return ret;
+ }
+
+ *data = gnutls_realloc_fast (*data, data_size + signature.size + 2);
+ if (*data == NULL)
+ {
+ _gnutls_free_datum (&signature);
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_write_datum16 (&(*data)[data_size], signature);
+ data_size += signature.size + 2;
+
+ _gnutls_free_datum (&signature);
+
+ return data_size;
+
+}
+
+static int
+proc_srp_cert_server_kx (gnutls_session_t session, opaque * data,
+ size_t _data_size)
+{
+ ssize_t ret;
+ int sigsize;
+ gnutls_datum_t vparams, signature;
+ ssize_t data_size;
+ cert_auth_info_t info;
+ gnutls_cert peer_cert;
+ opaque *p;
+
+ ret = _gnutls_proc_srp_server_kx (session, data, _data_size);
+ if (ret < 0)
+ return ret;
+
+ data_size = _data_size - ret;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ /* we need this in order to get peer's certificate */
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* VERIFY SIGNATURE */
+
+ vparams.size = ret; /* all the data minus the signature */
+ vparams.data = data;
+
+ p = &data[vparams.size];
+
+ DECR_LEN (data_size, 2);
+ sigsize = _gnutls_read_uint16 (p);
+
+ DECR_LEN (data_size, sigsize);
+ signature.data = &p[2];
+ signature.size = sigsize;
+
+ ret =
+ _gnutls_get_auth_info_gcert (&peer_cert,
+ session->security_parameters.cert_type,
+ info, CERT_NO_COPY);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_handshake_verify_data (session, &peer_cert, &vparams, &signature,
+ GNUTLS_SIGN_UNKNOWN);
+
+ _gnutls_gcert_deinit (&peer_cert);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+
+#endif /* ENABLE_SRP */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <auth_srp_passwd.h>
+
+#ifdef ENABLE_SRP
+
+/* this a modified base64 for srp !!!
+ * It seems that everybody makes an own base64 conversion.
+ */
+static const uint8_t b64table[] =
+ "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
+static const uint8_t asciitable[128] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0x3e, 0x3f,
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a,
+ 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c,
+ 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22,
+ 0x23, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x24, 0x25, 0x26, 0x27, 0x28,
+ 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e,
+ 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a,
+ 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff,
+ 0xff, 0xff
+};
+
+inline static int
+encode (uint8_t * result, const uint8_t * rdata, int left)
+{
+
+ int data_len;
+ int c, ret = 4;
+ uint8_t data[3];
+
+ if (left > 3)
+ data_len = 3;
+ else
+ data_len = left;
+
+ data[0] = data[1] = data[2] = 0;
+ memcpy (data, rdata, data_len);
+
+ switch (data_len)
+ {
+ case 3:
+ result[0] = b64table[((data[0] & 0xfc) >> 2)];
+ result[1] =
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ ((data[1] & 0xf0) >> 4))];
+ result[2] =
+ b64table[((((data[1] & 0x0f) << 2) & 0xff) |
+ ((data[2] & 0xc0) >> 6))];
+ result[3] = b64table[(data[2] & 0x3f) & 0xff];
+ break;
+ case 2:
+ if ((c = ((data[0] & 0xf0) >> 4)) != 0)
+ {
+ result[0] = b64table[c];
+ result[1] =
+ b64table[((((data[0] & 0x0f) << 2) & 0xff) |
+ ((data[1] & 0xc0) >> 6))];
+ result[2] = b64table[(data[1] & 0x3f) & 0xff];
+ result[3] = '\0';
+ ret -= 1;
+ }
+ else
+ {
+ if ((c = ((data[0] & 0x0f) << 2) | ((data[1] & 0xc0) >> 6)) != 0)
+ {
+ result[0] = b64table[c];
+ result[1] = b64table[data[1] & 0x3f];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ }
+ else
+ {
+ result[0] = b64table[data[0] & 0x3f];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
+ }
+ break;
+ case 1:
+ if ((c = ((data[0] & 0xc0) >> 6)) != 0)
+ {
+ result[0] = b64table[c];
+ result[1] = b64table[(data[0] & 0x3f) & 0xff];
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 2;
+ }
+ else
+ {
+ result[0] = b64table[(data[0] & 0x3f) & 0xff];
+ result[1] = '\0';
+ result[2] = '\0';
+ result[3] = '\0';
+ ret -= 3;
+ }
+ break;
+ default:
+ return -1;
+ }
+
+ return ret;
+
+}
+
+/* encodes data and puts the result into result (locally allocated)
+ * The result_size is the return value
+ */
+static int
+_gnutls_sbase64_encode (uint8_t * data, size_t data_size, uint8_t ** result)
+{
+ unsigned i, j;
+ int ret, tmp;
+ opaque tmpres[4];
+ int mod = data_size % 3;
+
+ ret = mod;
+ if (ret != 0)
+ ret = 4;
+ else
+ ret = 0;
+
+ ret += (data_size * 4) / 3;
+
+ (*result) = gnutls_calloc (1, ret + 1);
+ if ((*result) == NULL)
+ return -1;
+
+ i = j = 0;
+/* encode the bytes that are not a multiple of 3
+ */
+ if (mod > 0)
+ {
+ tmp = encode (tmpres, &data[0], mod);
+ if (tmp < 0)
+ {
+ gnutls_free ((*result));
+ return tmp;
+ }
+
+ memcpy (&(*result)[0], tmpres, tmp);
+ i = mod;
+ j = tmp;
+
+ }
+/* encode the rest
+ */
+ for (; i < data_size; i += 3, j += 4)
+ {
+ tmp = encode (tmpres, &data[i], data_size - i);
+ if (tmp < 0)
+ {
+ gnutls_free ((*result));
+ return tmp;
+ }
+ memcpy (&(*result)[j], tmpres, tmp);
+ }
+
+ return strlen (*result);
+}
+
+
+/* data must be 4 bytes
+ * result should be 3 bytes
+ */
+#define TOASCII(c) (c < 127 ? asciitable[c] : 0xff)
+inline static int
+decode (uint8_t * result, const uint8_t * data)
+{
+ uint8_t a1, a2;
+ int ret = 3;
+
+ memset (result, 0, 3);
+
+ a1 = TOASCII (data[3]);
+ a2 = TOASCII (data[2]);
+ if (a1 != 0xff)
+ result[2] = a1 & 0xff;
+ else
+ return -1;
+ if (a2 != 0xff)
+ result[2] |= ((a2 & 0x03) << 6) & 0xff;
+
+ a1 = a2;
+ a2 = TOASCII (data[1]);
+ if (a1 != 0xff)
+ result[1] = ((a1 & 0x3c) >> 2);
+ if (a2 != 0xff)
+ result[1] |= ((a2 & 0x0f) << 4);
+ else if (a1 == 0xff || result[1] == 0)
+ ret--;
+
+ a1 = a2;
+ a2 = TOASCII (data[0]);
+ if (a1 != 0xff)
+ result[0] = (((a1 & 0x30) >> 4) & 0xff);
+ if (a2 != 0xff)
+ result[0] |= ((a2 << 2) & 0xff);
+ else if (a1 == 0xff || result[0] == 0)
+ ret--;
+
+ return ret;
+}
+
+/* decodes data and puts the result into result (locally allocated)
+ * The result_size is the return value.
+ * That function does not ignore newlines tabs etc. You should remove them
+ * before calling it.
+ */
+int
+_gnutls_sbase64_decode (uint8_t * data, size_t idata_size, uint8_t ** result)
+{
+ unsigned i, j;
+ int ret, left;
+ int data_size, tmp;
+ uint8_t datrev[4];
+ uint8_t tmpres[3];
+
+ data_size = (idata_size / 4) * 4;
+ left = idata_size % 4;
+
+ ret = (data_size / 4) * 3;
+
+ if (left > 0)
+ ret += 3;
+
+ (*result) = gnutls_malloc (ret + 1);
+ if ((*result) == NULL)
+ return -1;
+
+ /* the first "block" is treated with special care */
+ tmp = 0;
+ if (left > 0)
+ {
+ memset (datrev, 0, 4);
+ memcpy (&datrev[4 - left], data, left);
+
+ tmp = decode (tmpres, datrev);
+ if (tmp < 0)
+ {
+ gnutls_free ((*result));
+ *result = NULL;
+ return tmp;
+ }
+
+ memcpy (*result, &tmpres[3 - tmp], tmp);
+ if (tmp < 3)
+ ret -= (3 - tmp);
+ }
+
+ /* rest data */
+ for (i = left, j = tmp; i < idata_size; i += 4)
+ {
+ tmp = decode (tmpres, &data[i]);
+ if (tmp < 0)
+ {
+ gnutls_free ((*result));
+ *result = NULL;
+ return tmp;
+ }
+ memcpy (&(*result)[j], tmpres, tmp);
+ if (tmp < 3)
+ ret -= (3 - tmp);
+ j += 3;
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_srp_base64_encode:
+ * @data: contain the raw data
+ * @result: the place where base64 data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will convert the given data to printable data, using
+ * the base64 encoding, as used in the libsrp. This is the encoding
+ * used in SRP password files. If the provided buffer is not long
+ * enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
+ *
+ * Warning! This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * long enough, or 0 on success.
+ **/
+int
+gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
+ size_t * result_size)
+{
+ opaque *ret;
+ int size;
+
+ size = _gnutls_sbase64_encode (data->data, data->size, &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (size_t) size)
+ {
+ gnutls_free (ret);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ memcpy (result, ret, size);
+ gnutls_free (ret);
+ *result_size = size;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_srp_base64_encode_alloc:
+ * @data: contains the raw data
+ * @result: will hold the newly allocated encoded data
+ *
+ * This function will convert the given data to printable data, using
+ * the base64 encoding. This is the encoding used in SRP password
+ * files. This function will allocate the required memory to hold
+ * the encoded data.
+ *
+ * You should use gnutls_free() to free the returned data.
+ *
+ * Warning! This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: 0 on success, or an error code.
+ **/
+int
+gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
+ gnutls_datum_t * result)
+{
+ opaque *ret;
+ int size;
+
+ size = _gnutls_sbase64_encode (data->data, data->size, &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL)
+ {
+ gnutls_free (ret);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ else
+ {
+ result->data = ret;
+ result->size = size;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_srp_base64_decode:
+ * @b64_data: contain the encoded data
+ * @result: the place where decoded data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will decode the given encoded data, using the base64
+ * encoding found in libsrp.
+ *
+ * Note that @b64_data should be null terminated.
+ *
+ * Warning! This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * long enough, or 0 on success.
+ **/
+int
+gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
+ size_t * result_size)
+{
+ opaque *ret;
+ int size;
+
+ size = _gnutls_sbase64_decode (b64_data->data, b64_data->size, &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (size_t) size)
+ {
+ gnutls_free (ret);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ memcpy (result, ret, size);
+ gnutls_free (ret);
+ *result_size = size;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_srp_base64_decode_alloc:
+ * @b64_data: contains the encoded data
+ * @result: the place where decoded data lie
+ *
+ * This function will decode the given encoded data. The decoded data
+ * will be allocated, and stored into result. It will decode using
+ * the base64 algorithm as used in libsrp.
+ *
+ * You should use gnutls_free() to free the returned data.
+ *
+ * Warning! This base64 encoding is not the "standard" encoding, so
+ * do not use it for non-SRP purposes.
+ *
+ * Returns: 0 on success, or an error code.
+ **/
+int
+gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result)
+{
+ opaque *ret;
+ int size;
+
+ size = _gnutls_sbase64_decode (b64_data->data, b64_data->size, &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL)
+ {
+ gnutls_free (ret);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ else
+ {
+ result->data = ret;
+ result->size = size;
+ }
+
+ return 0;
+}
+
+#endif /* ENABLE_SRP */
--- /dev/null
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
+
+timestamp='2011-05-11'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ELF__
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ # Reset EXIT trap before exiting to avoid spurious non-zero exit code.
+ exitcode=$?
+ trap '' 0
+ exit $exitcode ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[4567])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ case ${UNAME_MACHINE} in
+ pc98)
+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ *:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_PCS_VFP
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
+ fi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=${UNAME_MACHINE}el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=${UNAME_MACHINE}
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ tile*:Linux:*:*)
+ echo ${UNAME_MACHINE}-tilera-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NEO-?:NONSTOP_KERNEL:*:*)
+ echo neo-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
--- /dev/null
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* C99 macros are supported */
+#undef C99_MACROS
+
+/* enable anonymous authentication */
+#undef ENABLE_ANON
+
+/* enable camellia block cipher */
+#undef ENABLE_CAMELLIA
+
+/* Enable cryptodev support */
+#undef ENABLE_CRYPTODEV
+
+/* Define to 1 if translation of program messages to the user's native
+ language is requested. */
+#undef ENABLE_NLS
+
+/* use openpgp authentication */
+#undef ENABLE_OPENPGP
+
+/* enable Opaque PRF Input */
+#undef ENABLE_OPRFI
+
+/* whether to include all the PKCS/PKI stuff */
+#undef ENABLE_PKI
+
+/* enable PSK authentication */
+#undef ENABLE_PSK
+
+/* enable SessionTicket extension */
+#undef ENABLE_SESSION_TICKET
+
+/* enable SRP authentication */
+#undef ENABLE_SRP
+
+/* We allow temporarily usage of deprecated functions - until they are
+ removed. */
+#undef GNUTLS_INTERNAL_BUILD
+
+/* Additional cast to bring void* to a type castable to int. */
+#undef GNUTLS_POINTER_TO_INT_CAST
+
+/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the
+ CoreFoundation framework. */
+#undef HAVE_CFLOCALECOPYCURRENT
+
+/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in
+ the CoreFoundation framework. */
+#undef HAVE_CFPREFERENCESCOPYAPPVALUE
+
+/* Define if the GNU dcgettext() function is already present or preinstalled.
+ */
+#undef HAVE_DCGETTEXT
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */
+#undef HAVE_FSEEKO
+
+/* whether the gcrypt library is in use */
+#undef HAVE_GCRYPT
+
+/* Define to 1 if you have the `getrusage' function. */
+#undef HAVE_GETRUSAGE
+
+/* Define if the GNU gettext() function is already present or preinstalled. */
+#undef HAVE_GETTEXT
+
+/* Define if you have the iconv() function and it works. */
+#undef HAVE_ICONV
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+#undef HAVE_LIBDL
+
+/* Define if you have the gcrypt library. */
+#undef HAVE_LIBGCRYPT
+
+/* Define if you have the nettle library. */
+#undef HAVE_LIBNETTLE
+
+/* Define if you have the pakchois library. */
+#undef HAVE_LIBPAKCHOIS
+
+/* Define if you have the pthread library. */
+#undef HAVE_LIBPTHREAD
+
+/* Define if you have the tasn1 library. */
+#undef HAVE_LIBTASN1
+
+/* Define if you have the z library. */
+#undef HAVE_LIBZ
+
+/* Define to 1 if you have the <lzo1x.h> header file. */
+#undef HAVE_LZO1X_H
+
+/* Define to 1 if you have the <lzo/lzo1x.h> header file. */
+#undef HAVE_LZO_LZO1X_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#undef LT_OBJDIR
+
+/* no ssize_t type was found */
+#undef NO_SSIZE_T
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* The size of `int', as computed by sizeof. */
+#undef SIZEOF_INT
+
+/* The size of `long', as computed by sizeof. */
+#undef SIZEOF_LONG
+
+/* The size of `unsigned int', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_INT
+
+/* The size of `unsigned long int', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG_INT
+
+/* The size of `void *', as computed by sizeof. */
+#undef SIZEOF_VOID_P
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* whether to use the LZO compression */
+#undef USE_LZO
+
+/* Version number of package */
+#undef VERSION
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+# undef WORDS_BIGENDIAN
+# endif
+#endif
+
+/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
+#undef _LARGEFILE_SOURCE
+
+/* Define to 1 if on MINIX. */
+#undef _MINIX
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+ this defined. */
+#undef _POSIX_1_SOURCE
+
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+#undef _POSIX_SOURCE
+
+/* Define to 500 only on HP-UX. */
+#undef _XOPEN_SOURCE
+
+/* Enable extensions on AIX 3, Interix. */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+/* Enable GNU extensions on systems that have them. */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif
+/* Enable threading extensions on Solaris. */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# undef _POSIX_PTHREAD_SEMANTICS
+#endif
+/* Enable extensions on HP NonStop. */
+#ifndef _TANDEM_SOURCE
+# undef _TANDEM_SOURCE
+#endif
+/* Enable general extensions on Solaris. */
+#ifndef __EXTENSIONS__
+# undef __EXTENSIONS__
+#endif
+
--- /dev/null
+#! /bin/sh
+# Output a system dependent set of variables, describing how to set the
+# run time search path of shared libraries in an executable.
+#
+# Copyright 1996-2011 Free Software Foundation, Inc.
+# Taken from GNU libtool, 2001
+# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+#
+# The first argument passed to this file is the canonical host specification,
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
+# should be set by the caller.
+#
+# The set of defined variables is at the end of this script.
+
+# Known limitations:
+# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
+# than 256 bytes, otherwise the compiler driver will dump core. The only
+# known workaround is to choose shorter directory names for the build
+# directory and/or the installation directory.
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+shrext=.so
+
+host="$1"
+host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
+host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
+host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
+
+# Code taken from libtool.m4's _LT_CC_BASENAME.
+
+for cc_temp in $CC""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`
+
+# Code taken from libtool.m4's _LT_COMPILER_PIC.
+
+wl=
+if test "$GCC" = yes; then
+ wl='-Wl,'
+else
+ case "$host_os" in
+ aix*)
+ wl='-Wl,'
+ ;;
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ wl='-Wl,'
+ ;;
+ irix5* | irix6* | nonstopux*)
+ wl='-Wl,'
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ ecc*)
+ wl='-Wl,'
+ ;;
+ icc* | ifort*)
+ wl='-Wl,'
+ ;;
+ lf95*)
+ wl='-Wl,'
+ ;;
+ nagfor*)
+ wl='-Wl,-Wl,,'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*)
+ wl='-Wl,'
+ ;;
+ ccc*)
+ wl='-Wl,'
+ ;;
+ xl* | bgxl* | bgf* | mpixl*)
+ wl='-Wl,'
+ ;;
+ como)
+ wl='-lopt='
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ F* | *Sun*Fortran*)
+ wl=
+ ;;
+ *Sun\ C*)
+ wl='-Wl,'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ newsos6)
+ ;;
+ *nto* | *qnx*)
+ ;;
+ osf3* | osf4* | osf5*)
+ wl='-Wl,'
+ ;;
+ rdos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ f77* | f90* | f95* | sunf77* | sunf90* | sunf95*)
+ wl='-Qoption ld '
+ ;;
+ *)
+ wl='-Wl,'
+ ;;
+ esac
+ ;;
+ sunos4*)
+ wl='-Qoption ld '
+ ;;
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ wl='-Wl,'
+ ;;
+ sysv4*MP*)
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ wl='-Wl,'
+ ;;
+ unicos*)
+ wl='-Wl,'
+ ;;
+ uts4*)
+ ;;
+ esac
+fi
+
+# Code taken from libtool.m4's _LT_LINKER_SHLIBS.
+
+hardcode_libdir_flag_spec=
+hardcode_libdir_separator=
+hardcode_direct=no
+hardcode_minus_L=no
+
+case "$host_os" in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+esac
+
+ld_shlibs=yes
+if test "$with_gnu_ld" = yes; then
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ # Unlike libtool, we use -rpath here, not --rpath, since the documented
+ # option of GNU ld is called -rpath, not --rpath.
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ case "$host_os" in
+ aix[3-9]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ fi
+ ;;
+ amigaos*)
+ case "$host_cpu" in
+ powerpc)
+ ;;
+ m68k)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+ beos*)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ cygwin* | mingw* | pw32* | cegcc*)
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ haiku*)
+ ;;
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ netbsd*)
+ ;;
+ solaris*)
+ if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+ sunos4*)
+ hardcode_direct=yes
+ ;;
+ *)
+ if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ if test "$ld_shlibs" = no; then
+ hardcode_libdir_flag_spec=
+ fi
+else
+ case "$host_os" in
+ aix3*)
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ else
+ aix_use_runtimelinking=no
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+ fi
+ hardcode_direct=yes
+ hardcode_libdir_separator=':'
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" && \
+ strings "$collect2name" | grep resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ fi
+ # Begin _LT_AC_SYS_LIBPATH_AIX.
+ echo 'int main () { return 0; }' > conftest.c
+ ${CC} ${LDFLAGS} conftest.c -o conftest
+ aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+ if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
+}'`
+ fi
+ if test -z "$aix_libpath"; then
+ aix_libpath="/usr/lib:/lib"
+ fi
+ rm -f conftest.c conftest
+ # End _LT_AC_SYS_LIBPATH_AIX.
+ if test "$aix_use_runtimelinking" = yes; then
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ else
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ fi
+ fi
+ ;;
+ amigaos*)
+ case "$host_cpu" in
+ powerpc)
+ ;;
+ m68k)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+ bsdi[45]*)
+ ;;
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ libext=lib
+ ;;
+ darwin* | rhapsody*)
+ hardcode_direct=no
+ if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then
+ :
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ dgux*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+ freebsd2.2*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ freebsd2*)
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ ;;
+ freebsd* | dragonfly*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ hpux9*)
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ hpux10*)
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+ hpux11*)
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ ;;
+ *)
+ hardcode_direct=yes
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+ irix5* | irix6* | nonstopux*)
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ netbsd*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ ;;
+ newsos6)
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ *nto* | *qnx*)
+ ;;
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ else
+ case "$host_os" in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ osf3*)
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+ osf4* | osf5*)
+ if test "$GCC" = yes; then
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ # Both cc and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ hardcode_libdir_separator=:
+ ;;
+ solaris*)
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ sunos4*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ ;;
+ sysv4)
+ case $host_vendor in
+ sni)
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ hardcode_direct=no
+ ;;
+ motorola)
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ ;;
+ sysv4.3*)
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ ld_shlibs=yes
+ fi
+ ;;
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ ;;
+ sysv5* | sco3.2v5* | sco5v6*)
+ hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
+ hardcode_libdir_separator=':'
+ ;;
+ uts4*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ ;;
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+fi
+
+# Check dynamic linker characteristics
+# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER.
+# Unlike libtool.m4, here we don't care about _all_ names of the library, but
+# only about the one the linker finds when passed -lNAME. This is the last
+# element of library_names_spec in libtool.m4, or possibly two of them if the
+# linker has special search rules.
+library_names_spec= # the last element of library_names_spec in libtool.m4
+libname_spec='lib$name'
+case "$host_os" in
+ aix3*)
+ library_names_spec='$libname.a'
+ ;;
+ aix[4-9]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ amigaos*)
+ case "$host_cpu" in
+ powerpc*)
+ library_names_spec='$libname$shrext' ;;
+ m68k)
+ library_names_spec='$libname.a' ;;
+ esac
+ ;;
+ beos*)
+ library_names_spec='$libname$shrext'
+ ;;
+ bsdi[45]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ cygwin* | mingw* | pw32* | cegcc*)
+ shrext=.dll
+ library_names_spec='$libname.dll.a $libname.lib'
+ ;;
+ darwin* | rhapsody*)
+ shrext=.dylib
+ library_names_spec='$libname$shrext'
+ ;;
+ dgux*)
+ library_names_spec='$libname$shrext'
+ ;;
+ freebsd* | dragonfly*)
+ case "$host_os" in
+ freebsd[123]*)
+ library_names_spec='$libname$shrext$versuffix' ;;
+ *)
+ library_names_spec='$libname$shrext' ;;
+ esac
+ ;;
+ gnu*)
+ library_names_spec='$libname$shrext'
+ ;;
+ haiku*)
+ library_names_spec='$libname$shrext'
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $host_cpu in
+ ia64*)
+ shrext=.so
+ ;;
+ hppa*64*)
+ shrext=.sl
+ ;;
+ *)
+ shrext=.sl
+ ;;
+ esac
+ library_names_spec='$libname$shrext'
+ ;;
+ interix[3-9]*)
+ library_names_spec='$libname$shrext'
+ ;;
+ irix5* | irix6* | nonstopux*)
+ library_names_spec='$libname$shrext'
+ case "$host_os" in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
+ *) libsuff= shlibsuff= ;;
+ esac
+ ;;
+ esac
+ ;;
+ linux*oldld* | linux*aout* | linux*coff*)
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ library_names_spec='$libname$shrext'
+ ;;
+ knetbsd*-gnu)
+ library_names_spec='$libname$shrext'
+ ;;
+ netbsd*)
+ library_names_spec='$libname$shrext'
+ ;;
+ newsos6)
+ library_names_spec='$libname$shrext'
+ ;;
+ *nto* | *qnx*)
+ library_names_spec='$libname$shrext'
+ ;;
+ openbsd*)
+ library_names_spec='$libname$shrext$versuffix'
+ ;;
+ os2*)
+ libname_spec='$name'
+ shrext=.dll
+ library_names_spec='$libname.a'
+ ;;
+ osf3* | osf4* | osf5*)
+ library_names_spec='$libname$shrext'
+ ;;
+ rdos*)
+ ;;
+ solaris*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sunos4*)
+ library_names_spec='$libname$shrext$versuffix'
+ ;;
+ sysv4 | sysv4.3*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sysv4*MP*)
+ library_names_spec='$libname$shrext'
+ ;;
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ library_names_spec='$libname$shrext'
+ ;;
+ tpf*)
+ library_names_spec='$libname$shrext'
+ ;;
+ uts4*)
+ library_names_spec='$libname$shrext'
+ ;;
+esac
+
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
+shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
+escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
+
+LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
+
+# How to pass a linker flag through the compiler.
+wl="$escaped_wl"
+
+# Static library suffix (normally "a").
+libext="$libext"
+
+# Shared library suffix (normally "so").
+shlibext="$shlibext"
+
+# Format of library name prefix.
+libname_spec="$escaped_libname_spec"
+
+# Library names that the linker finds when passed -lNAME.
+library_names_spec="$escaped_library_names_spec"
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
+
+# Whether we need a single -rpath flag with a separated argument.
+hardcode_libdir_separator="$hardcode_libdir_separator"
+
+# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
+# resulting binary.
+hardcode_direct="$hardcode_direct"
+
+# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
+# resulting binary.
+hardcode_minus_L="$hardcode_minus_L"
+
+EOF
--- /dev/null
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
+# 2011 Free Software Foundation, Inc.
+
+timestamp='2011-03-23'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free
+Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
+ linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
+ knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray | -microblaze)
+ os=
+ basic_machine=$1
+ ;;
+ -bluegene*)
+ os=-cnk
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fido | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nds32 | nds32le | nds32be \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | open8 \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle \
+ | pyramid \
+ | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu \
+ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xc16x | xstormy16 | xtensa \
+ | z8k | z80)
+ basic_machine=$basic_machine-unknown
+ ;;
+ c54x)
+ basic_machine=tic54x-unknown
+ ;;
+ c55x)
+ basic_machine=tic55x-unknown
+ ;;
+ c6x)
+ basic_machine=tic6x-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | picochip)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ strongarm | thumb | xscale)
+ basic_machine=arm-unknown
+ ;;
+
+ xscaleeb)
+ basic_machine=armeb-unknown
+ ;;
+
+ xscaleel)
+ basic_machine=armel-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64octeon-* | mips64octeonel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nds32-* | nds32le-* | nds32be-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | open8-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
+ | pyramid-* \
+ | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
+ | tahoe-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile-* | tilegx-* \
+ | tron-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* \
+ | xstormy16-* | xtensa*-* \
+ | ymp-* \
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c54x-*)
+ basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c55x-*)
+ basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c6x-*)
+ basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16 | cr16-*)
+ basic_machine=cr16-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ neo-tandem)
+ basic_machine=neo-tandem
+ ;;
+ nse-tandem)
+ basic_machine=nse-tandem
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc | ppcbe) basic_machine=powerpc-unknown
+ ;;
+ ppc-* | ppcbe-*)
+ basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ strongarm-* | thumb-*)
+ basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ # This must be matched before tile*.
+ tilegx*)
+ basic_machine=tilegx-unknown
+ os=-linux-gnu
+ ;;
+ tile*)
+ basic_machine=tile-unknown
+ os=-linux-gnu
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ xscale-* | xscalee[bl]-*)
+ basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* | -aros* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-android* \
+ | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ tic54x-*)
+ os=-coff
+ ;;
+ tic55x-*)
+ os=-coff
+ ;;
+ tic6x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mep-*)
+ os=-elf
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -cnk*|-aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
--- /dev/null
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.67 for libgnutls 2.11.7.
+#
+# Report bugs to <bug-gnutls@gnu.org>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ # We cannot yet assume a decent shell, so we have to provide a
+ # neutralization value for shells without unset; and this also
+ # works around shells that cannot unset nonexistent variables.
+ BASH_ENV=/dev/null
+ ENV=/dev/null
+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and bug-gnutls@gnu.org
+$0: about your system, including any error possibly output
+$0: before this message. Then install a modern shell, or
+$0: manually run the script under such a shell if you do
+$0: have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
+ ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<_LT_EOF
+$*
+_LT_EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+ if test "X${echo_test_string+set}" != Xset; then
+ # find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+ { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+ then
+ break
+ fi
+ done
+ fi
+
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+ else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$ECHO" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ ECHO='print -r'
+ elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+ else
+ # Try using printf.
+ ECHO='printf %s\n'
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+ if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "$0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ ECHO=echo
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+ lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='libgnutls'
+PACKAGE_TARNAME='libgnutls'
+PACKAGE_VERSION='2.11.7'
+PACKAGE_STRING='libgnutls 2.11.7'
+PACKAGE_BUGREPORT='bug-gnutls@gnu.org'
+PACKAGE_URL=''
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+gt_needs=
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+ENABLE_CXX_FALSE
+ENABLE_CXX_TRUE
+CXXCPP
+am__fastdepCXX_FALSE
+am__fastdepCXX_TRUE
+CXXDEPMODE
+ac_ct_CXX
+CXXFLAGS
+CXX
+WARN_CFLAGS
+WSTACK_CFLAGS
+WERROR_CFLAGS
+LIBGNUTLS_CFLAGS
+LIBGNUTLS_LIBS
+LIBPTHREAD_PREFIX
+LTLIBPTHREAD
+LIBPTHREAD
+HAVE_LIBPTHREAD
+GNUTLS_REQUIRES_PRIVATE
+LIBZ_PREFIX
+LTLIBZ
+LIBZ
+HAVE_LIBZ
+DEFINE_SSIZE_T
+NUMBER_VERSION
+PATCH_VERSION
+MINOR_VERSION
+MAJOR_VERSION
+POSUB
+LTLIBINTL
+LIBINTL
+INTLLIBS
+LTLIBICONV
+LIBICONV
+INTL_MACOSX_LIBS
+XGETTEXT_EXTRA_OPTIONS
+MSGMERGE
+XGETTEXT_015
+XGETTEXT
+GMSGFMT_015
+MSGFMT_015
+GMSGFMT
+MSGFMT
+GETTEXT_MACRO_VERSION
+USE_NLS
+ENABLE_SESSION_TICKET_FALSE
+ENABLE_SESSION_TICKET_TRUE
+ENABLE_OPENPGP_FALSE
+ENABLE_OPENPGP_TRUE
+ENABLE_PKI_FALSE
+ENABLE_PKI_TRUE
+ENABLE_ANON_FALSE
+ENABLE_ANON_TRUE
+ENABLE_PSK_FALSE
+ENABLE_PSK_TRUE
+ENABLE_SRP_FALSE
+ENABLE_SRP_TRUE
+ENABLE_OPRFI_FALSE
+ENABLE_OPRFI_TRUE
+USE_LZO_FALSE
+USE_LZO_TRUE
+LZO_LIBS
+ENABLE_LOCAL_PAKCHOIS_FALSE
+ENABLE_LOCAL_PAKCHOIS_TRUE
+LIBPAKCHOIS_PREFIX
+LTLIBPAKCHOIS
+LIBPAKCHOIS
+HAVE_LIBPAKCHOIS
+ENABLE_MINITASN1_FALSE
+ENABLE_MINITASN1_TRUE
+LIBTASN1_PREFIX
+LTLIBTASN1
+LIBTASN1
+HAVE_LIBTASN1
+ENABLE_NETTLE_FALSE
+ENABLE_NETTLE_TRUE
+NETTLE_LIBS
+LIBNETTLE_PREFIX
+LTLIBNETTLE
+LIBNETTLE
+HAVE_LIBNETTLE
+LIBGCRYPT_PREFIX
+LTLIBGCRYPT
+LIBGCRYPT
+HAVE_LIBGCRYPT
+DLL_VERSION
+CXX_LT_AGE
+CXX_LT_REVISION
+CXX_LT_CURRENT
+LT_SSL_AGE
+LT_SSL_REVISION
+LT_SSL_CURRENT
+LT_AGE
+LT_REVISION
+LT_CURRENT
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+lt_ECHO
+AR
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+SED
+LIBTOOL
+EGREP
+GREP
+CPP
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+RANLIB
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+AM_BACKSLASH
+AM_DEFAULT_VERBOSITY
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_silent_rules
+enable_dependency_tracking
+enable_shared
+enable_static
+with_pic
+enable_fast_install
+with_gnu_ld
+enable_libtool_lock
+with_libgcrypt
+enable_rpath
+with_libgcrypt_prefix
+with_libnettle_prefix
+with_included_libtasn1
+with_libtasn1_prefix
+with_included_pakchois
+with_libpakchois_prefix
+with_lzo
+enable_opaque_prf_input
+enable_srp_authentication
+enable_psk_authentication
+enable_anon_authentication
+enable_camellia
+enable_extra_pki
+enable_openpgp_authentication
+enable_session_ticket
+enable_cryptodev
+enable_nls
+with_libiconv_prefix
+with_libintl_prefix
+with_zlib
+with_libz_prefix
+with_libpthread_prefix
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+CXX
+CXXFLAGS
+CCC
+CXXCPP'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used" >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures libgnutls 2.11.7 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking ...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/libgnutls]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of libgnutls 2.11.7:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --enable-silent-rules less verbose build output (undo: `make V=1')
+ --disable-silent-rules verbose build output (undo: `make V=0')
+ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors
+ --enable-shared[=PKGS] build shared libraries [default=yes]
+ --enable-static[=PKGS] build static libraries [default=yes]
+ --enable-fast-install[=PKGS]
+ optimize for fast installation [default=yes]
+ --disable-libtool-lock avoid locking (might break parallel builds)
+ --disable-rpath do not hardcode runtime library paths
+ --enable-opaque-prf-input=DD
+ enable Opaque PRF input using DD as extension type
+ --disable-srp-authentication
+ disable the SRP authentication support
+ --disable-psk-authentication
+ disable the PSK authentication support
+ --disable-anon-authentication
+ disable the anonymous authentication support
+ --disable-camellia disable Camellia cipher
+ --disable-extra-pki only enable the basic PKI stuff
+ --disable-openpgp-authentication
+ disable the OpenPGP authentication support
+ --disable-session-ticket
+ disable the SessionTicket extension support
+ --enable-cryptodev enable cryptodev support
+ --disable-nls do not use Native Language Support
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-pic try to use only PIC/non-PIC objects [default=use
+ both]
+ --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-libgcrypt use libgcrypt as crypto library
+ --with-gnu-ld assume the C compiler uses GNU ld default=no
+ --with-libgcrypt-prefix[=DIR] search for libgcrypt in DIR/include and DIR/lib
+ --without-libgcrypt-prefix don't search for libgcrypt in includedir and libdir
+ --with-libnettle-prefix[=DIR] search for libnettle in DIR/include and DIR/lib
+ --without-libnettle-prefix don't search for libnettle in includedir and libdir
+ --with-included-libtasn1
+ use the included libtasn1
+ --with-libtasn1-prefix[=DIR] search for libtasn1 in DIR/include and DIR/lib
+ --without-libtasn1-prefix don't search for libtasn1 in includedir and libdir
+ --with-included-pakchois
+ use the included pakchois
+ --with-libpakchois-prefix[=DIR] search for libpakchois in DIR/include and DIR/lib
+ --without-libpakchois-prefix don't search for libpakchois in includedir and libdir
+ --with-lzo use experimental LZO compression
+ --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib
+ --without-libiconv-prefix don't search for libiconv in includedir and libdir
+ --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib
+ --without-libintl-prefix don't search for libintl in includedir and libdir
+ --without-zlib disable zlib compression support
+ --with-libz-prefix[=DIR] search for libz in DIR/include and DIR/lib
+ --without-libz-prefix don't search for libz in includedir and libdir
+ --with-libpthread-prefix[=DIR] search for libpthread in DIR/include and DIR/lib
+ --without-libpthread-prefix don't search for libpthread in includedir and libdir
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+ CXX C++ compiler command
+ CXXFLAGS C++ compiler flags
+ CXXCPP C++ preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <bug-gnutls@gnu.org>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+libgnutls configure 2.11.7
+generated by GNU Autoconf 2.67
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval "test \"\${$3+set}\"" = set; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## --------------------------------- ##
+## Report this to bug-gnutls@gnu.org ##
+## --------------------------------- ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=no"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+ return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_type
+
+# ac_fn_cxx_try_compile LINENO
+# ----------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_compile
+
+# ac_fn_cxx_try_cpp LINENO
+# ------------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_cpp
+
+# ac_fn_cxx_try_link LINENO
+# -------------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_cxx_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_link
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by libgnutls $as_me 2.11.7, which was
+generated by GNU Autoconf 2.67. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5 ; }
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+gt_needs="$gt_needs "
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+#AC_CONFIG_AUX_DIR([build-aux])
+
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[\\\"\#\$\&\'\`$am_lf]*)
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;;
+esac
+case $srcdir in
+ *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
+ as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
+alias in your environment" "$LINENO" 5
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+ program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+ if test "${ac_cv_path_mkdir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in mkdir gmkdir; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+ case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir (GNU coreutils) '* | \
+ 'mkdir (coreutils) '* | \
+ 'mkdir (fileutils) '4.1*)
+ ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ break 3;;
+ esac
+ done
+ done
+ done
+IFS=$as_save_IFS
+
+fi
+
+ test -d ./--version && rmdir ./--version
+ if test "${ac_cv_path_mkdir+set}" = set; then
+ MKDIR_P="$ac_cv_path_mkdir -p"
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for MKDIR_P within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ MKDIR_P="$ac_install_sh -d"
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+ [\\/$]* | ?:[\\/]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ SET_MAKE=
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ am__isrc=' -I$(srcdir)'
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='libgnutls'
+ VERSION='2.11.7'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+# Check whether --enable-silent-rules was given.
+if test "${enable_silent_rules+set}" = set; then :
+ enableval=$enable_silent_rules;
+fi
+
+case $enable_silent_rules in
+yes) AM_DEFAULT_VERBOSITY=0;;
+no) AM_DEFAULT_VERBOSITY=1;;
+*) AM_DEFAULT_VERBOSITY=0;;
+esac
+AM_BACKSLASH='\'
+
+ac_config_headers="$ac_config_headers config.h"
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5 ; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5 ; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5 ; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then :
+ enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+ AMDEP_TRUE=
+ AMDEP_FALSE='#'
+else
+ AMDEP_TRUE='#'
+ AMDEP_FALSE=
+fi
+
+
+
+depcc="$CC" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+ ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default"
+if test "x$ac_cv_header_minix_config_h" = x""yes; then :
+ MINIX=yes
+else
+ MINIX=
+fi
+
+
+ if test "$MINIX" = yes; then
+
+$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h
+
+
+$as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h
+
+
+$as_echo "#define _MINIX 1" >>confdefs.h
+
+ fi
+
+ case "$host_os" in
+ hpux*)
+
+$as_echo "#define _XOPEN_SOURCE 500" >>confdefs.h
+
+ ;;
+ esac
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5
+$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; }
+if test "${ac_cv_safe_to_define___extensions__+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+# define __EXTENSIONS__ 1
+ $ac_includes_default
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_safe_to_define___extensions__=yes
+else
+ ac_cv_safe_to_define___extensions__=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5
+$as_echo "$ac_cv_safe_to_define___extensions__" >&6; }
+ test $ac_cv_safe_to_define___extensions__ = yes &&
+ $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h
+
+ $as_echo "#define _ALL_SOURCE 1" >>confdefs.h
+
+ $as_echo "#define _GNU_SOURCE 1" >>confdefs.h
+
+ $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h
+
+ $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5
+$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; }
+if test "${ac_cv_sys_largefile_source+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h> /* for off_t */
+ #include <stdio.h>
+int
+main ()
+{
+int (*fp) (FILE *, off_t, int) = fseeko;
+ return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_sys_largefile_source=no; break
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#define _LARGEFILE_SOURCE 1
+#include <sys/types.h> /* for off_t */
+ #include <stdio.h>
+int
+main ()
+{
+int (*fp) (FILE *, off_t, int) = fseeko;
+ return fseeko (stdin, 0, 0) && fp (stdin, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_sys_largefile_source=1; break
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_cv_sys_largefile_source=unknown
+ break
+done
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5
+$as_echo "$ac_cv_sys_largefile_source" >&6; }
+case $ac_cv_sys_largefile_source in #(
+ no | unknown) ;;
+ *)
+cat >>confdefs.h <<_ACEOF
+#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source
+_ACEOF
+;;
+esac
+rm -rf conftest*
+
+# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug
+# in glibc 2.1.3, but that breaks too many other things.
+# If you want fseeko and ftello with glibc, upgrade to a fixed glibc.
+if test $ac_cv_sys_largefile_source != unknown; then
+
+$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h
+
+fi
+
+
+
+ # Code from module alignof:
+ # Code from module alloca-opt:
+ # Code from module alloca-opt-tests:
+ # Code from module arg-nonnull:
+ # Code from module binary-io:
+ # Code from module binary-io-tests:
+ # Code from module byteswap:
+ # Code from module byteswap-tests:
+ # Code from module c++defs:
+ # Code from module c-ctype:
+ # Code from module c-ctype-tests:
+ # Code from module close-hook:
+ # Code from module errno:
+ # Code from module errno-tests:
+ # Code from module extensions:
+
+ # Code from module fcntl-h:
+ # Code from module fcntl-h-tests:
+ # Code from module float:
+ # Code from module fseeko:
+
+ # Code from module fseeko-tests:
+ # Code from module ftello:
+
+ # Code from module ftello-tests:
+ # Code from module func:
+ # Code from module func-tests:
+ # Code from module getpagesize:
+ # Code from module gettext:
+ # Code from module gettext-h:
+ # Code from module havelib:
+ # Code from module include_next:
+ # Code from module intprops:
+ # Code from module lib-msvc-compat:
+ # Code from module lib-symbol-versions:
+ # Code from module lseek:
+ # Code from module malloc-posix:
+ # Code from module memchr:
+ # Code from module memchr-tests:
+ # Code from module memmem-simple:
+ # Code from module minmax:
+ # Code from module multiarch:
+ # Code from module netdb:
+ # Code from module netdb-tests:
+ # Code from module read-file:
+ # Code from module read-file-tests:
+ # Code from module realloc-posix:
+ # Code from module size_max:
+ # Code from module snprintf:
+ # Code from module snprintf-tests:
+ # Code from module socketlib:
+ # Code from module sockets:
+ # Code from module sockets-tests:
+ # Code from module socklen:
+ # Code from module stdbool:
+ # Code from module stdbool-tests:
+ # Code from module stddef:
+ # Code from module stddef-tests:
+ # Code from module stdint:
+ # Code from module stdint-tests:
+ # Code from module stdio:
+ # Code from module stdio-tests:
+ # Code from module stdlib:
+ # Code from module stdlib-tests:
+ # Code from module strcase:
+ # Code from module string:
+ # Code from module string-tests:
+ # Code from module strings:
+ # Code from module strings-tests:
+ # Code from module strverscmp:
+ # Code from module strverscmp-tests:
+ # Code from module sys_socket:
+ # Code from module sys_socket-tests:
+ # Code from module sys_stat:
+ # Code from module sys_stat-tests:
+ # Code from module time:
+ # Code from module time-tests:
+ # Code from module time_r:
+ # Code from module unistd:
+ # Code from module unistd-tests:
+ # Code from module vasnprintf:
+ # Code from module vasnprintf-tests:
+ # Code from module vasprintf:
+ # Code from module vasprintf-tests:
+ # Code from module verify:
+ # Code from module verify-tests:
+ # Code from module vsnprintf:
+ # Code from module vsnprintf-tests:
+ # Code from module warn-on-use:
+ # Code from module xsize:
+
+
+#AC_LIBTOOL_WIN32_DLL
+case `pwd` in
+ *\ * | *\ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.2.6b'
+macro_revision='1.3017'
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if test "${ac_cv_path_SED+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+ for ac_i in 1 2 3 4 5 6 7; do
+ ac_script="$ac_script$as_nl$ac_script"
+ done
+ echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+ { ac_script=; unset ac_script;}
+ if test -z "$SED"; then
+ ac_path_SED_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
+# Check for GNU ac_path_SED and select it if it is found.
+ # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+ ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo '' >> "conftest.nl"
+ "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_SED_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_SED="$ac_path_SED"
+ ac_path_SED_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_SED_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_SED"; then
+ as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+ fi
+else
+ ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+ rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if test "${ac_cv_path_FGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+ then ac_cv_path_FGREP="$GREP -F"
+ else
+ if test -z "$FGREP"; then
+ ac_path_FGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in fgrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+ # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'FGREP' >> "conftest.nl"
+ "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_FGREP="$ac_path_FGREP"
+ ac_path_FGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_FGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_FGREP"; then
+ as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_FGREP=$FGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test "${lt_cv_path_NM+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ : ${lt_cv_path_NM=no}
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
+if test "$lt_cv_path_NM" != "no"; then
+ NM="$lt_cv_path_NM"
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DUMPBIN"; then
+ ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$DUMPBIN" && break
+ done
+fi
+if test -z "$DUMPBIN"; then
+ ac_ct_DUMPBIN=$DUMPBIN
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DUMPBIN"; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_DUMPBIN" && break
+done
+
+ if test "x$ac_ct_DUMPBIN" = x; then
+ DUMPBIN=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DUMPBIN=$ac_ct_DUMPBIN
+ fi
+fi
+
+
+ if test "$DUMPBIN" != ":"; then
+ NM="$DUMPBIN"
+ fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if test "${lt_cv_nm_interface+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:5613: $ac_compile\"" >&5)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:5616: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:5619: output\"" >&5)
+ cat conftest.out >&5
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+# find the maximum length of command line arguments
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8 ; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+ = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
+$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+ test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,, \
+ && eval 'test $(( 1 + 1 )) -eq 2 \
+ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+ && xsi_shell=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
+$as_echo "$xsi_shell" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
+$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
+ >/dev/null 2>&1 \
+ && lt_shell_append=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
+$as_echo "$lt_shell_append" >&6; }
+
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if test "${lt_cv_ld_reload_flag+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_reload_flag='-r'
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OBJDUMP" = x; then
+ OBJDUMP="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OBJDUMP=$ac_ct_OBJDUMP
+ fi
+else
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if test "${lt_cv_deplibs_check_method+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[3-9]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_AR="ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDEGRST]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris*)
+ symcode='[BDRT]'
+ ;;
+sco3.2v5*)
+ symcode='[DT]'
+ ;;
+sysv4.2uw2*)
+ symcode='[DT]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[ABDT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function
+ # and D for any global variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK '"\
+" {last_section=section; section=\$ 3};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+" s[1]~/^[@?]/{print s[1], s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5
+ (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then :
+ enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '#line 6824 "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if test "${lt_cv_cc_needs_belf+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_cc_needs_belf=yes
+else
+ lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+ case $host_os in
+ rhapsody* | darwin*)
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DSYMUTIL"; then
+ ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+ ac_ct_DSYMUTIL=$DSYMUTIL
+ # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DSYMUTIL"; then
+ ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_DSYMUTIL" = x; then
+ DSYMUTIL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DSYMUTIL=$ac_ct_DSYMUTIL
+ fi
+else
+ DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NMEDIT"; then
+ ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+ ac_ct_NMEDIT=$NMEDIT
+ # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_NMEDIT"; then
+ ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_NMEDIT="nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_NMEDIT" = x; then
+ NMEDIT=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ NMEDIT=$ac_ct_NMEDIT
+ fi
+else
+ NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$LIPO"; then
+ ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+ ac_ct_LIPO=$LIPO
+ # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_LIPO"; then
+ ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_LIPO="lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_LIPO" = x; then
+ LIPO=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ LIPO=$ac_ct_LIPO
+ fi
+else
+ LIPO="$ac_cv_prog_LIPO"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL"; then
+ ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+ ac_ct_OTOOL=$OTOOL
+ # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL"; then
+ ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL="otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL" = x; then
+ OTOOL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL=$ac_ct_OTOOL
+ fi
+else
+ OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL64"; then
+ ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+ ac_ct_OTOOL64=$OTOOL64
+ # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL64"; then
+ ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL64="otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL64" = x; then
+ OTOOL64=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL64=$ac_ct_OTOOL64
+ fi
+else
+ OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if test "${lt_cv_apple_cc_single_mod+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_apple_cc_single_mod=no
+ if test -z "${LT_MULTI_MODULE}"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&5
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if test "${lt_cv_ld_exported_symbols_list+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_ld_exported_symbols_list=yes
+else
+ lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ 10.[012]*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ 10.*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+ _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ if test "$DSYMUTIL" != ":"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+
+for ac_header in dlfcn.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DLFCN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+# Set options
+
+
+
+ enable_dlopen=no
+
+
+ enable_win32_dll=no
+
+
+ # Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+ enableval=$enable_shared; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+ # Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+ enableval=$enable_static; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_static=yes
+fi
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then :
+ withval=$with_pic; pic_mode="$withval"
+else
+ pic_mode=default
+fi
+
+
+test -z "$pic_mode" && pic_mode=default
+
+
+
+
+
+
+
+ # Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then :
+ enableval=$enable_fast_install; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if test "${lt_cv_objdir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LT_OBJDIR "$lt_cv_objdir/"
+_ACEOF
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/${ac_tool_prefix}file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8086: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:8090: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+
+
+
+
+
+ lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[3-9]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='--shared'
+ lt_prog_compiler_static='--static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ xl*)
+ # IBM XL C 8.0/Fortran 10.1 on PPC
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-qpic'
+ lt_prog_compiler_static='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C 5.9
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ *Sun\ F*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl=''
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ rdos*)
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5
+$as_echo "$lt_prog_compiler_pic" >&6; }
+
+
+
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8425: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:8429: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_pic_works=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_static_works=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ else
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works" = xyes; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8530: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:8534: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8585: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:8589: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+ runpath_var=
+ allow_undefined_flag=
+ always_export_symbols=no
+ archive_cmds=
+ archive_expsym_cmds=
+ compiler_needs_object=no
+ enable_shared_with_static_runtimes=no
+ export_dynamic_flag_spec=
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ hardcode_automatic=no
+ hardcode_direct=no
+ hardcode_direct_absolute=no
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld=
+ hardcode_libdir_separator=
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ inherit_rpath=no
+ link_all_deplibs=unknown
+ module_cmds=
+ module_expsym_cmds=
+ old_archive_from_new_cmds=
+ old_archive_from_expsyms_cmds=
+ thread_safe_flag_spec=
+ whole_archive_flag_spec=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ linux* | k*bsd*-gnu)
+ link_all_deplibs=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[3-9]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ tmp_diet=no
+ if test "$host_os" = linux-dietlibc; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test "$tmp_diet" = no
+ then
+ tmp_addflag=
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ whole_archive_flag_spec=
+ tmp_sharedflag='--shared' ;;
+ xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ compiler_needs_object=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ xlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ file_list_spec='${wl}-f,'
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ link_all_deplibs=no
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ export_dynamic_flag_spec='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' ${wl}-bernotok'
+ allow_undefined_flag=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec='$convenience'
+ archive_cmds_need_lc=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_from_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ darwin* | rhapsody*)
+
+
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ whole_archive_flag_spec=''
+ link_all_deplibs=yes
+ allow_undefined_flag="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+
+ else
+ ld_shlibs=no
+ fi
+
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld='+b $libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ *)
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int foo(void) {}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ inherit_rpath=yes
+ link_all_deplibs=yes
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ hardcode_direct_absolute=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_separator=:
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z defs'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='${wl}'
+ archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test "$GCC" = yes; then
+ whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ else
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag='${wl}-z,text'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag='${wl}-z,text'
+ allow_undefined_flag='${wl}-z,nodefs'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-R,$libdir'
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ export_dynamic_flag_spec='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+
+ if test x$host_vendor = xsni; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
+test "$ld_shlibs" = no && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ pic_flag=$lt_prog_compiler_pic
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+ (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ archive_cmds_need_lc=no
+ else
+ archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5
+$as_echo "$archive_cmds_need_lc" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+if test "$GCC" = yes; then
+ case $host_os in
+ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+ *) lt_awk_arg="/^libraries:/" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary.
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+ else
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+ lt_foo="";
+ lt_count=0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo="/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[lt_foo]++; }
+ if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+ sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[4-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[3-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+ shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+ test -n "$runpath_var" ||
+ test "X$hardcode_automatic" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$hardcode_direct" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
+ test "$hardcode_minus_L" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
+
+if test "$hardcode_action" = relink ||
+ test "$inherit_rpath" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+
+
+
+
+ if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_shl_load=yes
+else
+ ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
+else
+ ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_svld_dlopen=yes
+else
+ ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_dld_link=yes
+else
+ ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = x""yes; then :
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 10969 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self_static+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 11065 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ ;;
+ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+ # Report which library types will actually be built
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+
+
+ if test "X$prefix" = "XNONE"; then
+ acl_final_prefix="$ac_default_prefix"
+ else
+ acl_final_prefix="$prefix"
+ fi
+ if test "X$exec_prefix" = "XNONE"; then
+ acl_final_exec_prefix='${prefix}'
+ else
+ acl_final_exec_prefix="$exec_prefix"
+ fi
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by GCC" >&5
+$as_echo_n "checking for ld used by GCC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | [A-Za-z]:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the path of ld
+ ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${acl_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ acl_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break ;;
+ *)
+ test "$with_gnu_ld" != yes && break ;;
+ esac
+ fi
+ done
+ IFS="$ac_save_ifs"
+else
+ acl_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$acl_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${acl_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ acl_cv_prog_gnu_ld=yes ;;
+*)
+ acl_cv_prog_gnu_ld=no ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_prog_gnu_ld" >&5
+$as_echo "$acl_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$acl_cv_prog_gnu_ld
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5
+$as_echo_n "checking for shared library run path origin... " >&6; }
+if test "${acl_cv_rpath+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
+ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
+ . ./conftest.sh
+ rm -f ./conftest.sh
+ acl_cv_rpath=done
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5
+$as_echo "$acl_cv_rpath" >&6; }
+ wl="$acl_cv_wl"
+ acl_libext="$acl_cv_libext"
+ acl_shlibext="$acl_cv_shlibext"
+ acl_libname_spec="$acl_cv_libname_spec"
+ acl_library_names_spec="$acl_cv_library_names_spec"
+ acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
+ acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
+ acl_hardcode_direct="$acl_cv_hardcode_direct"
+ acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
+ # Check whether --enable-rpath was given.
+if test "${enable_rpath+set}" = set; then :
+ enableval=$enable_rpath; :
+else
+ enable_rpath=yes
+fi
+
+
+
+ acl_libdirstem=lib
+ searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
+ if test -n "$searchpath"; then
+ acl_save_IFS="${IFS= }"; IFS=":"
+ for searchdir in $searchpath; do
+ if test -d "$searchdir"; then
+ case "$searchdir" in
+ */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
+ *) searchdir=`cd "$searchdir" && pwd`
+ case "$searchdir" in
+ */lib64 ) acl_libdirstem=lib64 ;;
+ esac ;;
+ esac
+ fi
+ done
+ IFS="$acl_save_IFS"
+ fi
+
+
+ # Library code modified: REVISION++
+ # Interfaces changed/added/removed: CURRENT++ REVISION=0
+ # Interfaces added: AGE++
+ # Interfaces removed: AGE=0
+ LT_CURRENT=44
+
+ LT_REVISION=7
+
+ LT_AGE=18
+
+
+ LT_SSL_CURRENT=27
+
+ LT_SSL_REVISION=0
+
+ LT_SSL_AGE=0
+
+
+ CXX_LT_CURRENT=27
+
+ CXX_LT_REVISION=0
+
+ CXX_LT_AGE=0
+
+
+ # Used when creating the Windows libgnutls-XX.def files.
+ DLL_VERSION=`expr ${LT_CURRENT} - ${LT_AGE}`
+
+
+ cryptolib="nettle"
+
+
+# Check whether --with-libgcrypt was given.
+if test "${with_libgcrypt+set}" = set; then :
+ withval=$with_libgcrypt; libgcrypt=$withval
+else
+ libgcrypt=no
+fi
+
+ if test "$libgcrypt" = "yes"; then
+ cryptolib=libgcrypt
+
+$as_echo "#define HAVE_GCRYPT 1" >>confdefs.h
+
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libgcrypt-prefix was given.
+if test "${with_libgcrypt_prefix+set}" = set; then :
+ withval=$with_libgcrypt_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBGCRYPT=
+ LTLIBGCRYPT=
+ INCGCRYPT=
+ LIBGCRYPT_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='gcrypt gpg-error'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_so"
+ else
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$found_a"
+ else
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBGCRYPT_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCGCRYPT="${INCGCRYPT}${INCGCRYPT:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBGCRYPT; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$dep"
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }-l$name"
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBGCRYPT="${LIBGCRYPT}${LIBGCRYPT:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBGCRYPT="${LTLIBGCRYPT}${LTLIBGCRYPT:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCGCRYPT; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libgcrypt" >&5
+$as_echo_n "checking for libgcrypt... " >&6; }
+if test "${ac_cv_libgcrypt+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBGCRYPT"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <gcrypt.h>
+int
+main ()
+{
+enum gcry_cipher_algos i = GCRY_CIPHER_CAMELLIA128
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libgcrypt=yes
+else
+ ac_cv_libgcrypt=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libgcrypt" >&5
+$as_echo "$ac_cv_libgcrypt" >&6; }
+ if test "$ac_cv_libgcrypt" = yes; then
+ HAVE_LIBGCRYPT=yes
+
+$as_echo "#define HAVE_LIBGCRYPT 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libgcrypt" >&5
+$as_echo_n "checking how to link with libgcrypt... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBGCRYPT" >&5
+$as_echo "$LIBGCRYPT" >&6; }
+ else
+ HAVE_LIBGCRYPT=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBGCRYPT=
+ LTLIBGCRYPT=
+ LIBGCRYPT_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_libgcrypt" != yes; then
+ as_fn_error $? "
+***
+*** Libgcrypt v1.4.0 or later was not found. You may want to get it from
+*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+***
+ " "$LINENO" 5
+ fi
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use nettle" >&5
+$as_echo_n "checking whether to use nettle... " >&6; }
+if test "$cryptolib" = "nettle";then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libnettle-prefix was given.
+if test "${with_libnettle_prefix+set}" = set; then :
+ withval=$with_libnettle_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBNETTLE=
+ LTLIBNETTLE=
+ INCNETTLE=
+ LIBNETTLE_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='nettle '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_so"
+ else
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$found_a"
+ else
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBNETTLE_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCNETTLE="${INCNETTLE}${INCNETTLE:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBNETTLE; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$dep"
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }-l$name"
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBNETTLE="${LIBNETTLE}${LIBNETTLE:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBNETTLE="${LTLIBNETTLE}${LTLIBNETTLE:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCNETTLE; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libnettle" >&5
+$as_echo_n "checking for libnettle... " >&6; }
+if test "${ac_cv_libnettle+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBNETTLE"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <nettle/aes.h>
+int
+main ()
+{
+nettle_aes_invert_key (0, 0)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libnettle=yes
+else
+ ac_cv_libnettle=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libnettle" >&5
+$as_echo "$ac_cv_libnettle" >&6; }
+ if test "$ac_cv_libnettle" = yes; then
+ HAVE_LIBNETTLE=yes
+
+$as_echo "#define HAVE_LIBNETTLE 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libnettle" >&5
+$as_echo_n "checking how to link with libnettle... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBNETTLE" >&5
+$as_echo "$LIBNETTLE" >&6; }
+ else
+ HAVE_LIBNETTLE=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBNETTLE=
+ LTLIBNETTLE=
+ LIBNETTLE_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_libnettle" != yes; then
+ as_fn_error $? "
+ ***
+ *** Libnettle 2.1 was not found.
+ " "$LINENO" 5
+ fi
+ NETTLE_LIBS="-lgmp -lpthread -lhogweed"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "$cryptolib" = "nettle"; then
+ ENABLE_NETTLE_TRUE=
+ ENABLE_NETTLE_FALSE='#'
+else
+ ENABLE_NETTLE_TRUE='#'
+ ENABLE_NETTLE_FALSE=
+fi
+
+
+
+# Check whether --with-included-libtasn1 was given.
+if test "${with_included_libtasn1+set}" = set; then :
+ withval=$with_included_libtasn1; included_libtasn1=$withval
+else
+ included_libtasn1=no
+fi
+
+ if test "$included_libtasn1" = "no"; then
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libtasn1-prefix was given.
+if test "${with_libtasn1_prefix+set}" = set; then :
+ withval=$with_libtasn1_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBTASN1=
+ LTLIBTASN1=
+ INCTASN1=
+ LIBTASN1_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='tasn1 '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_so"
+ else
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$found_a"
+ else
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBTASN1_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCTASN1="${INCTASN1}${INCTASN1:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBTASN1; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$dep"
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }-l$name"
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBTASN1="${LIBTASN1}${LIBTASN1:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBTASN1="${LTLIBTASN1}${LTLIBTASN1:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCTASN1; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libtasn1" >&5
+$as_echo_n "checking for libtasn1... " >&6; }
+if test "${ac_cv_libtasn1+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBTASN1"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libtasn1.h>
+int
+main ()
+{
+asn1_check_version (NULL)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libtasn1=yes
+else
+ ac_cv_libtasn1=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libtasn1" >&5
+$as_echo "$ac_cv_libtasn1" >&6; }
+ if test "$ac_cv_libtasn1" = yes; then
+ HAVE_LIBTASN1=yes
+
+$as_echo "#define HAVE_LIBTASN1 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libtasn1" >&5
+$as_echo_n "checking how to link with libtasn1... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBTASN1" >&5
+$as_echo "$LIBTASN1" >&6; }
+ else
+ HAVE_LIBTASN1=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBTASN1=
+ LTLIBTASN1=
+ LIBTASN1_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_libtasn1" != yes; then
+ included_libtasn1=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+ ***
+ *** Libtasn1 was not found. Will use the included one.
+ " >&5
+$as_echo "$as_me: WARNING:
+ ***
+ *** Libtasn1 was not found. Will use the included one.
+ " >&2;}
+ fi
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the included minitasn1" >&5
+$as_echo_n "checking whether to use the included minitasn1... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $included_libtasn1" >&5
+$as_echo "$included_libtasn1" >&6; }
+ if test "$included_libtasn1" = "yes"; then
+ ENABLE_MINITASN1_TRUE=
+ ENABLE_MINITASN1_FALSE='#'
+else
+ ENABLE_MINITASN1_TRUE='#'
+ ENABLE_MINITASN1_FALSE=
+fi
+
+
+ if test "$included_libtasn1" = "no"; then
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libtasn1"
+ fi
+
+
+# Check whether --with-included-pakchois was given.
+if test "${with_included_pakchois+set}" = set; then :
+ withval=$with_included_pakchois; included_pakchois=$withval
+else
+ included_pakchois=no
+fi
+
+ if test "$included_pakchois" = "no"; then
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libpakchois-prefix was given.
+if test "${with_libpakchois_prefix+set}" = set; then :
+ withval=$with_libpakchois_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBPAKCHOIS=
+ LTLIBPAKCHOIS=
+ INCPAKCHOIS=
+ LIBPAKCHOIS_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='pakchois '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_so"
+ else
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$found_a"
+ else
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBPAKCHOIS_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCPAKCHOIS="${INCPAKCHOIS}${INCPAKCHOIS:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBPAKCHOIS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$dep"
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }-l$name"
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBPAKCHOIS="${LIBPAKCHOIS}${LIBPAKCHOIS:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBPAKCHOIS="${LTLIBPAKCHOIS}${LTLIBPAKCHOIS:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCPAKCHOIS; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libpakchois" >&5
+$as_echo_n "checking for libpakchois... " >&6; }
+if test "${ac_cv_libpakchois+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBPAKCHOIS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <pakchois/pakchois.h>
+int
+main ()
+{
+pakchois_module_load(0,0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libpakchois=yes
+else
+ ac_cv_libpakchois=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libpakchois" >&5
+$as_echo "$ac_cv_libpakchois" >&6; }
+ if test "$ac_cv_libpakchois" = yes; then
+ HAVE_LIBPAKCHOIS=yes
+
+$as_echo "#define HAVE_LIBPAKCHOIS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libpakchois" >&5
+$as_echo_n "checking how to link with libpakchois... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBPAKCHOIS" >&5
+$as_echo "$LIBPAKCHOIS" >&6; }
+ else
+ HAVE_LIBPAKCHOIS=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBPAKCHOIS=
+ LTLIBPAKCHOIS=
+ LIBPAKCHOIS_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_pakchois" != yes; then
+ included_pakchois=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+ ***
+ *** Pakchois was not found. Will use the included one.
+ " >&5
+$as_echo "$as_me: WARNING:
+ ***
+ *** Pakchois was not found. Will use the included one.
+ " >&2;}
+ fi
+ fi
+ #not other option for now. The released pakchois cannot open an arbitrary PKCS11 module,
+ #and the author is reluctant to add such feature.
+ included_pakchois=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the included pakchois" >&5
+$as_echo_n "checking whether to use the included pakchois... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $included_pakchois" >&5
+$as_echo "$included_pakchois" >&6; }
+ if test "$included_pakchois" = "yes"; then
+ ENABLE_LOCAL_PAKCHOIS_TRUE=
+ ENABLE_LOCAL_PAKCHOIS_FALSE='#'
+else
+ ENABLE_LOCAL_PAKCHOIS_TRUE='#'
+ ENABLE_LOCAL_PAKCHOIS_FALSE=
+fi
+
+ if test "$included_pakchois" = "yes";then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_mutex_lock in -lpthread" >&5
+$as_echo_n "checking for pthread_mutex_lock in -lpthread... " >&6; }
+if test "${ac_cv_lib_pthread_pthread_mutex_lock+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lpthread $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char pthread_mutex_lock ();
+int
+main ()
+{
+return pthread_mutex_lock ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_pthread_pthread_mutex_lock=yes
+else
+ ac_cv_lib_pthread_pthread_mutex_lock=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_mutex_lock" >&5
+$as_echo "$ac_cv_lib_pthread_pthread_mutex_lock" >&6; }
+if test "x$ac_cv_lib_pthread_pthread_mutex_lock" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBPTHREAD 1
+_ACEOF
+
+ LIBS="-lpthread $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: could not find pthread_mutex_lock" >&5
+$as_echo "$as_me: WARNING: could not find pthread_mutex_lock" >&2;}
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LIBDL 1
+_ACEOF
+
+ LIBS="-ldl $LIBS"
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: could not find dlopen" >&5
+$as_echo "$as_me: WARNING: could not find dlopen" >&2;}
+fi
+
+
+ fi
+
+
+# Check whether --with-lzo was given.
+if test "${with_lzo+set}" = set; then :
+ withval=$with_lzo; use_lzo=$withval
+else
+ use_lzo=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include LZO compression support" >&5
+$as_echo_n "checking whether to include LZO compression support... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_lzo" >&5
+$as_echo "$use_lzo" >&6; }
+ LZO_LIBS=
+ if test "$use_lzo" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_1_compress in -llzo2" >&5
+$as_echo_n "checking for lzo1x_1_compress in -llzo2... " >&6; }
+if test "${ac_cv_lib_lzo2_lzo1x_1_compress+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-llzo2 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char lzo1x_1_compress ();
+int
+main ()
+{
+return lzo1x_1_compress ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_lzo2_lzo1x_1_compress=yes
+else
+ ac_cv_lib_lzo2_lzo1x_1_compress=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo2_lzo1x_1_compress" >&5
+$as_echo "$ac_cv_lib_lzo2_lzo1x_1_compress" >&6; }
+if test "x$ac_cv_lib_lzo2_lzo1x_1_compress" = x""yes; then :
+ LZO_LIBS=-llzo2
+fi
+
+ if test "$LZO_LIBS" = ""; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lzo1x_1_compress in -llzo" >&5
+$as_echo_n "checking for lzo1x_1_compress in -llzo... " >&6; }
+if test "${ac_cv_lib_lzo_lzo1x_1_compress+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-llzo $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char lzo1x_1_compress ();
+int
+main ()
+{
+return lzo1x_1_compress ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_lzo_lzo1x_1_compress=yes
+else
+ ac_cv_lib_lzo_lzo1x_1_compress=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_lzo_lzo1x_1_compress" >&5
+$as_echo "$ac_cv_lib_lzo_lzo1x_1_compress" >&6; }
+if test "x$ac_cv_lib_lzo_lzo1x_1_compress" = x""yes; then :
+ LZO_LIBS=-llzo
+else
+
+ use_lzo=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ***
+ *** Could not find liblzo or liblzo2. Disabling LZO compression.
+ " >&5
+$as_echo "$as_me: WARNING: ***
+ *** Could not find liblzo or liblzo2. Disabling LZO compression.
+ " >&2;}
+
+fi
+
+ fi
+ fi
+
+ if test "$use_lzo" = "yes"; then
+
+$as_echo "#define USE_LZO 1" >>confdefs.h
+
+ if test "$LZO_LIBS" = "-llzo"; then
+ for ac_header in lzo1x.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "lzo1x.h" "ac_cv_header_lzo1x_h" "$ac_includes_default"
+if test "x$ac_cv_header_lzo1x_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LZO1X_H 1
+_ACEOF
+
+fi
+
+done
+
+ elif test "$LZO_LIBS" = "-llzo2"; then
+ for ac_header in lzo/lzo1x.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "lzo/lzo1x.h" "ac_cv_header_lzo_lzo1x_h" "$ac_includes_default"
+if test "x$ac_cv_header_lzo_lzo1x_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_LZO_LZO1X_H 1
+_ACEOF
+
+fi
+
+done
+
+ fi
+ fi
+ if test "$use_lzo" = "yes"; then
+ USE_LZO_TRUE=
+ USE_LZO_FALSE='#'
+else
+ USE_LZO_TRUE='#'
+ USE_LZO_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C99 macros are supported" >&5
+$as_echo_n "checking whether C99 macros are supported... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ #define test_mac(...)
+ int z,y,x;
+ test_mac(x,y,z);
+ return 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+
+$as_echo "#define C99_MACROS 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+else
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: C99 macros not supported. This may affect compiling." >&5
+$as_echo "$as_me: WARNING: C99 macros not supported. This may affect compiling." >&2;}
+
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Opaque PRF input support" >&5
+$as_echo_n "checking whether to enable Opaque PRF input support... " >&6; }
+ # Check whether --enable-opaque-prf-input was given.
+if test "${enable_opaque_prf_input+set}" = set; then :
+ enableval=$enable_opaque_prf_input; ac_opaque_prf_input=$enableval
+else
+ ac_opaque_prf_input=no
+fi
+
+ if test "$ac_opaque_prf_input" != "no"; then
+ if ! echo $ac_opaque_prf_input | egrep -q '^[0-9]+$'; then
+ ac_opaque_prf_input=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING:
+ *** Could not parse Opaque PRF Input extension type.
+ *** Use --enable-opaque-prf-input=XX where XX is decimal, for example
+ *** to use extension value 42 use --enable-opqaue-prf-input=42" >&5
+$as_echo "$as_me: WARNING:
+ *** Could not parse Opaque PRF Input extension type.
+ *** Use --enable-opaque-prf-input=XX where XX is decimal, for example
+ *** to use extension value 42 use --enable-opqaue-prf-input=42" >&2;}
+ fi
+ fi
+ if test "$ac_opaque_prf_input" != "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (extension value $ac_opaque_prf_input)" >&5
+$as_echo "yes (extension value $ac_opaque_prf_input)" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define ENABLE_OPRFI $ac_opaque_prf_input
+_ACEOF
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ if test "$ac_opaque_prf_input" != "no"; then
+ ENABLE_OPRFI_TRUE=
+ ENABLE_OPRFI_FALSE='#'
+else
+ ENABLE_OPRFI_TRUE='#'
+ ENABLE_OPRFI_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable SRP authentication support" >&5
+$as_echo_n "checking whether to disable SRP authentication support... " >&6; }
+ # Check whether --enable-srp-authentication was given.
+if test "${enable_srp_authentication+set}" = set; then :
+ enableval=$enable_srp_authentication; ac_enable_srp=no
+fi
+
+ if test x$ac_enable_srp != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_SRP 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_srp" != "no"; then
+ ENABLE_SRP_TRUE=
+ ENABLE_SRP_FALSE='#'
+else
+ ENABLE_SRP_TRUE='#'
+ ENABLE_SRP_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable PSK authentication support" >&5
+$as_echo_n "checking whether to disable PSK authentication support... " >&6; }
+ # Check whether --enable-psk-authentication was given.
+if test "${enable_psk_authentication+set}" = set; then :
+ enableval=$enable_psk_authentication; ac_enable_psk=no
+fi
+
+ if test x$ac_enable_psk != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_PSK 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_psk" != "no"; then
+ ENABLE_PSK_TRUE=
+ ENABLE_PSK_FALSE='#'
+else
+ ENABLE_PSK_TRUE='#'
+ ENABLE_PSK_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable anonymous authentication support" >&5
+$as_echo_n "checking whether to disable anonymous authentication support... " >&6; }
+ # Check whether --enable-anon-authentication was given.
+if test "${enable_anon_authentication+set}" = set; then :
+ enableval=$enable_anon_authentication; ac_enable_anon=no
+fi
+
+ if test x$ac_enable_anon != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_ANON 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_anon" != "no"; then
+ ENABLE_ANON_TRUE=
+ ENABLE_ANON_FALSE='#'
+else
+ ENABLE_ANON_TRUE='#'
+ ENABLE_ANON_FALSE=
+fi
+
+
+ # Allow disabling Camellia
+ if test "$nettle" != "yes";then
+ # Check whether --enable-camellia was given.
+if test "${enable_camellia+set}" = set; then :
+ enableval=$enable_camellia; enable_camellia=$enableval
+else
+ enable_camellia=yes
+fi
+
+ else
+ enable_camellia=no
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable Camellia cipher" >&5
+$as_echo_n "checking whether to disable Camellia cipher... " >&6; }
+ if test "$enable_camellia" != "no"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_CAMELLIA 1" >>confdefs.h
+
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable extra PKI stuff" >&5
+$as_echo_n "checking whether to disable extra PKI stuff... " >&6; }
+ # Check whether --enable-extra-pki was given.
+if test "${enable_extra_pki+set}" = set; then :
+ enableval=$enable_extra_pki; enable_pki=$enableval
+else
+ enable_pki=yes
+fi
+
+ if test "$enable_pki" != "yes"; then
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_PKI 1" >>confdefs.h
+
+ fi
+ if test "$enable_pki" = "yes"; then
+ ENABLE_PKI_TRUE=
+ ENABLE_PKI_FALSE='#'
+else
+ ENABLE_PKI_TRUE='#'
+ ENABLE_PKI_FALSE=
+fi
+
+
+ ac_enable_openpgp=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable OpenPGP Certificate authentication support" >&5
+$as_echo_n "checking whether to disable OpenPGP Certificate authentication support... " >&6; }
+ # Check whether --enable-openpgp-authentication was given.
+if test "${enable_openpgp_authentication+set}" = set; then :
+ enableval=$enable_openpgp_authentication; ac_enable_openpgp=no
+fi
+
+ if test x$ac_enable_openpgp = xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ ac_full=0
+ else
+
+$as_echo "#define ENABLE_OPENPGP 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ if test "$ac_enable_openpgp" = "yes"; then
+ ENABLE_OPENPGP_TRUE=
+ ENABLE_OPENPGP_FALSE='#'
+else
+ ENABLE_OPENPGP_TRUE='#'
+ ENABLE_OPENPGP_FALSE=
+fi
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable SessionTicket extension support" >&5
+$as_echo_n "checking whether to disable SessionTicket extension support... " >&6; }
+ # Check whether --enable-session-ticket was given.
+if test "${enable_session_ticket+set}" = set; then :
+ enableval=$enable_session_ticket; ac_session_ticket=no
+fi
+
+ if test x$ac_session_ticket != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define ENABLE_SESSION_TICKET 1" >>confdefs.h
+
+ else
+ ac_full=0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ fi
+ if test "$ac_enable_session_ticket" != "no"; then
+ ENABLE_SESSION_TICKET_TRUE=
+ ENABLE_SESSION_TICKET_FALSE='#'
+else
+ ENABLE_SESSION_TICKET_TRUE='#'
+ ENABLE_SESSION_TICKET_FALSE=
+fi
+
+
+ # For cryptodev
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to add cryptodev support" >&5
+$as_echo_n "checking whether to add cryptodev support... " >&6; }
+ # Check whether --enable-cryptodev was given.
+if test "${enable_cryptodev+set}" = set; then :
+ enableval=$enable_cryptodev; enable_cryptodev=yes
+else
+ enable_cryptodev=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_cryptodev" >&5
+$as_echo "$enable_cryptodev" >&6; }
+
+ if test "$enable_cryptodev" = "yes"; then
+
+$as_echo "#define ENABLE_CRYPTODEV 1" >>confdefs.h
+
+ fi
+
+ # For storing integers in pointers without warnings
+ # http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void *" >&5
+$as_echo_n "checking size of void *... " >&6; }
+if test "${ac_cv_sizeof_void_p+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void *))" "ac_cv_sizeof_void_p" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_void_p" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (void *)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_void_p=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_void_p" >&5
+$as_echo "$ac_cv_sizeof_void_p" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_VOID_P $ac_cv_sizeof_void_p
+_ACEOF
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5
+$as_echo_n "checking size of long... " >&6; }
+if test "${ac_cv_sizeof_long+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_long" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (long)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_long=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5
+$as_echo "$ac_cv_sizeof_long" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_LONG $ac_cv_sizeof_long
+_ACEOF
+
+
+ # The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5
+$as_echo_n "checking size of int... " >&6; }
+if test "${ac_cv_sizeof_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (int)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5
+$as_echo "$ac_cv_sizeof_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_INT $ac_cv_sizeof_int
+_ACEOF
+
+
+ case $ac_cv_sizeof_void_p in
+ $ac_cv_sizeof_long)
+
+$as_echo "#define GNUTLS_POINTER_TO_INT_CAST (long)" >>confdefs.h
+
+ ;;
+ *)
+ $as_echo "#define GNUTLS_POINTER_TO_INT_CAST /**/" >>confdefs.h
+
+ ;;
+ esac
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5
+$as_echo_n "checking whether NLS is requested... " >&6; }
+ # Check whether --enable-nls was given.
+if test "${enable_nls+set}" = set; then :
+ enableval=$enable_nls; USE_NLS=$enableval
+else
+ USE_NLS=yes
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
+$as_echo "$USE_NLS" >&6; }
+
+
+
+
+ GETTEXT_MACRO_VERSION=0.17
+
+
+
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "msgfmt", so it can be a program name with args.
+set dummy msgfmt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_MSGFMT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case "$MSGFMT" in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&5
+ if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 &&
+ (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
+ ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+ test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":"
+ ;;
+esac
+fi
+MSGFMT="$ac_cv_path_MSGFMT"
+if test "$MSGFMT" != ":"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5
+$as_echo "$MSGFMT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ # Extract the first word of "gmsgfmt", so it can be a program name with args.
+set dummy gmsgfmt; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_GMSGFMT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GMSGFMT in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT"
+ ;;
+esac
+fi
+GMSGFMT=$ac_cv_path_GMSGFMT
+if test -n "$GMSGFMT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5
+$as_echo "$GMSGFMT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+ case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;;
+ *) MSGFMT_015=$MSGFMT ;;
+ esac
+
+ case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;;
+ *) GMSGFMT_015=$GMSGFMT ;;
+ esac
+
+
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "xgettext", so it can be a program name with args.
+set dummy xgettext; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_XGETTEXT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case "$XGETTEXT" in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&5
+ if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 &&
+ (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then
+ ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+ test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":"
+ ;;
+esac
+fi
+XGETTEXT="$ac_cv_path_XGETTEXT"
+if test "$XGETTEXT" != ":"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5
+$as_echo "$XGETTEXT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ rm -f messages.po
+
+ case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;;
+ *) XGETTEXT_015=$XGETTEXT ;;
+ esac
+
+
+
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "msgmerge", so it can be a program name with args.
+set dummy msgmerge; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_MSGMERGE+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case "$MSGMERGE" in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&5
+ if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then
+ ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+ test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":"
+ ;;
+esac
+fi
+MSGMERGE="$ac_cv_path_MSGMERGE"
+if test "$MSGMERGE" != ":"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5
+$as_echo "$MSGMERGE" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$localedir" || localedir='${datadir}/locale'
+
+
+ test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS=
+
+
+ ac_config_commands="$ac_config_commands po-directories"
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libiconv-prefix was given.
+if test "${with_libiconv_prefix+set}" = set; then :
+ withval=$with_libiconv_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBICONV=
+ LTLIBICONV=
+ INCICONV=
+ LIBICONV_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='iconv '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so"
+ else
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a"
+ else
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBICONV_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBICONV; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$dep"
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name"
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBICONV="${LIBICONV}${LIBICONV:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir"
+ done
+ fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5
+$as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; }
+if test "${gt_cv_func_CFPreferencesCopyAppValue+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <CoreFoundation/CFPreferences.h>
+int
+main ()
+{
+CFPreferencesCopyAppValue(NULL, NULL)
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gt_cv_func_CFPreferencesCopyAppValue=yes
+else
+ gt_cv_func_CFPreferencesCopyAppValue=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$gt_save_LIBS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5
+$as_echo "$gt_cv_func_CFPreferencesCopyAppValue" >&6; }
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then
+
+$as_echo "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h
+
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5
+$as_echo_n "checking for CFLocaleCopyCurrent... " >&6; }
+if test "${gt_cv_func_CFLocaleCopyCurrent+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <CoreFoundation/CFLocale.h>
+int
+main ()
+{
+CFLocaleCopyCurrent();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ gt_cv_func_CFLocaleCopyCurrent=yes
+else
+ gt_cv_func_CFLocaleCopyCurrent=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$gt_save_LIBS"
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5
+$as_echo "$gt_cv_func_CFLocaleCopyCurrent" >&6; }
+ if test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+
+$as_echo "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h
+
+ fi
+ INTL_MACOSX_LIBS=
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+ INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
+ fi
+
+
+
+
+
+
+ LIBINTL=
+ LTLIBINTL=
+ POSUB=
+
+ case " $gt_needs " in
+ *" need-formatstring-macros "*) gt_api_version=3 ;;
+ *" need-ngettext "*) gt_api_version=2 ;;
+ *) gt_api_version=1 ;;
+ esac
+ gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc"
+ gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl"
+
+ if test "$USE_NLS" = "yes"; then
+ gt_use_preinstalled_gnugettext=no
+
+
+ if test $gt_api_version -ge 3; then
+ gt_revision_test_code='
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+'
+ else
+ gt_revision_test_code=
+ fi
+ if test $gt_api_version -ge 2; then
+ gt_expression_test_code=' + * ngettext ("", "", 0)'
+ else
+ gt_expression_test_code=
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5
+$as_echo_n "checking for GNU gettext in libc... " >&6; }
+if eval "test \"\${$gt_func_gnugettext_libc+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern int *_nl_domain_bindings;
+int
+main ()
+{
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$gt_func_gnugettext_libc=yes"
+else
+ eval "$gt_func_gnugettext_libc=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$gt_func_gnugettext_libc
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
+
+
+
+
+
+ am_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCICONV; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5
+$as_echo_n "checking for iconv... " >&6; }
+if test "${am_cv_func_iconv+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ am_cv_func_iconv="no, consider installing GNU libiconv"
+ am_cv_lib_iconv=no
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <iconv.h>
+int
+main ()
+{
+iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ am_cv_func_iconv=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if test "$am_cv_func_iconv" != yes; then
+ am_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBICONV"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <iconv.h>
+int
+main ()
+{
+iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ am_cv_lib_iconv=yes
+ am_cv_func_iconv=yes
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$am_save_LIBS"
+ fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5
+$as_echo "$am_cv_func_iconv" >&6; }
+ if test "$am_cv_func_iconv" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5
+$as_echo_n "checking for working iconv... " >&6; }
+if test "${am_cv_func_iconv_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ am_save_LIBS="$LIBS"
+ if test $am_cv_lib_iconv = yes; then
+ LIBS="$LIBS $LIBICONV"
+ fi
+ if test "$cross_compiling" = yes; then :
+ case "$host_os" in
+ aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
+ *) am_cv_func_iconv_works="guessing yes" ;;
+ esac
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+#include <iconv.h>
+#include <string.h>
+int main ()
+{
+ /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
+ returns. */
+ {
+ iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
+ if (cd_utf8_to_88591 != (iconv_t)(-1))
+ {
+ static const char input[] = "\342\202\254"; /* EURO SIGN */
+ char buf[10];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if (res == 0)
+ return 1;
+ }
+ }
+#if 0 /* This bug could be worked around by the caller. */
+ /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
+ {
+ iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
+ if (cd_88591_to_utf8 != (iconv_t)(-1))
+ {
+ static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
+ char buf[50];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_88591_to_utf8,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if ((int)res > 0)
+ return 1;
+ }
+ }
+#endif
+ /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
+ provided. */
+ if (/* Try standardized names. */
+ iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
+ /* Try IRIX, OSF/1 names. */
+ && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
+ /* Try AIX names. */
+ && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
+ /* Try HP-UX names. */
+ && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
+ return 1;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ am_cv_func_iconv_works=yes
+else
+ am_cv_func_iconv_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ LIBS="$am_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5
+$as_echo "$am_cv_func_iconv_works" >&6; }
+ case "$am_cv_func_iconv_works" in
+ *no) am_func_iconv=no am_cv_lib_iconv=no ;;
+ *) am_func_iconv=yes ;;
+ esac
+ else
+ am_func_iconv=no am_cv_lib_iconv=no
+ fi
+ if test "$am_func_iconv" = yes; then
+
+$as_echo "#define HAVE_ICONV 1" >>confdefs.h
+
+ fi
+ if test "$am_cv_lib_iconv" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5
+$as_echo_n "checking how to link with libiconv... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5
+$as_echo "$LIBICONV" >&6; }
+ else
+ CPPFLAGS="$am_save_CPPFLAGS"
+ LIBICONV=
+ LTLIBICONV=
+ fi
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libintl-prefix was given.
+if test "${with_libintl_prefix+set}" = set; then :
+ withval=$with_libintl_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBINTL=
+ LTLIBINTL=
+ INCINTL=
+ LIBINTL_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='intl '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so"
+ else
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a"
+ else
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBINTL_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBINTL; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$dep"
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name"
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBINTL="${LIBINTL}${LIBINTL:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir"
+ done
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5
+$as_echo_n "checking for GNU gettext in libintl... " >&6; }
+if eval "test \"\${$gt_func_gnugettext_libintl+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ gt_save_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS $INCINTL"
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBINTL"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);
+int
+main ()
+{
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$gt_func_gnugettext_libintl=yes"
+else
+ eval "$gt_func_gnugettext_libintl=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
+ LIBS="$LIBS $LIBICONV"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);
+int
+main ()
+{
+bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ LIBINTL="$LIBINTL $LIBICONV"
+ LTLIBINTL="$LTLIBINTL $LTLIBICONV"
+ eval "$gt_func_gnugettext_libintl=yes"
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ fi
+ CPPFLAGS="$gt_save_CPPFLAGS"
+ LIBS="$gt_save_LIBS"
+fi
+eval ac_res=\$$gt_func_gnugettext_libintl
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ fi
+
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
+ || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
+ && test "$PACKAGE" != gettext-runtime \
+ && test "$PACKAGE" != gettext-tools; }; then
+ gt_use_preinstalled_gnugettext=yes
+ else
+ LIBINTL=
+ LTLIBINTL=
+ INCINTL=
+ fi
+
+
+
+ if test -n "$INTL_MACOSX_LIBS"; then
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
+ LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
+ fi
+ fi
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+
+$as_echo "#define ENABLE_NLS 1" >>confdefs.h
+
+ else
+ USE_NLS=no
+ fi
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5
+$as_echo_n "checking whether to use NLS... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5
+$as_echo "$USE_NLS" >&6; }
+ if test "$USE_NLS" = "yes"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5
+$as_echo_n "checking where the gettext function comes from... " >&6; }
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ gt_source="external libintl"
+ else
+ gt_source="libc"
+ fi
+ else
+ gt_source="included intl directory"
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5
+$as_echo "$gt_source" >&6; }
+ fi
+
+ if test "$USE_NLS" = "yes"; then
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5
+$as_echo_n "checking how to link with libintl... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5
+$as_echo "$LIBINTL" >&6; }
+
+ for element in $INCINTL; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+ fi
+
+
+$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h
+
+ fi
+
+ POSUB=po
+ fi
+
+
+
+ INTLLIBS="$LIBINTL"
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5
+$as_echo_n "checking whether byte ordering is bigendian... " >&6; }
+if test "${ac_cv_c_bigendian+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_c_bigendian=unknown
+ # See if we're dealing with a universal compiler.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifndef __APPLE_CC__
+ not a universal capable compiler
+ #endif
+ typedef int dummy;
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+ # Check for potential -arch flags. It is not universal unless
+ # there are at least two -arch flags with different values.
+ ac_arch=
+ ac_prev=
+ for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do
+ if test -n "$ac_prev"; then
+ case $ac_word in
+ i?86 | x86_64 | ppc | ppc64)
+ if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then
+ ac_arch=$ac_word
+ else
+ ac_cv_c_bigendian=universal
+ break
+ fi
+ ;;
+ esac
+ ac_prev=
+ elif test "x$ac_word" = "x-arch"; then
+ ac_prev=arch
+ fi
+ done
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if sys/param.h defines the BYTE_ORDER macro.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+
+int
+main ()
+{
+#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \
+ && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \
+ && LITTLE_ENDIAN)
+ bogus endian macros
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+ #include <sys/param.h>
+
+int
+main ()
+{
+#if BYTE_ORDER != BIG_ENDIAN
+ not big endian
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
+else
+ ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # See if <limits.h> defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris).
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+
+int
+main ()
+{
+#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN)
+ bogus endian macros
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ # It does; now see whether it defined to _BIG_ENDIAN or not.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <limits.h>
+
+int
+main ()
+{
+#ifndef _BIG_ENDIAN
+ not big endian
+ #endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_c_bigendian=yes
+else
+ ac_cv_c_bigendian=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ fi
+ if test $ac_cv_c_bigendian = unknown; then
+ # Compile a test program.
+ if test "$cross_compiling" = yes; then :
+ # Try to guess by grepping values from an object file.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+short int ascii_mm[] =
+ { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 };
+ short int ascii_ii[] =
+ { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 };
+ int use_ascii (int i) {
+ return ascii_mm[i] + ascii_ii[i];
+ }
+ short int ebcdic_ii[] =
+ { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 };
+ short int ebcdic_mm[] =
+ { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 };
+ int use_ebcdic (int i) {
+ return ebcdic_mm[i] + ebcdic_ii[i];
+ }
+ extern int foo;
+
+int
+main ()
+{
+return use_ascii (foo) == use_ebcdic (foo);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then
+ ac_cv_c_bigendian=yes
+ fi
+ if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then
+ if test "$ac_cv_c_bigendian" = unknown; then
+ ac_cv_c_bigendian=no
+ else
+ # finding both strings is unlikely to happen, but who knows?
+ ac_cv_c_bigendian=unknown
+ fi
+ fi
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$ac_includes_default
+int
+main ()
+{
+
+ /* Are we little or big endian? From Harbison&Steele. */
+ union
+ {
+ long int l;
+ char c[sizeof (long int)];
+ } u;
+ u.l = 1;
+ return u.c[sizeof (long int) - 1] == 1;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ ac_cv_c_bigendian=no
+else
+ ac_cv_c_bigendian=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5
+$as_echo "$ac_cv_c_bigendian" >&6; }
+ case $ac_cv_c_bigendian in #(
+ yes)
+ $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h
+;; #(
+ no)
+ ;; #(
+ universal)
+
+$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h
+
+ ;; #(
+ *)
+ as_fn_error $? "unknown endianness
+ presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;;
+ esac
+
+
+# For includes/gnutls/gnutls.h.in.
+MAJOR_VERSION=`echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`
+
+MINOR_VERSION=`echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`
+
+PATCH_VERSION=`echo $PACKAGE_VERSION | sed 's/.*\..*\.\(.*\)/\1/g'`
+
+NUMBER_VERSION=`printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`
+
+ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "
+ #include <sys/types.h>
+
+"
+if test "x$ac_cv_type_ssize_t" = x""yes; then :
+
+ DEFINE_SSIZE_T="#include <sys/types.h>"
+
+
+else
+
+
+$as_echo "#define NO_SSIZE_T 1" >>confdefs.h
+
+ DEFINE_SSIZE_T="typedef int ssize_t;"
+
+
+fi
+
+
+# For minitasn1.
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long int" >&5
+$as_echo_n "checking size of unsigned long int... " >&6; }
+if test "${ac_cv_sizeof_unsigned_long_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long int))" "ac_cv_sizeof_unsigned_long_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_long_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned long int)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_unsigned_long_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_int" >&5
+$as_echo "$ac_cv_sizeof_unsigned_long_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_LONG_INT $ac_cv_sizeof_unsigned_long_int
+_ACEOF
+
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5
+$as_echo_n "checking size of unsigned int... " >&6; }
+if test "${ac_cv_sizeof_unsigned_int+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_unsigned_int" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (unsigned int)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_unsigned_int=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5
+$as_echo "$ac_cv_sizeof_unsigned_int" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int
+_ACEOF
+
+
+
+
+# Check whether --with-zlib was given.
+if test "${with_zlib+set}" = set; then :
+ withval=$with_zlib; ac_zlib=$withval
+else
+ ac_zlib=yes
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to include zlib compression support" >&5
+$as_echo_n "checking whether to include zlib compression support... " >&6; }
+if test x$ac_zlib != xno; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libz-prefix was given.
+if test "${with_libz_prefix+set}" = set; then :
+ withval=$with_libz_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBZ=
+ LTLIBZ=
+ INCZ=
+ LIBZ_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='z '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBZ="${LIBZ}${LIBZ:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBZ="${LTLIBZ}${LTLIBZ:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBZ; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBZ="${LIBZ}${LIBZ:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBZ="${LIBZ}${LIBZ:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBZ="${LIBZ}${LIBZ:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBZ; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBZ="${LIBZ}${LIBZ:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBZ="${LIBZ}${LIBZ:+ }$found_so"
+ else
+ LIBZ="${LIBZ}${LIBZ:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBZ="${LIBZ}${LIBZ:+ }$found_a"
+ else
+ LIBZ="${LIBZ}${LIBZ:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBZ_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCZ; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCZ="${INCZ}${INCZ:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBZ; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBZ="${LIBZ}${LIBZ:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBZ; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBZ="${LIBZ}${LIBZ:+ }$dep"
+ LTLIBZ="${LTLIBZ}${LTLIBZ:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBZ="${LIBZ}${LIBZ:+ }-l$name"
+ LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBZ="${LIBZ}${LIBZ:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBZ="${LIBZ}${LIBZ:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBZ="${LTLIBZ}${LTLIBZ:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCZ; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libz" >&5
+$as_echo_n "checking for libz... " >&6; }
+if test "${ac_cv_libz+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBZ"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <zlib.h>
+int
+main ()
+{
+compress (0, 0, 0, 0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libz=yes
+else
+ ac_cv_libz=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libz" >&5
+$as_echo "$ac_cv_libz" >&6; }
+ if test "$ac_cv_libz" = yes; then
+ HAVE_LIBZ=yes
+
+$as_echo "#define HAVE_LIBZ 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libz" >&5
+$as_echo_n "checking how to link with libz... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBZ" >&5
+$as_echo "$LIBZ" >&6; }
+ else
+ HAVE_LIBZ=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBZ=
+ LTLIBZ=
+ LIBZ_PREFIX=
+ fi
+
+
+
+
+
+
+
+ if test "$ac_cv_libz" != yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ***
+*** ZLIB was not found. You will not be able to use ZLIB compression." >&5
+$as_echo "$as_me: WARNING: ***
+*** ZLIB was not found. You will not be able to use ZLIB compression." >&2;}
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+if test x$ac_zlib != xno; then
+ if test x$GNUTLS_REQUIRES_PRIVATE = x; then
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
+ else
+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE , zlib"
+ fi
+fi
+
+
+#lgl_INIT
+
+for ac_func in getrusage
+do :
+ ac_fn_c_check_func "$LINENO" "getrusage" "ac_cv_func_getrusage"
+if test "x$ac_cv_func_getrusage" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETRUSAGE 1
+_ACEOF
+
+fi
+done
+
+
+
+
+
+
+
+
+
+
+
+ use_additional=yes
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+
+# Check whether --with-libpthread-prefix was given.
+if test "${with_libpthread_prefix+set}" = set; then :
+ withval=$with_libpthread_prefix;
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+
+fi
+
+ LIBPTHREAD=
+ LTLIBPTHREAD=
+ INCPTHREAD=
+ LIBPTHREAD_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='pthread '
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }$value"
+ else
+ :
+ fi
+ else
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIBPTHREAD; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so"
+ else
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ if test "$acl_hardcode_direct" = yes; then
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so"
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ haveit=
+ for x in $LDFLAGS $LIBPTHREAD; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so"
+ else
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_a"
+ else
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-L$found_dir -l$name"
+ fi
+ fi
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIBPTHREAD_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INCPTHREAD; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ INCPTHREAD="${INCPTHREAD}${INCPTHREAD:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ if test -n "$found_la"; then
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIBPTHREAD; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIBPTHREAD; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$dep"
+ LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-l$name"
+ LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$flag"
+ else
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ for found_dir in $ltrpathdirs; do
+ LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-R$found_dir"
+ done
+ fi
+
+
+ ac_save_CPPFLAGS="$CPPFLAGS"
+
+ for element in $INCPTHREAD; do
+ haveit=
+ for x in $CPPFLAGS; do
+
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ eval x=\"$x\"
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element"
+ fi
+ done
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libpthread" >&5
+$as_echo_n "checking for libpthread... " >&6; }
+if test "${ac_cv_libpthread+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBPTHREAD"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <pthread.h>
+int
+main ()
+{
+pthread_mutex_lock (0);
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_libpthread=yes
+else
+ ac_cv_libpthread=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LIBS="$ac_save_LIBS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libpthread" >&5
+$as_echo "$ac_cv_libpthread" >&6; }
+ if test "$ac_cv_libpthread" = yes; then
+ HAVE_LIBPTHREAD=yes
+
+$as_echo "#define HAVE_LIBPTHREAD 1" >>confdefs.h
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libpthread" >&5
+$as_echo_n "checking how to link with libpthread... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBPTHREAD" >&5
+$as_echo "$LIBPTHREAD" >&6; }
+ else
+ HAVE_LIBPTHREAD=no
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIBPTHREAD=
+ LTLIBPTHREAD=
+ LIBPTHREAD_PREFIX=
+ fi
+
+
+
+
+
+
+
+
+LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
+LIBGNUTLS_CFLAGS="-I${includedir}"
+
+
+
+# Finish things from ../configure.ac.
+
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+ if test -n "$CCC"; then
+ CXX=$CCC
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CXX"; then
+ ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CXX" && break
+ done
+fi
+if test -z "$CXX"; then
+ ac_ct_CXX=$CXX
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CXX"; then
+ ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CXX="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CXX" && break
+done
+
+ if test "x$ac_ct_CXX" = x; then
+ CXX="g++"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CXX=$ac_ct_CXX
+ fi
+fi
+
+ fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GXX=yes
+else
+ GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if test "${ac_cv_prog_cxx_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+ ac_cxx_werror_flag=yes
+ ac_cv_prog_cxx_g=no
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+else
+ CXXFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+ CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+ if test "$GXX" = yes; then
+ CXXFLAGS="-g -O2"
+ else
+ CXXFLAGS="-g"
+ fi
+else
+ if test "$GXX" = yes; then
+ CXXFLAGS="-O2"
+ else
+ CXXFLAGS=
+ fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CXX" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CXX_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CXX_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+ am__fastdepCXX_TRUE=
+ am__fastdepCXX_FALSE='#'
+else
+ am__fastdepCXX_TRUE='#'
+ am__fastdepCXX_FALSE=
+fi
+
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+ if test -n "$CCC"; then
+ CXX=$CCC
+ else
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CXX"; then
+ ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CXX" && break
+ done
+fi
+if test -z "$CXX"; then
+ ac_ct_CXX=$CXX
+ for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CXX"; then
+ ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CXX="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CXX" && break
+done
+
+ if test "x$ac_ct_CXX" = x; then
+ CXX="g++"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CXX=$ac_ct_CXX
+ fi
+fi
+
+ fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GXX=yes
+else
+ GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if test "${ac_cv_prog_cxx_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+ ac_cxx_werror_flag=yes
+ ac_cv_prog_cxx_g=no
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+else
+ CXXFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+ CXXFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+ ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+ CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+ if test "$GXX" = yes; then
+ CXXFLAGS="-g -O2"
+ else
+ CXXFLAGS="-g"
+ fi
+else
+ if test "$GXX" = yes; then
+ CXXFLAGS="-O2"
+ else
+ CXXFLAGS=
+ fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CXX" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CXX_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CXX_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+ am__fastdepCXX_TRUE=
+ am__fastdepCXX_FALSE='#'
+else
+ am__fastdepCXX_TRUE='#'
+ am__fastdepCXX_FALSE=
+fi
+
+
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5
+$as_echo_n "checking how to run the C++ preprocessor... " >&6; }
+if test -z "$CXXCPP"; then
+ if test "${ac_cv_prog_CXXCPP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CXXCPP needs to be expanded
+ for CXXCPP in "$CXX -E" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CXXCPP=$CXXCPP
+
+fi
+ CXXCPP=$ac_cv_prog_CXXCPP
+else
+ ac_cv_prog_CXXCPP=$CXXCPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5
+$as_echo "$CXXCPP" >&6; }
+ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+_lt_caught_CXX_error=yes; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+else
+ _lt_caught_CXX_error=yes
+fi
+
+
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+archive_cmds_need_lc_CXX=no
+allow_undefined_flag_CXX=
+always_export_symbols_CXX=no
+archive_expsym_cmds_CXX=
+compiler_needs_object_CXX=no
+export_dynamic_flag_spec_CXX=
+hardcode_direct_CXX=no
+hardcode_direct_absolute_CXX=no
+hardcode_libdir_flag_spec_CXX=
+hardcode_libdir_flag_spec_ld_CXX=
+hardcode_libdir_separator_CXX=
+hardcode_minus_L_CXX=no
+hardcode_shlibpath_var_CXX=unsupported
+hardcode_automatic_CXX=no
+inherit_rpath_CXX=no
+module_cmds_CXX=
+module_expsym_cmds_CXX=
+link_all_deplibs_CXX=unknown
+old_archive_cmds_CXX=$old_archive_cmds
+no_undefined_flag_CXX=
+whole_archive_flag_spec_CXX=
+enable_shared_with_static_runtimes_CXX=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+objext_CXX=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_caught_CXX_error" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="int some_variable = 0;"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code='int main(int, char *[]) { return(0); }'
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+ # save warnings/boilerplate of simple test code
+ ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC=$CC
+ lt_save_LD=$LD
+ lt_save_GCC=$GCC
+ GCC=$GXX
+ lt_save_with_gnu_ld=$with_gnu_ld
+ lt_save_path_LD=$lt_cv_path_LD
+ if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+ else
+ $as_unset lt_cv_prog_gnu_ld
+ fi
+ if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+ else
+ $as_unset lt_cv_path_LD
+ fi
+ test -z "${LDCXX+set}" || LD=$LDCXX
+ CC=${CXX-"c++"}
+ compiler=$CC
+ compiler_CXX=$CC
+ for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+ if test -n "$compiler"; then
+ # We don't want -fno-exception when compiling C++ code, so set the
+ # no_builtin_flag separately
+ if test "$GXX" = yes; then
+ lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
+ else
+ lt_prog_compiler_no_builtin_flag_CXX=
+ fi
+
+ if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+ $GREP 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec_CXX=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+ fi
+
+ # PORTME: fill in a description of your system's C++ link characteristics
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+ ld_shlibs_CXX=yes
+ case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds_CXX=''
+ hardcode_direct_CXX=yes
+ hardcode_direct_absolute_CXX=yes
+ hardcode_libdir_separator_CXX=':'
+ link_all_deplibs_CXX=yes
+ file_list_spec_CXX='${wl}-f,'
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct_CXX=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L_CXX=yes
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ hardcode_libdir_separator_CXX=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ export_dynamic_flag_spec_CXX='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to
+ # export.
+ always_export_symbols_CXX=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag_CXX='-berok'
+ # Determine the default libpath from the value encoded in an empty
+ # executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ archive_expsym_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag_CXX="-z nodefs"
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag_CXX=' ${wl}-bernotok'
+ allow_undefined_flag_CXX=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec_CXX='$convenience'
+ archive_cmds_need_lc_CXX=yes
+ # This is similar to how AIX traditionally builds its shared
+ # libraries.
+ archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag_CXX=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec_CXX='-L$libdir'
+ allow_undefined_flag_CXX=unsupported
+ always_export_symbols_CXX=no
+ enable_shared_with_static_runtimes_CXX=yes
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+
+
+ archive_cmds_need_lc_CXX=no
+ hardcode_direct_CXX=no
+ hardcode_automatic_CXX=yes
+ hardcode_shlibpath_var_CXX=unsupported
+ whole_archive_flag_spec_CXX=''
+ link_all_deplibs_CXX=yes
+ allow_undefined_flag_CXX="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ module_expsym_cmds_CXX="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+ if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+ archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+ archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+ fi
+
+ else
+ ld_shlibs_CXX=no
+ fi
+
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ freebsd[12]*)
+ # C++ shared libraries reported to be fairly broken before
+ # switch to ELF
+ ld_shlibs_CXX=no
+ ;;
+
+ freebsd-elf*)
+ archive_cmds_need_lc_CXX=no
+ ;;
+
+ freebsd* | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ ld_shlibs_CXX=yes
+ ;;
+
+ gnu*)
+ ;;
+
+ hpux9*)
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ hardcode_direct_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ archive_cmds_CXX='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ archive_cmds_CXX='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ ;;
+ *)
+ hardcode_direct_CXX=yes
+ hardcode_direct_absolute_CXX=yes
+ hardcode_minus_L_CXX=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+
+ interix[3-9]*)
+ hardcode_direct_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+ fi
+ fi
+ link_all_deplibs_CXX=yes
+ ;;
+ esac
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+ inherit_rpath_CXX=yes
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc* | ecpc* )
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ archive_cmds_need_lc_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ case `$CC -V` in
+ *pgCC\ [1-5]* | *pgcpp\ [1-5]*)
+ prelink_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+ compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+ old_archive_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+ $RANLIB $oldlib'
+ archive_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ archive_expsym_cmds_CXX='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ *) # Version 6 will use weak symbols
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ esac
+
+ hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ xl*)
+ # IBM XL 8.0 on PPC, with GNU ld
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+ archive_cmds_CXX='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds_CXX='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ no_undefined_flag_CXX=' -zdefs'
+ archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ whole_archive_flag_spec_CXX='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ compiler_needs_object_CXX=yes
+
+ # Not sure whether something based on
+ # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+ # would be better.
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ m88k*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+
+ *nto* | *qnx*)
+ ld_shlibs_CXX=yes
+ ;;
+
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ ld_shlibs_CXX=no
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct_CXX=yes
+ hardcode_shlibpath_var_CXX=no
+ hardcode_direct_absolute_CXX=yes
+ archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ export_dynamic_flag_spec_CXX='${wl}-E'
+ whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd=echo
+ else
+ ld_shlibs_CXX=no
+ fi
+ ;;
+
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ case $host in
+ osf3*) old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;;
+ *) old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;;
+ esac
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ cxx*)
+ case $host in
+ osf3*)
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ ;;
+ *)
+ allow_undefined_flag_CXX=' -expect_unresolved \*'
+ archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+ $RM $lib.exp'
+ hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+ ;;
+ esac
+
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+ case $host in
+ osf3*)
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ esac
+
+ hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator_CXX=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ fi
+ ;;
+ esac
+ ;;
+
+ psos*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ archive_cmds_need_lc_CXX=yes
+ no_undefined_flag_CXX=' -zdefs'
+ archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ hardcode_libdir_flag_spec_CXX='-R$libdir'
+ hardcode_shlibpath_var_CXX=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract'
+ ;;
+ esac
+ link_all_deplibs_CXX=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
+ if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+ archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ fi
+
+ hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag_CXX='${wl}-z,text'
+ archive_cmds_need_lc_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag_CXX='${wl}-z,text'
+ allow_undefined_flag_CXX='${wl}-z,nodefs'
+ archive_cmds_need_lc_CXX=no
+ hardcode_shlibpath_var_CXX=no
+ hardcode_libdir_flag_spec_CXX='${wl}-R,$libdir'
+ hardcode_libdir_separator_CXX=':'
+ link_all_deplibs_CXX=yes
+ export_dynamic_flag_spec_CXX='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+ ;;
+
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+
+ *)
+ # FIXME: insert proper C++ library support
+ ld_shlibs_CXX=no
+ ;;
+ esac
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+ test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+ GCC_CXX="$GXX"
+ LD_CXX="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ # Dependencies to place before and after the object being linked:
+predep_objects_CXX=
+postdep_objects_CXX=
+predeps_CXX=
+postdeps_CXX=
+compiler_lib_search_path_CXX=
+
+cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+_LT_EOF
+
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ for p in `eval "$output_verbose_link_cmd"`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" ||
+ test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$compiler_lib_search_path_CXX"; then
+ compiler_lib_search_path_CXX="${prev}${p}"
+ else
+ compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$postdeps_CXX"; then
+ postdeps_CXX="${prev}${p}"
+ else
+ postdeps_CXX="${postdeps_CXX} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$predep_objects_CXX"; then
+ predep_objects_CXX="$p"
+ else
+ predep_objects_CXX="$predep_objects_CXX $p"
+ fi
+ else
+ if test -z "$postdep_objects_CXX"; then
+ postdep_objects_CXX="$p"
+ else
+ postdep_objects_CXX="$postdep_objects_CXX $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling CXX test program"
+fi
+
+$RM -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+case $host_os in
+interix[3-9]*)
+ # Interix 3.5 installs completely hosed .la files for C++, so rather than
+ # hack all around it, let's just trust "g++" to DTRT.
+ predep_objects_CXX=
+ postdep_objects_CXX=
+ postdeps_CXX=
+ ;;
+
+linux*)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ if test "$solaris_use_stlport4" != yes; then
+ postdeps_CXX='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+
+solaris*)
+ case $cc_basename in
+ CC*)
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ if test "$solaris_use_stlport4" != yes; then
+ postdeps_CXX='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+esac
+
+
+case " $postdeps_CXX " in
+*" -lc "*) archive_cmds_need_lc_CXX=no ;;
+esac
+ compiler_lib_search_dirs_CXX=
+if test -n "${compiler_lib_search_path_CXX}"; then
+ compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ lt_prog_compiler_wl_CXX=
+lt_prog_compiler_pic_CXX=
+lt_prog_compiler_static_CXX=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | cygwin* | os2* | pw32* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic_CXX='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ lt_prog_compiler_pic_CXX=
+ ;;
+ interix[3-9]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic_CXX=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic_CXX='-fPIC -shared'
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix[4-9]*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static_CXX='-Bstatic'
+ else
+ lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+ if test "$host_cpu" != ia64; then
+ lt_prog_compiler_pic_CXX='+Z'
+ fi
+ ;;
+ aCC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ interix*)
+ # This is c89, which is MS Visual C++ (no shared libs)
+ # Anyone wants to do a port?
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_static_CXX='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ lt_prog_compiler_pic_CXX='-fPIC'
+ ;;
+ ecpc* )
+ # old Intel C++ for x86_64 which still supported -KPIC.
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-static'
+ ;;
+ icpc* )
+ # Intel C++, used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-fPIC'
+ lt_prog_compiler_static_CXX='-static'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-fpic'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ xlc* | xlC*)
+ # IBM XL 8.0 on PPC
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-qpic'
+ lt_prog_compiler_static_CXX='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ lt_prog_compiler_wl_CXX='-Qoption ld '
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ lt_prog_compiler_pic_CXX='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd* | netbsdelf*-gnu)
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic_CXX='-fPIC -shared'
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ lt_prog_compiler_wl_CXX='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ lt_prog_compiler_wl_CXX='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_static_CXX='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ lt_prog_compiler_wl_CXX='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ lt_prog_compiler_pic_CXX='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ lt_prog_compiler_pic_CXX='-pic'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ lt_prog_compiler_pic_CXX='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ case $cc_basename in
+ CC*)
+ lt_prog_compiler_wl_CXX='-Wl,'
+ lt_prog_compiler_pic_CXX='-KPIC'
+ lt_prog_compiler_static_CXX='-Bstatic'
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ lt_prog_compiler_pic_CXX='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ vxworks*)
+ ;;
+ *)
+ lt_prog_compiler_can_build_shared_CXX=no
+ ;;
+ esac
+ fi
+
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic_CXX=
+ ;;
+ *)
+ lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic_CXX" >&5
+$as_echo "$lt_prog_compiler_pic_CXX" >&6; }
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_CXX"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_pic_works_CXX=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:20168: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:20172: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_pic_works_CXX=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works_CXX" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works_CXX" = xyes; then
+ case $lt_prog_compiler_pic_CXX in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
+ esac
+else
+ lt_prog_compiler_pic_CXX=
+ lt_prog_compiler_can_build_shared_CXX=no
+fi
+
+fi
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_static_works_CXX=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_static_works_CXX=yes
+ fi
+ else
+ lt_cv_prog_compiler_static_works_CXX=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_static_works_CXX" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works_CXX" = xyes; then
+ :
+else
+ lt_prog_compiler_static_CXX=
+fi
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o_CXX=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:20267: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:20271: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_CXX=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o_CXX=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:20319: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:20323: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o_CXX=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix[4-9]*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ export_symbols_cmds_CXX="$ltdll_cmds"
+ ;;
+ cygwin* | mingw* | cegcc*)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;/^.*[ ]__nm__/s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ linux* | k*bsd*-gnu)
+ link_all_deplibs_CXX=no
+ ;;
+ *)
+ export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+ exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+with_gnu_ld_CXX=$with_gnu_ld
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_CXX" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc_CXX=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds_CXX in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl_CXX
+ pic_flag=$lt_prog_compiler_pic_CXX
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
+ allow_undefined_flag_CXX=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+ (eval $archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ archive_cmds_need_lc_CXX=no
+ else
+ archive_cmds_need_lc_CXX=yes
+ fi
+ allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc_CXX" >&5
+$as_echo "$archive_cmds_need_lc_CXX" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[4-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[3-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl_CXX\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec_CXX\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+ shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action_CXX=
+if test -n "$hardcode_libdir_flag_spec_CXX" ||
+ test -n "$runpath_var_CXX" ||
+ test "X$hardcode_automatic_CXX" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$hardcode_direct_CXX" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
+ test "$hardcode_minus_L_CXX" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action_CXX=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action_CXX=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action_CXX=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action_CXX" >&5
+$as_echo "$hardcode_action_CXX" >&6; }
+
+if test "$hardcode_action_CXX" = relink ||
+ test "$inherit_rpath_CXX" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+
+
+
+
+
+ fi # test -n "$compiler"
+
+ CC=$lt_save_CC
+ LDCXX=$LD
+ LD=$lt_save_LD
+ GCC=$lt_save_GCC
+ with_gnu_ld=$lt_save_with_gnu_ld
+ lt_cv_path_LDCXX=$lt_cv_path_LD
+ lt_cv_path_LD=$lt_save_path_LD
+ lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+ lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test "$_lt_caught_CXX_error" != yes
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+ if test "$use_cxx" != "no"; then
+ ENABLE_CXX_TRUE=
+ ENABLE_CXX_FALSE='#'
+else
+ ENABLE_CXX_TRUE='#'
+ ENABLE_CXX_FALSE=
+fi
+
+
+
+$as_echo "#define GNUTLS_INTERNAL_BUILD 1" >>confdefs.h
+
+
+ac_config_files="$ac_config_files Makefile gnutls.pc gl/Makefile includes/Makefile includes/gnutls/gnutls.h minitasn1/Makefile opencdk/Makefile openpgp/Makefile po/Makefile.in x509/Makefile gcrypt/Makefile nettle/Makefile"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ test "x$cache_file" != "x/dev/null" &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ cat confcache >$cache_file
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+ am__EXEEXT_TRUE=
+ am__EXEEXT_FALSE='#'
+else
+ am__EXEEXT_TRUE='#'
+ am__EXEEXT_FALSE=
+fi
+
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+ as_fn_error $? "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_NETTLE_TRUE}" && test -z "${ENABLE_NETTLE_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_NETTLE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_MINITASN1_TRUE}" && test -z "${ENABLE_MINITASN1_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_MINITASN1\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_LOCAL_PAKCHOIS_TRUE}" && test -z "${ENABLE_LOCAL_PAKCHOIS_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_LOCAL_PAKCHOIS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${USE_LZO_TRUE}" && test -z "${USE_LZO_FALSE}"; then
+ as_fn_error $? "conditional \"USE_LZO\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_OPRFI_TRUE}" && test -z "${ENABLE_OPRFI_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_OPRFI\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_SRP_TRUE}" && test -z "${ENABLE_SRP_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_SRP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_PSK_TRUE}" && test -z "${ENABLE_PSK_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_PSK\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_ANON_TRUE}" && test -z "${ENABLE_ANON_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_ANON\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_PKI_TRUE}" && test -z "${ENABLE_PKI_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_PKI\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_OPENPGP_TRUE}" && test -z "${ENABLE_OPENPGP_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_OPENPGP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_SESSION_TICKET_TRUE}" && test -z "${ENABLE_SESSION_TICKET_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_SESSION_TICKET\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${ENABLE_CXX_TRUE}" && test -z "${ENABLE_CXX_FALSE}"; then
+ as_fn_error $? "conditional \"ENABLE_CXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by libgnutls $as_me 2.11.7, which was
+generated by GNU Autoconf 2.67. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <bug-gnutls@gnu.org>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+libgnutls config.status 2.11.7
+configured by $0, generated by GNU Autoconf 2.67,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
+enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
+host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
+host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
+host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
+build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
+build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
+build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
+SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
+Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
+GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
+EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
+FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
+LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
+NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
+LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
+exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
+AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
+GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
+SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
+ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
+need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
+LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
+libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
+version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
+striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_dirs='`$ECHO "X$compiler_lib_search_dirs" | $Xsed -e "$delay_single_quote_subst"`'
+predep_objects='`$ECHO "X$predep_objects" | $Xsed -e "$delay_single_quote_subst"`'
+postdep_objects='`$ECHO "X$postdep_objects" | $Xsed -e "$delay_single_quote_subst"`'
+predeps='`$ECHO "X$predeps" | $Xsed -e "$delay_single_quote_subst"`'
+postdeps='`$ECHO "X$postdeps" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_path='`$ECHO "X$compiler_lib_search_path" | $Xsed -e "$delay_single_quote_subst"`'
+LD_CXX='`$ECHO "X$LD_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds_CXX='`$ECHO "X$old_archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_CXX='`$ECHO "X$compiler_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+GCC_CXX='`$ECHO "X$GCC_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag_CXX='`$ECHO "X$lt_prog_compiler_no_builtin_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl_CXX='`$ECHO "X$lt_prog_compiler_wl_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic_CXX='`$ECHO "X$lt_prog_compiler_pic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static_CXX='`$ECHO "X$lt_prog_compiler_static_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o_CXX='`$ECHO "X$lt_cv_prog_compiler_c_o_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc_CXX='`$ECHO "X$archive_cmds_need_lc_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes_CXX='`$ECHO "X$enable_shared_with_static_runtimes_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec_CXX='`$ECHO "X$export_dynamic_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec_CXX='`$ECHO "X$whole_archive_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object_CXX='`$ECHO "X$compiler_needs_object_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds_CXX='`$ECHO "X$old_archive_from_new_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds_CXX='`$ECHO "X$old_archive_from_expsyms_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_CXX='`$ECHO "X$archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds_CXX='`$ECHO "X$archive_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds_CXX='`$ECHO "X$module_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds_CXX='`$ECHO "X$module_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld_CXX='`$ECHO "X$with_gnu_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag_CXX='`$ECHO "X$allow_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag_CXX='`$ECHO "X$no_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_CXX='`$ECHO "X$hardcode_libdir_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld_CXX='`$ECHO "X$hardcode_libdir_flag_spec_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator_CXX='`$ECHO "X$hardcode_libdir_separator_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_CXX='`$ECHO "X$hardcode_direct_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute_CXX='`$ECHO "X$hardcode_direct_absolute_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L_CXX='`$ECHO "X$hardcode_minus_L_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var_CXX='`$ECHO "X$hardcode_shlibpath_var_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic_CXX='`$ECHO "X$hardcode_automatic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath_CXX='`$ECHO "X$inherit_rpath_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs_CXX='`$ECHO "X$link_all_deplibs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path_CXX='`$ECHO "X$fix_srcfile_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols_CXX='`$ECHO "X$always_export_symbols_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds_CXX='`$ECHO "X$export_symbols_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms_CXX='`$ECHO "X$exclude_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms_CXX='`$ECHO "X$include_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds_CXX='`$ECHO "X$prelink_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec_CXX='`$ECHO "X$file_list_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action_CXX='`$ECHO "X$hardcode_action_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_dirs_CXX='`$ECHO "X$compiler_lib_search_dirs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+predep_objects_CXX='`$ECHO "X$predep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+postdep_objects_CXX='`$ECHO "X$postdep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+predeps_CXX='`$ECHO "X$predeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+postdeps_CXX='`$ECHO "X$postdeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_path_CXX='`$ECHO "X$compiler_lib_search_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+AR \
+AR_FLAGS \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+SHELL \
+ECHO \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_wl \
+lt_prog_compiler_pic \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_flag_spec_ld \
+hardcode_libdir_separator \
+fix_srcfile_path \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+finish_eval \
+old_striplib \
+striplib \
+compiler_lib_search_dirs \
+predep_objects \
+postdep_objects \
+predeps \
+postdeps \
+compiler_lib_search_path \
+LD_CXX \
+compiler_CXX \
+lt_prog_compiler_no_builtin_flag_CXX \
+lt_prog_compiler_wl_CXX \
+lt_prog_compiler_pic_CXX \
+lt_prog_compiler_static_CXX \
+lt_cv_prog_compiler_c_o_CXX \
+export_dynamic_flag_spec_CXX \
+whole_archive_flag_spec_CXX \
+compiler_needs_object_CXX \
+with_gnu_ld_CXX \
+allow_undefined_flag_CXX \
+no_undefined_flag_CXX \
+hardcode_libdir_flag_spec_CXX \
+hardcode_libdir_flag_spec_ld_CXX \
+hardcode_libdir_separator_CXX \
+fix_srcfile_path_CXX \
+exclude_expsyms_CXX \
+include_expsyms_CXX \
+file_list_spec_CXX \
+compiler_lib_search_dirs_CXX \
+predep_objects_CXX \
+postdep_objects_CXX \
+predeps_CXX \
+postdeps_CXX \
+compiler_lib_search_path_CXX; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+sys_lib_dlsearch_path_spec \
+old_archive_cmds_CXX \
+old_archive_from_new_cmds_CXX \
+old_archive_from_expsyms_cmds_CXX \
+archive_cmds_CXX \
+archive_expsym_cmds_CXX \
+module_cmds_CXX \
+module_expsym_cmds_CXX \
+export_symbols_cmds_CXX \
+prelink_cmds_CXX; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
+ ;;
+esac
+
+ac_aux_dir='$ac_aux_dir'
+xsi_shell='$xsi_shell'
+lt_shell_append='$lt_shell_append'
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ TIMESTAMP='$TIMESTAMP'
+ RM='$RM'
+ ofile='$ofile'
+
+
+
+
+
+# Capture the value of obsolete ALL_LINGUAS because we need it to compute
+ # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
+ # from automake < 1.5.
+ eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
+ # Capture the value of LINGUAS because we need it to compute CATALOGS.
+ LINGUAS="${LINGUAS-%UNSET%}"
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+ "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "gnutls.pc") CONFIG_FILES="$CONFIG_FILES gnutls.pc" ;;
+ "gl/Makefile") CONFIG_FILES="$CONFIG_FILES gl/Makefile" ;;
+ "includes/Makefile") CONFIG_FILES="$CONFIG_FILES includes/Makefile" ;;
+ "includes/gnutls/gnutls.h") CONFIG_FILES="$CONFIG_FILES includes/gnutls/gnutls.h" ;;
+ "minitasn1/Makefile") CONFIG_FILES="$CONFIG_FILES minitasn1/Makefile" ;;
+ "opencdk/Makefile") CONFIG_FILES="$CONFIG_FILES opencdk/Makefile" ;;
+ "openpgp/Makefile") CONFIG_FILES="$CONFIG_FILES openpgp/Makefile" ;;
+ "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;;
+ "x509/Makefile") CONFIG_FILES="$CONFIG_FILES x509/Makefile" ;;
+ "gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES gcrypt/Makefile" ;;
+ "nettle/Makefile") CONFIG_FILES="$CONFIG_FILES nettle/Makefile" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp=
+ trap 'exit_status=$?
+ { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -n "$tmp" && test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = "\a"
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_t"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = "\a"
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+ ac_MKDIR_P=$MKDIR_P
+ case $MKDIR_P in
+ [\\/$]* | ?:[\\/]* ) ;;
+ */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$tmp/stdin"
+ case $ac_file in
+ -) cat "$tmp/out" && rm -f "$tmp/out";;
+ *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+ } >"$tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
+ fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$_am_arg" : 'X\(//\)[^/]' \| \
+ X"$_am_arg" : 'X\(//\)$' \| \
+ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+
+ :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+ esac
+
+
+ case $ac_file$ac_mode in
+ "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$mf" : 'X\(//\)[^/]' \| \
+ X"$mf" : 'X\(//\)$' \| \
+ X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$file" : 'X\(//\)[^/]' \| \
+ X"$file" : 'X\(//\)$' \| \
+ X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir=$dirpart/$fdir; as_fn_mkdir_p
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+ ;;
+ "libtool":C)
+
+ # See if we are running on zsh, and set the options which allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile="${ofile}T"
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags="CXX "
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that does not interpret backslashes.
+ECHO=$lt_ECHO
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking. This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects
+postdep_objects=$lt_postdep_objects
+predeps=$lt_predeps
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ case $xsi_shell in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=${1%%=*}
+ func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=$(( $* ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=${#1}
+}
+
+_LT_EOF
+ ;;
+ *) # Bourne compatible functions.
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+ esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[^=]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+ func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "$@"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1+=\$2"
+}
+_LT_EOF
+ ;;
+ *)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1=\$$1\$2"
+}
+
+_LT_EOF
+ ;;
+ esac
+
+
+ sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+
+ cat <<_LT_EOF >> "$ofile"
+
+# ### BEGIN LIBTOOL TAG CONFIG: CXX
+
+# The linker used to build libraries.
+LD=$lt_LD_CXX
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds_CXX
+
+# A language specific compiler.
+CC=$lt_compiler_CXX
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC_CXX
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_CXX
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_CXX
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_CXX
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_CXX
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object_CXX
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds_CXX
+archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds_CXX
+module_expsym_cmds=$lt_module_expsym_cmds_CXX
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld_CXX
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_CXX
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_CXX
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking. This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct_CXX
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute_CXX
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L_CXX
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic_CXX
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath_CXX
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_CXX
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path_CXX
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols_CXX
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_CXX
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_CXX
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_CXX
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds_CXX
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec_CXX
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_CXX
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects_CXX
+postdep_objects=$lt_postdep_objects_CXX
+predeps=$lt_predeps_CXX
+postdeps=$lt_postdeps_CXX
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
+
+# ### END LIBTOOL TAG CONFIG: CXX
+_LT_EOF
+
+ ;;
+ "po-directories":C)
+ for ac_file in $CONFIG_FILES; do
+ # Support "outfile[:infile[:infile...]]"
+ case "$ac_file" in
+ *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+ esac
+ # PO directories have a Makefile.in generated from Makefile.in.in.
+ case "$ac_file" in */Makefile.in)
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+ # Treat a directory as a PO directory if and only if it has a
+ # POTFILES.in file. This allows packages to have multiple PO
+ # directories under different names or in different locations.
+ if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
+ rm -f "$ac_dir/POTFILES"
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
+ cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
+ POMAKEFILEDEPS="POTFILES.in"
+ # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
+ # on $ac_dir but don't depend on user-specified configuration
+ # parameters.
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # The set of available languages was given in configure.in.
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
+ fi
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ done
+ fi
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
+ sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
+ for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
+ if test -f "$f"; then
+ case "$f" in
+ *.orig | *.bak | *~) ;;
+ *) cat "$f" >> "$ac_dir/Makefile" ;;
+ esac
+ fi
+ done
+ fi
+ ;;
+ esac
+ done ;;
+
+ esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+# gl/tests/Makefile
--- /dev/null
+dnl Process this file with autoconf to produce a configure script.
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2009, 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos, Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+AC_PREREQ(2.61)
+AC_INIT([libgnutls], [2.11.7], [bug-gnutls@gnu.org])
+#AC_CONFIG_AUX_DIR([build-aux])
+AC_CONFIG_MACRO_DIR([m4])
+
+AM_INIT_AUTOMAKE([1.10 -Wall -Werror -Wno-override])
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+AM_CONFIG_HEADER(config.h)
+
+AC_PROG_CC
+lgl_EARLY
+
+#AC_LIBTOOL_WIN32_DLL
+AC_PROG_LIBTOOL
+
+LIBGNUTLS_HOOKS
+
+AM_GNU_GETTEXT([external])
+AM_GNU_GETTEXT_VERSION([0.17])
+
+AC_C_BIGENDIAN
+
+# For includes/gnutls/gnutls.h.in.
+AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`)
+AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`)
+AC_SUBST(PATCH_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\..*\.\(.*\)/\1/g'`)
+AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`)
+AC_CHECK_TYPE(ssize_t,
+ [
+ DEFINE_SSIZE_T="#include <sys/types.h>"
+ AC_SUBST(DEFINE_SSIZE_T)
+ ], [
+ AC_DEFINE(NO_SSIZE_T, 1, [no ssize_t type was found])
+ DEFINE_SSIZE_T="typedef int ssize_t;"
+ AC_SUBST(DEFINE_SSIZE_T)
+ ], [
+ #include <sys/types.h>
+ ])
+
+# For minitasn1.
+AC_CHECK_SIZEOF(unsigned long int, 4)
+AC_CHECK_SIZEOF(unsigned int, 4)
+
+AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib],
+ [disable zlib compression support]),
+ ac_zlib=$withval, ac_zlib=yes)
+AC_MSG_CHECKING([whether to include zlib compression support])
+if test x$ac_zlib != xno; then
+ AC_MSG_RESULT(yes)
+ AC_LIB_HAVE_LINKFLAGS(z,, [#include <zlib.h>], [compress (0, 0, 0, 0);])
+ if test "$ac_cv_libz" != yes; then
+ AC_MSG_WARN(
+***
+*** ZLIB was not found. You will not be able to use ZLIB compression.)
+ fi
+else
+ AC_MSG_RESULT(no)
+fi
+
+if test x$ac_zlib != xno; then
+ if test x$GNUTLS_REQUIRES_PRIVATE = x; then
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
+ else
+ GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE , zlib"
+ fi
+fi
+AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
+
+#lgl_INIT
+
+AC_CHECK_FUNCS(getrusage,,)
+AC_LIB_HAVE_LINKFLAGS(pthread,, [#include <pthread.h>], [pthread_mutex_lock (0);])
+
+LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS"
+LIBGNUTLS_CFLAGS="-I${includedir}"
+AC_SUBST(LIBGNUTLS_LIBS)
+AC_SUBST(LIBGNUTLS_CFLAGS)
+
+# Finish things from ../configure.ac.
+AC_SUBST([WERROR_CFLAGS])
+AC_SUBST([WSTACK_CFLAGS])
+AC_SUBST([WARN_CFLAGS])
+AC_PROG_CXX
+AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no")
+
+AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated functions - until they are removed.])
+
+AC_CONFIG_FILES([
+ Makefile
+ gnutls.pc
+ gl/Makefile
+ includes/Makefile
+ includes/gnutls/gnutls.h
+ minitasn1/Makefile
+ opencdk/Makefile
+ openpgp/Makefile
+ po/Makefile.in
+ x509/Makefile
+ gcrypt/Makefile
+ nettle/Makefile
+])
+AC_OUTPUT
+
+# gl/tests/Makefile
--- /dev/null
+/*
+ * Copyright (C) 2000, 2004, 2005, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_cipher_int.h>
+#include <gnutls_datum.h>
+#include <gnutls/crypto.h>
+#include <crypto.h>
+
+/**
+ * gnutls_cipher_init:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @cipher: the encryption algorithm to use
+ * @key: The key to be used for encryption
+ * @iv: The IV to use (if not applicable set NULL)
+ *
+ * This function will initialize an context that can be used for
+ * encryption/decryption of data. This will effectively use the
+ * current crypto backend in use by gnutls or the cryptographic
+ * accelerator in use.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_cipher_init (gnutls_cipher_hd_t * handle,
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv)
+{
+ *handle = gnutls_malloc (sizeof (cipher_hd_st));
+ if (*handle == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_cipher_init (((cipher_hd_st *) * handle), cipher, key, iv);
+}
+
+/**
+ * gnutls_cipher_encrypt:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to encrypt
+ * @textlen: The length of data to encrypt
+ *
+ * This function will encrypt the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, size_t textlen)
+{
+ return _gnutls_cipher_encrypt ((cipher_hd_st *) handle, text, textlen);
+}
+
+/**
+ * gnutls_cipher_decrypt:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @ciphertext: the data to encrypt
+ * @ciphertextlen: The length of data to encrypt
+ *
+ * This function will decrypt the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext,
+ size_t ciphertextlen)
+{
+ return _gnutls_cipher_decrypt ((cipher_hd_st *) handle, ciphertext,
+ ciphertextlen);
+}
+
+/**
+ * gnutls_cipher_encrypt2:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to encrypt
+ * @textlen: The length of data to encrypt
+ * @ciphertext: the encrypted data
+ * @ciphertextlen: The available length for encrypted data
+ *
+ * This function will encrypt the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text, size_t textlen,
+ void *ciphertext, size_t ciphertextlen)
+{
+ return _gnutls_cipher_encrypt2 ((cipher_hd_st *) handle, text, textlen,
+ ciphertext, ciphertextlen);
+}
+
+/**
+ * gnutls_cipher_decrypt2:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @ciphertext: the data to encrypt
+ * @ciphertextlen: The length of data to encrypt
+ * @text: the decrypted data
+ * @textlen: The available length for decrypted data
+ *
+ * This function will decrypt the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle, const void *ciphertext,
+ size_t ciphertextlen, void *text, size_t textlen)
+{
+ return _gnutls_cipher_decrypt2 ((cipher_hd_st *) handle, ciphertext,
+ ciphertextlen, text, textlen);
+}
+
+/**
+ * gnutls_cipher_deinit:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ *
+ * This function will deinitialize all resources occupied by the given
+ * encryption context.
+ *
+ * Since: 2.10.0
+ **/
+void
+gnutls_cipher_deinit (gnutls_cipher_hd_t handle)
+{
+ _gnutls_cipher_deinit ((cipher_hd_st *) handle);
+ gnutls_free (handle);
+}
+
+
+/* HMAC */
+
+/**
+ * gnutls_hmac_init:
+ * @dig: is a #gnutls_hmac_hd_t structure.
+ * @algorithm: the HMAC algorithm to use
+ * @key: The key to be used for encryption
+ * @keylen: The length of the key
+ *
+ * This function will initialize an context that can be used to
+ * produce a Message Authentication Code (MAC) of data. This will
+ * effectively use the current crypto backend in use by gnutls or the
+ * cryptographic accelerator in use.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hmac_init (gnutls_hmac_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm,
+ const void *key, size_t keylen)
+{
+ *dig = gnutls_malloc (sizeof (digest_hd_st));
+ if (*dig == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_hmac_init (((digest_hd_st *) * dig), algorithm, key, keylen);
+}
+
+/**
+ * gnutls_hmac:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ *
+ * This function will hash the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen)
+{
+ return _gnutls_hmac ((digest_hd_st *) handle, text, textlen);
+}
+
+/**
+ * gnutls_hmac_output:
+ * @handle: is a #gnutls_hmac_hd_t structure.
+ * @digest: is the output value of the MAC
+ *
+ * This function will output the current MAC value.
+ *
+ * Since: 2.10.0
+ **/
+void
+gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest)
+{
+ _gnutls_hmac_output ((digest_hd_st *) handle, digest);
+}
+
+/**
+ * gnutls_hmac_deinit:
+ * @handle: is a #gnutls_hmac_hd_t structure.
+ * @digest: is the output value of the MAC
+ *
+ * This function will deinitialize all resources occupied by
+ * the given hmac context.
+ *
+ * Since: 2.10.0
+ **/
+void
+gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest)
+{
+ _gnutls_hmac_deinit ((digest_hd_st *) handle, digest);
+ gnutls_free (handle);
+}
+
+/**
+ * gnutls_hmac_get_len:
+ * @algorithm: the hmac algorithm to use
+ *
+ * This function will return the length of the output data
+ * of the given hmac algorithm.
+ *
+ * Returns: The length or zero on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm)
+{
+ return _gnutls_hmac_get_algo_len (algorithm);
+}
+
+/**
+ * gnutls_hmac_fast:
+ * @algorithm: the hash algorithm to use
+ * @key: the key to use
+ * @keylen: The length of the key
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ * @digest: is the output value of the hash
+ *
+ * This convenience function will hash the given data and return output
+ * on a single call.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm,
+ const void *key, size_t keylen,
+ const void *text, size_t textlen, void *digest)
+{
+ return _gnutls_hmac_fast (algorithm, key, keylen, text, textlen, digest);
+}
+
+/* HASH */
+
+/**
+ * gnutls_hash_init:
+ * @dig: is a #gnutls_hash_hd_t structure.
+ * @algorithm: the hash algorithm to use
+ *
+ * This function will initialize an context that can be used to
+ * produce a Message Digest of data. This will effectively use the
+ * current crypto backend in use by gnutls or the cryptographic
+ * accelerator in use.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm)
+{
+ *dig = gnutls_malloc (sizeof (digest_hd_st));
+ if (*dig == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return _gnutls_hash_init (((digest_hd_st *) * dig), algorithm);
+}
+
+/**
+ * gnutls_hash:
+ * @handle: is a #gnutls_cipher_hd_t structure.
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ *
+ * This function will hash the given data using the algorithm
+ * specified by the context.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen)
+{
+ return _gnutls_hash ((digest_hd_st *) handle, text, textlen);
+}
+
+/**
+ * gnutls_hash_output:
+ * @handle: is a #gnutls_hash_hd_t structure.
+ * @digest: is the output value of the hash
+ *
+ * This function will output the current hash value.
+ *
+ * Since: 2.10.0
+ **/
+void
+gnutls_hash_output (gnutls_hash_hd_t handle, void *digest)
+{
+ _gnutls_hash_output ((digest_hd_st *) handle, digest);
+}
+
+/**
+ * gnutls_hash_deinit:
+ * @handle: is a #gnutls_hash_hd_t structure.
+ * @digest: is the output value of the hash
+ *
+ * This function will deinitialize all resources occupied by
+ * the given hash context.
+ *
+ * Since: 2.10.0
+ **/
+void
+gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest)
+{
+ _gnutls_hash_deinit ((digest_hd_st *) handle, digest);
+ gnutls_free (handle);
+}
+
+/**
+ * gnutls_hash_get_len:
+ * @algorithm: the hash algorithm to use
+ *
+ * This function will return the length of the output data
+ * of the given hash algorithm.
+ *
+ * Returns: The length or zero on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm)
+{
+ return _gnutls_hash_get_algo_len (algorithm);
+}
+
+/**
+ * gnutls_hash_fast:
+ * @algorithm: the hash algorithm to use
+ * @text: the data to hash
+ * @textlen: The length of data to hash
+ * @digest: is the output value of the hash
+ *
+ * This convenience function will hash the given data and return output
+ * on a single call.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest)
+{
+ return _gnutls_hash_fast (algorithm, text, textlen, digest);
+}
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_errors.h>
+#include <gnutls_int.h>
+#include <gnutls/crypto.h>
+#include <crypto.h>
+#include <gnutls_mpi.h>
+#include <gnutls_pk.h>
+#include <random.h>
+#include <gnutls_cipher_int.h>
+
+/* default values for priorities */
+int crypto_mac_prio = INT_MAX;
+int crypto_digest_prio = INT_MAX;
+int crypto_cipher_prio = INT_MAX;
+
+typedef struct algo_list
+{
+ int algorithm;
+ int priority;
+ const void *alg_data;
+ struct algo_list *next;
+} algo_list;
+
+#define cipher_list algo_list
+#define mac_list algo_list
+#define digest_list algo_list
+
+static int
+_algo_register (algo_list * al, int algorithm, int priority, const void *s)
+{
+ algo_list *cl;
+ algo_list *last_cl = al;
+
+ /* look if there is any cipher with lowest priority. In that case do not add.
+ */
+ cl = al;
+ while (cl && cl->alg_data)
+ {
+ if (cl->algorithm == algorithm)
+ {
+ if (cl->priority < priority)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+ }
+ else
+ {
+ /* the current has higher priority -> overwrite */
+ cl->algorithm = algorithm;
+ cl->priority = priority;
+ cl->alg_data = s;
+ return 0;
+ }
+ }
+ cl = cl->next;
+ if (cl)
+ last_cl = cl;
+ }
+
+ cl = gnutls_calloc (1, sizeof (cipher_list));
+
+ if (cl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ last_cl->algorithm = algorithm;
+ last_cl->priority = priority;
+ last_cl->alg_data = s;
+ last_cl->next = cl;
+
+ return 0;
+
+}
+
+static const void *
+_get_algo (algo_list * al, int algo)
+{
+ cipher_list *cl;
+
+ /* look if there is any cipher with lowest priority. In that case do not add.
+ */
+ cl = al;
+ while (cl && cl->alg_data)
+ {
+ if (cl->algorithm == algo)
+ {
+ return cl->alg_data;
+ }
+ cl = cl->next;
+ }
+
+ return NULL;
+}
+
+static cipher_list glob_cl = { GNUTLS_CIPHER_NULL, 0, NULL, NULL };
+static mac_list glob_ml = { GNUTLS_MAC_NULL, 0, NULL, NULL };
+static digest_list glob_dl = { GNUTLS_MAC_NULL, 0, NULL, NULL };
+
+static void
+_deregister (algo_list * cl)
+{
+ algo_list *next;
+
+ next = cl->next;
+ cl->next = NULL;
+ cl = next;
+
+ while (cl)
+ {
+ next = cl->next;
+ gnutls_free (cl);
+ cl = next;
+ }
+}
+
+void
+_gnutls_crypto_deregister (void)
+{
+ _deregister (&glob_cl);
+ _deregister (&glob_ml);
+ _deregister (&glob_dl);
+}
+
+/**
+ * gnutls_crypto_single_cipher_register2:
+ * @algorithm: is the gnutls algorithm identifier
+ * @priority: is the priority of the algorithm
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new cipher's data
+ *
+ * This function will register a cipher algorithm to be used by
+ * gnutls. Any algorithm registered will override the included
+ * algorithms and by convention kernel implemented algorithms have
+ * priority of 90. The algorithm with the lowest priority will be
+ * used by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_single_cipher_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t algorithm,
+ int priority, int version,
+ const gnutls_crypto_cipher_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ return _algo_register (&glob_cl, algorithm, priority, s);
+}
+
+const gnutls_crypto_cipher_st *
+_gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo)
+{
+ return _get_algo (&glob_cl, algo);
+}
+
+/**
+ * gnutls_crypto_rnd_register2:
+ * @priority: is the priority of the generator
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new generator's data
+ *
+ * This function will register a random generator to be used by
+ * gnutls. Any generator registered will override the included
+ * generator and by convention kernel implemented generators have
+ * priority of 90. The generator with the lowest priority will be
+ * used by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_rnd_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_rnd_register2 (int priority, int version,
+ const gnutls_crypto_rnd_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (crypto_rnd_prio > priority)
+ {
+ memcpy (&_gnutls_rnd_ops, s, sizeof (*s));
+ crypto_rnd_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+}
+
+/**
+ * gnutls_crypto_single_mac_register2:
+ * @algorithm: is the gnutls algorithm identifier
+ * @priority: is the priority of the algorithm
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new algorithms's data
+ *
+ * This function will register a MAC algorithm to be used by gnutls.
+ * Any algorithm registered will override the included algorithms and
+ * by convention kernel implemented algorithms have priority of 90.
+ * The algorithm with the lowest priority will be used by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_single_mac_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
+ int priority, int version,
+ const gnutls_crypto_mac_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ return _algo_register (&glob_ml, algorithm, priority, s);
+}
+
+const gnutls_crypto_mac_st *
+_gnutls_get_crypto_mac (gnutls_mac_algorithm_t algo)
+{
+ return _get_algo (&glob_ml, algo);
+}
+
+/**
+ * gnutls_crypto_single_digest_register2:
+ * @algorithm: is the gnutls algorithm identifier
+ * @priority: is the priority of the algorithm
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new algorithms's data
+ *
+ * This function will register a digest (hash) algorithm to be used by
+ * gnutls. Any algorithm registered will override the included
+ * algorithms and by convention kernel implemented algorithms have
+ * priority of 90. The algorithm with the lowest priority will be
+ * used by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_single_digest_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t algorithm,
+ int priority, int version,
+ const gnutls_crypto_digest_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ return _algo_register (&glob_dl, algorithm, priority, s);
+}
+
+const gnutls_crypto_digest_st *
+_gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo)
+{
+ return _get_algo (&glob_dl, algo);
+}
+
+/**
+ * gnutls_crypto_bigint_register2:
+ * @priority: is the priority of the interface
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new interface's data
+ *
+ * This function will register an interface for gnutls to operate
+ * on big integers. Any interface registered will override
+ * the included interface. The interface with the lowest
+ * priority will be used by gnutls.
+ *
+ * Note that the bigint interface must interoperate with the public
+ * key interface. Thus if this interface is updated the
+ * gnutls_crypto_pk_register() should also be used.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience gnutls_crypto_bigint_register()
+ * macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_bigint_register2 (int priority, int version,
+ const gnutls_crypto_bigint_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (crypto_bigint_prio > priority)
+ {
+ memcpy (&_gnutls_mpi_ops, s, sizeof (*s));
+ crypto_bigint_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+}
+
+/**
+ * gnutls_crypto_pk_register2:
+ * @priority: is the priority of the interface
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new interface's data
+ *
+ * This function will register an interface for gnutls to operate
+ * on public key operations. Any interface registered will override
+ * the included interface. The interface with the lowest
+ * priority will be used by gnutls.
+ *
+ * Note that the bigint interface must interoperate with the bigint
+ * interface. Thus if this interface is updated the
+ * gnutls_crypto_bigint_register() should also be used.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience gnutls_crypto_pk_register()
+ * macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_pk_register2 (int priority, int version,
+ const gnutls_crypto_pk_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (crypto_pk_prio > priority)
+ {
+ memcpy (&_gnutls_pk_ops, s, sizeof (*s));
+ crypto_pk_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+}
+
+/**
+ * gnutls_crypto_cipher_register2:
+ * @priority: is the priority of the cipher interface
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new interface's data
+ *
+ * This function will register a cipher interface to be used by
+ * gnutls. Any interface registered will override the included engine
+ * and by convention kernel implemented interfaces should have
+ * priority of 90. The interface with the lowest priority will be used
+ * by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_cipher_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_cipher_register2 (int priority, int version,
+ const gnutls_crypto_cipher_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (crypto_cipher_prio > priority)
+ {
+ memcpy (&_gnutls_cipher_ops, s, sizeof (*s));
+ crypto_cipher_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+}
+
+/**
+ * gnutls_crypto_mac_register2:
+ * @priority: is the priority of the mac interface
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new interface's data
+ *
+ * This function will register a mac interface to be used by
+ * gnutls. Any interface registered will override the included engine
+ * and by convention kernel implemented interfaces should have
+ * priority of 90. The interface with the lowest priority will be used
+ * by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_digest_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_mac_register2 (int priority, int version,
+ const gnutls_crypto_mac_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (crypto_mac_prio > priority)
+ {
+ memcpy (&_gnutls_mac_ops, s, sizeof (*s));
+ crypto_mac_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+}
+
+/**
+ * gnutls_crypto_digest_register2:
+ * @priority: is the priority of the digest interface
+ * @version: should be set to %GNUTLS_CRYPTO_API_VERSION
+ * @s: is a structure holding new interface's data
+ *
+ * This function will register a digest interface to be used by
+ * gnutls. Any interface registered will override the included engine
+ * and by convention kernel implemented interfaces should have
+ * priority of 90. The interface with the lowest priority will be used
+ * by gnutls.
+ *
+ * This function should be called before gnutls_global_init().
+ *
+ * For simplicity you can use the convenience
+ * gnutls_crypto_digest_register() macro.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_crypto_digest_register2 (int priority, int version,
+ const gnutls_crypto_digest_st * s)
+{
+ if (version != GNUTLS_CRYPTO_API_VERSION)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (crypto_digest_prio > priority)
+ {
+ memcpy (&_gnutls_digest_ops, s, sizeof (*s));
+ crypto_digest_prio = priority;
+ return 0;
+ }
+
+ return GNUTLS_E_CRYPTO_ALREADY_REGISTERED;
+}
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef CRYPTO_H
+#define CRYPTO_H
+
+const gnutls_crypto_cipher_st
+ * _gnutls_get_crypto_cipher (gnutls_cipher_algorithm_t algo);
+const gnutls_crypto_digest_st
+ * _gnutls_get_crypto_digest (gnutls_digest_algorithm_t algo);
+const gnutls_crypto_mac_st *_gnutls_get_crypto_mac (gnutls_mac_algorithm_t
+ algo);
+void _gnutls_crypto_deregister (void);
+
+#endif /* CRYPTO_H */
--- /dev/null
+/*
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_errors.h>
+#include <gnutls_int.h>
+#include <gnutls/crypto.h>
+#include <gnutls_cryptodev.h>
+#include <gnutls_errors.h>
+
+#ifdef ENABLE_CRYPTODEV
+
+#include <fcntl.h>
+#include <sys/ioctl.h>
+#include <crypto/cryptodev.h>
+
+#ifndef CRYPTO_CIPHER_MAX_KEY_LEN
+#define CRYPTO_CIPHER_MAX_KEY_LEN 64
+#endif
+
+#ifndef EALG_MAX_BLOCK_LEN
+#define EALG_MAX_BLOCK_LEN 16
+#endif
+
+static int cryptodev_fd = -1;
+
+static int register_mac (int cfd);
+
+struct cryptodev_ctx
+{
+ struct session_op sess;
+ struct crypt_op cryp;
+ opaque iv[EALG_MAX_BLOCK_LEN];
+ opaque key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ int cfd;
+};
+
+static const int gnutls_cipher_map[] = {
+ [GNUTLS_CIPHER_AES_128_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_192_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_AES_256_CBC] = CRYPTO_AES_CBC,
+ [GNUTLS_CIPHER_3DES_CBC] = CRYPTO_3DES_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_128_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_CAMELLIA_256_CBC] = CRYPTO_CAMELLIA_CBC,
+ [GNUTLS_CIPHER_DES_CBC] = CRYPTO_DES_CBC,
+};
+
+static int
+cryptodev_cipher_init (gnutls_cipher_algorithm_t algorithm, void **_ctx)
+{
+ struct cryptodev_ctx *ctx;
+ int cipher = gnutls_cipher_map[algorithm];
+
+ *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_ctx));
+ if (*_ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx = *_ctx;
+
+ ctx->cfd = cryptodev_fd;
+ ctx->sess.cipher = cipher;
+ ctx->sess.key = ctx->key;
+ ctx->cryp.iv = ctx->iv;
+
+ return 0;
+}
+
+static int
+cryptodev_cipher_setkey (void *_ctx, const void *key, size_t keysize)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+
+ ctx->sess.keylen = keysize;
+ memcpy (ctx->key, key, keysize);
+
+ if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
+
+ return 0;
+}
+
+static int
+cryptodev_setiv (void *_ctx, const void *iv, size_t iv_size)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+
+ memcpy (ctx->iv, iv, iv_size);
+
+ return 0;
+}
+
+static int
+cryptodev_encrypt (void *_ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+ ctx->cryp.len = plainsize;
+ ctx->cryp.src = (void *) plain;
+ ctx->cryp.dst = encr;
+ ctx->cryp.op = COP_ENCRYPT;
+ if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ return 0;
+}
+
+static int
+cryptodev_decrypt (void *_ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+
+ ctx->cryp.len = encrsize;
+ ctx->cryp.src = (void *) encr;
+ ctx->cryp.dst = plain;
+ ctx->cryp.op = COP_DECRYPT;
+ if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ return 0;
+
+}
+
+static void
+cryptodev_deinit (void *_ctx)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+
+ ioctl (ctx->cfd, CIOCFSESSION, &ctx->sess);
+ gnutls_free (ctx);
+}
+
+static const gnutls_crypto_cipher_st cipher_struct = {
+ .init = cryptodev_cipher_init,
+ .setkey = cryptodev_cipher_setkey,
+ .setiv = cryptodev_setiv,
+ .encrypt = cryptodev_encrypt,
+ .decrypt = cryptodev_decrypt,
+ .deinit = cryptodev_deinit,
+};
+
+static int
+register_crypto (int cfd)
+{
+ struct session_op sess;
+ char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ int i = 0, ret;
+
+ memset (&sess, 0, sizeof (sess));
+
+ for (i = 0; i < sizeof (gnutls_cipher_map) / sizeof (gnutls_cipher_map[0]);
+ i++)
+ {
+ if (gnutls_cipher_map[i] == 0)
+ continue;
+
+ /* test if a cipher is support it and if yes register it */
+ sess.cipher = gnutls_cipher_map[i];
+ sess.keylen = gnutls_cipher_get_key_size (i);
+ sess.key = fake_key;
+
+ if (ioctl (cfd, CIOCGSESSION, &sess))
+ {
+ continue;
+ }
+
+ ioctl (cfd, CIOCFSESSION, &sess);
+
+ _gnutls_debug_log ("/dev/crypto: registering: %s\n",
+ gnutls_cipher_get_name (i));
+ ret = gnutls_crypto_single_cipher_register (i, 90, &cipher_struct);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ }
+
+ return 0;
+}
+
+int
+_gnutls_cryptodev_init (void)
+{
+ int ret;
+
+ /* Open the crypto device */
+ cryptodev_fd = open ("/dev/crypto", O_RDWR, 0);
+ if (cryptodev_fd < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_DEVICE_ERROR;
+ }
+
+#ifndef CRIOGET_NOT_NEEDED
+ {
+ int cfd = -1;
+ /* Clone file descriptor */
+ if (ioctl (cryptodev_fd, CRIOGET, &cfd))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ /* Set close-on-exec (not really neede here) */
+ if (fcntl (cfd, F_SETFD, 1) == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ close (cryptodev_fd);
+ cryptodev_fd = cfd;
+ }
+#endif
+
+ ret = register_crypto (cryptodev_fd);
+ if (ret < 0)
+ gnutls_assert ();
+
+ if (ret >= 0)
+ {
+ ret = register_mac (cryptodev_fd);
+ if (ret < 0)
+ gnutls_assert ();
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ close (cryptodev_fd);
+ }
+
+ return ret;
+}
+
+void
+_gnutls_cryptodev_deinit (void)
+{
+ close (cryptodev_fd);
+}
+
+/* MAC and digest stuff */
+
+/* if we are using linux /dev/crypto
+ */
+#if defined COP_FLAG_UPDATE
+
+static const int gnutls_mac_map[] = {
+ [GNUTLS_MAC_MD5] = CRYPTO_MD5_HMAC,
+ [GNUTLS_MAC_SHA1] = CRYPTO_SHA1_HMAC,
+ [GNUTLS_MAC_SHA256] = CRYPTO_SHA2_256_HMAC,
+ [GNUTLS_MAC_SHA384] = CRYPTO_SHA2_384_HMAC,
+ [GNUTLS_MAC_SHA512] = CRYPTO_SHA2_512_HMAC,
+};
+
+static int
+cryptodev_mac_init (gnutls_mac_algorithm_t algorithm, void **_ctx)
+{
+ struct cryptodev_ctx *ctx;
+ int mac = gnutls_mac_map[algorithm];
+
+ *_ctx = gnutls_calloc (1, sizeof (struct cryptodev_ctx));
+ if (*_ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx = *_ctx;
+
+ ctx->cfd = cryptodev_fd;
+
+ ctx->sess.mac = mac;
+ ctx->sess.mackey = ctx->key;
+
+ return 0;
+}
+
+static int
+cryptodev_mac_setkey (void *_ctx, const void *key, size_t keysize)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+
+ ctx->sess.mackeylen = keysize;
+ memcpy (ctx->key, key, keysize);
+
+ if (ioctl (ctx->cfd, CIOCGSESSION, &ctx->sess))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ ctx->cryp.ses = ctx->sess.ses;
+
+ return 0;
+}
+
+static int
+cryptodev_mac_hash (void *_ctx, const void *text, size_t textsize)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+ ctx->cryp.len = textsize;
+ ctx->cryp.src = (void *) text;
+ ctx->cryp.dst = NULL;
+ ctx->cryp.op = COP_ENCRYPT;
+ ctx->cryp.flags = COP_FLAG_UPDATE;
+ if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+ return 0;
+}
+
+static int
+cryptodev_mac_output (void *_ctx, void *digest, size_t digestsize)
+{
+ struct cryptodev_ctx *ctx = _ctx;
+ ctx->cryp.len = 0;
+ ctx->cryp.src = NULL;
+ ctx->cryp.mac = digest;
+ ctx->cryp.op = COP_ENCRYPT;
+ ctx->cryp.flags = COP_FLAG_FINAL;
+ if (ioctl (ctx->cfd, CIOCCRYPT, &ctx->cryp))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
+ }
+
+ return 0;
+}
+
+#define cryptodev_mac_deinit cryptodev_deinit
+
+static const gnutls_crypto_mac_st mac_struct = {
+ .init = cryptodev_mac_init,
+ .setkey = cryptodev_mac_setkey,
+ .hash = cryptodev_mac_hash,
+ .output = cryptodev_mac_output,
+ .deinit = cryptodev_mac_deinit
+};
+
+static int
+register_mac (int cfd)
+{
+ struct session_op sess;
+ char fake_key[CRYPTO_CIPHER_MAX_KEY_LEN];
+ int i = 0, ret;
+
+ memset (&sess, 0, sizeof (sess));
+ for (i = 0; i < sizeof (gnutls_mac_map) / sizeof (gnutls_mac_map[0]); i++)
+ {
+ if (gnutls_mac_map[i] == 0)
+ continue;
+
+ sess.mac = gnutls_mac_map[i];
+ sess.keylen = 8;
+ sess.key = fake_key;
+
+ if (ioctl (cfd, CIOCGSESSION, &sess))
+ {
+ continue;
+ }
+
+ ioctl (cfd, CIOCFSESSION, &sess);
+
+ _gnutls_debug_log ("/dev/crypto: registering: %s\n",
+ gnutls_mac_get_name (i));
+ ret = gnutls_crypto_single_mac_register (i, 90, &mac_struct);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ }
+
+ return 0;
+}
+
+#else
+static int
+register_mac (int cfd)
+{
+ return 0;
+}
+
+#endif /* defined(CIOCSESSIONCLONE) && defined(COP_FLAG_UPDATE) */
+
+#else /* ENABLE_CRYPTODEV */
+int
+_gnutls_cryptodev_init ()
+{
+ return 0;
+}
+
+void
+_gnutls_cryptodev_deinit ()
+{
+ return;
+}
+#endif /* ENABLE_CRYPTODEV */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "debug.h"
+#include <gnutls_mpi.h>
+
+void
+_gnutls_dump_mpi (const char *prefix, bigint_t a)
+{
+ char buf[400];
+ char buf_hex[2 * sizeof (buf)];
+ size_t n = sizeof buf;
+
+ if (_gnutls_mpi_print (a, buf, &n))
+ strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */
+ _gnutls_debug_log ("MPI: length: %d\n\t%s%s\n", (int) n, prefix,
+ _gnutls_bin2hex (buf, n, buf_hex, sizeof (buf_hex),
+ NULL));
+}
+
+
+const char *
+_gnutls_packet2str (content_type_t packet)
+{
+ switch (packet)
+ {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ return "Change Cipher Spec";
+ case GNUTLS_ALERT:
+ return "Alert";
+ case GNUTLS_HANDSHAKE:
+ return "Handshake";
+ case GNUTLS_APPLICATION_DATA:
+ return "Application Data";
+ case GNUTLS_INNER_APPLICATION:
+ return "Inner Application";
+
+ default:
+ return "Unknown Packet";
+ }
+}
+
+const char *
+_gnutls_handshake2str (gnutls_handshake_description_t handshake)
+{
+
+ switch (handshake)
+ {
+ case GNUTLS_HANDSHAKE_HELLO_REQUEST:
+ return "HELLO REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+ return "CLIENT HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO:
+ return "SERVER HELLO";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ return "CERTIFICATE";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+ return "SERVER KEY EXCHANGE";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+ return "CERTIFICATE REQUEST";
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
+ return "SERVER HELLO DONE";
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ return "CERTIFICATE VERIFY";
+ break;
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ return "CLIENT KEY EXCHANGE";
+ break;
+ case GNUTLS_HANDSHAKE_FINISHED:
+ return "FINISHED";
+ break;
+ case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
+ return "SUPPLEMENTAL";
+ break;
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+ return "NEW SESSION TICKET";
+ break;
+ default:
+ return "Unknown Handshake packet";
+
+ }
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2003, 2004, 2005, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+const char *_gnutls_packet2str (content_type_t packet);
+const char *_gnutls_handshake2str (gnutls_handshake_description_t handshake);
+void _gnutls_dump_mpi (const char *prefix, bigint_t a);
--- /dev/null
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+ '')
+ echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+ depmode Dependency tracking mode.
+ source Source file read by `PROGRAMS ARGS'.
+ object Object file output by `PROGRAMS ARGS'.
+ DEPDIR directory where to store dependencies.
+ depfile Dependency file to output.
+ tmpdepfile Temporary file to use when outputing dependencies.
+ libtool Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "depcomp $scriptversion"
+ exit $?
+ ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+ echo "depcomp: Variables source, object and depmode must be set" 1>&2
+ exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+ sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags. We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write. Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+ # HP compiler uses -M and no extra arg.
+ gccflag=-M
+ depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+ # This is just like dashmstdout with a different argument.
+ dashmflag=-xM
+ depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+ # This is just like msvisualcpp but w/o cygpath translation.
+ # Just convert the backslash-escaped backslashes to single forward
+ # slashes to satisfy depend.m4
+ cygpath_u="sed s,\\\\\\\\,/,g"
+ depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want. Yay! Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff. Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am. Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+ for arg
+ do
+ case $arg in
+ -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+ *) set fnord "$@" "$arg" ;;
+ esac
+ shift # fnord
+ shift # $arg
+ done
+ "$@"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ mv "$tmpdepfile" "$depfile"
+ ;;
+
+gcc)
+## There are various ways to get dependency output from gcc. Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+## up in a subdir. Having to rename by hand is ugly.
+## (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+## -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+## than renaming).
+ if test -z "$gccflag"; then
+ gccflag=-MD,
+ fi
+ "$@" -Wp,"$gccflag$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+ sed -e 's/^[^:]*: / /' \
+ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header). We avoid this by adding
+## dummy dependencies for each header file. Too bad gcc doesn't do
+## this for us directly.
+ tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'. On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+sgi)
+ if test "$libtool" = yes; then
+ "$@" "-Wp,-MDupdate,$tmpdepfile"
+ else
+ "$@" -MDupdate "$tmpdepfile"
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+
+ if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
+ echo "$object : \\" > "$depfile"
+
+ # Clip off the initial element (the dependent). Don't try to be
+ # clever and replace this with sed code, as IRIX sed won't handle
+ # lines with more than a fixed number of characters (4096 in
+ # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
+ # the IRIX cc adds comments like `#:fec' to the end of the
+ # dependency line.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+ tr '
+' ' ' >> "$depfile"
+ echo >> "$depfile"
+
+ # The second pass generates a dummy entry for each header file.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+ >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+aix)
+ # The C for AIX Compiler uses -M and outputs the dependencies
+ # in a .u file. In older versions, this file always lives in the
+ # current directory. Also, the AIX compiler puts `$object:' at the
+ # start of each line; $object doesn't have directory information.
+ # Version 6 uses the directory in both cases.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+ if test "$libtool" = yes; then
+ tmpdepfile1=$dir$base.u
+ tmpdepfile2=$base.u
+ tmpdepfile3=$dir.libs/$base.u
+ "$@" -Wc,-M
+ else
+ tmpdepfile1=$dir$base.u
+ tmpdepfile2=$dir$base.u
+ tmpdepfile3=$dir$base.u
+ "$@" -M
+ fi
+ stat=$?
+
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ # Each line is of the form `foo.o: dependent.h'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a tab and a space in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+icc)
+ # Intel's C compiler understands `-MD -MF file'. However on
+ # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+ # ICC 7.0 will fill foo.d with something like
+ # foo.o: sub/foo.c
+ # foo.o: sub/foo.h
+ # which is wrong. We want:
+ # sub/foo.o: sub/foo.c
+ # sub/foo.o: sub/foo.h
+ # sub/foo.c:
+ # sub/foo.h:
+ # ICC 7.1 will output
+ # foo.o: sub/foo.c sub/foo.h
+ # and will wrap long lines using \ :
+ # foo.o: sub/foo.c ... \
+ # sub/foo.h ... \
+ # ...
+
+ "$@" -MD -MF "$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ # Each line is of the form `foo.o: dependent.h',
+ # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+ # Some versions of the HPUX 10.20 sed can't process this invocation
+ # correctly. Breaking it into two sed invocations is a workaround.
+ sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+ sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp2)
+ # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+ # compilers, which have integrated preprocessors. The correct option
+ # to use with these is +Maked; it writes dependencies to a file named
+ # 'foo.d', which lands next to the object file, wherever that
+ # happens to be.
+ # Much of this is similar to the tru64 case; see comments there.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+ if test "$libtool" = yes; then
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir.libs/$base.d
+ "$@" -Wc,+Maked
+ else
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir$base.d
+ "$@" +Maked
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+ # Add `dependent.h:' lines.
+ sed -ne '2,${
+ s/^ *//
+ s/ \\*$//
+ s/$/:/
+ p
+ }' "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile" "$tmpdepfile2"
+ ;;
+
+tru64)
+ # The Tru64 compiler uses -MD to generate dependencies as a side
+ # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+ # dependencies in `foo.d' instead, so we check for that too.
+ # Subdirectories are respected.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+ if test "$libtool" = yes; then
+ # With Tru64 cc, shared objects can also be used to make a
+ # static library. This mechanism is used in libtool 1.4 series to
+ # handle both shared and static libraries in a single compilation.
+ # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+ #
+ # With libtool 1.5 this exception was removed, and libtool now
+ # generates 2 separate objects for the 2 libraries. These two
+ # compilations output dependencies in $dir.libs/$base.o.d and
+ # in $dir$base.o.d. We have to check for both files, because
+ # one of the two compilations can be disabled. We should prefer
+ # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+ # automatically cleaned when .libs/ is deleted, while ignoring
+ # the former would cause a distcleancheck panic.
+ tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4
+ tmpdepfile2=$dir$base.o.d # libtool 1.5
+ tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5
+ tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504
+ "$@" -Wc,-MD
+ else
+ tmpdepfile1=$dir$base.o.d
+ tmpdepfile2=$dir$base.d
+ tmpdepfile3=$dir$base.d
+ tmpdepfile4=$dir$base.d
+ "$@" -MD
+ fi
+
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a tab and a space in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+#nosideeffect)
+ # This comment above is used by automake to tell side-effect
+ # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout, regardless of -o.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ test -z "$dashmflag" && dashmflag=-M
+ # Require at least two characters before searching for `:'
+ # in the target name. This is to cope with DOS-style filenames:
+ # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+ "$@" $dashmflag |
+ sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+dashXmstdout)
+ # This case only exists to satisfy depend.m4. It is never actually
+ # run, as this mode is specially recognized in the preamble.
+ exit 1
+ ;;
+
+makedepend)
+ "$@" || exit $?
+ # Remove any Libtool call
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+ # X makedepend
+ shift
+ cleared=no eat=no
+ for arg
+ do
+ case $cleared in
+ no)
+ set ""; shift
+ cleared=yes ;;
+ esac
+ if test $eat = yes; then
+ eat=no
+ continue
+ fi
+ case "$arg" in
+ -D*|-I*)
+ set fnord "$@" "$arg"; shift ;;
+ # Strip any option that makedepend may not understand. Remove
+ # the object too, otherwise makedepend will parse it as a source file.
+ -arch)
+ eat=yes ;;
+ -*|$object)
+ ;;
+ *)
+ set fnord "$@" "$arg"; shift ;;
+ esac
+ done
+ obj_suffix=`echo "$object" | sed 's/^.*\././'`
+ touch "$tmpdepfile"
+ ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile" "$tmpdepfile".bak
+ ;;
+
+cpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ "$@" -E |
+ sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+ sed '$ s: \\$::' > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ cat < "$tmpdepfile" >> "$depfile"
+ sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvisualcpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ IFS=" "
+ for arg
+ do
+ case "$arg" in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+ set fnord "$@"
+ shift
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift
+ shift
+ ;;
+ esac
+ done
+ "$@" -E 2>/dev/null |
+ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
+ echo " " >> "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvcmsys)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+none)
+ exec "$@"
+ ;;
+
+*)
+ echo "Unknown depmode $depmode" 1>&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the code the Certificate Type TLS extension.
+ * This extension is currently gnutls specific.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_num.h"
+#include "ext_cert_type.h"
+#include <gnutls_state.h>
+#include <gnutls_num.h>
+
+/* Maps record size to numbers according to the
+ * extensions draft.
+ */
+inline static int _gnutls_num2cert_type (int num);
+inline static int _gnutls_cert_type2num (int record_size);
+static int _gnutls_cert_type_recv_params (gnutls_session_t session,
+ const opaque * data,
+ size_t data_size);
+static int _gnutls_cert_type_send_params (gnutls_session_t session,
+ opaque * data, size_t);
+
+extension_entry_st ext_mod_cert_type = {
+ .name = "CERT TYPE",
+ .type = GNUTLS_EXTENSION_CERT_TYPE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_cert_type_recv_params,
+ .send_func = _gnutls_cert_type_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = NULL
+};
+
+/*
+ * In case of a server: if a CERT_TYPE extension type is received then it stores
+ * into the session security parameters the new value. The server may use gnutls_session_certificate_type_get(),
+ * to access it.
+ *
+ * In case of a client: If a cert_types have been specified then we send the extension.
+ *
+ */
+
+static int
+_gnutls_cert_type_recv_params (gnutls_session_t session,
+ const opaque * data, size_t _data_size)
+{
+ int new_type = -1, ret, i;
+ ssize_t data_size = _data_size;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ if (data_size > 0)
+ {
+ if (data_size != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_type = _gnutls_num2cert_type (data[0]);
+
+ if (new_type < 0)
+ {
+ gnutls_assert ();
+ return new_type;
+ }
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported (session, new_type)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_session_cert_type_set (session, new_type);
+ }
+ }
+ else
+ { /* SERVER SIDE - we must check if the sent cert type is the right one
+ */
+ if (data_size > 1)
+ {
+ uint8_t len;
+
+ DECR_LEN (data_size, 1);
+ len = data[0];
+ DECR_LEN (data_size, len);
+
+ for (i = 0; i < len; i++)
+ {
+ new_type = _gnutls_num2cert_type (data[i + 1]);
+
+ if (new_type < 0)
+ continue;
+
+ /* Check if we support this cert_type */
+ if ((ret =
+ _gnutls_session_cert_type_supported (session,
+ new_type)) < 0)
+ {
+ gnutls_assert ();
+ continue;
+ }
+ else
+ break;
+ /* new_type is ok */
+ }
+
+ if (new_type < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ if ((ret =
+ _gnutls_session_cert_type_supported (session, new_type)) < 0)
+ {
+ gnutls_assert ();
+ /* The peer has requested unsupported certificate
+ * types. Instead of failing, procceed normally.
+ * (the ciphersuite selection would fail, or a
+ * non certificate ciphersuite will be selected).
+ */
+ return 0;
+ }
+
+ _gnutls_session_cert_type_set (session, new_type);
+ }
+
+
+ }
+
+ return 0;
+}
+
+/* returns data_size or a negative number on failure
+ */
+static int
+_gnutls_cert_type_send_params (gnutls_session_t session, opaque * data,
+ size_t data_size)
+{
+ unsigned len, i;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+
+ if (session->internals.priorities.cert_type.algorithms > 0)
+ {
+
+ len = session->internals.priorities.cert_type.algorithms;
+
+ if (len == 1 &&
+ session->internals.priorities.cert_type.priority[0] ==
+ GNUTLS_CRT_X509)
+ {
+ /* We don't use this extension if X.509 certificates
+ * are used.
+ */
+ return 0;
+ }
+
+ if (data_size < len + 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ /* this is a vector!
+ */
+ data[0] = (uint8_t) len;
+
+ for (i = 0; i < len; i++)
+ {
+ data[i + 1] =
+ _gnutls_cert_type2num (session->internals.priorities.
+ cert_type.priority[i]);
+ }
+ return len + 1;
+ }
+
+ }
+ else
+ { /* server side */
+ if (session->security_parameters.cert_type != DEFAULT_CERT_TYPE)
+ {
+ len = 1;
+ if (data_size < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] =
+ _gnutls_cert_type2num (session->security_parameters.cert_type);
+ return len;
+ }
+
+
+ }
+
+ return 0;
+}
+
+/* Maps numbers to record sizes according to the
+ * extensions draft.
+ */
+inline static int
+_gnutls_num2cert_type (int num)
+{
+ switch (num)
+ {
+ case 0:
+ return GNUTLS_CRT_X509;
+ case 1:
+ return GNUTLS_CRT_OPENPGP;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+}
+
+/* Maps record size to numbers according to the
+ * extensions draft.
+ */
+inline static int
+_gnutls_cert_type2num (int cert_type)
+{
+ switch (cert_type)
+ {
+ case GNUTLS_CRT_X509:
+ return 0;
+ case GNUTLS_CRT_OPENPGP:
+ return 1;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef EXT_CERT_TYPE_H
+#define EXT_CERT_TYPE_H
+
+#include <gnutls_extensions.h>
+
+extern extension_entry_st ext_mod_cert_type;
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2004, 2005, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the code for the Max Record Size TLS extension.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_num.h"
+#include <gnutls_extensions.h>
+#include <ext_max_record.h>
+
+static int _gnutls_max_record_recv_params (gnutls_session_t session,
+ const opaque * data,
+ size_t data_size);
+static int _gnutls_max_record_send_params (gnutls_session_t session,
+ opaque * data, size_t);
+
+static int _gnutls_max_record_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_max_record_pack (extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+
+/* Maps record size to numbers according to the
+ * extensions draft.
+ */
+static int _gnutls_mre_num2record (int num);
+static int _gnutls_mre_record2num (uint16_t record_size);
+
+
+extension_entry_st ext_mod_max_record_size = {
+ .name = "MAX RECORD SIZE",
+ .type = GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_max_record_recv_params,
+ .send_func = _gnutls_max_record_send_params,
+ .pack_func = _gnutls_max_record_pack,
+ .unpack_func = _gnutls_max_record_unpack,
+ .deinit_func = NULL
+};
+
+/*
+ * In case of a server: if a MAX_RECORD_SIZE extension type is received then it stores
+ * into the session the new value. The server may use gnutls_get_max_record_size(),
+ * in order to access it.
+ *
+ * In case of a client: If a different max record size (than the default) has
+ * been specified then it sends the extension.
+ *
+ */
+
+static int
+_gnutls_max_record_recv_params (gnutls_session_t session,
+ const opaque * data, size_t _data_size)
+{
+ ssize_t new_size;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ if (data_size > 0)
+ {
+ DECR_LEN (data_size, 1);
+
+ new_size = _gnutls_mre_num2record (data[0]);
+
+ if (new_size < 0)
+ {
+ gnutls_assert ();
+ return new_size;
+ }
+
+ session->security_parameters.max_record_send_size = new_size;
+ session->security_parameters.max_record_recv_size = new_size;
+ }
+ }
+ else
+ { /* CLIENT SIDE - we must check if the sent record size is the right one
+ */
+ if (data_size > 0)
+ {
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (data_size != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ new_size = _gnutls_mre_num2record (data[0]);
+
+ if (new_size < 0 || new_size != epriv.num)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+ else
+ {
+ session->security_parameters.max_record_recv_size = epriv.num;
+ }
+
+ }
+
+
+ }
+
+ return 0;
+}
+
+/* returns data_size or a negative number on failure
+ */
+static int
+_gnutls_max_record_send_params (gnutls_session_t session, opaque * data,
+ size_t data_size)
+{
+ uint16_t len;
+ int ret;
+
+ /* this function sends the client extension data (dnsname) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ &epriv);
+ if (ret < 0) /* it is ok not to have it */
+ {
+ return 0;
+ }
+
+ if (epriv.num != DEFAULT_MAX_RECORD_SIZE)
+ {
+ len = 1;
+ if (data_size < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] = (uint8_t) _gnutls_mre_record2num (epriv.num);
+ return len;
+ }
+
+ }
+ else
+ { /* server side */
+
+ if (session->security_parameters.max_record_recv_size !=
+ DEFAULT_MAX_RECORD_SIZE)
+ {
+ len = 1;
+ if (data_size < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] =
+ (uint8_t)
+ _gnutls_mre_record2num
+ (session->security_parameters.max_record_recv_size);
+ return len;
+ }
+
+
+ }
+
+ return 0;
+}
+
+
+static int
+_gnutls_max_record_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+{
+ int ret;
+
+ BUFFER_APPEND_NUM (ps, epriv.num);
+
+ return 0;
+
+}
+
+static int
+_gnutls_max_record_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
+{
+ extension_priv_data_t epriv;
+ int ret;
+
+ BUFFER_POP_NUM (ps, epriv.num);
+
+ *_priv = epriv;
+
+ ret = 0;
+error:
+ return ret;
+}
+
+
+/* Maps numbers to record sizes according to the
+ * extensions draft.
+ */
+static int
+_gnutls_mre_num2record (int num)
+{
+ switch (num)
+ {
+ case 1:
+ return 512;
+ case 2:
+ return 1024;
+ case 3:
+ return 2048;
+ case 4:
+ return 4096;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+}
+
+/* Maps record size to numbers according to the
+ * extensions draft.
+ */
+static int
+_gnutls_mre_record2num (uint16_t record_size)
+{
+ switch (record_size)
+ {
+ case 512:
+ return 1;
+ case 1024:
+ return 2;
+ case 2048:
+ return 3;
+ case 4096:
+ return 4;
+ default:
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+}
+
+/**
+ * gnutls_record_get_max_size:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get the record size. The maximum record size is negotiated by the
+ * client after the first handshake message.
+ *
+ * Returns: The maximum record packet size in this connection.
+ **/
+size_t
+gnutls_record_get_max_size (gnutls_session_t session)
+{
+ /* Recv will hold the negotiated max record size
+ * always.
+ */
+ return session->security_parameters.max_record_recv_size;
+}
+
+
+/**
+ * gnutls_record_set_max_size:
+ * @session: is a #gnutls_session_t structure.
+ * @size: is the new size
+ *
+ * This function sets the maximum record packet size in this
+ * connection. This property can only be set to clients. The server
+ * may choose not to accept the requested size.
+ *
+ * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and
+ * 4096(=2^12). The requested record size does get in effect
+ * immediately only while sending data. The receive part will take
+ * effect after a successful handshake.
+ *
+ * This function uses a TLS extension called 'max record size'. Not
+ * all TLS implementations use or even understand this extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+ssize_t
+gnutls_record_set_max_size (gnutls_session_t session, size_t size)
+{
+ ssize_t new_size;
+ extension_priv_data_t epriv;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ new_size = _gnutls_mre_record2num (size);
+
+ if (new_size < 0)
+ {
+ gnutls_assert ();
+ return new_size;
+ }
+
+ session->security_parameters.max_record_send_size = size;
+ epriv.num = size;
+
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_MAX_RECORD_SIZE,
+ epriv);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef EXT_MAX_RECORD_H
+#define EXT_MAX_RECORD_H
+
+#include <gnutls_extensions.h>
+
+extern extension_entry_st ext_mod_max_record_size;
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Steve Dispensa (<dispensa@phonefactor.com>)
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <ext_safe_renegotiation.h>
+#include <gnutls_errors.h>
+
+
+static int _gnutls_sr_recv_params (gnutls_session_t state,
+ const opaque * data, size_t data_size);
+static int _gnutls_sr_send_params (gnutls_session_t state,
+ opaque * data, size_t);
+static void _gnutls_sr_deinit_data (extension_priv_data_t priv);
+
+extension_entry_st ext_mod_sr = {
+ .name = "SAFE RENEGOTIATION",
+ .type = GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ .parse_type = GNUTLS_EXT_MANDATORY,
+
+ .recv_func = _gnutls_sr_recv_params,
+ .send_func = _gnutls_sr_send_params,
+ .pack_func = NULL,
+ .unpack_func = NULL,
+ .deinit_func = _gnutls_sr_deinit_data,
+};
+
+int
+_gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir)
+{
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (session->internals.priorities.sr == SR_DISABLED)
+ {
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ priv = epriv.ptr;
+
+ /* Save data for safe renegotiation.
+ */
+ if (vdata_size > MAX_VERIFY_DATA_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((session->security_parameters.entity == GNUTLS_CLIENT && dir == 0) ||
+ (session->security_parameters.entity == GNUTLS_SERVER && dir == 1))
+ {
+ priv->client_verify_data_len = vdata_size;
+ memcpy (priv->client_verify_data, vdata, vdata_size);
+ }
+ else
+ {
+ priv->server_verify_data_len = vdata_size;
+ memcpy (priv->server_verify_data, vdata, vdata_size);
+ }
+
+ return 0;
+}
+
+int
+_gnutls_ext_sr_verify (gnutls_session_t session)
+{
+ int ret;
+ sr_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (session->internals.priorities.sr == SR_DISABLED)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ /* Safe renegotiation */
+
+ if (priv && priv->safe_renegotiation_received)
+ {
+ if ((priv->ri_extension_data_len < priv->client_verify_data_len) ||
+ (memcmp (priv->ri_extension_data,
+ priv->client_verify_data, priv->client_verify_data_len)))
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log ("HSK[%p]: Safe renegotiation failed [1]\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ if ((priv->ri_extension_data_len !=
+ priv->client_verify_data_len + priv->server_verify_data_len) ||
+ memcmp (priv->ri_extension_data + priv->client_verify_data_len,
+ priv->server_verify_data,
+ priv->server_verify_data_len) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [2]\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+ else /* Make sure there are 0 extra bytes */
+ {
+ if (priv->ri_extension_data_len != priv->client_verify_data_len)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Safe renegotiation failed [3]\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+
+ _gnutls_handshake_log ("HSK[%p]: Safe renegotiation succeeded\n",
+ session);
+ }
+ else /* safe renegotiation not received... */
+ {
+ if (priv && priv->connection_using_safe_renegotiation)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Peer previously asked for safe renegotiation\n",
+ session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ /* Clients can't tell if it's an initial negotiation */
+ if (session->internals.initial_negotiation_completed)
+ {
+ if (session->internals.priorities.sr < SR_PARTIAL)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe (re)negotiation\n", session);
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe (re)negotiation\n", session);
+ return GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED;
+ }
+ }
+ else
+ {
+ if (session->internals.priorities.sr < SR_SAFE)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Allowing unsafe initial negotiation\n", session);
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Denying unsafe initial negotiation\n", session);
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+ }
+ }
+
+ return 0;
+}
+
+/* if a server received the special ciphersuite.
+ */
+int
+_gnutls_ext_sr_recv_cs (gnutls_session_t session)
+{
+ int ret, set = 0;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0)
+ {
+ set = 1;
+ }
+ else if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (set != 0)
+ {
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ }
+ else
+ priv = epriv.ptr;
+
+ priv->safe_renegotiation_received = 1;
+ priv->connection_using_safe_renegotiation = 1;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+
+ return 0;
+}
+
+int
+_gnutls_ext_sr_send_cs (gnutls_session_t session)
+{
+ int ret, set = 0;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0)
+ {
+ set = 1;
+ }
+ else if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (set != 0)
+ {
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ }
+ else
+ priv = epriv.ptr;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+
+ return 0;
+}
+
+static int
+_gnutls_sr_recv_params (gnutls_session_t session,
+ const opaque * data, size_t _data_size)
+{
+ int len = data[0];
+ ssize_t data_size = _data_size;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0, ret;
+
+ DECR_LEN (data_size, len + 1 /* count the first byte and payload */ );
+
+ if (session->internals.priorities.sr == SR_DISABLED)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0 && session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ set = 1;
+ }
+ else if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (set != 0)
+ {
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ }
+ else
+ priv = epriv.ptr;
+
+ /* It is not legal to receive this extension on a renegotiation and
+ * not receive it on the initial negotiation.
+ */
+ if (session->internals.initial_negotiation_completed != 0 &&
+ priv->connection_using_safe_renegotiation == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > sizeof (priv->ri_extension_data))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SAFE_RENEGOTIATION_FAILED;
+ }
+
+ if (len > 0)
+ memcpy (priv->ri_extension_data, &data[1], len);
+ priv->ri_extension_data_len = len;
+
+ /* "safe renegotiation received" means on *this* handshake; "connection using
+ * safe renegotiation" means that the initial hello received on the connection
+ * indicated safe renegotiation.
+ */
+ priv->safe_renegotiation_received = 1;
+ priv->connection_using_safe_renegotiation = 1;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION, epriv);
+ return 0;
+}
+
+static int
+_gnutls_sr_send_params (gnutls_session_t session,
+ opaque * data, size_t _data_size)
+{
+ /* The format of this extension is a one-byte length of verify data followed
+ * by the verify data itself. Note that the length byte does not include
+ * itself; IOW, empty verify data is represented as a length of 0. That means
+ * the minimum extension is one byte: 0x00.
+ */
+ ssize_t data_size = _data_size;
+ sr_ext_st *priv;
+ int ret, set = 0;
+ extension_priv_data_t epriv;
+
+ if (session->internals.priorities.sr == SR_DISABLED)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0)
+ {
+ set = 1;
+ }
+
+ if (set != 0)
+ {
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ epriv);
+ }
+ else
+ priv = epriv.ptr;
+
+ data[0] = 0;
+
+ /* Always offer the extension if we're a client */
+ if (priv->connection_using_safe_renegotiation ||
+ session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ DECR_LEN (data_size, 1);
+ data[0] = priv->client_verify_data_len;
+
+ DECR_LEN (data_size, priv->client_verify_data_len);
+
+ if (priv->client_verify_data_len > 0)
+ memcpy (&data[1], priv->client_verify_data,
+ priv->client_verify_data_len);
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ data[0] += priv->server_verify_data_len;
+
+ DECR_LEN (data_size, priv->server_verify_data_len);
+
+ if (priv->server_verify_data_len > 0)
+ memcpy (&data[1 + priv->client_verify_data_len],
+ priv->server_verify_data, priv->server_verify_data_len);
+ }
+ }
+ else
+ return 0;
+
+ return 1 + data[0]; /* don't forget the length byte */
+}
+
+static void
+_gnutls_sr_deinit_data (extension_priv_data_t priv)
+{
+ gnutls_free (priv.ptr);
+}
+
+/**
+ * gnutls_safe_renegotiation_status:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Can be used to check whether safe renegotiation is being used
+ * in the current session.
+ *
+ * Returns: 0 when safe renegotiation is not used and non zero when
+ * safe renegotiation is used.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_safe_renegotiation_status (gnutls_session_t session)
+{
+ int ret;
+ sr_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret = _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ return priv->connection_using_safe_renegotiation;
+}
--- /dev/null
+/*
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Steve Dispensa (<dispensa@phonefactor.com>)
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef EXT_SAFE_RENEGOTIATION_H
+#define EXT_SAFE_RENEGOTIATION_H
+
+#include <gnutls_extensions.h>
+
+typedef struct
+{
+ uint8_t client_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t client_verify_data_len;
+ uint8_t server_verify_data[MAX_VERIFY_DATA_SIZE];
+ size_t server_verify_data_len;
+ uint8_t ri_extension_data[MAX_VERIFY_DATA_SIZE * 2]; /* max signal is 72 bytes in s->c sslv3 */
+ size_t ri_extension_data_len;
+
+ int safe_renegotiation_received:1;
+ int initial_negotiation_completed:1;
+ int connection_using_safe_renegotiation:1;
+} sr_ext_st;
+
+extern extension_entry_st ext_mod_sr;
+
+int _gnutls_ext_sr_finished (gnutls_session_t session, void *vdata,
+ size_t vdata_size, int dir);
+int _gnutls_ext_sr_recv_cs (gnutls_session_t session);
+int _gnutls_ext_sr_verify (gnutls_session_t session);
+int _gnutls_ext_sr_send_cs (gnutls_session_t);
+
+#endif /* EXT_SAFE_RENEGOTIATION_H */
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include "gnutls_num.h"
+#include <ext_server_name.h>
+
+static int _gnutls_server_name_recv_params (gnutls_session_t session,
+ const opaque * data,
+ size_t data_size);
+static int _gnutls_server_name_send_params (gnutls_session_t session,
+ opaque * data, size_t);
+
+static int _gnutls_server_name_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_server_name_pack (extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void _gnutls_server_name_deinit_data (extension_priv_data_t priv);
+
+
+extension_entry_st ext_mod_server_name = {
+ .name = "SERVER NAME",
+ .type = GNUTLS_EXTENSION_SERVER_NAME,
+ .parse_type = GNUTLS_EXT_APPLICATION,
+
+ .recv_func = _gnutls_server_name_recv_params,
+ .send_func = _gnutls_server_name_send_params,
+ .pack_func = _gnutls_server_name_pack,
+ .unpack_func = _gnutls_server_name_unpack,
+ .deinit_func = _gnutls_server_name_deinit_data,
+};
+
+/*
+ * In case of a server: if a NAME_DNS extension type is received then
+ * it stores into the session the value of NAME_DNS. The server may
+ * use gnutls_ext_get_server_name(), in order to access it.
+ *
+ * In case of a client: If a proper NAME_DNS extension type is found
+ * in the session then it sends the extension to the peer.
+ *
+ */
+static int
+_gnutls_server_name_recv_params (gnutls_session_t session,
+ const opaque * data, size_t _data_size)
+{
+ int i;
+ const unsigned char *p;
+ uint16_t len, type;
+ ssize_t data_size = _data_size;
+ int server_names = 0;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ DECR_LENGTH_RET (data_size, 2, 0);
+ len = _gnutls_read_uint16 (data);
+
+ if (len != data_size)
+ {
+ /* This is unexpected packet length, but
+ * just ignore it, for now.
+ */
+ gnutls_assert ();
+ return 0;
+ }
+
+ p = data + 2;
+
+ /* Count all server_names in the packet. */
+ while (data_size > 0)
+ {
+ DECR_LENGTH_RET (data_size, 1, 0);
+ p++;
+
+ DECR_LEN (data_size, 2);
+ len = _gnutls_read_uint16 (p);
+ p += 2;
+
+ if (len > 0)
+ {
+ DECR_LENGTH_RET (data_size, len, 0);
+ server_names++;
+ p += len;
+ }
+ else
+ _gnutls_handshake_log
+ ("HSK[%p]: Received zero size server name (under attack?)\n",
+ session);
+
+ }
+
+ /* we cannot accept more server names.
+ */
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Too many server names received (under attack?)\n",
+ session);
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+ }
+
+ if (server_names == 0)
+ return 0; /* no names found */
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->server_names_size = server_names;
+
+ p = data + 2;
+ for (i = 0; i < server_names; i++)
+ {
+ type = *p;
+ p++;
+
+ len = _gnutls_read_uint16 (p);
+ p += 2;
+
+ switch (type)
+ {
+ case 0: /* NAME_DNS */
+ if (len <= MAX_SERVER_NAME_SIZE)
+ {
+ memcpy (priv->server_names[i].name, p, len);
+ priv->server_names[i].name_length = len;
+ priv->server_names[i].type = GNUTLS_NAME_DNS;
+ break;
+ }
+ }
+
+ /* move to next record */
+ p += len;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
+
+ }
+
+ return 0;
+}
+
+/* returns data_size or a negative number on failure
+ */
+static int
+_gnutls_server_name_send_params (gnutls_session_t session,
+ opaque * data, size_t _data_size)
+{
+ uint16_t len;
+ opaque *p;
+ unsigned i;
+ ssize_t data_size = _data_size;
+ int total_size = 0, ret;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0)
+ return 0;
+
+
+ /* this function sends the client extension data (dnsname)
+ */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ priv = epriv.ptr;
+
+ if (priv->server_names_size == 0)
+ return 0;
+
+ /* uint16_t
+ */
+ total_size = 2;
+ for (i = 0; i < priv->server_names_size; i++)
+ {
+ /* count the total size
+ */
+ len = priv->server_names[i].name_length;
+
+ /* uint8_t + uint16_t + size
+ */
+ total_size += 1 + 2 + len;
+ }
+
+ p = data;
+
+ /* UINT16: write total size of all names
+ */
+ DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER);
+ _gnutls_write_uint16 (total_size - 2, p);
+ p += 2;
+ for (i = 0; i < priv->server_names_size; i++)
+ {
+
+ switch (priv->server_names[i].type)
+ {
+ case GNUTLS_NAME_DNS:
+ len = priv->server_names[i].name_length;
+ if (len == 0)
+ break;
+
+ /* UINT8: type of this extension
+ * UINT16: size of the first name
+ * LEN: the actual server name.
+ */
+ DECR_LENGTH_RET (data_size, len + 3,
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
+
+ *p = 0; /* NAME_DNS type */
+ p++;
+
+ _gnutls_write_uint16 (len, p);
+ p += 2;
+
+ memcpy (p, priv->server_names[i].name, len);
+ p += len;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+ }
+
+ return total_size;
+}
+
+/**
+ * gnutls_server_name_get:
+ * @session: is a #gnutls_session_t structure.
+ * @data: will hold the data
+ * @data_length: will hold the data length. Must hold the maximum size of data.
+ * @type: will hold the server name indicator type
+ * @indx: is the index of the server_name
+ *
+ * This function will allow you to get the name indication (if any), a
+ * client has sent. The name indication may be any of the enumeration
+ * gnutls_server_name_type_t.
+ *
+ * If @type is GNUTLS_NAME_DNS, then this function is to be used by
+ * servers that support virtual hosting, and the data will be a null
+ * terminated UTF-8 string.
+ *
+ * If @data has not enough size to hold the server name
+ * GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and @data_length will
+ * hold the required size.
+ *
+ * @index is used to retrieve more than one server names (if sent by
+ * the client). The first server name has an index of 0, the second 1
+ * and so on. If no name with the given index exists
+ * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_server_name_get (gnutls_session_t session, void *data,
+ size_t * data_length,
+ unsigned int *type, unsigned int indx)
+{
+ char *_data = data;
+ server_name_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ priv = epriv.ptr;
+
+ if (indx + 1 > priv->server_names_size)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ *type = priv->server_names[indx].type;
+
+ if (*data_length > /* greater since we need one extra byte for the null */
+ priv->server_names[indx].name_length)
+ {
+ *data_length = priv->server_names[indx].name_length;
+ memcpy (data, priv->server_names[indx].name, *data_length);
+
+ if (*type == GNUTLS_NAME_DNS) /* null terminate */
+ _data[(*data_length)] = 0;
+
+ }
+ else
+ {
+ *data_length = priv->server_names[indx].name_length;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_server_name_set:
+ * @session: is a #gnutls_session_t structure.
+ * @type: specifies the indicator type
+ * @name: is a string that contains the server name.
+ * @name_length: holds the length of name
+ *
+ * This function is to be used by clients that want to inform (via a
+ * TLS extension mechanism) the server of the name they connected to.
+ * This should be used by clients that connect to servers that do
+ * virtual hosting.
+ *
+ * The value of @name depends on the @type type. In case of
+ * %GNUTLS_NAME_DNS, an ASCII zero-terminated domain name string,
+ * without the trailing dot, is expected. IPv4 or IPv6 addresses are
+ * not permitted.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_server_name_set (gnutls_session_t session,
+ gnutls_server_name_type_t type,
+ const void *name, size_t name_length)
+{
+ int server_names, ret;
+ server_name_ext_st *priv;
+ extension_priv_data_t epriv;
+ int set = 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (name_length > MAX_SERVER_NAME_SIZE)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ &epriv);
+ if (ret < 0)
+ {
+ set = 1;
+ }
+
+ if (set != 0)
+ {
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+ }
+ else
+ priv = epriv.ptr;
+
+ server_names = priv->server_names_size + 1;
+
+ if (server_names > MAX_SERVER_NAME_EXTENSIONS)
+ server_names = MAX_SERVER_NAME_EXTENSIONS;
+
+ priv->server_names[server_names - 1].type = type;
+ memcpy (priv->server_names[server_names - 1].name, name, name_length);
+ priv->server_names[server_names - 1].name_length = name_length;
+
+ priv->server_names_size++;
+
+ if (set != 0)
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SERVER_NAME,
+ epriv);
+
+ return 0;
+}
+
+static void
+_gnutls_server_name_deinit_data (extension_priv_data_t priv)
+{
+ gnutls_free (priv.ptr);
+}
+
+static int
+_gnutls_server_name_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+{
+ server_name_ext_st *priv = epriv.ptr;
+ int i, ret;
+
+ BUFFER_APPEND_NUM (ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++)
+ {
+ BUFFER_APPEND_NUM (ps, priv->server_names[i].type);
+ BUFFER_APPEND_PFX (ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
+ }
+ return 0;
+}
+
+static int
+_gnutls_server_name_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
+{
+ server_name_ext_st *priv;
+ int i, ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM (ps, priv->server_names_size);
+ for (i = 0; i < priv->server_names_size; i++)
+ {
+ BUFFER_POP_NUM (ps, priv->server_names[i].type);
+ BUFFER_POP_NUM (ps, priv->server_names[i].name_length);
+ if (priv->server_names[i].name_length >
+ sizeof (priv->server_names[i].name))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ BUFFER_POP (ps, priv->server_names[i].name,
+ priv->server_names[i].name_length);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+error:
+ gnutls_free (priv);
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef EXT_SERVER_NAME_H
+#define EXT_SERVER_NAME_H
+
+#include <gnutls_extensions.h>
+
+typedef struct
+{
+ opaque name[MAX_SERVER_NAME_SIZE];
+ unsigned name_length;
+ gnutls_server_name_type_t type;
+} server_name_st;
+
+#define MAX_SERVER_NAME_EXTENSIONS 3
+
+typedef struct
+{
+ server_name_st server_names[MAX_SERVER_NAME_EXTENSIONS];
+ /* limit server_name extensions */
+ unsigned server_names_size;
+} server_name_ext_st;
+
+extern extension_entry_st ext_mod_server_name;
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_handshake.h>
+#include <gnutls_num.h>
+#include <gnutls_constate.h>
+#include <gnutls_session_pack.h>
+#include <random.h>
+#include <ext_session_ticket.h>
+#include <gnutls_mbuffers.h>
+#include <gnutls_extensions.h>
+#include <gnutls_constate.h>
+
+#ifdef ENABLE_SESSION_TICKET
+
+#define KEY_NAME_SIZE SESSION_TICKET_KEY_NAME_SIZE
+#define KEY_SIZE SESSION_TICKET_KEY_SIZE
+#define IV_SIZE SESSION_TICKET_IV_SIZE
+#define MAC_SECRET_SIZE SESSION_TICKET_MAC_SECRET_SIZE
+
+#define MAC_SIZE 32
+
+static int session_ticket_recv_params (gnutls_session_t session,
+ const opaque * data, size_t data_size);
+static int session_ticket_send_params (gnutls_session_t session,
+ opaque * data, size_t data_size);
+static int session_ticket_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int session_ticket_pack (extension_priv_data_t _priv,
+ gnutls_buffer_st * ps);
+static void session_ticket_deinit_data (extension_priv_data_t priv);
+
+extension_entry_st ext_mod_session_ticket = {
+ .name = "SESSION TICKET",
+ .type = GNUTLS_EXTENSION_SESSION_TICKET,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = session_ticket_recv_params,
+ .send_func = session_ticket_send_params,
+ .pack_func = session_ticket_pack,
+ .unpack_func = session_ticket_unpack,
+ .deinit_func = session_ticket_deinit_data,
+};
+
+struct gnutls_session_ticket_key_st
+{
+ opaque key_name[SESSION_TICKET_KEY_NAME_SIZE];
+ opaque key[SESSION_TICKET_KEY_SIZE];
+ opaque mac_secret[SESSION_TICKET_MAC_SECRET_SIZE];
+};
+
+typedef struct
+{
+ int session_ticket_enable;
+ int session_ticket_renew;
+ opaque session_ticket_IV[SESSION_TICKET_IV_SIZE];
+
+ opaque *session_ticket;
+ int session_ticket_len;
+
+ struct gnutls_session_ticket_key_st key;
+} session_ticket_ext_st;
+
+struct ticket
+{
+ opaque key_name[KEY_NAME_SIZE];
+ opaque IV[IV_SIZE];
+ opaque *encrypted_state;
+ uint16_t encrypted_state_len;
+ opaque mac[MAC_SIZE];
+};
+
+static int
+digest_ticket (const gnutls_datum_t * key, struct ticket *ticket,
+ opaque * digest)
+{
+ digest_hd_st digest_hd;
+ uint16_t length16;
+ int ret;
+
+ ret = _gnutls_hmac_init (&digest_hd, GNUTLS_MAC_SHA256, key->data,
+ key->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ _gnutls_hmac (&digest_hd, ticket->key_name, KEY_NAME_SIZE);
+ _gnutls_hmac (&digest_hd, ticket->IV, IV_SIZE);
+ length16 = _gnutls_conv_uint16 (ticket->encrypted_state_len);
+ _gnutls_hmac (&digest_hd, &length16, 2);
+ _gnutls_hmac (&digest_hd, ticket->encrypted_state,
+ ticket->encrypted_state_len);
+ _gnutls_hmac_deinit (&digest_hd, digest);
+
+ return 0;
+}
+
+static int
+decrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
+{
+ cipher_hd_st cipher_hd;
+ gnutls_datum_t key, IV, mac_secret, state;
+ opaque final[MAC_SECRET_SIZE];
+ time_t timestamp = time (0);
+ int ret;
+
+ /* Check the integrity of ticket using HMAC-SHA-256. */
+ mac_secret.data = (void *) priv->key.mac_secret;
+ mac_secret.size = MAC_SECRET_SIZE;
+ ret = digest_ticket (&mac_secret, ticket, final);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (memcmp (ticket->mac, final, MAC_SIZE))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ /* Decrypt encrypted_state using 128-bit AES in CBC mode. */
+ key.data = (void *) priv->key.key;
+ key.size = KEY_SIZE;
+ IV.data = ticket->IV;
+ IV.size = IV_SIZE;
+ ret =
+ _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ ret = _gnutls_cipher_decrypt (&cipher_hd, ticket->encrypted_state,
+ ticket->encrypted_state_len);
+ _gnutls_cipher_deinit (&cipher_hd);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Unpack security parameters. */
+ state.data = ticket->encrypted_state;
+ state.size = ticket->encrypted_state_len;
+ ret = _gnutls_session_unpack (session, &state);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (timestamp - session->internals.resumed_security_parameters.timestamp >
+ session->internals.expire_time
+ || session->internals.resumed_security_parameters.timestamp > timestamp)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_EXPIRED;
+ }
+
+ session->internals.resumed = RESUME_TRUE;
+
+ return 0;
+}
+
+static int
+encrypt_ticket (gnutls_session_t session, session_ticket_ext_st * priv,
+ struct ticket *ticket)
+{
+ cipher_hd_st cipher_hd;
+ gnutls_datum_t key, IV, mac_secret, state, encrypted_state;
+ int blocksize;
+ int ret;
+
+ /* Pack security parameters. */
+ ret = _gnutls_session_pack (session, &state);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ blocksize = gnutls_cipher_get_block_size (GNUTLS_CIPHER_AES_128_CBC);
+
+ encrypted_state.size =
+ ((state.size + blocksize - 1) / blocksize) * blocksize;
+ encrypted_state.data = gnutls_malloc (encrypted_state.size);
+ if (!encrypted_state.data)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&state);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memset (encrypted_state.data, 0, encrypted_state.size);
+ memcpy (encrypted_state.data, state.data, state.size);
+ _gnutls_free_datum (&state);
+
+ /* Encrypt state using 128-bit AES in CBC mode. */
+ key.data = (void *) priv->key.key;
+ key.size = KEY_SIZE;
+ IV.data = priv->session_ticket_IV;
+ IV.size = IV_SIZE;
+ ret =
+ _gnutls_cipher_init (&cipher_hd, GNUTLS_CIPHER_AES_128_CBC, &key, &IV);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&encrypted_state);
+ return ret;
+ }
+
+ ret = _gnutls_cipher_encrypt (&cipher_hd, encrypted_state.data,
+ encrypted_state.size);
+ _gnutls_cipher_deinit (&cipher_hd);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&encrypted_state);
+ return ret;
+ }
+
+ /* Fill the ticket structure to compute MAC. */
+ memcpy (ticket->key_name, priv->key.key_name, KEY_NAME_SIZE);
+ memcpy (ticket->IV, IV.data, IV.size);
+ ticket->encrypted_state_len = encrypted_state.size;
+ ticket->encrypted_state = encrypted_state.data;
+
+ mac_secret.data = priv->key.mac_secret;
+ mac_secret.size = MAC_SECRET_SIZE;
+ ret = digest_ticket (&mac_secret, ticket, ticket->mac);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&encrypted_state);
+ return ret;
+ }
+
+ return 0;
+}
+
+static int
+session_ticket_recv_params (gnutls_session_t session,
+ const opaque * data, size_t _data_size)
+{
+ ssize_t data_size = _data_size;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0)
+ {
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_enable)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ struct ticket ticket;
+ const opaque *encrypted_state;
+ int ret;
+
+ /* The client requested a new session ticket. */
+ if (data_size == 0)
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+
+ DECR_LEN (data_size, KEY_NAME_SIZE);
+ memcpy (ticket.key_name, data, KEY_NAME_SIZE);
+ data += KEY_NAME_SIZE;
+
+ /* If the key name of the ticket does not match the one that we
+ hold, issue a new ticket. */
+ if (memcmp (ticket.key_name, priv->key.key_name, KEY_NAME_SIZE))
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+
+ DECR_LEN (data_size, IV_SIZE);
+ memcpy (ticket.IV, data, IV_SIZE);
+ data += IV_SIZE;
+
+ DECR_LEN (data_size, 2);
+ ticket.encrypted_state_len = _gnutls_read_uint16 (data);
+ data += 2;
+
+ encrypted_state = data;
+
+ DECR_LEN (data_size, ticket.encrypted_state_len);
+ data += ticket.encrypted_state_len;
+
+ DECR_LEN (data_size, MAC_SIZE);
+ memcpy (ticket.mac, data, MAC_SIZE);
+
+ ticket.encrypted_state = gnutls_malloc (ticket.encrypted_state_len);
+ if (!ticket.encrypted_state)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy (ticket.encrypted_state, encrypted_state,
+ ticket.encrypted_state_len);
+
+ ret = decrypt_ticket (session, priv, &ticket);
+ gnutls_free (ticket.encrypted_state);
+ if (ret < 0)
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+ }
+ else /* Client */
+ {
+ if (data_size == 0)
+ {
+ priv->session_ticket_renew = 1;
+ return 0;
+ }
+ }
+
+ return 0;
+}
+
+/* returns a positive number if we send the extension data, zero if we
+ do not want to send it, and a negative number on failure.
+ */
+static int
+session_ticket_send_params (gnutls_session_t session,
+ opaque * data, size_t _data_size)
+{
+ ssize_t data_size = _data_size;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ if (priv == NULL || !priv->session_ticket_enable)
+ return 0;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ if (priv && priv->session_ticket_renew)
+ {
+ return GNUTLS_E_INT_RET_0;
+ }
+ }
+ else
+ {
+ ret =
+ _gnutls_ext_get_resumed_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret >= 0)
+ priv = epriv.ptr;
+
+ /* no previous data. Just advertize it */
+ if (ret < 0)
+ return GNUTLS_E_INT_RET_0;
+
+ /* previous data had session tickets disabled. Don't advertize. Ignore. */
+ if (!priv->session_ticket_enable)
+ return 0;
+
+ if (priv->session_ticket_len > 0)
+ {
+ DECR_LENGTH_RET (data_size, priv->session_ticket_len,
+ GNUTLS_E_SHORT_MEMORY_BUFFER);
+ memcpy (data, priv->session_ticket, priv->session_ticket_len);
+
+ return priv->session_ticket_len;
+ }
+ }
+ return 0;
+}
+
+
+static void
+session_ticket_deinit_data (extension_priv_data_t epriv)
+{
+ session_ticket_ext_st *priv = epriv.ptr;
+
+ gnutls_free (priv->session_ticket);
+ gnutls_free (priv);
+}
+
+static int
+session_ticket_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+{
+ session_ticket_ext_st *priv = epriv.ptr;
+ int ret;
+
+ BUFFER_APPEND_PFX (ps, priv->session_ticket, priv->session_ticket_len);
+ BUFFER_APPEND_NUM (ps, priv->session_ticket_enable);
+
+ return 0;
+}
+
+static int
+session_ticket_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
+{
+ session_ticket_ext_st *priv = NULL;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum ticket;
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_DATUM (ps, &ticket);
+ priv->session_ticket = ticket.data;
+ priv->session_ticket_len = ticket.size;
+ BUFFER_POP_NUM (ps, priv->session_ticket_enable);
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+error:
+ gnutls_free (priv);
+ return ret;
+}
+
+
+
+/**
+ * gnutls_session_ticket_key_generate:
+ * @key: is a pointer to a #gnutls_datum_t which will contain a newly
+ * created key.
+ *
+ * Generate a random key to encrypt security parameters within
+ * SessionTicket.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_session_ticket_key_generate (gnutls_datum_t * key)
+{
+ int ret;
+
+ key->size = sizeof (struct gnutls_session_ticket_key_st);
+ key->data = gnutls_malloc (key->size);
+ if (!key->data)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, key->data, key->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (key);
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_session_ticket_enable_client:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Request that the client should attempt session resumption using
+ * SessionTicket.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_session_ticket_enable_client (gnutls_session_t session)
+{
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (!session)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ priv->session_ticket_enable = 1;
+ epriv.ptr = priv;
+
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+
+ return 0;
+}
+
+/**
+ * gnutls_session_ticket_enable_server:
+ * @session: is a #gnutls_session_t structure.
+ * @key: key to encrypt session parameters.
+ *
+ * Request that the server should attempt session resumption using
+ * SessionTicket. @key must be initialized with
+ * gnutls_session_ticket_key_generate().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_session_ticket_enable_server (gnutls_session_t session,
+ const gnutls_datum_t * key)
+{
+ int ret;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ if (!session || !key
+ || key->size != sizeof (struct gnutls_session_ticket_key_st))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ epriv.ptr = priv;
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, priv->session_ticket_IV, IV_SIZE);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ memcpy (&priv->key, key->data, key->size);
+ priv->session_ticket_enable = 1;
+
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET, epriv);
+
+ return 0;
+}
+
+int
+_gnutls_send_new_session_ticket (gnutls_session_t session, int again)
+{
+ mbuffer_st *bufel = NULL;
+ uint8_t *data = NULL, *p;
+ int data_size = 0;
+ int ret;
+ struct ticket ticket;
+ uint16_t ticket_len;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+ uint16_t epoch_saved = session->security_parameters.epoch_write;
+
+ if (again == 0)
+ {
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0)
+ return 0;
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_renew)
+ return 0;
+
+ /* XXX: Temporarily set write algorithms to be used.
+ _gnutls_write_connection_state_init() does this job, but it also
+ triggers encryption, while NewSessionTicket should not be
+ encrypted in the record layer. */
+ ret =
+ _gnutls_epoch_set_keys (session,
+ session->security_parameters.epoch_next);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ session->security_parameters.epoch_write =
+ session->security_parameters.epoch_next;
+
+ ret = encrypt_ticket (session, priv, &ticket);
+ session->security_parameters.epoch_write = epoch_saved;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ticket_len = KEY_NAME_SIZE + IV_SIZE + 2 + ticket.encrypted_state_len
+ + MAC_SIZE;
+
+ bufel =
+ _gnutls_handshake_alloc (4 + 2 + ticket_len, 4 + 2 + ticket_len);
+ if (!bufel)
+ {
+ gnutls_assert ();
+ gnutls_free (ticket.encrypted_state);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ data = _mbuffer_get_udata_ptr (bufel);
+ p = data;
+
+ _gnutls_write_uint32 (session->internals.expire_time, p);
+ p += 4;
+
+ _gnutls_write_uint16 (ticket_len, p);
+ p += 2;
+
+ memcpy (p, ticket.key_name, KEY_NAME_SIZE);
+ p += KEY_NAME_SIZE;
+
+ memcpy (p, ticket.IV, IV_SIZE);
+ p += IV_SIZE;
+
+ _gnutls_write_uint16 (ticket.encrypted_state_len, p);
+ p += 2;
+
+ memcpy (p, ticket.encrypted_state, ticket.encrypted_state_len);
+ gnutls_free (ticket.encrypted_state);
+ p += ticket.encrypted_state_len;
+
+ memcpy (p, ticket.mac, MAC_SIZE);
+ p += MAC_SIZE;
+
+ data_size = p - data;
+ }
+ ret = _gnutls_send_handshake (session, data_size ? bufel : NULL,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET);
+
+ return ret;
+}
+
+int
+_gnutls_recv_new_session_ticket (gnutls_session_t session)
+{
+ uint8_t *data = NULL, *p;
+ int data_size;
+ uint32_t lifetime_hint;
+ uint16_t ticket_len;
+ int ret;
+ session_ticket_ext_st *priv = NULL;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_SESSION_TICKET,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!priv->session_ticket_renew)
+ return 0;
+
+ ret = _gnutls_recv_handshake (session, &data, &data_size,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET,
+ MANDATORY_PACKET);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ p = data;
+ DECR_LENGTH_COM (data_size, 4, goto error);
+ lifetime_hint = _gnutls_read_uint32 (p);
+ p += 4;
+
+ DECR_LENGTH_COM (data_size, 2, goto error);
+ ticket_len = _gnutls_read_uint16 (p);
+ p += 2;
+
+ DECR_LENGTH_COM (data_size, ticket_len, goto error);
+ priv->session_ticket = gnutls_realloc (priv->session_ticket, ticket_len);
+ if (!priv->session_ticket)
+ {
+ gnutls_assert ();
+ gnutls_free (data);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy (priv->session_ticket, p, ticket_len);
+ gnutls_free (data);
+ priv->session_ticket_len = ticket_len;
+
+ /* Discard the current session ID. (RFC5077 3.4) */
+ ret = _gnutls_generate_session_id (session->security_parameters.session_id,
+ &session->
+ security_parameters.session_id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (priv->session_ticket);
+ priv->session_ticket = NULL;
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ return 0;
+
+error:
+ gnutls_free (data);
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Daiki Ueno
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef EXT_SESSION_TICKET_H
+#define EXT_SESSION_TICKET_H
+
+#ifdef ENABLE_SESSION_TICKET
+
+#include <gnutls_extensions.h>
+
+extern extension_entry_st ext_mod_session_ticket;
+
+int _gnutls_send_new_session_ticket (gnutls_session_t session, int again);
+int _gnutls_recv_new_session_ticket (gnutls_session_t session);
+
+#endif
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2002,2003,2004,2005,2009,2010,2011 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the code the Certificate Type TLS extension.
+ * This extension is currently gnutls specific.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_num.h"
+#include <ext_signature.h>
+#include <gnutls_state.h>
+#include <gnutls_num.h>
+#include <gnutls_algorithms.h>
+#include <x509/common.h> /* dsa_q_to_hash */
+#include <gnutls_cert.h>
+
+static int _gnutls_signature_algorithm_recv_params (gnutls_session_t session,
+ const opaque * data,
+ size_t data_size);
+static int _gnutls_signature_algorithm_send_params (gnutls_session_t session,
+ opaque * data, size_t);
+static void signature_algorithms_deinit_data (extension_priv_data_t priv);
+static int signature_algorithms_pack (extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static int signature_algorithms_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+
+extension_entry_st ext_mod_sig = {
+ .name = "SIGNATURE ALGORITHMS",
+ .type = GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_signature_algorithm_recv_params,
+ .send_func = _gnutls_signature_algorithm_send_params,
+ .pack_func = signature_algorithms_pack,
+ .unpack_func = signature_algorithms_unpack,
+ .deinit_func = signature_algorithms_deinit_data,
+};
+
+typedef struct
+{
+ /* TLS 1.2 signature algorithms */
+ gnutls_sign_algorithm_t sign_algorithms[MAX_SIGNATURE_ALGORITHMS];
+ uint16_t sign_algorithms_size;
+} sig_ext_st;
+
+/* generates a SignatureAndHashAlgorithm structure with length as prefix
+ * by using the setup priorities.
+ */
+int
+_gnutls_sign_algorithm_write_params (gnutls_session_t session, opaque * data,
+ size_t max_data_size)
+{
+ opaque *p = data, *len_p;
+ int len, i, j, hash;
+ const sign_algorithm_st *aid;
+
+ if (max_data_size < (session->internals.priorities.sign_algo.algorithms*2) + 2)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ len = 0;
+ len_p = p;
+
+ p += 2;
+
+ for (i = j = 0; j < session->internals.priorities.sign_algo.algorithms; i += 2, j++)
+ {
+ /* In gnutls we keep a state of SHA1 and SHA256 and thus cannot
+ * use anything else.
+ */
+ hash = _gnutls_sign_get_hash_algorithm(session->internals.priorities.sign_algo.priority[j]);
+ if (hash != GNUTLS_DIG_SHA1 && hash != GNUTLS_DIG_SHA256)
+ continue;
+
+ aid =
+ _gnutls_sign_to_tls_aid (session->internals.priorities.
+ sign_algo.priority[j]);
+
+ if (aid == NULL)
+ continue;
+
+ _gnutls_debug_log ("EXT[SIGA]: sent signature algo (%d.%d) %s\n", aid->hash_algorithm,
+ aid->sign_algorithm, gnutls_sign_get_name(session->internals.priorities.sign_algo.priority[j]));
+ *p = aid->hash_algorithm;
+ p++;
+ *p = aid->sign_algorithm;
+ p++;
+ len+=2;
+ }
+
+ _gnutls_write_uint16 (len, len_p);
+
+ return len + 2;
+}
+
+
+/* Parses the Signature Algorithm structure and stores data into
+ * session->security_parameters.extensions.
+ */
+int
+_gnutls_sign_algorithm_parse_data (gnutls_session_t session,
+ const opaque * data, size_t data_size)
+{
+ int sig, i;
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < data_size; i += 2)
+ {
+ sign_algorithm_st aid;
+
+ aid.hash_algorithm = data[i];
+ aid.sign_algorithm = data[i + 1];
+
+ sig = _gnutls_tls_aid_to_sign (&aid);
+
+ _gnutls_debug_log ("EXT[SIGA]: rcvd signature algo (%d.%d) %s\n", aid.hash_algorithm,
+ aid.sign_algorithm, gnutls_sign_get_name(sig));
+
+ if (sig != GNUTLS_SIGN_UNKNOWN)
+ {
+ priv->sign_algorithms[priv->sign_algorithms_size++] = sig;
+ if (priv->sign_algorithms_size == MAX_SIGNATURE_ALGORITHMS)
+ break;
+ }
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS, epriv);
+
+ return 0;
+}
+
+/*
+ * In case of a server: if a SIGNATURE_ALGORITHMS extension type is
+ * received then it stores into the session security parameters the
+ * new value.
+ *
+ * In case of a client: If a signature_algorithms have been specified
+ * then it is an error;
+ */
+
+static int
+_gnutls_signature_algorithm_recv_params (gnutls_session_t session,
+ const opaque * data,
+ size_t _data_size)
+{
+ ssize_t data_size = _data_size;
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ /* nothing for now */
+ gnutls_assert ();
+ /* Although TLS 1.2 mandates that we must not accept reply
+ * to this message, there are good reasons to just ignore it. Check
+ * http://www.ietf.org/mail-archive/web/tls/current/msg03880.html
+ */
+ /* return GNUTLS_E_UNEXPECTED_PACKET; */
+ }
+ else
+ {
+ /* SERVER SIDE - we must check if the sent cert type is the right one
+ */
+ if (data_size > 2)
+ {
+ uint16_t len;
+
+ DECR_LEN (data_size, 2);
+ len = _gnutls_read_uint16 (data);
+ DECR_LEN (data_size, len);
+
+ ret = _gnutls_sign_algorithm_parse_data (session, data + 2, len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ }
+
+ return 0;
+}
+
+/* returns data_size or a negative number on failure
+ */
+static int
+_gnutls_signature_algorithm_send_params (gnutls_session_t session,
+ opaque * data, size_t data_size)
+{
+ int ret;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ /* this function sends the client extension data */
+ if (session->security_parameters.entity == GNUTLS_CLIENT
+ && _gnutls_version_has_selectable_sighash (ver))
+ {
+ if (session->internals.priorities.sign_algo.algorithms > 0)
+ {
+ ret =
+ _gnutls_sign_algorithm_write_params (session, data, data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return ret;
+ }
+ }
+
+ /* if we are here it means we don't send the extension */
+ return 0;
+}
+
+int cert_compatible_with_sig(gnutls_cert* cert, gnutls_protocol_t ver,
+ gnutls_sign_algorithm_t sign)
+{
+ if (cert->subject_pk_algorithm == GNUTLS_PK_DSA)
+ { /* override */
+ int hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
+
+ /* DSA keys over 1024 bits cannot be used with TLS 1.x, x<2 */
+ if (!_gnutls_version_has_selectable_sighash (ver))
+ {
+ if (hash_algo != GNUTLS_DIG_SHA1)
+ return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
+ }
+ else
+ {
+ if (_gnutls_sign_get_hash_algorithm(sign) != hash_algo)
+ return GNUTLS_E_UNWANTED_ALGORITHM;
+ }
+
+ }
+
+ return 0;
+}
+
+/* Returns a requested by the peer signature algorithm that
+ * matches the given public key algorithm. Index can be increased
+ * to return the second choice etc.
+ */
+gnutls_sign_algorithm_t
+_gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_cert* cert)
+{
+ unsigned i;
+ int ret;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ priv = epriv.ptr;
+
+ if (ret < 0 || !_gnutls_version_has_selectable_sighash (ver)
+ || priv->sign_algorithms_size == 0)
+ /* none set, allow SHA-1 only */
+ {
+ return _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, GNUTLS_DIG_SHA1);
+ }
+
+ for (i = 0; i < priv->sign_algorithms_size; i++)
+ {
+ if (_gnutls_sign_get_pk_algorithm (priv->sign_algorithms[i]) == cert->subject_pk_algorithm)
+ {
+ if (cert_compatible_with_sig(cert, ver, priv->sign_algorithms[i]) < 0)
+ continue;
+
+ return priv->sign_algorithms[i];
+ }
+ }
+
+ return GNUTLS_SIGN_UNKNOWN;
+}
+
+
+/* Check if the given signature algorithm is accepted by
+ * the peer. Returns 0 on success or a negative value
+ * on error.
+ */
+int
+_gnutls_session_sign_algo_requested (gnutls_session_t session,
+ gnutls_sign_algorithm_t sig)
+{
+ unsigned i;
+ int ret, hash;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ if (!_gnutls_version_has_selectable_sighash (ver))
+ {
+ return 0;
+ }
+
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ /* extension not received allow SHA1 and SHA256 */
+ hash = _gnutls_sign_get_hash_algorithm (sig);
+ if (hash == GNUTLS_DIG_SHA1 || hash == GNUTLS_DIG_SHA256)
+ return 0;
+ else
+ return ret;
+ }
+ priv = epriv.ptr;
+
+ if (priv->sign_algorithms_size == 0)
+ /* none set, allow all */
+ {
+ return 0;
+ }
+
+ for (i = 0; i < priv->sign_algorithms_size; i++)
+ {
+ if (priv->sign_algorithms[i] == sig)
+ {
+ return 0; /* ok */
+ }
+ }
+
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+}
+
+/* Check if the given signature algorithm is supported.
+ * This means that it is enabled by the priority functions,
+ * and in case of a server a matching certificate exists.
+ */
+int
+_gnutls_session_sign_algo_enabled (gnutls_session_t session,
+ gnutls_sign_algorithm_t sig)
+{
+ unsigned i;
+ int ret;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+ priv = epriv.ptr;
+
+ if (!_gnutls_version_has_selectable_sighash (ver)
+ || priv->sign_algorithms_size == 0)
+ /* none set, allow all */
+ {
+ return 0;
+ }
+
+ for (i = 0; i < session->internals.priorities.sign_algo.algorithms; i++)
+ {
+ if (session->internals.priorities.sign_algo.priority[i] == sig)
+ {
+ return 0; /* ok */
+ }
+ }
+
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+}
+
+static void
+signature_algorithms_deinit_data (extension_priv_data_t priv)
+{
+ gnutls_free (priv.ptr);
+}
+
+static int
+signature_algorithms_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+{
+ sig_ext_st *priv = epriv.ptr;
+ int ret, i;
+
+ BUFFER_APPEND_NUM (ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++)
+ {
+ BUFFER_APPEND_NUM (ps, priv->sign_algorithms[i]);
+ }
+ return 0;
+}
+
+static int
+signature_algorithms_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv)
+{
+ sig_ext_st *priv;
+ int i, ret;
+ extension_priv_data_t epriv;
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_NUM (ps, priv->sign_algorithms_size);
+ for (i = 0; i < priv->sign_algorithms_size; i++)
+ {
+ BUFFER_POP_NUM (ps, priv->sign_algorithms[i]);
+ }
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+error:
+ gnutls_free (priv);
+ return ret;
+}
+
+
+
+/**
+ * gnutls_sign_algorithm_get_requested:
+ * @session: is a #gnutls_session_t structure.
+ * @indx: is an index of the signature algorithm to return
+ * @algo: the returned certificate type will be stored there
+ *
+ * Returns the signature algorithm specified by index that was
+ * requested by the peer. If the specified index has no data available
+ * this function returns %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. If
+ * the negotiated TLS version does not support signature algorithms
+ * then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned even
+ * for the first index. The first index is 0.
+ *
+ * This function is useful in the certificate callback functions
+ * to assist in selecting the correct certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_sign_algorithm_get_requested (gnutls_session_t session,
+ size_t indx,
+ gnutls_sign_algorithm_t * algo)
+{
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ sig_ext_st *priv;
+ extension_priv_data_t epriv;
+ int ret;
+
+ ret =
+ _gnutls_ext_get_session_data (session,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS,
+ &epriv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ priv = epriv.ptr;
+
+ if (!_gnutls_version_has_selectable_sighash (ver)
+ || priv->sign_algorithms_size == 0)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (indx < priv->sign_algorithms_size)
+ {
+ *algo = priv->sign_algorithms[indx];
+ return 0;
+ }
+ else
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* signature algorithms extension
+ */
+#ifndef EXT_SIGNATURE_H
+#define EXT_SIGNATURE_H
+
+#include <gnutls_extensions.h>
+
+extern extension_entry_st ext_mod_sig;
+
+int _gnutls_session_sign_algo_requested (gnutls_session_t session,
+ gnutls_sign_algorithm_t sig);
+gnutls_sign_algorithm_t
+_gnutls_session_get_sign_algo (gnutls_session_t session, gnutls_cert* cert);
+int _gnutls_sign_algorithm_parse_data (gnutls_session_t session,
+ const opaque * data, size_t data_size);
+int _gnutls_sign_algorithm_write_params (gnutls_session_t session,
+ opaque * data, size_t max_data_size);
+int _gnutls_session_sign_algo_enabled (gnutls_session_t session,
+ gnutls_sign_algorithm_t sig);
+int cert_compatible_with_sig(gnutls_cert* cert, gnutls_protocol_t ver,
+ gnutls_sign_algorithm_t sign);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <ext_srp.h>
+
+#ifdef ENABLE_SRP
+
+#include "gnutls_auth.h"
+#include "auth_srp.h"
+#include "gnutls_errors.h"
+#include "gnutls_algorithms.h"
+#include <gnutls_num.h>
+#include <gnutls_extensions.h>
+
+static int _gnutls_srp_unpack (gnutls_buffer_st * ps,
+ extension_priv_data_t * _priv);
+static int _gnutls_srp_pack (extension_priv_data_t epriv,
+ gnutls_buffer_st * ps);
+static void _gnutls_srp_deinit_data (extension_priv_data_t epriv);
+static int _gnutls_srp_recv_params (gnutls_session_t state,
+ const opaque * data, size_t data_size);
+static int _gnutls_srp_send_params (gnutls_session_t state, opaque * data,
+ size_t);
+
+extension_entry_st ext_mod_srp = {
+ .name = "SRP",
+ .type = GNUTLS_EXTENSION_SRP,
+ .parse_type = GNUTLS_EXT_TLS,
+
+ .recv_func = _gnutls_srp_recv_params,
+ .send_func = _gnutls_srp_send_params,
+ .pack_func = _gnutls_srp_pack,
+ .unpack_func = _gnutls_srp_unpack,
+ .deinit_func = _gnutls_srp_deinit_data
+};
+
+
+static int
+_gnutls_srp_recv_params (gnutls_session_t session, const opaque * data,
+ size_t _data_size)
+{
+ uint8_t len;
+ ssize_t data_size = _data_size;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ if (data_size > 0)
+ {
+ len = data[0];
+ DECR_LEN (data_size, len);
+
+ if (MAX_USERNAME_SIZE < len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->username = gnutls_malloc (len + 1);
+ if (priv->username)
+ {
+ memcpy (priv->username, &data[1], len);
+ /* null terminated */
+ priv->username[len] = 0;
+ }
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
+ }
+ }
+ return 0;
+}
+
+/* returns data_size or a negative number on failure
+ * data is allocated locally
+ */
+static int
+_gnutls_srp_send_params (gnutls_session_t session, opaque * data,
+ size_t data_size)
+{
+ unsigned len;
+ extension_priv_data_t epriv;
+ srp_ext_st *priv;
+
+ if (_gnutls_kx_priority (session, GNUTLS_KX_SRP) < 0 &&
+ _gnutls_kx_priority (session, GNUTLS_KX_SRP_DSS) < 0 &&
+ _gnutls_kx_priority (session, GNUTLS_KX_SRP_RSA) < 0)
+ {
+ /* algorithm was not allowed in this session
+ */
+ return 0;
+ }
+
+ /* this function sends the client extension data (username) */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ gnutls_srp_client_credentials_t cred = (gnutls_srp_client_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL);
+
+ if (cred == NULL)
+ return 0;
+
+ if (cred->username != NULL)
+ { /* send username */
+ len = MIN (strlen (cred->username), 255);
+
+ if (data_size < len + 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ data[0] = (uint8_t) len;
+ memcpy (&data[1], cred->username, len);
+ return len + 1;
+ }
+ else if (cred->get_function != NULL)
+ {
+ /* Try the callback
+ */
+ char *username = NULL, *password = NULL;
+
+ if (cred->get_function (session, &username, &password) < 0
+ || username == NULL || password == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ILLEGAL_SRP_USERNAME;
+ }
+
+ len = MIN (strlen (username), 255);
+
+ if (data_size < len + 1)
+ {
+ gnutls_free (username);
+ gnutls_free (password);
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ priv = gnutls_malloc (sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ priv->username = username;
+ priv->password = password;
+
+ epriv.ptr = priv;
+ _gnutls_ext_set_session_data (session, GNUTLS_EXTENSION_SRP, epriv);
+
+ data[0] = (uint8_t) len;
+ memcpy (&data[1], username, len);
+ return len + 1;
+ }
+ }
+ return 0;
+}
+
+static void
+_gnutls_srp_deinit_data (extension_priv_data_t epriv)
+{
+ srp_ext_st *priv = epriv.ptr;
+
+ gnutls_free (priv->username);
+ gnutls_free (priv->password);
+ gnutls_free (priv);
+}
+
+static int
+_gnutls_srp_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps)
+{
+ srp_ext_st *priv = epriv.ptr;
+ int ret;
+ int password_len = 0, username_len = 0;
+
+ if (priv->username)
+ username_len = strlen (priv->username);
+
+ if (priv->password)
+ password_len = strlen (priv->password);
+
+ BUFFER_APPEND_PFX (ps, priv->username, username_len);
+ BUFFER_APPEND_PFX (ps, priv->password, password_len);
+
+ return 0;
+}
+
+static int
+_gnutls_srp_unpack (gnutls_buffer_st * ps, extension_priv_data_t * _priv)
+{
+ srp_ext_st *priv;
+ int ret;
+ extension_priv_data_t epriv;
+ gnutls_datum username = { NULL, 0 }, password =
+ {
+ NULL, 0};
+
+ priv = gnutls_calloc (1, sizeof (*priv));
+ if (priv == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ BUFFER_POP_DATUM (ps, &username);
+ BUFFER_POP_DATUM (ps, &password);
+
+ priv->username = username.data;
+ priv->password = password.data;
+
+ epriv.ptr = priv;
+ *_priv = epriv;
+
+ return 0;
+
+error:
+ _gnutls_free_datum (&username);
+ _gnutls_free_datum (&password);
+ return ret;
+}
+
+
+#endif /* ENABLE_SRP */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef EXT_SRP_H
+#define EXT_SRP_H
+
+#include <gnutls_extensions.h>
+
+#ifdef ENABLE_SRP
+
+#define IS_SRP_KX(kx) ((kx == GNUTLS_KX_SRP || (kx == GNUTLS_KX_SRP_RSA) || \
+ kx == GNUTLS_KX_SRP_DSS)?1:0)
+
+extern extension_entry_st ext_mod_srp;
+
+typedef struct
+{
+ char *username;
+ char *password;
+} srp_ext_st;
+
+#endif
+
+#endif
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+# Foundation, Inc.
+#
+# Author: Nikos Mavroyanopoulos
+#
+# This file is part of GNUTLS.
+#
+# The GNUTLS library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GNUTLS library is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNUTLS library; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = \
+ -I$(srcdir)/../gl \
+ -I$(builddir)/../gl \
+ -I$(srcdir)/../includes \
+ -I$(builddir)/../includes \
+ -I$(srcdir)/..
+
+if ENABLE_MINITASN1
+AM_CPPFLAGS += -I$(srcdir)/../minitasn1
+endif
+
+noinst_LTLIBRARIES = libcrypto.la
+
+libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+# Foundation, Inc.
+#
+# Author: Nikos Mavroyanopoulos
+#
+# This file is part of GNUTLS.
+#
+# The GNUTLS library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GNUTLS library is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNUTLS library; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@ENABLE_MINITASN1_TRUE@am__append_1 = -I$(srcdir)/../minitasn1
+subdir = gcrypt
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libcrypto_la_LIBADD =
+am_libcrypto_la_OBJECTS = pk.lo mpi.lo mac.lo cipher.lo rnd.lo init.lo
+libcrypto_la_OBJECTS = $(am_libcrypto_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libcrypto_la_SOURCES)
+DIST_SOURCES = $(libcrypto_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = -I$(srcdir)/../gl -I$(builddir)/../gl \
+ -I$(srcdir)/../includes -I$(builddir)/../includes \
+ -I$(srcdir)/.. $(am__append_1)
+noinst_LTLIBRARIES = libcrypto.la
+libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign gcrypt/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign gcrypt/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libcrypto.la: $(libcrypto_la_OBJECTS) $(libcrypto_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(libcrypto_la_OBJECTS) $(libcrypto_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pk.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rnd.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here lie everything that has to do with large numbers, libgcrypt and
+ * other stuff that didn't fit anywhere else.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_cipher_int.h>
+#include <gcrypt.h>
+
+/* Functions that refer to the libgcrypt library.
+ */
+
+static int
+wrap_gcry_cipher_init (gnutls_cipher_algorithm_t algo, void **ctx)
+{
+ int err;
+
+ switch (algo)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES128,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+
+ case GNUTLS_CIPHER_AES_192_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES192,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+
+ case GNUTLS_CIPHER_AES_256_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_AES256,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+
+ case GNUTLS_CIPHER_3DES_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_3DES,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+
+ case GNUTLS_CIPHER_DES_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_DES,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_ARCFOUR,
+ GCRY_CIPHER_MODE_STREAM, 0);
+ break;
+
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_RFC2268_40,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+
+#ifdef ENABLE_CAMELLIA
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA128,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ err =
+ gcry_cipher_open ((gcry_cipher_hd_t *) ctx, GCRY_CIPHER_CAMELLIA256,
+ GCRY_CIPHER_MODE_CBC, 0);
+ break;
+#endif
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (err == 0)
+ return 0;
+
+ gnutls_assert ();
+ return GNUTLS_E_ENCRYPTION_FAILED;
+}
+
+static int
+wrap_gcry_cipher_setkey (void *ctx, const void *key, size_t keysize)
+{
+ gcry_cipher_setkey (ctx, key, keysize);
+ return 0;
+}
+
+static int
+wrap_gcry_cipher_setiv (void *ctx, const void *iv, size_t ivsize)
+{
+ gcry_cipher_setiv (ctx, iv, ivsize);
+ return 0;
+}
+
+static int
+wrap_gcry_cipher_decrypt (void *ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize)
+{
+ int err;
+
+ err = gcry_cipher_decrypt (ctx, plain, plainsize, encr, encrsize);
+ if (err == 0)
+ return 0;
+
+ gnutls_assert ();
+ return GNUTLS_E_ENCRYPTION_FAILED;
+}
+
+static int
+wrap_gcry_cipher_encrypt (void *ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize)
+{
+ int err;
+
+ err = gcry_cipher_encrypt (ctx, encr, encrsize, plain, plainsize);
+ if (err == 0)
+ return 0;
+
+ gnutls_assert ();
+ return GNUTLS_E_ENCRYPTION_FAILED;
+}
+
+static void
+wrap_gcry_cipher_close (void *h)
+{
+ gcry_cipher_close (h);
+}
+
+
+gnutls_crypto_cipher_st _gnutls_cipher_ops = {
+ .init = wrap_gcry_cipher_init,
+ .setkey = wrap_gcry_cipher_setkey,
+ .setiv = wrap_gcry_cipher_setiv,
+ .encrypt = wrap_gcry_cipher_encrypt,
+ .decrypt = wrap_gcry_cipher_decrypt,
+ .deinit = wrap_gcry_cipher_close,
+};
--- /dev/null
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gcrypt.h>
+#include <locks.h>
+
+#define GNUTLS_MIN_LIBGCRYPT_VERSION "1.2.4"
+
+/* Functions that refer to the initialization of the libgcrypt library.
+ */
+
+static struct gcry_thread_cbs gct = {
+ .option = (GCRY_THREAD_OPTION_PTHREAD | (GCRY_THREAD_OPTION_VERSION << 8)),
+ .init = NULL,
+ .select = NULL,
+ .waitpid = NULL,
+ .accept = NULL,
+ .connect = NULL,
+ .sendmsg = NULL,
+ .recvmsg = NULL,
+};
+
+int
+gnutls_crypto_init (void)
+{
+ /* Initialize libgcrypt if it hasn't already been initialized. */
+ if (gcry_control (GCRYCTL_ANY_INITIALIZATION_P) == 0)
+ {
+ const char *p;
+
+ if (gnutls_mutex_init != NULL)
+ {
+ gct.mutex_init = gnutls_mutex_init;
+ gct.mutex_destroy = gnutls_mutex_deinit;
+ gct.mutex_lock = gnutls_mutex_lock;
+ gct.mutex_unlock = gnutls_mutex_unlock;
+
+ gcry_control (GCRYCTL_SET_THREAD_CBS, &gct);
+ }
+
+ p = gcry_check_version (GNUTLS_MIN_LIBGCRYPT_VERSION);
+
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Checking for libgcrypt failed: %s < %s\n",
+ gcry_check_version (NULL),
+ GNUTLS_MIN_LIBGCRYPT_VERSION);
+ return GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY;
+ }
+
+ /* for gcrypt in order to be able to allocate memory */
+ gcry_control (GCRYCTL_DISABLE_SECMEM, NULL, 0);
+
+ gcry_control (GCRYCTL_INITIALIZATION_FINISHED, NULL, 0);
+
+ gcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file provides is the backend hash/mac API for libgcrypt.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_hash_int.h>
+#include <gnutls_errors.h>
+#include <gcrypt.h>
+
+static int
+wrap_gcry_mac_init (gnutls_mac_algorithm_t algo, void **ctx)
+{
+ int err;
+ unsigned int flags = GCRY_MD_FLAG_HMAC;
+
+ switch (algo)
+ {
+ case GNUTLS_MAC_MD5:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD5, flags);
+ break;
+ case GNUTLS_MAC_SHA1:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA1, flags);
+ break;
+ case GNUTLS_MAC_RMD160:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_RMD160, flags);
+ break;
+ case GNUTLS_MAC_MD2:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD2, flags);
+ break;
+ case GNUTLS_MAC_SHA256:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA256, flags);
+ break;
+ case GNUTLS_MAC_SHA384:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA384, flags);
+ break;
+ case GNUTLS_MAC_SHA512:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA512, flags);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (err == 0)
+ return 0;
+
+ gnutls_assert ();
+ return GNUTLS_E_ENCRYPTION_FAILED;
+}
+
+static int
+wrap_gcry_md_setkey (void *ctx, const void *key, size_t keylen)
+{
+ return gcry_md_setkey ((gcry_md_hd_t) ctx, key, keylen);
+}
+
+static int
+wrap_gcry_md_write (void *ctx, const void *text, size_t textsize)
+{
+ gcry_md_write (ctx, text, textsize);
+ return GNUTLS_E_SUCCESS;
+}
+
+static int
+wrap_gcry_md_copy (void **bhd, void *ahd)
+{
+ return gcry_md_copy ((gcry_md_hd_t *) bhd, (gcry_md_hd_t) ahd);
+}
+
+static void
+wrap_gcry_md_close (void *hd)
+{
+ gcry_md_close (hd);
+}
+
+static int
+wrap_gcry_hash_init (gnutls_mac_algorithm_t algo, void **ctx)
+{
+ int err;
+ unsigned int flags = 0;
+
+ switch (algo)
+ {
+ case GNUTLS_DIG_MD5:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD5, flags);
+ break;
+ case GNUTLS_DIG_SHA1:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA1, flags);
+ break;
+ case GNUTLS_DIG_RMD160:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_RMD160, flags);
+ break;
+ case GNUTLS_DIG_MD2:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_MD2, flags);
+ break;
+ case GNUTLS_DIG_SHA256:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA256, flags);
+ break;
+ case GNUTLS_DIG_SHA224:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA224, flags);
+ break;
+ case GNUTLS_DIG_SHA384:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA384, flags);
+ break;
+ case GNUTLS_DIG_SHA512:
+ err = gcry_md_open ((gcry_md_hd_t *) ctx, GCRY_MD_SHA512, flags);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (err == 0)
+ return 0;
+
+ gnutls_assert ();
+ return GNUTLS_E_ENCRYPTION_FAILED;
+}
+
+static int
+wrap_gcry_mac_output (void *src_ctx, void *digest, size_t digestsize)
+{
+ opaque *_digest = gcry_md_read (src_ctx, 0);
+
+ if (_digest != NULL)
+ {
+ unsigned int len = gcry_md_get_algo_dlen (gcry_md_get_algo (src_ctx));
+
+ if (len <= digestsize && digest != NULL)
+ memcpy (digest, _digest, len);
+
+ return 0;
+ }
+
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+}
+
+
+gnutls_crypto_mac_st _gnutls_mac_ops = {
+ .init = wrap_gcry_mac_init,
+ .setkey = wrap_gcry_md_setkey,
+ .hash = wrap_gcry_md_write,
+ .output = wrap_gcry_mac_output,
+ .deinit = wrap_gcry_md_close,
+};
+
+gnutls_crypto_digest_st _gnutls_digest_ops = {
+ .init = wrap_gcry_hash_init,
+ .hash = wrap_gcry_md_write,
+ .copy = wrap_gcry_md_copy,
+ .output = wrap_gcry_mac_output,
+ .deinit = wrap_gcry_md_close,
+};
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here lie everything that has to do with large numbers, libgcrypt and
+ * other stuff that didn't fit anywhere else.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <gnutls_mpi.h>
+#include <gcrypt.h>
+
+/* Functions that refer to the libgcrypt library.
+ */
+
+static inline int
+_format_conv (gnutls_bigint_format_t format)
+{
+ if (format == GNUTLS_MPI_FORMAT_USG)
+ return GCRYMPI_FMT_USG;
+ else if (format == GNUTLS_MPI_FORMAT_STD)
+ return GCRYMPI_FMT_STD;
+ else
+ return GCRYMPI_FMT_PGP;
+}
+
+/* returns zero on success
+ */
+static bigint_t
+wrap_gcry_mpi_scan (const void *buffer, size_t nbytes,
+ gnutls_bigint_format_t format)
+{
+ gcry_mpi_t ret_mpi = NULL;
+ int ret;
+
+ ret = gcry_mpi_scan (&ret_mpi, _format_conv (format), buffer, nbytes, NULL);
+ if (ret != 0)
+ return NULL;
+
+ return ret_mpi;
+}
+
+static int
+wrap_gcry_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
+ gnutls_bigint_format_t format)
+{
+ int ret;
+ size_t init_bytes = *nbytes;
+
+ format = _format_conv (format);
+
+ if (nbytes == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ ret = gcry_mpi_print (format, buffer, *nbytes, nbytes, a);
+ if (!ret)
+ {
+ if (buffer == NULL || init_bytes < *nbytes)
+ {
+
+ /* in STD format we may want to include
+ * an extra byte for zero. Sometimes the gcry_
+ * function doesn't add it.
+ */
+ if (format == GNUTLS_MPI_FORMAT_STD)
+ (*nbytes)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ return 0;
+ }
+
+ return GNUTLS_E_MPI_PRINT_FAILED;
+}
+
+static bigint_t
+wrap_gcry_mpi_new (int nbits)
+{
+ return gcry_mpi_new (nbits);
+}
+
+static int
+wrap_gcry_mpi_cmp (const bigint_t u, const bigint_t v)
+{
+ return gcry_mpi_cmp (u, v);
+}
+
+static int
+wrap_gcry_mpi_cmp_ui (const bigint_t u, unsigned long v)
+{
+ return gcry_mpi_cmp_ui (u, v);
+}
+
+static bigint_t
+wrap_gcry_mpi_set (bigint_t w, const bigint_t u)
+{
+ return gcry_mpi_set (w, u);
+}
+
+static bigint_t
+wrap_gcry_mpi_set_ui (bigint_t w, unsigned long u)
+{
+ return gcry_mpi_set_ui (w, u);
+}
+
+static unsigned int
+wrap_gcry_mpi_get_nbits (bigint_t a)
+{
+ return gcry_mpi_get_nbits (a);
+}
+
+static void
+wrap_gcry_mpi_release (bigint_t a)
+{
+ gcry_mpi_release (a);
+}
+
+#undef _gnutls_mpi_alloc_like
+#define _gnutls_mpi_alloc_like(x) gcry_mpi_new(gcry_mpi_get_nbits(x))
+
+static bigint_t
+wrap_gcry_mpi_mod (const bigint_t a, const bigint_t b)
+{
+ bigint_t r = _gnutls_mpi_alloc_like (b);
+
+ if (r == NULL)
+ return NULL;
+
+ gcry_mpi_mod (r, a, b);
+
+ return r;
+}
+
+static bigint_t
+wrap_gcry_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (m);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_powm (w, b, e, m);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (m);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_addm (w, a, b, m);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (m);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_subm (w, a, b, m);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (m);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_mulm (w, a, b, m);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_add (bigint_t w, const bigint_t a, const bigint_t b)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (b);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_add (w, a, b);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (b);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_sub (w, a, b);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (b);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_mul (w, a, b);
+
+ return w;
+}
+
+/* q = a / b */
+static bigint_t
+wrap_gcry_mpi_div (bigint_t q, const bigint_t a, const bigint_t b)
+{
+ if (q == NULL)
+ q = _gnutls_mpi_alloc_like (a);
+
+ if (q == NULL)
+ return NULL;
+
+ gcry_mpi_div (q, NULL, a, b, 0);
+
+ return q;
+}
+
+static bigint_t
+wrap_gcry_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (a);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_add_ui (w, a, b);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (a);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_sub_ui (w, a, b);
+
+ return w;
+}
+
+static bigint_t
+wrap_gcry_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b)
+{
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (a);
+
+ if (w == NULL)
+ return NULL;
+
+ gcry_mpi_mul_ui (w, a, b);
+
+ return w;
+}
+
+static int
+wrap_gcry_prime_check (bigint_t pp)
+{
+ return gcry_prime_check (pp, 0);
+}
+
+static int
+wrap_gcry_generate_group (gnutls_group_st * group, unsigned int bits)
+{
+ gcry_mpi_t g = NULL, prime = NULL;
+ gcry_error_t err;
+ int times = 0, qbits;
+ gcry_mpi_t *factors = NULL;
+
+ /* Calculate the size of a prime factor of (prime-1)/2.
+ * This is an emulation of the values in "Selecting Cryptographic Key Sizes" paper.
+ */
+ if (bits < 256)
+ qbits = bits / 2;
+ else
+ {
+ qbits = (bits / 40) + 105;
+ }
+
+ if (qbits & 1) /* better have an even number */
+ qbits++;
+
+ /* find a prime number of size bits.
+ */
+ do
+ {
+ if (times)
+ {
+ gcry_mpi_release (prime);
+ gcry_prime_release_factors (factors);
+ }
+
+ err = gcry_prime_generate (&prime, bits, qbits, &factors,
+ NULL, NULL, GCRY_STRONG_RANDOM,
+ GCRY_PRIME_FLAG_SPECIAL_FACTOR);
+ if (err != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ err = gcry_prime_check (prime, 0);
+
+ times++;
+ }
+ while (err != 0 && times < 10);
+
+ if (err != 0)
+ {
+ gnutls_assert ();
+ gcry_mpi_release (prime);
+ gcry_prime_release_factors (factors);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* generate the group generator.
+ */
+ err = gcry_prime_group_generator (&g, prime, factors, NULL);
+ gcry_prime_release_factors (factors);
+ if (err != 0)
+ {
+ gnutls_assert ();
+ gcry_mpi_release (prime);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ group->g = g;
+ group->p = prime;
+
+ return 0;
+}
+
+int crypto_bigint_prio = INT_MAX;
+
+gnutls_crypto_bigint_st _gnutls_mpi_ops = {
+ .bigint_new = wrap_gcry_mpi_new,
+ .bigint_cmp = wrap_gcry_mpi_cmp,
+ .bigint_cmp_ui = wrap_gcry_mpi_cmp_ui,
+ .bigint_mod = wrap_gcry_mpi_mod,
+ .bigint_set = wrap_gcry_mpi_set,
+ .bigint_set_ui = wrap_gcry_mpi_set_ui,
+ .bigint_get_nbits = wrap_gcry_mpi_get_nbits,
+ .bigint_powm = wrap_gcry_mpi_powm,
+ .bigint_addm = wrap_gcry_mpi_addm,
+ .bigint_subm = wrap_gcry_mpi_subm,
+ .bigint_add = wrap_gcry_mpi_add,
+ .bigint_sub = wrap_gcry_mpi_sub,
+ .bigint_add_ui = wrap_gcry_mpi_add_ui,
+ .bigint_sub_ui = wrap_gcry_mpi_sub_ui,
+ .bigint_mul = wrap_gcry_mpi_mul,
+ .bigint_mulm = wrap_gcry_mpi_mulm,
+ .bigint_mul_ui = wrap_gcry_mpi_mul_ui,
+ .bigint_div = wrap_gcry_mpi_div,
+ .bigint_prime_check = wrap_gcry_prime_check,
+ .bigint_release = wrap_gcry_mpi_release,
+ .bigint_print = wrap_gcry_mpi_print,
+ .bigint_scan = wrap_gcry_mpi_scan,
+ .bigint_generate_group = wrap_gcry_generate_group
+};
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the functions needed for RSA/DSA public key
+ * encryption and signatures.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_mpi.h>
+#include <gnutls_pk.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_num.h>
+#include <x509/x509_int.h>
+#include <x509/common.h>
+#include <random.h>
+#include <gnutls_pk.h>
+#include <gcrypt.h>
+
+/* this is based on code from old versions of libgcrypt (centuries ago)
+ */
+
+int (*generate) (gnutls_pk_algorithm_t, unsigned int level /*bits */ ,
+ gnutls_pk_params_st *);
+
+static int
+_wrap_gcry_pk_encrypt (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pk_params)
+{
+ gcry_sexp_t s_ciph = NULL, s_data = NULL, s_pkey = NULL;
+ int rc = -1;
+ int ret;
+ bigint_t data, res;
+ gcry_sexp_t list;
+
+ if (_gnutls_mpi_scan_nz (&data, plaintext->data, plaintext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ if (pk_params->params_nr >= 2)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pk_params->params[0], pk_params->params[1]);
+ break;
+
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_data, NULL, "%m", data))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ /* pass it to libgcrypt */
+ rc = gcry_pk_encrypt (&s_ciph, s_data, s_pkey);
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_ENCRYPTION_FAILED;
+ goto cleanup;
+ }
+
+ list = gcry_sexp_find_token (s_ciph, "a", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ res = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+ if (res == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint_size (res, ciphertext, plaintext->size);
+ _gnutls_mpi_release (&res);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_mpi_release (&data);
+ if (s_ciph)
+ gcry_sexp_release (s_ciph);
+ if (s_data)
+ gcry_sexp_release (s_data);
+ if (s_pkey)
+ gcry_sexp_release (s_pkey);
+
+ return ret;
+}
+
+static int
+_wrap_gcry_pk_decrypt (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * pk_params)
+{
+ gcry_sexp_t s_plain = NULL, s_data = NULL, s_pkey = NULL;
+ int rc = -1;
+ int ret;
+ bigint_t data, res;
+
+ if (_gnutls_mpi_scan_nz (&data, ciphertext->data, ciphertext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ if (pk_params->params_nr >= 6)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3],
+ pk_params->params[4], pk_params->params[5]);
+ break;
+
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_data, NULL, "(enc-val(rsa(a%m)))", data))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ /* pass it to libgcrypt */
+ rc = gcry_pk_decrypt (&s_plain, s_data, s_pkey);
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_DECRYPTION_FAILED;
+ goto cleanup;
+ }
+
+ res = gcry_sexp_nth_mpi (s_plain, 0, 0);
+ if (res == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint_size (res, plaintext, ciphertext->size);
+ _gnutls_mpi_release (&res);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_mpi_release (&data);
+ if (s_plain)
+ gcry_sexp_release (s_plain);
+ if (s_data)
+ gcry_sexp_release (s_data);
+ if (s_pkey)
+ gcry_sexp_release (s_pkey);
+
+ return ret;
+
+}
+
+
+/* in case of DSA puts into data, r,s
+ */
+static int
+_wrap_gcry_pk_sign (gnutls_pk_algorithm_t algo, gnutls_datum_t * signature,
+ const gnutls_datum_t * vdata,
+ const gnutls_pk_params_st * pk_params)
+{
+ gcry_sexp_t s_hash = NULL, s_key = NULL, s_sig = NULL;
+ gcry_sexp_t list = NULL;
+ int rc = -1, ret;
+ bigint_t hash;
+ bigint_t res[2] = { NULL, NULL };
+
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_DSA:
+ if (pk_params->params_nr >= 5)
+ rc = gcry_sexp_build (&s_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3],
+ pk_params->params[4]);
+ else
+ {
+ gnutls_assert ();
+ }
+
+ break;
+ case GNUTLS_PK_RSA:
+ if (pk_params->params_nr >= 6)
+ rc = gcry_sexp_build (&s_key, NULL,
+ "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3],
+ pk_params->params[4], pk_params->params[5]);
+ else
+ {
+ gnutls_assert ();
+ }
+ break;
+
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+
+ /* pass it to libgcrypt */
+ rc = gcry_pk_sign (&s_sig, s_hash, s_key);
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto cleanup;
+ }
+
+ ret = GNUTLS_E_INTERNAL_ERROR;
+
+ switch (algo)
+ {
+ case GNUTLS_PK_DSA:
+ {
+ list = gcry_sexp_find_token (s_sig, "r", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ res[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (s_sig, "s", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ res[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ ret = _gnutls_encode_ber_rs (signature, res[0], res[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ break;
+
+ case GNUTLS_PK_RSA:
+ {
+ list = gcry_sexp_find_token (s_sig, "s", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ res[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ ret = _gnutls_mpi_dprint (res[0], signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ break;
+
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_mpi_release (&hash);
+ if (res[0])
+ _gnutls_mpi_release (&res[0]);
+ if (res[1])
+ _gnutls_mpi_release (&res[1]);
+ if (s_sig)
+ gcry_sexp_release (s_sig);
+ if (s_hash)
+ gcry_sexp_release (s_hash);
+ if (s_key)
+ gcry_sexp_release (s_key);
+
+ return ret;
+}
+
+static int
+_wrap_gcry_pk_verify (gnutls_pk_algorithm_t algo,
+ const gnutls_datum_t * vdata,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pk_params)
+{
+ gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
+ int rc = -1, ret;
+ bigint_t hash;
+ bigint_t tmp[2] = { NULL, NULL };
+
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_DSA:
+ if (pk_params->params_nr >= 4)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ pk_params->params[0], pk_params->params[1],
+ pk_params->params[2], pk_params->params[3]);
+ break;
+ case GNUTLS_PK_RSA:
+ if (pk_params->params_nr >= 2)
+ rc = gcry_sexp_build (&s_pkey, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ pk_params->params[0], pk_params->params[1]);
+ break;
+
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ /* put the data into a simple list */
+ if (gcry_sexp_build (&s_hash, NULL, "%m", hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ switch (algo)
+ {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ rc = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(dsa(r%m)(s%m)))", tmp[0], tmp[1]);
+ _gnutls_mpi_release (&tmp[0]);
+ _gnutls_mpi_release (&tmp[1]);
+ break;
+
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ rc = gcry_sexp_build (&s_sig, NULL, "(sig-val(rsa(s%m)))", tmp[0]);
+ _gnutls_mpi_release (&tmp[0]);
+ break;
+
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ rc = gcry_pk_verify (s_sig, s_hash, s_pkey);
+
+ if (rc != 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_mpi_release (&hash);
+ if (s_sig)
+ gcry_sexp_release (s_sig);
+ if (s_hash)
+ gcry_sexp_release (s_hash);
+ if (s_pkey)
+ gcry_sexp_release (s_pkey);
+
+ return ret;
+}
+
+static int
+_dsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
+{
+
+ int ret;
+ gcry_sexp_t parms, key, list;
+
+ /* FIXME: Remove me once we depend on 1.3.1 */
+ if (bits > 1024 && gcry_check_version ("1.3.1") == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bits < 512)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits);
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* generate the DSA key
+ */
+ ret = gcry_pk_genkey (&key, parms);
+ gcry_sexp_release (parms);
+
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ list = gcry_sexp_find_token (key, "p", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (key, "q", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (key, "g", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (key, "y", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+
+ list = gcry_sexp_find_token (key, "x", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
+
+ gcry_sexp_release (list);
+ gcry_sexp_release (key);
+
+ _gnutls_mpi_log ("p: ", resarr[0]);
+ _gnutls_mpi_log ("q: ", resarr[1]);
+ _gnutls_mpi_log ("g: ", resarr[2]);
+ _gnutls_mpi_log ("y: ", resarr[3]);
+ _gnutls_mpi_log ("x: ", resarr[4]);
+
+ *resarr_len = 5;
+
+ return 0;
+
+}
+
+static int
+_rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
+{
+
+ int ret, i;
+ gcry_sexp_t parms, key, list;
+ bigint_t tmp;
+
+ if (*resarr_len < RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits);
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* generate the RSA key */
+ ret = gcry_pk_genkey (&key, parms);
+ gcry_sexp_release (parms);
+
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ list = gcry_sexp_find_token (key, "n", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (key, "e", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (key, "d", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+ list = gcry_sexp_find_token (key, "p", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+
+ list = gcry_sexp_find_token (key, "q", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
+ gcry_sexp_release (list);
+
+
+ list = gcry_sexp_find_token (key, "u", 0);
+ if (list == NULL)
+ {
+ gnutls_assert ();
+ gcry_sexp_release (key);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ resarr[5] = gcry_sexp_nth_mpi (list, 1, 0);
+
+ gcry_sexp_release (list);
+ gcry_sexp_release (key);
+
+ _gnutls_mpi_log ("n: ", resarr[0]);
+ _gnutls_mpi_log ("e: ", resarr[1]);
+ _gnutls_mpi_log ("d: ", resarr[2]);
+ _gnutls_mpi_log ("p: ", resarr[3]);
+ _gnutls_mpi_log ("q: ", resarr[4]);
+ _gnutls_mpi_log ("u: ", resarr[5]);
+
+ /* generate e1 and e2 */
+
+ *resarr_len = 6;
+
+ tmp = _gnutls_mpi_alloc_like (resarr[0]);
+ if (tmp == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret = _gnutls_calc_rsa_exp (resarr, 2 + *resarr_len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ (*resarr_len) += 2;
+
+ return 0;
+
+cleanup:
+ for (i = 0; i < *resarr_len; i++)
+ _gnutls_mpi_release (&resarr[i]);
+
+ return ret;
+}
+
+
+static int
+wrap_gcry_pk_generate_params (gnutls_pk_algorithm_t algo,
+ unsigned int level /*bits */ ,
+ gnutls_pk_params_st * params)
+{
+
+ switch (algo)
+ {
+
+ case GNUTLS_PK_DSA:
+ params->params_nr = DSA_PRIVATE_PARAMS;
+ if (params->params_nr > GNUTLS_MAX_PK_PARAMS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ return _dsa_generate_params (params->params, ¶ms->params_nr, level);
+
+ case GNUTLS_PK_RSA:
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ if (params->params_nr > GNUTLS_MAX_PK_PARAMS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ return _rsa_generate_params (params->params, ¶ms->params_nr, level);
+
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+}
+
+
+static int
+wrap_gcry_pk_fixup (gnutls_pk_algorithm_t algo,
+ gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
+{
+ int ret, result;
+
+ /* only for RSA we invert the coefficient --pgp type */
+
+ if (algo != GNUTLS_PK_RSA)
+ return 0;
+
+ if (params->params[5] == NULL)
+ params->params[5] =
+ _gnutls_mpi_new (_gnutls_mpi_get_nbits (params->params[0]));
+
+ if (params->params[5] == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = 1;
+ if (direction == GNUTLS_IMPORT)
+ {
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release (¶ms->params[6]);
+ _gnutls_mpi_release (¶ms->params[7]);
+ result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ ret =
+ gcry_mpi_invm (params->params[5], params->params[3],
+ params->params[4]);
+
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ }
+ else if (direction == GNUTLS_EXPORT)
+ ret =
+ gcry_mpi_invm (params->params[5], params->params[4], params->params[3]);
+ if (ret == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+int crypto_pk_prio = INT_MAX;
+
+gnutls_crypto_pk_st _gnutls_pk_ops = {
+ .encrypt = _wrap_gcry_pk_encrypt,
+ .decrypt = _wrap_gcry_pk_decrypt,
+ .sign = _wrap_gcry_pk_sign,
+ .verify = _wrap_gcry_pk_verify,
+ .generate = wrap_gcry_pk_generate_params,
+ .pk_fixup_private_params = wrap_gcry_pk_fixup,
+};
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here is the libgcrypt random generator layer.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <gnutls_mpi.h>
+#include <gcrypt.h>
+
+static int
+wrap_gcry_rnd_init (void **ctx)
+{
+ char c;
+
+ gcry_create_nonce (&c, 1);
+ gcry_randomize (&c, 1, GCRY_STRONG_RANDOM);
+
+ return 0;
+}
+
+static int
+wrap_gcry_rnd (void *ctx, int level, void *data, size_t datasize)
+{
+ if (level == GNUTLS_RND_NONCE)
+ gcry_create_nonce (data, datasize);
+ else
+ gcry_randomize (data, datasize, level);
+
+ return 0;
+}
+
+int crypto_rnd_prio = INT_MAX;
+
+gnutls_crypto_rnd_st _gnutls_rnd_ops = {
+ .init = wrap_gcry_rnd_init,
+ .deinit = NULL,
+ .rnd = wrap_gcry_rnd,
+};
--- /dev/null
+## DO NOT EDIT! GENERATED AUTOMATICALLY!
+## Process this file with automake to produce Makefile.in.
+# Copyright (C) 2002-2011 Free Software Foundation, Inc.
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# Generated by gnulib-tool.
+# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override --lib=liblgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lseek-tests --lgpl=2 --libtool --macro-prefix=lgl --no-vc-files byteswap c-ctype fseeko func gettext lib-msvc-compat lib-symbol-versions memmem-simple minmax netdb read-file snprintf sockets socklen stdint strcase strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf
+
+AUTOMAKE_OPTIONS = 1.5 gnits
+
+SUBDIRS =
+noinst_HEADERS =
+noinst_LIBRARIES =
+noinst_LTLIBRARIES =
+EXTRA_DIST =
+BUILT_SOURCES =
+SUFFIXES =
+MOSTLYCLEANFILES = core *.stackdump
+MOSTLYCLEANDIRS =
+CLEANFILES =
+DISTCLEANFILES =
+MAINTAINERCLEANFILES =
+#Don't make test
+#SUBDIRS += tests
+EXTRA_DIST += m4/gnulib-cache.m4
+
+AM_CPPFLAGS =
+AM_CFLAGS =
+
+noinst_LTLIBRARIES += liblgnu.la
+
+liblgnu_la_SOURCES =
+liblgnu_la_LIBADD = $(lgl_LTLIBOBJS)
+liblgnu_la_DEPENDENCIES = $(lgl_LTLIBOBJS)
+EXTRA_liblgnu_la_SOURCES =
+liblgnu_la_LDFLAGS = $(AM_LDFLAGS)
+liblgnu_la_LDFLAGS += -no-undefined
+liblgnu_la_LDFLAGS += $(LIBSOCKET)
+liblgnu_la_LDFLAGS += $(LTLIBINTL)
+
+## begin gnulib module alignof
+
+
+EXTRA_DIST += alignof.h
+
+## end gnulib module alignof
+
+## begin gnulib module alloca-opt
+
+BUILT_SOURCES += $(ALLOCA_H)
+
+# We need the following in order to create <alloca.h> when the system
+# doesn't have one that works with the given compiler.
+alloca.h: alloca.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ cat $(srcdir)/alloca.in.h; \
+ } > $@-t && \
+ mv -f $@-t $@
+MOSTLYCLEANFILES += alloca.h alloca.h-t
+
+EXTRA_DIST += alloca.in.h
+
+## end gnulib module alloca-opt
+
+## begin gnulib module arg-nonnull
+
+# The BUILT_SOURCES created by this Makefile snippet are not used via #include
+# statements but through direct file reference. Therefore this snippet must be
+# present in all Makefile.am that need it. This is ensured by the applicability
+# 'all' defined above.
+
+#BUILT_SOURCES += arg-nonnull.h
+# The arg-nonnull.h that gets inserted into generated .h files is the same as
+# build-aux/arg-nonnull.h, except that it has the copyright header cut off.
+#arg-nonnull.h: $(top_srcdir)/build-aux/arg-nonnull.h
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# sed -n -e '/GL_ARG_NONNULL/,$$p' \
+# < $(top_srcdir)/build-aux/arg-nonnull.h \
+# > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += arg-nonnull.h arg-nonnull.h-t
+
+#ARG_NONNULL_H=arg-nonnull.h
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/arg-nonnull.h
+
+## end gnulib module arg-nonnull
+
+## begin gnulib module byteswap
+
+BUILT_SOURCES += $(BYTESWAP_H)
+
+# We need the following in order to create <byteswap.h> when the system
+# doesn't have one.
+byteswap.h: byteswap.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ cat $(srcdir)/byteswap.in.h; \
+ } > $@-t && \
+ mv -f $@-t $@
+MOSTLYCLEANFILES += byteswap.h byteswap.h-t
+
+EXTRA_DIST += byteswap.in.h
+
+## end gnulib module byteswap
+
+## begin gnulib module c++defs
+
+# The BUILT_SOURCES created by this Makefile snippet are not used via #include
+# statements but through direct file reference. Therefore this snippet must be
+# present in all Makefile.am that need it. This is ensured by the applicability
+# 'all' defined above.
+
+#BUILT_SOURCES += c++defs.h
+# The c++defs.h that gets inserted into generated .h files is the same as
+# build-aux/c++defs.h, except that it has the copyright header cut off.
+#c++defs.h: $(top_srcdir)/build-aux/c++defs.h
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# sed -n -e '/_GL_CXXDEFS/,$$p' \
+# < $(top_srcdir)/build-aux/c++defs.h \
+# > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += c++defs.h c++defs.h-t
+
+#CXXDEFS_H=c++defs.h
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/c++defs.h
+
+## end gnulib module c++defs
+
+## begin gnulib module c-ctype
+
+liblgnu_la_SOURCES += c-ctype.h c-ctype.c
+
+## end gnulib module c-ctype
+
+## begin gnulib module close-hook
+
+liblgnu_la_SOURCES += close-hook.c
+
+EXTRA_DIST += close-hook.h
+
+## end gnulib module close-hook
+
+## begin gnulib module errno
+
+BUILT_SOURCES += $(ERRNO_H)
+
+# We need the following in order to create <errno.h> when the system
+# doesn't have one that is POSIX compliant.
+errno.h: errno.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_ERRNO_H''@|$(NEXT_ERRNO_H)|g' \
+ -e 's|@''EMULTIHOP_HIDDEN''@|$(EMULTIHOP_HIDDEN)|g' \
+ -e 's|@''EMULTIHOP_VALUE''@|$(EMULTIHOP_VALUE)|g' \
+ -e 's|@''ENOLINK_HIDDEN''@|$(ENOLINK_HIDDEN)|g' \
+ -e 's|@''ENOLINK_VALUE''@|$(ENOLINK_VALUE)|g' \
+ -e 's|@''EOVERFLOW_HIDDEN''@|$(EOVERFLOW_HIDDEN)|g' \
+ -e 's|@''EOVERFLOW_VALUE''@|$(EOVERFLOW_VALUE)|g' \
+ < $(srcdir)/errno.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+MOSTLYCLEANFILES += errno.h errno.h-t
+
+EXTRA_DIST += errno.in.h
+
+## end gnulib module errno
+
+## begin gnulib module float
+
+BUILT_SOURCES += $(FLOAT_H)
+
+# We need the following in order to create <float.h> when the system
+# doesn't have one that works with the given compiler.
+float.h: float.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_FLOAT_H''@|$(NEXT_FLOAT_H)|g' \
+ < $(srcdir)/float.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+MOSTLYCLEANFILES += float.h float.h-t
+
+EXTRA_DIST += float.in.h
+
+## end gnulib module float
+
+## begin gnulib module fseeko
+
+
+EXTRA_DIST += fseeko.c stdio-impl.h
+
+EXTRA_liblgnu_la_SOURCES += fseeko.c
+
+## end gnulib module fseeko
+
+## begin gnulib module ftello
+
+
+EXTRA_DIST += ftello.c stdio-impl.h
+
+EXTRA_liblgnu_la_SOURCES += ftello.c
+
+## end gnulib module ftello
+
+## begin gnulib module gettext
+
+# This is for those projects which use "gettextize --intl" to put a source-code
+# copy of libintl into their package. In such projects, every Makefile.am needs
+# -I$(top_builddir)/intl, so that <libintl.h> can be found in this directory.
+# For the Makefile.ams in other directories it is the maintainer's
+# responsibility; for the one from gnulib we do it here.
+# This option has no effect when the user disables NLS (because then the intl
+# directory contains no libintl.h file) or when the project does not use
+# "gettextize --intl".
+#AM_CPPFLAGS += -I$(top_builddir)/intl
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/config.rpath
+
+## end gnulib module gettext
+
+## begin gnulib module gettext-h
+
+liblgnu_la_SOURCES += gettext.h
+
+## end gnulib module gettext-h
+
+## begin gnulib module havelib
+
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/config.rpath
+
+## end gnulib module havelib
+
+## begin gnulib module lseek
+
+
+EXTRA_DIST += lseek.c
+
+EXTRA_liblgnu_la_SOURCES += lseek.c
+
+## end gnulib module lseek
+
+## begin gnulib module malloc-posix
+
+
+EXTRA_DIST += malloc.c
+
+EXTRA_liblgnu_la_SOURCES += malloc.c
+
+## end gnulib module malloc-posix
+
+## begin gnulib module memchr
+
+
+EXTRA_DIST += memchr.c memchr.valgrind
+
+EXTRA_liblgnu_la_SOURCES += memchr.c
+
+## end gnulib module memchr
+
+## begin gnulib module memmem-simple
+
+
+EXTRA_DIST += memmem.c str-two-way.h
+
+EXTRA_liblgnu_la_SOURCES += memmem.c
+
+## end gnulib module memmem-simple
+
+## begin gnulib module minmax
+
+liblgnu_la_SOURCES += minmax.h
+
+## end gnulib module minmax
+
+## begin gnulib module netdb
+
+#BUILT_SOURCES += netdb.h
+
+# We need the following in order to create <netdb.h> when the system
+# doesn't have one that works with the given compiler.
+#netdb.h: netdb.in.h $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_NETDB_H''@|$(NEXT_NETDB_H)|g' \
+# -e 's|@''HAVE_NETDB_H''@|$(HAVE_NETDB_H)|g' \
+# -e 's|@''GNULIB_GETADDRINFO''@|$(GNULIB_GETADDRINFO)|g' \
+# -e 's|@''HAVE_STRUCT_ADDRINFO''@|$(HAVE_STRUCT_ADDRINFO)|g' \
+# -e 's|@''HAVE_DECL_FREEADDRINFO''@|$(HAVE_DECL_FREEADDRINFO)|g' \
+# -e 's|@''HAVE_DECL_GAI_STRERROR''@|$(HAVE_DECL_GAI_STRERROR)|g' \
+# -e 's|@''HAVE_DECL_GETADDRINFO''@|$(HAVE_DECL_GETADDRINFO)|g' \
+# -e 's|@''HAVE_DECL_GETNAMEINFO''@|$(HAVE_DECL_GETNAMEINFO)|g' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/netdb.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += netdb.h netdb.h-t
+
+#EXTRA_DIST += netdb.in.h
+
+## end gnulib module netdb
+
+## begin gnulib module read-file
+
+
+EXTRA_DIST += read-file.c read-file.h
+
+#EXTRA_liblgnu_la_SOURCES += read-file.c
+liblgnu_la_SOURCES += read-file.h read-file.c
+
+## end gnulib module read-file
+
+## begin gnulib module realloc-posix
+
+
+EXTRA_DIST += realloc.c
+
+EXTRA_liblgnu_la_SOURCES += realloc.c
+
+## end gnulib module realloc-posix
+
+## begin gnulib module size_max
+
+liblgnu_la_SOURCES += size_max.h
+
+## end gnulib module size_max
+
+## begin gnulib module snprintf
+
+
+EXTRA_DIST += snprintf.c
+
+EXTRA_liblgnu_la_SOURCES += snprintf.c
+
+## end gnulib module snprintf
+
+## begin gnulib module sockets
+
+liblgnu_la_SOURCES += sockets.h sockets.c
+
+EXTRA_DIST += w32sock.h
+
+## end gnulib module sockets
+
+## begin gnulib module stdbool
+
+BUILT_SOURCES += $(STDBOOL_H)
+
+# We need the following in order to create <stdbool.h> when the system
+# doesn't have one that works.
+stdbool.h: stdbool.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ sed -e 's/@''HAVE__BOOL''@/$(HAVE__BOOL)/g' < $(srcdir)/stdbool.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+MOSTLYCLEANFILES += stdbool.h stdbool.h-t
+
+EXTRA_DIST += stdbool.in.h
+
+## end gnulib module stdbool
+
+## begin gnulib module stddef
+
+BUILT_SOURCES += $(STDDEF_H)
+
+# We need the following in order to create <stddef.h> when the system
+# doesn't have one that works with the given compiler.
+stddef.h: stddef.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_STDDEF_H''@|$(NEXT_STDDEF_H)|g' \
+ -e 's|@''HAVE_WCHAR_T''@|$(HAVE_WCHAR_T)|g' \
+ -e 's|@''REPLACE_NULL''@|$(REPLACE_NULL)|g' \
+ < $(srcdir)/stddef.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+MOSTLYCLEANFILES += stddef.h stddef.h-t
+
+EXTRA_DIST += stddef.in.h
+
+## end gnulib module stddef
+
+## begin gnulib module stdint
+
+BUILT_SOURCES += $(STDINT_H)
+
+# We need the following in order to create <stdint.h> when the system
+# doesn't have one that works with the given compiler.
+stdint.h: stdint.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ sed -e 's/@''HAVE_STDINT_H''@/$(HAVE_STDINT_H)/g' \
+ -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_STDINT_H''@|$(NEXT_STDINT_H)|g' \
+ -e 's/@''HAVE_SYS_TYPES_H''@/$(HAVE_SYS_TYPES_H)/g' \
+ -e 's/@''HAVE_INTTYPES_H''@/$(HAVE_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_INTTYPES_H''@/$(HAVE_SYS_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_BITYPES_H''@/$(HAVE_SYS_BITYPES_H)/g' \
+ -e 's/@''HAVE_WCHAR_H''@/$(HAVE_WCHAR_H)/g' \
+ -e 's/@''HAVE_LONG_LONG_INT''@/$(HAVE_LONG_LONG_INT)/g' \
+ -e 's/@''HAVE_UNSIGNED_LONG_LONG_INT''@/$(HAVE_UNSIGNED_LONG_LONG_INT)/g' \
+ -e 's/@''APPLE_UNIVERSAL_BUILD''@/$(APPLE_UNIVERSAL_BUILD)/g' \
+ -e 's/@''BITSIZEOF_PTRDIFF_T''@/$(BITSIZEOF_PTRDIFF_T)/g' \
+ -e 's/@''PTRDIFF_T_SUFFIX''@/$(PTRDIFF_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIG_ATOMIC_T''@/$(BITSIZEOF_SIG_ATOMIC_T)/g' \
+ -e 's/@''HAVE_SIGNED_SIG_ATOMIC_T''@/$(HAVE_SIGNED_SIG_ATOMIC_T)/g' \
+ -e 's/@''SIG_ATOMIC_T_SUFFIX''@/$(SIG_ATOMIC_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIZE_T''@/$(BITSIZEOF_SIZE_T)/g' \
+ -e 's/@''SIZE_T_SUFFIX''@/$(SIZE_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WCHAR_T''@/$(BITSIZEOF_WCHAR_T)/g' \
+ -e 's/@''HAVE_SIGNED_WCHAR_T''@/$(HAVE_SIGNED_WCHAR_T)/g' \
+ -e 's/@''WCHAR_T_SUFFIX''@/$(WCHAR_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WINT_T''@/$(BITSIZEOF_WINT_T)/g' \
+ -e 's/@''HAVE_SIGNED_WINT_T''@/$(HAVE_SIGNED_WINT_T)/g' \
+ -e 's/@''WINT_T_SUFFIX''@/$(WINT_T_SUFFIX)/g' \
+ < $(srcdir)/stdint.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+MOSTLYCLEANFILES += stdint.h stdint.h-t
+
+EXTRA_DIST += stdint.in.h
+
+## end gnulib module stdint
+
+## begin gnulib module stdio
+
+#BUILT_SOURCES += stdio.h
+
+# We need the following in order to create <stdio.h> when the system
+# doesn't have one that works with the given compiler.
+#stdio.h: stdio.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STDIO_H''@|$(NEXT_STDIO_H)|g' \
+# -e 's|@''GNULIB_DPRINTF''@|$(GNULIB_DPRINTF)|g' \
+# -e 's|@''GNULIB_FCLOSE''@|$(GNULIB_FCLOSE)|g' \
+# -e 's|@''GNULIB_FFLUSH''@|$(GNULIB_FFLUSH)|g' \
+# -e 's|@''GNULIB_FOPEN''@|$(GNULIB_FOPEN)|g' \
+# -e 's|@''GNULIB_FPRINTF''@|$(GNULIB_FPRINTF)|g' \
+# -e 's|@''GNULIB_FPRINTF_POSIX''@|$(GNULIB_FPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_FPURGE''@|$(GNULIB_FPURGE)|g' \
+# -e 's|@''GNULIB_FPUTC''@|$(GNULIB_FPUTC)|g' \
+# -e 's|@''GNULIB_FPUTS''@|$(GNULIB_FPUTS)|g' \
+# -e 's|@''GNULIB_FREOPEN''@|$(GNULIB_FREOPEN)|g' \
+# -e 's|@''GNULIB_FSEEK''@|$(GNULIB_FSEEK)|g' \
+# -e 's|@''GNULIB_FSEEKO''@|$(GNULIB_FSEEKO)|g' \
+# -e 's|@''GNULIB_FTELL''@|$(GNULIB_FTELL)|g' \
+# -e 's|@''GNULIB_FTELLO''@|$(GNULIB_FTELLO)|g' \
+# -e 's|@''GNULIB_FWRITE''@|$(GNULIB_FWRITE)|g' \
+# -e 's|@''GNULIB_GETDELIM''@|$(GNULIB_GETDELIM)|g' \
+# -e 's|@''GNULIB_GETLINE''@|$(GNULIB_GETLINE)|g' \
+# -e 's|@''GNULIB_OBSTACK_PRINTF''@|$(GNULIB_OBSTACK_PRINTF)|g' \
+# -e 's|@''GNULIB_OBSTACK_PRINTF_POSIX''@|$(GNULIB_OBSTACK_PRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_PERROR''@|$(GNULIB_PERROR)|g' \
+# -e 's|@''GNULIB_POPEN''@|$(GNULIB_POPEN)|g' \
+# -e 's|@''GNULIB_PRINTF''@|$(GNULIB_PRINTF)|g' \
+# -e 's|@''GNULIB_PRINTF_POSIX''@|$(GNULIB_PRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_PUTC''@|$(GNULIB_PUTC)|g' \
+# -e 's|@''GNULIB_PUTCHAR''@|$(GNULIB_PUTCHAR)|g' \
+# -e 's|@''GNULIB_PUTS''@|$(GNULIB_PUTS)|g' \
+# -e 's|@''GNULIB_REMOVE''@|$(GNULIB_REMOVE)|g' \
+# -e 's|@''GNULIB_RENAME''@|$(GNULIB_RENAME)|g' \
+# -e 's|@''GNULIB_RENAMEAT''@|$(GNULIB_RENAMEAT)|g' \
+# -e 's|@''GNULIB_SNPRINTF''@|$(GNULIB_SNPRINTF)|g' \
+# -e 's|@''GNULIB_SPRINTF_POSIX''@|$(GNULIB_SPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_STDIO_H_SIGPIPE''@|$(GNULIB_STDIO_H_SIGPIPE)|g' \
+# -e 's|@''GNULIB_TMPFILE''@|$(GNULIB_TMPFILE)|g' \
+# -e 's|@''GNULIB_VASPRINTF''@|$(GNULIB_VASPRINTF)|g' \
+# -e 's|@''GNULIB_VDPRINTF''@|$(GNULIB_VDPRINTF)|g' \
+# -e 's|@''GNULIB_VFPRINTF''@|$(GNULIB_VFPRINTF)|g' \
+# -e 's|@''GNULIB_VFPRINTF_POSIX''@|$(GNULIB_VFPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_VPRINTF''@|$(GNULIB_VPRINTF)|g' \
+# -e 's|@''GNULIB_VPRINTF_POSIX''@|$(GNULIB_VPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_VSNPRINTF''@|$(GNULIB_VSNPRINTF)|g' \
+# -e 's|@''GNULIB_VSPRINTF_POSIX''@|$(GNULIB_VSPRINTF_POSIX)|g' \
+# < $(srcdir)/stdio.in.h | \
+# sed -e 's|@''HAVE_DECL_FPURGE''@|$(HAVE_DECL_FPURGE)|g' \
+# -e 's|@''HAVE_DECL_FSEEKO''@|$(HAVE_DECL_FSEEKO)|g' \
+# -e 's|@''HAVE_DECL_FTELLO''@|$(HAVE_DECL_FTELLO)|g' \
+# -e 's|@''HAVE_DECL_GETDELIM''@|$(HAVE_DECL_GETDELIM)|g' \
+# -e 's|@''HAVE_DECL_GETLINE''@|$(HAVE_DECL_GETLINE)|g' \
+# -e 's|@''HAVE_DECL_OBSTACK_PRINTF''@|$(HAVE_DECL_OBSTACK_PRINTF)|g' \
+# -e 's|@''HAVE_DECL_SNPRINTF''@|$(HAVE_DECL_SNPRINTF)|g' \
+# -e 's|@''HAVE_DECL_VSNPRINTF''@|$(HAVE_DECL_VSNPRINTF)|g' \
+# -e 's|@''HAVE_DPRINTF''@|$(HAVE_DPRINTF)|g' \
+# -e 's|@''HAVE_FSEEKO''@|$(HAVE_FSEEKO)|g' \
+# -e 's|@''HAVE_FTELLO''@|$(HAVE_FTELLO)|g' \
+# -e 's|@''HAVE_RENAMEAT''@|$(HAVE_RENAMEAT)|g' \
+# -e 's|@''HAVE_VASPRINTF''@|$(HAVE_VASPRINTF)|g' \
+# -e 's|@''HAVE_VDPRINTF''@|$(HAVE_VDPRINTF)|g' \
+# -e 's|@''REPLACE_DPRINTF''@|$(REPLACE_DPRINTF)|g' \
+# -e 's|@''REPLACE_FCLOSE''@|$(REPLACE_FCLOSE)|g' \
+# -e 's|@''REPLACE_FFLUSH''@|$(REPLACE_FFLUSH)|g' \
+# -e 's|@''REPLACE_FOPEN''@|$(REPLACE_FOPEN)|g' \
+# -e 's|@''REPLACE_FPRINTF''@|$(REPLACE_FPRINTF)|g' \
+# -e 's|@''REPLACE_FPURGE''@|$(REPLACE_FPURGE)|g' \
+# -e 's|@''REPLACE_FREOPEN''@|$(REPLACE_FREOPEN)|g' \
+# -e 's|@''REPLACE_FSEEK''@|$(REPLACE_FSEEK)|g' \
+# -e 's|@''REPLACE_FSEEKO''@|$(REPLACE_FSEEKO)|g' \
+# -e 's|@''REPLACE_FTELL''@|$(REPLACE_FTELL)|g' \
+# -e 's|@''REPLACE_FTELLO''@|$(REPLACE_FTELLO)|g' \
+# -e 's|@''REPLACE_GETDELIM''@|$(REPLACE_GETDELIM)|g' \
+# -e 's|@''REPLACE_GETLINE''@|$(REPLACE_GETLINE)|g' \
+# -e 's|@''REPLACE_OBSTACK_PRINTF''@|$(REPLACE_OBSTACK_PRINTF)|g' \
+# -e 's|@''REPLACE_PERROR''@|$(REPLACE_PERROR)|g' \
+# -e 's|@''REPLACE_POPEN''@|$(REPLACE_POPEN)|g' \
+# -e 's|@''REPLACE_PRINTF''@|$(REPLACE_PRINTF)|g' \
+# -e 's|@''REPLACE_REMOVE''@|$(REPLACE_REMOVE)|g' \
+# -e 's|@''REPLACE_RENAME''@|$(REPLACE_RENAME)|g' \
+# -e 's|@''REPLACE_RENAMEAT''@|$(REPLACE_RENAMEAT)|g' \
+# -e 's|@''REPLACE_SNPRINTF''@|$(REPLACE_SNPRINTF)|g' \
+# -e 's|@''REPLACE_SPRINTF''@|$(REPLACE_SPRINTF)|g' \
+# -e 's|@''REPLACE_STDIO_WRITE_FUNCS''@|$(REPLACE_STDIO_WRITE_FUNCS)|g' \
+# -e 's|@''REPLACE_TMPFILE''@|$(REPLACE_TMPFILE)|g' \
+# -e 's|@''REPLACE_VASPRINTF''@|$(REPLACE_VASPRINTF)|g' \
+# -e 's|@''REPLACE_VDPRINTF''@|$(REPLACE_VDPRINTF)|g' \
+# -e 's|@''REPLACE_VFPRINTF''@|$(REPLACE_VFPRINTF)|g' \
+# -e 's|@''REPLACE_VPRINTF''@|$(REPLACE_VPRINTF)|g' \
+# -e 's|@''REPLACE_VSNPRINTF''@|$(REPLACE_VSNPRINTF)|g' \
+# -e 's|@''REPLACE_VSPRINTF''@|$(REPLACE_VSPRINTF)|g' \
+# -e 's|@''ASM_SYMBOL_PREFIX''@|$(ASM_SYMBOL_PREFIX)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += stdio.h stdio.h-t
+
+#EXTRA_DIST += stdio-write.c stdio.in.h
+
+#EXTRA_liblgnu_la_SOURCES += stdio-write.c
+
+## end gnulib module stdio
+
+## begin gnulib module stdlib
+
+#BUILT_SOURCES += stdlib.h
+
+# We need the following in order to create <stdlib.h> when the system
+# doesn't have one that works with the given compiler.
+#stdlib.h: stdlib.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STDLIB_H''@|$(NEXT_STDLIB_H)|g' \
+# -e 's|@''GNULIB__EXIT''@|$(GNULIB__EXIT)|g' \
+# -e 's|@''GNULIB_ATOLL''@|$(GNULIB_ATOLL)|g' \
+# -e 's|@''GNULIB_CALLOC_POSIX''@|$(GNULIB_CALLOC_POSIX)|g' \
+# -e 's|@''GNULIB_CANONICALIZE_FILE_NAME''@|$(GNULIB_CANONICALIZE_FILE_NAME)|g' \
+# -e 's|@''GNULIB_GETLOADAVG''@|$(GNULIB_GETLOADAVG)|g' \
+# -e 's|@''GNULIB_GETSUBOPT''@|$(GNULIB_GETSUBOPT)|g' \
+# -e 's|@''GNULIB_GRANTPT''@|$(GNULIB_GRANTPT)|g' \
+# -e 's|@''GNULIB_MALLOC_POSIX''@|$(GNULIB_MALLOC_POSIX)|g' \
+# -e 's|@''GNULIB_MKDTEMP''@|$(GNULIB_MKDTEMP)|g' \
+# -e 's|@''GNULIB_MKOSTEMP''@|$(GNULIB_MKOSTEMP)|g' \
+# -e 's|@''GNULIB_MKOSTEMPS''@|$(GNULIB_MKOSTEMPS)|g' \
+# -e 's|@''GNULIB_MKSTEMP''@|$(GNULIB_MKSTEMP)|g' \
+# -e 's|@''GNULIB_MKSTEMPS''@|$(GNULIB_MKSTEMPS)|g' \
+# -e 's|@''GNULIB_PTSNAME''@|$(GNULIB_PTSNAME)|g' \
+# -e 's|@''GNULIB_PUTENV''@|$(GNULIB_PUTENV)|g' \
+# -e 's|@''GNULIB_RANDOM_R''@|$(GNULIB_RANDOM_R)|g' \
+# -e 's|@''GNULIB_REALLOC_POSIX''@|$(GNULIB_REALLOC_POSIX)|g' \
+# -e 's|@''GNULIB_REALPATH''@|$(GNULIB_REALPATH)|g' \
+# -e 's|@''GNULIB_RPMATCH''@|$(GNULIB_RPMATCH)|g' \
+# -e 's|@''GNULIB_SETENV''@|$(GNULIB_SETENV)|g' \
+# -e 's|@''GNULIB_STRTOD''@|$(GNULIB_STRTOD)|g' \
+# -e 's|@''GNULIB_STRTOLL''@|$(GNULIB_STRTOLL)|g' \
+# -e 's|@''GNULIB_STRTOULL''@|$(GNULIB_STRTOULL)|g' \
+# -e 's|@''GNULIB_SYSTEM_POSIX''@|$(GNULIB_SYSTEM_POSIX)|g' \
+# -e 's|@''GNULIB_UNLOCKPT''@|$(GNULIB_UNLOCKPT)|g' \
+# -e 's|@''GNULIB_UNSETENV''@|$(GNULIB_UNSETENV)|g' \
+# < $(srcdir)/stdlib.in.h | \
+# sed -e 's|@''HAVE__EXIT''@|$(HAVE__EXIT)|g' \
+# -e 's|@''HAVE_ATOLL''@|$(HAVE_ATOLL)|g' \
+# -e 's|@''HAVE_CANONICALIZE_FILE_NAME''@|$(HAVE_CANONICALIZE_FILE_NAME)|g' \
+# -e 's|@''HAVE_DECL_GETLOADAVG''@|$(HAVE_DECL_GETLOADAVG)|g' \
+# -e 's|@''HAVE_GETSUBOPT''@|$(HAVE_GETSUBOPT)|g' \
+# -e 's|@''HAVE_GRANTPT''@|$(HAVE_GRANTPT)|g' \
+# -e 's|@''HAVE_MKDTEMP''@|$(HAVE_MKDTEMP)|g' \
+# -e 's|@''HAVE_MKOSTEMP''@|$(HAVE_MKOSTEMP)|g' \
+# -e 's|@''HAVE_MKOSTEMPS''@|$(HAVE_MKOSTEMPS)|g' \
+# -e 's|@''HAVE_MKSTEMP''@|$(HAVE_MKSTEMP)|g' \
+# -e 's|@''HAVE_MKSTEMPS''@|$(HAVE_MKSTEMPS)|g' \
+# -e 's|@''HAVE_PTSNAME''@|$(HAVE_PTSNAME)|g' \
+# -e 's|@''HAVE_RANDOM_H''@|$(HAVE_RANDOM_H)|g' \
+# -e 's|@''HAVE_RANDOM_R''@|$(HAVE_RANDOM_R)|g' \
+# -e 's|@''HAVE_REALPATH''@|$(HAVE_REALPATH)|g' \
+# -e 's|@''HAVE_RPMATCH''@|$(HAVE_RPMATCH)|g' \
+# -e 's|@''HAVE_DECL_SETENV''@|$(HAVE_DECL_SETENV)|g' \
+# -e 's|@''HAVE_STRTOD''@|$(HAVE_STRTOD)|g' \
+# -e 's|@''HAVE_STRTOLL''@|$(HAVE_STRTOLL)|g' \
+# -e 's|@''HAVE_STRTOULL''@|$(HAVE_STRTOULL)|g' \
+# -e 's|@''HAVE_STRUCT_RANDOM_DATA''@|$(HAVE_STRUCT_RANDOM_DATA)|g' \
+# -e 's|@''HAVE_SYS_LOADAVG_H''@|$(HAVE_SYS_LOADAVG_H)|g' \
+# -e 's|@''HAVE_UNLOCKPT''@|$(HAVE_UNLOCKPT)|g' \
+# -e 's|@''HAVE_DECL_UNSETENV''@|$(HAVE_DECL_UNSETENV)|g' \
+# -e 's|@''REPLACE_CALLOC''@|$(REPLACE_CALLOC)|g' \
+# -e 's|@''REPLACE_CANONICALIZE_FILE_NAME''@|$(REPLACE_CANONICALIZE_FILE_NAME)|g' \
+# -e 's|@''REPLACE_MALLOC''@|$(REPLACE_MALLOC)|g' \
+# -e 's|@''REPLACE_MKSTEMP''@|$(REPLACE_MKSTEMP)|g' \
+# -e 's|@''REPLACE_PUTENV''@|$(REPLACE_PUTENV)|g' \
+# -e 's|@''REPLACE_REALLOC''@|$(REPLACE_REALLOC)|g' \
+# -e 's|@''REPLACE_REALPATH''@|$(REPLACE_REALPATH)|g' \
+# -e 's|@''REPLACE_SETENV''@|$(REPLACE_SETENV)|g' \
+# -e 's|@''REPLACE_STRTOD''@|$(REPLACE_STRTOD)|g' \
+# -e 's|@''REPLACE_UNSETENV''@|$(REPLACE_UNSETENV)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += stdlib.h stdlib.h-t
+#
+#EXTRA_DIST += stdlib.in.h
+
+## end gnulib module stdlib
+
+## begin gnulib module strcase
+
+
+EXTRA_DIST += strcasecmp.c strncasecmp.c
+
+EXTRA_liblgnu_la_SOURCES += strcasecmp.c strncasecmp.c
+
+## end gnulib module strcase
+
+## begin gnulib module string
+
+#BUILT_SOURCES += string.h
+
+# We need the following in order to create <string.h> when the system
+# doesn't have one that works with the given compiler.
+#string.h: string.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STRING_H''@|$(NEXT_STRING_H)|g' \
+# -e 's|@''GNULIB_MBSLEN''@|$(GNULIB_MBSLEN)|g' \
+# -e 's|@''GNULIB_MBSNLEN''@|$(GNULIB_MBSNLEN)|g' \
+# -e 's|@''GNULIB_MBSCHR''@|$(GNULIB_MBSCHR)|g' \
+# -e 's|@''GNULIB_MBSRCHR''@|$(GNULIB_MBSRCHR)|g' \
+# -e 's|@''GNULIB_MBSSTR''@|$(GNULIB_MBSSTR)|g' \
+# -e 's|@''GNULIB_MBSCASECMP''@|$(GNULIB_MBSCASECMP)|g' \
+# -e 's|@''GNULIB_MBSNCASECMP''@|$(GNULIB_MBSNCASECMP)|g' \
+# -e 's|@''GNULIB_MBSPCASECMP''@|$(GNULIB_MBSPCASECMP)|g' \
+# -e 's|@''GNULIB_MBSCASESTR''@|$(GNULIB_MBSCASESTR)|g' \
+# -e 's|@''GNULIB_MBSCSPN''@|$(GNULIB_MBSCSPN)|g' \
+# -e 's|@''GNULIB_MBSPBRK''@|$(GNULIB_MBSPBRK)|g' \
+# -e 's|@''GNULIB_MBSSPN''@|$(GNULIB_MBSSPN)|g' \
+# -e 's|@''GNULIB_MBSSEP''@|$(GNULIB_MBSSEP)|g' \
+# -e 's|@''GNULIB_MBSTOK_R''@|$(GNULIB_MBSTOK_R)|g' \
+# -e 's|@''GNULIB_MEMCHR''@|$(GNULIB_MEMCHR)|g' \
+# -e 's|@''GNULIB_MEMMEM''@|$(GNULIB_MEMMEM)|g' \
+# -e 's|@''GNULIB_MEMPCPY''@|$(GNULIB_MEMPCPY)|g' \
+# -e 's|@''GNULIB_MEMRCHR''@|$(GNULIB_MEMRCHR)|g' \
+# -e 's|@''GNULIB_RAWMEMCHR''@|$(GNULIB_RAWMEMCHR)|g' \
+# -e 's|@''GNULIB_STPCPY''@|$(GNULIB_STPCPY)|g' \
+# -e 's|@''GNULIB_STPNCPY''@|$(GNULIB_STPNCPY)|g' \
+# -e 's|@''GNULIB_STRCHRNUL''@|$(GNULIB_STRCHRNUL)|g' \
+# -e 's|@''GNULIB_STRDUP''@|$(GNULIB_STRDUP)|g' \
+# -e 's|@''GNULIB_STRNCAT''@|$(GNULIB_STRNCAT)|g' \
+# -e 's|@''GNULIB_STRNDUP''@|$(GNULIB_STRNDUP)|g' \
+# -e 's|@''GNULIB_STRNLEN''@|$(GNULIB_STRNLEN)|g' \
+# -e 's|@''GNULIB_STRPBRK''@|$(GNULIB_STRPBRK)|g' \
+# -e 's|@''GNULIB_STRSEP''@|$(GNULIB_STRSEP)|g' \
+# -e 's|@''GNULIB_STRSTR''@|$(GNULIB_STRSTR)|g' \
+# -e 's|@''GNULIB_STRCASESTR''@|$(GNULIB_STRCASESTR)|g' \
+# -e 's|@''GNULIB_STRTOK_R''@|$(GNULIB_STRTOK_R)|g' \
+# -e 's|@''GNULIB_STRERROR''@|$(GNULIB_STRERROR)|g' \
+# -e 's|@''GNULIB_STRERROR_R''@|$(GNULIB_STRERROR_R)|g' \
+# -e 's|@''GNULIB_STRSIGNAL''@|$(GNULIB_STRSIGNAL)|g' \
+# -e 's|@''GNULIB_STRVERSCMP''@|$(GNULIB_STRVERSCMP)|g' \
+# < $(srcdir)/string.in.h | \
+# sed -e 's|@''HAVE_MBSLEN''@|$(HAVE_MBSLEN)|g' \
+# -e 's|@''HAVE_MEMCHR''@|$(HAVE_MEMCHR)|g' \
+# -e 's|@''HAVE_DECL_MEMMEM''@|$(HAVE_DECL_MEMMEM)|g' \
+# -e 's|@''HAVE_MEMPCPY''@|$(HAVE_MEMPCPY)|g' \
+# -e 's|@''HAVE_DECL_MEMRCHR''@|$(HAVE_DECL_MEMRCHR)|g' \
+# -e 's|@''HAVE_RAWMEMCHR''@|$(HAVE_RAWMEMCHR)|g' \
+# -e 's|@''HAVE_STPCPY''@|$(HAVE_STPCPY)|g' \
+# -e 's|@''HAVE_STPNCPY''@|$(HAVE_STPNCPY)|g' \
+# -e 's|@''HAVE_STRCHRNUL''@|$(HAVE_STRCHRNUL)|g' \
+# -e 's|@''HAVE_DECL_STRDUP''@|$(HAVE_DECL_STRDUP)|g' \
+# -e 's|@''HAVE_DECL_STRNDUP''@|$(HAVE_DECL_STRNDUP)|g' \
+# -e 's|@''HAVE_DECL_STRNLEN''@|$(HAVE_DECL_STRNLEN)|g' \
+# -e 's|@''HAVE_STRPBRK''@|$(HAVE_STRPBRK)|g' \
+# -e 's|@''HAVE_STRSEP''@|$(HAVE_STRSEP)|g' \
+# -e 's|@''HAVE_STRCASESTR''@|$(HAVE_STRCASESTR)|g' \
+# -e 's|@''HAVE_DECL_STRTOK_R''@|$(HAVE_DECL_STRTOK_R)|g' \
+# -e 's|@''HAVE_DECL_STRERROR_R''@|$(HAVE_DECL_STRERROR_R)|g' \
+# -e 's|@''HAVE_DECL_STRSIGNAL''@|$(HAVE_DECL_STRSIGNAL)|g' \
+# -e 's|@''HAVE_STRVERSCMP''@|$(HAVE_STRVERSCMP)|g' \
+# -e 's|@''REPLACE_STPNCPY''@|$(REPLACE_STPNCPY)|g' \
+# -e 's|@''REPLACE_MEMCHR''@|$(REPLACE_MEMCHR)|g' \
+# -e 's|@''REPLACE_MEMMEM''@|$(REPLACE_MEMMEM)|g' \
+# -e 's|@''REPLACE_STRCASESTR''@|$(REPLACE_STRCASESTR)|g' \
+# -e 's|@''REPLACE_STRDUP''@|$(REPLACE_STRDUP)|g' \
+# -e 's|@''REPLACE_STRSTR''@|$(REPLACE_STRSTR)|g' \
+# -e 's|@''REPLACE_STRERROR''@|$(REPLACE_STRERROR)|g' \
+# -e 's|@''REPLACE_STRERROR_R''@|$(REPLACE_STRERROR_R)|g' \
+# -e 's|@''REPLACE_STRNCAT''@|$(REPLACE_STRNCAT)|g' \
+# -e 's|@''REPLACE_STRNDUP''@|$(REPLACE_STRNDUP)|g' \
+# -e 's|@''REPLACE_STRNLEN''@|$(REPLACE_STRNLEN)|g' \
+# -e 's|@''REPLACE_STRSIGNAL''@|$(REPLACE_STRSIGNAL)|g' \
+# -e 's|@''REPLACE_STRTOK_R''@|$(REPLACE_STRTOK_R)|g' \
+# -e 's|@''UNDEFINE_STRTOK_R''@|$(UNDEFINE_STRTOK_R)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# < $(srcdir)/string.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += string.h string.h-t
+#
+#EXTRA_DIST += string.in.h
+
+## end gnulib module string
+
+## begin gnulib module strings
+
+#BUILT_SOURCES += strings.h
+
+# We need the following in order to create <strings.h> when the system
+# doesn't have one that works with the given compiler.
+#strings.h: strings.in.h $(WARN_ON_USE_H) $(ARG_NONNULL_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STRINGS_H''@|$(NEXT_STRINGS_H)|g' \
+# -e 's|@''HAVE_STRCASECMP''@|$(HAVE_STRCASECMP)|g' \
+# -e 's|@''HAVE_DECL_STRNCASECMP''@|$(HAVE_DECL_STRNCASECMP)|g' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/strings.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += strings.h strings.h-t
+#
+#EXTRA_DIST += strings.in.h
+
+## end gnulib module strings
+
+## begin gnulib module strverscmp
+
+
+EXTRA_DIST += strverscmp.c
+
+EXTRA_liblgnu_la_SOURCES += strverscmp.c
+
+## end gnulib module strverscmp
+
+## begin gnulib module sys_socket
+
+#BUILT_SOURCES += sys/socket.h
+
+# We need the following in order to create <sys/socket.h> when the system
+# doesn't have one that works with the given compiler.
+#sys/socket.h: sys_socket.in.h $(CXXDEFS_H) $(WARN_ON_USE_H) $(ARG_NONNULL_H)
+# $(AM_V_at)$(MKDIR_P) sys
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_SYS_SOCKET_H''@|$(NEXT_SYS_SOCKET_H)|g' \
+# -e 's|@''HAVE_SYS_SOCKET_H''@|$(HAVE_SYS_SOCKET_H)|g' \
+# -e 's|@''GNULIB_CLOSE''@|$(GNULIB_CLOSE)|g' \
+# -e 's|@''GNULIB_SOCKET''@|$(GNULIB_SOCKET)|g' \
+# -e 's|@''GNULIB_CONNECT''@|$(GNULIB_CONNECT)|g' \
+# -e 's|@''GNULIB_ACCEPT''@|$(GNULIB_ACCEPT)|g' \
+# -e 's|@''GNULIB_BIND''@|$(GNULIB_BIND)|g' \
+# -e 's|@''GNULIB_GETPEERNAME''@|$(GNULIB_GETPEERNAME)|g' \
+# -e 's|@''GNULIB_GETSOCKNAME''@|$(GNULIB_GETSOCKNAME)|g' \
+# -e 's|@''GNULIB_GETSOCKOPT''@|$(GNULIB_GETSOCKOPT)|g' \
+# -e 's|@''GNULIB_LISTEN''@|$(GNULIB_LISTEN)|g' \
+# -e 's|@''GNULIB_RECV''@|$(GNULIB_RECV)|g' \
+# -e 's|@''GNULIB_SEND''@|$(GNULIB_SEND)|g' \
+# -e 's|@''GNULIB_RECVFROM''@|$(GNULIB_RECVFROM)|g' \
+# -e 's|@''GNULIB_SENDTO''@|$(GNULIB_SENDTO)|g' \
+# -e 's|@''GNULIB_SETSOCKOPT''@|$(GNULIB_SETSOCKOPT)|g' \
+# -e 's|@''GNULIB_SHUTDOWN''@|$(GNULIB_SHUTDOWN)|g' \
+# -e 's|@''GNULIB_ACCEPT4''@|$(GNULIB_ACCEPT4)|g' \
+# -e 's|@''HAVE_WINSOCK2_H''@|$(HAVE_WINSOCK2_H)|g' \
+# -e 's|@''HAVE_WS2TCPIP_H''@|$(HAVE_WS2TCPIP_H)|g' \
+# -e 's|@''HAVE_STRUCT_SOCKADDR_STORAGE''@|$(HAVE_STRUCT_SOCKADDR_STORAGE)|g' \
+# -e 's|@''HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY''@|$(HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY)|g' \
+# -e 's|@''HAVE_SA_FAMILY_T''@|$(HAVE_SA_FAMILY_T)|g' \
+# -e 's|@''HAVE_ACCEPT4''@|$(HAVE_ACCEPT4)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/sys_socket.in.h; \
+# } > $@-t && \
+# mv -f $@-t $@
+#MOSTLYCLEANFILES += sys/socket.h sys/socket.h-t
+#MOSTLYCLEANDIRS += sys
+#
+#EXTRA_DIST += sys_socket.in.h
+
+## end gnulib module sys_socket
+
+## begin gnulib module sys_stat
+
+#BUILT_SOURCES += sys/stat.h
+
+# We need the following in order to create <sys/stat.h> when the system
+# has one that is incomplete.
+#sys/stat.h: sys_stat.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_at)$(MKDIR_P) sys
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_SYS_STAT_H''@|$(NEXT_SYS_STAT_H)|g' \
+# -e 's|@''GNULIB_FCHMODAT''@|$(GNULIB_FCHMODAT)|g' \
+# -e 's|@''GNULIB_FSTATAT''@|$(GNULIB_FSTATAT)|g' \
+# -e 's|@''GNULIB_FUTIMENS''@|$(GNULIB_FUTIMENS)|g' \
+# -e 's|@''GNULIB_LCHMOD''@|$(GNULIB_LCHMOD)|g' \
+# -e 's|@''GNULIB_LSTAT''@|$(GNULIB_LSTAT)|g' \
+# -e 's|@''GNULIB_MKDIRAT''@|$(GNULIB_MKDIRAT)|g' \
+# -e 's|@''GNULIB_MKFIFO''@|$(GNULIB_MKFIFO)|g' \
+# -e 's|@''GNULIB_MKFIFOAT''@|$(GNULIB_MKFIFOAT)|g' \
+# -e 's|@''GNULIB_MKNOD''@|$(GNULIB_MKNOD)|g' \
+# -e 's|@''GNULIB_MKNODAT''@|$(GNULIB_MKNODAT)|g' \
+# -e 's|@''GNULIB_STAT''@|$(GNULIB_STAT)|g' \
+# -e 's|@''GNULIB_UTIMENSAT''@|$(GNULIB_UTIMENSAT)|g' \
+# -e 's|@''HAVE_FCHMODAT''@|$(HAVE_FCHMODAT)|g' \
+# -e 's|@''HAVE_FSTATAT''@|$(HAVE_FSTATAT)|g' \
+# -e 's|@''HAVE_FUTIMENS''@|$(HAVE_FUTIMENS)|g' \
+# -e 's|@''HAVE_LCHMOD''@|$(HAVE_LCHMOD)|g' \
+# -e 's|@''HAVE_LSTAT''@|$(HAVE_LSTAT)|g' \
+# -e 's|@''HAVE_MKDIRAT''@|$(HAVE_MKDIRAT)|g' \
+# -e 's|@''HAVE_MKFIFO''@|$(HAVE_MKFIFO)|g' \
+# -e 's|@''HAVE_MKFIFOAT''@|$(HAVE_MKFIFOAT)|g' \
+# -e 's|@''HAVE_MKNOD''@|$(HAVE_MKNOD)|g' \
+# -e 's|@''HAVE_MKNODAT''@|$(HAVE_MKNODAT)|g' \
+# -e 's|@''HAVE_UTIMENSAT''@|$(HAVE_UTIMENSAT)|g' \
+# -e 's|@''REPLACE_FSTAT''@|$(REPLACE_FSTAT)|g' \
+# -e 's|@''REPLACE_FSTATAT''@|$(REPLACE_FSTATAT)|g' \
+# -e 's|@''REPLACE_FUTIMENS''@|$(REPLACE_FUTIMENS)|g' \
+# -e 's|@''REPLACE_LSTAT''@|$(REPLACE_LSTAT)|g' \
+# -e 's|@''REPLACE_MKDIR''@|$(REPLACE_MKDIR)|g' \
+# -e 's|@''REPLACE_MKFIFO''@|$(REPLACE_MKFIFO)|g' \
+# -e 's|@''REPLACE_MKNOD''@|$(REPLACE_MKNOD)|g' \
+# -e 's|@''REPLACE_STAT''@|$(REPLACE_STAT)|g' \
+# -e 's|@''REPLACE_UTIMENSAT''@|$(REPLACE_UTIMENSAT)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/sys_stat.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += sys/stat.h sys/stat.h-t
+#MOSTLYCLEANDIRS += sys
+#
+#EXTRA_DIST += sys_stat.in.h
+
+## end gnulib module sys_stat
+
+## begin gnulib module time
+
+#BUILT_SOURCES += time.h
+
+# We need the following in order to create <time.h> when the system
+# doesn't have one that works with the given compiler.
+#time.h: time.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_TIME_H''@|$(NEXT_TIME_H)|g' \
+# -e 's|@''GNULIB_MKTIME''@|$(GNULIB_MKTIME)|g' \
+# -e 's|@''GNULIB_NANOSLEEP''@|$(GNULIB_NANOSLEEP)|g' \
+# -e 's|@''GNULIB_STRPTIME''@|$(GNULIB_STRPTIME)|g' \
+# -e 's|@''GNULIB_TIMEGM''@|$(GNULIB_TIMEGM)|g' \
+# -e 's|@''GNULIB_TIME_R''@|$(GNULIB_TIME_R)|g' \
+# -e 's|@''HAVE_DECL_LOCALTIME_R''@|$(HAVE_DECL_LOCALTIME_R)|g' \
+# -e 's|@''HAVE_NANOSLEEP''@|$(HAVE_NANOSLEEP)|g' \
+# -e 's|@''HAVE_STRPTIME''@|$(HAVE_STRPTIME)|g' \
+# -e 's|@''HAVE_TIMEGM''@|$(HAVE_TIMEGM)|g' \
+# -e 's|@''REPLACE_LOCALTIME_R''@|$(REPLACE_LOCALTIME_R)|g' \
+# -e 's|@''REPLACE_MKTIME''@|$(REPLACE_MKTIME)|g' \
+# -e 's|@''REPLACE_NANOSLEEP''@|$(REPLACE_NANOSLEEP)|g' \
+# -e 's|@''REPLACE_TIMEGM''@|$(REPLACE_TIMEGM)|g' \
+# -e 's|@''PTHREAD_H_DEFINES_STRUCT_TIMESPEC''@|$(PTHREAD_H_DEFINES_STRUCT_TIMESPEC)|g' \
+# -e 's|@''SYS_TIME_H_DEFINES_STRUCT_TIMESPEC''@|$(SYS_TIME_H_DEFINES_STRUCT_TIMESPEC)|g' \
+# -e 's|@''TIME_H_DEFINES_STRUCT_TIMESPEC''@|$(TIME_H_DEFINES_STRUCT_TIMESPEC)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/time.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += time.h time.h-t
+#
+#EXTRA_DIST += time.in.h
+
+## end gnulib module time
+
+## begin gnulib module time_r
+
+
+#EXTRA_DIST += time_r.c
+
+#EXTRA_liblgnu_la_SOURCES += time_r.c
+
+## end gnulib module time_r
+
+## begin gnulib module unistd
+
+#BUILT_SOURCES += unistd.h
+
+# We need the following in order to create an empty placeholder for
+# <unistd.h> when the system doesn't have one.
+#unistd.h: unistd.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''HAVE_UNISTD_H''@|$(HAVE_UNISTD_H)|g' \
+# -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_UNISTD_H''@|$(NEXT_UNISTD_H)|g' \
+# -e 's|@''GNULIB_CHOWN''@|$(GNULIB_CHOWN)|g' \
+# -e 's|@''GNULIB_CLOSE''@|$(GNULIB_CLOSE)|g' \
+# -e 's|@''GNULIB_DUP2''@|$(GNULIB_DUP2)|g' \
+# -e 's|@''GNULIB_DUP3''@|$(GNULIB_DUP3)|g' \
+# -e 's|@''GNULIB_ENVIRON''@|$(GNULIB_ENVIRON)|g' \
+# -e 's|@''GNULIB_EUIDACCESS''@|$(GNULIB_EUIDACCESS)|g' \
+# -e 's|@''GNULIB_FACCESSAT''@|$(GNULIB_FACCESSAT)|g' \
+# -e 's|@''GNULIB_FCHDIR''@|$(GNULIB_FCHDIR)|g' \
+# -e 's|@''GNULIB_FCHOWNAT''@|$(GNULIB_FCHOWNAT)|g' \
+# -e 's|@''GNULIB_FSYNC''@|$(GNULIB_FSYNC)|g' \
+# -e 's|@''GNULIB_FTRUNCATE''@|$(GNULIB_FTRUNCATE)|g' \
+# -e 's|@''GNULIB_GETCWD''@|$(GNULIB_GETCWD)|g' \
+# -e 's|@''GNULIB_GETDOMAINNAME''@|$(GNULIB_GETDOMAINNAME)|g' \
+# -e 's|@''GNULIB_GETDTABLESIZE''@|$(GNULIB_GETDTABLESIZE)|g' \
+# -e 's|@''GNULIB_GETGROUPS''@|$(GNULIB_GETGROUPS)|g' \
+# -e 's|@''GNULIB_GETHOSTNAME''@|$(GNULIB_GETHOSTNAME)|g' \
+# -e 's|@''GNULIB_GETLOGIN''@|$(GNULIB_GETLOGIN)|g' \
+# -e 's|@''GNULIB_GETLOGIN_R''@|$(GNULIB_GETLOGIN_R)|g' \
+# -e 's|@''GNULIB_GETPAGESIZE''@|$(GNULIB_GETPAGESIZE)|g' \
+# -e 's|@''GNULIB_GETUSERSHELL''@|$(GNULIB_GETUSERSHELL)|g' \
+# -e 's|@''GNULIB_LCHOWN''@|$(GNULIB_LCHOWN)|g' \
+# -e 's|@''GNULIB_LINK''@|$(GNULIB_LINK)|g' \
+# -e 's|@''GNULIB_LINKAT''@|$(GNULIB_LINKAT)|g' \
+# -e 's|@''GNULIB_LSEEK''@|$(GNULIB_LSEEK)|g' \
+# -e 's|@''GNULIB_PIPE''@|$(GNULIB_PIPE)|g' \
+# -e 's|@''GNULIB_PIPE2''@|$(GNULIB_PIPE2)|g' \
+# -e 's|@''GNULIB_PREAD''@|$(GNULIB_PREAD)|g' \
+# -e 's|@''GNULIB_PWRITE''@|$(GNULIB_PWRITE)|g' \
+# -e 's|@''GNULIB_READLINK''@|$(GNULIB_READLINK)|g' \
+# -e 's|@''GNULIB_READLINKAT''@|$(GNULIB_READLINKAT)|g' \
+# -e 's|@''GNULIB_RMDIR''@|$(GNULIB_RMDIR)|g' \
+# -e 's|@''GNULIB_SLEEP''@|$(GNULIB_SLEEP)|g' \
+# -e 's|@''GNULIB_SYMLINK''@|$(GNULIB_SYMLINK)|g' \
+# -e 's|@''GNULIB_SYMLINKAT''@|$(GNULIB_SYMLINKAT)|g' \
+# -e 's|@''GNULIB_TTYNAME_R''@|$(GNULIB_TTYNAME_R)|g' \
+# -e 's|@''GNULIB_UNISTD_H_GETOPT''@|$(GNULIB_UNISTD_H_GETOPT)|g' \
+# -e 's|@''GNULIB_UNISTD_H_SIGPIPE''@|$(GNULIB_UNISTD_H_SIGPIPE)|g' \
+# -e 's|@''GNULIB_UNLINK''@|$(GNULIB_UNLINK)|g' \
+# -e 's|@''GNULIB_UNLINKAT''@|$(GNULIB_UNLINKAT)|g' \
+# -e 's|@''GNULIB_USLEEP''@|$(GNULIB_USLEEP)|g' \
+# -e 's|@''GNULIB_WRITE''@|$(GNULIB_WRITE)|g' \
+# < $(srcdir)/unistd.in.h | \
+# sed -e 's|@''HAVE_CHOWN''@|$(HAVE_CHOWN)|g' \
+# -e 's|@''HAVE_DUP2''@|$(HAVE_DUP2)|g' \
+# -e 's|@''HAVE_DUP3''@|$(HAVE_DUP3)|g' \
+# -e 's|@''HAVE_EUIDACCESS''@|$(HAVE_EUIDACCESS)|g' \
+# -e 's|@''HAVE_FACCESSAT''@|$(HAVE_FACCESSAT)|g' \
+# -e 's|@''HAVE_FCHDIR''@|$(HAVE_FCHDIR)|g' \
+# -e 's|@''HAVE_FCHOWNAT''@|$(HAVE_FCHOWNAT)|g' \
+# -e 's|@''HAVE_FSYNC''@|$(HAVE_FSYNC)|g' \
+# -e 's|@''HAVE_FTRUNCATE''@|$(HAVE_FTRUNCATE)|g' \
+# -e 's|@''HAVE_GETDTABLESIZE''@|$(HAVE_GETDTABLESIZE)|g' \
+# -e 's|@''HAVE_GETGROUPS''@|$(HAVE_GETGROUPS)|g' \
+# -e 's|@''HAVE_GETHOSTNAME''@|$(HAVE_GETHOSTNAME)|g' \
+# -e 's|@''HAVE_GETLOGIN''@|$(HAVE_GETLOGIN)|g' \
+# -e 's|@''HAVE_GETPAGESIZE''@|$(HAVE_GETPAGESIZE)|g' \
+# -e 's|@''HAVE_LCHOWN''@|$(HAVE_LCHOWN)|g' \
+# -e 's|@''HAVE_LINK''@|$(HAVE_LINK)|g' \
+# -e 's|@''HAVE_LINKAT''@|$(HAVE_LINKAT)|g' \
+# -e 's|@''HAVE_PIPE''@|$(HAVE_PIPE)|g' \
+# -e 's|@''HAVE_PIPE2''@|$(HAVE_PIPE2)|g' \
+# -e 's|@''HAVE_PREAD''@|$(HAVE_PREAD)|g' \
+# -e 's|@''HAVE_PWRITE''@|$(HAVE_PWRITE)|g' \
+# -e 's|@''HAVE_READLINK''@|$(HAVE_READLINK)|g' \
+# -e 's|@''HAVE_READLINKAT''@|$(HAVE_READLINKAT)|g' \
+# -e 's|@''HAVE_SLEEP''@|$(HAVE_SLEEP)|g' \
+# -e 's|@''HAVE_SYMLINK''@|$(HAVE_SYMLINK)|g' \
+# -e 's|@''HAVE_SYMLINKAT''@|$(HAVE_SYMLINKAT)|g' \
+# -e 's|@''HAVE_UNLINKAT''@|$(HAVE_UNLINKAT)|g' \
+# -e 's|@''HAVE_USLEEP''@|$(HAVE_USLEEP)|g' \
+# -e 's|@''HAVE_DECL_ENVIRON''@|$(HAVE_DECL_ENVIRON)|g' \
+# -e 's|@''HAVE_DECL_FCHDIR''@|$(HAVE_DECL_FCHDIR)|g' \
+# -e 's|@''HAVE_DECL_GETDOMAINNAME''@|$(HAVE_DECL_GETDOMAINNAME)|g' \
+# -e 's|@''HAVE_DECL_GETLOGIN_R''@|$(HAVE_DECL_GETLOGIN_R)|g' \
+# -e 's|@''HAVE_DECL_GETPAGESIZE''@|$(HAVE_DECL_GETPAGESIZE)|g' \
+# -e 's|@''HAVE_DECL_GETUSERSHELL''@|$(HAVE_DECL_GETUSERSHELL)|g' \
+# -e 's|@''HAVE_DECL_TTYNAME_R''@|$(HAVE_DECL_TTYNAME_R)|g' \
+# -e 's|@''HAVE_OS_H''@|$(HAVE_OS_H)|g' \
+# -e 's|@''HAVE_SYS_PARAM_H''@|$(HAVE_SYS_PARAM_H)|g' \
+# | \
+# sed -e 's|@''REPLACE_CHOWN''@|$(REPLACE_CHOWN)|g' \
+# -e 's|@''REPLACE_CLOSE''@|$(REPLACE_CLOSE)|g' \
+# -e 's|@''REPLACE_DUP''@|$(REPLACE_DUP)|g' \
+# -e 's|@''REPLACE_DUP2''@|$(REPLACE_DUP2)|g' \
+# -e 's|@''REPLACE_FCHOWNAT''@|$(REPLACE_FCHOWNAT)|g' \
+# -e 's|@''REPLACE_GETCWD''@|$(REPLACE_GETCWD)|g' \
+# -e 's|@''REPLACE_GETDOMAINNAME''@|$(REPLACE_GETDOMAINNAME)|g' \
+# -e 's|@''REPLACE_GETLOGIN_R''@|$(REPLACE_GETLOGIN_R)|g' \
+# -e 's|@''REPLACE_GETGROUPS''@|$(REPLACE_GETGROUPS)|g' \
+# -e 's|@''REPLACE_GETPAGESIZE''@|$(REPLACE_GETPAGESIZE)|g' \
+# -e 's|@''REPLACE_LCHOWN''@|$(REPLACE_LCHOWN)|g' \
+# -e 's|@''REPLACE_LINK''@|$(REPLACE_LINK)|g' \
+# -e 's|@''REPLACE_LINKAT''@|$(REPLACE_LINKAT)|g' \
+# -e 's|@''REPLACE_LSEEK''@|$(REPLACE_LSEEK)|g' \
+# -e 's|@''REPLACE_PREAD''@|$(REPLACE_PREAD)|g' \
+# -e 's|@''REPLACE_PWRITE''@|$(REPLACE_PWRITE)|g' \
+# -e 's|@''REPLACE_READLINK''@|$(REPLACE_READLINK)|g' \
+# -e 's|@''REPLACE_RMDIR''@|$(REPLACE_RMDIR)|g' \
+# -e 's|@''REPLACE_SLEEP''@|$(REPLACE_SLEEP)|g' \
+# -e 's|@''REPLACE_SYMLINK''@|$(REPLACE_SYMLINK)|g' \
+# -e 's|@''REPLACE_TTYNAME_R''@|$(REPLACE_TTYNAME_R)|g' \
+# -e 's|@''REPLACE_UNLINK''@|$(REPLACE_UNLINK)|g' \
+# -e 's|@''REPLACE_UNLINKAT''@|$(REPLACE_UNLINKAT)|g' \
+# -e 's|@''REPLACE_USLEEP''@|$(REPLACE_USLEEP)|g' \
+# -e 's|@''REPLACE_WRITE''@|$(REPLACE_WRITE)|g' \
+# -e 's|@''UNISTD_H_HAVE_WINSOCK2_H''@|$(UNISTD_H_HAVE_WINSOCK2_H)|g' \
+# -e 's|@''UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS''@|$(UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += unistd.h unistd.h-t
+#
+#EXTRA_DIST += unistd.in.h
+
+## end gnulib module unistd
+
+## begin gnulib module vasnprintf
+
+
+EXTRA_DIST += asnprintf.c float+.h printf-args.c printf-args.h printf-parse.c printf-parse.h vasnprintf.c vasnprintf.h
+
+EXTRA_liblgnu_la_SOURCES += asnprintf.c printf-args.c printf-parse.c vasnprintf.c
+
+## end gnulib module vasnprintf
+
+## begin gnulib module vasprintf
+
+
+EXTRA_DIST += asprintf.c vasprintf.c
+
+EXTRA_liblgnu_la_SOURCES += asprintf.c vasprintf.c
+
+## end gnulib module vasprintf
+
+## begin gnulib module verify
+
+liblgnu_la_SOURCES += verify.h
+
+## end gnulib module verify
+
+## begin gnulib module vsnprintf
+
+
+EXTRA_DIST += vsnprintf.c
+
+EXTRA_liblgnu_la_SOURCES += vsnprintf.c
+
+## end gnulib module vsnprintf
+
+## begin gnulib module warn-on-use
+
+#BUILT_SOURCES += warn-on-use.h
+# The warn-on-use.h that gets inserted into generated .h files is the same as
+# build-aux/warn-on-use.h, except that it has the copyright header cut off.
+#warn-on-use.h: $(top_srcdir)/build-aux/warn-on-use.h
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# sed -n -e '/^.ifndef/,$$p' \
+# < $(top_srcdir)/build-aux/warn-on-use.h \
+# > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += warn-on-use.h warn-on-use.h-t
+
+#WARN_ON_USE_H=warn-on-use.h
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/warn-on-use.h
+
+## end gnulib module warn-on-use
+
+## begin gnulib module xsize
+
+liblgnu_la_SOURCES += xsize.h
+
+## end gnulib module xsize
+
+
+mostlyclean-local: mostlyclean-generic
+ @for dir in '' $(MOSTLYCLEANDIRS); do \
+ if test -n "$$dir" && test -d $$dir; then \
+ echo "rmdir $$dir"; rmdir $$dir; \
+ fi; \
+ done; \
+ :
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2002-2011 Free Software Foundation, Inc.
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# Generated by gnulib-tool.
+# Reproduce by: gnulib-tool --import --dir=. --local-dir=gl/override --lib=liblgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lseek-tests --lgpl=2 --libtool --macro-prefix=lgl --no-vc-files byteswap c-ctype fseeko func gettext lib-msvc-compat lib-symbol-versions memmem-simple minmax netdb read-file snprintf sockets socklen stdint strcase strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = gl
+DIST_COMMON = $(noinst_HEADERS) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LIBRARIES = $(noinst_LIBRARIES)
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+am_liblgnu_la_OBJECTS = c-ctype.lo close-hook.lo read-file.lo \
+ sockets.lo
+liblgnu_la_OBJECTS = $(am_liblgnu_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+liblgnu_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(liblgnu_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(liblgnu_la_SOURCES) $(EXTRA_liblgnu_la_SOURCES)
+DIST_SOURCES = $(liblgnu_la_SOURCES) $(EXTRA_liblgnu_la_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+HEADERS = $(noinst_HEADERS)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AUTOMAKE_OPTIONS = 1.5 gnits
+SUBDIRS =
+noinst_HEADERS =
+noinst_LIBRARIES =
+noinst_LTLIBRARIES = liblgnu.la
+#Don't make test
+#SUBDIRS += tests
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/config.rpath
+
+#BUILT_SOURCES += netdb.h
+
+# We need the following in order to create <netdb.h> when the system
+# doesn't have one that works with the given compiler.
+#netdb.h: netdb.in.h $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_NETDB_H''@|$(NEXT_NETDB_H)|g' \
+# -e 's|@''HAVE_NETDB_H''@|$(HAVE_NETDB_H)|g' \
+# -e 's|@''GNULIB_GETADDRINFO''@|$(GNULIB_GETADDRINFO)|g' \
+# -e 's|@''HAVE_STRUCT_ADDRINFO''@|$(HAVE_STRUCT_ADDRINFO)|g' \
+# -e 's|@''HAVE_DECL_FREEADDRINFO''@|$(HAVE_DECL_FREEADDRINFO)|g' \
+# -e 's|@''HAVE_DECL_GAI_STRERROR''@|$(HAVE_DECL_GAI_STRERROR)|g' \
+# -e 's|@''HAVE_DECL_GETADDRINFO''@|$(HAVE_DECL_GETADDRINFO)|g' \
+# -e 's|@''HAVE_DECL_GETNAMEINFO''@|$(HAVE_DECL_GETNAMEINFO)|g' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/netdb.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += netdb.h netdb.h-t
+
+#EXTRA_DIST += netdb.in.h
+
+#BUILT_SOURCES += stdio.h
+
+# We need the following in order to create <stdio.h> when the system
+# doesn't have one that works with the given compiler.
+#stdio.h: stdio.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STDIO_H''@|$(NEXT_STDIO_H)|g' \
+# -e 's|@''GNULIB_DPRINTF''@|$(GNULIB_DPRINTF)|g' \
+# -e 's|@''GNULIB_FCLOSE''@|$(GNULIB_FCLOSE)|g' \
+# -e 's|@''GNULIB_FFLUSH''@|$(GNULIB_FFLUSH)|g' \
+# -e 's|@''GNULIB_FOPEN''@|$(GNULIB_FOPEN)|g' \
+# -e 's|@''GNULIB_FPRINTF''@|$(GNULIB_FPRINTF)|g' \
+# -e 's|@''GNULIB_FPRINTF_POSIX''@|$(GNULIB_FPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_FPURGE''@|$(GNULIB_FPURGE)|g' \
+# -e 's|@''GNULIB_FPUTC''@|$(GNULIB_FPUTC)|g' \
+# -e 's|@''GNULIB_FPUTS''@|$(GNULIB_FPUTS)|g' \
+# -e 's|@''GNULIB_FREOPEN''@|$(GNULIB_FREOPEN)|g' \
+# -e 's|@''GNULIB_FSEEK''@|$(GNULIB_FSEEK)|g' \
+# -e 's|@''GNULIB_FSEEKO''@|$(GNULIB_FSEEKO)|g' \
+# -e 's|@''GNULIB_FTELL''@|$(GNULIB_FTELL)|g' \
+# -e 's|@''GNULIB_FTELLO''@|$(GNULIB_FTELLO)|g' \
+# -e 's|@''GNULIB_FWRITE''@|$(GNULIB_FWRITE)|g' \
+# -e 's|@''GNULIB_GETDELIM''@|$(GNULIB_GETDELIM)|g' \
+# -e 's|@''GNULIB_GETLINE''@|$(GNULIB_GETLINE)|g' \
+# -e 's|@''GNULIB_OBSTACK_PRINTF''@|$(GNULIB_OBSTACK_PRINTF)|g' \
+# -e 's|@''GNULIB_OBSTACK_PRINTF_POSIX''@|$(GNULIB_OBSTACK_PRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_PERROR''@|$(GNULIB_PERROR)|g' \
+# -e 's|@''GNULIB_POPEN''@|$(GNULIB_POPEN)|g' \
+# -e 's|@''GNULIB_PRINTF''@|$(GNULIB_PRINTF)|g' \
+# -e 's|@''GNULIB_PRINTF_POSIX''@|$(GNULIB_PRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_PUTC''@|$(GNULIB_PUTC)|g' \
+# -e 's|@''GNULIB_PUTCHAR''@|$(GNULIB_PUTCHAR)|g' \
+# -e 's|@''GNULIB_PUTS''@|$(GNULIB_PUTS)|g' \
+# -e 's|@''GNULIB_REMOVE''@|$(GNULIB_REMOVE)|g' \
+# -e 's|@''GNULIB_RENAME''@|$(GNULIB_RENAME)|g' \
+# -e 's|@''GNULIB_RENAMEAT''@|$(GNULIB_RENAMEAT)|g' \
+# -e 's|@''GNULIB_SNPRINTF''@|$(GNULIB_SNPRINTF)|g' \
+# -e 's|@''GNULIB_SPRINTF_POSIX''@|$(GNULIB_SPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_STDIO_H_SIGPIPE''@|$(GNULIB_STDIO_H_SIGPIPE)|g' \
+# -e 's|@''GNULIB_TMPFILE''@|$(GNULIB_TMPFILE)|g' \
+# -e 's|@''GNULIB_VASPRINTF''@|$(GNULIB_VASPRINTF)|g' \
+# -e 's|@''GNULIB_VDPRINTF''@|$(GNULIB_VDPRINTF)|g' \
+# -e 's|@''GNULIB_VFPRINTF''@|$(GNULIB_VFPRINTF)|g' \
+# -e 's|@''GNULIB_VFPRINTF_POSIX''@|$(GNULIB_VFPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_VPRINTF''@|$(GNULIB_VPRINTF)|g' \
+# -e 's|@''GNULIB_VPRINTF_POSIX''@|$(GNULIB_VPRINTF_POSIX)|g' \
+# -e 's|@''GNULIB_VSNPRINTF''@|$(GNULIB_VSNPRINTF)|g' \
+# -e 's|@''GNULIB_VSPRINTF_POSIX''@|$(GNULIB_VSPRINTF_POSIX)|g' \
+# < $(srcdir)/stdio.in.h | \
+# sed -e 's|@''HAVE_DECL_FPURGE''@|$(HAVE_DECL_FPURGE)|g' \
+# -e 's|@''HAVE_DECL_FSEEKO''@|$(HAVE_DECL_FSEEKO)|g' \
+# -e 's|@''HAVE_DECL_FTELLO''@|$(HAVE_DECL_FTELLO)|g' \
+# -e 's|@''HAVE_DECL_GETDELIM''@|$(HAVE_DECL_GETDELIM)|g' \
+# -e 's|@''HAVE_DECL_GETLINE''@|$(HAVE_DECL_GETLINE)|g' \
+# -e 's|@''HAVE_DECL_OBSTACK_PRINTF''@|$(HAVE_DECL_OBSTACK_PRINTF)|g' \
+# -e 's|@''HAVE_DECL_SNPRINTF''@|$(HAVE_DECL_SNPRINTF)|g' \
+# -e 's|@''HAVE_DECL_VSNPRINTF''@|$(HAVE_DECL_VSNPRINTF)|g' \
+# -e 's|@''HAVE_DPRINTF''@|$(HAVE_DPRINTF)|g' \
+# -e 's|@''HAVE_FSEEKO''@|$(HAVE_FSEEKO)|g' \
+# -e 's|@''HAVE_FTELLO''@|$(HAVE_FTELLO)|g' \
+# -e 's|@''HAVE_RENAMEAT''@|$(HAVE_RENAMEAT)|g' \
+# -e 's|@''HAVE_VASPRINTF''@|$(HAVE_VASPRINTF)|g' \
+# -e 's|@''HAVE_VDPRINTF''@|$(HAVE_VDPRINTF)|g' \
+# -e 's|@''REPLACE_DPRINTF''@|$(REPLACE_DPRINTF)|g' \
+# -e 's|@''REPLACE_FCLOSE''@|$(REPLACE_FCLOSE)|g' \
+# -e 's|@''REPLACE_FFLUSH''@|$(REPLACE_FFLUSH)|g' \
+# -e 's|@''REPLACE_FOPEN''@|$(REPLACE_FOPEN)|g' \
+# -e 's|@''REPLACE_FPRINTF''@|$(REPLACE_FPRINTF)|g' \
+# -e 's|@''REPLACE_FPURGE''@|$(REPLACE_FPURGE)|g' \
+# -e 's|@''REPLACE_FREOPEN''@|$(REPLACE_FREOPEN)|g' \
+# -e 's|@''REPLACE_FSEEK''@|$(REPLACE_FSEEK)|g' \
+# -e 's|@''REPLACE_FSEEKO''@|$(REPLACE_FSEEKO)|g' \
+# -e 's|@''REPLACE_FTELL''@|$(REPLACE_FTELL)|g' \
+# -e 's|@''REPLACE_FTELLO''@|$(REPLACE_FTELLO)|g' \
+# -e 's|@''REPLACE_GETDELIM''@|$(REPLACE_GETDELIM)|g' \
+# -e 's|@''REPLACE_GETLINE''@|$(REPLACE_GETLINE)|g' \
+# -e 's|@''REPLACE_OBSTACK_PRINTF''@|$(REPLACE_OBSTACK_PRINTF)|g' \
+# -e 's|@''REPLACE_PERROR''@|$(REPLACE_PERROR)|g' \
+# -e 's|@''REPLACE_POPEN''@|$(REPLACE_POPEN)|g' \
+# -e 's|@''REPLACE_PRINTF''@|$(REPLACE_PRINTF)|g' \
+# -e 's|@''REPLACE_REMOVE''@|$(REPLACE_REMOVE)|g' \
+# -e 's|@''REPLACE_RENAME''@|$(REPLACE_RENAME)|g' \
+# -e 's|@''REPLACE_RENAMEAT''@|$(REPLACE_RENAMEAT)|g' \
+# -e 's|@''REPLACE_SNPRINTF''@|$(REPLACE_SNPRINTF)|g' \
+# -e 's|@''REPLACE_SPRINTF''@|$(REPLACE_SPRINTF)|g' \
+# -e 's|@''REPLACE_STDIO_WRITE_FUNCS''@|$(REPLACE_STDIO_WRITE_FUNCS)|g' \
+# -e 's|@''REPLACE_TMPFILE''@|$(REPLACE_TMPFILE)|g' \
+# -e 's|@''REPLACE_VASPRINTF''@|$(REPLACE_VASPRINTF)|g' \
+# -e 's|@''REPLACE_VDPRINTF''@|$(REPLACE_VDPRINTF)|g' \
+# -e 's|@''REPLACE_VFPRINTF''@|$(REPLACE_VFPRINTF)|g' \
+# -e 's|@''REPLACE_VPRINTF''@|$(REPLACE_VPRINTF)|g' \
+# -e 's|@''REPLACE_VSNPRINTF''@|$(REPLACE_VSNPRINTF)|g' \
+# -e 's|@''REPLACE_VSPRINTF''@|$(REPLACE_VSPRINTF)|g' \
+# -e 's|@''ASM_SYMBOL_PREFIX''@|$(ASM_SYMBOL_PREFIX)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += stdio.h stdio.h-t
+
+#EXTRA_DIST += stdio-write.c stdio.in.h
+
+#EXTRA_liblgnu_la_SOURCES += stdio-write.c
+
+#BUILT_SOURCES += stdlib.h
+
+# We need the following in order to create <stdlib.h> when the system
+# doesn't have one that works with the given compiler.
+#stdlib.h: stdlib.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STDLIB_H''@|$(NEXT_STDLIB_H)|g' \
+# -e 's|@''GNULIB__EXIT''@|$(GNULIB__EXIT)|g' \
+# -e 's|@''GNULIB_ATOLL''@|$(GNULIB_ATOLL)|g' \
+# -e 's|@''GNULIB_CALLOC_POSIX''@|$(GNULIB_CALLOC_POSIX)|g' \
+# -e 's|@''GNULIB_CANONICALIZE_FILE_NAME''@|$(GNULIB_CANONICALIZE_FILE_NAME)|g' \
+# -e 's|@''GNULIB_GETLOADAVG''@|$(GNULIB_GETLOADAVG)|g' \
+# -e 's|@''GNULIB_GETSUBOPT''@|$(GNULIB_GETSUBOPT)|g' \
+# -e 's|@''GNULIB_GRANTPT''@|$(GNULIB_GRANTPT)|g' \
+# -e 's|@''GNULIB_MALLOC_POSIX''@|$(GNULIB_MALLOC_POSIX)|g' \
+# -e 's|@''GNULIB_MKDTEMP''@|$(GNULIB_MKDTEMP)|g' \
+# -e 's|@''GNULIB_MKOSTEMP''@|$(GNULIB_MKOSTEMP)|g' \
+# -e 's|@''GNULIB_MKOSTEMPS''@|$(GNULIB_MKOSTEMPS)|g' \
+# -e 's|@''GNULIB_MKSTEMP''@|$(GNULIB_MKSTEMP)|g' \
+# -e 's|@''GNULIB_MKSTEMPS''@|$(GNULIB_MKSTEMPS)|g' \
+# -e 's|@''GNULIB_PTSNAME''@|$(GNULIB_PTSNAME)|g' \
+# -e 's|@''GNULIB_PUTENV''@|$(GNULIB_PUTENV)|g' \
+# -e 's|@''GNULIB_RANDOM_R''@|$(GNULIB_RANDOM_R)|g' \
+# -e 's|@''GNULIB_REALLOC_POSIX''@|$(GNULIB_REALLOC_POSIX)|g' \
+# -e 's|@''GNULIB_REALPATH''@|$(GNULIB_REALPATH)|g' \
+# -e 's|@''GNULIB_RPMATCH''@|$(GNULIB_RPMATCH)|g' \
+# -e 's|@''GNULIB_SETENV''@|$(GNULIB_SETENV)|g' \
+# -e 's|@''GNULIB_STRTOD''@|$(GNULIB_STRTOD)|g' \
+# -e 's|@''GNULIB_STRTOLL''@|$(GNULIB_STRTOLL)|g' \
+# -e 's|@''GNULIB_STRTOULL''@|$(GNULIB_STRTOULL)|g' \
+# -e 's|@''GNULIB_SYSTEM_POSIX''@|$(GNULIB_SYSTEM_POSIX)|g' \
+# -e 's|@''GNULIB_UNLOCKPT''@|$(GNULIB_UNLOCKPT)|g' \
+# -e 's|@''GNULIB_UNSETENV''@|$(GNULIB_UNSETENV)|g' \
+# < $(srcdir)/stdlib.in.h | \
+# sed -e 's|@''HAVE__EXIT''@|$(HAVE__EXIT)|g' \
+# -e 's|@''HAVE_ATOLL''@|$(HAVE_ATOLL)|g' \
+# -e 's|@''HAVE_CANONICALIZE_FILE_NAME''@|$(HAVE_CANONICALIZE_FILE_NAME)|g' \
+# -e 's|@''HAVE_DECL_GETLOADAVG''@|$(HAVE_DECL_GETLOADAVG)|g' \
+# -e 's|@''HAVE_GETSUBOPT''@|$(HAVE_GETSUBOPT)|g' \
+# -e 's|@''HAVE_GRANTPT''@|$(HAVE_GRANTPT)|g' \
+# -e 's|@''HAVE_MKDTEMP''@|$(HAVE_MKDTEMP)|g' \
+# -e 's|@''HAVE_MKOSTEMP''@|$(HAVE_MKOSTEMP)|g' \
+# -e 's|@''HAVE_MKOSTEMPS''@|$(HAVE_MKOSTEMPS)|g' \
+# -e 's|@''HAVE_MKSTEMP''@|$(HAVE_MKSTEMP)|g' \
+# -e 's|@''HAVE_MKSTEMPS''@|$(HAVE_MKSTEMPS)|g' \
+# -e 's|@''HAVE_PTSNAME''@|$(HAVE_PTSNAME)|g' \
+# -e 's|@''HAVE_RANDOM_H''@|$(HAVE_RANDOM_H)|g' \
+# -e 's|@''HAVE_RANDOM_R''@|$(HAVE_RANDOM_R)|g' \
+# -e 's|@''HAVE_REALPATH''@|$(HAVE_REALPATH)|g' \
+# -e 's|@''HAVE_RPMATCH''@|$(HAVE_RPMATCH)|g' \
+# -e 's|@''HAVE_DECL_SETENV''@|$(HAVE_DECL_SETENV)|g' \
+# -e 's|@''HAVE_STRTOD''@|$(HAVE_STRTOD)|g' \
+# -e 's|@''HAVE_STRTOLL''@|$(HAVE_STRTOLL)|g' \
+# -e 's|@''HAVE_STRTOULL''@|$(HAVE_STRTOULL)|g' \
+# -e 's|@''HAVE_STRUCT_RANDOM_DATA''@|$(HAVE_STRUCT_RANDOM_DATA)|g' \
+# -e 's|@''HAVE_SYS_LOADAVG_H''@|$(HAVE_SYS_LOADAVG_H)|g' \
+# -e 's|@''HAVE_UNLOCKPT''@|$(HAVE_UNLOCKPT)|g' \
+# -e 's|@''HAVE_DECL_UNSETENV''@|$(HAVE_DECL_UNSETENV)|g' \
+# -e 's|@''REPLACE_CALLOC''@|$(REPLACE_CALLOC)|g' \
+# -e 's|@''REPLACE_CANONICALIZE_FILE_NAME''@|$(REPLACE_CANONICALIZE_FILE_NAME)|g' \
+# -e 's|@''REPLACE_MALLOC''@|$(REPLACE_MALLOC)|g' \
+# -e 's|@''REPLACE_MKSTEMP''@|$(REPLACE_MKSTEMP)|g' \
+# -e 's|@''REPLACE_PUTENV''@|$(REPLACE_PUTENV)|g' \
+# -e 's|@''REPLACE_REALLOC''@|$(REPLACE_REALLOC)|g' \
+# -e 's|@''REPLACE_REALPATH''@|$(REPLACE_REALPATH)|g' \
+# -e 's|@''REPLACE_SETENV''@|$(REPLACE_SETENV)|g' \
+# -e 's|@''REPLACE_STRTOD''@|$(REPLACE_STRTOD)|g' \
+# -e 's|@''REPLACE_UNSETENV''@|$(REPLACE_UNSETENV)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += stdlib.h stdlib.h-t
+#
+#EXTRA_DIST += stdlib.in.h
+
+#BUILT_SOURCES += string.h
+
+# We need the following in order to create <string.h> when the system
+# doesn't have one that works with the given compiler.
+#string.h: string.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STRING_H''@|$(NEXT_STRING_H)|g' \
+# -e 's|@''GNULIB_MBSLEN''@|$(GNULIB_MBSLEN)|g' \
+# -e 's|@''GNULIB_MBSNLEN''@|$(GNULIB_MBSNLEN)|g' \
+# -e 's|@''GNULIB_MBSCHR''@|$(GNULIB_MBSCHR)|g' \
+# -e 's|@''GNULIB_MBSRCHR''@|$(GNULIB_MBSRCHR)|g' \
+# -e 's|@''GNULIB_MBSSTR''@|$(GNULIB_MBSSTR)|g' \
+# -e 's|@''GNULIB_MBSCASECMP''@|$(GNULIB_MBSCASECMP)|g' \
+# -e 's|@''GNULIB_MBSNCASECMP''@|$(GNULIB_MBSNCASECMP)|g' \
+# -e 's|@''GNULIB_MBSPCASECMP''@|$(GNULIB_MBSPCASECMP)|g' \
+# -e 's|@''GNULIB_MBSCASESTR''@|$(GNULIB_MBSCASESTR)|g' \
+# -e 's|@''GNULIB_MBSCSPN''@|$(GNULIB_MBSCSPN)|g' \
+# -e 's|@''GNULIB_MBSPBRK''@|$(GNULIB_MBSPBRK)|g' \
+# -e 's|@''GNULIB_MBSSPN''@|$(GNULIB_MBSSPN)|g' \
+# -e 's|@''GNULIB_MBSSEP''@|$(GNULIB_MBSSEP)|g' \
+# -e 's|@''GNULIB_MBSTOK_R''@|$(GNULIB_MBSTOK_R)|g' \
+# -e 's|@''GNULIB_MEMCHR''@|$(GNULIB_MEMCHR)|g' \
+# -e 's|@''GNULIB_MEMMEM''@|$(GNULIB_MEMMEM)|g' \
+# -e 's|@''GNULIB_MEMPCPY''@|$(GNULIB_MEMPCPY)|g' \
+# -e 's|@''GNULIB_MEMRCHR''@|$(GNULIB_MEMRCHR)|g' \
+# -e 's|@''GNULIB_RAWMEMCHR''@|$(GNULIB_RAWMEMCHR)|g' \
+# -e 's|@''GNULIB_STPCPY''@|$(GNULIB_STPCPY)|g' \
+# -e 's|@''GNULIB_STPNCPY''@|$(GNULIB_STPNCPY)|g' \
+# -e 's|@''GNULIB_STRCHRNUL''@|$(GNULIB_STRCHRNUL)|g' \
+# -e 's|@''GNULIB_STRDUP''@|$(GNULIB_STRDUP)|g' \
+# -e 's|@''GNULIB_STRNCAT''@|$(GNULIB_STRNCAT)|g' \
+# -e 's|@''GNULIB_STRNDUP''@|$(GNULIB_STRNDUP)|g' \
+# -e 's|@''GNULIB_STRNLEN''@|$(GNULIB_STRNLEN)|g' \
+# -e 's|@''GNULIB_STRPBRK''@|$(GNULIB_STRPBRK)|g' \
+# -e 's|@''GNULIB_STRSEP''@|$(GNULIB_STRSEP)|g' \
+# -e 's|@''GNULIB_STRSTR''@|$(GNULIB_STRSTR)|g' \
+# -e 's|@''GNULIB_STRCASESTR''@|$(GNULIB_STRCASESTR)|g' \
+# -e 's|@''GNULIB_STRTOK_R''@|$(GNULIB_STRTOK_R)|g' \
+# -e 's|@''GNULIB_STRERROR''@|$(GNULIB_STRERROR)|g' \
+# -e 's|@''GNULIB_STRERROR_R''@|$(GNULIB_STRERROR_R)|g' \
+# -e 's|@''GNULIB_STRSIGNAL''@|$(GNULIB_STRSIGNAL)|g' \
+# -e 's|@''GNULIB_STRVERSCMP''@|$(GNULIB_STRVERSCMP)|g' \
+# < $(srcdir)/string.in.h | \
+# sed -e 's|@''HAVE_MBSLEN''@|$(HAVE_MBSLEN)|g' \
+# -e 's|@''HAVE_MEMCHR''@|$(HAVE_MEMCHR)|g' \
+# -e 's|@''HAVE_DECL_MEMMEM''@|$(HAVE_DECL_MEMMEM)|g' \
+# -e 's|@''HAVE_MEMPCPY''@|$(HAVE_MEMPCPY)|g' \
+# -e 's|@''HAVE_DECL_MEMRCHR''@|$(HAVE_DECL_MEMRCHR)|g' \
+# -e 's|@''HAVE_RAWMEMCHR''@|$(HAVE_RAWMEMCHR)|g' \
+# -e 's|@''HAVE_STPCPY''@|$(HAVE_STPCPY)|g' \
+# -e 's|@''HAVE_STPNCPY''@|$(HAVE_STPNCPY)|g' \
+# -e 's|@''HAVE_STRCHRNUL''@|$(HAVE_STRCHRNUL)|g' \
+# -e 's|@''HAVE_DECL_STRDUP''@|$(HAVE_DECL_STRDUP)|g' \
+# -e 's|@''HAVE_DECL_STRNDUP''@|$(HAVE_DECL_STRNDUP)|g' \
+# -e 's|@''HAVE_DECL_STRNLEN''@|$(HAVE_DECL_STRNLEN)|g' \
+# -e 's|@''HAVE_STRPBRK''@|$(HAVE_STRPBRK)|g' \
+# -e 's|@''HAVE_STRSEP''@|$(HAVE_STRSEP)|g' \
+# -e 's|@''HAVE_STRCASESTR''@|$(HAVE_STRCASESTR)|g' \
+# -e 's|@''HAVE_DECL_STRTOK_R''@|$(HAVE_DECL_STRTOK_R)|g' \
+# -e 's|@''HAVE_DECL_STRERROR_R''@|$(HAVE_DECL_STRERROR_R)|g' \
+# -e 's|@''HAVE_DECL_STRSIGNAL''@|$(HAVE_DECL_STRSIGNAL)|g' \
+# -e 's|@''HAVE_STRVERSCMP''@|$(HAVE_STRVERSCMP)|g' \
+# -e 's|@''REPLACE_STPNCPY''@|$(REPLACE_STPNCPY)|g' \
+# -e 's|@''REPLACE_MEMCHR''@|$(REPLACE_MEMCHR)|g' \
+# -e 's|@''REPLACE_MEMMEM''@|$(REPLACE_MEMMEM)|g' \
+# -e 's|@''REPLACE_STRCASESTR''@|$(REPLACE_STRCASESTR)|g' \
+# -e 's|@''REPLACE_STRDUP''@|$(REPLACE_STRDUP)|g' \
+# -e 's|@''REPLACE_STRSTR''@|$(REPLACE_STRSTR)|g' \
+# -e 's|@''REPLACE_STRERROR''@|$(REPLACE_STRERROR)|g' \
+# -e 's|@''REPLACE_STRERROR_R''@|$(REPLACE_STRERROR_R)|g' \
+# -e 's|@''REPLACE_STRNCAT''@|$(REPLACE_STRNCAT)|g' \
+# -e 's|@''REPLACE_STRNDUP''@|$(REPLACE_STRNDUP)|g' \
+# -e 's|@''REPLACE_STRNLEN''@|$(REPLACE_STRNLEN)|g' \
+# -e 's|@''REPLACE_STRSIGNAL''@|$(REPLACE_STRSIGNAL)|g' \
+# -e 's|@''REPLACE_STRTOK_R''@|$(REPLACE_STRTOK_R)|g' \
+# -e 's|@''UNDEFINE_STRTOK_R''@|$(UNDEFINE_STRTOK_R)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# < $(srcdir)/string.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += string.h string.h-t
+#
+#EXTRA_DIST += string.in.h
+
+#BUILT_SOURCES += strings.h
+
+# We need the following in order to create <strings.h> when the system
+# doesn't have one that works with the given compiler.
+#strings.h: strings.in.h $(WARN_ON_USE_H) $(ARG_NONNULL_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_STRINGS_H''@|$(NEXT_STRINGS_H)|g' \
+# -e 's|@''HAVE_STRCASECMP''@|$(HAVE_STRCASECMP)|g' \
+# -e 's|@''HAVE_DECL_STRNCASECMP''@|$(HAVE_DECL_STRNCASECMP)|g' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/strings.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += strings.h strings.h-t
+#
+#EXTRA_DIST += strings.in.h
+
+#BUILT_SOURCES += sys/socket.h
+
+# We need the following in order to create <sys/socket.h> when the system
+# doesn't have one that works with the given compiler.
+#sys/socket.h: sys_socket.in.h $(CXXDEFS_H) $(WARN_ON_USE_H) $(ARG_NONNULL_H)
+# $(AM_V_at)$(MKDIR_P) sys
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_SYS_SOCKET_H''@|$(NEXT_SYS_SOCKET_H)|g' \
+# -e 's|@''HAVE_SYS_SOCKET_H''@|$(HAVE_SYS_SOCKET_H)|g' \
+# -e 's|@''GNULIB_CLOSE''@|$(GNULIB_CLOSE)|g' \
+# -e 's|@''GNULIB_SOCKET''@|$(GNULIB_SOCKET)|g' \
+# -e 's|@''GNULIB_CONNECT''@|$(GNULIB_CONNECT)|g' \
+# -e 's|@''GNULIB_ACCEPT''@|$(GNULIB_ACCEPT)|g' \
+# -e 's|@''GNULIB_BIND''@|$(GNULIB_BIND)|g' \
+# -e 's|@''GNULIB_GETPEERNAME''@|$(GNULIB_GETPEERNAME)|g' \
+# -e 's|@''GNULIB_GETSOCKNAME''@|$(GNULIB_GETSOCKNAME)|g' \
+# -e 's|@''GNULIB_GETSOCKOPT''@|$(GNULIB_GETSOCKOPT)|g' \
+# -e 's|@''GNULIB_LISTEN''@|$(GNULIB_LISTEN)|g' \
+# -e 's|@''GNULIB_RECV''@|$(GNULIB_RECV)|g' \
+# -e 's|@''GNULIB_SEND''@|$(GNULIB_SEND)|g' \
+# -e 's|@''GNULIB_RECVFROM''@|$(GNULIB_RECVFROM)|g' \
+# -e 's|@''GNULIB_SENDTO''@|$(GNULIB_SENDTO)|g' \
+# -e 's|@''GNULIB_SETSOCKOPT''@|$(GNULIB_SETSOCKOPT)|g' \
+# -e 's|@''GNULIB_SHUTDOWN''@|$(GNULIB_SHUTDOWN)|g' \
+# -e 's|@''GNULIB_ACCEPT4''@|$(GNULIB_ACCEPT4)|g' \
+# -e 's|@''HAVE_WINSOCK2_H''@|$(HAVE_WINSOCK2_H)|g' \
+# -e 's|@''HAVE_WS2TCPIP_H''@|$(HAVE_WS2TCPIP_H)|g' \
+# -e 's|@''HAVE_STRUCT_SOCKADDR_STORAGE''@|$(HAVE_STRUCT_SOCKADDR_STORAGE)|g' \
+# -e 's|@''HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY''@|$(HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY)|g' \
+# -e 's|@''HAVE_SA_FAMILY_T''@|$(HAVE_SA_FAMILY_T)|g' \
+# -e 's|@''HAVE_ACCEPT4''@|$(HAVE_ACCEPT4)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/sys_socket.in.h; \
+# } > $@-t && \
+# mv -f $@-t $@
+#MOSTLYCLEANFILES += sys/socket.h sys/socket.h-t
+#MOSTLYCLEANDIRS += sys
+#
+#EXTRA_DIST += sys_socket.in.h
+
+#BUILT_SOURCES += sys/stat.h
+
+# We need the following in order to create <sys/stat.h> when the system
+# has one that is incomplete.
+#sys/stat.h: sys_stat.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_at)$(MKDIR_P) sys
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_SYS_STAT_H''@|$(NEXT_SYS_STAT_H)|g' \
+# -e 's|@''GNULIB_FCHMODAT''@|$(GNULIB_FCHMODAT)|g' \
+# -e 's|@''GNULIB_FSTATAT''@|$(GNULIB_FSTATAT)|g' \
+# -e 's|@''GNULIB_FUTIMENS''@|$(GNULIB_FUTIMENS)|g' \
+# -e 's|@''GNULIB_LCHMOD''@|$(GNULIB_LCHMOD)|g' \
+# -e 's|@''GNULIB_LSTAT''@|$(GNULIB_LSTAT)|g' \
+# -e 's|@''GNULIB_MKDIRAT''@|$(GNULIB_MKDIRAT)|g' \
+# -e 's|@''GNULIB_MKFIFO''@|$(GNULIB_MKFIFO)|g' \
+# -e 's|@''GNULIB_MKFIFOAT''@|$(GNULIB_MKFIFOAT)|g' \
+# -e 's|@''GNULIB_MKNOD''@|$(GNULIB_MKNOD)|g' \
+# -e 's|@''GNULIB_MKNODAT''@|$(GNULIB_MKNODAT)|g' \
+# -e 's|@''GNULIB_STAT''@|$(GNULIB_STAT)|g' \
+# -e 's|@''GNULIB_UTIMENSAT''@|$(GNULIB_UTIMENSAT)|g' \
+# -e 's|@''HAVE_FCHMODAT''@|$(HAVE_FCHMODAT)|g' \
+# -e 's|@''HAVE_FSTATAT''@|$(HAVE_FSTATAT)|g' \
+# -e 's|@''HAVE_FUTIMENS''@|$(HAVE_FUTIMENS)|g' \
+# -e 's|@''HAVE_LCHMOD''@|$(HAVE_LCHMOD)|g' \
+# -e 's|@''HAVE_LSTAT''@|$(HAVE_LSTAT)|g' \
+# -e 's|@''HAVE_MKDIRAT''@|$(HAVE_MKDIRAT)|g' \
+# -e 's|@''HAVE_MKFIFO''@|$(HAVE_MKFIFO)|g' \
+# -e 's|@''HAVE_MKFIFOAT''@|$(HAVE_MKFIFOAT)|g' \
+# -e 's|@''HAVE_MKNOD''@|$(HAVE_MKNOD)|g' \
+# -e 's|@''HAVE_MKNODAT''@|$(HAVE_MKNODAT)|g' \
+# -e 's|@''HAVE_UTIMENSAT''@|$(HAVE_UTIMENSAT)|g' \
+# -e 's|@''REPLACE_FSTAT''@|$(REPLACE_FSTAT)|g' \
+# -e 's|@''REPLACE_FSTATAT''@|$(REPLACE_FSTATAT)|g' \
+# -e 's|@''REPLACE_FUTIMENS''@|$(REPLACE_FUTIMENS)|g' \
+# -e 's|@''REPLACE_LSTAT''@|$(REPLACE_LSTAT)|g' \
+# -e 's|@''REPLACE_MKDIR''@|$(REPLACE_MKDIR)|g' \
+# -e 's|@''REPLACE_MKFIFO''@|$(REPLACE_MKFIFO)|g' \
+# -e 's|@''REPLACE_MKNOD''@|$(REPLACE_MKNOD)|g' \
+# -e 's|@''REPLACE_STAT''@|$(REPLACE_STAT)|g' \
+# -e 's|@''REPLACE_UTIMENSAT''@|$(REPLACE_UTIMENSAT)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/sys_stat.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += sys/stat.h sys/stat.h-t
+#MOSTLYCLEANDIRS += sys
+#
+#EXTRA_DIST += sys_stat.in.h
+
+#BUILT_SOURCES += time.h
+
+# We need the following in order to create <time.h> when the system
+# doesn't have one that works with the given compiler.
+#time.h: time.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+# sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_TIME_H''@|$(NEXT_TIME_H)|g' \
+# -e 's|@''GNULIB_MKTIME''@|$(GNULIB_MKTIME)|g' \
+# -e 's|@''GNULIB_NANOSLEEP''@|$(GNULIB_NANOSLEEP)|g' \
+# -e 's|@''GNULIB_STRPTIME''@|$(GNULIB_STRPTIME)|g' \
+# -e 's|@''GNULIB_TIMEGM''@|$(GNULIB_TIMEGM)|g' \
+# -e 's|@''GNULIB_TIME_R''@|$(GNULIB_TIME_R)|g' \
+# -e 's|@''HAVE_DECL_LOCALTIME_R''@|$(HAVE_DECL_LOCALTIME_R)|g' \
+# -e 's|@''HAVE_NANOSLEEP''@|$(HAVE_NANOSLEEP)|g' \
+# -e 's|@''HAVE_STRPTIME''@|$(HAVE_STRPTIME)|g' \
+# -e 's|@''HAVE_TIMEGM''@|$(HAVE_TIMEGM)|g' \
+# -e 's|@''REPLACE_LOCALTIME_R''@|$(REPLACE_LOCALTIME_R)|g' \
+# -e 's|@''REPLACE_MKTIME''@|$(REPLACE_MKTIME)|g' \
+# -e 's|@''REPLACE_NANOSLEEP''@|$(REPLACE_NANOSLEEP)|g' \
+# -e 's|@''REPLACE_TIMEGM''@|$(REPLACE_TIMEGM)|g' \
+# -e 's|@''PTHREAD_H_DEFINES_STRUCT_TIMESPEC''@|$(PTHREAD_H_DEFINES_STRUCT_TIMESPEC)|g' \
+# -e 's|@''SYS_TIME_H_DEFINES_STRUCT_TIMESPEC''@|$(SYS_TIME_H_DEFINES_STRUCT_TIMESPEC)|g' \
+# -e 's|@''TIME_H_DEFINES_STRUCT_TIMESPEC''@|$(TIME_H_DEFINES_STRUCT_TIMESPEC)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)' \
+# < $(srcdir)/time.in.h; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += time.h time.h-t
+#
+#EXTRA_DIST += time.in.h
+
+#EXTRA_DIST += time_r.c
+
+#EXTRA_liblgnu_la_SOURCES += time_r.c
+
+#BUILT_SOURCES += unistd.h
+
+# We need the following in order to create an empty placeholder for
+# <unistd.h> when the system doesn't have one.
+#unistd.h: unistd.in.h $(CXXDEFS_H) $(ARG_NONNULL_H) $(WARN_ON_USE_H)
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+# sed -e 's|@''HAVE_UNISTD_H''@|$(HAVE_UNISTD_H)|g' \
+# -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+# -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+# -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+# -e 's|@''NEXT_UNISTD_H''@|$(NEXT_UNISTD_H)|g' \
+# -e 's|@''GNULIB_CHOWN''@|$(GNULIB_CHOWN)|g' \
+# -e 's|@''GNULIB_CLOSE''@|$(GNULIB_CLOSE)|g' \
+# -e 's|@''GNULIB_DUP2''@|$(GNULIB_DUP2)|g' \
+# -e 's|@''GNULIB_DUP3''@|$(GNULIB_DUP3)|g' \
+# -e 's|@''GNULIB_ENVIRON''@|$(GNULIB_ENVIRON)|g' \
+# -e 's|@''GNULIB_EUIDACCESS''@|$(GNULIB_EUIDACCESS)|g' \
+# -e 's|@''GNULIB_FACCESSAT''@|$(GNULIB_FACCESSAT)|g' \
+# -e 's|@''GNULIB_FCHDIR''@|$(GNULIB_FCHDIR)|g' \
+# -e 's|@''GNULIB_FCHOWNAT''@|$(GNULIB_FCHOWNAT)|g' \
+# -e 's|@''GNULIB_FSYNC''@|$(GNULIB_FSYNC)|g' \
+# -e 's|@''GNULIB_FTRUNCATE''@|$(GNULIB_FTRUNCATE)|g' \
+# -e 's|@''GNULIB_GETCWD''@|$(GNULIB_GETCWD)|g' \
+# -e 's|@''GNULIB_GETDOMAINNAME''@|$(GNULIB_GETDOMAINNAME)|g' \
+# -e 's|@''GNULIB_GETDTABLESIZE''@|$(GNULIB_GETDTABLESIZE)|g' \
+# -e 's|@''GNULIB_GETGROUPS''@|$(GNULIB_GETGROUPS)|g' \
+# -e 's|@''GNULIB_GETHOSTNAME''@|$(GNULIB_GETHOSTNAME)|g' \
+# -e 's|@''GNULIB_GETLOGIN''@|$(GNULIB_GETLOGIN)|g' \
+# -e 's|@''GNULIB_GETLOGIN_R''@|$(GNULIB_GETLOGIN_R)|g' \
+# -e 's|@''GNULIB_GETPAGESIZE''@|$(GNULIB_GETPAGESIZE)|g' \
+# -e 's|@''GNULIB_GETUSERSHELL''@|$(GNULIB_GETUSERSHELL)|g' \
+# -e 's|@''GNULIB_LCHOWN''@|$(GNULIB_LCHOWN)|g' \
+# -e 's|@''GNULIB_LINK''@|$(GNULIB_LINK)|g' \
+# -e 's|@''GNULIB_LINKAT''@|$(GNULIB_LINKAT)|g' \
+# -e 's|@''GNULIB_LSEEK''@|$(GNULIB_LSEEK)|g' \
+# -e 's|@''GNULIB_PIPE''@|$(GNULIB_PIPE)|g' \
+# -e 's|@''GNULIB_PIPE2''@|$(GNULIB_PIPE2)|g' \
+# -e 's|@''GNULIB_PREAD''@|$(GNULIB_PREAD)|g' \
+# -e 's|@''GNULIB_PWRITE''@|$(GNULIB_PWRITE)|g' \
+# -e 's|@''GNULIB_READLINK''@|$(GNULIB_READLINK)|g' \
+# -e 's|@''GNULIB_READLINKAT''@|$(GNULIB_READLINKAT)|g' \
+# -e 's|@''GNULIB_RMDIR''@|$(GNULIB_RMDIR)|g' \
+# -e 's|@''GNULIB_SLEEP''@|$(GNULIB_SLEEP)|g' \
+# -e 's|@''GNULIB_SYMLINK''@|$(GNULIB_SYMLINK)|g' \
+# -e 's|@''GNULIB_SYMLINKAT''@|$(GNULIB_SYMLINKAT)|g' \
+# -e 's|@''GNULIB_TTYNAME_R''@|$(GNULIB_TTYNAME_R)|g' \
+# -e 's|@''GNULIB_UNISTD_H_GETOPT''@|$(GNULIB_UNISTD_H_GETOPT)|g' \
+# -e 's|@''GNULIB_UNISTD_H_SIGPIPE''@|$(GNULIB_UNISTD_H_SIGPIPE)|g' \
+# -e 's|@''GNULIB_UNLINK''@|$(GNULIB_UNLINK)|g' \
+# -e 's|@''GNULIB_UNLINKAT''@|$(GNULIB_UNLINKAT)|g' \
+# -e 's|@''GNULIB_USLEEP''@|$(GNULIB_USLEEP)|g' \
+# -e 's|@''GNULIB_WRITE''@|$(GNULIB_WRITE)|g' \
+# < $(srcdir)/unistd.in.h | \
+# sed -e 's|@''HAVE_CHOWN''@|$(HAVE_CHOWN)|g' \
+# -e 's|@''HAVE_DUP2''@|$(HAVE_DUP2)|g' \
+# -e 's|@''HAVE_DUP3''@|$(HAVE_DUP3)|g' \
+# -e 's|@''HAVE_EUIDACCESS''@|$(HAVE_EUIDACCESS)|g' \
+# -e 's|@''HAVE_FACCESSAT''@|$(HAVE_FACCESSAT)|g' \
+# -e 's|@''HAVE_FCHDIR''@|$(HAVE_FCHDIR)|g' \
+# -e 's|@''HAVE_FCHOWNAT''@|$(HAVE_FCHOWNAT)|g' \
+# -e 's|@''HAVE_FSYNC''@|$(HAVE_FSYNC)|g' \
+# -e 's|@''HAVE_FTRUNCATE''@|$(HAVE_FTRUNCATE)|g' \
+# -e 's|@''HAVE_GETDTABLESIZE''@|$(HAVE_GETDTABLESIZE)|g' \
+# -e 's|@''HAVE_GETGROUPS''@|$(HAVE_GETGROUPS)|g' \
+# -e 's|@''HAVE_GETHOSTNAME''@|$(HAVE_GETHOSTNAME)|g' \
+# -e 's|@''HAVE_GETLOGIN''@|$(HAVE_GETLOGIN)|g' \
+# -e 's|@''HAVE_GETPAGESIZE''@|$(HAVE_GETPAGESIZE)|g' \
+# -e 's|@''HAVE_LCHOWN''@|$(HAVE_LCHOWN)|g' \
+# -e 's|@''HAVE_LINK''@|$(HAVE_LINK)|g' \
+# -e 's|@''HAVE_LINKAT''@|$(HAVE_LINKAT)|g' \
+# -e 's|@''HAVE_PIPE''@|$(HAVE_PIPE)|g' \
+# -e 's|@''HAVE_PIPE2''@|$(HAVE_PIPE2)|g' \
+# -e 's|@''HAVE_PREAD''@|$(HAVE_PREAD)|g' \
+# -e 's|@''HAVE_PWRITE''@|$(HAVE_PWRITE)|g' \
+# -e 's|@''HAVE_READLINK''@|$(HAVE_READLINK)|g' \
+# -e 's|@''HAVE_READLINKAT''@|$(HAVE_READLINKAT)|g' \
+# -e 's|@''HAVE_SLEEP''@|$(HAVE_SLEEP)|g' \
+# -e 's|@''HAVE_SYMLINK''@|$(HAVE_SYMLINK)|g' \
+# -e 's|@''HAVE_SYMLINKAT''@|$(HAVE_SYMLINKAT)|g' \
+# -e 's|@''HAVE_UNLINKAT''@|$(HAVE_UNLINKAT)|g' \
+# -e 's|@''HAVE_USLEEP''@|$(HAVE_USLEEP)|g' \
+# -e 's|@''HAVE_DECL_ENVIRON''@|$(HAVE_DECL_ENVIRON)|g' \
+# -e 's|@''HAVE_DECL_FCHDIR''@|$(HAVE_DECL_FCHDIR)|g' \
+# -e 's|@''HAVE_DECL_GETDOMAINNAME''@|$(HAVE_DECL_GETDOMAINNAME)|g' \
+# -e 's|@''HAVE_DECL_GETLOGIN_R''@|$(HAVE_DECL_GETLOGIN_R)|g' \
+# -e 's|@''HAVE_DECL_GETPAGESIZE''@|$(HAVE_DECL_GETPAGESIZE)|g' \
+# -e 's|@''HAVE_DECL_GETUSERSHELL''@|$(HAVE_DECL_GETUSERSHELL)|g' \
+# -e 's|@''HAVE_DECL_TTYNAME_R''@|$(HAVE_DECL_TTYNAME_R)|g' \
+# -e 's|@''HAVE_OS_H''@|$(HAVE_OS_H)|g' \
+# -e 's|@''HAVE_SYS_PARAM_H''@|$(HAVE_SYS_PARAM_H)|g' \
+# | \
+# sed -e 's|@''REPLACE_CHOWN''@|$(REPLACE_CHOWN)|g' \
+# -e 's|@''REPLACE_CLOSE''@|$(REPLACE_CLOSE)|g' \
+# -e 's|@''REPLACE_DUP''@|$(REPLACE_DUP)|g' \
+# -e 's|@''REPLACE_DUP2''@|$(REPLACE_DUP2)|g' \
+# -e 's|@''REPLACE_FCHOWNAT''@|$(REPLACE_FCHOWNAT)|g' \
+# -e 's|@''REPLACE_GETCWD''@|$(REPLACE_GETCWD)|g' \
+# -e 's|@''REPLACE_GETDOMAINNAME''@|$(REPLACE_GETDOMAINNAME)|g' \
+# -e 's|@''REPLACE_GETLOGIN_R''@|$(REPLACE_GETLOGIN_R)|g' \
+# -e 's|@''REPLACE_GETGROUPS''@|$(REPLACE_GETGROUPS)|g' \
+# -e 's|@''REPLACE_GETPAGESIZE''@|$(REPLACE_GETPAGESIZE)|g' \
+# -e 's|@''REPLACE_LCHOWN''@|$(REPLACE_LCHOWN)|g' \
+# -e 's|@''REPLACE_LINK''@|$(REPLACE_LINK)|g' \
+# -e 's|@''REPLACE_LINKAT''@|$(REPLACE_LINKAT)|g' \
+# -e 's|@''REPLACE_LSEEK''@|$(REPLACE_LSEEK)|g' \
+# -e 's|@''REPLACE_PREAD''@|$(REPLACE_PREAD)|g' \
+# -e 's|@''REPLACE_PWRITE''@|$(REPLACE_PWRITE)|g' \
+# -e 's|@''REPLACE_READLINK''@|$(REPLACE_READLINK)|g' \
+# -e 's|@''REPLACE_RMDIR''@|$(REPLACE_RMDIR)|g' \
+# -e 's|@''REPLACE_SLEEP''@|$(REPLACE_SLEEP)|g' \
+# -e 's|@''REPLACE_SYMLINK''@|$(REPLACE_SYMLINK)|g' \
+# -e 's|@''REPLACE_TTYNAME_R''@|$(REPLACE_TTYNAME_R)|g' \
+# -e 's|@''REPLACE_UNLINK''@|$(REPLACE_UNLINK)|g' \
+# -e 's|@''REPLACE_UNLINKAT''@|$(REPLACE_UNLINKAT)|g' \
+# -e 's|@''REPLACE_USLEEP''@|$(REPLACE_USLEEP)|g' \
+# -e 's|@''REPLACE_WRITE''@|$(REPLACE_WRITE)|g' \
+# -e 's|@''UNISTD_H_HAVE_WINSOCK2_H''@|$(UNISTD_H_HAVE_WINSOCK2_H)|g' \
+# -e 's|@''UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS''@|$(UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS)|g' \
+# -e '/definitions of _GL_FUNCDECL_RPL/r $(CXXDEFS_H)' \
+# -e '/definition of _GL_ARG_NONNULL/r $(ARG_NONNULL_H)' \
+# -e '/definition of _GL_WARN_ON_USE/r $(WARN_ON_USE_H)'; \
+# } > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += unistd.h unistd.h-t
+#
+#EXTRA_DIST += unistd.in.h
+EXTRA_DIST = m4/gnulib-cache.m4 alignof.h alloca.in.h byteswap.in.h \
+ close-hook.h errno.in.h float.in.h fseeko.c stdio-impl.h \
+ ftello.c stdio-impl.h lseek.c malloc.c memchr.c \
+ memchr.valgrind memmem.c str-two-way.h read-file.c read-file.h \
+ realloc.c snprintf.c w32sock.h stdbool.in.h stddef.in.h \
+ stdint.in.h strcasecmp.c strncasecmp.c strverscmp.c \
+ asnprintf.c float+.h printf-args.c printf-args.h \
+ printf-parse.c printf-parse.h vasnprintf.c vasnprintf.h \
+ asprintf.c vasprintf.c vsnprintf.c
+
+# The BUILT_SOURCES created by this Makefile snippet are not used via #include
+# statements but through direct file reference. Therefore this snippet must be
+# present in all Makefile.am that need it. This is ensured by the applicability
+# 'all' defined above.
+
+#BUILT_SOURCES += arg-nonnull.h
+# The arg-nonnull.h that gets inserted into generated .h files is the same as
+# build-aux/arg-nonnull.h, except that it has the copyright header cut off.
+#arg-nonnull.h: $(top_srcdir)/build-aux/arg-nonnull.h
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# sed -n -e '/GL_ARG_NONNULL/,$$p' \
+# < $(top_srcdir)/build-aux/arg-nonnull.h \
+# > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += arg-nonnull.h arg-nonnull.h-t
+
+#ARG_NONNULL_H=arg-nonnull.h
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/arg-nonnull.h
+BUILT_SOURCES = $(ALLOCA_H) $(BYTESWAP_H) $(ERRNO_H) $(FLOAT_H) \
+ $(STDBOOL_H) $(STDDEF_H) $(STDINT_H)
+SUFFIXES =
+MOSTLYCLEANFILES = core *.stackdump alloca.h alloca.h-t byteswap.h \
+ byteswap.h-t errno.h errno.h-t float.h float.h-t stdbool.h \
+ stdbool.h-t stddef.h stddef.h-t stdint.h stdint.h-t
+MOSTLYCLEANDIRS =
+CLEANFILES =
+DISTCLEANFILES =
+MAINTAINERCLEANFILES =
+AM_CPPFLAGS =
+AM_CFLAGS =
+
+# The BUILT_SOURCES created by this Makefile snippet are not used via #include
+# statements but through direct file reference. Therefore this snippet must be
+# present in all Makefile.am that need it. This is ensured by the applicability
+# 'all' defined above.
+
+#BUILT_SOURCES += c++defs.h
+# The c++defs.h that gets inserted into generated .h files is the same as
+# build-aux/c++defs.h, except that it has the copyright header cut off.
+#c++defs.h: $(top_srcdir)/build-aux/c++defs.h
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# sed -n -e '/_GL_CXXDEFS/,$$p' \
+# < $(top_srcdir)/build-aux/c++defs.h \
+# > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += c++defs.h c++defs.h-t
+
+#CXXDEFS_H=c++defs.h
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/c++defs.h
+
+# This is for those projects which use "gettextize --intl" to put a source-code
+# copy of libintl into their package. In such projects, every Makefile.am needs
+# -I$(top_builddir)/intl, so that <libintl.h> can be found in this directory.
+# For the Makefile.ams in other directories it is the maintainer's
+# responsibility; for the one from gnulib we do it here.
+# This option has no effect when the user disables NLS (because then the intl
+# directory contains no libintl.h file) or when the project does not use
+# "gettextize --intl".
+#AM_CPPFLAGS += -I$(top_builddir)/intl
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/config.rpath
+
+#EXTRA_liblgnu_la_SOURCES += read-file.c
+
+#BUILT_SOURCES += warn-on-use.h
+# The warn-on-use.h that gets inserted into generated .h files is the same as
+# build-aux/warn-on-use.h, except that it has the copyright header cut off.
+#warn-on-use.h: $(top_srcdir)/build-aux/warn-on-use.h
+# $(AM_V_GEN)rm -f $@-t $@ && \
+# sed -n -e '/^.ifndef/,$$p' \
+# < $(top_srcdir)/build-aux/warn-on-use.h \
+# > $@-t && \
+# mv $@-t $@
+#MOSTLYCLEANFILES += warn-on-use.h warn-on-use.h-t
+
+#WARN_ON_USE_H=warn-on-use.h
+
+#EXTRA_DIST += $(top_srcdir)/build-aux/warn-on-use.h
+liblgnu_la_SOURCES = c-ctype.h c-ctype.c close-hook.c gettext.h \
+ minmax.h read-file.h read-file.c size_max.h sockets.h \
+ sockets.c verify.h xsize.h
+liblgnu_la_LIBADD = $(lgl_LTLIBOBJS)
+liblgnu_la_DEPENDENCIES = $(lgl_LTLIBOBJS)
+EXTRA_liblgnu_la_SOURCES = fseeko.c ftello.c lseek.c malloc.c memchr.c \
+ memmem.c realloc.c snprintf.c strcasecmp.c strncasecmp.c \
+ strverscmp.c asnprintf.c printf-args.c printf-parse.c \
+ vasnprintf.c asprintf.c vasprintf.c vsnprintf.c
+liblgnu_la_LDFLAGS = $(AM_LDFLAGS) -no-undefined $(LIBSOCKET) \
+ $(LTLIBINTL)
+all: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnits gl/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnits gl/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLIBRARIES:
+ -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+liblgnu.la: $(liblgnu_la_OBJECTS) $(liblgnu_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(liblgnu_la_LINK) $(liblgnu_la_OBJECTS) $(liblgnu_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asnprintf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/asprintf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/c-ctype.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/close-hook.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fseeko.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ftello.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lseek.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/malloc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/memchr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/memmem.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/printf-args.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/printf-parse.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/read-file.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realloc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/snprintf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sockets.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strcasecmp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strncasecmp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strverscmp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vasnprintf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vasprintf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/vsnprintf.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-recursive
+all-am: Makefile $(LIBRARIES) $(LTLIBRARIES) $(HEADERS)
+installdirs: installdirs-recursive
+installdirs-am:
+install: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+ -test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+ -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
+ -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool clean-noinstLIBRARIES \
+ clean-noinstLTLIBRARIES mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool mostlyclean-local
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all check \
+ ctags-recursive install install-am install-strip \
+ tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic clean-libtool \
+ clean-noinstLIBRARIES clean-noinstLTLIBRARIES ctags \
+ ctags-recursive distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool mostlyclean-local pdf \
+ pdf-am ps ps-am tags tags-recursive uninstall uninstall-am
+
+
+# We need the following in order to create <alloca.h> when the system
+# doesn't have one that works with the given compiler.
+alloca.h: alloca.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ cat $(srcdir)/alloca.in.h; \
+ } > $@-t && \
+ mv -f $@-t $@
+
+# We need the following in order to create <byteswap.h> when the system
+# doesn't have one.
+byteswap.h: byteswap.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ cat $(srcdir)/byteswap.in.h; \
+ } > $@-t && \
+ mv -f $@-t $@
+
+# We need the following in order to create <errno.h> when the system
+# doesn't have one that is POSIX compliant.
+errno.h: errno.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_ERRNO_H''@|$(NEXT_ERRNO_H)|g' \
+ -e 's|@''EMULTIHOP_HIDDEN''@|$(EMULTIHOP_HIDDEN)|g' \
+ -e 's|@''EMULTIHOP_VALUE''@|$(EMULTIHOP_VALUE)|g' \
+ -e 's|@''ENOLINK_HIDDEN''@|$(ENOLINK_HIDDEN)|g' \
+ -e 's|@''ENOLINK_VALUE''@|$(ENOLINK_VALUE)|g' \
+ -e 's|@''EOVERFLOW_HIDDEN''@|$(EOVERFLOW_HIDDEN)|g' \
+ -e 's|@''EOVERFLOW_VALUE''@|$(EOVERFLOW_VALUE)|g' \
+ < $(srcdir)/errno.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+
+# We need the following in order to create <float.h> when the system
+# doesn't have one that works with the given compiler.
+float.h: float.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_FLOAT_H''@|$(NEXT_FLOAT_H)|g' \
+ < $(srcdir)/float.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+
+# We need the following in order to create <stdbool.h> when the system
+# doesn't have one that works.
+stdbool.h: stdbool.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ sed -e 's/@''HAVE__BOOL''@/$(HAVE__BOOL)/g' < $(srcdir)/stdbool.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+
+# We need the following in order to create <stddef.h> when the system
+# doesn't have one that works with the given compiler.
+stddef.h: stddef.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+ sed -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_STDDEF_H''@|$(NEXT_STDDEF_H)|g' \
+ -e 's|@''HAVE_WCHAR_T''@|$(HAVE_WCHAR_T)|g' \
+ -e 's|@''REPLACE_NULL''@|$(REPLACE_NULL)|g' \
+ < $(srcdir)/stddef.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+
+# We need the following in order to create <stdint.h> when the system
+# doesn't have one that works with the given compiler.
+stdint.h: stdint.in.h
+ $(AM_V_GEN)rm -f $@-t $@ && \
+ { echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */'; \
+ sed -e 's/@''HAVE_STDINT_H''@/$(HAVE_STDINT_H)/g' \
+ -e 's|@''INCLUDE_NEXT''@|$(INCLUDE_NEXT)|g' \
+ -e 's|@''PRAGMA_SYSTEM_HEADER''@|@PRAGMA_SYSTEM_HEADER@|g' \
+ -e 's|@''PRAGMA_COLUMNS''@|@PRAGMA_COLUMNS@|g' \
+ -e 's|@''NEXT_STDINT_H''@|$(NEXT_STDINT_H)|g' \
+ -e 's/@''HAVE_SYS_TYPES_H''@/$(HAVE_SYS_TYPES_H)/g' \
+ -e 's/@''HAVE_INTTYPES_H''@/$(HAVE_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_INTTYPES_H''@/$(HAVE_SYS_INTTYPES_H)/g' \
+ -e 's/@''HAVE_SYS_BITYPES_H''@/$(HAVE_SYS_BITYPES_H)/g' \
+ -e 's/@''HAVE_WCHAR_H''@/$(HAVE_WCHAR_H)/g' \
+ -e 's/@''HAVE_LONG_LONG_INT''@/$(HAVE_LONG_LONG_INT)/g' \
+ -e 's/@''HAVE_UNSIGNED_LONG_LONG_INT''@/$(HAVE_UNSIGNED_LONG_LONG_INT)/g' \
+ -e 's/@''APPLE_UNIVERSAL_BUILD''@/$(APPLE_UNIVERSAL_BUILD)/g' \
+ -e 's/@''BITSIZEOF_PTRDIFF_T''@/$(BITSIZEOF_PTRDIFF_T)/g' \
+ -e 's/@''PTRDIFF_T_SUFFIX''@/$(PTRDIFF_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIG_ATOMIC_T''@/$(BITSIZEOF_SIG_ATOMIC_T)/g' \
+ -e 's/@''HAVE_SIGNED_SIG_ATOMIC_T''@/$(HAVE_SIGNED_SIG_ATOMIC_T)/g' \
+ -e 's/@''SIG_ATOMIC_T_SUFFIX''@/$(SIG_ATOMIC_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_SIZE_T''@/$(BITSIZEOF_SIZE_T)/g' \
+ -e 's/@''SIZE_T_SUFFIX''@/$(SIZE_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WCHAR_T''@/$(BITSIZEOF_WCHAR_T)/g' \
+ -e 's/@''HAVE_SIGNED_WCHAR_T''@/$(HAVE_SIGNED_WCHAR_T)/g' \
+ -e 's/@''WCHAR_T_SUFFIX''@/$(WCHAR_T_SUFFIX)/g' \
+ -e 's/@''BITSIZEOF_WINT_T''@/$(BITSIZEOF_WINT_T)/g' \
+ -e 's/@''HAVE_SIGNED_WINT_T''@/$(HAVE_SIGNED_WINT_T)/g' \
+ -e 's/@''WINT_T_SUFFIX''@/$(WINT_T_SUFFIX)/g' \
+ < $(srcdir)/stdint.in.h; \
+ } > $@-t && \
+ mv $@-t $@
+
+mostlyclean-local: mostlyclean-generic
+ @for dir in '' $(MOSTLYCLEANDIRS); do \
+ if test -n "$$dir" && test -d $$dir; then \
+ echo "rmdir $$dir"; rmdir $$dir; \
+ fi; \
+ done; \
+ :
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+/* Determine alignment of types.
+ Copyright (C) 2003-2004, 2006, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _ALIGNOF_H
+#define _ALIGNOF_H
+
+#include <stddef.h>
+
+/* Determine the alignment of a structure slot (field) of a given type,
+ at compile time. Note that the result depends on the ABI.
+ Note: The result cannot be used as a value for an 'enum' constant,
+ due to bugs in HP-UX 10.20 cc and AIX 3.2.5 xlc. */
+#if defined __cplusplus
+ template <class type> struct alignof_helper { char __slot1; type __slot2; };
+# define alignof_slot(type) offsetof (alignof_helper<type>, __slot2)
+#else
+# define alignof_slot(type) offsetof (struct { char __slot1; type __slot2; }, __slot2)
+#endif
+
+/* Determine the good alignment of a object of the given type at compile time.
+ Note that this is not necessarily the same as alignof_slot(type).
+ For example, with GNU C on x86 platforms: alignof_type(double) = 8, but
+ - when -malign-double is not specified: alignof_slot(double) = 4,
+ - when -malign-double is specified: alignof_slot(double) = 8.
+ Note: The result cannot be used as a value for an 'enum' constant,
+ due to bugs in HP-UX 10.20 cc and AIX 3.2.5 xlc. */
+#if defined __GNUC__
+# define alignof_type __alignof__
+#else
+# define alignof_type alignof_slot
+#endif
+
+/* alignof is an alias for alignof_slot semantics, since that's what most
+ callers need.
+ Note: The result cannot be used as a value for an 'enum' constant,
+ due to bugs in HP-UX 10.20 cc and AIX 3.2.5 xlc. */
+#define alignof alignof_slot
+
+#endif /* _ALIGNOF_H */
--- /dev/null
+/* Memory allocation on the stack.
+
+ Copyright (C) 1995, 1999, 2001-2004, 2006-2011 Free Software Foundation,
+ Inc.
+
+ This program is free software; you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published
+ by the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ USA. */
+
+/* Avoid using the symbol _ALLOCA_H here, as Bison assumes _ALLOCA_H
+ means there is a real alloca function. */
+#ifndef _GL_ALLOCA_H
+#define _GL_ALLOCA_H
+
+/* alloca (N) returns a pointer to N bytes of memory
+ allocated on the stack, which will last until the function returns.
+ Use of alloca should be avoided:
+ - inside arguments of function calls - undefined behaviour,
+ - in inline functions - the allocation may actually last until the
+ calling function returns,
+ - for huge N (say, N >= 65536) - you never know how large (or small)
+ the stack is, and when the stack cannot fulfill the memory allocation
+ request, the program just crashes.
+ */
+
+#ifndef alloca
+# ifdef __GNUC__
+# define alloca __builtin_alloca
+# elif defined _AIX
+# define alloca __alloca
+# elif defined _MSC_VER
+# include <malloc.h>
+# define alloca _alloca
+# elif defined __DECC && defined __VMS
+# define alloca __ALLOCA
+# else
+# include <stddef.h>
+# ifdef __cplusplus
+extern "C"
+# endif
+void *alloca (size_t);
+# endif
+#endif
+
+#endif /* _GL_ALLOCA_H */
--- /dev/null
+/* Formatted output to strings.
+ Copyright (C) 1999, 2002, 2006, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include "vasnprintf.h"
+
+#include <stdarg.h>
+
+char *
+asnprintf (char *resultbuf, size_t *lengthp, const char *format, ...)
+{
+ va_list args;
+ char *result;
+
+ va_start (args, format);
+ result = vasnprintf (resultbuf, lengthp, format, args);
+ va_end (args);
+ return result;
+}
--- /dev/null
+/* Formatted output to strings.
+ Copyright (C) 1999, 2002, 2006-2007, 2009-2011 Free Software Foundation,
+ Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#ifdef IN_LIBASPRINTF
+# include "vasprintf.h"
+#else
+# include <stdio.h>
+#endif
+
+#include <stdarg.h>
+
+int
+asprintf (char **resultp, const char *format, ...)
+{
+ va_list args;
+ int result;
+
+ va_start (args, format);
+ result = vasprintf (resultp, format, args);
+ va_end (args);
+ return result;
+}
--- /dev/null
+/* byteswap.h - Byte swapping
+ Copyright (C) 2005, 2007, 2009-2011 Free Software Foundation, Inc.
+ Written by Oskar Liljeblad <oskar@osk.mine.nu>, 2005.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef _GL_BYTESWAP_H
+#define _GL_BYTESWAP_H
+
+/* Given an unsigned 16-bit argument X, return the value corresponding to
+ X with reversed byte order. */
+#define bswap_16(x) ((((x) & 0x00FF) << 8) | \
+ (((x) & 0xFF00) >> 8))
+
+/* Given an unsigned 32-bit argument X, return the value corresponding to
+ X with reversed byte order. */
+#define bswap_32(x) ((((x) & 0x000000FF) << 24) | \
+ (((x) & 0x0000FF00) << 8) | \
+ (((x) & 0x00FF0000) >> 8) | \
+ (((x) & 0xFF000000) >> 24))
+
+/* Given an unsigned 64-bit argument X, return the value corresponding to
+ X with reversed byte order. */
+#define bswap_64(x) ((((x) & 0x00000000000000FFULL) << 56) | \
+ (((x) & 0x000000000000FF00ULL) << 40) | \
+ (((x) & 0x0000000000FF0000ULL) << 24) | \
+ (((x) & 0x00000000FF000000ULL) << 8) | \
+ (((x) & 0x000000FF00000000ULL) >> 8) | \
+ (((x) & 0x0000FF0000000000ULL) >> 24) | \
+ (((x) & 0x00FF000000000000ULL) >> 40) | \
+ (((x) & 0xFF00000000000000ULL) >> 56))
+
+#endif /* _GL_BYTESWAP_H */
--- /dev/null
+/* Character handling in C locale.
+
+ Copyright 2000-2003, 2006, 2009-2011 Free Software Foundation, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published by
+the Free Software Foundation; either version 2.1 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with this program; if not, write to the Free Software Foundation,
+Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#define NO_C_CTYPE_MACROS
+#include "c-ctype.h"
+
+/* The function isascii is not locale dependent. Its use in EBCDIC is
+ questionable. */
+bool
+c_isascii (int c)
+{
+ return (c >= 0x00 && c <= 0x7f);
+}
+
+bool
+c_isalnum (int c)
+{
+#if C_CTYPE_CONSECUTIVE_DIGITS \
+ && C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+#if C_CTYPE_ASCII
+ return ((c >= '0' && c <= '9')
+ || ((c & ~0x20) >= 'A' && (c & ~0x20) <= 'Z'));
+#else
+ return ((c >= '0' && c <= '9')
+ || (c >= 'A' && c <= 'Z')
+ || (c >= 'a' && c <= 'z'));
+#endif
+#else
+ switch (c)
+ {
+ case '0': case '1': case '2': case '3': case '4': case '5':
+ case '6': case '7': case '8': case '9':
+ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+ case 'G': case 'H': case 'I': case 'J': case 'K': case 'L':
+ case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R':
+ case 'S': case 'T': case 'U': case 'V': case 'W': case 'X':
+ case 'Y': case 'Z':
+ case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+ case 'g': case 'h': case 'i': case 'j': case 'k': case 'l':
+ case 'm': case 'n': case 'o': case 'p': case 'q': case 'r':
+ case 's': case 't': case 'u': case 'v': case 'w': case 'x':
+ case 'y': case 'z':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_isalpha (int c)
+{
+#if C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+#if C_CTYPE_ASCII
+ return ((c & ~0x20) >= 'A' && (c & ~0x20) <= 'Z');
+#else
+ return ((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z'));
+#endif
+#else
+ switch (c)
+ {
+ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+ case 'G': case 'H': case 'I': case 'J': case 'K': case 'L':
+ case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R':
+ case 'S': case 'T': case 'U': case 'V': case 'W': case 'X':
+ case 'Y': case 'Z':
+ case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+ case 'g': case 'h': case 'i': case 'j': case 'k': case 'l':
+ case 'm': case 'n': case 'o': case 'p': case 'q': case 'r':
+ case 's': case 't': case 'u': case 'v': case 'w': case 'x':
+ case 'y': case 'z':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_isblank (int c)
+{
+ return (c == ' ' || c == '\t');
+}
+
+bool
+c_iscntrl (int c)
+{
+#if C_CTYPE_ASCII
+ return ((c & ~0x1f) == 0 || c == 0x7f);
+#else
+ switch (c)
+ {
+ case ' ': case '!': case '"': case '#': case '$': case '%':
+ case '&': case '\'': case '(': case ')': case '*': case '+':
+ case ',': case '-': case '.': case '/':
+ case '0': case '1': case '2': case '3': case '4': case '5':
+ case '6': case '7': case '8': case '9':
+ case ':': case ';': case '<': case '=': case '>': case '?':
+ case '@':
+ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+ case 'G': case 'H': case 'I': case 'J': case 'K': case 'L':
+ case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R':
+ case 'S': case 'T': case 'U': case 'V': case 'W': case 'X':
+ case 'Y': case 'Z':
+ case '[': case '\\': case ']': case '^': case '_': case '`':
+ case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+ case 'g': case 'h': case 'i': case 'j': case 'k': case 'l':
+ case 'm': case 'n': case 'o': case 'p': case 'q': case 'r':
+ case 's': case 't': case 'u': case 'v': case 'w': case 'x':
+ case 'y': case 'z':
+ case '{': case '|': case '}': case '~':
+ return 0;
+ default:
+ return 1;
+ }
+#endif
+}
+
+bool
+c_isdigit (int c)
+{
+#if C_CTYPE_CONSECUTIVE_DIGITS
+ return (c >= '0' && c <= '9');
+#else
+ switch (c)
+ {
+ case '0': case '1': case '2': case '3': case '4': case '5':
+ case '6': case '7': case '8': case '9':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_islower (int c)
+{
+#if C_CTYPE_CONSECUTIVE_LOWERCASE
+ return (c >= 'a' && c <= 'z');
+#else
+ switch (c)
+ {
+ case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+ case 'g': case 'h': case 'i': case 'j': case 'k': case 'l':
+ case 'm': case 'n': case 'o': case 'p': case 'q': case 'r':
+ case 's': case 't': case 'u': case 'v': case 'w': case 'x':
+ case 'y': case 'z':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_isgraph (int c)
+{
+#if C_CTYPE_ASCII
+ return (c >= '!' && c <= '~');
+#else
+ switch (c)
+ {
+ case '!': case '"': case '#': case '$': case '%': case '&':
+ case '\'': case '(': case ')': case '*': case '+': case ',':
+ case '-': case '.': case '/':
+ case '0': case '1': case '2': case '3': case '4': case '5':
+ case '6': case '7': case '8': case '9':
+ case ':': case ';': case '<': case '=': case '>': case '?':
+ case '@':
+ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+ case 'G': case 'H': case 'I': case 'J': case 'K': case 'L':
+ case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R':
+ case 'S': case 'T': case 'U': case 'V': case 'W': case 'X':
+ case 'Y': case 'Z':
+ case '[': case '\\': case ']': case '^': case '_': case '`':
+ case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+ case 'g': case 'h': case 'i': case 'j': case 'k': case 'l':
+ case 'm': case 'n': case 'o': case 'p': case 'q': case 'r':
+ case 's': case 't': case 'u': case 'v': case 'w': case 'x':
+ case 'y': case 'z':
+ case '{': case '|': case '}': case '~':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_isprint (int c)
+{
+#if C_CTYPE_ASCII
+ return (c >= ' ' && c <= '~');
+#else
+ switch (c)
+ {
+ case ' ': case '!': case '"': case '#': case '$': case '%':
+ case '&': case '\'': case '(': case ')': case '*': case '+':
+ case ',': case '-': case '.': case '/':
+ case '0': case '1': case '2': case '3': case '4': case '5':
+ case '6': case '7': case '8': case '9':
+ case ':': case ';': case '<': case '=': case '>': case '?':
+ case '@':
+ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+ case 'G': case 'H': case 'I': case 'J': case 'K': case 'L':
+ case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R':
+ case 'S': case 'T': case 'U': case 'V': case 'W': case 'X':
+ case 'Y': case 'Z':
+ case '[': case '\\': case ']': case '^': case '_': case '`':
+ case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+ case 'g': case 'h': case 'i': case 'j': case 'k': case 'l':
+ case 'm': case 'n': case 'o': case 'p': case 'q': case 'r':
+ case 's': case 't': case 'u': case 'v': case 'w': case 'x':
+ case 'y': case 'z':
+ case '{': case '|': case '}': case '~':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_ispunct (int c)
+{
+#if C_CTYPE_ASCII
+ return ((c >= '!' && c <= '~')
+ && !((c >= '0' && c <= '9')
+ || ((c & ~0x20) >= 'A' && (c & ~0x20) <= 'Z')));
+#else
+ switch (c)
+ {
+ case '!': case '"': case '#': case '$': case '%': case '&':
+ case '\'': case '(': case ')': case '*': case '+': case ',':
+ case '-': case '.': case '/':
+ case ':': case ';': case '<': case '=': case '>': case '?':
+ case '@':
+ case '[': case '\\': case ']': case '^': case '_': case '`':
+ case '{': case '|': case '}': case '~':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_isspace (int c)
+{
+ return (c == ' ' || c == '\t'
+ || c == '\n' || c == '\v' || c == '\f' || c == '\r');
+}
+
+bool
+c_isupper (int c)
+{
+#if C_CTYPE_CONSECUTIVE_UPPERCASE
+ return (c >= 'A' && c <= 'Z');
+#else
+ switch (c)
+ {
+ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+ case 'G': case 'H': case 'I': case 'J': case 'K': case 'L':
+ case 'M': case 'N': case 'O': case 'P': case 'Q': case 'R':
+ case 'S': case 'T': case 'U': case 'V': case 'W': case 'X':
+ case 'Y': case 'Z':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+bool
+c_isxdigit (int c)
+{
+#if C_CTYPE_CONSECUTIVE_DIGITS \
+ && C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+#if C_CTYPE_ASCII
+ return ((c >= '0' && c <= '9')
+ || ((c & ~0x20) >= 'A' && (c & ~0x20) <= 'F'));
+#else
+ return ((c >= '0' && c <= '9')
+ || (c >= 'A' && c <= 'F')
+ || (c >= 'a' && c <= 'f'));
+#endif
+#else
+ switch (c)
+ {
+ case '0': case '1': case '2': case '3': case '4': case '5':
+ case '6': case '7': case '8': case '9':
+ case 'A': case 'B': case 'C': case 'D': case 'E': case 'F':
+ case 'a': case 'b': case 'c': case 'd': case 'e': case 'f':
+ return 1;
+ default:
+ return 0;
+ }
+#endif
+}
+
+int
+c_tolower (int c)
+{
+#if C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+ return (c >= 'A' && c <= 'Z' ? c - 'A' + 'a' : c);
+#else
+ switch (c)
+ {
+ case 'A': return 'a';
+ case 'B': return 'b';
+ case 'C': return 'c';
+ case 'D': return 'd';
+ case 'E': return 'e';
+ case 'F': return 'f';
+ case 'G': return 'g';
+ case 'H': return 'h';
+ case 'I': return 'i';
+ case 'J': return 'j';
+ case 'K': return 'k';
+ case 'L': return 'l';
+ case 'M': return 'm';
+ case 'N': return 'n';
+ case 'O': return 'o';
+ case 'P': return 'p';
+ case 'Q': return 'q';
+ case 'R': return 'r';
+ case 'S': return 's';
+ case 'T': return 't';
+ case 'U': return 'u';
+ case 'V': return 'v';
+ case 'W': return 'w';
+ case 'X': return 'x';
+ case 'Y': return 'y';
+ case 'Z': return 'z';
+ default: return c;
+ }
+#endif
+}
+
+int
+c_toupper (int c)
+{
+#if C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+ return (c >= 'a' && c <= 'z' ? c - 'a' + 'A' : c);
+#else
+ switch (c)
+ {
+ case 'a': return 'A';
+ case 'b': return 'B';
+ case 'c': return 'C';
+ case 'd': return 'D';
+ case 'e': return 'E';
+ case 'f': return 'F';
+ case 'g': return 'G';
+ case 'h': return 'H';
+ case 'i': return 'I';
+ case 'j': return 'J';
+ case 'k': return 'K';
+ case 'l': return 'L';
+ case 'm': return 'M';
+ case 'n': return 'N';
+ case 'o': return 'O';
+ case 'p': return 'P';
+ case 'q': return 'Q';
+ case 'r': return 'R';
+ case 's': return 'S';
+ case 't': return 'T';
+ case 'u': return 'U';
+ case 'v': return 'V';
+ case 'w': return 'W';
+ case 'x': return 'X';
+ case 'y': return 'Y';
+ case 'z': return 'Z';
+ default: return c;
+ }
+#endif
+}
--- /dev/null
+/* Character handling in C locale.
+
+ These functions work like the corresponding functions in <ctype.h>,
+ except that they have the C (POSIX) locale hardwired, whereas the
+ <ctype.h> functions' behaviour depends on the current locale set via
+ setlocale.
+
+ Copyright (C) 2000-2003, 2006, 2008-2011 Free Software Foundation, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU Lesser General Public License as published by
+the Free Software Foundation; either version 2.1 of the License, or
+(at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with this program; if not, write to the Free Software Foundation,
+Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef C_CTYPE_H
+#define C_CTYPE_H
+
+#include <stdbool.h>
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* The functions defined in this file assume the "C" locale and a character
+ set without diacritics (ASCII-US or EBCDIC-US or something like that).
+ Even if the "C" locale on a particular system is an extension of the ASCII
+ character set (like on BeOS, where it is UTF-8, or on AmigaOS, where it
+ is ISO-8859-1), the functions in this file recognize only the ASCII
+ characters. */
+
+
+/* Check whether the ASCII optimizations apply. */
+
+/* ANSI C89 (and ISO C99 5.2.1.3 too) already guarantees that
+ '0', '1', ..., '9' have consecutive integer values. */
+#define C_CTYPE_CONSECUTIVE_DIGITS 1
+
+#if ('A' <= 'Z') \
+ && ('A' + 1 == 'B') && ('B' + 1 == 'C') && ('C' + 1 == 'D') \
+ && ('D' + 1 == 'E') && ('E' + 1 == 'F') && ('F' + 1 == 'G') \
+ && ('G' + 1 == 'H') && ('H' + 1 == 'I') && ('I' + 1 == 'J') \
+ && ('J' + 1 == 'K') && ('K' + 1 == 'L') && ('L' + 1 == 'M') \
+ && ('M' + 1 == 'N') && ('N' + 1 == 'O') && ('O' + 1 == 'P') \
+ && ('P' + 1 == 'Q') && ('Q' + 1 == 'R') && ('R' + 1 == 'S') \
+ && ('S' + 1 == 'T') && ('T' + 1 == 'U') && ('U' + 1 == 'V') \
+ && ('V' + 1 == 'W') && ('W' + 1 == 'X') && ('X' + 1 == 'Y') \
+ && ('Y' + 1 == 'Z')
+#define C_CTYPE_CONSECUTIVE_UPPERCASE 1
+#endif
+
+#if ('a' <= 'z') \
+ && ('a' + 1 == 'b') && ('b' + 1 == 'c') && ('c' + 1 == 'd') \
+ && ('d' + 1 == 'e') && ('e' + 1 == 'f') && ('f' + 1 == 'g') \
+ && ('g' + 1 == 'h') && ('h' + 1 == 'i') && ('i' + 1 == 'j') \
+ && ('j' + 1 == 'k') && ('k' + 1 == 'l') && ('l' + 1 == 'm') \
+ && ('m' + 1 == 'n') && ('n' + 1 == 'o') && ('o' + 1 == 'p') \
+ && ('p' + 1 == 'q') && ('q' + 1 == 'r') && ('r' + 1 == 's') \
+ && ('s' + 1 == 't') && ('t' + 1 == 'u') && ('u' + 1 == 'v') \
+ && ('v' + 1 == 'w') && ('w' + 1 == 'x') && ('x' + 1 == 'y') \
+ && ('y' + 1 == 'z')
+#define C_CTYPE_CONSECUTIVE_LOWERCASE 1
+#endif
+
+#if (' ' == 32) && ('!' == 33) && ('"' == 34) && ('#' == 35) \
+ && ('%' == 37) && ('&' == 38) && ('\'' == 39) && ('(' == 40) \
+ && (')' == 41) && ('*' == 42) && ('+' == 43) && (',' == 44) \
+ && ('-' == 45) && ('.' == 46) && ('/' == 47) && ('0' == 48) \
+ && ('1' == 49) && ('2' == 50) && ('3' == 51) && ('4' == 52) \
+ && ('5' == 53) && ('6' == 54) && ('7' == 55) && ('8' == 56) \
+ && ('9' == 57) && (':' == 58) && (';' == 59) && ('<' == 60) \
+ && ('=' == 61) && ('>' == 62) && ('?' == 63) && ('A' == 65) \
+ && ('B' == 66) && ('C' == 67) && ('D' == 68) && ('E' == 69) \
+ && ('F' == 70) && ('G' == 71) && ('H' == 72) && ('I' == 73) \
+ && ('J' == 74) && ('K' == 75) && ('L' == 76) && ('M' == 77) \
+ && ('N' == 78) && ('O' == 79) && ('P' == 80) && ('Q' == 81) \
+ && ('R' == 82) && ('S' == 83) && ('T' == 84) && ('U' == 85) \
+ && ('V' == 86) && ('W' == 87) && ('X' == 88) && ('Y' == 89) \
+ && ('Z' == 90) && ('[' == 91) && ('\\' == 92) && (']' == 93) \
+ && ('^' == 94) && ('_' == 95) && ('a' == 97) && ('b' == 98) \
+ && ('c' == 99) && ('d' == 100) && ('e' == 101) && ('f' == 102) \
+ && ('g' == 103) && ('h' == 104) && ('i' == 105) && ('j' == 106) \
+ && ('k' == 107) && ('l' == 108) && ('m' == 109) && ('n' == 110) \
+ && ('o' == 111) && ('p' == 112) && ('q' == 113) && ('r' == 114) \
+ && ('s' == 115) && ('t' == 116) && ('u' == 117) && ('v' == 118) \
+ && ('w' == 119) && ('x' == 120) && ('y' == 121) && ('z' == 122) \
+ && ('{' == 123) && ('|' == 124) && ('}' == 125) && ('~' == 126)
+/* The character set is ASCII or one of its variants or extensions, not EBCDIC.
+ Testing the value of '\n' and '\r' is not relevant. */
+#define C_CTYPE_ASCII 1
+#endif
+
+
+/* Function declarations. */
+
+/* Unlike the functions in <ctype.h>, which require an argument in the range
+ of the 'unsigned char' type, the functions here operate on values that are
+ in the 'unsigned char' range or in the 'char' range. In other words,
+ when you have a 'char' value, you need to cast it before using it as
+ argument to a <ctype.h> function:
+
+ const char *s = ...;
+ if (isalpha ((unsigned char) *s)) ...
+
+ but you don't need to cast it for the functions defined in this file:
+
+ const char *s = ...;
+ if (c_isalpha (*s)) ...
+ */
+
+extern bool c_isascii (int c); /* not locale dependent */
+
+extern bool c_isalnum (int c);
+extern bool c_isalpha (int c);
+extern bool c_isblank (int c);
+extern bool c_iscntrl (int c);
+extern bool c_isdigit (int c);
+extern bool c_islower (int c);
+extern bool c_isgraph (int c);
+extern bool c_isprint (int c);
+extern bool c_ispunct (int c);
+extern bool c_isspace (int c);
+extern bool c_isupper (int c);
+extern bool c_isxdigit (int c);
+
+extern int c_tolower (int c);
+extern int c_toupper (int c);
+
+
+#if defined __GNUC__ && defined __OPTIMIZE__ && !defined __OPTIMIZE_SIZE__ && !defined NO_C_CTYPE_MACROS
+
+/* ASCII optimizations. */
+
+#undef c_isascii
+#define c_isascii(c) \
+ ({ int __c = (c); \
+ (__c >= 0x00 && __c <= 0x7f); \
+ })
+
+#if C_CTYPE_CONSECUTIVE_DIGITS \
+ && C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+#if C_CTYPE_ASCII
+#undef c_isalnum
+#define c_isalnum(c) \
+ ({ int __c = (c); \
+ ((__c >= '0' && __c <= '9') \
+ || ((__c & ~0x20) >= 'A' && (__c & ~0x20) <= 'Z')); \
+ })
+#else
+#undef c_isalnum
+#define c_isalnum(c) \
+ ({ int __c = (c); \
+ ((__c >= '0' && __c <= '9') \
+ || (__c >= 'A' && __c <= 'Z') \
+ || (__c >= 'a' && __c <= 'z')); \
+ })
+#endif
+#endif
+
+#if C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+#if C_CTYPE_ASCII
+#undef c_isalpha
+#define c_isalpha(c) \
+ ({ int __c = (c); \
+ ((__c & ~0x20) >= 'A' && (__c & ~0x20) <= 'Z'); \
+ })
+#else
+#undef c_isalpha
+#define c_isalpha(c) \
+ ({ int __c = (c); \
+ ((__c >= 'A' && __c <= 'Z') || (__c >= 'a' && __c <= 'z')); \
+ })
+#endif
+#endif
+
+#undef c_isblank
+#define c_isblank(c) \
+ ({ int __c = (c); \
+ (__c == ' ' || __c == '\t'); \
+ })
+
+#if C_CTYPE_ASCII
+#undef c_iscntrl
+#define c_iscntrl(c) \
+ ({ int __c = (c); \
+ ((__c & ~0x1f) == 0 || __c == 0x7f); \
+ })
+#endif
+
+#if C_CTYPE_CONSECUTIVE_DIGITS
+#undef c_isdigit
+#define c_isdigit(c) \
+ ({ int __c = (c); \
+ (__c >= '0' && __c <= '9'); \
+ })
+#endif
+
+#if C_CTYPE_CONSECUTIVE_LOWERCASE
+#undef c_islower
+#define c_islower(c) \
+ ({ int __c = (c); \
+ (__c >= 'a' && __c <= 'z'); \
+ })
+#endif
+
+#if C_CTYPE_ASCII
+#undef c_isgraph
+#define c_isgraph(c) \
+ ({ int __c = (c); \
+ (__c >= '!' && __c <= '~'); \
+ })
+#endif
+
+#if C_CTYPE_ASCII
+#undef c_isprint
+#define c_isprint(c) \
+ ({ int __c = (c); \
+ (__c >= ' ' && __c <= '~'); \
+ })
+#endif
+
+#if C_CTYPE_ASCII
+#undef c_ispunct
+#define c_ispunct(c) \
+ ({ int _c = (c); \
+ (c_isgraph (_c) && ! c_isalnum (_c)); \
+ })
+#endif
+
+#undef c_isspace
+#define c_isspace(c) \
+ ({ int __c = (c); \
+ (__c == ' ' || __c == '\t' \
+ || __c == '\n' || __c == '\v' || __c == '\f' || __c == '\r'); \
+ })
+
+#if C_CTYPE_CONSECUTIVE_UPPERCASE
+#undef c_isupper
+#define c_isupper(c) \
+ ({ int __c = (c); \
+ (__c >= 'A' && __c <= 'Z'); \
+ })
+#endif
+
+#if C_CTYPE_CONSECUTIVE_DIGITS \
+ && C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+#if C_CTYPE_ASCII
+#undef c_isxdigit
+#define c_isxdigit(c) \
+ ({ int __c = (c); \
+ ((__c >= '0' && __c <= '9') \
+ || ((__c & ~0x20) >= 'A' && (__c & ~0x20) <= 'F')); \
+ })
+#else
+#undef c_isxdigit
+#define c_isxdigit(c) \
+ ({ int __c = (c); \
+ ((__c >= '0' && __c <= '9') \
+ || (__c >= 'A' && __c <= 'F') \
+ || (__c >= 'a' && __c <= 'f')); \
+ })
+#endif
+#endif
+
+#if C_CTYPE_CONSECUTIVE_UPPERCASE && C_CTYPE_CONSECUTIVE_LOWERCASE
+#undef c_tolower
+#define c_tolower(c) \
+ ({ int __c = (c); \
+ (__c >= 'A' && __c <= 'Z' ? __c - 'A' + 'a' : __c); \
+ })
+#undef c_toupper
+#define c_toupper(c) \
+ ({ int __c = (c); \
+ (__c >= 'a' && __c <= 'z' ? __c - 'a' + 'A' : __c); \
+ })
+#endif
+
+#endif /* optimizing for speed */
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* C_CTYPE_H */
--- /dev/null
+/* Hook for making the close() function extensible.
+ Copyright (C) 2009-2011 Free Software Foundation, Inc.
+ Written by Bruno Haible <bruno@clisp.org>, 2009.
+
+ This program is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published
+ by the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+/* Specification. */
+#include "close-hook.h"
+
+#include <stdlib.h>
+#include <unistd.h>
+
+#undef close
+
+
+/* Currently, this entire code is only needed for the handling of sockets
+ on native Windows platforms. */
+#if WINDOWS_SOCKETS
+
+/* The first and last link in the doubly linked list.
+ Initially the list is empty. */
+static struct close_hook anchor = { &anchor, &anchor, NULL };
+
+int
+execute_close_hooks (int fd, const struct close_hook *remaining_list)
+{
+ if (remaining_list == &anchor)
+ /* End of list reached. */
+ return close (fd);
+ else
+ return remaining_list->private_fn (fd, remaining_list->private_next);
+}
+
+int
+execute_all_close_hooks (int fd)
+{
+ return execute_close_hooks (fd, anchor.private_next);
+}
+
+void
+register_close_hook (close_hook_fn hook, struct close_hook *link)
+{
+ if (link->private_next == NULL && link->private_prev == NULL)
+ {
+ /* Add the link to the doubly linked list. */
+ link->private_next = anchor.private_next;
+ link->private_prev = &anchor;
+ link->private_fn = hook;
+ anchor.private_next->private_prev = link;
+ anchor.private_next = link;
+ }
+ else
+ {
+ /* The link is already in use. */
+ if (link->private_fn != hook)
+ abort ();
+ }
+}
+
+void
+unregister_close_hook (struct close_hook *link)
+{
+ struct close_hook *next = link->private_next;
+ struct close_hook *prev = link->private_prev;
+
+ if (next != NULL && prev != NULL)
+ {
+ /* The link is in use. Remove it from the doubly linked list. */
+ prev->private_next = next;
+ next->private_prev = prev;
+ /* Clear the link, to mark it unused. */
+ link->private_next = NULL;
+ link->private_prev = NULL;
+ link->private_fn = NULL;
+ }
+}
+
+#endif
--- /dev/null
+/* Hook for making the close() function extensible.
+ Copyright (C) 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify it
+ under the terms of the GNU Lesser General Public License as published
+ by the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+
+#ifndef CLOSE_HOOK_H
+#define CLOSE_HOOK_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* Currently, this entire code is only needed for the handling of sockets
+ on native Windows platforms. */
+#if WINDOWS_SOCKETS
+
+
+/* An element of the list of close hooks.
+ The fields of this structure are considered private. */
+struct close_hook
+{
+ /* Doubly linked list. */
+ struct close_hook *private_next;
+ struct close_hook *private_prev;
+ /* Function that treats the types of FD that it knows about and calls
+ execute_close_hooks (FD, REMAINING_LIST) as a fallback. */
+ int (*private_fn) (int fd, const struct close_hook *remaining_list);
+};
+
+/* This type of function closes FD, applying special knowledge for the FD
+ types it knows about, and calls execute_close_hooks (FD, REMAINING_LIST)
+ for the other FD types. */
+typedef int (*close_hook_fn) (int fd, const struct close_hook *remaining_list);
+
+/* Execute the close hooks in REMAINING_LIST.
+ Return 0 or -1, like close() would do. */
+extern int execute_close_hooks (int fd, const struct close_hook *remaining_list);
+
+/* Execute all close hooks.
+ Return 0 or -1, like close() would do. */
+extern int execute_all_close_hooks (int fd);
+
+/* Add a function to the list of close hooks.
+ The LINK variable points to a piece of memory which is guaranteed to be
+ accessible until the corresponding call to unregister_close_hook. */
+extern void register_close_hook (close_hook_fn hook, struct close_hook *link);
+
+/* Removes a function from the list of close hooks. */
+extern void unregister_close_hook (struct close_hook *link);
+
+
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* CLOSE_HOOK_H */
--- /dev/null
+/* A POSIX-like <errno.h>.
+
+ Copyright (C) 2008-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _GL_ERRNO_H
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_ERRNO_H@
+
+#ifndef _GL_ERRNO_H
+#define _GL_ERRNO_H
+
+
+/* On native Windows platforms, many macros are not defined. */
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+
+/* POSIX says that EAGAIN and EWOULDBLOCK may have the same value. */
+# define EWOULDBLOCK EAGAIN
+
+/* Values >= 100 seem safe to use. */
+# define ETXTBSY 100
+# define GNULIB_defined_ETXTBSY 1
+
+/* These are intentionally the same values as the WSA* error numbers, defined
+ in <winsock2.h>. */
+# define EINPROGRESS 10036
+# define EALREADY 10037
+# define ENOTSOCK 10038
+# define EDESTADDRREQ 10039
+# define EMSGSIZE 10040
+# define EPROTOTYPE 10041
+# define ENOPROTOOPT 10042
+# define EPROTONOSUPPORT 10043
+# define ESOCKTNOSUPPORT 10044 /* not required by POSIX */
+# define EOPNOTSUPP 10045
+# define EPFNOSUPPORT 10046 /* not required by POSIX */
+# define EAFNOSUPPORT 10047
+# define EADDRINUSE 10048
+# define EADDRNOTAVAIL 10049
+# define ENETDOWN 10050
+# define ENETUNREACH 10051
+# define ENETRESET 10052
+# define ECONNABORTED 10053
+# define ECONNRESET 10054
+# define ENOBUFS 10055
+# define EISCONN 10056
+# define ENOTCONN 10057
+# define ESHUTDOWN 10058 /* not required by POSIX */
+# define ETOOMANYREFS 10059 /* not required by POSIX */
+# define ETIMEDOUT 10060
+# define ECONNREFUSED 10061
+# define ELOOP 10062
+# define EHOSTDOWN 10064 /* not required by POSIX */
+# define EHOSTUNREACH 10065
+# define EPROCLIM 10067 /* not required by POSIX */
+# define EUSERS 10068 /* not required by POSIX */
+# define EDQUOT 10069
+# define ESTALE 10070
+# define EREMOTE 10071 /* not required by POSIX */
+# define GNULIB_defined_ESOCK 1
+
+# endif
+
+
+/* On OSF/1 5.1, when _XOPEN_SOURCE_EXTENDED is not defined, the macros
+ EMULTIHOP, ENOLINK, EOVERFLOW are not defined. */
+# if @EMULTIHOP_HIDDEN@
+# define EMULTIHOP @EMULTIHOP_VALUE@
+# define GNULIB_defined_EMULTIHOP 1
+# endif
+# if @ENOLINK_HIDDEN@
+# define ENOLINK @ENOLINK_VALUE@
+# define GNULIB_defined_ENOLINK 1
+# endif
+# if @EOVERFLOW_HIDDEN@
+# define EOVERFLOW @EOVERFLOW_VALUE@
+# define GNULIB_defined_EOVERFLOW 1
+# endif
+
+
+/* On OpenBSD 4.0 and on native Windows, the macros ENOMSG, EIDRM, ENOLINK,
+ EPROTO, EMULTIHOP, EBADMSG, EOVERFLOW, ENOTSUP, ECANCELED are not defined.
+ Likewise, on NonStop Kernel, EDQUOT is not defined.
+ Define them here. Values >= 2000 seem safe to use: Solaris ESTALE = 151,
+ HP-UX EWOULDBLOCK = 246, IRIX EDQUOT = 1133.
+
+ Note: When one of these systems defines some of these macros some day,
+ binaries will have to be recompiled so that they recognizes the new
+ errno values from the system. */
+
+# ifndef ENOMSG
+# define ENOMSG 2000
+# define GNULIB_defined_ENOMSG 1
+# endif
+
+# ifndef EIDRM
+# define EIDRM 2001
+# define GNULIB_defined_EIDRM 1
+# endif
+
+# ifndef ENOLINK
+# define ENOLINK 2002
+# define GNULIB_defined_ENOLINK 1
+# endif
+
+# ifndef EPROTO
+# define EPROTO 2003
+# define GNULIB_defined_EPROTO 1
+# endif
+
+# ifndef EMULTIHOP
+# define EMULTIHOP 2004
+# define GNULIB_defined_EMULTIHOP 1
+# endif
+
+# ifndef EBADMSG
+# define EBADMSG 2005
+# define GNULIB_defined_EBADMSG 1
+# endif
+
+# ifndef EOVERFLOW
+# define EOVERFLOW 2006
+# define GNULIB_defined_EOVERFLOW 1
+# endif
+
+# ifndef ENOTSUP
+# define ENOTSUP 2007
+# define GNULIB_defined_ENOTSUP 1
+# endif
+
+# ifndef ESTALE
+# define ESTALE 2009
+# define GNULIB_defined_ESTALE 1
+# endif
+
+# ifndef EDQUOT
+# define EDQUOT 2010
+# define GNULIB_defined_EDQUOT 1
+# endif
+
+# ifndef ECANCELED
+# define ECANCELED 2008
+# define GNULIB_defined_ECANCELED 1
+# endif
+
+
+#endif /* _GL_ERRNO_H */
+#endif /* _GL_ERRNO_H */
--- /dev/null
+/* Supplemental information about the floating-point formats.
+ Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+ Written by Bruno Haible <bruno@clisp.org>, 2007.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _FLOATPLUS_H
+#define _FLOATPLUS_H
+
+#include <float.h>
+#include <limits.h>
+
+/* Number of bits in the mantissa of a floating-point number, including the
+ "hidden bit". */
+#if FLT_RADIX == 2
+# define FLT_MANT_BIT FLT_MANT_DIG
+# define DBL_MANT_BIT DBL_MANT_DIG
+# define LDBL_MANT_BIT LDBL_MANT_DIG
+#elif FLT_RADIX == 4
+# define FLT_MANT_BIT (FLT_MANT_DIG * 2)
+# define DBL_MANT_BIT (DBL_MANT_DIG * 2)
+# define LDBL_MANT_BIT (LDBL_MANT_DIG * 2)
+#elif FLT_RADIX == 16
+# define FLT_MANT_BIT (FLT_MANT_DIG * 4)
+# define DBL_MANT_BIT (DBL_MANT_DIG * 4)
+# define LDBL_MANT_BIT (LDBL_MANT_DIG * 4)
+#endif
+
+/* Bit mask that can be used to mask the exponent, as an unsigned number. */
+#define FLT_EXP_MASK ((FLT_MAX_EXP - FLT_MIN_EXP) | 7)
+#define DBL_EXP_MASK ((DBL_MAX_EXP - DBL_MIN_EXP) | 7)
+#define LDBL_EXP_MASK ((LDBL_MAX_EXP - LDBL_MIN_EXP) | 7)
+
+/* Number of bits used for the exponent of a floating-point number, including
+ the exponent's sign. */
+#define FLT_EXP_BIT \
+ (FLT_EXP_MASK < 0x100 ? 8 : \
+ FLT_EXP_MASK < 0x200 ? 9 : \
+ FLT_EXP_MASK < 0x400 ? 10 : \
+ FLT_EXP_MASK < 0x800 ? 11 : \
+ FLT_EXP_MASK < 0x1000 ? 12 : \
+ FLT_EXP_MASK < 0x2000 ? 13 : \
+ FLT_EXP_MASK < 0x4000 ? 14 : \
+ FLT_EXP_MASK < 0x8000 ? 15 : \
+ FLT_EXP_MASK < 0x10000 ? 16 : \
+ FLT_EXP_MASK < 0x20000 ? 17 : \
+ FLT_EXP_MASK < 0x40000 ? 18 : \
+ FLT_EXP_MASK < 0x80000 ? 19 : \
+ FLT_EXP_MASK < 0x100000 ? 20 : \
+ FLT_EXP_MASK < 0x200000 ? 21 : \
+ FLT_EXP_MASK < 0x400000 ? 22 : \
+ FLT_EXP_MASK < 0x800000 ? 23 : \
+ FLT_EXP_MASK < 0x1000000 ? 24 : \
+ FLT_EXP_MASK < 0x2000000 ? 25 : \
+ FLT_EXP_MASK < 0x4000000 ? 26 : \
+ FLT_EXP_MASK < 0x8000000 ? 27 : \
+ FLT_EXP_MASK < 0x10000000 ? 28 : \
+ FLT_EXP_MASK < 0x20000000 ? 29 : \
+ FLT_EXP_MASK < 0x40000000 ? 30 : \
+ FLT_EXP_MASK <= 0x7fffffff ? 31 : \
+ 32)
+#define DBL_EXP_BIT \
+ (DBL_EXP_MASK < 0x100 ? 8 : \
+ DBL_EXP_MASK < 0x200 ? 9 : \
+ DBL_EXP_MASK < 0x400 ? 10 : \
+ DBL_EXP_MASK < 0x800 ? 11 : \
+ DBL_EXP_MASK < 0x1000 ? 12 : \
+ DBL_EXP_MASK < 0x2000 ? 13 : \
+ DBL_EXP_MASK < 0x4000 ? 14 : \
+ DBL_EXP_MASK < 0x8000 ? 15 : \
+ DBL_EXP_MASK < 0x10000 ? 16 : \
+ DBL_EXP_MASK < 0x20000 ? 17 : \
+ DBL_EXP_MASK < 0x40000 ? 18 : \
+ DBL_EXP_MASK < 0x80000 ? 19 : \
+ DBL_EXP_MASK < 0x100000 ? 20 : \
+ DBL_EXP_MASK < 0x200000 ? 21 : \
+ DBL_EXP_MASK < 0x400000 ? 22 : \
+ DBL_EXP_MASK < 0x800000 ? 23 : \
+ DBL_EXP_MASK < 0x1000000 ? 24 : \
+ DBL_EXP_MASK < 0x2000000 ? 25 : \
+ DBL_EXP_MASK < 0x4000000 ? 26 : \
+ DBL_EXP_MASK < 0x8000000 ? 27 : \
+ DBL_EXP_MASK < 0x10000000 ? 28 : \
+ DBL_EXP_MASK < 0x20000000 ? 29 : \
+ DBL_EXP_MASK < 0x40000000 ? 30 : \
+ DBL_EXP_MASK <= 0x7fffffff ? 31 : \
+ 32)
+#define LDBL_EXP_BIT \
+ (LDBL_EXP_MASK < 0x100 ? 8 : \
+ LDBL_EXP_MASK < 0x200 ? 9 : \
+ LDBL_EXP_MASK < 0x400 ? 10 : \
+ LDBL_EXP_MASK < 0x800 ? 11 : \
+ LDBL_EXP_MASK < 0x1000 ? 12 : \
+ LDBL_EXP_MASK < 0x2000 ? 13 : \
+ LDBL_EXP_MASK < 0x4000 ? 14 : \
+ LDBL_EXP_MASK < 0x8000 ? 15 : \
+ LDBL_EXP_MASK < 0x10000 ? 16 : \
+ LDBL_EXP_MASK < 0x20000 ? 17 : \
+ LDBL_EXP_MASK < 0x40000 ? 18 : \
+ LDBL_EXP_MASK < 0x80000 ? 19 : \
+ LDBL_EXP_MASK < 0x100000 ? 20 : \
+ LDBL_EXP_MASK < 0x200000 ? 21 : \
+ LDBL_EXP_MASK < 0x400000 ? 22 : \
+ LDBL_EXP_MASK < 0x800000 ? 23 : \
+ LDBL_EXP_MASK < 0x1000000 ? 24 : \
+ LDBL_EXP_MASK < 0x2000000 ? 25 : \
+ LDBL_EXP_MASK < 0x4000000 ? 26 : \
+ LDBL_EXP_MASK < 0x8000000 ? 27 : \
+ LDBL_EXP_MASK < 0x10000000 ? 28 : \
+ LDBL_EXP_MASK < 0x20000000 ? 29 : \
+ LDBL_EXP_MASK < 0x40000000 ? 30 : \
+ LDBL_EXP_MASK <= 0x7fffffff ? 31 : \
+ 32)
+
+/* Number of bits used for a floating-point number: the mantissa (not
+ counting the "hidden bit", since it may or may not be explicit), the
+ exponent, and the sign. */
+#define FLT_TOTAL_BIT ((FLT_MANT_BIT - 1) + FLT_EXP_BIT + 1)
+#define DBL_TOTAL_BIT ((DBL_MANT_BIT - 1) + DBL_EXP_BIT + 1)
+#define LDBL_TOTAL_BIT ((LDBL_MANT_BIT - 1) + LDBL_EXP_BIT + 1)
+
+/* Number of bytes used for a floating-point number.
+ This can be smaller than the 'sizeof'. For example, on i386 systems,
+ 'long double' most often have LDBL_MANT_BIT = 64, LDBL_EXP_BIT = 16, hence
+ LDBL_TOTAL_BIT = 80 bits, i.e. 10 bytes of consecutive memory, but
+ sizeof (long double) = 12 or = 16. */
+#define SIZEOF_FLT ((FLT_TOTAL_BIT + CHAR_BIT - 1) / CHAR_BIT)
+#define SIZEOF_DBL ((DBL_TOTAL_BIT + CHAR_BIT - 1) / CHAR_BIT)
+#define SIZEOF_LDBL ((LDBL_TOTAL_BIT + CHAR_BIT - 1) / CHAR_BIT)
+
+/* Verify that SIZEOF_FLT <= sizeof (float) etc. */
+typedef int verify_sizeof_flt[SIZEOF_FLT <= sizeof (float) ? 1 : -1];
+typedef int verify_sizeof_dbl[SIZEOF_DBL <= sizeof (double) ? 1 : - 1];
+typedef int verify_sizeof_ldbl[SIZEOF_LDBL <= sizeof (long double) ? 1 : - 1];
+
+#endif /* _FLOATPLUS_H */
--- /dev/null
+/* A correct <float.h>.
+
+ Copyright (C) 2007-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef _GL_FLOAT_H
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_FLOAT_H@
+
+#ifndef _GL_FLOAT_H
+#define _GL_FLOAT_H
+
+/* 'long double' properties. */
+#if defined __i386__ && (defined __BEOS__ || defined __OpenBSD__)
+/* Number of mantissa units, in base FLT_RADIX. */
+# undef LDBL_MANT_DIG
+# define LDBL_MANT_DIG 64
+/* Number of decimal digits that is sufficient for representing a number. */
+# undef LDBL_DIG
+# define LDBL_DIG 18
+/* x-1 where x is the smallest representable number > 1. */
+# undef LDBL_EPSILON
+# define LDBL_EPSILON 1.0842021724855044340E-19L
+/* Minimum e such that FLT_RADIX^(e-1) is a normalized number. */
+# undef LDBL_MIN_EXP
+# define LDBL_MIN_EXP (-16381)
+/* Maximum e such that FLT_RADIX^(e-1) is a representable finite number. */
+# undef LDBL_MAX_EXP
+# define LDBL_MAX_EXP 16384
+/* Minimum positive normalized number. */
+# undef LDBL_MIN
+# define LDBL_MIN 3.3621031431120935063E-4932L
+/* Maximum representable finite number. */
+# undef LDBL_MAX
+# define LDBL_MAX 1.1897314953572317650E+4932L
+/* Minimum e such that 10^e is in the range of normalized numbers. */
+# undef LDBL_MIN_10_EXP
+# define LDBL_MIN_10_EXP (-4931)
+/* Maximum e such that 10^e is in the range of representable finite numbers. */
+# undef LDBL_MAX_10_EXP
+# define LDBL_MAX_10_EXP 4932
+#endif
+
+#endif /* _GL_FLOAT_H */
+#endif /* _GL_FLOAT_H */
--- /dev/null
+/* An fseeko() function that, together with fflush(), is POSIX compliant.
+ Copyright (C) 2007-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include <stdio.h>
+
+/* Get off_t and lseek. */
+#include <unistd.h>
+
+#include "stdio-impl.h"
+
+int
+fseeko (FILE *fp, off_t offset, int whence)
+#undef fseeko
+#if !HAVE_FSEEKO
+# undef fseek
+# define fseeko fseek
+#endif
+{
+#if LSEEK_PIPE_BROKEN
+ /* mingw gives bogus answers rather than failure on non-seekable files. */
+ if (lseek (fileno (fp), 0, SEEK_CUR) == -1)
+ return EOF;
+#endif
+
+ /* These tests are based on fpurge.c. */
+#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ if (fp->_IO_read_end == fp->_IO_read_ptr
+ && fp->_IO_write_ptr == fp->_IO_write_base
+ && fp->_IO_save_base == NULL)
+#elif defined __sferror || defined __DragonFly__ /* FreeBSD, NetBSD, OpenBSD, DragonFly, MacOS X, Cygwin */
+# if defined __SL64 && defined __SCLE /* Cygwin */
+ if ((fp->_flags & __SL64) == 0)
+ {
+ /* Cygwin 1.5.0 through 1.5.24 failed to open stdin in 64-bit
+ mode; but has an fseeko that requires 64-bit mode. */
+ FILE *tmp = fopen ("/dev/null", "r");
+ if (!tmp)
+ return -1;
+ fp->_flags |= __SL64;
+ fp->_seek64 = tmp->_seek64;
+ fclose (tmp);
+ }
+# endif
+ if (fp_->_p == fp_->_bf._base
+ && fp_->_r == 0
+ && fp_->_w == ((fp_->_flags & (__SLBF | __SNBF | __SRD)) == 0 /* fully buffered and not currently reading? */
+ ? fp_->_bf._size
+ : 0)
+ && fp_ub._base == NULL)
+#elif defined __EMX__ /* emx+gcc */
+ if (fp->_ptr == fp->_buffer
+ && fp->_rcount == 0
+ && fp->_wcount == 0
+ && fp->_ungetc_count == 0)
+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */
+ if (fp_->_ptr == fp_->_base
+ && (fp_->_ptr == NULL || fp_->_cnt == 0))
+#elif defined __UCLIBC__ /* uClibc */
+ if (((fp->__modeflags & __FLAG_WRITING) == 0
+ || fp->__bufpos == fp->__bufstart)
+ && ((fp->__modeflags & (__FLAG_READONLY | __FLAG_READING)) == 0
+ || fp->__bufpos == fp->__bufread))
+#elif defined __QNX__ /* QNX */
+ if ((fp->_Mode & 0x2000 /* _MWRITE */ ? fp->_Next == fp->_Buf : fp->_Next == fp->_Rend)
+ && fp->_Rback == fp->_Back + sizeof (fp->_Back)
+ && fp->_Rsave == NULL)
+#elif defined __MINT__ /* Atari FreeMiNT */
+ if (fp->__bufp == fp->__buffer
+ && fp->__get_limit == fp->__bufp
+ && fp->__put_limit == fp->__bufp
+ && !fp->__pushed_back)
+#else
+ #error "Please port gnulib fseeko.c to your platform! Look at the code in fpurge.c, then report this to bug-gnulib."
+#endif
+ {
+ /* We get here when an fflush() call immediately preceded this one. We
+ know there are no buffers.
+ POSIX requires us to modify the file descriptor's position.
+ But we cannot position beyond end of file here. */
+ off_t pos =
+ lseek (fileno (fp),
+ whence == SEEK_END && offset > 0 ? 0 : offset,
+ whence);
+ if (pos == -1)
+ {
+#if defined __sferror || defined __DragonFly__ /* FreeBSD, NetBSD, OpenBSD, DragonFly, MacOS X, Cygwin */
+ fp_->_flags &= ~__SOFF;
+#endif
+ return -1;
+ }
+
+#if defined _IO_ftrylockfile || __GNU_LIBRARY__ == 1 /* GNU libc, BeOS, Haiku, Linux libc5 */
+ fp->_flags &= ~_IO_EOF_SEEN;
+#elif defined __sferror || defined __DragonFly__ /* FreeBSD, NetBSD, OpenBSD, DragonFly, MacOS X, Cygwin */
+# if defined __CYGWIN__
+ /* fp_->_offset is typed as an integer. */
+ fp_->_offset = pos;
+# else
+ /* fp_->_offset is an fpos_t. */
+ {
+ /* Use a union, since on NetBSD, the compilation flags
+ determine whether fpos_t is typedef'd to off_t or a struct
+ containing a single off_t member. */
+ union
+ {
+ fpos_t f;
+ off_t o;
+ } u;
+ u.o = pos;
+ fp_->_offset = u.f;
+ }
+# endif
+ fp_->_flags |= __SOFF;
+ fp_->_flags &= ~__SEOF;
+#elif defined __EMX__ /* emx+gcc */
+ fp->_flags &= ~_IOEOF;
+#elif defined _IOERR /* AIX, HP-UX, IRIX, OSF/1, Solaris, OpenServer, mingw, NonStop Kernel */
+ fp->_flag &= ~_IOEOF;
+#elif defined __MINT__ /* Atari FreeMiNT */
+ fp->__offset = pos;
+ fp->__eof = 0;
+#endif
+ /* If we were not requested to position beyond end of file, we're
+ done. */
+ if (!(whence == SEEK_END && offset > 0))
+ return 0;
+ }
+ return fseeko (fp, offset, whence);
+}
--- /dev/null
+/* An ftello() function that works around platform bugs.
+ Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+/* Specification. */
+#include <stdio.h>
+
+/* Get lseek. */
+#include <unistd.h>
+
+#include "stdio-impl.h"
+
+off_t
+ftello (FILE *fp)
+#undef ftello
+#if !HAVE_FTELLO
+# undef ftell
+# define ftello ftell
+#endif
+{
+#if LSEEK_PIPE_BROKEN
+ /* mingw gives bogus answers rather than failure on non-seekable files. */
+ if (lseek (fileno (fp), 0, SEEK_CUR) == -1)
+ return -1;
+#endif
+
+#if FTELLO_BROKEN_AFTER_SWITCHING_FROM_READ_TO_WRITE /* Solaris */
+ /* The Solaris stdio leaves the _IOREAD flag set after reading from a file
+ reaches EOF and the program then starts writing to the file. ftello
+ gets confused by this. */
+ if (fp_->_flag & _IOWRT)
+ {
+ off_t pos;
+
+ /* Call ftello nevertheless, for the side effects that it does on fp. */
+ ftello (fp);
+
+ /* Compute the file position ourselves. */
+ pos = lseek (fileno (fp), (off_t) 0, SEEK_CUR);
+ if (pos >= 0)
+ {
+ if ((fp_->_flag & _IONBF) == 0 && fp_->_base != NULL)
+ pos += fp_->_ptr - fp_->_base;
+ }
+ return pos;
+ }
+#endif
+
+#if defined __SL64 && defined __SCLE /* Cygwin */
+ if ((fp->_flags & __SL64) == 0)
+ {
+ /* Cygwin 1.5.0 through 1.5.24 failed to open stdin in 64-bit
+ mode; but has an ftello that requires 64-bit mode. */
+ FILE *tmp = fopen ("/dev/null", "r");
+ if (!tmp)
+ return -1;
+ fp->_flags |= __SL64;
+ fp->_seek64 = tmp->_seek64;
+ fclose (tmp);
+ }
+#endif
+ return ftello (fp);
+}
--- /dev/null
+/* Convenience header for conditional use of GNU <libintl.h>.
+ Copyright (C) 1995-1998, 2000-2002, 2004-2006, 2009-2011 Free Software
+ Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _LIBGETTEXT_H
+#define _LIBGETTEXT_H 1
+
+/* NLS can be disabled through the configure --disable-nls option. */
+#if ENABLE_NLS
+
+/* Get declarations of GNU message catalog functions. */
+# include <libintl.h>
+
+/* You can set the DEFAULT_TEXT_DOMAIN macro to specify the domain used by
+ the gettext() and ngettext() macros. This is an alternative to calling
+ textdomain(), and is useful for libraries. */
+# ifdef DEFAULT_TEXT_DOMAIN
+# undef gettext
+# define gettext(Msgid) \
+ dgettext (DEFAULT_TEXT_DOMAIN, Msgid)
+# undef ngettext
+# define ngettext(Msgid1, Msgid2, N) \
+ dngettext (DEFAULT_TEXT_DOMAIN, Msgid1, Msgid2, N)
+# endif
+
+#else
+
+/* Solaris /usr/include/locale.h includes /usr/include/libintl.h, which
+ chokes if dcgettext is defined as a macro. So include it now, to make
+ later inclusions of <locale.h> a NOP. We don't include <libintl.h>
+ as well because people using "gettext.h" will not include <libintl.h>,
+ and also including <libintl.h> would fail on SunOS 4, whereas <locale.h>
+ is OK. */
+#if defined(__sun)
+# include <locale.h>
+#endif
+
+/* Many header files from the libstdc++ coming with g++ 3.3 or newer include
+ <libintl.h>, which chokes if dcgettext is defined as a macro. So include
+ it now, to make later inclusions of <libintl.h> a NOP. */
+#if defined(__cplusplus) && defined(__GNUG__) && (__GNUC__ >= 3)
+# include <cstdlib>
+# if (__GLIBC__ >= 2 && !defined __UCLIBC__) || _GLIBCXX_HAVE_LIBINTL_H
+# include <libintl.h>
+# endif
+#endif
+
+/* Disabled NLS.
+ The casts to 'const char *' serve the purpose of producing warnings
+ for invalid uses of the value returned from these functions.
+ On pre-ANSI systems without 'const', the config.h file is supposed to
+ contain "#define const". */
+# undef gettext
+# define gettext(Msgid) ((const char *) (Msgid))
+# undef dgettext
+# define dgettext(Domainname, Msgid) ((void) (Domainname), gettext (Msgid))
+# undef dcgettext
+# define dcgettext(Domainname, Msgid, Category) \
+ ((void) (Category), dgettext (Domainname, Msgid))
+# undef ngettext
+# define ngettext(Msgid1, Msgid2, N) \
+ ((N) == 1 \
+ ? ((void) (Msgid2), (const char *) (Msgid1)) \
+ : ((void) (Msgid1), (const char *) (Msgid2)))
+# undef dngettext
+# define dngettext(Domainname, Msgid1, Msgid2, N) \
+ ((void) (Domainname), ngettext (Msgid1, Msgid2, N))
+# undef dcngettext
+# define dcngettext(Domainname, Msgid1, Msgid2, N, Category) \
+ ((void) (Category), dngettext (Domainname, Msgid1, Msgid2, N))
+# undef textdomain
+# define textdomain(Domainname) ((const char *) (Domainname))
+# undef bindtextdomain
+# define bindtextdomain(Domainname, Dirname) \
+ ((void) (Domainname), (const char *) (Dirname))
+# undef bind_textdomain_codeset
+# define bind_textdomain_codeset(Domainname, Codeset) \
+ ((void) (Domainname), (const char *) (Codeset))
+
+#endif
+
+/* Prefer gnulib's setlocale override over libintl's setlocale override. */
+#ifdef GNULIB_defined_setlocale
+# undef setlocale
+# define setlocale rpl_setlocale
+#endif
+
+/* A pseudo function call that serves as a marker for the automated
+ extraction of messages, but does not call gettext(). The run-time
+ translation is done at a different place in the code.
+ The argument, String, should be a literal string. Concatenated strings
+ and other string expressions won't work.
+ The macro's expansion is not parenthesized, so that it is suitable as
+ initializer for static 'char[]' or 'const char[]' variables. */
+#define gettext_noop(String) String
+
+/* The separator between msgctxt and msgid in a .mo file. */
+#define GETTEXT_CONTEXT_GLUE "\004"
+
+/* Pseudo function calls, taking a MSGCTXT and a MSGID instead of just a
+ MSGID. MSGCTXT and MSGID must be string literals. MSGCTXT should be
+ short and rarely need to change.
+ The letter 'p' stands for 'particular' or 'special'. */
+#ifdef DEFAULT_TEXT_DOMAIN
+# define pgettext(Msgctxt, Msgid) \
+ pgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#else
+# define pgettext(Msgctxt, Msgid) \
+ pgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#endif
+#define dpgettext(Domainname, Msgctxt, Msgid) \
+ pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, LC_MESSAGES)
+#define dcpgettext(Domainname, Msgctxt, Msgid, Category) \
+ pgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, Category)
+#ifdef DEFAULT_TEXT_DOMAIN
+# define npgettext(Msgctxt, Msgid, MsgidPlural, N) \
+ npgettext_aux (DEFAULT_TEXT_DOMAIN, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#else
+# define npgettext(Msgctxt, Msgid, MsgidPlural, N) \
+ npgettext_aux (NULL, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#endif
+#define dnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N) \
+ npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, LC_MESSAGES)
+#define dcnpgettext(Domainname, Msgctxt, Msgid, MsgidPlural, N, Category) \
+ npgettext_aux (Domainname, Msgctxt GETTEXT_CONTEXT_GLUE Msgid, Msgid, MsgidPlural, N, Category)
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+pgettext_aux (const char *domain,
+ const char *msg_ctxt_id, const char *msgid,
+ int category)
+{
+ const char *translation = dcgettext (domain, msg_ctxt_id, category);
+ if (translation == msg_ctxt_id)
+ return msgid;
+ else
+ return translation;
+}
+
+#ifdef __GNUC__
+__inline
+#else
+#ifdef __cplusplus
+inline
+#endif
+#endif
+static const char *
+npgettext_aux (const char *domain,
+ const char *msg_ctxt_id, const char *msgid,
+ const char *msgid_plural, unsigned long int n,
+ int category)
+{
+ const char *translation =
+ dcngettext (domain, msg_ctxt_id, msgid_plural, n, category);
+ if (translation == msg_ctxt_id || translation == msgid_plural)
+ return (n == 1 ? msgid : msgid_plural);
+ else
+ return translation;
+}
+
+#endif /* _LIBGETTEXT_H */
--- /dev/null
+/* An lseek() function that detects pipes.
+ Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include <unistd.h>
+
+#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+/* Windows platforms. */
+/* Get GetFileType. */
+# include <windows.h>
+#else
+# include <sys/stat.h>
+#endif
+#include <errno.h>
+
+#undef lseek
+
+off_t
+rpl_lseek (int fd, off_t offset, int whence)
+{
+#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ /* mingw lseek mistakenly succeeds on pipes, sockets, and terminals. */
+ HANDLE h = (HANDLE) _get_osfhandle (fd);
+ if (h == INVALID_HANDLE_VALUE)
+ {
+ errno = EBADF;
+ return -1;
+ }
+ if (GetFileType (h) != FILE_TYPE_DISK)
+ {
+ errno = ESPIPE;
+ return -1;
+ }
+#else
+ /* BeOS lseek mistakenly succeeds on pipes... */
+ struct stat statbuf;
+ if (fstat (fd, &statbuf) < 0)
+ return -1;
+ if (!S_ISREG (statbuf.st_mode))
+ {
+ errno = ESPIPE;
+ return -1;
+ }
+#endif
+ return lseek (fd, offset, whence);
+}
--- /dev/null
+# 00gnulib.m4 serial 2
+dnl Copyright (C) 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl This file must be named something that sorts before all other
+dnl gnulib-provided .m4 files. It is needed until such time as we can
+dnl assume Autoconf 2.64, with its improved AC_DEFUN_ONCE semantics.
+
+# AC_DEFUN_ONCE([NAME], VALUE)
+# ----------------------------
+# Define NAME to expand to VALUE on the first use (whether by direct
+# expansion, or by AC_REQUIRE), and to nothing on all subsequent uses.
+# Avoid bugs in AC_REQUIRE in Autoconf 2.63 and earlier. This
+# definition is slower than the version in Autoconf 2.64, because it
+# can only use interfaces that existed since 2.59; but it achieves the
+# same effect. Quoting is necessary to avoid confusing Automake.
+m4_version_prereq([2.63.263], [],
+[m4_define([AC][_DEFUN_ONCE],
+ [AC][_DEFUN([$1],
+ [AC_REQUIRE([_gl_DEFUN_ONCE([$1])],
+ [m4_indir([_gl_DEFUN_ONCE([$1])])])])]dnl
+[AC][_DEFUN([_gl_DEFUN_ONCE([$1])], [$2])])])
+
+# gl_00GNULIB
+# -----------
+# Witness macro that this file has been included. Needed to force
+# Automake to include this file prior to all other gnulib .m4 files.
+AC_DEFUN([gl_00GNULIB])
--- /dev/null
+# alloca.m4 serial 10
+dnl Copyright (C) 2002-2004, 2006-2007, 2009-2011 Free Software Foundation,
+dnl Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_ALLOCA],
+[
+ AC_REQUIRE([AC_FUNC_ALLOCA])
+ if test $ac_cv_func_alloca_works = no; then
+ gl_PREREQ_ALLOCA
+ fi
+
+ # Define an additional variable used in the Makefile substitution.
+ if test $ac_cv_working_alloca_h = yes; then
+ AC_CACHE_CHECK([for alloca as a compiler built-in], [gl_cv_rpl_alloca], [
+ AC_EGREP_CPP([Need own alloca], [
+#if defined __GNUC__ || defined _AIX || defined _MSC_VER
+ Need own alloca
+#endif
+ ], [gl_cv_rpl_alloca=yes], [gl_cv_rpl_alloca=no])
+ ])
+ if test $gl_cv_rpl_alloca = yes; then
+ dnl OK, alloca can be implemented through a compiler built-in.
+ AC_DEFINE([HAVE_ALLOCA], [1],
+ [Define to 1 if you have 'alloca' after including <alloca.h>,
+ a header that may be supplied by this distribution.])
+ ALLOCA_H=alloca.h
+ else
+ dnl alloca exists as a library function, i.e. it is slow and probably
+ dnl a memory leak. Don't define HAVE_ALLOCA in this case.
+ ALLOCA_H=
+ fi
+ else
+ ALLOCA_H=alloca.h
+ fi
+ AC_SUBST([ALLOCA_H])
+])
+
+# Prerequisites of lib/alloca.c.
+# STACK_DIRECTION is already handled by AC_FUNC_ALLOCA.
+AC_DEFUN([gl_PREREQ_ALLOCA], [:])
--- /dev/null
+# asm-underscore.m4 serial 1
+dnl Copyright (C) 2010-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible. Based on as-underscore.m4 in GNU clisp.
+
+# gl_ASM_SYMBOL_PREFIX
+# Tests for the prefix of C symbols at the assembly language level and the
+# linker level. This prefix is either an underscore or empty. Defines the
+# C macro USER_LABEL_PREFIX to this prefix, and sets ASM_SYMBOL_PREFIX to
+# a stringified variant of this prefix.
+
+AC_DEFUN([gl_ASM_SYMBOL_PREFIX],
+[
+ dnl We don't use GCC's __USER_LABEL_PREFIX__ here, because
+ dnl 1. It works only for GCC.
+ dnl 2. It is incorrectly defined on some platforms, in some GCC versions.
+ AC_CACHE_CHECK(
+ [whether C symbols are prefixed with underscore at the linker level],
+ [gl_cv_prog_as_underscore],
+ [cat > conftest.c <<EOF
+#ifdef __cplusplus
+extern "C" int foo (void);
+#endif
+int foo(void) { return 0; }
+EOF
+ # Look for the assembly language name in the .s file.
+ AC_TRY_COMMAND(${CC-cc} $CFLAGS $CPPFLAGS -S conftest.c) >/dev/null 2>&1
+ if grep _foo conftest.s >/dev/null ; then
+ gl_cv_prog_as_underscore=yes
+ else
+ gl_cv_prog_as_underscore=no
+ fi
+ rm -f conftest*
+ ])
+ if test $gl_cv_prog_as_underscore = yes; then
+ USER_LABEL_PREFIX=_
+ else
+ USER_LABEL_PREFIX=
+ fi
+ AC_DEFINE_UNQUOTED([USER_LABEL_PREFIX], [$USER_LABEL_PREFIX],
+ [Define to the prefix of C symbols at the assembler and linker level,
+ either an underscore or empty.])
+ ASM_SYMBOL_PREFIX='"'${USER_LABEL_PREFIX}'"'
+ AC_SUBST([ASM_SYMBOL_PREFIX])
+])
--- /dev/null
+# byteswap.m4 serial 3
+dnl Copyright (C) 2005, 2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Written by Oskar Liljeblad.
+
+AC_DEFUN([gl_BYTESWAP],
+[
+ dnl Prerequisites of lib/byteswap.in.h.
+ AC_CHECK_HEADERS([byteswap.h], [
+ BYTESWAP_H=''
+ ], [
+ BYTESWAP_H='byteswap.h'
+ ])
+ AC_SUBST([BYTESWAP_H])
+])
--- /dev/null
+# errno_h.m4 serial 8
+dnl Copyright (C) 2004, 2006, 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN_ONCE([gl_HEADER_ERRNO_H],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_CACHE_CHECK([for complete errno.h], [gl_cv_header_errno_h_complete], [
+ AC_EGREP_CPP([booboo],[
+#include <errno.h>
+#if !defined ENOMSG
+booboo
+#endif
+#if !defined EIDRM
+booboo
+#endif
+#if !defined ENOLINK
+booboo
+#endif
+#if !defined EPROTO
+booboo
+#endif
+#if !defined EMULTIHOP
+booboo
+#endif
+#if !defined EBADMSG
+booboo
+#endif
+#if !defined EOVERFLOW
+booboo
+#endif
+#if !defined ENOTSUP
+booboo
+#endif
+#if !defined ESTALE
+booboo
+#endif
+#if !defined EDQUOT
+booboo
+#endif
+#if !defined ECANCELED
+booboo
+#endif
+ ],
+ [gl_cv_header_errno_h_complete=no],
+ [gl_cv_header_errno_h_complete=yes])
+ ])
+ if test $gl_cv_header_errno_h_complete = yes; then
+ ERRNO_H=''
+ else
+ gl_NEXT_HEADERS([errno.h])
+ ERRNO_H='errno.h'
+ fi
+ AC_SUBST([ERRNO_H])
+ gl_REPLACE_ERRNO_VALUE([EMULTIHOP])
+ gl_REPLACE_ERRNO_VALUE([ENOLINK])
+ gl_REPLACE_ERRNO_VALUE([EOVERFLOW])
+])
+
+# Assuming $1 = EOVERFLOW.
+# The EOVERFLOW errno value ought to be defined in <errno.h>, according to
+# POSIX. But some systems (like OpenBSD 4.0 or AIX 3) don't define it, and
+# some systems (like OSF/1) define it when _XOPEN_SOURCE_EXTENDED is defined.
+# Check for the value of EOVERFLOW.
+# Set the variables EOVERFLOW_HIDDEN and EOVERFLOW_VALUE.
+AC_DEFUN([gl_REPLACE_ERRNO_VALUE],
+[
+ if test -n "$ERRNO_H"; then
+ AC_CACHE_CHECK([for ]$1[ value], [gl_cv_header_errno_h_]$1, [
+ AC_EGREP_CPP([yes],[
+#include <errno.h>
+#ifdef ]$1[
+yes
+#endif
+ ],
+ [gl_cv_header_errno_h_]$1[=yes],
+ [gl_cv_header_errno_h_]$1[=no])
+ if test $gl_cv_header_errno_h_]$1[ = no; then
+ AC_EGREP_CPP([yes],[
+#define _XOPEN_SOURCE_EXTENDED 1
+#include <errno.h>
+#ifdef ]$1[
+yes
+#endif
+ ], [gl_cv_header_errno_h_]$1[=hidden])
+ if test $gl_cv_header_errno_h_]$1[ = hidden; then
+ dnl The macro exists but is hidden.
+ dnl Define it to the same value.
+ AC_COMPUTE_INT([gl_cv_header_errno_h_]$1, $1, [
+#define _XOPEN_SOURCE_EXTENDED 1
+#include <errno.h>
+/* The following two lines are a workaround against an autoconf-2.52 bug. */
+#include <stdio.h>
+#include <stdlib.h>
+])
+ fi
+ fi
+ ])
+ case $gl_cv_header_errno_h_]$1[ in
+ yes | no)
+ ]$1[_HIDDEN=0; ]$1[_VALUE=
+ ;;
+ *)
+ ]$1[_HIDDEN=1; ]$1[_VALUE="$gl_cv_header_errno_h_]$1["
+ ;;
+ esac
+ AC_SUBST($1[_HIDDEN])
+ AC_SUBST($1[_VALUE])
+ fi
+])
+
+dnl Autoconf >= 2.61 has AC_COMPUTE_INT built-in.
+dnl Remove this when we can assume autoconf >= 2.61.
+m4_ifdef([AC_COMPUTE_INT], [], [
+ AC_DEFUN([AC_COMPUTE_INT], [_AC_COMPUTE_INT([$2],[$1],[$3],[$4])])
+])
--- /dev/null
+# serial 9 -*- Autoconf -*-
+# Enable extensions on systems that normally disable them.
+
+# Copyright (C) 2003, 2006-2011 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This definition of AC_USE_SYSTEM_EXTENSIONS is stolen from CVS
+# Autoconf. Perhaps we can remove this once we can assume Autoconf
+# 2.62 or later everywhere, but since CVS Autoconf mutates rapidly
+# enough in this area it's likely we'll need to redefine
+# AC_USE_SYSTEM_EXTENSIONS for quite some time.
+
+# If autoconf reports a warning
+# warning: AC_COMPILE_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS
+# or warning: AC_RUN_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS
+# the fix is
+# 1) to ensure that AC_USE_SYSTEM_EXTENSIONS is never directly invoked
+# but always AC_REQUIREd,
+# 2) to ensure that for each occurrence of
+# AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+# or
+# AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS])
+# the corresponding gnulib module description has 'extensions' among
+# its dependencies. This will ensure that the gl_USE_SYSTEM_EXTENSIONS
+# invocation occurs in gl_EARLY, not in gl_INIT.
+
+# AC_USE_SYSTEM_EXTENSIONS
+# ------------------------
+# Enable extensions on systems that normally disable them,
+# typically due to standards-conformance issues.
+# Remember that #undef in AH_VERBATIM gets replaced with #define by
+# AC_DEFINE. The goal here is to define all known feature-enabling
+# macros, then, if reports of conflicts are made, disable macros that
+# cause problems on some platforms (such as __EXTENSIONS__).
+AC_DEFUN_ONCE([AC_USE_SYSTEM_EXTENSIONS],
+[AC_BEFORE([$0], [AC_COMPILE_IFELSE])dnl
+AC_BEFORE([$0], [AC_RUN_IFELSE])dnl
+
+ AC_REQUIRE([AC_CANONICAL_HOST])
+
+ AC_CHECK_HEADER([minix/config.h], [MINIX=yes], [MINIX=])
+ if test "$MINIX" = yes; then
+ AC_DEFINE([_POSIX_SOURCE], [1],
+ [Define to 1 if you need to in order for `stat' and other
+ things to work.])
+ AC_DEFINE([_POSIX_1_SOURCE], [2],
+ [Define to 2 if the system does not provide POSIX.1 features
+ except with this defined.])
+ AC_DEFINE([_MINIX], [1],
+ [Define to 1 if on MINIX.])
+ fi
+
+ dnl HP-UX 11.11 defines mbstate_t only if _XOPEN_SOURCE is defined to 500,
+ dnl regardless of whether the flags -Ae or _D_HPUX_SOURCE=1 are already
+ dnl provided.
+ case "$host_os" in
+ hpux*)
+ AC_DEFINE([_XOPEN_SOURCE], [500],
+ [Define to 500 only on HP-UX.])
+ ;;
+ esac
+
+ AH_VERBATIM([__EXTENSIONS__],
+[/* Enable extensions on AIX 3, Interix. */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+/* Enable GNU extensions on systems that have them. */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif
+/* Enable threading extensions on Solaris. */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# undef _POSIX_PTHREAD_SEMANTICS
+#endif
+/* Enable extensions on HP NonStop. */
+#ifndef _TANDEM_SOURCE
+# undef _TANDEM_SOURCE
+#endif
+/* Enable general extensions on Solaris. */
+#ifndef __EXTENSIONS__
+# undef __EXTENSIONS__
+#endif
+])
+ AC_CACHE_CHECK([whether it is safe to define __EXTENSIONS__],
+ [ac_cv_safe_to_define___extensions__],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[
+# define __EXTENSIONS__ 1
+ ]AC_INCLUDES_DEFAULT])],
+ [ac_cv_safe_to_define___extensions__=yes],
+ [ac_cv_safe_to_define___extensions__=no])])
+ test $ac_cv_safe_to_define___extensions__ = yes &&
+ AC_DEFINE([__EXTENSIONS__])
+ AC_DEFINE([_ALL_SOURCE])
+ AC_DEFINE([_GNU_SOURCE])
+ AC_DEFINE([_POSIX_PTHREAD_SEMANTICS])
+ AC_DEFINE([_TANDEM_SOURCE])
+])# AC_USE_SYSTEM_EXTENSIONS
+
+# gl_USE_SYSTEM_EXTENSIONS
+# ------------------------
+# Enable extensions on systems that normally disable them,
+# typically due to standards-conformance issues.
+AC_DEFUN_ONCE([gl_USE_SYSTEM_EXTENSIONS],
+[
+ dnl Require this macro before AC_USE_SYSTEM_EXTENSIONS.
+ dnl gnulib does not need it. But if it gets required by third-party macros
+ dnl after AC_USE_SYSTEM_EXTENSIONS is required, autoconf 2.62..2.63 emit a
+ dnl warning: "AC_COMPILE_IFELSE was called before AC_USE_SYSTEM_EXTENSIONS".
+ dnl Note: We can do this only for one of the macros AC_AIX, AC_GNU_SOURCE,
+ dnl AC_MINIX. If people still use AC_AIX or AC_MINIX, they are out of luck.
+ AC_REQUIRE([AC_GNU_SOURCE])
+
+ AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+])
--- /dev/null
+# fcntl-o.m4 serial 3
+dnl Copyright (C) 2006, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Written by Paul Eggert.
+
+# Test whether the flags O_NOATIME and O_NOFOLLOW actually work.
+# Define HAVE_WORKING_O_NOATIME to 1 if O_NOATIME works, or to 0 otherwise.
+# Define HAVE_WORKING_O_NOFOLLOW to 1 if O_NOFOLLOW works, or to 0 otherwise.
+AC_DEFUN([gl_FCNTL_O_FLAGS],
+[
+ dnl Persuade glibc <fcntl.h> to define O_NOATIME and O_NOFOLLOW.
+ dnl AC_USE_SYSTEM_EXTENSIONS was introduced in autoconf 2.60 and obsoletes
+ dnl AC_GNU_SOURCE.
+ m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
+ [AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])],
+ [AC_REQUIRE([AC_GNU_SOURCE])])
+ AC_CACHE_CHECK([for working fcntl.h], [gl_cv_header_working_fcntl_h],
+ [AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
+ #include <fcntl.h>
+ #ifndef O_NOATIME
+ #define O_NOATIME 0
+ #endif
+ #ifndef O_NOFOLLOW
+ #define O_NOFOLLOW 0
+ #endif
+ static int const constants[] =
+ {
+ O_CREAT, O_EXCL, O_NOCTTY, O_TRUNC, O_APPEND,
+ O_NONBLOCK, O_SYNC, O_ACCMODE, O_RDONLY, O_RDWR, O_WRONLY
+ };
+ ]],
+ [[
+ int result = !constants;
+ {
+ static char const sym[] = "conftest.sym";
+ if (symlink (".", sym) != 0)
+ result |= 2;
+ else
+ {
+ int fd = open (sym, O_RDONLY | O_NOFOLLOW);
+ if (fd >= 0)
+ {
+ close (fd);
+ result |= 4;
+ }
+ }
+ unlink (sym);
+ }
+ {
+ static char const file[] = "confdefs.h";
+ int fd = open (file, O_RDONLY | O_NOATIME);
+ if (fd < 0)
+ result |= 8;
+ else
+ {
+ struct stat st0;
+ if (fstat (fd, &st0) != 0)
+ result |= 16;
+ else
+ {
+ char c;
+ sleep (1);
+ if (read (fd, &c, 1) != 1)
+ result |= 24;
+ else
+ {
+ if (close (fd) != 0)
+ result |= 32;
+ else
+ {
+ struct stat st1;
+ if (stat (file, &st1) != 0)
+ result |= 40;
+ else
+ if (st0.st_atime != st1.st_atime)
+ result |= 64;
+ }
+ }
+ }
+ }
+ }
+ return result;]])],
+ [gl_cv_header_working_fcntl_h=yes],
+ [case $? in #(
+ 4) gl_cv_header_working_fcntl_h='no (bad O_NOFOLLOW)';; #(
+ 64) gl_cv_header_working_fcntl_h='no (bad O_NOATIME)';; #(
+ 68) gl_cv_header_working_fcntl_h='no (bad O_NOATIME, O_NOFOLLOW)';; #(
+ *) gl_cv_header_working_fcntl_h='no';;
+ esac],
+ [gl_cv_header_working_fcntl_h=cross-compiling])])
+
+ case $gl_cv_header_working_fcntl_h in #(
+ *O_NOATIME* | no | cross-compiling) ac_val=0;; #(
+ *) ac_val=1;;
+ esac
+ AC_DEFINE_UNQUOTED([HAVE_WORKING_O_NOATIME], [$ac_val],
+ [Define to 1 if O_NOATIME works.])
+
+ case $gl_cv_header_working_fcntl_h in #(
+ *O_NOFOLLOW* | no | cross-compiling) ac_val=0;; #(
+ *) ac_val=1;;
+ esac
+ AC_DEFINE_UNQUOTED([HAVE_WORKING_O_NOFOLLOW], [$ac_val],
+ [Define to 1 if O_NOFOLLOW works.])
+])
--- /dev/null
+# serial 13
+# Configure fcntl.h.
+dnl Copyright (C) 2006-2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Written by Paul Eggert.
+
+AC_DEFUN([gl_FCNTL_H],
+[
+ AC_REQUIRE([gl_FCNTL_H_DEFAULTS])
+ AC_REQUIRE([gl_FCNTL_O_FLAGS])
+ gl_NEXT_HEADERS([fcntl.h])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use, if it is not common
+ dnl enough to be declared everywhere.
+ gl_WARN_ON_USE_PREPARE([[#include <fcntl.h>
+ ]], [fcntl openat])
+])
+
+AC_DEFUN([gl_FCNTL_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_FCNTL_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_FCNTL_H_DEFAULTS],
+[
+ GNULIB_FCNTL=0; AC_SUBST([GNULIB_FCNTL])
+ GNULIB_OPEN=0; AC_SUBST([GNULIB_OPEN])
+ GNULIB_OPENAT=0; AC_SUBST([GNULIB_OPENAT])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_FCNTL=1; AC_SUBST([HAVE_FCNTL])
+ HAVE_OPENAT=1; AC_SUBST([HAVE_OPENAT])
+ REPLACE_FCNTL=0; AC_SUBST([REPLACE_FCNTL])
+ REPLACE_OPEN=0; AC_SUBST([REPLACE_OPEN])
+ REPLACE_OPENAT=0; AC_SUBST([REPLACE_OPENAT])
+])
--- /dev/null
+# float_h.m4 serial 5
+dnl Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FLOAT_H],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ FLOAT_H=
+ case "$host_os" in
+ beos* | openbsd* | mirbsd*)
+ FLOAT_H=float.h
+ gl_NEXT_HEADERS([float.h])
+ ;;
+ esac
+ AC_SUBST([FLOAT_H])
+])
--- /dev/null
+# fseeko.m4 serial 10
+dnl Copyright (C) 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_FSEEKO],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ AC_REQUIRE([gl_HAVE_FSEEKO])
+ AC_REQUIRE([gl_STDIN_LARGE_OFFSET])
+
+ AC_CHECK_DECLS_ONCE([fseeko])
+ if test $ac_cv_have_decl_fseeko = no; then
+ HAVE_DECL_FSEEKO=0
+ fi
+
+ if test $gl_cv_func_fseeko = no; then
+ HAVE_FSEEKO=0
+ gl_REPLACE_FSEEKO
+ else
+ if test $gl_cv_var_stdin_large_offset = no; then
+ gl_REPLACE_FSEEKO
+ fi
+ fi
+])
+
+dnl Tests whether fseeko is available.
+dnl Result is gl_cv_func_fseeko.
+AC_DEFUN([gl_HAVE_FSEEKO],
+[
+ AC_REQUIRE([AC_PROG_CC])
+
+ dnl Persuade glibc <stdio.h> to declare fseeko().
+ AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+
+ AC_CACHE_CHECK([for fseeko], [gl_cv_func_fseeko],
+ [
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
+]], [fseeko (stdin, 0, 0);])],
+ [gl_cv_func_fseeko=yes], [gl_cv_func_fseeko=no])
+ ])
+])
+
+AC_DEFUN([gl_REPLACE_FSEEKO],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ AC_REQUIRE([gl_HAVE_FSEEKO])
+ if test $gl_cv_func_fseeko = yes; then
+ REPLACE_FSEEKO=1
+ fi
+ AC_LIBOBJ([fseeko])
+ dnl If we are also using the fseek module, then fseek needs replacing, too.
+ m4_ifdef([gl_REPLACE_FSEEK], [gl_REPLACE_FSEEK])
+])
--- /dev/null
+# ftello.m4 serial 9
+dnl Copyright (C) 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_FTELLO],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([gl_STDIN_LARGE_OFFSET])
+
+ dnl Persuade glibc <stdio.h> to declare ftello().
+ AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+
+ AC_CHECK_DECLS_ONCE([ftello])
+ if test $ac_cv_have_decl_ftello = no; then
+ HAVE_DECL_FTELLO=0
+ fi
+
+ AC_CACHE_CHECK([for ftello], [gl_cv_func_ftello],
+ [
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <stdio.h>]],
+ [[ftello (stdin);]])],
+ [gl_cv_func_ftello=yes],
+ [gl_cv_func_ftello=no])
+ ])
+ if test $gl_cv_func_ftello = no; then
+ HAVE_FTELLO=0
+ else
+ if test $gl_cv_var_stdin_large_offset = no; then
+ REPLACE_FTELLO=1
+ else
+ dnl Detect bug on Solaris.
+ dnl ftell and ftello produce incorrect results after putc that followed a
+ dnl getc call that reached EOF on Solaris. This is because the _IOREAD
+ dnl flag does not get cleared in this case, even though _IOWRT gets set,
+ dnl and ftell and ftello look whether the _IOREAD flag is set.
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_CACHE_CHECK([whether ftello works],
+ [gl_cv_func_ftello_works],
+ [
+ dnl Initial guess, used when cross-compiling or when /dev/tty cannot
+ dnl be opened.
+changequote(,)dnl
+ case "$host_os" in
+ # Guess no on Solaris.
+ solaris*) gl_cv_func_ftello_works="guessing no" ;;
+ # Guess yes otherwise.
+ *) gl_cv_func_ftello_works="guessing yes" ;;
+ esac
+changequote([,])dnl
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#define TESTFILE "conftest.tmp"
+int
+main (void)
+{
+ FILE *fp;
+
+ /* Create a file with some contents. */
+ fp = fopen (TESTFILE, "w");
+ if (fp == NULL)
+ return 70;
+ if (fwrite ("foogarsh", 1, 8, fp) < 8)
+ return 71;
+ if (fclose (fp))
+ return 72;
+
+ /* The file's contents is now "foogarsh". */
+
+ /* Try writing after reading to EOF. */
+ fp = fopen (TESTFILE, "r+");
+ if (fp == NULL)
+ return 73;
+ if (fseek (fp, -1, SEEK_END))
+ return 74;
+ if (!(getc (fp) == 'h'))
+ return 1;
+ if (!(getc (fp) == EOF))
+ return 2;
+ if (!(ftell (fp) == 8))
+ return 3;
+ if (!(ftell (fp) == 8))
+ return 4;
+ if (!(putc ('!', fp) == '!'))
+ return 5;
+ if (!(ftell (fp) == 9))
+ return 6;
+ if (!(fclose (fp) == 0))
+ return 7;
+ fp = fopen (TESTFILE, "r");
+ if (fp == NULL)
+ return 75;
+ {
+ char buf[10];
+ if (!(fread (buf, 1, 10, fp) == 9))
+ return 10;
+ if (!(memcmp (buf, "foogarsh!", 9) == 0))
+ return 11;
+ }
+ if (!(fclose (fp) == 0))
+ return 12;
+
+ /* The file's contents is now "foogarsh!". */
+
+ return 0;
+}]])],
+ [gl_cv_func_ftello_works=yes],
+ [gl_cv_func_ftello_works=no], [:])
+ ])
+ case "$gl_cv_func_ftello_works" in
+ *yes) ;;
+ *)
+ REPLACE_FTELLO=1
+ AC_DEFINE([FTELLO_BROKEN_AFTER_SWITCHING_FROM_READ_TO_WRITE], [1],
+ [Define to 1 if the system's ftello function has the Solaris bug.])
+ ;;
+ esac
+ fi
+ fi
+ if test $HAVE_FTELLO = 0 || test $REPLACE_FTELLO = 1; then
+ gl_REPLACE_FTELLO
+ fi
+])
+
+AC_DEFUN([gl_REPLACE_FTELLO],
+[
+ AC_LIBOBJ([ftello])
+])
--- /dev/null
+# func.m4 serial 2
+dnl Copyright (C) 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# Written by Simon Josefsson
+
+AC_DEFUN([gl_FUNC],
+[
+ AC_CACHE_CHECK([whether __func__ is available], [gl_cv_var_func],
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[]], [[const char *str = __func__;]])],
+ [gl_cv_var_func=yes],
+ [gl_cv_var_func=no]))
+ if test "$gl_cv_var_func" != yes; then
+ AC_DEFINE([__func__], ["<unknown function>"],
+ [Define as a replacement for the ISO C99 __func__ variable.])
+ fi
+])
--- /dev/null
+# getpagesize.m4 serial 8
+dnl Copyright (C) 2002, 2004-2005, 2007, 2009-2011 Free Software Foundation,
+dnl Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_GETPAGESIZE],
+[
+ AC_REQUIRE([gl_UNISTD_H_DEFAULTS])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_CHECK_FUNCS([getpagesize])
+ if test $ac_cv_func_getpagesize = no; then
+ HAVE_GETPAGESIZE=0
+ AC_CHECK_HEADERS([OS.h])
+ if test $ac_cv_header_OS_h = yes; then
+ HAVE_OS_H=1
+ fi
+ AC_CHECK_HEADERS([sys/param.h])
+ if test $ac_cv_header_sys_param_h = yes; then
+ HAVE_SYS_PARAM_H=1
+ fi
+ fi
+ case "$host_os" in
+ mingw*)
+ REPLACE_GETPAGESIZE=1
+ AC_LIBOBJ([getpagesize])
+ ;;
+ esac
+ dnl Also check whether it's declared.
+ dnl mingw has getpagesize() in libgcc.a but doesn't declare it.
+ AC_CHECK_DECL([getpagesize], , [HAVE_DECL_GETPAGESIZE=0])
+])
--- /dev/null
+# Copyright (C) 2002-2011 Free Software Foundation, Inc.
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# Generated by gnulib-tool.
+#
+# This file represents the specification of how gnulib-tool is used.
+# It acts as a cache: It is written and read by gnulib-tool.
+# In projects that use version control, this file is meant to be put under
+# version control, like the configure.ac and various Makefile.am files.
+
+
+# Specification in the form of a command-line invocation:
+# gnulib-tool --import --dir=. --local-dir=gl/override --lib=liblgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lseek-tests --lgpl=2 --libtool --macro-prefix=lgl --no-vc-files byteswap c-ctype fseeko func gettext lib-msvc-compat lib-symbol-versions memmem-simple minmax netdb read-file snprintf sockets socklen stdint strcase strverscmp sys_socket sys_stat time_r unistd vasprintf vsnprintf
+
+# Specification in the form of a few gnulib-tool.m4 macro invocations:
+gl_LOCAL_DIR([gl/override])
+gl_MODULES([
+ byteswap
+ c-ctype
+ fseeko
+ func
+ gettext
+ lib-msvc-compat
+ lib-symbol-versions
+ memmem-simple
+ minmax
+ netdb
+ read-file
+ snprintf
+ sockets
+ socklen
+ stdint
+ strcase
+ strverscmp
+ sys_socket
+ sys_stat
+ time_r
+ unistd
+ vasprintf
+ vsnprintf
+])
+gl_AVOID([alignof-tests lseek-tests])
+gl_SOURCE_BASE([gl])
+gl_M4_BASE([gl/m4])
+gl_PO_BASE([])
+gl_DOC_BASE([doc])
+gl_TESTS_BASE([gl/tests])
+gl_WITH_TESTS
+gl_LIB([liblgnu])
+gl_LGPL([2])
+gl_MAKEFILE_NAME([])
+gl_LIBTOOL
+gl_MACRO_PREFIX([lgl])
+gl_PO_DOMAIN([])
+gl_VC_FILES([false])
--- /dev/null
+# gnulib-common.m4 serial 23
+dnl Copyright (C) 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# gl_COMMON
+# is expanded unconditionally through gnulib-tool magic.
+AC_DEFUN([gl_COMMON], [
+ dnl Use AC_REQUIRE here, so that the code is expanded once only.
+ AC_REQUIRE([gl_00GNULIB])
+ AC_REQUIRE([gl_COMMON_BODY])
+])
+AC_DEFUN([gl_COMMON_BODY], [
+ AH_VERBATIM([isoc99_inline],
+[/* Work around a bug in Apple GCC 4.0.1 build 5465: In C99 mode, it supports
+ the ISO C 99 semantics of 'extern inline' (unlike the GNU C semantics of
+ earlier versions), but does not display it by setting __GNUC_STDC_INLINE__.
+ __APPLE__ && __MACH__ test for MacOS X.
+ __APPLE_CC__ tests for the Apple compiler and its version.
+ __STDC_VERSION__ tests for the C99 mode. */
+#if defined __APPLE__ && defined __MACH__ && __APPLE_CC__ >= 5465 && !defined __cplusplus && __STDC_VERSION__ >= 199901L && !defined __GNUC_STDC_INLINE__
+# define __GNUC_STDC_INLINE__ 1
+#endif])
+ AH_VERBATIM([unused_parameter],
+[/* Define as a marker that can be attached to declarations that might not
+ be used. This helps to reduce warnings, such as from
+ GCC -Wunused-parameter. */
+#if __GNUC__ >= 3 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+# define _GL_UNUSED __attribute__ ((__unused__))
+#else
+# define _GL_UNUSED
+#endif
+/* The name _UNUSED_PARAMETER_ is an earlier spelling, although the name
+ is a misnomer outside of parameter lists. */
+#define _UNUSED_PARAMETER_ _GL_UNUSED
+])
+ dnl Preparation for running test programs:
+ dnl Tell glibc to write diagnostics from -D_FORTIFY_SOURCE=2 to stderr, not
+ dnl to /dev/tty, so they can be redirected to log files. Such diagnostics
+ dnl arise e.g., in the macros gl_PRINTF_DIRECTIVE_N, gl_SNPRINTF_DIRECTIVE_N.
+ LIBC_FATAL_STDERR_=1
+ export LIBC_FATAL_STDERR_
+])
+
+# gl_MODULE_INDICATOR_CONDITION
+# expands to a C preprocessor expression that evaluates to 1 or 0, depending
+# whether a gnulib module that has been requested shall be considered present
+# or not.
+AC_DEFUN([gl_MODULE_INDICATOR_CONDITION], [1])
+
+# gl_MODULE_INDICATOR_SET_VARIABLE([modulename])
+# sets the shell variable that indicates the presence of the given module to
+# a C preprocessor expression that will evaluate to 1.
+AC_DEFUN([gl_MODULE_INDICATOR_SET_VARIABLE],
+[
+ GNULIB_[]m4_translit([[$1]],
+ [abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])=gl_MODULE_INDICATOR_CONDITION
+])
+
+# gl_MODULE_INDICATOR([modulename])
+# defines a C macro indicating the presence of the given module
+# in a location where it can be used.
+# | Value | Value |
+# | in lib/ | in tests/ |
+# --------------------------------------------+---------+-----------+
+# Module present among main modules: | 1 | 1 |
+# --------------------------------------------+---------+-----------+
+# Module present among tests-related modules: | 0 | 1 |
+# --------------------------------------------+---------+-----------+
+# Module not present at all: | 0 | 0 |
+# --------------------------------------------+---------+-----------+
+AC_DEFUN([gl_MODULE_INDICATOR],
+[
+ AC_DEFINE_UNQUOTED([GNULIB_]m4_translit([[$1]],
+ [abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___]),
+ [gl_MODULE_INDICATOR_CONDITION],
+ [Define to a C preprocessor expression that evaluates to 1 or 0,
+ depending whether the gnulib module $1 shall be considered present.])
+])
+
+# gl_MODULE_INDICATOR_FOR_TESTS([modulename])
+# defines a C macro indicating the presence of the given module
+# in lib or tests. This is useful to determine whether the module
+# should be tested.
+# | Value | Value |
+# | in lib/ | in tests/ |
+# --------------------------------------------+---------+-----------+
+# Module present among main modules: | 1 | 1 |
+# --------------------------------------------+---------+-----------+
+# Module present among tests-related modules: | 1 | 1 |
+# --------------------------------------------+---------+-----------+
+# Module not present at all: | 0 | 0 |
+# --------------------------------------------+---------+-----------+
+AC_DEFUN([gl_MODULE_INDICATOR_FOR_TESTS],
+[
+ AC_DEFINE([GNULIB_TEST_]m4_translit([[$1]],
+ [abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___]), [1],
+ [Define to 1 when the gnulib module $1 should be tested.])
+])
+
+# gl_ASSERT_NO_GNULIB_POSIXCHECK
+# asserts that there will never be a need to #define GNULIB_POSIXCHECK.
+# and thereby enables an optimization of configure and config.h.
+# Used by Emacs.
+AC_DEFUN([gl_ASSERT_NO_GNULIB_POSIXCHECK],
+[
+ dnl Override gl_WARN_ON_USE_PREPARE.
+ AC_DEFUN([gl_WARN_ON_USE_PREPARE], [])
+])
+
+# gl_ASSERT_NO_GNULIB_TESTS
+# asserts that there will be no gnulib tests in the scope of the configure.ac
+# and thereby enables an optimization of config.h.
+# Used by Emacs.
+AC_DEFUN([gl_ASSERT_NO_GNULIB_TESTS],
+[
+ dnl Override gl_MODULE_INDICATOR_FOR_TESTS.
+ AC_DEFUN([gl_MODULE_INDICATOR_FOR_TESTS], [])
+])
+
+# Test whether <features.h> exists.
+# Set HAVE_FEATURES_H.
+AC_DEFUN([gl_FEATURES_H],
+[
+ AC_CHECK_HEADERS_ONCE([features.h])
+ if test $ac_cv_header_features_h = yes; then
+ HAVE_FEATURES_H=1
+ else
+ HAVE_FEATURES_H=0
+ fi
+ AC_SUBST([HAVE_FEATURES_H])
+])
+
+# m4_foreach_w
+# is a backport of autoconf-2.59c's m4_foreach_w.
+# Remove this macro when we can assume autoconf >= 2.60.
+m4_ifndef([m4_foreach_w],
+ [m4_define([m4_foreach_w],
+ [m4_foreach([$1], m4_split(m4_normalize([$2]), [ ]), [$3])])])
+
+# AS_VAR_IF(VAR, VALUE, [IF-MATCH], [IF-NOT-MATCH])
+# ----------------------------------------------------
+# Backport of autoconf-2.63b's macro.
+# Remove this macro when we can assume autoconf >= 2.64.
+m4_ifndef([AS_VAR_IF],
+[m4_define([AS_VAR_IF],
+[AS_IF([test x"AS_VAR_GET([$1])" = x""$2], [$3], [$4])])])
+
+# AC_PROG_MKDIR_P
+# is a backport of autoconf-2.60's AC_PROG_MKDIR_P, with a fix
+# for interoperability with automake-1.9.6 from autoconf-2.62.
+# Remove this macro when we can assume autoconf >= 2.62 or
+# autoconf >= 2.60 && automake >= 1.10.
+m4_ifdef([AC_PROG_MKDIR_P], [
+ dnl For automake-1.9.6 && autoconf < 2.62: Ensure MKDIR_P is AC_SUBSTed.
+ m4_define([AC_PROG_MKDIR_P],
+ m4_defn([AC_PROG_MKDIR_P])[
+ AC_SUBST([MKDIR_P])])], [
+ dnl For autoconf < 2.60: Backport of AC_PROG_MKDIR_P.
+ AC_DEFUN_ONCE([AC_PROG_MKDIR_P],
+ [AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
+ MKDIR_P='$(mkdir_p)'
+ AC_SUBST([MKDIR_P])])])
+
+# AC_C_RESTRICT
+# This definition overrides the AC_C_RESTRICT macro from autoconf 2.60..2.61,
+# so that mixed use of GNU C and GNU C++ and mixed use of Sun C and Sun C++
+# works.
+# This definition can be removed once autoconf >= 2.62 can be assumed.
+m4_if(m4_version_compare(m4_defn([m4_PACKAGE_VERSION]),[2.62]),[-1],[
+AC_DEFUN([AC_C_RESTRICT],
+[AC_CACHE_CHECK([for C/C++ restrict keyword], [ac_cv_c_restrict],
+ [ac_cv_c_restrict=no
+ # The order here caters to the fact that C++ does not require restrict.
+ for ac_kw in __restrict __restrict__ _Restrict restrict; do
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+ [[typedef int * int_ptr;
+ int foo (int_ptr $ac_kw ip) {
+ return ip[0];
+ }]],
+ [[int s[1];
+ int * $ac_kw t = s;
+ t[0] = 0;
+ return foo(t)]])],
+ [ac_cv_c_restrict=$ac_kw])
+ test "$ac_cv_c_restrict" != no && break
+ done
+ ])
+ AH_VERBATIM([restrict],
+[/* Define to the equivalent of the C99 'restrict' keyword, or to
+ nothing if this is not supported. Do not define if restrict is
+ supported directly. */
+#undef restrict
+/* Work around a bug in Sun C++: it does not support _Restrict, even
+ though the corresponding Sun C compiler does, which causes
+ "#define restrict _Restrict" in the previous line. Perhaps some future
+ version of Sun C++ will work with _Restrict; if so, it'll probably
+ define __RESTRICT, just as Sun C does. */
+#if defined __SUNPRO_CC && !defined __RESTRICT
+# define _Restrict
+#endif])
+ case $ac_cv_c_restrict in
+ restrict) ;;
+ no) AC_DEFINE([restrict], []) ;;
+ *) AC_DEFINE_UNQUOTED([restrict], [$ac_cv_c_restrict]) ;;
+ esac
+])
+])
+
+# gl_BIGENDIAN
+# is like AC_C_BIGENDIAN, except that it can be AC_REQUIREd.
+# Note that AC_REQUIRE([AC_C_BIGENDIAN]) does not work reliably because some
+# macros invoke AC_C_BIGENDIAN with arguments.
+AC_DEFUN([gl_BIGENDIAN],
+[
+ AC_C_BIGENDIAN
+])
+
+# gl_CACHE_VAL_SILENT(cache-id, command-to-set-it)
+# is like AC_CACHE_VAL(cache-id, command-to-set-it), except that it does not
+# output a spurious "(cached)" mark in the midst of other configure output.
+# This macro should be used instead of AC_CACHE_VAL when it is not surrounded
+# by an AC_MSG_CHECKING/AC_MSG_RESULT pair.
+AC_DEFUN([gl_CACHE_VAL_SILENT],
+[
+ saved_as_echo_n="$as_echo_n"
+ as_echo_n=':'
+ AC_CACHE_VAL([$1], [$2])
+ as_echo_n="$saved_as_echo_n"
+])
--- /dev/null
+# DO NOT EDIT! GENERATED AUTOMATICALLY!
+# Copyright (C) 2002-2011 Free Software Foundation, Inc.
+#
+# This file is free software, distributed under the terms of the GNU
+# General Public License. As a special exception to the GNU General
+# Public License, this file may be distributed as part of a program
+# that contains a configuration script generated by Autoconf, under
+# the same distribution terms as the rest of that program.
+#
+# Generated by gnulib-tool.
+#
+# This file represents the compiled summary of the specification in
+# gnulib-cache.m4. It lists the computed macro invocations that need
+# to be invoked from configure.ac.
+# In projects that use version control, this file can be treated like
+# other built files.
+
+
+# This macro should be invoked from ./configure.ac, in the section
+# "Checks for programs", right after AC_PROG_CC, and certainly before
+# any checks for libraries, header files, types and library functions.
+AC_DEFUN([lgl_EARLY],
+[
+ m4_pattern_forbid([^gl_[A-Z]])dnl the gnulib macro namespace
+ m4_pattern_allow([^gl_ES$])dnl a valid locale name
+ m4_pattern_allow([^gl_LIBOBJS$])dnl a variable
+ m4_pattern_allow([^gl_LTLIBOBJS$])dnl a variable
+ AC_REQUIRE([AC_PROG_RANLIB])
+ # Code from module alignof:
+ # Code from module alloca-opt:
+ # Code from module alloca-opt-tests:
+ # Code from module arg-nonnull:
+ # Code from module binary-io:
+ # Code from module binary-io-tests:
+ # Code from module byteswap:
+ # Code from module byteswap-tests:
+ # Code from module c++defs:
+ # Code from module c-ctype:
+ # Code from module c-ctype-tests:
+ # Code from module close-hook:
+ # Code from module errno:
+ # Code from module errno-tests:
+ # Code from module extensions:
+ AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS])
+ # Code from module fcntl-h:
+ # Code from module fcntl-h-tests:
+ # Code from module float:
+ # Code from module fseeko:
+ AC_REQUIRE([AC_FUNC_FSEEKO])
+ # Code from module fseeko-tests:
+ # Code from module ftello:
+ AC_REQUIRE([AC_FUNC_FSEEKO])
+ # Code from module ftello-tests:
+ # Code from module func:
+ # Code from module func-tests:
+ # Code from module getpagesize:
+ # Code from module gettext:
+ # Code from module gettext-h:
+ # Code from module havelib:
+ # Code from module include_next:
+ # Code from module intprops:
+ # Code from module lib-msvc-compat:
+ # Code from module lib-symbol-versions:
+ # Code from module lseek:
+ # Code from module malloc-posix:
+ # Code from module memchr:
+ # Code from module memchr-tests:
+ # Code from module memmem-simple:
+ # Code from module minmax:
+ # Code from module multiarch:
+ # Code from module netdb:
+ # Code from module netdb-tests:
+ # Code from module read-file:
+ # Code from module read-file-tests:
+ # Code from module realloc-posix:
+ # Code from module size_max:
+ # Code from module snprintf:
+ # Code from module snprintf-tests:
+ # Code from module socketlib:
+ # Code from module sockets:
+ # Code from module sockets-tests:
+ # Code from module socklen:
+ # Code from module stdbool:
+ # Code from module stdbool-tests:
+ # Code from module stddef:
+ # Code from module stddef-tests:
+ # Code from module stdint:
+ # Code from module stdint-tests:
+ # Code from module stdio:
+ # Code from module stdio-tests:
+ # Code from module stdlib:
+ # Code from module stdlib-tests:
+ # Code from module strcase:
+ # Code from module string:
+ # Code from module string-tests:
+ # Code from module strings:
+ # Code from module strings-tests:
+ # Code from module strverscmp:
+ # Code from module strverscmp-tests:
+ # Code from module sys_socket:
+ # Code from module sys_socket-tests:
+ # Code from module sys_stat:
+ # Code from module sys_stat-tests:
+ # Code from module time:
+ # Code from module time-tests:
+ # Code from module time_r:
+ # Code from module unistd:
+ # Code from module unistd-tests:
+ # Code from module vasnprintf:
+ # Code from module vasnprintf-tests:
+ # Code from module vasprintf:
+ # Code from module vasprintf-tests:
+ # Code from module verify:
+ # Code from module verify-tests:
+ # Code from module vsnprintf:
+ # Code from module vsnprintf-tests:
+ # Code from module warn-on-use:
+ # Code from module xsize:
+])
+
+# This macro should be invoked from ./configure.ac, in the section
+# "Check for header files, types and library functions".
+AC_DEFUN([lgl_INIT],
+[
+ AM_CONDITIONAL([GL_COND_LIBTOOL], [true])
+ gl_cond_libtool=true
+ gl_m4_base='gl/m4'
+ m4_pushdef([AC_LIBOBJ], m4_defn([lgl_LIBOBJ]))
+ m4_pushdef([AC_REPLACE_FUNCS], m4_defn([lgl_REPLACE_FUNCS]))
+ m4_pushdef([AC_LIBSOURCES], m4_defn([lgl_LIBSOURCES]))
+ m4_pushdef([lgl_LIBSOURCES_LIST], [])
+ m4_pushdef([lgl_LIBSOURCES_DIR], [])
+ gl_COMMON
+ gl_source_base='gl'
+ # Code from module alignof:
+ # Code from module alloca-opt:
+ gl_FUNC_ALLOCA
+ # Code from module arg-nonnull:
+ # Code from module byteswap:
+ gl_BYTESWAP
+ # Code from module c++defs:
+ # Code from module c-ctype:
+ # Code from module close-hook:
+ # Code from module errno:
+ gl_HEADER_ERRNO_H
+ # Code from module extensions:
+ # Code from module float:
+ gl_FLOAT_H
+ # Code from module fseeko:
+ gl_FUNC_FSEEKO
+ gl_STDIO_MODULE_INDICATOR([fseeko])
+ # Code from module ftello:
+ gl_FUNC_FTELLO
+ gl_STDIO_MODULE_INDICATOR([ftello])
+ # Code from module func:
+ gl_FUNC
+ # Code from module gettext:
+ dnl you must add AM_GNU_GETTEXT([external]) or similar to configure.ac.
+ AM_GNU_GETTEXT_VERSION([0.18.1])
+ # Code from module gettext-h:
+ AC_SUBST([LIBINTL])
+ AC_SUBST([LTLIBINTL])
+ # Code from module havelib:
+ # Code from module include_next:
+ # Code from module lib-msvc-compat:
+ gl_LD_OUTPUT_DEF
+ # Code from module lib-symbol-versions:
+ gl_LD_VERSION_SCRIPT
+ # Code from module lseek:
+ gl_FUNC_LSEEK
+ gl_UNISTD_MODULE_INDICATOR([lseek])
+ # Code from module malloc-posix:
+ gl_FUNC_MALLOC_POSIX
+ gl_STDLIB_MODULE_INDICATOR([malloc-posix])
+ # Code from module memchr:
+ gl_FUNC_MEMCHR
+ gl_STRING_MODULE_INDICATOR([memchr])
+ # Code from module memmem-simple:
+ gl_FUNC_MEMMEM_SIMPLE
+ gl_STRING_MODULE_INDICATOR([memmem])
+ # Code from module minmax:
+ gl_MINMAX
+ # Code from module multiarch:
+ gl_MULTIARCH
+ # Code from module netdb:
+ gl_HEADER_NETDB
+ # Code from module read-file:
+ gl_FUNC_READ_FILE
+ # Code from module realloc-posix:
+ gl_FUNC_REALLOC_POSIX
+ gl_STDLIB_MODULE_INDICATOR([realloc-posix])
+ # Code from module size_max:
+ gl_SIZE_MAX
+ # Code from module snprintf:
+ gl_FUNC_SNPRINTF
+ gl_STDIO_MODULE_INDICATOR([snprintf])
+ gl_MODULE_INDICATOR([snprintf])
+ # Code from module socketlib:
+ gl_SOCKETLIB
+ # Code from module sockets:
+ gl_SOCKETS
+ # Code from module socklen:
+ gl_TYPE_SOCKLEN_T
+ # Code from module stdbool:
+ AM_STDBOOL_H
+ # Code from module stddef:
+ gl_STDDEF_H
+ # Code from module stdint:
+ gl_STDINT_H
+ # Code from module stdio:
+ gl_STDIO_H
+ # Code from module stdlib:
+ gl_STDLIB_H
+ # Code from module strcase:
+ gl_STRCASE
+ # Code from module string:
+ gl_HEADER_STRING_H
+ # Code from module strings:
+ gl_HEADER_STRINGS_H
+ # Code from module strverscmp:
+ gl_FUNC_STRVERSCMP
+ gl_STRING_MODULE_INDICATOR([strverscmp])
+ # Code from module sys_socket:
+ gl_HEADER_SYS_SOCKET
+ AC_PROG_MKDIR_P
+ # Code from module sys_stat:
+ gl_HEADER_SYS_STAT_H
+ AC_PROG_MKDIR_P
+ # Code from module time:
+ gl_HEADER_TIME_H
+ # Code from module time_r:
+ gl_TIME_R
+ gl_TIME_MODULE_INDICATOR([time_r])
+ # Code from module unistd:
+ gl_UNISTD_H
+ # Code from module vasnprintf:
+ gl_FUNC_VASNPRINTF
+ # Code from module vasprintf:
+ gl_FUNC_VASPRINTF
+ gl_STDIO_MODULE_INDICATOR([vasprintf])
+ m4_ifdef([AM_XGETTEXT_OPTION],
+ [AM_][XGETTEXT_OPTION([--flag=asprintf:2:c-format])
+ AM_][XGETTEXT_OPTION([--flag=vasprintf:2:c-format])])
+ # Code from module verify:
+ # Code from module vsnprintf:
+ gl_FUNC_VSNPRINTF
+ gl_STDIO_MODULE_INDICATOR([vsnprintf])
+ # Code from module warn-on-use:
+ # Code from module xsize:
+ gl_XSIZE
+ # End of code from modules
+ m4_ifval(lgl_LIBSOURCES_LIST, [
+ m4_syscmd([test ! -d ]m4_defn([lgl_LIBSOURCES_DIR])[ ||
+ for gl_file in ]lgl_LIBSOURCES_LIST[ ; do
+ if test ! -r ]m4_defn([lgl_LIBSOURCES_DIR])[/$gl_file ; then
+ echo "missing file ]m4_defn([lgl_LIBSOURCES_DIR])[/$gl_file" >&2
+ exit 1
+ fi
+ done])dnl
+ m4_if(m4_sysval, [0], [],
+ [AC_FATAL([expected source file, required through AC_LIBSOURCES, not found])])
+ ])
+ m4_popdef([lgl_LIBSOURCES_DIR])
+ m4_popdef([lgl_LIBSOURCES_LIST])
+ m4_popdef([AC_LIBSOURCES])
+ m4_popdef([AC_REPLACE_FUNCS])
+ m4_popdef([AC_LIBOBJ])
+ AC_CONFIG_COMMANDS_PRE([
+ lgl_libobjs=
+ lgl_ltlibobjs=
+ if test -n "$lgl_LIBOBJS"; then
+ # Remove the extension.
+ sed_drop_objext='s/\.o$//;s/\.obj$//'
+ for i in `for i in $lgl_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do
+ lgl_libobjs="$lgl_libobjs $i.$ac_objext"
+ lgl_ltlibobjs="$lgl_ltlibobjs $i.lo"
+ done
+ fi
+ AC_SUBST([lgl_LIBOBJS], [$lgl_libobjs])
+ AC_SUBST([lgl_LTLIBOBJS], [$lgl_ltlibobjs])
+ ])
+ gltests_libdeps=
+ gltests_ltlibdeps=
+ m4_pushdef([AC_LIBOBJ], m4_defn([lgltests_LIBOBJ]))
+ m4_pushdef([AC_REPLACE_FUNCS], m4_defn([lgltests_REPLACE_FUNCS]))
+ m4_pushdef([AC_LIBSOURCES], m4_defn([lgltests_LIBSOURCES]))
+ m4_pushdef([lgltests_LIBSOURCES_LIST], [])
+ m4_pushdef([lgltests_LIBSOURCES_DIR], [])
+ gl_COMMON
+ gl_source_base='gl/tests'
+changequote(,)dnl
+ lgltests_WITNESS=IN_`echo "${PACKAGE-$PACKAGE_TARNAME}" | LC_ALL=C tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ | LC_ALL=C sed -e 's/[^A-Z0-9_]/_/g'`_GNULIB_TESTS
+changequote([, ])dnl
+ AC_SUBST([lgltests_WITNESS])
+ gl_module_indicator_condition=$lgltests_WITNESS
+ m4_pushdef([gl_MODULE_INDICATOR_CONDITION], [$gl_module_indicator_condition])
+ gl_FCNTL_H
+ gl_FUNC_UNGETC_WORKS
+ gl_FUNC_UNGETC_WORKS
+ gl_FUNC_GETPAGESIZE
+ gl_UNISTD_MODULE_INDICATOR([getpagesize])
+ dnl Check for prerequisites for memory fence checks.
+ gl_FUNC_MMAP_ANON
+ AC_CHECK_HEADERS_ONCE([sys/mman.h])
+ AC_CHECK_FUNCS_ONCE([mprotect])
+ gt_TYPE_WCHAR_T
+ gt_TYPE_WINT_T
+ AC_CHECK_FUNCS_ONCE([shutdown])
+ m4_popdef([gl_MODULE_INDICATOR_CONDITION])
+ m4_ifval(lgltests_LIBSOURCES_LIST, [
+ m4_syscmd([test ! -d ]m4_defn([lgltests_LIBSOURCES_DIR])[ ||
+ for gl_file in ]lgltests_LIBSOURCES_LIST[ ; do
+ if test ! -r ]m4_defn([lgltests_LIBSOURCES_DIR])[/$gl_file ; then
+ echo "missing file ]m4_defn([lgltests_LIBSOURCES_DIR])[/$gl_file" >&2
+ exit 1
+ fi
+ done])dnl
+ m4_if(m4_sysval, [0], [],
+ [AC_FATAL([expected source file, required through AC_LIBSOURCES, not found])])
+ ])
+ m4_popdef([lgltests_LIBSOURCES_DIR])
+ m4_popdef([lgltests_LIBSOURCES_LIST])
+ m4_popdef([AC_LIBSOURCES])
+ m4_popdef([AC_REPLACE_FUNCS])
+ m4_popdef([AC_LIBOBJ])
+ AC_CONFIG_COMMANDS_PRE([
+ lgltests_libobjs=
+ lgltests_ltlibobjs=
+ if test -n "$lgltests_LIBOBJS"; then
+ # Remove the extension.
+ sed_drop_objext='s/\.o$//;s/\.obj$//'
+ for i in `for i in $lgltests_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do
+ lgltests_libobjs="$lgltests_libobjs $i.$ac_objext"
+ lgltests_ltlibobjs="$lgltests_ltlibobjs $i.lo"
+ done
+ fi
+ AC_SUBST([lgltests_LIBOBJS], [$lgltests_libobjs])
+ AC_SUBST([lgltests_LTLIBOBJS], [$lgltests_ltlibobjs])
+ ])
+ LIBTESTS_LIBDEPS="$gltests_libdeps"
+ AC_SUBST([LIBTESTS_LIBDEPS])
+])
+
+# Like AC_LIBOBJ, except that the module name goes
+# into lgl_LIBOBJS instead of into LIBOBJS.
+AC_DEFUN([lgl_LIBOBJ], [
+ AS_LITERAL_IF([$1], [lgl_LIBSOURCES([$1.c])])dnl
+ lgl_LIBOBJS="$lgl_LIBOBJS $1.$ac_objext"
+])
+
+# Like AC_REPLACE_FUNCS, except that the module name goes
+# into lgl_LIBOBJS instead of into LIBOBJS.
+AC_DEFUN([lgl_REPLACE_FUNCS], [
+ m4_foreach_w([gl_NAME], [$1], [AC_LIBSOURCES(gl_NAME[.c])])dnl
+ AC_CHECK_FUNCS([$1], , [lgl_LIBOBJ($ac_func)])
+])
+
+# Like AC_LIBSOURCES, except the directory where the source file is
+# expected is derived from the gnulib-tool parameterization,
+# and alloca is special cased (for the alloca-opt module).
+# We could also entirely rely on EXTRA_lib..._SOURCES.
+AC_DEFUN([lgl_LIBSOURCES], [
+ m4_foreach([_gl_NAME], [$1], [
+ m4_if(_gl_NAME, [alloca.c], [], [
+ m4_define([lgl_LIBSOURCES_DIR], [gl])
+ m4_append([lgl_LIBSOURCES_LIST], _gl_NAME, [ ])
+ ])
+ ])
+])
+
+# Like AC_LIBOBJ, except that the module name goes
+# into lgltests_LIBOBJS instead of into LIBOBJS.
+AC_DEFUN([lgltests_LIBOBJ], [
+ AS_LITERAL_IF([$1], [lgltests_LIBSOURCES([$1.c])])dnl
+ lgltests_LIBOBJS="$lgltests_LIBOBJS $1.$ac_objext"
+])
+
+# Like AC_REPLACE_FUNCS, except that the module name goes
+# into lgltests_LIBOBJS instead of into LIBOBJS.
+AC_DEFUN([lgltests_REPLACE_FUNCS], [
+ m4_foreach_w([gl_NAME], [$1], [AC_LIBSOURCES(gl_NAME[.c])])dnl
+ AC_CHECK_FUNCS([$1], , [lgltests_LIBOBJ($ac_func)])
+])
+
+# Like AC_LIBSOURCES, except the directory where the source file is
+# expected is derived from the gnulib-tool parameterization,
+# and alloca is special cased (for the alloca-opt module).
+# We could also entirely rely on EXTRA_lib..._SOURCES.
+AC_DEFUN([lgltests_LIBSOURCES], [
+ m4_foreach([_gl_NAME], [$1], [
+ m4_if(_gl_NAME, [alloca.c], [], [
+ m4_define([lgltests_LIBSOURCES_DIR], [gl/tests])
+ m4_append([lgltests_LIBSOURCES_LIST], _gl_NAME, [ ])
+ ])
+ ])
+])
+
+# This macro records the list of files which have been installed by
+# gnulib-tool and may be removed by future gnulib-tool invocations.
+AC_DEFUN([lgl_FILE_LIST], [
+ build-aux/arg-nonnull.h
+ build-aux/c++defs.h
+ build-aux/config.rpath
+ build-aux/warn-on-use.h
+ lib/alignof.h
+ lib/alloca.in.h
+ lib/asnprintf.c
+ lib/asprintf.c
+ lib/byteswap.in.h
+ lib/c-ctype.c
+ lib/c-ctype.h
+ lib/close-hook.c
+ lib/close-hook.h
+ lib/errno.in.h
+ lib/float+.h
+ lib/float.in.h
+ lib/fseeko.c
+ lib/ftello.c
+ lib/gettext.h
+ lib/lseek.c
+ lib/malloc.c
+ lib/memchr.c
+ lib/memchr.valgrind
+ lib/memmem.c
+ lib/minmax.h
+ lib/netdb.in.h
+ lib/printf-args.c
+ lib/printf-args.h
+ lib/printf-parse.c
+ lib/printf-parse.h
+ lib/read-file.c
+ lib/read-file.h
+ lib/realloc.c
+ lib/size_max.h
+ lib/snprintf.c
+ lib/sockets.c
+ lib/sockets.h
+ lib/stdbool.in.h
+ lib/stddef.in.h
+ lib/stdint.in.h
+ lib/stdio-impl.h
+ lib/stdio-write.c
+ lib/stdio.in.h
+ lib/stdlib.in.h
+ lib/str-two-way.h
+ lib/strcasecmp.c
+ lib/string.in.h
+ lib/strings.in.h
+ lib/strncasecmp.c
+ lib/strverscmp.c
+ lib/sys_socket.in.h
+ lib/sys_stat.in.h
+ lib/time.in.h
+ lib/time_r.c
+ lib/unistd.in.h
+ lib/vasnprintf.c
+ lib/vasnprintf.h
+ lib/vasprintf.c
+ lib/verify.h
+ lib/vsnprintf.c
+ lib/w32sock.h
+ lib/xsize.h
+ m4/00gnulib.m4
+ m4/alloca.m4
+ m4/asm-underscore.m4
+ m4/byteswap.m4
+ m4/codeset.m4
+ m4/errno_h.m4
+ m4/extensions.m4
+ m4/fcntl-o.m4
+ m4/fcntl_h.m4
+ m4/float_h.m4
+ m4/fseeko.m4
+ m4/ftello.m4
+ m4/func.m4
+ m4/getpagesize.m4
+ m4/gettext.m4
+ m4/glibc2.m4
+ m4/glibc21.m4
+ m4/gnulib-common.m4
+ m4/iconv.m4
+ m4/include_next.m4
+ m4/intdiv0.m4
+ m4/intl.m4
+ m4/intldir.m4
+ m4/intlmacosx.m4
+ m4/intmax.m4
+ m4/intmax_t.m4
+ m4/inttypes-pri.m4
+ m4/inttypes_h.m4
+ m4/lcmessage.m4
+ m4/ld-output-def.m4
+ m4/ld-version-script.m4
+ m4/lib-ld.m4
+ m4/lib-link.m4
+ m4/lib-prefix.m4
+ m4/lock.m4
+ m4/longlong.m4
+ m4/lseek.m4
+ m4/malloc.m4
+ m4/memchr.m4
+ m4/memmem.m4
+ m4/minmax.m4
+ m4/mmap-anon.m4
+ m4/multiarch.m4
+ m4/netdb_h.m4
+ m4/nls.m4
+ m4/po.m4
+ m4/printf-posix.m4
+ m4/printf.m4
+ m4/progtest.m4
+ m4/read-file.m4
+ m4/realloc.m4
+ m4/size_max.m4
+ m4/snprintf.m4
+ m4/socketlib.m4
+ m4/sockets.m4
+ m4/socklen.m4
+ m4/sockpfaf.m4
+ m4/stdbool.m4
+ m4/stddef_h.m4
+ m4/stdint.m4
+ m4/stdint_h.m4
+ m4/stdio_h.m4
+ m4/stdlib_h.m4
+ m4/strcase.m4
+ m4/string_h.m4
+ m4/strings_h.m4
+ m4/strverscmp.m4
+ m4/sys_socket_h.m4
+ m4/sys_stat_h.m4
+ m4/threadlib.m4
+ m4/time_h.m4
+ m4/time_r.m4
+ m4/uintmax_t.m4
+ m4/ungetc.m4
+ m4/unistd_h.m4
+ m4/vasnprintf.m4
+ m4/vasprintf.m4
+ m4/visibility.m4
+ m4/vsnprintf.m4
+ m4/warn-on-use.m4
+ m4/wchar_t.m4
+ m4/wint_t.m4
+ m4/xsize.m4
+ tests/init.sh
+ tests/macros.h
+ tests/signature.h
+ tests/test-alloca-opt.c
+ tests/test-binary-io.c
+ tests/test-binary-io.sh
+ tests/test-byteswap.c
+ tests/test-c-ctype.c
+ tests/test-errno.c
+ tests/test-fcntl-h.c
+ tests/test-fseeko.c
+ tests/test-fseeko.sh
+ tests/test-fseeko2.sh
+ tests/test-ftello.c
+ tests/test-ftello.sh
+ tests/test-ftello2.sh
+ tests/test-ftello3.c
+ tests/test-func.c
+ tests/test-memchr.c
+ tests/test-netdb.c
+ tests/test-read-file.c
+ tests/test-snprintf.c
+ tests/test-sockets.c
+ tests/test-stdbool.c
+ tests/test-stddef.c
+ tests/test-stdint.c
+ tests/test-stdio.c
+ tests/test-stdlib.c
+ tests/test-string.c
+ tests/test-strings.c
+ tests/test-strverscmp.c
+ tests/test-sys_socket.c
+ tests/test-sys_stat.c
+ tests/test-sys_wait.h
+ tests/test-time.c
+ tests/test-unistd.c
+ tests/test-vasnprintf.c
+ tests/test-vasprintf.c
+ tests/test-verify.c
+ tests/test-verify.sh
+ tests/test-vsnprintf.c
+ tests/zerosize-ptr.h
+ tests=lib/binary-io.h
+ tests=lib/dummy.c
+ tests=lib/fcntl.in.h
+ tests=lib/getpagesize.c
+ tests=lib/intprops.h
+])
--- /dev/null
+# include_next.m4 serial 18
+dnl Copyright (C) 2006-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert and Derek Price.
+
+dnl Sets INCLUDE_NEXT and PRAGMA_SYSTEM_HEADER.
+dnl
+dnl INCLUDE_NEXT expands to 'include_next' if the compiler supports it, or to
+dnl 'include' otherwise.
+dnl
+dnl INCLUDE_NEXT_AS_FIRST_DIRECTIVE expands to 'include_next' if the compiler
+dnl supports it in the special case that it is the first include directive in
+dnl the given file, or to 'include' otherwise.
+dnl
+dnl PRAGMA_SYSTEM_HEADER can be used in files that contain #include_next,
+dnl so as to avoid GCC warnings when the gcc option -pedantic is used.
+dnl '#pragma GCC system_header' has the same effect as if the file was found
+dnl through the include search path specified with '-isystem' options (as
+dnl opposed to the search path specified with '-I' options). Namely, gcc
+dnl does not warn about some things, and on some systems (Solaris and Interix)
+dnl __STDC__ evaluates to 0 instead of to 1. The latter is an undesired side
+dnl effect; we are therefore careful to use 'defined __STDC__' or '1' instead
+dnl of plain '__STDC__'.
+dnl
+dnl PRAGMA_COLUMNS can be used in files that override system header files, so
+dnl as to avoid compilation errors on HP NonStop systems when the gnulib file
+dnl is included by a system header file that does a "#pragma COLUMNS 80" (which
+dnl has the effect of truncating the lines of that file and all files that it
+dnl includes to 80 columns) and the gnulib file has lines longer than 80
+dnl columns.
+
+AC_DEFUN([gl_INCLUDE_NEXT],
+[
+ AC_LANG_PREPROC_REQUIRE()
+ AC_CACHE_CHECK([whether the preprocessor supports include_next],
+ [gl_cv_have_include_next],
+ [rm -rf conftestd1a conftestd1b conftestd2
+ mkdir conftestd1a conftestd1b conftestd2
+ dnl IBM C 9.0, 10.1 (original versions, prior to the 2009-01 updates) on
+ dnl AIX 6.1 support include_next when used as first preprocessor directive
+ dnl in a file, but not when preceded by another include directive. Check
+ dnl for this bug by including <stdio.h>.
+ dnl Additionally, with this same compiler, include_next is a no-op when
+ dnl used in a header file that was included by specifying its absolute
+ dnl file name. Despite these two bugs, include_next is used in the
+ dnl compiler's <math.h>. By virtue of the second bug, we need to use
+ dnl include_next as well in this case.
+ cat <<EOF > conftestd1a/conftest.h
+#define DEFINED_IN_CONFTESTD1
+#include_next <conftest.h>
+#ifdef DEFINED_IN_CONFTESTD2
+int foo;
+#else
+#error "include_next doesn't work"
+#endif
+EOF
+ cat <<EOF > conftestd1b/conftest.h
+#define DEFINED_IN_CONFTESTD1
+#include <stdio.h>
+#include_next <conftest.h>
+#ifdef DEFINED_IN_CONFTESTD2
+int foo;
+#else
+#error "include_next doesn't work"
+#endif
+EOF
+ cat <<EOF > conftestd2/conftest.h
+#ifndef DEFINED_IN_CONFTESTD1
+#error "include_next test doesn't work"
+#endif
+#define DEFINED_IN_CONFTESTD2
+EOF
+ gl_save_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$gl_save_CPPFLAGS -Iconftestd1b -Iconftestd2"
+dnl We intentionally avoid using AC_LANG_SOURCE here.
+ AC_COMPILE_IFELSE([AC_LANG_DEFINES_PROVIDED[#include <conftest.h>]],
+ [gl_cv_have_include_next=yes],
+ [CPPFLAGS="$gl_save_CPPFLAGS -Iconftestd1a -Iconftestd2"
+ AC_COMPILE_IFELSE([AC_LANG_DEFINES_PROVIDED[#include <conftest.h>]],
+ [gl_cv_have_include_next=buggy],
+ [gl_cv_have_include_next=no])
+ ])
+ CPPFLAGS="$gl_save_CPPFLAGS"
+ rm -rf conftestd1a conftestd1b conftestd2
+ ])
+ PRAGMA_SYSTEM_HEADER=
+ if test $gl_cv_have_include_next = yes; then
+ INCLUDE_NEXT=include_next
+ INCLUDE_NEXT_AS_FIRST_DIRECTIVE=include_next
+ if test -n "$GCC"; then
+ PRAGMA_SYSTEM_HEADER='#pragma GCC system_header'
+ fi
+ else
+ if test $gl_cv_have_include_next = buggy; then
+ INCLUDE_NEXT=include
+ INCLUDE_NEXT_AS_FIRST_DIRECTIVE=include_next
+ else
+ INCLUDE_NEXT=include
+ INCLUDE_NEXT_AS_FIRST_DIRECTIVE=include
+ fi
+ fi
+ AC_SUBST([INCLUDE_NEXT])
+ AC_SUBST([INCLUDE_NEXT_AS_FIRST_DIRECTIVE])
+ AC_SUBST([PRAGMA_SYSTEM_HEADER])
+ AC_CACHE_CHECK([whether system header files limit the line length],
+ [gl_cv_pragma_columns],
+ [dnl HP NonStop systems, which define __TANDEM, have this misfeature.
+ AC_EGREP_CPP([choke me],
+ [
+#ifdef __TANDEM
+choke me
+#endif
+ ],
+ [gl_cv_pragma_columns=yes],
+ [gl_cv_pragma_columns=no])
+ ])
+ if test $gl_cv_pragma_columns = yes; then
+ PRAGMA_COLUMNS="#pragma COLUMNS 10000"
+ else
+ PRAGMA_COLUMNS=
+ fi
+ AC_SUBST([PRAGMA_COLUMNS])
+])
+
+# gl_CHECK_NEXT_HEADERS(HEADER1 HEADER2 ...)
+# ------------------------------------------
+# For each arg foo.h, if #include_next works, define NEXT_FOO_H to be
+# '<foo.h>'; otherwise define it to be
+# '"///usr/include/foo.h"', or whatever other absolute file name is suitable.
+# Also, if #include_next works as first preprocessing directive in a file,
+# define NEXT_AS_FIRST_DIRECTIVE_FOO_H to be '<foo.h>'; otherwise define it to
+# be
+# '"///usr/include/foo.h"', or whatever other absolute file name is suitable.
+# That way, a header file with the following line:
+# #@INCLUDE_NEXT@ @NEXT_FOO_H@
+# or
+# #@INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ @NEXT_AS_FIRST_DIRECTIVE_FOO_H@
+# behaves (after sed substitution) as if it contained
+# #include_next <foo.h>
+# even if the compiler does not support include_next.
+# The three "///" are to pacify Sun C 5.8, which otherwise would say
+# "warning: #include of /usr/include/... may be non-portable".
+# Use `""', not `<>', so that the /// cannot be confused with a C99 comment.
+# Note: This macro assumes that the header file is not empty after
+# preprocessing, i.e. it does not only define preprocessor macros but also
+# provides some type/enum definitions or function/variable declarations.
+#
+# This macro also checks whether each header exists, by invoking
+# AC_CHECK_HEADERS_ONCE or AC_CHECK_HEADERS on each argument.
+AC_DEFUN([gl_CHECK_NEXT_HEADERS],
+[
+ gl_NEXT_HEADERS_INTERNAL([$1], [check])
+])
+
+# gl_NEXT_HEADERS(HEADER1 HEADER2 ...)
+# ------------------------------------
+# Like gl_CHECK_NEXT_HEADERS, except do not check whether the headers exist.
+# This is suitable for headers like <stddef.h> that are standardized by C89
+# and therefore can be assumed to exist.
+AC_DEFUN([gl_NEXT_HEADERS],
+[
+ gl_NEXT_HEADERS_INTERNAL([$1], [assume])
+])
+
+# The guts of gl_CHECK_NEXT_HEADERS and gl_NEXT_HEADERS.
+AC_DEFUN([gl_NEXT_HEADERS_INTERNAL],
+[
+ AC_REQUIRE([gl_INCLUDE_NEXT])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+
+ m4_if([$2], [check],
+ [AC_CHECK_HEADERS_ONCE([$1])
+ ])
+
+ m4_foreach_w([gl_HEADER_NAME], [$1],
+ [AS_VAR_PUSHDEF([gl_next_header],
+ [gl_cv_next_]m4_defn([gl_HEADER_NAME]))
+ if test $gl_cv_have_include_next = yes; then
+ AS_VAR_SET([gl_next_header], ['<'gl_HEADER_NAME'>'])
+ else
+ AC_CACHE_CHECK(
+ [absolute name of <]m4_defn([gl_HEADER_NAME])[>],
+ m4_defn([gl_next_header]),
+ [m4_if([$2], [check],
+ [AS_VAR_PUSHDEF([gl_header_exists],
+ [ac_cv_header_]m4_defn([gl_HEADER_NAME]))
+ if test AS_VAR_GET(gl_header_exists) = yes; then
+ AS_VAR_POPDEF([gl_header_exists])
+ ])
+ AC_LANG_CONFTEST(
+ [AC_LANG_SOURCE(
+ [[#include <]]m4_dquote(m4_defn([gl_HEADER_NAME]))[[>]]
+ )])
+ dnl AIX "xlc -E" and "cc -E" omit #line directives for header
+ dnl files that contain only a #include of other header files and
+ dnl no non-comment tokens of their own. This leads to a failure
+ dnl to detect the absolute name of <dirent.h>, <signal.h>,
+ dnl <poll.h> and others. The workaround is to force preservation
+ dnl of comments through option -C. This ensures all necessary
+ dnl #line directives are present. GCC supports option -C as well.
+ case "$host_os" in
+ aix*) gl_absname_cpp="$ac_cpp -C" ;;
+ *) gl_absname_cpp="$ac_cpp" ;;
+ esac
+ dnl eval is necessary to expand gl_absname_cpp.
+ dnl Ultrix and Pyramid sh refuse to redirect output of eval,
+ dnl so use subshell.
+ AS_VAR_SET([gl_next_header],
+ ['"'`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&AS_MESSAGE_LOG_FD |
+ sed -n '\#/]m4_defn([gl_HEADER_NAME])[#{
+ s#.*"\(.*/]m4_defn([gl_HEADER_NAME])[\)".*#\1#
+ s#^/[^/]#//&#
+ p
+ q
+ }'`'"'])
+ m4_if([$2], [check],
+ [else
+ AS_VAR_SET([gl_next_header], ['<'gl_HEADER_NAME'>'])
+ fi
+ ])
+ ])
+ fi
+ AC_SUBST(
+ AS_TR_CPP([NEXT_]m4_defn([gl_HEADER_NAME])),
+ [AS_VAR_GET([gl_next_header])])
+ if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then
+ # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next'
+ gl_next_as_first_directive='<'gl_HEADER_NAME'>'
+ else
+ # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include'
+ gl_next_as_first_directive=AS_VAR_GET([gl_next_header])
+ fi
+ AC_SUBST(
+ AS_TR_CPP([NEXT_AS_FIRST_DIRECTIVE_]m4_defn([gl_HEADER_NAME])),
+ [$gl_next_as_first_directive])
+ AS_VAR_POPDEF([gl_next_header])])
+])
+
+# Autoconf 2.68 added warnings for our use of AC_COMPILE_IFELSE;
+# this fallback is safe for all earlier autoconf versions.
+m4_define_default([AC_LANG_DEFINES_PROVIDED])
--- /dev/null
+# intmax_t.m4 serial 8
+dnl Copyright (C) 1997-2004, 2006-2007, 2009-2011 Free Software Foundation,
+dnl Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+AC_PREREQ([2.53])
+
+# Define intmax_t to 'long' or 'long long'
+# if it is not already defined in <stdint.h> or <inttypes.h>.
+
+AC_DEFUN([gl_AC_TYPE_INTMAX_T],
+[
+ dnl For simplicity, we assume that a header file defines 'intmax_t' if and
+ dnl only if it defines 'uintmax_t'.
+ AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+ AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+ if test $gl_cv_header_inttypes_h = no && test $gl_cv_header_stdint_h = no; then
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ test $ac_cv_type_long_long_int = yes \
+ && ac_type='long long' \
+ || ac_type='long'
+ AC_DEFINE_UNQUOTED([intmax_t], [$ac_type],
+ [Define to long or long long if <inttypes.h> and <stdint.h> don't define.])
+ else
+ AC_DEFINE([HAVE_INTMAX_T], [1],
+ [Define if you have the 'intmax_t' type in <stdint.h> or <inttypes.h>.])
+ fi
+])
+
+dnl An alternative would be to explicitly test for 'intmax_t'.
+
+AC_DEFUN([gt_AC_TYPE_INTMAX_T],
+[
+ AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+ AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+ AC_CACHE_CHECK([for intmax_t], [gt_cv_c_intmax_t],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+#include <stddef.h>
+#include <stdlib.h>
+#if HAVE_STDINT_H_WITH_UINTMAX
+#include <stdint.h>
+#endif
+#if HAVE_INTTYPES_H_WITH_UINTMAX
+#include <inttypes.h>
+#endif
+ ]],
+ [[intmax_t x = -1; return !x;]])],
+ [gt_cv_c_intmax_t=yes],
+ [gt_cv_c_intmax_t=no])])
+ if test $gt_cv_c_intmax_t = yes; then
+ AC_DEFINE([HAVE_INTMAX_T], [1],
+ [Define if you have the 'intmax_t' type in <stdint.h> or <inttypes.h>.])
+ else
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ test $ac_cv_type_long_long_int = yes \
+ && ac_type='long long' \
+ || ac_type='long'
+ AC_DEFINE_UNQUOTED([intmax_t], [$ac_type],
+ [Define to long or long long if <stdint.h> and <inttypes.h> don't define.])
+ fi
+])
--- /dev/null
+# ld-output-def.m4 serial 2
+dnl Copyright (C) 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Simon Josefsson
+
+# gl_LD_OUTPUT_DEF()
+# -------------
+# Check if linker supports -Wl,--output-def and define automake
+# conditional HAVE_LD_OUTPUT_DEF if it is.
+AC_DEFUN([gl_LD_OUTPUT_DEF],
+[
+ AC_CACHE_CHECK([if gcc/ld supports -Wl,--output-def],
+ [gl_cv_ld_output_def],
+ [if test "$enable_shared" = no; then
+ gl_cv_ld_output_def="not needed, shared libraries are disabled"
+ else
+ gl_ldflags_save=$LDFLAGS
+ LDFLAGS="-Wl,--output-def,conftest.def"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+ [gl_cv_ld_output_def=yes],
+ [gl_cv_ld_output_def=no])
+ rm -f conftest.def
+ LDFLAGS="$gl_ldflags_save"
+ fi])
+ AM_CONDITIONAL([HAVE_LD_OUTPUT_DEF], test "x$gl_cv_ld_output_def" = "xyes")
+])
--- /dev/null
+# ld-version-script.m4 serial 2
+dnl Copyright (C) 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Simon Josefsson
+
+# FIXME: The test below returns a false positive for mingw
+# cross-compiles, 'local:' statements does not reduce number of
+# exported symbols in a DLL. Use --disable-ld-version-script to work
+# around the problem.
+
+# gl_LD_VERSION_SCRIPT
+# --------------------
+# Check if LD supports linker scripts, and define automake conditional
+# HAVE_LD_VERSION_SCRIPT if so.
+AC_DEFUN([gl_LD_VERSION_SCRIPT],
+[
+ AC_ARG_ENABLE([ld-version-script],
+ AS_HELP_STRING([--enable-ld-version-script],
+ [enable linker version script (default is enabled when possible)]),
+ [have_ld_version_script=$enableval], [])
+ if test -z "$have_ld_version_script"; then
+ AC_MSG_CHECKING([if LD -Wl,--version-script works])
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map"
+ cat > conftest.map <<EOF
+VERS_1 {
+ global: sym;
+};
+
+VERS_2 {
+ global: sym;
+} VERS_1;
+EOF
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])],
+ [have_ld_version_script=yes], [have_ld_version_script=no])
+ rm -f conftest.map
+ LDFLAGS="$save_LDFLAGS"
+ AC_MSG_RESULT($have_ld_version_script)
+ fi
+ AM_CONDITIONAL(HAVE_LD_VERSION_SCRIPT, test "$have_ld_version_script" = "yes")
+])
--- /dev/null
+# lseek.m4 serial 6
+dnl Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_LSEEK],
+[
+ AC_REQUIRE([gl_UNISTD_H_DEFAULTS])
+ AC_REQUIRE([AC_PROG_CC])
+ AC_CACHE_CHECK([whether lseek detects pipes], [gl_cv_func_lseek_pipe],
+ [if test $cross_compiling = no; then
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <sys/types.h> /* for off_t */
+#include <stdio.h> /* for SEEK_CUR */
+#include <unistd.h>]], [[
+ /* Exit with success only if stdin is seekable. */
+ return lseek (0, (off_t)0, SEEK_CUR) < 0;
+]])],
+ [if test -s conftest$ac_exeext \
+ && ./conftest$ac_exeext < conftest.$ac_ext \
+ && test 1 = "`echo hi \
+ | { ./conftest$ac_exeext; echo $?; cat >/dev/null; }`"; then
+ gl_cv_func_lseek_pipe=yes
+ else
+ gl_cv_func_lseek_pipe=no
+ fi],
+ [gl_cv_func_lseek_pipe=no])
+ else
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+#if ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__) || defined __BEOS__
+/* mingw and BeOS mistakenly return 0 when trying to seek on pipes. */
+ Choke me.
+#endif]])],
+ [gl_cv_func_lseek_pipe=yes], [gl_cv_func_lseek_pipe=no])
+ fi])
+ if test $gl_cv_func_lseek_pipe = no; then
+ gl_REPLACE_LSEEK
+ fi
+])
+
+AC_DEFUN([gl_REPLACE_LSEEK],
+[
+ AC_LIBOBJ([lseek])
+ AC_REQUIRE([gl_UNISTD_H_DEFAULTS])
+ REPLACE_LSEEK=1
+ AC_DEFINE([LSEEK_PIPE_BROKEN], [1],
+ [Define to 1 if lseek does not detect pipes.])
+])
--- /dev/null
+# malloc.m4 serial 12
+dnl Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# gl_FUNC_MALLOC_GNU
+# ------------------
+# Test whether 'malloc (0)' is handled like in GNU libc, and replace malloc if
+# it is not.
+AC_DEFUN([gl_FUNC_MALLOC_GNU],
+[
+ AC_REQUIRE([gl_STDLIB_H_DEFAULTS])
+ dnl _AC_FUNC_MALLOC_IF is defined in Autoconf.
+ _AC_FUNC_MALLOC_IF(
+ [AC_DEFINE([HAVE_MALLOC_GNU], [1],
+ [Define to 1 if your system has a GNU libc compatible 'malloc'
+ function, and to 0 otherwise.])],
+ [AC_DEFINE([HAVE_MALLOC_GNU], [0])
+ gl_REPLACE_MALLOC
+ ])
+])
+
+# gl_FUNC_MALLOC_POSIX
+# --------------------
+# Test whether 'malloc' is POSIX compliant (sets errno to ENOMEM when it
+# fails), and replace malloc if it is not.
+AC_DEFUN([gl_FUNC_MALLOC_POSIX],
+[
+ AC_REQUIRE([gl_STDLIB_H_DEFAULTS])
+ AC_REQUIRE([gl_CHECK_MALLOC_POSIX])
+ if test $gl_cv_func_malloc_posix = yes; then
+ AC_DEFINE([HAVE_MALLOC_POSIX], [1],
+ [Define if the 'malloc' function is POSIX compliant.])
+ else
+ gl_REPLACE_MALLOC
+ fi
+])
+
+# Test whether malloc, realloc, calloc are POSIX compliant,
+# Set gl_cv_func_malloc_posix to yes or no accordingly.
+AC_DEFUN([gl_CHECK_MALLOC_POSIX],
+[
+ AC_CACHE_CHECK([whether malloc, realloc, calloc are POSIX compliant],
+ [gl_cv_func_malloc_posix],
+ [
+ dnl It is too dangerous to try to allocate a large amount of memory:
+ dnl some systems go to their knees when you do that. So assume that
+ dnl all Unix implementations of the function are POSIX compliant.
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[]],
+ [[#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ choke me
+ #endif
+ ]])],
+ [gl_cv_func_malloc_posix=yes],
+ [gl_cv_func_malloc_posix=no])
+ ])
+])
+
+AC_DEFUN([gl_REPLACE_MALLOC],
+[
+ AC_LIBOBJ([malloc])
+ REPLACE_MALLOC=1
+])
--- /dev/null
+# memchr.m4 serial 10
+dnl Copyright (C) 2002-2004, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN_ONCE([gl_FUNC_MEMCHR],
+[
+ dnl Check for prerequisites for memory fence checks.
+ gl_FUNC_MMAP_ANON
+ AC_CHECK_HEADERS_ONCE([sys/mman.h])
+ AC_CHECK_FUNCS_ONCE([mprotect])
+
+ dnl These days, we assume memchr is present. But just in case...
+ AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS])
+ AC_CHECK_FUNCS_ONCE([memchr])
+ if test $ac_cv_func_memchr = yes; then
+ # Detect platform-specific bugs in some versions of glibc:
+ # memchr should not dereference anything with length 0
+ # http://bugzilla.redhat.com/499689
+ # memchr should not dereference overestimated length after a match
+ # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521737
+ # http://sourceware.org/bugzilla/show_bug.cgi?id=10162
+ # Assume that memchr works on platforms that lack mprotect.
+ AC_CACHE_CHECK([whether memchr works], [gl_cv_func_memchr_works],
+ [AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <string.h>
+#if HAVE_SYS_MMAN_H
+# include <fcntl.h>
+# include <unistd.h>
+# include <sys/types.h>
+# include <sys/mman.h>
+# ifndef MAP_FILE
+# define MAP_FILE 0
+# endif
+#endif
+]], [[
+ int result = 0;
+ char *fence = NULL;
+#if HAVE_SYS_MMAN_H && HAVE_MPROTECT
+# if HAVE_MAP_ANONYMOUS
+ const int flags = MAP_ANONYMOUS | MAP_PRIVATE;
+ const int fd = -1;
+# else /* !HAVE_MAP_ANONYMOUS */
+ const int flags = MAP_FILE | MAP_PRIVATE;
+ int fd = open ("/dev/zero", O_RDONLY, 0666);
+ if (fd >= 0)
+# endif
+ {
+ int pagesize = getpagesize ();
+ char *two_pages =
+ (char *) mmap (NULL, 2 * pagesize, PROT_READ | PROT_WRITE,
+ flags, fd, 0);
+ if (two_pages != (char *)(-1)
+ && mprotect (two_pages + pagesize, pagesize, PROT_NONE) == 0)
+ fence = two_pages + pagesize;
+ }
+#endif
+ if (fence)
+ {
+ if (memchr (fence, 0, 0))
+ result |= 1;
+ strcpy (fence - 9, "12345678");
+ if (memchr (fence - 9, 0, 79) != fence - 1)
+ result |= 2;
+ if (memchr (fence - 1, 0, 3) != fence - 1)
+ result |= 4;
+ }
+ return result;
+]])], [gl_cv_func_memchr_works=yes], [gl_cv_func_memchr_works=no],
+ [dnl Be pessimistic for now.
+ gl_cv_func_memchr_works="guessing no"])])
+ if test "$gl_cv_func_memchr_works" != yes; then
+ REPLACE_MEMCHR=1
+ fi
+ else
+ HAVE_MEMCHR=0
+ fi
+ if test $HAVE_MEMCHR = 0 || test $REPLACE_MEMCHR = 1; then
+ AC_LIBOBJ([memchr])
+ gl_PREREQ_MEMCHR
+ fi
+])
+
+# Prerequisites of lib/memchr.c.
+AC_DEFUN([gl_PREREQ_MEMCHR], [
+ AC_CHECK_HEADERS([bp-sym.h])
+])
--- /dev/null
+# memmem.m4 serial 22
+dnl Copyright (C) 2002-2004, 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Check that memmem is present and functional.
+AC_DEFUN([gl_FUNC_MEMMEM_SIMPLE],
+[
+ dnl Persuade glibc <string.h> to declare memmem().
+ AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+
+ AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS])
+ AC_REPLACE_FUNCS([memmem])
+ AC_CHECK_DECLS_ONCE([memmem])
+ if test $ac_cv_have_decl_memmem = no; then
+ HAVE_DECL_MEMMEM=0
+ else
+ dnl Detect http://sourceware.org/bugzilla/show_bug.cgi?id=12092.
+ dnl Also check that we handle empty needles correctly.
+ AC_CACHE_CHECK([whether memmem works],
+ [gl_cv_func_memmem_works_always],
+ [AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <string.h> /* for memmem */
+#define P "_EF_BF_BD"
+#define HAYSTACK "F_BD_CE_BD" P P P P "_C3_88_20" P P P "_C3_A7_20" P
+#define NEEDLE P P P P P
+]], [[
+ int result = 0;
+ if (memmem (HAYSTACK, strlen (HAYSTACK), NEEDLE, strlen (NEEDLE)))
+ result |= 1;
+ /* Check for empty needle behavior. */
+ {
+ const char *haystack = "AAA";
+ if (memmem (haystack, 3, NULL, 0) != haystack)
+ result |= 2;
+ }
+ return result;
+ ]])],
+ [gl_cv_func_memmem_works_always=yes],
+ [gl_cv_func_memmem_works_always=no],
+ [dnl glibc 2.9..2.12 and cygwin 1.7.7 have issue #12092 above.
+ dnl Also empty needles work on glibc >= 2.1 and cygwin >= 1.7.0.
+ dnl uClibc is not affected, since it uses different source code.
+ dnl Assume that it works on all other platforms (even if not linear).
+ AC_EGREP_CPP([Lucky user],
+ [
+#ifdef __GNU_LIBRARY__
+ #include <features.h>
+ #if ((__GLIBC__ == 2 && ((__GLIBC_MINOR > 0 && __GLIBC_MINOR__ < 9) \
+ || __GLIBC_MINOR__ > 12)) \
+ || (__GLIBC__ > 2)) \
+ || defined __UCLIBC__
+ Lucky user
+ #endif
+#elif defined __CYGWIN__
+ #include <cygwin/version.h>
+ #if CYGWIN_VERSION_DLL_COMBINED > CYGWIN_VERSION_DLL_MAKE_COMBINED (1007, 7)
+ Lucky user
+ #endif
+#else
+ Lucky user
+#endif
+ ],
+ [gl_cv_func_memmem_works_always=yes],
+ [gl_cv_func_memmem_works_always="guessing no"])
+ ])
+ ])
+ if test "$gl_cv_func_memmem_works_always" != yes; then
+ REPLACE_MEMMEM=1
+ AC_LIBOBJ([memmem])
+ fi
+ fi
+ gl_PREREQ_MEMMEM
+]) # gl_FUNC_MEMMEM_SIMPLE
+
+dnl Additionally, check that memmem has linear performance characteristics
+AC_DEFUN([gl_FUNC_MEMMEM],
+[
+ AC_REQUIRE([gl_FUNC_MEMMEM_SIMPLE])
+ if test $HAVE_DECL_MEMMEM = 1 && test $REPLACE_MEMMEM = 0; then
+ AC_CACHE_CHECK([whether memmem works in linear time],
+ [gl_cv_func_memmem_works_fast],
+ [AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <signal.h> /* for signal */
+#include <string.h> /* for memmem */
+#include <stdlib.h> /* for malloc */
+#include <unistd.h> /* for alarm */
+static void quit (int sig) { exit (sig + 128); }
+]], [[
+ int result = 0;
+ size_t m = 1000000;
+ char *haystack = (char *) malloc (2 * m + 1);
+ char *needle = (char *) malloc (m + 1);
+ /* Failure to compile this test due to missing alarm is okay,
+ since all such platforms (mingw) also lack memmem. */
+ signal (SIGALRM, quit);
+ alarm (5);
+ /* Check for quadratic performance. */
+ if (haystack && needle)
+ {
+ memset (haystack, 'A', 2 * m);
+ haystack[2 * m] = 'B';
+ memset (needle, 'A', m);
+ needle[m] = 'B';
+ if (!memmem (haystack, 2 * m + 1, needle, m + 1))
+ result |= 1;
+ }
+ return result;
+ ]])],
+ [gl_cv_func_memmem_works_fast=yes], [gl_cv_func_memmem_works_fast=no],
+ [dnl Only glibc >= 2.9 and cygwin > 1.7.0 are known to have a
+ dnl memmem that works in linear time.
+ AC_EGREP_CPP([Lucky user],
+ [
+#include <features.h>
+#ifdef __GNU_LIBRARY__
+ #if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 9) || (__GLIBC__ > 2)) \
+ && !defined __UCLIBC__
+ Lucky user
+ #endif
+#endif
+#ifdef __CYGWIN__
+ #include <cygwin/version.h>
+ #if CYGWIN_VERSION_DLL_COMBINED > CYGWIN_VERSION_DLL_MAKE_COMBINED (1007, 0)
+ Lucky user
+ #endif
+#endif
+ ],
+ [gl_cv_func_memmem_works_fast=yes],
+ [gl_cv_func_memmem_works_fast="guessing no"])
+ ])
+ ])
+ if test "$gl_cv_func_memmem_works_fast" != yes; then
+ REPLACE_MEMMEM=1
+ AC_LIBOBJ([memmem])
+ fi
+ fi
+]) # gl_FUNC_MEMMEM
+
+# Prerequisites of lib/memmem.c.
+AC_DEFUN([gl_PREREQ_MEMMEM], [:])
--- /dev/null
+# minmax.m4 serial 4
+dnl Copyright (C) 2005, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_PREREQ([2.53])
+
+AC_DEFUN([gl_MINMAX],
+[
+ AC_REQUIRE([gl_PREREQ_MINMAX])
+])
+
+# Prerequisites of lib/minmax.h.
+AC_DEFUN([gl_PREREQ_MINMAX],
+[
+ gl_MINMAX_IN_HEADER([limits.h])
+ gl_MINMAX_IN_HEADER([sys/param.h])
+])
+
+dnl gl_MINMAX_IN_HEADER(HEADER)
+dnl The parameter has to be a literal header name; it cannot be macro,
+dnl nor a shell variable. (Because autoheader collects only AC_DEFINE
+dnl invocations with a literal macro name.)
+AC_DEFUN([gl_MINMAX_IN_HEADER],
+[
+ m4_pushdef([header], AS_TR_SH([$1]))
+ m4_pushdef([HEADER], AS_TR_CPP([$1]))
+ AC_CACHE_CHECK([whether <$1> defines MIN and MAX],
+ [gl_cv_minmax_in_]header,
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <$1>
+ int x = MIN (42, 17);]],
+ [[]])],
+ [gl_cv_minmax_in_]header[=yes],
+ [gl_cv_minmax_in_]header[=no])])
+ if test $gl_cv_minmax_in_[]header = yes; then
+ AC_DEFINE([HAVE_MINMAX_IN_]HEADER, 1,
+ [Define to 1 if <$1> defines the MIN and MAX macros.])
+ fi
+ m4_popdef([HEADER])
+ m4_popdef([header])
+])
--- /dev/null
+# mmap-anon.m4 serial 9
+dnl Copyright (C) 2005, 2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# Detect how mmap can be used to create anonymous (not file-backed) memory
+# mappings.
+# - On Linux, AIX, OSF/1, Solaris, Cygwin, Interix, Haiku, both MAP_ANONYMOUS
+# and MAP_ANON exist and have the same value.
+# - On HP-UX, only MAP_ANONYMOUS exists.
+# - On MacOS X, FreeBSD, NetBSD, OpenBSD, only MAP_ANON exists.
+# - On IRIX, neither exists, and a file descriptor opened to /dev/zero must be
+# used.
+
+AC_DEFUN([gl_FUNC_MMAP_ANON],
+[
+ dnl Persuade glibc <sys/mman.h> to define MAP_ANONYMOUS.
+ AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS])
+
+ # Check for mmap(). Don't use AC_FUNC_MMAP, because it checks too much: it
+ # fails on HP-UX 11, because MAP_FIXED mappings do not work. But this is
+ # irrelevant for anonymous mappings.
+ AC_CHECK_FUNC([mmap], [gl_have_mmap=yes], [gl_have_mmap=no])
+
+ # Try to allow MAP_ANONYMOUS.
+ gl_have_mmap_anonymous=no
+ if test $gl_have_mmap = yes; then
+ AC_MSG_CHECKING([for MAP_ANONYMOUS])
+ AC_EGREP_CPP([I cant identify this map.], [
+#include <sys/mman.h>
+#ifdef MAP_ANONYMOUS
+ I cant identify this map.
+#endif
+],
+ [gl_have_mmap_anonymous=yes])
+ if test $gl_have_mmap_anonymous != yes; then
+ AC_EGREP_CPP([I cant identify this map.], [
+#include <sys/mman.h>
+#ifdef MAP_ANON
+ I cant identify this map.
+#endif
+],
+ [AC_DEFINE([MAP_ANONYMOUS], [MAP_ANON],
+ [Define to a substitute value for mmap()'s MAP_ANONYMOUS flag.])
+ gl_have_mmap_anonymous=yes])
+ fi
+ AC_MSG_RESULT([$gl_have_mmap_anonymous])
+ if test $gl_have_mmap_anonymous = yes; then
+ AC_DEFINE([HAVE_MAP_ANONYMOUS], [1],
+ [Define to 1 if mmap()'s MAP_ANONYMOUS flag is available after including
+ config.h and <sys/mman.h>.])
+ fi
+ fi
+])
--- /dev/null
+# multiarch.m4 serial 6
+dnl Copyright (C) 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# Determine whether the compiler is or may be producing universal binaries.
+#
+# On MacOS X 10.5 and later systems, the user can create libraries and
+# executables that work on multiple system types--known as "fat" or
+# "universal" binaries--by specifying multiple '-arch' options to the
+# compiler but only a single '-arch' option to the preprocessor. Like
+# this:
+#
+# ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+# CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \
+# CPP="gcc -E" CXXCPP="g++ -E"
+#
+# Detect this situation and set APPLE_UNIVERSAL_BUILD accordingly.
+
+AC_DEFUN_ONCE([gl_MULTIARCH],
+[
+ dnl Code similar to autoconf-2.63 AC_C_BIGENDIAN.
+ gl_cv_c_multiarch=no
+ AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE(
+ [[#ifndef __APPLE_CC__
+ not a universal capable compiler
+ #endif
+ typedef int dummy;
+ ]])],
+ [
+ dnl Check for potential -arch flags. It is not universal unless
+ dnl there are at least two -arch flags with different values.
+ arch=
+ prev=
+ for word in ${CC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS}; do
+ if test -n "$prev"; then
+ case $word in
+ i?86 | x86_64 | ppc | ppc64)
+ if test -z "$arch" || test "$arch" = "$word"; then
+ arch="$word"
+ else
+ gl_cv_c_multiarch=yes
+ fi
+ ;;
+ esac
+ prev=
+ else
+ if test "x$word" = "x-arch"; then
+ prev=arch
+ fi
+ fi
+ done
+ ])
+ if test $gl_cv_c_multiarch = yes; then
+ APPLE_UNIVERSAL_BUILD=1
+ else
+ APPLE_UNIVERSAL_BUILD=0
+ fi
+ AC_SUBST([APPLE_UNIVERSAL_BUILD])
+])
--- /dev/null
+# netdb_h.m4 serial 10
+dnl Copyright (C) 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_HEADER_NETDB],
+[
+ AC_REQUIRE([gl_NETDB_H_DEFAULTS])
+ gl_CHECK_NEXT_HEADERS([netdb.h])
+ if test $ac_cv_header_netdb_h = yes; then
+ HAVE_NETDB_H=1
+ else
+ HAVE_NETDB_H=0
+ fi
+ AC_SUBST([HAVE_NETDB_H])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use.
+ gl_WARN_ON_USE_PREPARE([[#include <netdb.h>]],
+ [getaddrinfo freeaddrinfo gai_strerror getnameinfo])
+])
+
+AC_DEFUN([gl_NETDB_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_NETDB_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+])
+
+AC_DEFUN([gl_NETDB_H_DEFAULTS],
+[
+ GNULIB_GETADDRINFO=0; AC_SUBST([GNULIB_GETADDRINFO])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_STRUCT_ADDRINFO=1; AC_SUBST([HAVE_STRUCT_ADDRINFO])
+ HAVE_DECL_FREEADDRINFO=1; AC_SUBST([HAVE_DECL_FREEADDRINFO])
+ HAVE_DECL_GAI_STRERROR=1; AC_SUBST([HAVE_DECL_GAI_STRERROR])
+ HAVE_DECL_GETADDRINFO=1; AC_SUBST([HAVE_DECL_GETADDRINFO])
+ HAVE_DECL_GETNAMEINFO=1; AC_SUBST([HAVE_DECL_GETNAMEINFO])
+])
--- /dev/null
+# printf.m4 serial 42
+dnl Copyright (C) 2003, 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Test whether the *printf family of functions supports the 'j', 'z', 't',
+dnl 'L' size specifiers. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_printf_sizes_c99.
+
+AC_DEFUN([gl_PRINTF_SIZES_C99],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([gl_AC_HEADER_STDINT_H])
+ AC_REQUIRE([gl_AC_HEADER_INTTYPES_H])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports size specifiers as in C99],
+ [gl_cv_func_printf_sizes_c99],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#if HAVE_STDINT_H_WITH_UINTMAX
+# include <stdint.h>
+#endif
+#if HAVE_INTTYPES_H_WITH_UINTMAX
+# include <inttypes.h>
+#endif
+static char buf[100];
+int main ()
+{
+ int result = 0;
+#if HAVE_STDINT_H_WITH_UINTMAX || HAVE_INTTYPES_H_WITH_UINTMAX
+ buf[0] = '\0';
+ if (sprintf (buf, "%ju %d", (uintmax_t) 12345671, 33, 44, 55) < 0
+ || strcmp (buf, "12345671 33") != 0)
+ result |= 1;
+#endif
+ buf[0] = '\0';
+ if (sprintf (buf, "%zu %d", (size_t) 12345672, 33, 44, 55) < 0
+ || strcmp (buf, "12345672 33") != 0)
+ result |= 2;
+ buf[0] = '\0';
+ if (sprintf (buf, "%tu %d", (ptrdiff_t) 12345673, 33, 44, 55) < 0
+ || strcmp (buf, "12345673 33") != 0)
+ result |= 4;
+ buf[0] = '\0';
+ if (sprintf (buf, "%Lg %d", (long double) 1.5, 33, 44, 55) < 0
+ || strcmp (buf, "1.5 33") != 0)
+ result |= 8;
+ return result;
+}]])],
+ [gl_cv_func_printf_sizes_c99=yes],
+ [gl_cv_func_printf_sizes_c99=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ # Guess yes on FreeBSD >= 5.
+ freebsd[1-4]*) gl_cv_func_printf_sizes_c99="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ # Guess yes on MacOS X >= 10.3.
+ darwin[1-6].*) gl_cv_func_printf_sizes_c99="guessing no";;
+ darwin*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ # Guess yes on OpenBSD >= 3.9.
+ openbsd[1-2].* | openbsd3.[0-8] | openbsd3.[0-8].*)
+ gl_cv_func_printf_sizes_c99="guessing no";;
+ openbsd*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ # Guess yes on Solaris >= 2.10.
+ solaris2.[1-9][0-9]*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ solaris*) gl_cv_func_printf_sizes_c99="guessing no";;
+ # Guess yes on NetBSD >= 3.
+ netbsd[1-2]* | netbsdelf[1-2]* | netbsdaout[1-2]* | netbsdcoff[1-2]*)
+ gl_cv_func_printf_sizes_c99="guessing no";;
+ netbsd*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_printf_sizes_c99="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports 'long double'
+dnl arguments together with the 'L' size specifier. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_printf_long_double.
+
+AC_DEFUN([gl_PRINTF_LONG_DOUBLE],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports 'long double' arguments],
+ [gl_cv_func_printf_long_double],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[10000];
+int main ()
+{
+ int result = 0;
+ buf[0] = '\0';
+ if (sprintf (buf, "%Lf %d", 1.75L, 33, 44, 55) < 0
+ || strcmp (buf, "1.750000 33") != 0)
+ result |= 1;
+ buf[0] = '\0';
+ if (sprintf (buf, "%Le %d", 1.75L, 33, 44, 55) < 0
+ || strcmp (buf, "1.750000e+00 33") != 0)
+ result |= 2;
+ buf[0] = '\0';
+ if (sprintf (buf, "%Lg %d", 1.75L, 33, 44, 55) < 0
+ || strcmp (buf, "1.75 33") != 0)
+ result |= 4;
+ return result;
+}]])],
+ [gl_cv_func_printf_long_double=yes],
+ [gl_cv_func_printf_long_double=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ beos*) gl_cv_func_printf_long_double="guessing no";;
+ mingw* | pw*) gl_cv_func_printf_long_double="guessing no";;
+ *) gl_cv_func_printf_long_double="guessing yes";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports infinite and NaN
+dnl 'double' arguments and negative zero arguments in the %f, %e, %g
+dnl directives. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_printf_infinite.
+
+AC_DEFUN([gl_PRINTF_INFINITE],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports infinite 'double' arguments],
+ [gl_cv_func_printf_infinite],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static int
+strisnan (const char *string, size_t start_index, size_t end_index)
+{
+ if (start_index < end_index)
+ {
+ if (string[start_index] == '-')
+ start_index++;
+ if (start_index + 3 <= end_index
+ && memcmp (string + start_index, "nan", 3) == 0)
+ {
+ start_index += 3;
+ if (start_index == end_index
+ || (string[start_index] == '(' && string[end_index - 1] == ')'))
+ return 1;
+ }
+ }
+ return 0;
+}
+static int
+have_minus_zero ()
+{
+ static double plus_zero = 0.0;
+ double minus_zero = - plus_zero;
+ return memcmp (&plus_zero, &minus_zero, sizeof (double)) != 0;
+}
+static char buf[10000];
+static double zero = 0.0;
+int main ()
+{
+ int result = 0;
+ if (sprintf (buf, "%f", 1.0 / 0.0) < 0
+ || (strcmp (buf, "inf") != 0 && strcmp (buf, "infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%f", -1.0 / 0.0) < 0
+ || (strcmp (buf, "-inf") != 0 && strcmp (buf, "-infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%f", zero / zero) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 2;
+ if (sprintf (buf, "%e", 1.0 / 0.0) < 0
+ || (strcmp (buf, "inf") != 0 && strcmp (buf, "infinity") != 0))
+ result |= 4;
+ if (sprintf (buf, "%e", -1.0 / 0.0) < 0
+ || (strcmp (buf, "-inf") != 0 && strcmp (buf, "-infinity") != 0))
+ result |= 4;
+ if (sprintf (buf, "%e", zero / zero) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 8;
+ if (sprintf (buf, "%g", 1.0 / 0.0) < 0
+ || (strcmp (buf, "inf") != 0 && strcmp (buf, "infinity") != 0))
+ result |= 16;
+ if (sprintf (buf, "%g", -1.0 / 0.0) < 0
+ || (strcmp (buf, "-inf") != 0 && strcmp (buf, "-infinity") != 0))
+ result |= 16;
+ if (sprintf (buf, "%g", zero / zero) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 32;
+ /* This test fails on HP-UX 10.20. */
+ if (have_minus_zero ())
+ if (sprintf (buf, "%g", - zero) < 0
+ || strcmp (buf, "-0") != 0)
+ result |= 64;
+ return result;
+}]])],
+ [gl_cv_func_printf_infinite=yes],
+ [gl_cv_func_printf_infinite=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_printf_infinite="guessing yes";;
+ # Guess yes on FreeBSD >= 6.
+ freebsd[1-5]*) gl_cv_func_printf_infinite="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_printf_infinite="guessing yes";;
+ # Guess yes on MacOS X >= 10.3.
+ darwin[1-6].*) gl_cv_func_printf_infinite="guessing no";;
+ darwin*) gl_cv_func_printf_infinite="guessing yes";;
+ # Guess yes on HP-UX >= 11.
+ hpux[7-9]* | hpux10*) gl_cv_func_printf_infinite="guessing no";;
+ hpux*) gl_cv_func_printf_infinite="guessing yes";;
+ # Guess yes on NetBSD >= 3.
+ netbsd[1-2]* | netbsdelf[1-2]* | netbsdaout[1-2]* | netbsdcoff[1-2]*)
+ gl_cv_func_printf_infinite="guessing no";;
+ netbsd*) gl_cv_func_printf_infinite="guessing yes";;
+ # Guess yes on BeOS.
+ beos*) gl_cv_func_printf_infinite="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_printf_infinite="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports infinite and NaN
+dnl 'long double' arguments in the %f, %e, %g directives. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_printf_infinite_long_double.
+
+AC_DEFUN([gl_PRINTF_INFINITE_LONG_DOUBLE],
+[
+ AC_REQUIRE([gl_PRINTF_LONG_DOUBLE])
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([gl_BIGENDIAN])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ dnl The user can set or unset the variable gl_printf_safe to indicate
+ dnl that he wishes a safe handling of non-IEEE-754 'long double' values.
+ if test -n "$gl_printf_safe"; then
+ AC_DEFINE([CHECK_PRINTF_SAFE], [1],
+ [Define if you wish *printf() functions that have a safe handling of
+ non-IEEE-754 'long double' values.])
+ fi
+ case "$gl_cv_func_printf_long_double" in
+ *yes)
+ AC_CACHE_CHECK([whether printf supports infinite 'long double' arguments],
+ [gl_cv_func_printf_infinite_long_double],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+]GL_NOCRASH[
+#include <float.h>
+#include <stdio.h>
+#include <string.h>
+static int
+strisnan (const char *string, size_t start_index, size_t end_index)
+{
+ if (start_index < end_index)
+ {
+ if (string[start_index] == '-')
+ start_index++;
+ if (start_index + 3 <= end_index
+ && memcmp (string + start_index, "nan", 3) == 0)
+ {
+ start_index += 3;
+ if (start_index == end_index
+ || (string[start_index] == '(' && string[end_index - 1] == ')'))
+ return 1;
+ }
+ }
+ return 0;
+}
+static char buf[10000];
+static long double zeroL = 0.0L;
+int main ()
+{
+ int result = 0;
+ nocrash_init();
+ if (sprintf (buf, "%Lf", 1.0L / 0.0L) < 0
+ || (strcmp (buf, "inf") != 0 && strcmp (buf, "infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%Lf", -1.0L / 0.0L) < 0
+ || (strcmp (buf, "-inf") != 0 && strcmp (buf, "-infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%Lf", zeroL / zeroL) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 1;
+ if (sprintf (buf, "%Le", 1.0L / 0.0L) < 0
+ || (strcmp (buf, "inf") != 0 && strcmp (buf, "infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%Le", -1.0L / 0.0L) < 0
+ || (strcmp (buf, "-inf") != 0 && strcmp (buf, "-infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%Le", zeroL / zeroL) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 1;
+ if (sprintf (buf, "%Lg", 1.0L / 0.0L) < 0
+ || (strcmp (buf, "inf") != 0 && strcmp (buf, "infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%Lg", -1.0L / 0.0L) < 0
+ || (strcmp (buf, "-inf") != 0 && strcmp (buf, "-infinity") != 0))
+ result |= 1;
+ if (sprintf (buf, "%Lg", zeroL / zeroL) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 1;
+#if CHECK_PRINTF_SAFE && ((defined __ia64 && LDBL_MANT_DIG == 64) || (defined __x86_64__ || defined __amd64__) || (defined __i386 || defined __i386__ || defined _I386 || defined _M_IX86 || defined _X86_))
+/* Representation of an 80-bit 'long double' as an initializer for a sequence
+ of 'unsigned int' words. */
+# ifdef WORDS_BIGENDIAN
+# define LDBL80_WORDS(exponent,manthi,mantlo) \
+ { ((unsigned int) (exponent) << 16) | ((unsigned int) (manthi) >> 16), \
+ ((unsigned int) (manthi) << 16) | (unsigned int) (mantlo) >> 16), \
+ (unsigned int) (mantlo) << 16 \
+ }
+# else
+# define LDBL80_WORDS(exponent,manthi,mantlo) \
+ { mantlo, manthi, exponent }
+# endif
+ { /* Quiet NaN. */
+ static union { unsigned int word[4]; long double value; } x =
+ { LDBL80_WORDS (0xFFFF, 0xC3333333, 0x00000000) };
+ if (sprintf (buf, "%Lf", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 2;
+ if (sprintf (buf, "%Le", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 2;
+ if (sprintf (buf, "%Lg", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 2;
+ }
+ {
+ /* Signalling NaN. */
+ static union { unsigned int word[4]; long double value; } x =
+ { LDBL80_WORDS (0xFFFF, 0x83333333, 0x00000000) };
+ if (sprintf (buf, "%Lf", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 2;
+ if (sprintf (buf, "%Le", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 2;
+ if (sprintf (buf, "%Lg", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 2;
+ }
+ { /* Pseudo-NaN. */
+ static union { unsigned int word[4]; long double value; } x =
+ { LDBL80_WORDS (0xFFFF, 0x40000001, 0x00000000) };
+ if (sprintf (buf, "%Lf", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 4;
+ if (sprintf (buf, "%Le", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 4;
+ if (sprintf (buf, "%Lg", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 4;
+ }
+ { /* Pseudo-Infinity. */
+ static union { unsigned int word[4]; long double value; } x =
+ { LDBL80_WORDS (0xFFFF, 0x00000000, 0x00000000) };
+ if (sprintf (buf, "%Lf", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 8;
+ if (sprintf (buf, "%Le", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 8;
+ if (sprintf (buf, "%Lg", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 8;
+ }
+ { /* Pseudo-Zero. */
+ static union { unsigned int word[4]; long double value; } x =
+ { LDBL80_WORDS (0x4004, 0x00000000, 0x00000000) };
+ if (sprintf (buf, "%Lf", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 16;
+ if (sprintf (buf, "%Le", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 16;
+ if (sprintf (buf, "%Lg", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 16;
+ }
+ { /* Unnormalized number. */
+ static union { unsigned int word[4]; long double value; } x =
+ { LDBL80_WORDS (0x4000, 0x63333333, 0x00000000) };
+ if (sprintf (buf, "%Lf", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 32;
+ if (sprintf (buf, "%Le", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 32;
+ if (sprintf (buf, "%Lg", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 32;
+ }
+ { /* Pseudo-Denormal. */
+ static union { unsigned int word[4]; long double value; } x =
+ { LDBL80_WORDS (0x0000, 0x83333333, 0x00000000) };
+ if (sprintf (buf, "%Lf", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 64;
+ if (sprintf (buf, "%Le", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 64;
+ if (sprintf (buf, "%Lg", x.value) < 0
+ || !strisnan (buf, 0, strlen (buf)))
+ result |= 64;
+ }
+#endif
+ return result;
+}]])],
+ [gl_cv_func_printf_infinite_long_double=yes],
+ [gl_cv_func_printf_infinite_long_double=no],
+ [
+changequote(,)dnl
+ case "$host_cpu" in
+ # Guess no on ia64, x86_64, i386.
+ ia64 | x86_64 | i*86) gl_cv_func_printf_infinite_long_double="guessing no";;
+ *)
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_printf_infinite_long_double="guessing yes";;
+ # Guess yes on FreeBSD >= 6.
+ freebsd[1-5]*) gl_cv_func_printf_infinite_long_double="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_printf_infinite_long_double="guessing yes";;
+ # Guess yes on HP-UX >= 11.
+ hpux[7-9]* | hpux10*) gl_cv_func_printf_infinite_long_double="guessing no";;
+ hpux*) gl_cv_func_printf_infinite_long_double="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_printf_infinite_long_double="guessing no";;
+ esac
+ ;;
+ esac
+changequote([,])dnl
+ ])
+ ])
+ ;;
+ *)
+ gl_cv_func_printf_infinite_long_double="irrelevant"
+ ;;
+ esac
+])
+
+dnl Test whether the *printf family of functions supports the 'a' and 'A'
+dnl conversion specifier for hexadecimal output of floating-point numbers.
+dnl (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_printf_directive_a.
+
+AC_DEFUN([gl_PRINTF_DIRECTIVE_A],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports the 'a' and 'A' directives],
+ [gl_cv_func_printf_directive_a],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[100];
+int main ()
+{
+ int result = 0;
+ if (sprintf (buf, "%a %d", 3.1416015625, 33, 44, 55) < 0
+ || (strcmp (buf, "0x1.922p+1 33") != 0
+ && strcmp (buf, "0x3.244p+0 33") != 0
+ && strcmp (buf, "0x6.488p-1 33") != 0
+ && strcmp (buf, "0xc.91p-2 33") != 0))
+ result |= 1;
+ if (sprintf (buf, "%A %d", -3.1416015625, 33, 44, 55) < 0
+ || (strcmp (buf, "-0X1.922P+1 33") != 0
+ && strcmp (buf, "-0X3.244P+0 33") != 0
+ && strcmp (buf, "-0X6.488P-1 33") != 0
+ && strcmp (buf, "-0XC.91P-2 33") != 0))
+ result |= 2;
+ /* This catches a FreeBSD 6.1 bug: it doesn't round. */
+ if (sprintf (buf, "%.2a %d", 1.51, 33, 44, 55) < 0
+ || (strcmp (buf, "0x1.83p+0 33") != 0
+ && strcmp (buf, "0x3.05p-1 33") != 0
+ && strcmp (buf, "0x6.0ap-2 33") != 0
+ && strcmp (buf, "0xc.14p-3 33") != 0))
+ result |= 4;
+ /* This catches a FreeBSD 6.1 bug. See
+ <http://lists.gnu.org/archive/html/bug-gnulib/2007-04/msg00107.html> */
+ if (sprintf (buf, "%010a %d", 1.0 / 0.0, 33, 44, 55) < 0
+ || buf[0] == '0')
+ result |= 8;
+ /* This catches a MacOS X 10.3.9 (Darwin 7.9) bug. */
+ if (sprintf (buf, "%.1a", 1.999) < 0
+ || (strcmp (buf, "0x1.0p+1") != 0
+ && strcmp (buf, "0x2.0p+0") != 0
+ && strcmp (buf, "0x4.0p-1") != 0
+ && strcmp (buf, "0x8.0p-2") != 0))
+ result |= 16;
+ /* This catches the same MacOS X 10.3.9 (Darwin 7.9) bug and also a
+ glibc 2.4 bug <http://sourceware.org/bugzilla/show_bug.cgi?id=2908>. */
+ if (sprintf (buf, "%.1La", 1.999L) < 0
+ || (strcmp (buf, "0x1.0p+1") != 0
+ && strcmp (buf, "0x2.0p+0") != 0
+ && strcmp (buf, "0x4.0p-1") != 0
+ && strcmp (buf, "0x8.0p-2") != 0))
+ result |= 32;
+ return result;
+}]])],
+ [gl_cv_func_printf_directive_a=yes],
+ [gl_cv_func_printf_directive_a=no],
+ [
+ case "$host_os" in
+ # Guess yes on glibc >= 2.5 systems.
+ *-gnu*)
+ AC_EGREP_CPP([BZ2908], [
+ #include <features.h>
+ #ifdef __GNU_LIBRARY__
+ #if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 5) || (__GLIBC__ > 2)) && !defined __UCLIBC__
+ BZ2908
+ #endif
+ #endif
+ ],
+ [gl_cv_func_printf_directive_a="guessing yes"],
+ [gl_cv_func_printf_directive_a="guessing no"])
+ ;;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_printf_directive_a="guessing no";;
+ esac
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports the %F format
+dnl directive. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_printf_directive_f.
+
+AC_DEFUN([gl_PRINTF_DIRECTIVE_F],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports the 'F' directive],
+ [gl_cv_func_printf_directive_f],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[100];
+int main ()
+{
+ int result = 0;
+ if (sprintf (buf, "%F %d", 1234567.0, 33, 44, 55) < 0
+ || strcmp (buf, "1234567.000000 33") != 0)
+ result |= 1;
+ if (sprintf (buf, "%F", 1.0 / 0.0) < 0
+ || (strcmp (buf, "INF") != 0 && strcmp (buf, "INFINITY") != 0))
+ result |= 2;
+ /* This catches a Cygwin 1.5.x bug. */
+ if (sprintf (buf, "%.F", 1234.0) < 0
+ || strcmp (buf, "1234") != 0)
+ result |= 4;
+ return result;
+}]])],
+ [gl_cv_func_printf_directive_f=yes],
+ [gl_cv_func_printf_directive_f=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_printf_directive_f="guessing yes";;
+ # Guess yes on FreeBSD >= 6.
+ freebsd[1-5]*) gl_cv_func_printf_directive_f="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_printf_directive_f="guessing yes";;
+ # Guess yes on MacOS X >= 10.3.
+ darwin[1-6].*) gl_cv_func_printf_directive_f="guessing no";;
+ darwin*) gl_cv_func_printf_directive_f="guessing yes";;
+ # Guess yes on Solaris >= 2.10.
+ solaris2.[1-9][0-9]*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ solaris*) gl_cv_func_printf_sizes_c99="guessing no";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_printf_directive_f="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports the %n format
+dnl directive. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_printf_directive_n.
+
+AC_DEFUN([gl_PRINTF_DIRECTIVE_N],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports the 'n' directive],
+ [gl_cv_func_printf_directive_n],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char fmtstring[10];
+static char buf[100];
+int main ()
+{
+ int count = -1;
+ /* Copy the format string. Some systems (glibc with _FORTIFY_SOURCE=2)
+ support %n in format strings in read-only memory but not in writable
+ memory. */
+ strcpy (fmtstring, "%d %n");
+ if (sprintf (buf, fmtstring, 123, &count, 33, 44, 55) < 0
+ || strcmp (buf, "123 ") != 0
+ || count != 4)
+ return 1;
+ return 0;
+}]])],
+ [gl_cv_func_printf_directive_n=yes],
+ [gl_cv_func_printf_directive_n=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ *) gl_cv_func_printf_directive_n="guessing yes";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports the %ls format
+dnl directive and in particular, when a precision is specified, whether
+dnl the functions stop converting the wide string argument when the number
+dnl of bytes that have been produced by this conversion equals or exceeds
+dnl the precision.
+dnl Result is gl_cv_func_printf_directive_ls.
+
+AC_DEFUN([gl_PRINTF_DIRECTIVE_LS],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports the 'ls' directive],
+ [gl_cv_func_printf_directive_ls],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+/* Tru64 with Desktop Toolkit C has a bug: <stdio.h> must be included before
+ <wchar.h>.
+ BSD/OS 4.0.1 has a bug: <stddef.h>, <stdio.h> and <time.h> must be
+ included before <wchar.h>. */
+#include <stddef.h>
+#include <stdio.h>
+#include <time.h>
+#include <wchar.h>
+#include <string.h>
+int main ()
+{
+ int result = 0;
+ char buf[100];
+ /* Test whether %ls works at all.
+ This test fails on OpenBSD 4.0, IRIX 6.5, Solaris 2.6, Haiku, but not on
+ Cygwin 1.5. */
+ {
+ static const wchar_t wstring[] = { 'a', 'b', 'c', 0 };
+ buf[0] = '\0';
+ if (sprintf (buf, "%ls", wstring) < 0
+ || strcmp (buf, "abc") != 0)
+ result |= 1;
+ }
+ /* This test fails on IRIX 6.5, Solaris 2.6, Cygwin 1.5, Haiku (with an
+ assertion failure inside libc), but not on OpenBSD 4.0. */
+ {
+ static const wchar_t wstring[] = { 'a', 0 };
+ buf[0] = '\0';
+ if (sprintf (buf, "%ls", wstring) < 0
+ || strcmp (buf, "a") != 0)
+ result |= 2;
+ }
+ /* Test whether precisions in %ls are supported as specified in ISO C 99
+ section 7.19.6.1:
+ "If a precision is specified, no more than that many bytes are written
+ (including shift sequences, if any), and the array shall contain a
+ null wide character if, to equal the multibyte character sequence
+ length given by the precision, the function would need to access a
+ wide character one past the end of the array."
+ This test fails on Solaris 10. */
+ {
+ static const wchar_t wstring[] = { 'a', 'b', (wchar_t) 0xfdfdfdfd, 0 };
+ buf[0] = '\0';
+ if (sprintf (buf, "%.2ls", wstring) < 0
+ || strcmp (buf, "ab") != 0)
+ result |= 8;
+ }
+ return result;
+}]])],
+ [gl_cv_func_printf_directive_ls=yes],
+ [gl_cv_func_printf_directive_ls=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ openbsd*) gl_cv_func_printf_directive_ls="guessing no";;
+ irix*) gl_cv_func_printf_directive_ls="guessing no";;
+ solaris*) gl_cv_func_printf_directive_ls="guessing no";;
+ cygwin*) gl_cv_func_printf_directive_ls="guessing no";;
+ beos* | haiku*) gl_cv_func_printf_directive_ls="guessing no";;
+ *) gl_cv_func_printf_directive_ls="guessing yes";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports POSIX/XSI format
+dnl strings with positions. (POSIX:2001)
+dnl Result is gl_cv_func_printf_positions.
+
+AC_DEFUN([gl_PRINTF_POSITIONS],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports POSIX/XSI format strings with positions],
+ [gl_cv_func_printf_positions],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+/* The string "%2$d %1$d", with dollar characters protected from the shell's
+ dollar expansion (possibly an autoconf bug). */
+static char format[] = { '%', '2', '$', 'd', ' ', '%', '1', '$', 'd', '\0' };
+static char buf[100];
+int main ()
+{
+ sprintf (buf, format, 33, 55);
+ return (strcmp (buf, "55 33") != 0);
+}]])],
+ [gl_cv_func_printf_positions=yes],
+ [gl_cv_func_printf_positions=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ netbsd[1-3]* | netbsdelf[1-3]* | netbsdaout[1-3]* | netbsdcoff[1-3]*)
+ gl_cv_func_printf_positions="guessing no";;
+ beos*) gl_cv_func_printf_positions="guessing no";;
+ mingw* | pw*) gl_cv_func_printf_positions="guessing no";;
+ *) gl_cv_func_printf_positions="guessing yes";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports POSIX/XSI format
+dnl strings with the ' flag for grouping of decimal digits. (POSIX:2001)
+dnl Result is gl_cv_func_printf_flag_grouping.
+
+AC_DEFUN([gl_PRINTF_FLAG_GROUPING],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports the grouping flag],
+ [gl_cv_func_printf_flag_grouping],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[100];
+int main ()
+{
+ if (sprintf (buf, "%'d %d", 1234567, 99) < 0
+ || buf[strlen (buf) - 1] != '9')
+ return 1;
+ return 0;
+}]])],
+ [gl_cv_func_printf_flag_grouping=yes],
+ [gl_cv_func_printf_flag_grouping=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ cygwin*) gl_cv_func_printf_flag_grouping="guessing no";;
+ netbsd*) gl_cv_func_printf_flag_grouping="guessing no";;
+ mingw* | pw*) gl_cv_func_printf_flag_grouping="guessing no";;
+ *) gl_cv_func_printf_flag_grouping="guessing yes";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports the - flag correctly.
+dnl (ISO C99.) See
+dnl <http://lists.gnu.org/archive/html/bug-coreutils/2008-02/msg00035.html>
+dnl Result is gl_cv_func_printf_flag_leftadjust.
+
+AC_DEFUN([gl_PRINTF_FLAG_LEFTADJUST],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports the left-adjust flag correctly],
+ [gl_cv_func_printf_flag_leftadjust],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[100];
+int main ()
+{
+ /* Check that a '-' flag is not annihilated by a negative width. */
+ if (sprintf (buf, "a%-*sc", -3, "b") < 0
+ || strcmp (buf, "ab c") != 0)
+ return 1;
+ return 0;
+}]])],
+ [gl_cv_func_printf_flag_leftadjust=yes],
+ [gl_cv_func_printf_flag_leftadjust=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on HP-UX 11.
+ hpux11*) gl_cv_func_printf_flag_leftadjust="guessing yes";;
+ # Guess no on HP-UX 10 and older.
+ hpux*) gl_cv_func_printf_flag_leftadjust="guessing no";;
+ # Guess yes otherwise.
+ *) gl_cv_func_printf_flag_leftadjust="guessing yes";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports padding of non-finite
+dnl values with the 0 flag correctly. (ISO C99 + TC1 + TC2.) See
+dnl <http://lists.gnu.org/archive/html/bug-gnulib/2007-04/msg00107.html>
+dnl Result is gl_cv_func_printf_flag_zero.
+
+AC_DEFUN([gl_PRINTF_FLAG_ZERO],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports the zero flag correctly],
+ [gl_cv_func_printf_flag_zero],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[100];
+int main ()
+{
+ if (sprintf (buf, "%010f", 1.0 / 0.0, 33, 44, 55) < 0
+ || (strcmp (buf, " inf") != 0
+ && strcmp (buf, " infinity") != 0))
+ return 1;
+ return 0;
+}]])],
+ [gl_cv_func_printf_flag_zero=yes],
+ [gl_cv_func_printf_flag_zero=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_printf_flag_zero="guessing yes";;
+ # Guess yes on BeOS.
+ beos*) gl_cv_func_printf_flag_zero="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_printf_flag_zero="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions supports large precisions.
+dnl On mingw, precisions larger than 512 are treated like 512, in integer,
+dnl floating-point or pointer output. On Solaris 10/x86, precisions larger
+dnl than 510 in floating-point output crash the program. On Solaris 10/SPARC,
+dnl precisions larger than 510 in floating-point output yield wrong results.
+dnl On BeOS, precisions larger than 1044 crash the program.
+dnl Result is gl_cv_func_printf_precision.
+
+AC_DEFUN([gl_PRINTF_PRECISION],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf supports large precisions],
+ [gl_cv_func_printf_precision],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[5000];
+int main ()
+{
+ int result = 0;
+#ifdef __BEOS__
+ /* On BeOS, this would crash and show a dialog box. Avoid the crash. */
+ return 1;
+#endif
+ if (sprintf (buf, "%.4000d %d", 1, 33, 44) < 4000 + 3)
+ result |= 1;
+ if (sprintf (buf, "%.4000f %d", 1.0, 33, 44) < 4000 + 5)
+ result |= 2;
+ if (sprintf (buf, "%.511f %d", 1.0, 33, 44) < 511 + 5
+ || buf[0] != '1')
+ result |= 4;
+ return result;
+}]])],
+ [gl_cv_func_printf_precision=yes],
+ [gl_cv_func_printf_precision=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess no only on Solaris, native Win32, and BeOS systems.
+ solaris*) gl_cv_func_printf_precision="guessing no" ;;
+ mingw* | pw*) gl_cv_func_printf_precision="guessing no" ;;
+ beos*) gl_cv_func_printf_precision="guessing no" ;;
+ *) gl_cv_func_printf_precision="guessing yes" ;;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the *printf family of functions recovers gracefully in case
+dnl of an out-of-memory condition, or whether it crashes the entire program.
+dnl Result is gl_cv_func_printf_enomem.
+
+AC_DEFUN([gl_PRINTF_ENOMEM],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([gl_MULTIARCH])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether printf survives out-of-memory conditions],
+ [gl_cv_func_printf_enomem],
+ [
+ gl_cv_func_printf_enomem="guessing no"
+ if test "$cross_compiling" = no; then
+ if test $APPLE_UNIVERSAL_BUILD = 0; then
+ AC_LANG_CONFTEST([AC_LANG_SOURCE([
+]GL_NOCRASH[
+changequote(,)dnl
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <errno.h>
+int main()
+{
+ struct rlimit limit;
+ int ret;
+ nocrash_init ();
+ /* Some printf implementations allocate temporary space with malloc. */
+ /* On BSD systems, malloc() is limited by RLIMIT_DATA. */
+#ifdef RLIMIT_DATA
+ if (getrlimit (RLIMIT_DATA, &limit) < 0)
+ return 77;
+ if (limit.rlim_max == RLIM_INFINITY || limit.rlim_max > 5000000)
+ limit.rlim_max = 5000000;
+ limit.rlim_cur = limit.rlim_max;
+ if (setrlimit (RLIMIT_DATA, &limit) < 0)
+ return 77;
+#endif
+ /* On Linux systems, malloc() is limited by RLIMIT_AS. */
+#ifdef RLIMIT_AS
+ if (getrlimit (RLIMIT_AS, &limit) < 0)
+ return 77;
+ if (limit.rlim_max == RLIM_INFINITY || limit.rlim_max > 5000000)
+ limit.rlim_max = 5000000;
+ limit.rlim_cur = limit.rlim_max;
+ if (setrlimit (RLIMIT_AS, &limit) < 0)
+ return 77;
+#endif
+ /* Some printf implementations allocate temporary space on the stack. */
+#ifdef RLIMIT_STACK
+ if (getrlimit (RLIMIT_STACK, &limit) < 0)
+ return 77;
+ if (limit.rlim_max == RLIM_INFINITY || limit.rlim_max > 5000000)
+ limit.rlim_max = 5000000;
+ limit.rlim_cur = limit.rlim_max;
+ if (setrlimit (RLIMIT_STACK, &limit) < 0)
+ return 77;
+#endif
+ ret = printf ("%.5000000f", 1.0);
+ return !(ret == 5000002 || (ret < 0 && errno == ENOMEM));
+}
+changequote([,])dnl
+ ])])
+ if AC_TRY_EVAL([ac_link]) && test -s conftest$ac_exeext; then
+ (./conftest
+ result=$?
+ if test $result != 0 && test $result != 77; then result=1; fi
+ exit $result
+ ) >/dev/null 2>/dev/null
+ case $? in
+ 0) gl_cv_func_printf_enomem="yes" ;;
+ 77) gl_cv_func_printf_enomem="guessing no" ;;
+ *) gl_cv_func_printf_enomem="no" ;;
+ esac
+ else
+ gl_cv_func_printf_enomem="guessing no"
+ fi
+ rm -fr conftest*
+ else
+ dnl A universal build on Apple MacOS X platforms.
+ dnl The result would be 'no' in 32-bit mode and 'yes' in 64-bit mode.
+ dnl But we need a configuration result that is valid in both modes.
+ gl_cv_func_printf_enomem="guessing no"
+ fi
+ fi
+ if test "$gl_cv_func_printf_enomem" = "guessing no"; then
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_printf_enomem="guessing yes";;
+ # Guess yes on Solaris.
+ solaris*) gl_cv_func_printf_enomem="guessing yes";;
+ # Guess yes on AIX.
+ aix*) gl_cv_func_printf_enomem="guessing yes";;
+ # Guess yes on HP-UX/hppa.
+ hpux*) case "$host_cpu" in
+ hppa*) gl_cv_func_printf_enomem="guessing yes";;
+ *) gl_cv_func_printf_enomem="guessing no";;
+ esac
+ ;;
+ # Guess yes on IRIX.
+ irix*) gl_cv_func_printf_enomem="guessing yes";;
+ # Guess yes on OSF/1.
+ osf*) gl_cv_func_printf_enomem="guessing yes";;
+ # Guess yes on BeOS.
+ beos*) gl_cv_func_printf_enomem="guessing yes";;
+ # Guess yes on Haiku.
+ haiku*) gl_cv_func_printf_enomem="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_printf_enomem="guessing no";;
+ esac
+changequote([,])dnl
+ fi
+ ])
+])
+
+dnl Test whether the snprintf function exists. (ISO C99, POSIX:2001)
+dnl Result is ac_cv_func_snprintf.
+
+AC_DEFUN([gl_SNPRINTF_PRESENCE],
+[
+ AC_CHECK_FUNCS_ONCE([snprintf])
+])
+
+dnl Test whether the string produced by the snprintf function is always NUL
+dnl terminated. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_snprintf_truncation_c99.
+
+AC_DEFUN([gl_SNPRINTF_TRUNCATION_C99],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether snprintf truncates the result as in C99],
+ [gl_cv_func_snprintf_truncation_c99],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[100];
+int main ()
+{
+ strcpy (buf, "ABCDEF");
+ snprintf (buf, 3, "%d %d", 4567, 89);
+ if (memcmp (buf, "45\0DEF", 6) != 0)
+ return 1;
+ return 0;
+}]])],
+ [gl_cv_func_snprintf_truncation_c99=yes],
+ [gl_cv_func_snprintf_truncation_c99=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on FreeBSD >= 5.
+ freebsd[1-4]*) gl_cv_func_snprintf_truncation_c99="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on MacOS X >= 10.3.
+ darwin[1-6].*) gl_cv_func_snprintf_truncation_c99="guessing no";;
+ darwin*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on OpenBSD >= 3.9.
+ openbsd[1-2].* | openbsd3.[0-8] | openbsd3.[0-8].*)
+ gl_cv_func_snprintf_truncation_c99="guessing no";;
+ openbsd*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on Solaris >= 2.6.
+ solaris2.[0-5] | solaris2.[0-5].*)
+ gl_cv_func_snprintf_truncation_c99="guessing no";;
+ solaris*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on AIX >= 4.
+ aix[1-3]*) gl_cv_func_snprintf_truncation_c99="guessing no";;
+ aix*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on HP-UX >= 11.
+ hpux[7-9]* | hpux10*) gl_cv_func_snprintf_truncation_c99="guessing no";;
+ hpux*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on IRIX >= 6.5.
+ irix6.5) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on OSF/1 >= 5.
+ osf[3-4]*) gl_cv_func_snprintf_truncation_c99="guessing no";;
+ osf*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on NetBSD >= 3.
+ netbsd[1-2]* | netbsdelf[1-2]* | netbsdaout[1-2]* | netbsdcoff[1-2]*)
+ gl_cv_func_snprintf_truncation_c99="guessing no";;
+ netbsd*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # Guess yes on BeOS.
+ beos*) gl_cv_func_snprintf_truncation_c99="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_snprintf_truncation_c99="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the return value of the snprintf function is the number
+dnl of bytes (excluding the terminating NUL) that would have been produced
+dnl if the buffer had been large enough. (ISO C99, POSIX:2001)
+dnl For example, this test program fails on IRIX 6.5:
+dnl ---------------------------------------------------------------------
+dnl #include <stdio.h>
+dnl int main()
+dnl {
+dnl static char buf[8];
+dnl int retval = snprintf (buf, 3, "%d", 12345);
+dnl return retval >= 0 && retval < 3;
+dnl }
+dnl ---------------------------------------------------------------------
+dnl Result is gl_cv_func_snprintf_retval_c99.
+
+AC_DEFUN_ONCE([gl_SNPRINTF_RETVAL_C99],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether snprintf returns a byte count as in C99],
+ [gl_cv_func_snprintf_retval_c99],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char buf[100];
+int main ()
+{
+ strcpy (buf, "ABCDEF");
+ if (snprintf (buf, 3, "%d %d", 4567, 89) != 7)
+ return 1;
+ if (snprintf (buf, 0, "%d %d", 4567, 89) != 7)
+ return 2;
+ if (snprintf (NULL, 0, "%d %d", 4567, 89) != 7)
+ return 3;
+ return 0;
+}]])],
+ [gl_cv_func_snprintf_retval_c99=yes],
+ [gl_cv_func_snprintf_retval_c99=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_snprintf_retval_c99="guessing yes";;
+ # Guess yes on FreeBSD >= 5.
+ freebsd[1-4]*) gl_cv_func_snprintf_retval_c99="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_snprintf_retval_c99="guessing yes";;
+ # Guess yes on MacOS X >= 10.3.
+ darwin[1-6].*) gl_cv_func_snprintf_retval_c99="guessing no";;
+ darwin*) gl_cv_func_snprintf_retval_c99="guessing yes";;
+ # Guess yes on OpenBSD >= 3.9.
+ openbsd[1-2].* | openbsd3.[0-8] | openbsd3.[0-8].*)
+ gl_cv_func_snprintf_retval_c99="guessing no";;
+ openbsd*) gl_cv_func_snprintf_retval_c99="guessing yes";;
+ # Guess yes on Solaris >= 2.10.
+ solaris2.[1-9][0-9]*) gl_cv_func_printf_sizes_c99="guessing yes";;
+ solaris*) gl_cv_func_printf_sizes_c99="guessing no";;
+ # Guess yes on AIX >= 4.
+ aix[1-3]*) gl_cv_func_snprintf_retval_c99="guessing no";;
+ aix*) gl_cv_func_snprintf_retval_c99="guessing yes";;
+ # Guess yes on NetBSD >= 3.
+ netbsd[1-2]* | netbsdelf[1-2]* | netbsdaout[1-2]* | netbsdcoff[1-2]*)
+ gl_cv_func_snprintf_retval_c99="guessing no";;
+ netbsd*) gl_cv_func_snprintf_retval_c99="guessing yes";;
+ # Guess yes on BeOS.
+ beos*) gl_cv_func_snprintf_retval_c99="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_snprintf_retval_c99="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the snprintf function supports the %n format directive
+dnl also in truncated portions of the format string. (ISO C99, POSIX:2001)
+dnl Result is gl_cv_func_snprintf_directive_n.
+
+AC_DEFUN([gl_SNPRINTF_DIRECTIVE_N],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether snprintf fully supports the 'n' directive],
+ [gl_cv_func_snprintf_directive_n],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+#include <string.h>
+static char fmtstring[10];
+static char buf[100];
+int main ()
+{
+ int count = -1;
+ /* Copy the format string. Some systems (glibc with _FORTIFY_SOURCE=2)
+ support %n in format strings in read-only memory but not in writable
+ memory. */
+ strcpy (fmtstring, "%d %n");
+ snprintf (buf, 4, fmtstring, 12345, &count, 33, 44, 55);
+ if (count != 6)
+ return 1;
+ return 0;
+}]])],
+ [gl_cv_func_snprintf_directive_n=yes],
+ [gl_cv_func_snprintf_directive_n=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on FreeBSD >= 5.
+ freebsd[1-4]*) gl_cv_func_snprintf_directive_n="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on MacOS X >= 10.3.
+ darwin[1-6].*) gl_cv_func_snprintf_directive_n="guessing no";;
+ darwin*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on Solaris >= 2.6.
+ solaris2.[0-5] | solaris2.[0-5].*)
+ gl_cv_func_snprintf_directive_n="guessing no";;
+ solaris*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on AIX >= 4.
+ aix[1-3]*) gl_cv_func_snprintf_directive_n="guessing no";;
+ aix*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on IRIX >= 6.5.
+ irix6.5) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on OSF/1 >= 5.
+ osf[3-4]*) gl_cv_func_snprintf_directive_n="guessing no";;
+ osf*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on NetBSD >= 3.
+ netbsd[1-2]* | netbsdelf[1-2]* | netbsdaout[1-2]* | netbsdcoff[1-2]*)
+ gl_cv_func_snprintf_directive_n="guessing no";;
+ netbsd*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # Guess yes on BeOS.
+ beos*) gl_cv_func_snprintf_directive_n="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_snprintf_directive_n="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl Test whether the snprintf function, when passed a size = 1, writes any
+dnl output without bounds in this case, behaving like sprintf. This is the
+dnl case on Linux libc5.
+dnl Result is gl_cv_func_snprintf_size1.
+
+AC_DEFUN([gl_SNPRINTF_SIZE1],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_CACHE_CHECK([whether snprintf respects a size of 1],
+ [gl_cv_func_snprintf_size1],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdio.h>
+int main()
+{
+ static char buf[8] = { 'D', 'E', 'A', 'D', 'B', 'E', 'E', 'F' };
+ snprintf (buf, 1, "%d", 12345);
+ return buf[1] != 'E';
+}]])],
+ [gl_cv_func_snprintf_size1=yes],
+ [gl_cv_func_snprintf_size1=no],
+ [gl_cv_func_snprintf_size1="guessing yes"])
+ ])
+])
+
+dnl Test whether the vsnprintf function, when passed a zero size, produces no
+dnl output. (ISO C99, POSIX:2001)
+dnl For example, snprintf nevertheless writes a NUL byte in this case
+dnl on OSF/1 5.1:
+dnl ---------------------------------------------------------------------
+dnl #include <stdio.h>
+dnl int main()
+dnl {
+dnl static char buf[8] = { 'D', 'E', 'A', 'D', 'B', 'E', 'E', 'F' };
+dnl snprintf (buf, 0, "%d", 12345);
+dnl return buf[0] != 'D';
+dnl }
+dnl ---------------------------------------------------------------------
+dnl And vsnprintf writes any output without bounds in this case, behaving like
+dnl vsprintf, on HP-UX 11 and OSF/1 5.1:
+dnl ---------------------------------------------------------------------
+dnl #include <stdarg.h>
+dnl #include <stdio.h>
+dnl static int my_snprintf (char *buf, int size, const char *format, ...)
+dnl {
+dnl va_list args;
+dnl int ret;
+dnl va_start (args, format);
+dnl ret = vsnprintf (buf, size, format, args);
+dnl va_end (args);
+dnl return ret;
+dnl }
+dnl int main()
+dnl {
+dnl static char buf[8] = { 'D', 'E', 'A', 'D', 'B', 'E', 'E', 'F' };
+dnl my_snprintf (buf, 0, "%d", 12345);
+dnl return buf[0] != 'D';
+dnl }
+dnl ---------------------------------------------------------------------
+dnl Result is gl_cv_func_vsnprintf_zerosize_c99.
+
+AC_DEFUN([gl_VSNPRINTF_ZEROSIZE_C99],
+[
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+ AC_CACHE_CHECK([whether vsnprintf respects a zero size as in C99],
+ [gl_cv_func_vsnprintf_zerosize_c99],
+ [
+ AC_RUN_IFELSE(
+ [AC_LANG_SOURCE([[
+#include <stdarg.h>
+#include <stdio.h>
+static int my_snprintf (char *buf, int size, const char *format, ...)
+{
+ va_list args;
+ int ret;
+ va_start (args, format);
+ ret = vsnprintf (buf, size, format, args);
+ va_end (args);
+ return ret;
+}
+int main()
+{
+ static char buf[8] = { 'D', 'E', 'A', 'D', 'B', 'E', 'E', 'F' };
+ my_snprintf (buf, 0, "%d", 12345);
+ return buf[0] != 'D';
+}]])],
+ [gl_cv_func_vsnprintf_zerosize_c99=yes],
+ [gl_cv_func_vsnprintf_zerosize_c99=no],
+ [
+changequote(,)dnl
+ case "$host_os" in
+ # Guess yes on glibc systems.
+ *-gnu*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on FreeBSD >= 5.
+ freebsd[1-4]*) gl_cv_func_vsnprintf_zerosize_c99="guessing no";;
+ freebsd* | kfreebsd*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on MacOS X >= 10.3.
+ darwin[1-6].*) gl_cv_func_vsnprintf_zerosize_c99="guessing no";;
+ darwin*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on Cygwin.
+ cygwin*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on Solaris >= 2.6.
+ solaris2.[0-5] | solaris2.[0-5].*)
+ gl_cv_func_vsnprintf_zerosize_c99="guessing no";;
+ solaris*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on AIX >= 4.
+ aix[1-3]*) gl_cv_func_vsnprintf_zerosize_c99="guessing no";;
+ aix*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on IRIX >= 6.5.
+ irix6.5) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on NetBSD >= 3.
+ netbsd[1-2]* | netbsdelf[1-2]* | netbsdaout[1-2]* | netbsdcoff[1-2]*)
+ gl_cv_func_vsnprintf_zerosize_c99="guessing no";;
+ netbsd*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on BeOS.
+ beos*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # Guess yes on mingw.
+ mingw* | pw*) gl_cv_func_vsnprintf_zerosize_c99="guessing yes";;
+ # If we don't know, assume the worst.
+ *) gl_cv_func_vsnprintf_zerosize_c99="guessing no";;
+ esac
+changequote([,])dnl
+ ])
+ ])
+])
+
+dnl The results of these tests on various platforms are:
+dnl
+dnl 1 = gl_PRINTF_SIZES_C99
+dnl 2 = gl_PRINTF_LONG_DOUBLE
+dnl 3 = gl_PRINTF_INFINITE
+dnl 4 = gl_PRINTF_INFINITE_LONG_DOUBLE
+dnl 5 = gl_PRINTF_DIRECTIVE_A
+dnl 6 = gl_PRINTF_DIRECTIVE_F
+dnl 7 = gl_PRINTF_DIRECTIVE_N
+dnl 8 = gl_PRINTF_DIRECTIVE_LS
+dnl 9 = gl_PRINTF_POSITIONS
+dnl 10 = gl_PRINTF_FLAG_GROUPING
+dnl 11 = gl_PRINTF_FLAG_LEFTADJUST
+dnl 12 = gl_PRINTF_FLAG_ZERO
+dnl 13 = gl_PRINTF_PRECISION
+dnl 14 = gl_PRINTF_ENOMEM
+dnl 15 = gl_SNPRINTF_PRESENCE
+dnl 16 = gl_SNPRINTF_TRUNCATION_C99
+dnl 17 = gl_SNPRINTF_RETVAL_C99
+dnl 18 = gl_SNPRINTF_DIRECTIVE_N
+dnl 19 = gl_SNPRINTF_SIZE1
+dnl 20 = gl_VSNPRINTF_ZEROSIZE_C99
+dnl
+dnl 1 = checking whether printf supports size specifiers as in C99...
+dnl 2 = checking whether printf supports 'long double' arguments...
+dnl 3 = checking whether printf supports infinite 'double' arguments...
+dnl 4 = checking whether printf supports infinite 'long double' arguments...
+dnl 5 = checking whether printf supports the 'a' and 'A' directives...
+dnl 6 = checking whether printf supports the 'F' directive...
+dnl 7 = checking whether printf supports the 'n' directive...
+dnl 8 = checking whether printf supports the 'ls' directive...
+dnl 9 = checking whether printf supports POSIX/XSI format strings with positions...
+dnl 10 = checking whether printf supports the grouping flag...
+dnl 11 = checking whether printf supports the left-adjust flag correctly...
+dnl 12 = checking whether printf supports the zero flag correctly...
+dnl 13 = checking whether printf supports large precisions...
+dnl 14 = checking whether printf survives out-of-memory conditions...
+dnl 15 = checking for snprintf...
+dnl 16 = checking whether snprintf truncates the result as in C99...
+dnl 17 = checking whether snprintf returns a byte count as in C99...
+dnl 18 = checking whether snprintf fully supports the 'n' directive...
+dnl 19 = checking whether snprintf respects a size of 1...
+dnl 20 = checking whether vsnprintf respects a zero size as in C99...
+dnl
+dnl . = yes, # = no.
+dnl
+dnl 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
+dnl glibc 2.5 . . . . . . . . . . . . . . . . . . . .
+dnl glibc 2.3.6 . . . . # . . . . . . . . . . . . . . .
+dnl FreeBSD 5.4, 6.1 . . . . # . . . . . . # . # . . . . . .
+dnl MacOS X 10.5.8 . . . # # . . . . . . # . . . . . . . .
+dnl MacOS X 10.3.9 . . . . # . . . . . . # . # . . . . . .
+dnl OpenBSD 3.9, 4.0 . . # # # # . # . # . # . # . . . . . .
+dnl Cygwin 1.7.0 (2009) . . . # . . . ? . . . . . ? . . . . . .
+dnl Cygwin 1.5.25 (2008) . . . # # . . # . . . . . # . . . . . .
+dnl Cygwin 1.5.19 (2006) # . . # # # . # . # . # # # . . . . . .
+dnl Solaris 11 2010-11 . . # # # . . # . . . # . . . . . . . .
+dnl Solaris 10 . . # # # . . # . . . # # . . . . . . .
+dnl Solaris 2.6 ... 9 # . # # # # . # . . . # # . . . # . . .
+dnl Solaris 2.5.1 # . # # # # . # . . . # . . # # # # # #
+dnl AIX 5.2, 7.1 . . # # # . . . . . . # . . . . . . . .
+dnl AIX 4.3.2, 5.1 # . # # # # . . . . . # . . . . # . . .
+dnl HP-UX 11.31 . . . . # . . . . . . # . . . . # # . .
+dnl HP-UX 11.{00,11,23} # . . . # # . . . . . # . . . . # # . #
+dnl HP-UX 10.20 # . # . # # . ? . . # # . . . . # # ? #
+dnl IRIX 6.5 # . # # # # . # . . . # . . . . # . . .
+dnl OSF/1 5.1 # . # # # # . . . . . # . . . . # . . #
+dnl OSF/1 4.0d # . # # # # . . . . . # . . # # # # # #
+dnl NetBSD 5.0 . . . # # . . . . . . # . # . . . . . .
+dnl NetBSD 4.0 . ? ? ? ? ? . ? . ? ? ? ? ? . . . ? ? ?
+dnl NetBSD 3.0 . . . . # # . ? # # ? # . # . . . . . .
+dnl Haiku . . . # # # . # . . . . . ? . . ? . . .
+dnl BeOS # # . # # # . ? # . ? . # ? . . ? . . .
+dnl mingw # # # # # # . . # # . # # ? . # # # . .
--- /dev/null
+# read-file.m4 serial 2
+dnl Copyright (C) 2002-2006, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_READ_FILE],
+[
+ AC_LIBOBJ([read-file])
+ gl_PREREQ_READ_FILE
+])
+
+# Prerequisites of lib/read-file.c.
+AC_DEFUN([gl_PREREQ_READ_FILE], [:])
--- /dev/null
+# realloc.m4 serial 11
+dnl Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# gl_FUNC_REALLOC_GNU
+# -------------------
+# Test whether 'realloc (0, 0)' is handled like in GNU libc, and replace
+# realloc if it is not.
+AC_DEFUN([gl_FUNC_REALLOC_GNU],
+[
+ AC_REQUIRE([gl_STDLIB_H_DEFAULTS])
+ dnl _AC_FUNC_REALLOC_IF is defined in Autoconf.
+ _AC_FUNC_REALLOC_IF(
+ [AC_DEFINE([HAVE_REALLOC_GNU], [1],
+ [Define to 1 if your system has a GNU libc compatible 'realloc'
+ function, and to 0 otherwise.])],
+ [AC_DEFINE([HAVE_REALLOC_GNU], [0])
+ gl_REPLACE_REALLOC
+ ])
+])# gl_FUNC_REALLOC_GNU
+
+# gl_FUNC_REALLOC_POSIX
+# ---------------------
+# Test whether 'realloc' is POSIX compliant (sets errno to ENOMEM when it
+# fails), and replace realloc if it is not.
+AC_DEFUN([gl_FUNC_REALLOC_POSIX],
+[
+ AC_REQUIRE([gl_STDLIB_H_DEFAULTS])
+ AC_REQUIRE([gl_CHECK_MALLOC_POSIX])
+ if test $gl_cv_func_malloc_posix = yes; then
+ AC_DEFINE([HAVE_REALLOC_POSIX], [1],
+ [Define if the 'realloc' function is POSIX compliant.])
+ else
+ gl_REPLACE_REALLOC
+ fi
+])
+
+AC_DEFUN([gl_REPLACE_REALLOC],
+[
+ AC_LIBOBJ([realloc])
+ REPLACE_REALLOC=1
+])
--- /dev/null
+# snprintf.m4 serial 5
+dnl Copyright (C) 2002-2004, 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_SNPRINTF],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ gl_cv_func_snprintf_usable=no
+ AC_CHECK_FUNCS([snprintf])
+ if test $ac_cv_func_snprintf = yes; then
+ gl_SNPRINTF_SIZE1
+ case "$gl_cv_func_snprintf_size1" in
+ *yes)
+ gl_SNPRINTF_RETVAL_C99
+ case "$gl_cv_func_snprintf_retval_c99" in
+ *yes)
+ gl_cv_func_snprintf_usable=yes
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ if test $gl_cv_func_snprintf_usable = no; then
+ gl_REPLACE_SNPRINTF
+ fi
+ AC_CHECK_DECLS_ONCE([snprintf])
+ if test $ac_cv_have_decl_snprintf = no; then
+ HAVE_DECL_SNPRINTF=0
+ fi
+])
+
+AC_DEFUN([gl_REPLACE_SNPRINTF],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ AC_LIBOBJ([snprintf])
+ if test $ac_cv_func_snprintf = yes; then
+ REPLACE_SNPRINTF=1
+ fi
+ gl_PREREQ_SNPRINTF
+])
+
+# Prerequisites of lib/snprintf.c.
+AC_DEFUN([gl_PREREQ_SNPRINTF], [:])
--- /dev/null
+# socketlib.m4 serial 1
+dnl Copyright (C) 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl gl_SOCKETLIB
+dnl Determines the library to use for socket functions.
+dnl Sets and AC_SUBSTs LIBSOCKET.
+
+AC_DEFUN([gl_SOCKETLIB],
+[
+ gl_PREREQ_SYS_H_WINSOCK2 dnl for HAVE_WINSOCK2_H
+ LIBSOCKET=
+ if test $HAVE_WINSOCK2_H = 1; then
+ dnl Native Windows API (not Cygwin).
+ AC_CACHE_CHECK([if we need to call WSAStartup in winsock2.h and -lws2_32],
+ [gl_cv_func_wsastartup], [
+ gl_save_LIBS="$LIBS"
+ LIBS="$LIBS -lws2_32"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#ifdef HAVE_WINSOCK2_H
+# include <winsock2.h>
+#endif]], [[
+ WORD wVersionRequested = MAKEWORD(1, 1);
+ WSADATA wsaData;
+ int err = WSAStartup(wVersionRequested, &wsaData);
+ WSACleanup ();]])],
+ gl_cv_func_wsastartup=yes, gl_cv_func_wsastartup=no)
+ LIBS="$gl_save_LIBS"
+ ])
+ if test "$gl_cv_func_wsastartup" = "yes"; then
+ AC_DEFINE([WINDOWS_SOCKETS], [1], [Define if WSAStartup is needed.])
+ LIBSOCKET='-lws2_32'
+ fi
+ else
+ dnl Unix API.
+ dnl Solaris has most socket functions in libsocket.
+ dnl Haiku has most socket functions in libnetwork.
+ dnl BeOS has most socket functions in libnet.
+ AC_CACHE_CHECK([for library containing setsockopt], [gl_cv_lib_socket], [
+ gl_cv_lib_socket=
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern
+#ifdef __cplusplus
+"C"
+#endif
+char setsockopt();]], [[setsockopt();]])],
+ [],
+ [gl_save_LIBS="$LIBS"
+ LIBS="$gl_save_LIBS -lsocket"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern
+#ifdef __cplusplus
+"C"
+#endif
+char setsockopt();]], [[setsockopt();]])],
+ [gl_cv_lib_socket="-lsocket"])
+ if test -z "$gl_cv_lib_socket"; then
+ LIBS="$gl_save_LIBS -lnetwork"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern
+#ifdef __cplusplus
+"C"
+#endif
+char setsockopt();]], [[setsockopt();]])],
+ [gl_cv_lib_socket="-lnetwork"])
+ if test -z "$gl_cv_lib_socket"; then
+ LIBS="$gl_save_LIBS -lnet"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[extern
+#ifdef __cplusplus
+"C"
+#endif
+char setsockopt();]], [[setsockopt();]])],
+ [gl_cv_lib_socket="-lnet"])
+ fi
+ fi
+ LIBS="$gl_save_LIBS"
+ ])
+ if test -z "$gl_cv_lib_socket"; then
+ gl_cv_lib_socket="none needed"
+ fi
+ ])
+ if test "$gl_cv_lib_socket" != "none needed"; then
+ LIBSOCKET="$gl_cv_lib_socket"
+ fi
+ fi
+ AC_SUBST([LIBSOCKET])
+])
--- /dev/null
+# sockets.m4 serial 7
+dnl Copyright (C) 2008-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_SOCKETS],
+[
+ AC_REQUIRE([AC_C_INLINE])
+ AC_REQUIRE([gl_SOCKETLIB])
+ gl_PREREQ_SOCKETS
+])
+
+# Prerequisites of lib/sockets.c.
+AC_DEFUN([gl_PREREQ_SOCKETS], [
+ :
+])
--- /dev/null
+# socklen.m4 serial 8
+dnl Copyright (C) 2005-2007, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Albert Chin, Windows fixes from Simon Josefsson.
+
+dnl Check for socklen_t: historically on BSD it is an int, and in
+dnl POSIX 1g it is a type of its own, but some platforms use different
+dnl types for the argument to getsockopt, getpeername, etc.:
+dnl HP-UX 10.20, IRIX 6.5, Interix 3.5, BeOS.
+dnl So we have to test to find something that will work.
+
+dnl On mingw32, socklen_t is in ws2tcpip.h ('int'), so we try to find
+dnl it there first. That file is included by gnulib's sys_socket.in.h, which
+dnl all users of this module should include. Cygwin must not include
+dnl ws2tcpip.h.
+AC_DEFUN([gl_TYPE_SOCKLEN_T],
+ [AC_REQUIRE([gl_HEADER_SYS_SOCKET])dnl
+ AC_CHECK_TYPE([socklen_t], ,
+ [AC_MSG_CHECKING([for socklen_t equivalent])
+ AC_CACHE_VAL([gl_cv_socklen_t_equiv],
+ [# Systems have either "struct sockaddr *" or
+ # "void *" as the second argument to getpeername
+ gl_cv_socklen_t_equiv=
+ for arg2 in "struct sockaddr" void; do
+ for t in int size_t "unsigned int" "long int" "unsigned long int"; do
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+ [[#include <sys/types.h>
+ #include <sys/socket.h>
+
+ int getpeername (int, $arg2 *, $t *);]],
+ [[$t len;
+ getpeername (0, 0, &len);]])],
+ [gl_cv_socklen_t_equiv="$t"])
+ test "$gl_cv_socklen_t_equiv" != "" && break
+ done
+ test "$gl_cv_socklen_t_equiv" != "" && break
+ done
+ ])
+ if test "$gl_cv_socklen_t_equiv" = ""; then
+ AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+ fi
+ AC_MSG_RESULT([$gl_cv_socklen_t_equiv])
+ AC_DEFINE_UNQUOTED([socklen_t], [$gl_cv_socklen_t_equiv],
+ [type to use in place of socklen_t if not defined])],
+ [#include <sys/types.h>
+ #if HAVE_SYS_SOCKET_H
+ # include <sys/socket.h>
+ #elif HAVE_WS2TCPIP_H
+ # include <ws2tcpip.h>
+ #endif])])
--- /dev/null
+# Check for stdbool.h that conforms to C99.
+
+dnl Copyright (C) 2002-2006, 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+#serial 4
+
+# Prepare for substituting <stdbool.h> if it is not supported.
+
+AC_DEFUN([AM_STDBOOL_H],
+[
+ AC_REQUIRE([AC_CHECK_HEADER_STDBOOL])
+
+ # Define two additional variables used in the Makefile substitution.
+
+ if test "$ac_cv_header_stdbool_h" = yes; then
+ STDBOOL_H=''
+ else
+ STDBOOL_H='stdbool.h'
+ fi
+ AC_SUBST([STDBOOL_H])
+
+ if test "$ac_cv_type__Bool" = yes; then
+ HAVE__BOOL=1
+ else
+ HAVE__BOOL=0
+ fi
+ AC_SUBST([HAVE__BOOL])
+])
+
+# AM_STDBOOL_H will be renamed to gl_STDBOOL_H in the future.
+AC_DEFUN([gl_STDBOOL_H], [AM_STDBOOL_H])
+
+# This version of the macro is needed in autoconf <= 2.68.
+
+AC_DEFUN([AC_CHECK_HEADER_STDBOOL],
+ [AC_CACHE_CHECK([for stdbool.h that conforms to C99],
+ [ac_cv_header_stdbool_h],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[
+ #include <stdbool.h>
+ #ifndef bool
+ "error: bool is not defined"
+ #endif
+ #ifndef false
+ "error: false is not defined"
+ #endif
+ #if false
+ "error: false is not 0"
+ #endif
+ #ifndef true
+ "error: true is not defined"
+ #endif
+ #if true != 1
+ "error: true is not 1"
+ #endif
+ #ifndef __bool_true_false_are_defined
+ "error: __bool_true_false_are_defined is not defined"
+ #endif
+
+ struct s { _Bool s: 1; _Bool t; } s;
+
+ char a[true == 1 ? 1 : -1];
+ char b[false == 0 ? 1 : -1];
+ char c[__bool_true_false_are_defined == 1 ? 1 : -1];
+ char d[(bool) 0.5 == true ? 1 : -1];
+ /* See body of main program for 'e'. */
+ char f[(_Bool) 0.0 == false ? 1 : -1];
+ char g[true];
+ char h[sizeof (_Bool)];
+ char i[sizeof s.t];
+ enum { j = false, k = true, l = false * true, m = true * 256 };
+ /* The following fails for
+ HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */
+ _Bool n[m];
+ char o[sizeof n == m * sizeof n[0] ? 1 : -1];
+ char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1];
+ /* Catch a bug in an HP-UX C compiler. See
+ http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html
+ http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html
+ */
+ _Bool q = true;
+ _Bool *pq = &q;
+ ]],
+ [[
+ bool e = &s;
+ *pq |= q;
+ *pq |= ! q;
+ /* Refer to every declared value, to avoid compiler optimizations. */
+ return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l
+ + !m + !n + !o + !p + !q + !pq);
+ ]])],
+ [ac_cv_header_stdbool_h=yes],
+ [ac_cv_header_stdbool_h=no])])
+ AC_CHECK_TYPES([_Bool])
+])
--- /dev/null
+dnl A placeholder for POSIX 2008 <stddef.h>, for platforms that have issues.
+# stddef_h.m4 serial 3
+dnl Copyright (C) 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_STDDEF_H],
+[
+ AC_REQUIRE([gl_STDDEF_H_DEFAULTS])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ if test $gt_cv_c_wchar_t = no; then
+ HAVE_WCHAR_T=0
+ STDDEF_H=stddef.h
+ fi
+ AC_CACHE_CHECK([whether NULL can be used in arbitrary expressions],
+ [gl_cv_decl_null_works],
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stddef.h>
+ int test[2 * (sizeof NULL == sizeof (void *)) -1];
+]])],
+ [gl_cv_decl_null_works=yes],
+ [gl_cv_decl_null_works=no])])
+ if test $gl_cv_decl_null_works = no; then
+ REPLACE_NULL=1
+ STDDEF_H=stddef.h
+ fi
+ if test -n "$STDDEF_H"; then
+ gl_NEXT_HEADERS([stddef.h])
+ fi
+])
+
+AC_DEFUN([gl_STDDEF_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_STDDEF_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+])
+
+AC_DEFUN([gl_STDDEF_H_DEFAULTS],
+[
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ REPLACE_NULL=0; AC_SUBST([REPLACE_NULL])
+ HAVE_WCHAR_T=1; AC_SUBST([HAVE_WCHAR_T])
+ STDDEF_H=''; AC_SUBST([STDDEF_H])
+])
--- /dev/null
+# stdint.m4 serial 39
+dnl Copyright (C) 2001-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert and Bruno Haible.
+dnl Test whether <stdint.h> is supported or must be substituted.
+
+AC_DEFUN([gl_STDINT_H],
+[
+ AC_PREREQ([2.59])dnl
+
+ dnl Check for long long int and unsigned long long int.
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ if test $ac_cv_type_long_long_int = yes; then
+ HAVE_LONG_LONG_INT=1
+ else
+ HAVE_LONG_LONG_INT=0
+ fi
+ AC_SUBST([HAVE_LONG_LONG_INT])
+ AC_REQUIRE([AC_TYPE_UNSIGNED_LONG_LONG_INT])
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+ HAVE_UNSIGNED_LONG_LONG_INT=1
+ else
+ HAVE_UNSIGNED_LONG_LONG_INT=0
+ fi
+ AC_SUBST([HAVE_UNSIGNED_LONG_LONG_INT])
+
+ dnl Check for <wchar.h>, in the same way as gl_WCHAR_H does.
+ AC_CHECK_HEADERS_ONCE([wchar.h])
+ if test $ac_cv_header_wchar_h = yes; then
+ HAVE_WCHAR_H=1
+ else
+ HAVE_WCHAR_H=0
+ fi
+ AC_SUBST([HAVE_WCHAR_H])
+
+ dnl Check for <inttypes.h>.
+ dnl AC_INCLUDES_DEFAULT defines $ac_cv_header_inttypes_h.
+ if test $ac_cv_header_inttypes_h = yes; then
+ HAVE_INTTYPES_H=1
+ else
+ HAVE_INTTYPES_H=0
+ fi
+ AC_SUBST([HAVE_INTTYPES_H])
+
+ dnl Check for <sys/types.h>.
+ dnl AC_INCLUDES_DEFAULT defines $ac_cv_header_sys_types_h.
+ if test $ac_cv_header_sys_types_h = yes; then
+ HAVE_SYS_TYPES_H=1
+ else
+ HAVE_SYS_TYPES_H=0
+ fi
+ AC_SUBST([HAVE_SYS_TYPES_H])
+
+ gl_CHECK_NEXT_HEADERS([stdint.h])
+ if test $ac_cv_header_stdint_h = yes; then
+ HAVE_STDINT_H=1
+ else
+ HAVE_STDINT_H=0
+ fi
+ AC_SUBST([HAVE_STDINT_H])
+
+ dnl Now see whether we need a substitute <stdint.h>.
+ if test $ac_cv_header_stdint_h = yes; then
+ AC_CACHE_CHECK([whether stdint.h conforms to C99],
+ [gl_cv_header_working_stdint_h],
+ [gl_cv_header_working_stdint_h=no
+ AC_COMPILE_IFELSE([
+ AC_LANG_PROGRAM([[
+#define __STDC_LIMIT_MACROS 1 /* to make it work also in C++ mode */
+#define __STDC_CONSTANT_MACROS 1 /* to make it work also in C++ mode */
+#define _GL_JUST_INCLUDE_SYSTEM_STDINT_H 1 /* work if build isn't clean */
+#include <stdint.h>
+/* Dragonfly defines WCHAR_MIN, WCHAR_MAX only in <wchar.h>. */
+#if !(defined WCHAR_MIN && defined WCHAR_MAX)
+#error "WCHAR_MIN, WCHAR_MAX not defined in <stdint.h>"
+#endif
+]
+gl_STDINT_INCLUDES
+[
+#ifdef INT8_MAX
+int8_t a1 = INT8_MAX;
+int8_t a1min = INT8_MIN;
+#endif
+#ifdef INT16_MAX
+int16_t a2 = INT16_MAX;
+int16_t a2min = INT16_MIN;
+#endif
+#ifdef INT32_MAX
+int32_t a3 = INT32_MAX;
+int32_t a3min = INT32_MIN;
+#endif
+#ifdef INT64_MAX
+int64_t a4 = INT64_MAX;
+int64_t a4min = INT64_MIN;
+#endif
+#ifdef UINT8_MAX
+uint8_t b1 = UINT8_MAX;
+#else
+typedef int b1[(unsigned char) -1 != 255 ? 1 : -1];
+#endif
+#ifdef UINT16_MAX
+uint16_t b2 = UINT16_MAX;
+#endif
+#ifdef UINT32_MAX
+uint32_t b3 = UINT32_MAX;
+#endif
+#ifdef UINT64_MAX
+uint64_t b4 = UINT64_MAX;
+#endif
+int_least8_t c1 = INT8_C (0x7f);
+int_least8_t c1max = INT_LEAST8_MAX;
+int_least8_t c1min = INT_LEAST8_MIN;
+int_least16_t c2 = INT16_C (0x7fff);
+int_least16_t c2max = INT_LEAST16_MAX;
+int_least16_t c2min = INT_LEAST16_MIN;
+int_least32_t c3 = INT32_C (0x7fffffff);
+int_least32_t c3max = INT_LEAST32_MAX;
+int_least32_t c3min = INT_LEAST32_MIN;
+int_least64_t c4 = INT64_C (0x7fffffffffffffff);
+int_least64_t c4max = INT_LEAST64_MAX;
+int_least64_t c4min = INT_LEAST64_MIN;
+uint_least8_t d1 = UINT8_C (0xff);
+uint_least8_t d1max = UINT_LEAST8_MAX;
+uint_least16_t d2 = UINT16_C (0xffff);
+uint_least16_t d2max = UINT_LEAST16_MAX;
+uint_least32_t d3 = UINT32_C (0xffffffff);
+uint_least32_t d3max = UINT_LEAST32_MAX;
+uint_least64_t d4 = UINT64_C (0xffffffffffffffff);
+uint_least64_t d4max = UINT_LEAST64_MAX;
+int_fast8_t e1 = INT_FAST8_MAX;
+int_fast8_t e1min = INT_FAST8_MIN;
+int_fast16_t e2 = INT_FAST16_MAX;
+int_fast16_t e2min = INT_FAST16_MIN;
+int_fast32_t e3 = INT_FAST32_MAX;
+int_fast32_t e3min = INT_FAST32_MIN;
+int_fast64_t e4 = INT_FAST64_MAX;
+int_fast64_t e4min = INT_FAST64_MIN;
+uint_fast8_t f1 = UINT_FAST8_MAX;
+uint_fast16_t f2 = UINT_FAST16_MAX;
+uint_fast32_t f3 = UINT_FAST32_MAX;
+uint_fast64_t f4 = UINT_FAST64_MAX;
+#ifdef INTPTR_MAX
+intptr_t g = INTPTR_MAX;
+intptr_t gmin = INTPTR_MIN;
+#endif
+#ifdef UINTPTR_MAX
+uintptr_t h = UINTPTR_MAX;
+#endif
+intmax_t i = INTMAX_MAX;
+uintmax_t j = UINTMAX_MAX;
+
+#include <limits.h> /* for CHAR_BIT */
+#define TYPE_MINIMUM(t) \
+ ((t) ((t) 0 < (t) -1 ? (t) 0 : ~ TYPE_MAXIMUM (t)))
+#define TYPE_MAXIMUM(t) \
+ ((t) ((t) 0 < (t) -1 \
+ ? (t) -1 \
+ : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1)))
+struct s {
+ int check_PTRDIFF:
+ PTRDIFF_MIN == TYPE_MINIMUM (ptrdiff_t)
+ && PTRDIFF_MAX == TYPE_MAXIMUM (ptrdiff_t)
+ ? 1 : -1;
+ /* Detect bug in FreeBSD 6.0 / ia64. */
+ int check_SIG_ATOMIC:
+ SIG_ATOMIC_MIN == TYPE_MINIMUM (sig_atomic_t)
+ && SIG_ATOMIC_MAX == TYPE_MAXIMUM (sig_atomic_t)
+ ? 1 : -1;
+ int check_SIZE: SIZE_MAX == TYPE_MAXIMUM (size_t) ? 1 : -1;
+ int check_WCHAR:
+ WCHAR_MIN == TYPE_MINIMUM (wchar_t)
+ && WCHAR_MAX == TYPE_MAXIMUM (wchar_t)
+ ? 1 : -1;
+ /* Detect bug in mingw. */
+ int check_WINT:
+ WINT_MIN == TYPE_MINIMUM (wint_t)
+ && WINT_MAX == TYPE_MAXIMUM (wint_t)
+ ? 1 : -1;
+
+ /* Detect bugs in glibc 2.4 and Solaris 10 stdint.h, among others. */
+ int check_UINT8_C:
+ (-1 < UINT8_C (0)) == (-1 < (uint_least8_t) 0) ? 1 : -1;
+ int check_UINT16_C:
+ (-1 < UINT16_C (0)) == (-1 < (uint_least16_t) 0) ? 1 : -1;
+
+ /* Detect bugs in OpenBSD 3.9 stdint.h. */
+#ifdef UINT8_MAX
+ int check_uint8: (uint8_t) -1 == UINT8_MAX ? 1 : -1;
+#endif
+#ifdef UINT16_MAX
+ int check_uint16: (uint16_t) -1 == UINT16_MAX ? 1 : -1;
+#endif
+#ifdef UINT32_MAX
+ int check_uint32: (uint32_t) -1 == UINT32_MAX ? 1 : -1;
+#endif
+#ifdef UINT64_MAX
+ int check_uint64: (uint64_t) -1 == UINT64_MAX ? 1 : -1;
+#endif
+ int check_uint_least8: (uint_least8_t) -1 == UINT_LEAST8_MAX ? 1 : -1;
+ int check_uint_least16: (uint_least16_t) -1 == UINT_LEAST16_MAX ? 1 : -1;
+ int check_uint_least32: (uint_least32_t) -1 == UINT_LEAST32_MAX ? 1 : -1;
+ int check_uint_least64: (uint_least64_t) -1 == UINT_LEAST64_MAX ? 1 : -1;
+ int check_uint_fast8: (uint_fast8_t) -1 == UINT_FAST8_MAX ? 1 : -1;
+ int check_uint_fast16: (uint_fast16_t) -1 == UINT_FAST16_MAX ? 1 : -1;
+ int check_uint_fast32: (uint_fast32_t) -1 == UINT_FAST32_MAX ? 1 : -1;
+ int check_uint_fast64: (uint_fast64_t) -1 == UINT_FAST64_MAX ? 1 : -1;
+ int check_uintptr: (uintptr_t) -1 == UINTPTR_MAX ? 1 : -1;
+ int check_uintmax: (uintmax_t) -1 == UINTMAX_MAX ? 1 : -1;
+ int check_size: (size_t) -1 == SIZE_MAX ? 1 : -1;
+};
+ ]])],
+ [dnl Determine whether the various *_MIN, *_MAX macros are usable
+ dnl in preprocessor expression. We could do it by compiling a test
+ dnl program for each of these macros. It is faster to run a program
+ dnl that inspects the macro expansion.
+ dnl This detects a bug on HP-UX 11.23/ia64.
+ AC_RUN_IFELSE([
+ AC_LANG_PROGRAM([[
+#define __STDC_LIMIT_MACROS 1 /* to make it work also in C++ mode */
+#define __STDC_CONSTANT_MACROS 1 /* to make it work also in C++ mode */
+#define _GL_JUST_INCLUDE_SYSTEM_STDINT_H 1 /* work if build isn't clean */
+#include <stdint.h>
+]
+gl_STDINT_INCLUDES
+[
+#include <stdio.h>
+#include <string.h>
+#define MVAL(macro) MVAL1(macro)
+#define MVAL1(expression) #expression
+static const char *macro_values[] =
+ {
+#ifdef INT8_MAX
+ MVAL (INT8_MAX),
+#endif
+#ifdef INT16_MAX
+ MVAL (INT16_MAX),
+#endif
+#ifdef INT32_MAX
+ MVAL (INT32_MAX),
+#endif
+#ifdef INT64_MAX
+ MVAL (INT64_MAX),
+#endif
+#ifdef UINT8_MAX
+ MVAL (UINT8_MAX),
+#endif
+#ifdef UINT16_MAX
+ MVAL (UINT16_MAX),
+#endif
+#ifdef UINT32_MAX
+ MVAL (UINT32_MAX),
+#endif
+#ifdef UINT64_MAX
+ MVAL (UINT64_MAX),
+#endif
+ NULL
+ };
+]], [[
+ const char **mv;
+ for (mv = macro_values; *mv != NULL; mv++)
+ {
+ const char *value = *mv;
+ /* Test whether it looks like a cast expression. */
+ if (strncmp (value, "((unsigned int)"/*)*/, 15) == 0
+ || strncmp (value, "((unsigned short)"/*)*/, 17) == 0
+ || strncmp (value, "((unsigned char)"/*)*/, 16) == 0
+ || strncmp (value, "((int)"/*)*/, 6) == 0
+ || strncmp (value, "((signed short)"/*)*/, 15) == 0
+ || strncmp (value, "((signed char)"/*)*/, 14) == 0)
+ return mv - macro_values + 1;
+ }
+ return 0;
+]])],
+ [gl_cv_header_working_stdint_h=yes],
+ [],
+ [dnl When cross-compiling, assume it works.
+ gl_cv_header_working_stdint_h=yes
+ ])
+ ])
+ ])
+ fi
+ if test "$gl_cv_header_working_stdint_h" = yes; then
+ STDINT_H=
+ else
+ dnl Check for <sys/inttypes.h>, and for
+ dnl <sys/bitypes.h> (used in Linux libc4 >= 4.6.7 and libc5).
+ AC_CHECK_HEADERS([sys/inttypes.h sys/bitypes.h])
+ if test $ac_cv_header_sys_inttypes_h = yes; then
+ HAVE_SYS_INTTYPES_H=1
+ else
+ HAVE_SYS_INTTYPES_H=0
+ fi
+ AC_SUBST([HAVE_SYS_INTTYPES_H])
+ if test $ac_cv_header_sys_bitypes_h = yes; then
+ HAVE_SYS_BITYPES_H=1
+ else
+ HAVE_SYS_BITYPES_H=0
+ fi
+ AC_SUBST([HAVE_SYS_BITYPES_H])
+
+ gl_STDINT_TYPE_PROPERTIES
+ STDINT_H=stdint.h
+ fi
+ AC_SUBST([STDINT_H])
+])
+
+dnl gl_STDINT_BITSIZEOF(TYPES, INCLUDES)
+dnl Determine the size of each of the given types in bits.
+AC_DEFUN([gl_STDINT_BITSIZEOF],
+[
+ dnl Use a shell loop, to avoid bloating configure, and
+ dnl - extra AH_TEMPLATE calls, so that autoheader knows what to put into
+ dnl config.h.in,
+ dnl - extra AC_SUBST calls, so that the right substitutions are made.
+ m4_foreach_w([gltype], [$1],
+ [AH_TEMPLATE([BITSIZEOF_]m4_translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]),
+ [Define to the number of bits in type ']gltype['.])])
+ for gltype in $1 ; do
+ AC_CACHE_CHECK([for bit size of $gltype], [gl_cv_bitsizeof_${gltype}],
+ [AC_COMPUTE_INT([result], [sizeof ($gltype) * CHAR_BIT],
+ [$2
+#include <limits.h>], [result=unknown])
+ eval gl_cv_bitsizeof_${gltype}=\$result
+ ])
+ eval result=\$gl_cv_bitsizeof_${gltype}
+ if test $result = unknown; then
+ dnl Use a nonempty default, because some compilers, such as IRIX 5 cc,
+ dnl do a syntax check even on unused #if conditions and give an error
+ dnl on valid C code like this:
+ dnl #if 0
+ dnl # if > 32
+ dnl # endif
+ dnl #endif
+ result=0
+ fi
+ GLTYPE=`echo "$gltype" | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ AC_DEFINE_UNQUOTED([BITSIZEOF_${GLTYPE}], [$result])
+ eval BITSIZEOF_${GLTYPE}=\$result
+ done
+ m4_foreach_w([gltype], [$1],
+ [AC_SUBST([BITSIZEOF_]m4_translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]))])
+])
+
+dnl gl_CHECK_TYPES_SIGNED(TYPES, INCLUDES)
+dnl Determine the signedness of each of the given types.
+dnl Define HAVE_SIGNED_TYPE if type is signed.
+AC_DEFUN([gl_CHECK_TYPES_SIGNED],
+[
+ dnl Use a shell loop, to avoid bloating configure, and
+ dnl - extra AH_TEMPLATE calls, so that autoheader knows what to put into
+ dnl config.h.in,
+ dnl - extra AC_SUBST calls, so that the right substitutions are made.
+ m4_foreach_w([gltype], [$1],
+ [AH_TEMPLATE([HAVE_SIGNED_]m4_translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]),
+ [Define to 1 if ']gltype[' is a signed integer type.])])
+ for gltype in $1 ; do
+ AC_CACHE_CHECK([whether $gltype is signed], [gl_cv_type_${gltype}_signed],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([$2[
+ int verify[2 * (($gltype) -1 < ($gltype) 0) - 1];]])],
+ result=yes, result=no)
+ eval gl_cv_type_${gltype}_signed=\$result
+ ])
+ eval result=\$gl_cv_type_${gltype}_signed
+ GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ if test "$result" = yes; then
+ AC_DEFINE_UNQUOTED([HAVE_SIGNED_${GLTYPE}], [1])
+ eval HAVE_SIGNED_${GLTYPE}=1
+ else
+ eval HAVE_SIGNED_${GLTYPE}=0
+ fi
+ done
+ m4_foreach_w([gltype], [$1],
+ [AC_SUBST([HAVE_SIGNED_]m4_translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_]))])
+])
+
+dnl gl_INTEGER_TYPE_SUFFIX(TYPES, INCLUDES)
+dnl Determine the suffix to use for integer constants of the given types.
+dnl Define t_SUFFIX for each such type.
+AC_DEFUN([gl_INTEGER_TYPE_SUFFIX],
+[
+ dnl Use a shell loop, to avoid bloating configure, and
+ dnl - extra AH_TEMPLATE calls, so that autoheader knows what to put into
+ dnl config.h.in,
+ dnl - extra AC_SUBST calls, so that the right substitutions are made.
+ m4_foreach_w([gltype], [$1],
+ [AH_TEMPLATE(m4_translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_])[_SUFFIX],
+ [Define to l, ll, u, ul, ull, etc., as suitable for
+ constants of type ']gltype['.])])
+ for gltype in $1 ; do
+ AC_CACHE_CHECK([for $gltype integer literal suffix],
+ [gl_cv_type_${gltype}_suffix],
+ [eval gl_cv_type_${gltype}_suffix=no
+ eval result=\$gl_cv_type_${gltype}_signed
+ if test "$result" = yes; then
+ glsufu=
+ else
+ glsufu=u
+ fi
+ for glsuf in "$glsufu" ${glsufu}l ${glsufu}ll ${glsufu}i64; do
+ case $glsuf in
+ '') gltype1='int';;
+ l) gltype1='long int';;
+ ll) gltype1='long long int';;
+ i64) gltype1='__int64';;
+ u) gltype1='unsigned int';;
+ ul) gltype1='unsigned long int';;
+ ull) gltype1='unsigned long long int';;
+ ui64)gltype1='unsigned __int64';;
+ esac
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([$2[
+ extern $gltype foo;
+ extern $gltype1 foo;]])],
+ [eval gl_cv_type_${gltype}_suffix=\$glsuf])
+ eval result=\$gl_cv_type_${gltype}_suffix
+ test "$result" != no && break
+ done])
+ GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'`
+ eval result=\$gl_cv_type_${gltype}_suffix
+ test "$result" = no && result=
+ eval ${GLTYPE}_SUFFIX=\$result
+ AC_DEFINE_UNQUOTED([${GLTYPE}_SUFFIX], [$result])
+ done
+ m4_foreach_w([gltype], [$1],
+ [AC_SUBST(m4_translit(gltype,[abcdefghijklmnopqrstuvwxyz ],[ABCDEFGHIJKLMNOPQRSTUVWXYZ_])[_SUFFIX])])
+])
+
+dnl gl_STDINT_INCLUDES
+AC_DEFUN([gl_STDINT_INCLUDES],
+[[
+ /* BSD/OS 4.0.1 has a bug: <stddef.h>, <stdio.h> and <time.h> must be
+ included before <wchar.h>. */
+ #include <stddef.h>
+ #include <signal.h>
+ #if HAVE_WCHAR_H
+ # include <stdio.h>
+ # include <time.h>
+ # include <wchar.h>
+ #endif
+]])
+
+dnl gl_STDINT_TYPE_PROPERTIES
+dnl Compute HAVE_SIGNED_t, BITSIZEOF_t and t_SUFFIX, for all the types t
+dnl of interest to stdint.in.h.
+AC_DEFUN([gl_STDINT_TYPE_PROPERTIES],
+[
+ AC_REQUIRE([gl_MULTIARCH])
+ if test $APPLE_UNIVERSAL_BUILD = 0; then
+ gl_STDINT_BITSIZEOF([ptrdiff_t size_t],
+ [gl_STDINT_INCLUDES])
+ fi
+ gl_STDINT_BITSIZEOF([sig_atomic_t wchar_t wint_t],
+ [gl_STDINT_INCLUDES])
+ gl_CHECK_TYPES_SIGNED([sig_atomic_t wchar_t wint_t],
+ [gl_STDINT_INCLUDES])
+ gl_cv_type_ptrdiff_t_signed=yes
+ gl_cv_type_size_t_signed=no
+ if test $APPLE_UNIVERSAL_BUILD = 0; then
+ gl_INTEGER_TYPE_SUFFIX([ptrdiff_t size_t],
+ [gl_STDINT_INCLUDES])
+ fi
+ gl_INTEGER_TYPE_SUFFIX([sig_atomic_t wchar_t wint_t],
+ [gl_STDINT_INCLUDES])
+])
+
+dnl Autoconf >= 2.61 has AC_COMPUTE_INT built-in.
+dnl Remove this when we can assume autoconf >= 2.61.
+m4_ifdef([AC_COMPUTE_INT], [], [
+ AC_DEFUN([AC_COMPUTE_INT], [_AC_COMPUTE_INT([$2],[$1],[$3],[$4])])
+])
+
+# Hey Emacs!
+# Local Variables:
+# indent-tabs-mode: nil
+# End:
--- /dev/null
+# stdio_h.m4 serial 32
+dnl Copyright (C) 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_STDIO_H],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ AC_REQUIRE([AC_C_INLINE])
+ AC_REQUIRE([gl_ASM_SYMBOL_PREFIX])
+ gl_NEXT_HEADERS([stdio.h])
+ dnl No need to create extra modules for these functions. Everyone who uses
+ dnl <stdio.h> likely needs them.
+ GNULIB_FPRINTF=1
+ GNULIB_PRINTF=1
+ GNULIB_VFPRINTF=1
+ GNULIB_VPRINTF=1
+ GNULIB_FPUTC=1
+ GNULIB_PUTC=1
+ GNULIB_PUTCHAR=1
+ GNULIB_FPUTS=1
+ GNULIB_PUTS=1
+ GNULIB_FWRITE=1
+ dnl This ifdef is just an optimization, to avoid performing a configure
+ dnl check whose result is not used. It does not make the test of
+ dnl GNULIB_STDIO_H_SIGPIPE or GNULIB_SIGPIPE redundant.
+ m4_ifdef([gl_SIGNAL_SIGPIPE], [
+ gl_SIGNAL_SIGPIPE
+ if test $gl_cv_header_signal_h_SIGPIPE != yes; then
+ REPLACE_STDIO_WRITE_FUNCS=1
+ AC_LIBOBJ([stdio-write])
+ fi
+ ])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use, and which is not
+ dnl guaranteed by C89.
+ gl_WARN_ON_USE_PREPARE([[#include <stdio.h>
+ ]], [dprintf fpurge fseeko ftello getdelim getline popen renameat
+ snprintf tmpfile vdprintf vsnprintf])
+])
+
+AC_DEFUN([gl_STDIO_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_STDIO_H_DEFAULTS],
+[
+ GNULIB_DPRINTF=0; AC_SUBST([GNULIB_DPRINTF])
+ GNULIB_FCLOSE=0; AC_SUBST([GNULIB_FCLOSE])
+ GNULIB_FFLUSH=0; AC_SUBST([GNULIB_FFLUSH])
+ GNULIB_FOPEN=0; AC_SUBST([GNULIB_FOPEN])
+ GNULIB_FPRINTF=0; AC_SUBST([GNULIB_FPRINTF])
+ GNULIB_FPRINTF_POSIX=0; AC_SUBST([GNULIB_FPRINTF_POSIX])
+ GNULIB_FPURGE=0; AC_SUBST([GNULIB_FPURGE])
+ GNULIB_FPUTC=0; AC_SUBST([GNULIB_FPUTC])
+ GNULIB_FPUTS=0; AC_SUBST([GNULIB_FPUTS])
+ GNULIB_FREOPEN=0; AC_SUBST([GNULIB_FREOPEN])
+ GNULIB_FSEEK=0; AC_SUBST([GNULIB_FSEEK])
+ GNULIB_FSEEKO=0; AC_SUBST([GNULIB_FSEEKO])
+ GNULIB_FTELL=0; AC_SUBST([GNULIB_FTELL])
+ GNULIB_FTELLO=0; AC_SUBST([GNULIB_FTELLO])
+ GNULIB_FWRITE=0; AC_SUBST([GNULIB_FWRITE])
+ GNULIB_GETDELIM=0; AC_SUBST([GNULIB_GETDELIM])
+ GNULIB_GETLINE=0; AC_SUBST([GNULIB_GETLINE])
+ GNULIB_OBSTACK_PRINTF=0; AC_SUBST([GNULIB_OBSTACK_PRINTF])
+ GNULIB_OBSTACK_PRINTF_POSIX=0; AC_SUBST([GNULIB_OBSTACK_PRINTF_POSIX])
+ GNULIB_PERROR=0; AC_SUBST([GNULIB_PERROR])
+ GNULIB_POPEN=0; AC_SUBST([GNULIB_POPEN])
+ GNULIB_PRINTF=0; AC_SUBST([GNULIB_PRINTF])
+ GNULIB_PRINTF_POSIX=0; AC_SUBST([GNULIB_PRINTF_POSIX])
+ GNULIB_PUTC=0; AC_SUBST([GNULIB_PUTC])
+ GNULIB_PUTCHAR=0; AC_SUBST([GNULIB_PUTCHAR])
+ GNULIB_PUTS=0; AC_SUBST([GNULIB_PUTS])
+ GNULIB_REMOVE=0; AC_SUBST([GNULIB_REMOVE])
+ GNULIB_RENAME=0; AC_SUBST([GNULIB_RENAME])
+ GNULIB_RENAMEAT=0; AC_SUBST([GNULIB_RENAMEAT])
+ GNULIB_SNPRINTF=0; AC_SUBST([GNULIB_SNPRINTF])
+ GNULIB_SPRINTF_POSIX=0; AC_SUBST([GNULIB_SPRINTF_POSIX])
+ GNULIB_STDIO_H_SIGPIPE=0; AC_SUBST([GNULIB_STDIO_H_SIGPIPE])
+ GNULIB_TMPFILE=0; AC_SUBST([GNULIB_TMPFILE])
+ GNULIB_VASPRINTF=0; AC_SUBST([GNULIB_VASPRINTF])
+ GNULIB_VDPRINTF=0; AC_SUBST([GNULIB_VDPRINTF])
+ GNULIB_VFPRINTF=0; AC_SUBST([GNULIB_VFPRINTF])
+ GNULIB_VFPRINTF_POSIX=0; AC_SUBST([GNULIB_VFPRINTF_POSIX])
+ GNULIB_VPRINTF=0; AC_SUBST([GNULIB_VPRINTF])
+ GNULIB_VPRINTF_POSIX=0; AC_SUBST([GNULIB_VPRINTF_POSIX])
+ GNULIB_VSNPRINTF=0; AC_SUBST([GNULIB_VSNPRINTF])
+ GNULIB_VSPRINTF_POSIX=0; AC_SUBST([GNULIB_VSPRINTF_POSIX])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_DECL_FPURGE=1; AC_SUBST([HAVE_DECL_FPURGE])
+ HAVE_DECL_FSEEKO=1; AC_SUBST([HAVE_DECL_FSEEKO])
+ HAVE_DECL_FTELLO=1; AC_SUBST([HAVE_DECL_FTELLO])
+ HAVE_DECL_GETDELIM=1; AC_SUBST([HAVE_DECL_GETDELIM])
+ HAVE_DECL_GETLINE=1; AC_SUBST([HAVE_DECL_GETLINE])
+ HAVE_DECL_OBSTACK_PRINTF=1; AC_SUBST([HAVE_DECL_OBSTACK_PRINTF])
+ HAVE_DECL_SNPRINTF=1; AC_SUBST([HAVE_DECL_SNPRINTF])
+ HAVE_DECL_VSNPRINTF=1; AC_SUBST([HAVE_DECL_VSNPRINTF])
+ HAVE_DPRINTF=1; AC_SUBST([HAVE_DPRINTF])
+ HAVE_FSEEKO=1; AC_SUBST([HAVE_FSEEKO])
+ HAVE_FTELLO=1; AC_SUBST([HAVE_FTELLO])
+ HAVE_RENAMEAT=1; AC_SUBST([HAVE_RENAMEAT])
+ HAVE_VASPRINTF=1; AC_SUBST([HAVE_VASPRINTF])
+ HAVE_VDPRINTF=1; AC_SUBST([HAVE_VDPRINTF])
+ REPLACE_DPRINTF=0; AC_SUBST([REPLACE_DPRINTF])
+ REPLACE_FCLOSE=0; AC_SUBST([REPLACE_FCLOSE])
+ REPLACE_FFLUSH=0; AC_SUBST([REPLACE_FFLUSH])
+ REPLACE_FOPEN=0; AC_SUBST([REPLACE_FOPEN])
+ REPLACE_FPRINTF=0; AC_SUBST([REPLACE_FPRINTF])
+ REPLACE_FPURGE=0; AC_SUBST([REPLACE_FPURGE])
+ REPLACE_FREOPEN=0; AC_SUBST([REPLACE_FREOPEN])
+ REPLACE_FSEEK=0; AC_SUBST([REPLACE_FSEEK])
+ REPLACE_FSEEKO=0; AC_SUBST([REPLACE_FSEEKO])
+ REPLACE_FTELL=0; AC_SUBST([REPLACE_FTELL])
+ REPLACE_FTELLO=0; AC_SUBST([REPLACE_FTELLO])
+ REPLACE_GETDELIM=0; AC_SUBST([REPLACE_GETDELIM])
+ REPLACE_GETLINE=0; AC_SUBST([REPLACE_GETLINE])
+ REPLACE_OBSTACK_PRINTF=0; AC_SUBST([REPLACE_OBSTACK_PRINTF])
+ REPLACE_PERROR=0; AC_SUBST([REPLACE_PERROR])
+ REPLACE_POPEN=0; AC_SUBST([REPLACE_POPEN])
+ REPLACE_PRINTF=0; AC_SUBST([REPLACE_PRINTF])
+ REPLACE_REMOVE=0; AC_SUBST([REPLACE_REMOVE])
+ REPLACE_RENAME=0; AC_SUBST([REPLACE_RENAME])
+ REPLACE_RENAMEAT=0; AC_SUBST([REPLACE_RENAMEAT])
+ REPLACE_SNPRINTF=0; AC_SUBST([REPLACE_SNPRINTF])
+ REPLACE_SPRINTF=0; AC_SUBST([REPLACE_SPRINTF])
+ REPLACE_STDIO_WRITE_FUNCS=0; AC_SUBST([REPLACE_STDIO_WRITE_FUNCS])
+ REPLACE_TMPFILE=0; AC_SUBST([REPLACE_TMPFILE])
+ REPLACE_VASPRINTF=0; AC_SUBST([REPLACE_VASPRINTF])
+ REPLACE_VDPRINTF=0; AC_SUBST([REPLACE_VDPRINTF])
+ REPLACE_VFPRINTF=0; AC_SUBST([REPLACE_VFPRINTF])
+ REPLACE_VPRINTF=0; AC_SUBST([REPLACE_VPRINTF])
+ REPLACE_VSNPRINTF=0; AC_SUBST([REPLACE_VSNPRINTF])
+ REPLACE_VSPRINTF=0; AC_SUBST([REPLACE_VSPRINTF])
+])
+
+dnl Code shared by fseeko and ftello. Determine if large files are supported,
+dnl but stdin does not start as a large file by default.
+AC_DEFUN([gl_STDIN_LARGE_OFFSET],
+ [
+ AC_CACHE_CHECK([whether stdin defaults to large file offsets],
+ [gl_cv_var_stdin_large_offset],
+ [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>]],
+[[#if defined __SL64 && defined __SCLE /* cygwin */
+ /* Cygwin 1.5.24 and earlier fail to put stdin in 64-bit mode, making
+ fseeko/ftello needlessly fail. This bug was fixed in 1.5.25, and
+ it is easier to do a version check than building a runtime test. */
+# include <cygwin/version.h>
+# if CYGWIN_VERSION_DLL_COMBINED < CYGWIN_VERSION_DLL_MAKE_COMBINED (1005, 25)
+ choke me
+# endif
+#endif]])],
+ [gl_cv_var_stdin_large_offset=yes],
+ [gl_cv_var_stdin_large_offset=no])])
+])
--- /dev/null
+# stdlib_h.m4 serial 36
+dnl Copyright (C) 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_STDLIB_H],
+[
+ AC_REQUIRE([gl_STDLIB_H_DEFAULTS])
+ gl_NEXT_HEADERS([stdlib.h])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use, and which is not
+ dnl guaranteed by C89.
+ gl_WARN_ON_USE_PREPARE([[#include <stdlib.h>
+#if HAVE_SYS_LOADAVG_H
+# include <sys/loadavg.h>
+#endif
+#if HAVE_RANDOM_H
+# include <random.h>
+#endif
+ ]], [_Exit atoll canonicalize_file_name getloadavg getsubopt grantpt mkdtemp
+ mkostemp mkostemps mkstemp mkstemps ptsname random_r initstat_r srandom_r
+ setstate_r realpath rpmatch setenv strtod strtoll strtoull unlockpt
+ unsetenv])
+])
+
+AC_DEFUN([gl_STDLIB_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_STDLIB_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_STDLIB_H_DEFAULTS],
+[
+ GNULIB__EXIT=0; AC_SUBST([GNULIB__EXIT])
+ GNULIB_ATOLL=0; AC_SUBST([GNULIB_ATOLL])
+ GNULIB_CALLOC_POSIX=0; AC_SUBST([GNULIB_CALLOC_POSIX])
+ GNULIB_CANONICALIZE_FILE_NAME=0; AC_SUBST([GNULIB_CANONICALIZE_FILE_NAME])
+ GNULIB_GETLOADAVG=0; AC_SUBST([GNULIB_GETLOADAVG])
+ GNULIB_GETSUBOPT=0; AC_SUBST([GNULIB_GETSUBOPT])
+ GNULIB_GRANTPT=0; AC_SUBST([GNULIB_GRANTPT])
+ GNULIB_MALLOC_POSIX=0; AC_SUBST([GNULIB_MALLOC_POSIX])
+ GNULIB_MKDTEMP=0; AC_SUBST([GNULIB_MKDTEMP])
+ GNULIB_MKOSTEMP=0; AC_SUBST([GNULIB_MKOSTEMP])
+ GNULIB_MKOSTEMPS=0; AC_SUBST([GNULIB_MKOSTEMPS])
+ GNULIB_MKSTEMP=0; AC_SUBST([GNULIB_MKSTEMP])
+ GNULIB_MKSTEMPS=0; AC_SUBST([GNULIB_MKSTEMPS])
+ GNULIB_PTSNAME=0; AC_SUBST([GNULIB_PTSNAME])
+ GNULIB_PUTENV=0; AC_SUBST([GNULIB_PUTENV])
+ GNULIB_RANDOM_R=0; AC_SUBST([GNULIB_RANDOM_R])
+ GNULIB_REALLOC_POSIX=0; AC_SUBST([GNULIB_REALLOC_POSIX])
+ GNULIB_REALPATH=0; AC_SUBST([GNULIB_REALPATH])
+ GNULIB_RPMATCH=0; AC_SUBST([GNULIB_RPMATCH])
+ GNULIB_SETENV=0; AC_SUBST([GNULIB_SETENV])
+ GNULIB_STRTOD=0; AC_SUBST([GNULIB_STRTOD])
+ GNULIB_STRTOLL=0; AC_SUBST([GNULIB_STRTOLL])
+ GNULIB_STRTOULL=0; AC_SUBST([GNULIB_STRTOULL])
+ GNULIB_SYSTEM_POSIX=0; AC_SUBST([GNULIB_SYSTEM_POSIX])
+ GNULIB_UNLOCKPT=0; AC_SUBST([GNULIB_UNLOCKPT])
+ GNULIB_UNSETENV=0; AC_SUBST([GNULIB_UNSETENV])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE__EXIT=1; AC_SUBST([HAVE__EXIT])
+ HAVE_ATOLL=1; AC_SUBST([HAVE_ATOLL])
+ HAVE_CANONICALIZE_FILE_NAME=1; AC_SUBST([HAVE_CANONICALIZE_FILE_NAME])
+ HAVE_DECL_GETLOADAVG=1; AC_SUBST([HAVE_DECL_GETLOADAVG])
+ HAVE_GETSUBOPT=1; AC_SUBST([HAVE_GETSUBOPT])
+ HAVE_GRANTPT=1; AC_SUBST([HAVE_GRANTPT])
+ HAVE_MKDTEMP=1; AC_SUBST([HAVE_MKDTEMP])
+ HAVE_MKOSTEMP=1; AC_SUBST([HAVE_MKOSTEMP])
+ HAVE_MKOSTEMPS=1; AC_SUBST([HAVE_MKOSTEMPS])
+ HAVE_MKSTEMP=1; AC_SUBST([HAVE_MKSTEMP])
+ HAVE_MKSTEMPS=1; AC_SUBST([HAVE_MKSTEMPS])
+ HAVE_PTSNAME=1; AC_SUBST([HAVE_PTSNAME])
+ HAVE_RANDOM_H=1; AC_SUBST([HAVE_RANDOM_H])
+ HAVE_RANDOM_R=1; AC_SUBST([HAVE_RANDOM_R])
+ HAVE_REALPATH=1; AC_SUBST([HAVE_REALPATH])
+ HAVE_RPMATCH=1; AC_SUBST([HAVE_RPMATCH])
+ HAVE_SETENV=1; AC_SUBST([HAVE_SETENV])
+ HAVE_DECL_SETENV=1; AC_SUBST([HAVE_DECL_SETENV])
+ HAVE_STRTOD=1; AC_SUBST([HAVE_STRTOD])
+ HAVE_STRTOLL=1; AC_SUBST([HAVE_STRTOLL])
+ HAVE_STRTOULL=1; AC_SUBST([HAVE_STRTOULL])
+ HAVE_STRUCT_RANDOM_DATA=1; AC_SUBST([HAVE_STRUCT_RANDOM_DATA])
+ HAVE_SYS_LOADAVG_H=0; AC_SUBST([HAVE_SYS_LOADAVG_H])
+ HAVE_UNLOCKPT=1; AC_SUBST([HAVE_UNLOCKPT])
+ HAVE_DECL_UNSETENV=1; AC_SUBST([HAVE_DECL_UNSETENV])
+ REPLACE_CALLOC=0; AC_SUBST([REPLACE_CALLOC])
+ REPLACE_CANONICALIZE_FILE_NAME=0; AC_SUBST([REPLACE_CANONICALIZE_FILE_NAME])
+ REPLACE_MALLOC=0; AC_SUBST([REPLACE_MALLOC])
+ REPLACE_MKSTEMP=0; AC_SUBST([REPLACE_MKSTEMP])
+ REPLACE_PUTENV=0; AC_SUBST([REPLACE_PUTENV])
+ REPLACE_REALLOC=0; AC_SUBST([REPLACE_REALLOC])
+ REPLACE_REALPATH=0; AC_SUBST([REPLACE_REALPATH])
+ REPLACE_SETENV=0; AC_SUBST([REPLACE_SETENV])
+ REPLACE_STRTOD=0; AC_SUBST([REPLACE_STRTOD])
+ REPLACE_UNSETENV=0; AC_SUBST([REPLACE_UNSETENV])
+])
--- /dev/null
+# strcase.m4 serial 10
+dnl Copyright (C) 2002, 2005-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_STRCASE],
+[
+ gl_FUNC_STRCASECMP
+ gl_FUNC_STRNCASECMP
+])
+
+AC_DEFUN([gl_FUNC_STRCASECMP],
+[
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ AC_REPLACE_FUNCS([strcasecmp])
+ if test $ac_cv_func_strcasecmp = no; then
+ HAVE_STRCASECMP=0
+ gl_PREREQ_STRCASECMP
+ fi
+])
+
+AC_DEFUN([gl_FUNC_STRNCASECMP],
+[
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ AC_REPLACE_FUNCS([strncasecmp])
+ if test $ac_cv_func_strncasecmp = no; then
+ gl_PREREQ_STRNCASECMP
+ fi
+ AC_CHECK_DECLS([strncasecmp])
+ if test $ac_cv_have_decl_strncasecmp = no; then
+ HAVE_DECL_STRNCASECMP=0
+ fi
+])
+
+# Prerequisites of lib/strcasecmp.c.
+AC_DEFUN([gl_PREREQ_STRCASECMP], [
+ :
+])
+
+# Prerequisites of lib/strncasecmp.c.
+AC_DEFUN([gl_PREREQ_STRNCASECMP], [
+ :
+])
--- /dev/null
+# Configure a GNU-like replacement for <string.h>.
+
+# Copyright (C) 2007-2011 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 19
+
+# Written by Paul Eggert.
+
+AC_DEFUN([gl_HEADER_STRING_H],
+[
+ dnl Use AC_REQUIRE here, so that the default behavior below is expanded
+ dnl once only, before all statements that occur in other macros.
+ AC_REQUIRE([gl_HEADER_STRING_H_BODY])
+])
+
+AC_DEFUN([gl_HEADER_STRING_H_BODY],
+[
+ AC_REQUIRE([AC_C_RESTRICT])
+ AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS])
+ gl_NEXT_HEADERS([string.h])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use, and which is not
+ dnl guaranteed by C89.
+ gl_WARN_ON_USE_PREPARE([[#include <string.h>
+ ]],
+ [memmem mempcpy memrchr rawmemchr stpcpy stpncpy strchrnul strdup
+ strncat strndup strnlen strpbrk strsep strcasestr strtok_r strerror_r
+ strsignal strverscmp])
+])
+
+AC_DEFUN([gl_STRING_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_HEADER_STRING_H_DEFAULTS],
+[
+ GNULIB_MEMCHR=0; AC_SUBST([GNULIB_MEMCHR])
+ GNULIB_MEMMEM=0; AC_SUBST([GNULIB_MEMMEM])
+ GNULIB_MEMPCPY=0; AC_SUBST([GNULIB_MEMPCPY])
+ GNULIB_MEMRCHR=0; AC_SUBST([GNULIB_MEMRCHR])
+ GNULIB_RAWMEMCHR=0; AC_SUBST([GNULIB_RAWMEMCHR])
+ GNULIB_STPCPY=0; AC_SUBST([GNULIB_STPCPY])
+ GNULIB_STPNCPY=0; AC_SUBST([GNULIB_STPNCPY])
+ GNULIB_STRCHRNUL=0; AC_SUBST([GNULIB_STRCHRNUL])
+ GNULIB_STRDUP=0; AC_SUBST([GNULIB_STRDUP])
+ GNULIB_STRNCAT=0; AC_SUBST([GNULIB_STRNCAT])
+ GNULIB_STRNDUP=0; AC_SUBST([GNULIB_STRNDUP])
+ GNULIB_STRNLEN=0; AC_SUBST([GNULIB_STRNLEN])
+ GNULIB_STRPBRK=0; AC_SUBST([GNULIB_STRPBRK])
+ GNULIB_STRSEP=0; AC_SUBST([GNULIB_STRSEP])
+ GNULIB_STRSTR=0; AC_SUBST([GNULIB_STRSTR])
+ GNULIB_STRCASESTR=0; AC_SUBST([GNULIB_STRCASESTR])
+ GNULIB_STRTOK_R=0; AC_SUBST([GNULIB_STRTOK_R])
+ GNULIB_MBSLEN=0; AC_SUBST([GNULIB_MBSLEN])
+ GNULIB_MBSNLEN=0; AC_SUBST([GNULIB_MBSNLEN])
+ GNULIB_MBSCHR=0; AC_SUBST([GNULIB_MBSCHR])
+ GNULIB_MBSRCHR=0; AC_SUBST([GNULIB_MBSRCHR])
+ GNULIB_MBSSTR=0; AC_SUBST([GNULIB_MBSSTR])
+ GNULIB_MBSCASECMP=0; AC_SUBST([GNULIB_MBSCASECMP])
+ GNULIB_MBSNCASECMP=0; AC_SUBST([GNULIB_MBSNCASECMP])
+ GNULIB_MBSPCASECMP=0; AC_SUBST([GNULIB_MBSPCASECMP])
+ GNULIB_MBSCASESTR=0; AC_SUBST([GNULIB_MBSCASESTR])
+ GNULIB_MBSCSPN=0; AC_SUBST([GNULIB_MBSCSPN])
+ GNULIB_MBSPBRK=0; AC_SUBST([GNULIB_MBSPBRK])
+ GNULIB_MBSSPN=0; AC_SUBST([GNULIB_MBSSPN])
+ GNULIB_MBSSEP=0; AC_SUBST([GNULIB_MBSSEP])
+ GNULIB_MBSTOK_R=0; AC_SUBST([GNULIB_MBSTOK_R])
+ GNULIB_STRERROR=0; AC_SUBST([GNULIB_STRERROR])
+ GNULIB_STRERROR_R=0; AC_SUBST([GNULIB_STRERROR_R])
+ GNULIB_STRSIGNAL=0; AC_SUBST([GNULIB_STRSIGNAL])
+ GNULIB_STRVERSCMP=0; AC_SUBST([GNULIB_STRVERSCMP])
+ HAVE_MBSLEN=0; AC_SUBST([HAVE_MBSLEN])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_MEMCHR=1; AC_SUBST([HAVE_MEMCHR])
+ HAVE_DECL_MEMMEM=1; AC_SUBST([HAVE_DECL_MEMMEM])
+ HAVE_MEMPCPY=1; AC_SUBST([HAVE_MEMPCPY])
+ HAVE_DECL_MEMRCHR=1; AC_SUBST([HAVE_DECL_MEMRCHR])
+ HAVE_RAWMEMCHR=1; AC_SUBST([HAVE_RAWMEMCHR])
+ HAVE_STPCPY=1; AC_SUBST([HAVE_STPCPY])
+ HAVE_STPNCPY=1; AC_SUBST([HAVE_STPNCPY])
+ HAVE_STRCHRNUL=1; AC_SUBST([HAVE_STRCHRNUL])
+ HAVE_DECL_STRDUP=1; AC_SUBST([HAVE_DECL_STRDUP])
+ HAVE_DECL_STRNDUP=1; AC_SUBST([HAVE_DECL_STRNDUP])
+ HAVE_DECL_STRNLEN=1; AC_SUBST([HAVE_DECL_STRNLEN])
+ HAVE_STRPBRK=1; AC_SUBST([HAVE_STRPBRK])
+ HAVE_STRSEP=1; AC_SUBST([HAVE_STRSEP])
+ HAVE_STRCASESTR=1; AC_SUBST([HAVE_STRCASESTR])
+ HAVE_DECL_STRTOK_R=1; AC_SUBST([HAVE_DECL_STRTOK_R])
+ HAVE_DECL_STRERROR_R=1; AC_SUBST([HAVE_DECL_STRERROR_R])
+ HAVE_DECL_STRSIGNAL=1; AC_SUBST([HAVE_DECL_STRSIGNAL])
+ HAVE_STRVERSCMP=1; AC_SUBST([HAVE_STRVERSCMP])
+ REPLACE_MEMCHR=0; AC_SUBST([REPLACE_MEMCHR])
+ REPLACE_MEMMEM=0; AC_SUBST([REPLACE_MEMMEM])
+ REPLACE_STPNCPY=0; AC_SUBST([REPLACE_STPNCPY])
+ REPLACE_STRDUP=0; AC_SUBST([REPLACE_STRDUP])
+ REPLACE_STRSTR=0; AC_SUBST([REPLACE_STRSTR])
+ REPLACE_STRCASESTR=0; AC_SUBST([REPLACE_STRCASESTR])
+ REPLACE_STRERROR=0; AC_SUBST([REPLACE_STRERROR])
+ REPLACE_STRERROR_R=0; AC_SUBST([REPLACE_STRERROR_R])
+ REPLACE_STRNCAT=0; AC_SUBST([REPLACE_STRNCAT])
+ REPLACE_STRNDUP=0; AC_SUBST([REPLACE_STRNDUP])
+ REPLACE_STRNLEN=0; AC_SUBST([REPLACE_STRNLEN])
+ REPLACE_STRSIGNAL=0; AC_SUBST([REPLACE_STRSIGNAL])
+ REPLACE_STRTOK_R=0; AC_SUBST([REPLACE_STRTOK_R])
+ UNDEFINE_STRTOK_R=0; AC_SUBST([UNDEFINE_STRTOK_R])
+])
--- /dev/null
+# Configure a replacement for <string.h>.
+# serial 3
+
+# Copyright (C) 2007, 2009-2011 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_HEADER_STRINGS_H],
+[
+ dnl Use AC_REQUIRE here, so that the default behavior below is expanded
+ dnl once only, before all statements that occur in other macros.
+ AC_REQUIRE([gl_HEADER_STRINGS_H_BODY])
+])
+
+AC_DEFUN([gl_HEADER_STRINGS_H_BODY],
+[
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ gl_CHECK_NEXT_HEADERS([strings.h])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use.
+ gl_WARN_ON_USE_PREPARE([[#include <strings.h>
+ ]], [strcasecmp strncasecmp])
+])
+
+AC_DEFUN([gl_STRINGS_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_HEADER_STRINGS_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+])
+
+AC_DEFUN([gl_HEADER_STRINGS_H_DEFAULTS],
+[
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_STRCASECMP=1; AC_SUBST([HAVE_STRCASECMP])
+ HAVE_DECL_STRNCASECMP=1; AC_SUBST([HAVE_DECL_STRNCASECMP])
+])
--- /dev/null
+# strverscmp.m4 serial 7
+dnl Copyright (C) 2002, 2005-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_STRVERSCMP],
+[
+ dnl Persuade glibc <string.h> to declare strverscmp().
+ AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+
+ AC_REQUIRE([gl_HEADER_STRING_H_DEFAULTS])
+ AC_REPLACE_FUNCS([strverscmp])
+ if test $ac_cv_func_strverscmp = no; then
+ gl_PREREQ_STRVERSCMP
+ HAVE_STRVERSCMP=0
+ fi
+])
+
+# Prerequisites of lib/strverscmp.c.
+AC_DEFUN([gl_PREREQ_STRVERSCMP], [
+ :
+])
--- /dev/null
+# sys_socket_h.m4 serial 21
+dnl Copyright (C) 2005-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Simon Josefsson.
+
+AC_DEFUN([gl_HEADER_SYS_SOCKET],
+[
+ AC_REQUIRE([gl_SYS_SOCKET_H_DEFAULTS])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_REQUIRE([AC_C_INLINE])
+
+ dnl On OSF/1, the functions recv(), send(), recvfrom(), sendto() have
+ dnl old-style declarations (with return type 'int' instead of 'ssize_t')
+ dnl unless _POSIX_PII_SOCKET is defined.
+ case "$host_os" in
+ osf*)
+ AC_DEFINE([_POSIX_PII_SOCKET], [1],
+ [Define to 1 in order to get the POSIX compatible declarations
+ of socket functions.])
+ ;;
+ esac
+
+ AC_CACHE_CHECK([whether <sys/socket.h> is self-contained],
+ [gl_cv_header_sys_socket_h_selfcontained],
+ [
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <sys/socket.h>]], [[]])],
+ [gl_cv_header_sys_socket_h_selfcontained=yes],
+ [gl_cv_header_sys_socket_h_selfcontained=no])
+ ])
+ if test $gl_cv_header_sys_socket_h_selfcontained = yes; then
+ dnl If the shutdown function exists, <sys/socket.h> should define
+ dnl SHUT_RD, SHUT_WR, SHUT_RDWR.
+ AC_CHECK_FUNCS([shutdown])
+ if test $ac_cv_func_shutdown = yes; then
+ AC_CACHE_CHECK([whether <sys/socket.h> defines the SHUT_* macros],
+ [gl_cv_header_sys_socket_h_shut],
+ [
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[#include <sys/socket.h>]],
+ [[int a[] = { SHUT_RD, SHUT_WR, SHUT_RDWR };]])],
+ [gl_cv_header_sys_socket_h_shut=yes],
+ [gl_cv_header_sys_socket_h_shut=no])
+ ])
+ if test $gl_cv_header_sys_socket_h_shut = no; then
+ SYS_SOCKET_H='sys/socket.h'
+ fi
+ fi
+ fi
+ # We need to check for ws2tcpip.h now.
+ gl_PREREQ_SYS_H_SOCKET
+ AC_CHECK_TYPES([struct sockaddr_storage, sa_family_t],,,[
+ /* sys/types.h is not needed according to POSIX, but the
+ sys/socket.h in i386-unknown-freebsd4.10 and
+ powerpc-apple-darwin5.5 required it. */
+#include <sys/types.h>
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+#ifdef HAVE_WS2TCPIP_H
+#include <ws2tcpip.h>
+#endif
+])
+ if test $ac_cv_type_struct_sockaddr_storage = no; then
+ HAVE_STRUCT_SOCKADDR_STORAGE=0
+ fi
+ if test $ac_cv_type_sa_family_t = no; then
+ HAVE_SA_FAMILY_T=0
+ fi
+ if test $ac_cv_type_struct_sockaddr_storage != no; then
+ AC_CHECK_MEMBERS([struct sockaddr_storage.ss_family],
+ [],
+ [HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY=0],
+ [#include <sys/types.h>
+ #ifdef HAVE_SYS_SOCKET_H
+ #include <sys/socket.h>
+ #endif
+ #ifdef HAVE_WS2TCPIP_H
+ #include <ws2tcpip.h>
+ #endif
+ ])
+ fi
+ if test $HAVE_STRUCT_SOCKADDR_STORAGE = 0 || test $HAVE_SA_FAMILY_T = 0 \
+ || test $HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = 0; then
+ SYS_SOCKET_H='sys/socket.h'
+ fi
+ gl_PREREQ_SYS_H_WINSOCK2
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use.
+ gl_WARN_ON_USE_PREPARE([[
+/* Some systems require prerequisite headers. */
+#include <sys/types.h>
+#include <sys/socket.h>
+ ]], [socket connect accept bind getpeername getsockname getsockopt
+ listen recv send recvfrom sendto setsockopt shutdown accept4])
+])
+
+AC_DEFUN([gl_PREREQ_SYS_H_SOCKET],
+[
+ dnl Check prerequisites of the <sys/socket.h> replacement.
+ gl_CHECK_NEXT_HEADERS([sys/socket.h])
+ if test $ac_cv_header_sys_socket_h = yes; then
+ HAVE_SYS_SOCKET_H=1
+ HAVE_WS2TCPIP_H=0
+ else
+ HAVE_SYS_SOCKET_H=0
+ dnl We cannot use AC_CHECK_HEADERS_ONCE here, because that would make
+ dnl the check for those headers unconditional; yet cygwin reports
+ dnl that the headers are present but cannot be compiled (since on
+ dnl cygwin, all socket information should come from sys/socket.h).
+ AC_CHECK_HEADERS([ws2tcpip.h])
+ if test $ac_cv_header_ws2tcpip_h = yes; then
+ HAVE_WS2TCPIP_H=1
+ else
+ HAVE_WS2TCPIP_H=0
+ fi
+ fi
+ AC_SUBST([HAVE_SYS_SOCKET_H])
+ AC_SUBST([HAVE_WS2TCPIP_H])
+])
+
+# Common prerequisites of the <sys/socket.h> replacement and of the
+# <sys/select.h> replacement.
+# Sets and substitutes HAVE_WINSOCK2_H.
+AC_DEFUN([gl_PREREQ_SYS_H_WINSOCK2],
+[
+ m4_ifdef([gl_UNISTD_H_DEFAULTS], [AC_REQUIRE([gl_UNISTD_H_DEFAULTS])])
+ m4_ifdef([gl_SYS_IOCTL_H_DEFAULTS], [AC_REQUIRE([gl_SYS_IOCTL_H_DEFAULTS])])
+ AC_CHECK_HEADERS_ONCE([sys/socket.h])
+ if test $ac_cv_header_sys_socket_h != yes; then
+ dnl We cannot use AC_CHECK_HEADERS_ONCE here, because that would make
+ dnl the check for those headers unconditional; yet cygwin reports
+ dnl that the headers are present but cannot be compiled (since on
+ dnl cygwin, all socket information should come from sys/socket.h).
+ AC_CHECK_HEADERS([winsock2.h])
+ fi
+ if test "$ac_cv_header_winsock2_h" = yes; then
+ HAVE_WINSOCK2_H=1
+ UNISTD_H_HAVE_WINSOCK2_H=1
+ SYS_IOCTL_H_HAVE_WINSOCK2_H=1
+ else
+ HAVE_WINSOCK2_H=0
+ fi
+ AC_SUBST([HAVE_WINSOCK2_H])
+])
+
+AC_DEFUN([gl_SYS_SOCKET_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_SYS_SOCKET_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_SYS_SOCKET_H_DEFAULTS],
+[
+ GNULIB_SOCKET=0; AC_SUBST([GNULIB_SOCKET])
+ GNULIB_CONNECT=0; AC_SUBST([GNULIB_CONNECT])
+ GNULIB_ACCEPT=0; AC_SUBST([GNULIB_ACCEPT])
+ GNULIB_BIND=0; AC_SUBST([GNULIB_BIND])
+ GNULIB_GETPEERNAME=0; AC_SUBST([GNULIB_GETPEERNAME])
+ GNULIB_GETSOCKNAME=0; AC_SUBST([GNULIB_GETSOCKNAME])
+ GNULIB_GETSOCKOPT=0; AC_SUBST([GNULIB_GETSOCKOPT])
+ GNULIB_LISTEN=0; AC_SUBST([GNULIB_LISTEN])
+ GNULIB_RECV=0; AC_SUBST([GNULIB_RECV])
+ GNULIB_SEND=0; AC_SUBST([GNULIB_SEND])
+ GNULIB_RECVFROM=0; AC_SUBST([GNULIB_RECVFROM])
+ GNULIB_SENDTO=0; AC_SUBST([GNULIB_SENDTO])
+ GNULIB_SETSOCKOPT=0; AC_SUBST([GNULIB_SETSOCKOPT])
+ GNULIB_SHUTDOWN=0; AC_SUBST([GNULIB_SHUTDOWN])
+ GNULIB_ACCEPT4=0; AC_SUBST([GNULIB_ACCEPT4])
+ HAVE_STRUCT_SOCKADDR_STORAGE=1; AC_SUBST([HAVE_STRUCT_SOCKADDR_STORAGE])
+ HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY=1;
+ AC_SUBST([HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY])
+ HAVE_SA_FAMILY_T=1; AC_SUBST([HAVE_SA_FAMILY_T])
+ HAVE_ACCEPT4=1; AC_SUBST([HAVE_ACCEPT4])
+])
--- /dev/null
+# sys_stat_h.m4 serial 24 -*- Autoconf -*-
+dnl Copyright (C) 2006-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Eric Blake.
+dnl Provide a GNU-like <sys/stat.h>.
+
+AC_DEFUN([gl_HEADER_SYS_STAT_H],
+[
+ AC_REQUIRE([gl_SYS_STAT_H_DEFAULTS])
+
+ dnl For the mkdir substitute.
+ AC_REQUIRE([AC_C_INLINE])
+
+ dnl Check for broken stat macros.
+ AC_REQUIRE([AC_HEADER_STAT])
+
+ gl_CHECK_NEXT_HEADERS([sys/stat.h])
+
+ dnl Define types that are supposed to be defined in <sys/types.h> or
+ dnl <sys/stat.h>.
+ AC_CHECK_TYPE([nlink_t], [],
+ [AC_DEFINE([nlink_t], [int],
+ [Define to the type of st_nlink in struct stat, or a supertype.])],
+ [#include <sys/types.h>
+ #include <sys/stat.h>])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use.
+ gl_WARN_ON_USE_PREPARE([[#include <sys/stat.h>
+ ]], [fchmodat fstatat futimens lchmod lstat mkdirat mkfifo mkfifoat
+ mknod mknodat stat utimensat])
+]) # gl_HEADER_SYS_STAT_H
+
+AC_DEFUN([gl_SYS_STAT_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_SYS_STAT_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_SYS_STAT_H_DEFAULTS],
+[
+ AC_REQUIRE([gl_UNISTD_H_DEFAULTS]) dnl for REPLACE_FCHDIR
+ GNULIB_FCHMODAT=0; AC_SUBST([GNULIB_FCHMODAT])
+ GNULIB_FSTATAT=0; AC_SUBST([GNULIB_FSTATAT])
+ GNULIB_FUTIMENS=0; AC_SUBST([GNULIB_FUTIMENS])
+ GNULIB_LCHMOD=0; AC_SUBST([GNULIB_LCHMOD])
+ GNULIB_LSTAT=0; AC_SUBST([GNULIB_LSTAT])
+ GNULIB_MKDIRAT=0; AC_SUBST([GNULIB_MKDIRAT])
+ GNULIB_MKFIFO=0; AC_SUBST([GNULIB_MKFIFO])
+ GNULIB_MKFIFOAT=0; AC_SUBST([GNULIB_MKFIFOAT])
+ GNULIB_MKNOD=0; AC_SUBST([GNULIB_MKNOD])
+ GNULIB_MKNODAT=0; AC_SUBST([GNULIB_MKNODAT])
+ GNULIB_STAT=0; AC_SUBST([GNULIB_STAT])
+ GNULIB_UTIMENSAT=0; AC_SUBST([GNULIB_UTIMENSAT])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_FCHMODAT=1; AC_SUBST([HAVE_FCHMODAT])
+ HAVE_FSTATAT=1; AC_SUBST([HAVE_FSTATAT])
+ HAVE_FUTIMENS=1; AC_SUBST([HAVE_FUTIMENS])
+ HAVE_LCHMOD=1; AC_SUBST([HAVE_LCHMOD])
+ HAVE_LSTAT=1; AC_SUBST([HAVE_LSTAT])
+ HAVE_MKDIRAT=1; AC_SUBST([HAVE_MKDIRAT])
+ HAVE_MKFIFO=1; AC_SUBST([HAVE_MKFIFO])
+ HAVE_MKFIFOAT=1; AC_SUBST([HAVE_MKFIFOAT])
+ HAVE_MKNOD=1; AC_SUBST([HAVE_MKNOD])
+ HAVE_MKNODAT=1; AC_SUBST([HAVE_MKNODAT])
+ HAVE_UTIMENSAT=1; AC_SUBST([HAVE_UTIMENSAT])
+ REPLACE_FSTAT=0; AC_SUBST([REPLACE_FSTAT])
+ REPLACE_FSTATAT=0; AC_SUBST([REPLACE_FSTATAT])
+ REPLACE_FUTIMENS=0; AC_SUBST([REPLACE_FUTIMENS])
+ REPLACE_LSTAT=0; AC_SUBST([REPLACE_LSTAT])
+ REPLACE_MKDIR=0; AC_SUBST([REPLACE_MKDIR])
+ REPLACE_MKFIFO=0; AC_SUBST([REPLACE_MKFIFO])
+ REPLACE_MKNOD=0; AC_SUBST([REPLACE_MKNOD])
+ REPLACE_STAT=0; AC_SUBST([REPLACE_STAT])
+ REPLACE_UTIMENSAT=0; AC_SUBST([REPLACE_UTIMENSAT])
+])
--- /dev/null
+# Configure a more-standard replacement for <time.h>.
+
+# Copyright (C) 2000-2001, 2003-2007, 2009-2011 Free Software Foundation, Inc.
+
+# serial 4
+
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# Written by Paul Eggert and Jim Meyering.
+
+AC_DEFUN([gl_HEADER_TIME_H],
+[
+ dnl Use AC_REQUIRE here, so that the default behavior below is expanded
+ dnl once only, before all statements that occur in other macros.
+ AC_REQUIRE([gl_HEADER_TIME_H_BODY])
+])
+
+AC_DEFUN([gl_HEADER_TIME_H_BODY],
+[
+ AC_REQUIRE([AC_C_RESTRICT])
+ AC_REQUIRE([gl_HEADER_TIME_H_DEFAULTS])
+ gl_NEXT_HEADERS([time.h])
+ AC_REQUIRE([gl_CHECK_TYPE_STRUCT_TIMESPEC])
+])
+
+dnl Define HAVE_STRUCT_TIMESPEC if `struct timespec' is declared
+dnl in time.h, sys/time.h, or pthread.h.
+
+AC_DEFUN([gl_CHECK_TYPE_STRUCT_TIMESPEC],
+[
+ AC_CHECK_HEADERS_ONCE([sys/time.h])
+ AC_CACHE_CHECK([for struct timespec in <time.h>],
+ [gl_cv_sys_struct_timespec_in_time_h],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <time.h>
+ ]],
+ [[static struct timespec x; x.tv_sec = x.tv_nsec;]])],
+ [gl_cv_sys_struct_timespec_in_time_h=yes],
+ [gl_cv_sys_struct_timespec_in_time_h=no])])
+
+ TIME_H_DEFINES_STRUCT_TIMESPEC=0
+ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC=0
+ PTHREAD_H_DEFINES_STRUCT_TIMESPEC=0
+ if test $gl_cv_sys_struct_timespec_in_time_h = yes; then
+ TIME_H_DEFINES_STRUCT_TIMESPEC=1
+ else
+ AC_CACHE_CHECK([for struct timespec in <sys/time.h>],
+ [gl_cv_sys_struct_timespec_in_sys_time_h],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <sys/time.h>
+ ]],
+ [[static struct timespec x; x.tv_sec = x.tv_nsec;]])],
+ [gl_cv_sys_struct_timespec_in_sys_time_h=yes],
+ [gl_cv_sys_struct_timespec_in_sys_time_h=no])])
+ if test $gl_cv_sys_struct_timespec_in_sys_time_h = yes; then
+ SYS_TIME_H_DEFINES_STRUCT_TIMESPEC=1
+ else
+ AC_CACHE_CHECK([for struct timespec in <pthread.h>],
+ [gl_cv_sys_struct_timespec_in_pthread_h],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <pthread.h>
+ ]],
+ [[static struct timespec x; x.tv_sec = x.tv_nsec;]])],
+ [gl_cv_sys_struct_timespec_in_pthread_h=yes],
+ [gl_cv_sys_struct_timespec_in_pthread_h=no])])
+ if test $gl_cv_sys_struct_timespec_in_pthread_h = yes; then
+ PTHREAD_H_DEFINES_STRUCT_TIMESPEC=1
+ fi
+ fi
+ fi
+ AC_SUBST([TIME_H_DEFINES_STRUCT_TIMESPEC])
+ AC_SUBST([SYS_TIME_H_DEFINES_STRUCT_TIMESPEC])
+ AC_SUBST([PTHREAD_H_DEFINES_STRUCT_TIMESPEC])
+])
+
+AC_DEFUN([gl_TIME_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_HEADER_TIME_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_HEADER_TIME_H_DEFAULTS],
+[
+ GNULIB_MKTIME=0; AC_SUBST([GNULIB_MKTIME])
+ GNULIB_NANOSLEEP=0; AC_SUBST([GNULIB_NANOSLEEP])
+ GNULIB_STRPTIME=0; AC_SUBST([GNULIB_STRPTIME])
+ GNULIB_TIMEGM=0; AC_SUBST([GNULIB_TIMEGM])
+ GNULIB_TIME_R=0; AC_SUBST([GNULIB_TIME_R])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_DECL_LOCALTIME_R=1; AC_SUBST([HAVE_DECL_LOCALTIME_R])
+ HAVE_NANOSLEEP=1; AC_SUBST([HAVE_NANOSLEEP])
+ HAVE_STRPTIME=1; AC_SUBST([HAVE_STRPTIME])
+ HAVE_TIMEGM=1; AC_SUBST([HAVE_TIMEGM])
+ dnl If another module says to replace or to not replace, do that.
+ dnl Otherwise, replace only if someone compiles with -DGNULIB_PORTCHECK;
+ dnl this lets maintainers check for portability.
+ REPLACE_LOCALTIME_R=GNULIB_PORTCHECK; AC_SUBST([REPLACE_LOCALTIME_R])
+ REPLACE_MKTIME=GNULIB_PORTCHECK; AC_SUBST([REPLACE_MKTIME])
+ REPLACE_NANOSLEEP=GNULIB_PORTCHECK; AC_SUBST([REPLACE_NANOSLEEP])
+ REPLACE_TIMEGM=GNULIB_PORTCHECK; AC_SUBST([REPLACE_TIMEGM])
+])
--- /dev/null
+dnl Reentrant time functions: localtime_r, gmtime_r.
+
+dnl Copyright (C) 2003, 2006-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Written by Paul Eggert.
+
+AC_DEFUN([gl_TIME_R],
+[
+ dnl Persuade glibc and Solaris <time.h> to declare localtime_r.
+ AC_REQUIRE([gl_USE_SYSTEM_EXTENSIONS])
+
+ AC_REQUIRE([gl_HEADER_TIME_H_DEFAULTS])
+ AC_REQUIRE([AC_C_RESTRICT])
+
+ dnl Some systems don't declare localtime_r() and gmtime_r() if _REENTRANT is
+ dnl not defined.
+ AC_CHECK_DECLS_ONCE([localtime_r])
+ if test $ac_cv_have_decl_localtime_r = no; then
+ HAVE_DECL_LOCALTIME_R=0
+ fi
+
+ AC_CHECK_FUNCS_ONCE([localtime_r])
+ if test $ac_cv_func_localtime_r = yes; then
+ HAVE_LOCALTIME_R=1
+ AC_CACHE_CHECK([whether localtime_r is compatible with its POSIX signature],
+ [gl_cv_time_r_posix],
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <time.h>]],
+ [[/* We don't need to append 'restrict's to the argument types,
+ even though the POSIX signature has the 'restrict's,
+ since C99 says they can't affect type compatibility. */
+ struct tm * (*ptr) (time_t const *, struct tm *) = localtime_r;
+ if (ptr) return 0;
+ /* Check the return type is a pointer.
+ On HP-UX 10 it is 'int'. */
+ *localtime_r (0, 0);]])
+ ],
+ [gl_cv_time_r_posix=yes],
+ [gl_cv_time_r_posix=no])
+ ])
+ if test $gl_cv_time_r_posix = yes; then
+ REPLACE_LOCALTIME_R=0
+ else
+ REPLACE_LOCALTIME_R=1
+ fi
+ else
+ HAVE_LOCALTIME_R=0
+ fi
+ if test $HAVE_LOCALTIME_R = 0 || test $REPLACE_LOCALTIME_R = 1; then
+ AC_LIBOBJ([time_r])
+ gl_PREREQ_TIME_R
+ fi
+])
+
+# Prerequisites of lib/time_r.c.
+AC_DEFUN([gl_PREREQ_TIME_R], [
+ :
+])
--- /dev/null
+# ungetc.m4 serial 2
+dnl Copyright (C) 2009-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN_ONCE([gl_FUNC_UNGETC_WORKS],
+[
+ AC_REQUIRE([AC_PROG_CC])
+
+ AC_CACHE_CHECK([whether ungetc works on arbitrary bytes],
+ [gl_cv_func_ungetc_works],
+ [AC_RUN_IFELSE([AC_LANG_PROGRAM([[
+#include <stdio.h>
+ ]], [FILE *f;
+ if (!(f = fopen ("conftest.tmp", "w+"))) return 1;
+ if (fputs ("abc", f) < 0) return 2;
+ rewind (f);
+ if (fgetc (f) != 'a') return 3;
+ if (fgetc (f) != 'b') return 4;
+ if (ungetc ('d', f) != 'd') return 5;
+ if (ftell (f) != 1) return 6;
+ if (fgetc (f) != 'd') return 7;
+ if (ftell (f) != 2) return 8;
+ if (fseek (f, 0, SEEK_CUR) != 0) return 9;
+ if (ftell (f) != 2) return 10;
+ if (fgetc (f) != 'c') return 11;
+ fclose (f); remove ("conftest.tmp");])],
+ [gl_cv_func_ungetc_works=yes], [gl_cv_func_ungetc_works=no],
+ [gl_cv_func_ungetc_works='guessing no'])
+ ])
+ if test "$gl_cv_func_ungetc_works" != yes; then
+ AC_DEFINE([FUNC_UNGETC_BROKEN], [1],
+ [Define to 1 if ungetc is broken when used on arbitrary bytes.])
+ fi
+])
--- /dev/null
+# unistd_h.m4 serial 53
+dnl Copyright (C) 2006-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Written by Simon Josefsson, Bruno Haible.
+
+AC_DEFUN([gl_UNISTD_H],
+[
+ dnl Use AC_REQUIRE here, so that the default behavior below is expanded
+ dnl once only, before all statements that occur in other macros.
+ AC_REQUIRE([gl_UNISTD_H_DEFAULTS])
+ AC_REQUIRE([AC_C_INLINE])
+
+ gl_CHECK_NEXT_HEADERS([unistd.h])
+ if test $ac_cv_header_unistd_h = yes; then
+ HAVE_UNISTD_H=1
+ else
+ HAVE_UNISTD_H=0
+ fi
+ AC_SUBST([HAVE_UNISTD_H])
+
+ dnl Check for declarations of anything we want to poison if the
+ dnl corresponding gnulib module is not in use.
+ gl_WARN_ON_USE_PREPARE([[#include <unistd.h>
+/* Some systems declare various items in the wrong headers. */
+#if !(defined __GLIBC__ && !defined __UCLIBC__)
+# include <fcntl.h>
+# include <stdio.h>
+# include <stdlib.h>
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+# include <io.h>
+# endif
+#endif
+ ]], [chown dup2 dup3 environ euidaccess faccessat fchdir fchownat
+ fsync ftruncate getcwd getdomainname getdtablesize getgroups
+ gethostname getlogin getlogin_r getpagesize getusershell setusershell
+ endusershell lchown link linkat lseek pipe pipe2 pread pwrite readlink
+ readlinkat rmdir sleep symlink symlinkat ttyname_r unlink unlinkat
+ usleep])
+])
+
+AC_DEFUN([gl_UNISTD_MODULE_INDICATOR],
+[
+ dnl Use AC_REQUIRE here, so that the default settings are expanded once only.
+ AC_REQUIRE([gl_UNISTD_H_DEFAULTS])
+ gl_MODULE_INDICATOR_SET_VARIABLE([$1])
+ dnl Define it also as a C macro, for the benefit of the unit tests.
+ gl_MODULE_INDICATOR_FOR_TESTS([$1])
+])
+
+AC_DEFUN([gl_UNISTD_H_DEFAULTS],
+[
+ GNULIB_CHOWN=0; AC_SUBST([GNULIB_CHOWN])
+ GNULIB_CLOSE=0; AC_SUBST([GNULIB_CLOSE])
+ GNULIB_DUP2=0; AC_SUBST([GNULIB_DUP2])
+ GNULIB_DUP3=0; AC_SUBST([GNULIB_DUP3])
+ GNULIB_ENVIRON=0; AC_SUBST([GNULIB_ENVIRON])
+ GNULIB_EUIDACCESS=0; AC_SUBST([GNULIB_EUIDACCESS])
+ GNULIB_FACCESSAT=0; AC_SUBST([GNULIB_FACCESSAT])
+ GNULIB_FCHDIR=0; AC_SUBST([GNULIB_FCHDIR])
+ GNULIB_FCHOWNAT=0; AC_SUBST([GNULIB_FCHOWNAT])
+ GNULIB_FSYNC=0; AC_SUBST([GNULIB_FSYNC])
+ GNULIB_FTRUNCATE=0; AC_SUBST([GNULIB_FTRUNCATE])
+ GNULIB_GETCWD=0; AC_SUBST([GNULIB_GETCWD])
+ GNULIB_GETDOMAINNAME=0; AC_SUBST([GNULIB_GETDOMAINNAME])
+ GNULIB_GETDTABLESIZE=0; AC_SUBST([GNULIB_GETDTABLESIZE])
+ GNULIB_GETGROUPS=0; AC_SUBST([GNULIB_GETGROUPS])
+ GNULIB_GETHOSTNAME=0; AC_SUBST([GNULIB_GETHOSTNAME])
+ GNULIB_GETLOGIN=0; AC_SUBST([GNULIB_GETLOGIN])
+ GNULIB_GETLOGIN_R=0; AC_SUBST([GNULIB_GETLOGIN_R])
+ GNULIB_GETPAGESIZE=0; AC_SUBST([GNULIB_GETPAGESIZE])
+ GNULIB_GETUSERSHELL=0; AC_SUBST([GNULIB_GETUSERSHELL])
+ GNULIB_LCHOWN=0; AC_SUBST([GNULIB_LCHOWN])
+ GNULIB_LINK=0; AC_SUBST([GNULIB_LINK])
+ GNULIB_LINKAT=0; AC_SUBST([GNULIB_LINKAT])
+ GNULIB_LSEEK=0; AC_SUBST([GNULIB_LSEEK])
+ GNULIB_PIPE=0; AC_SUBST([GNULIB_PIPE])
+ GNULIB_PIPE2=0; AC_SUBST([GNULIB_PIPE2])
+ GNULIB_PREAD=0; AC_SUBST([GNULIB_PREAD])
+ GNULIB_PWRITE=0; AC_SUBST([GNULIB_PWRITE])
+ GNULIB_READLINK=0; AC_SUBST([GNULIB_READLINK])
+ GNULIB_READLINKAT=0; AC_SUBST([GNULIB_READLINKAT])
+ GNULIB_RMDIR=0; AC_SUBST([GNULIB_RMDIR])
+ GNULIB_SLEEP=0; AC_SUBST([GNULIB_SLEEP])
+ GNULIB_SYMLINK=0; AC_SUBST([GNULIB_SYMLINK])
+ GNULIB_SYMLINKAT=0; AC_SUBST([GNULIB_SYMLINKAT])
+ GNULIB_TTYNAME_R=0; AC_SUBST([GNULIB_TTYNAME_R])
+ GNULIB_UNISTD_H_GETOPT=0; AC_SUBST([GNULIB_UNISTD_H_GETOPT])
+ GNULIB_UNISTD_H_SIGPIPE=0; AC_SUBST([GNULIB_UNISTD_H_SIGPIPE])
+ GNULIB_UNLINK=0; AC_SUBST([GNULIB_UNLINK])
+ GNULIB_UNLINKAT=0; AC_SUBST([GNULIB_UNLINKAT])
+ GNULIB_USLEEP=0; AC_SUBST([GNULIB_USLEEP])
+ GNULIB_WRITE=0; AC_SUBST([GNULIB_WRITE])
+ dnl Assume proper GNU behavior unless another module says otherwise.
+ HAVE_CHOWN=1; AC_SUBST([HAVE_CHOWN])
+ HAVE_DUP2=1; AC_SUBST([HAVE_DUP2])
+ HAVE_DUP3=1; AC_SUBST([HAVE_DUP3])
+ HAVE_EUIDACCESS=1; AC_SUBST([HAVE_EUIDACCESS])
+ HAVE_FACCESSAT=1; AC_SUBST([HAVE_FACCESSAT])
+ HAVE_FCHDIR=1; AC_SUBST([HAVE_FCHDIR])
+ HAVE_FCHOWNAT=1; AC_SUBST([HAVE_FCHOWNAT])
+ HAVE_FSYNC=1; AC_SUBST([HAVE_FSYNC])
+ HAVE_FTRUNCATE=1; AC_SUBST([HAVE_FTRUNCATE])
+ HAVE_GETDTABLESIZE=1; AC_SUBST([HAVE_GETDTABLESIZE])
+ HAVE_GETGROUPS=1; AC_SUBST([HAVE_GETGROUPS])
+ HAVE_GETHOSTNAME=1; AC_SUBST([HAVE_GETHOSTNAME])
+ HAVE_GETLOGIN=1; AC_SUBST([HAVE_GETLOGIN])
+ HAVE_GETPAGESIZE=1; AC_SUBST([HAVE_GETPAGESIZE])
+ HAVE_LCHOWN=1; AC_SUBST([HAVE_LCHOWN])
+ HAVE_LINK=1; AC_SUBST([HAVE_LINK])
+ HAVE_LINKAT=1; AC_SUBST([HAVE_LINKAT])
+ HAVE_PIPE=1; AC_SUBST([HAVE_PIPE])
+ HAVE_PIPE2=1; AC_SUBST([HAVE_PIPE2])
+ HAVE_PREAD=1; AC_SUBST([HAVE_PREAD])
+ HAVE_PWRITE=1; AC_SUBST([HAVE_PWRITE])
+ HAVE_READLINK=1; AC_SUBST([HAVE_READLINK])
+ HAVE_READLINKAT=1; AC_SUBST([HAVE_READLINKAT])
+ HAVE_SLEEP=1; AC_SUBST([HAVE_SLEEP])
+ HAVE_SYMLINK=1; AC_SUBST([HAVE_SYMLINK])
+ HAVE_SYMLINKAT=1; AC_SUBST([HAVE_SYMLINKAT])
+ HAVE_UNLINKAT=1; AC_SUBST([HAVE_UNLINKAT])
+ HAVE_USLEEP=1; AC_SUBST([HAVE_USLEEP])
+ HAVE_DECL_ENVIRON=1; AC_SUBST([HAVE_DECL_ENVIRON])
+ HAVE_DECL_FCHDIR=1; AC_SUBST([HAVE_DECL_FCHDIR])
+ HAVE_DECL_GETDOMAINNAME=1; AC_SUBST([HAVE_DECL_GETDOMAINNAME])
+ HAVE_DECL_GETLOGIN_R=1; AC_SUBST([HAVE_DECL_GETLOGIN_R])
+ HAVE_DECL_GETPAGESIZE=1; AC_SUBST([HAVE_DECL_GETPAGESIZE])
+ HAVE_DECL_GETUSERSHELL=1; AC_SUBST([HAVE_DECL_GETUSERSHELL])
+ HAVE_DECL_TTYNAME_R=1; AC_SUBST([HAVE_DECL_TTYNAME_R])
+ HAVE_OS_H=0; AC_SUBST([HAVE_OS_H])
+ HAVE_SYS_PARAM_H=0; AC_SUBST([HAVE_SYS_PARAM_H])
+ REPLACE_CHOWN=0; AC_SUBST([REPLACE_CHOWN])
+ REPLACE_CLOSE=0; AC_SUBST([REPLACE_CLOSE])
+ REPLACE_DUP=0; AC_SUBST([REPLACE_DUP])
+ REPLACE_DUP2=0; AC_SUBST([REPLACE_DUP2])
+ REPLACE_FCHOWNAT=0; AC_SUBST([REPLACE_FCHOWNAT])
+ REPLACE_GETCWD=0; AC_SUBST([REPLACE_GETCWD])
+ REPLACE_GETDOMAINNAME=0; AC_SUBST([REPLACE_GETDOMAINNAME])
+ REPLACE_GETLOGIN_R=0; AC_SUBST([REPLACE_GETLOGIN_R])
+ REPLACE_GETGROUPS=0; AC_SUBST([REPLACE_GETGROUPS])
+ REPLACE_GETPAGESIZE=0; AC_SUBST([REPLACE_GETPAGESIZE])
+ REPLACE_LCHOWN=0; AC_SUBST([REPLACE_LCHOWN])
+ REPLACE_LINK=0; AC_SUBST([REPLACE_LINK])
+ REPLACE_LINKAT=0; AC_SUBST([REPLACE_LINKAT])
+ REPLACE_LSEEK=0; AC_SUBST([REPLACE_LSEEK])
+ REPLACE_PREAD=0; AC_SUBST([REPLACE_PREAD])
+ REPLACE_PWRITE=0; AC_SUBST([REPLACE_PWRITE])
+ REPLACE_READLINK=0; AC_SUBST([REPLACE_READLINK])
+ REPLACE_RMDIR=0; AC_SUBST([REPLACE_RMDIR])
+ REPLACE_SLEEP=0; AC_SUBST([REPLACE_SLEEP])
+ REPLACE_SYMLINK=0; AC_SUBST([REPLACE_SYMLINK])
+ REPLACE_TTYNAME_R=0; AC_SUBST([REPLACE_TTYNAME_R])
+ REPLACE_UNLINK=0; AC_SUBST([REPLACE_UNLINK])
+ REPLACE_UNLINKAT=0; AC_SUBST([REPLACE_UNLINKAT])
+ REPLACE_USLEEP=0; AC_SUBST([REPLACE_USLEEP])
+ REPLACE_WRITE=0; AC_SUBST([REPLACE_WRITE])
+ UNISTD_H_HAVE_WINSOCK2_H=0; AC_SUBST([UNISTD_H_HAVE_WINSOCK2_H])
+ UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=0;
+ AC_SUBST([UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS])
+])
--- /dev/null
+# vasnprintf.m4 serial 32
+dnl Copyright (C) 2002-2004, 2006-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_VASNPRINTF],
+[
+ AC_CHECK_FUNCS_ONCE([vasnprintf])
+ if test $ac_cv_func_vasnprintf = no; then
+ gl_REPLACE_VASNPRINTF
+ fi
+])
+
+AC_DEFUN([gl_REPLACE_VASNPRINTF],
+[
+ AC_CHECK_FUNCS_ONCE([vasnprintf])
+ AC_LIBOBJ([vasnprintf])
+ AC_LIBOBJ([printf-args])
+ AC_LIBOBJ([printf-parse])
+ AC_LIBOBJ([asnprintf])
+ if test $ac_cv_func_vasnprintf = yes; then
+ AC_DEFINE([REPLACE_VASNPRINTF], [1],
+ [Define if vasnprintf exists but is overridden by gnulib.])
+ fi
+ gl_PREREQ_PRINTF_ARGS
+ gl_PREREQ_PRINTF_PARSE
+ gl_PREREQ_VASNPRINTF
+ gl_PREREQ_ASNPRINTF
+])
+
+# Prequisites of lib/printf-args.h, lib/printf-args.c.
+AC_DEFUN([gl_PREREQ_PRINTF_ARGS],
+[
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
+])
+
+# Prequisites of lib/printf-parse.h, lib/printf-parse.c.
+AC_DEFUN([gl_PREREQ_PRINTF_PARSE],
+[
+ AC_REQUIRE([gl_FEATURES_H])
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
+ AC_REQUIRE([AC_TYPE_SIZE_T])
+ AC_CHECK_TYPE([ptrdiff_t], ,
+ [AC_DEFINE([ptrdiff_t], [long],
+ [Define as the type of the result of subtracting two pointers, if the system doesn't define it.])
+ ])
+ AC_REQUIRE([gt_AC_TYPE_INTMAX_T])
+])
+
+# Prerequisites of lib/vasnprintf.c.
+AC_DEFUN_ONCE([gl_PREREQ_VASNPRINTF],
+[
+ AC_REQUIRE([AC_C_INLINE])
+ AC_REQUIRE([AC_FUNC_ALLOCA])
+ AC_REQUIRE([AC_TYPE_LONG_LONG_INT])
+ AC_REQUIRE([gt_TYPE_WCHAR_T])
+ AC_REQUIRE([gt_TYPE_WINT_T])
+ AC_CHECK_FUNCS([snprintf strnlen wcslen wcsnlen mbrtowc wcrtomb])
+ dnl Use the _snprintf function only if it is declared (because on NetBSD it
+ dnl is defined as a weak alias of snprintf; we prefer to use the latter).
+ AC_CHECK_DECLS([_snprintf], , , [#include <stdio.h>])
+ dnl We can avoid a lot of code by assuming that snprintf's return value
+ dnl conforms to ISO C99. So check that.
+ AC_REQUIRE([gl_SNPRINTF_RETVAL_C99])
+ case "$gl_cv_func_snprintf_retval_c99" in
+ *yes)
+ AC_DEFINE([HAVE_SNPRINTF_RETVAL_C99], [1],
+ [Define if the return value of the snprintf function is the number of
+ of bytes (excluding the terminating NUL) that would have been produced
+ if the buffer had been large enough.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting 'long double'
+# arguments.
+AC_DEFUN_ONCE([gl_PREREQ_VASNPRINTF_LONG_DOUBLE],
+[
+ AC_REQUIRE([gl_PRINTF_LONG_DOUBLE])
+ case "$gl_cv_func_printf_long_double" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_LONG_DOUBLE], [1],
+ [Define if the vasnprintf implementation needs special code for
+ 'long double' arguments.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting infinite 'double'
+# arguments.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_INFINITE_DOUBLE],
+[
+ AC_REQUIRE([gl_PRINTF_INFINITE])
+ case "$gl_cv_func_printf_infinite" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_INFINITE_DOUBLE], [1],
+ [Define if the vasnprintf implementation needs special code for
+ infinite 'double' arguments.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting infinite 'long double'
+# arguments.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_INFINITE_LONG_DOUBLE],
+[
+ AC_REQUIRE([gl_PRINTF_INFINITE_LONG_DOUBLE])
+ dnl There is no need to set NEED_PRINTF_INFINITE_LONG_DOUBLE if
+ dnl NEED_PRINTF_LONG_DOUBLE is already set.
+ AC_REQUIRE([gl_PREREQ_VASNPRINTF_LONG_DOUBLE])
+ case "$gl_cv_func_printf_long_double" in
+ *yes)
+ case "$gl_cv_func_printf_infinite_long_double" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_INFINITE_LONG_DOUBLE], [1],
+ [Define if the vasnprintf implementation needs special code for
+ infinite 'long double' arguments.])
+ ;;
+ esac
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting the 'a' directive.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_DIRECTIVE_A],
+[
+ AC_REQUIRE([gl_PRINTF_DIRECTIVE_A])
+ case "$gl_cv_func_printf_directive_a" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_DIRECTIVE_A], [1],
+ [Define if the vasnprintf implementation needs special code for
+ the 'a' and 'A' directives.])
+ AC_CHECK_FUNCS([nl_langinfo])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting the 'F' directive.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_DIRECTIVE_F],
+[
+ AC_REQUIRE([gl_PRINTF_DIRECTIVE_F])
+ case "$gl_cv_func_printf_directive_f" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_DIRECTIVE_F], [1],
+ [Define if the vasnprintf implementation needs special code for
+ the 'F' directive.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting the 'ls' directive.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_DIRECTIVE_LS],
+[
+ AC_REQUIRE([gl_PRINTF_DIRECTIVE_LS])
+ case "$gl_cv_func_printf_directive_ls" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_DIRECTIVE_LS], [1],
+ [Define if the vasnprintf implementation needs special code for
+ the 'ls' directive.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting the ' flag.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_FLAG_GROUPING],
+[
+ AC_REQUIRE([gl_PRINTF_FLAG_GROUPING])
+ case "$gl_cv_func_printf_flag_grouping" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_FLAG_GROUPING], [1],
+ [Define if the vasnprintf implementation needs special code for the
+ ' flag.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting the '-' flag.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_FLAG_LEFTADJUST],
+[
+ AC_REQUIRE([gl_PRINTF_FLAG_LEFTADJUST])
+ case "$gl_cv_func_printf_flag_leftadjust" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_FLAG_LEFTADJUST], [1],
+ [Define if the vasnprintf implementation needs special code for the
+ '-' flag.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting the 0 flag.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_FLAG_ZERO],
+[
+ AC_REQUIRE([gl_PRINTF_FLAG_ZERO])
+ case "$gl_cv_func_printf_flag_zero" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_FLAG_ZERO], [1],
+ [Define if the vasnprintf implementation needs special code for the
+ 0 flag.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for supporting large precisions.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_PRECISION],
+[
+ AC_REQUIRE([gl_PRINTF_PRECISION])
+ case "$gl_cv_func_printf_precision" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_UNBOUNDED_PRECISION], [1],
+ [Define if the vasnprintf implementation needs special code for
+ supporting large precisions without arbitrary bounds.])
+ AC_DEFINE([NEED_PRINTF_DOUBLE], [1],
+ [Define if the vasnprintf implementation needs special code for
+ 'double' arguments.])
+ AC_DEFINE([NEED_PRINTF_LONG_DOUBLE], [1],
+ [Define if the vasnprintf implementation needs special code for
+ 'long double' arguments.])
+ ;;
+ esac
+])
+
+# Extra prerequisites of lib/vasnprintf.c for surviving out-of-memory
+# conditions.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_ENOMEM],
+[
+ AC_REQUIRE([gl_PRINTF_ENOMEM])
+ case "$gl_cv_func_printf_enomem" in
+ *yes)
+ ;;
+ *)
+ AC_DEFINE([NEED_PRINTF_ENOMEM], [1],
+ [Define if the vasnprintf implementation needs special code for
+ surviving out-of-memory conditions.])
+ AC_DEFINE([NEED_PRINTF_DOUBLE], [1],
+ [Define if the vasnprintf implementation needs special code for
+ 'double' arguments.])
+ AC_DEFINE([NEED_PRINTF_LONG_DOUBLE], [1],
+ [Define if the vasnprintf implementation needs special code for
+ 'long double' arguments.])
+ ;;
+ esac
+])
+
+# Prerequisites of lib/vasnprintf.c including all extras for POSIX compliance.
+AC_DEFUN([gl_PREREQ_VASNPRINTF_WITH_EXTRAS],
+[
+ AC_REQUIRE([gl_PREREQ_VASNPRINTF])
+ gl_PREREQ_VASNPRINTF_LONG_DOUBLE
+ gl_PREREQ_VASNPRINTF_INFINITE_DOUBLE
+ gl_PREREQ_VASNPRINTF_INFINITE_LONG_DOUBLE
+ gl_PREREQ_VASNPRINTF_DIRECTIVE_A
+ gl_PREREQ_VASNPRINTF_DIRECTIVE_F
+ gl_PREREQ_VASNPRINTF_DIRECTIVE_LS
+ gl_PREREQ_VASNPRINTF_FLAG_GROUPING
+ gl_PREREQ_VASNPRINTF_FLAG_LEFTADJUST
+ gl_PREREQ_VASNPRINTF_FLAG_ZERO
+ gl_PREREQ_VASNPRINTF_PRECISION
+ gl_PREREQ_VASNPRINTF_ENOMEM
+])
+
+# Prerequisites of lib/asnprintf.c.
+AC_DEFUN([gl_PREREQ_ASNPRINTF],
+[
+])
--- /dev/null
+# vasprintf.m4 serial 6
+dnl Copyright (C) 2002-2003, 2006-2007, 2009-2011 Free Software Foundation,
+dnl Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_VASPRINTF],
+[
+ AC_CHECK_FUNCS([vasprintf])
+ if test $ac_cv_func_vasprintf = no; then
+ gl_REPLACE_VASPRINTF
+ fi
+])
+
+AC_DEFUN([gl_REPLACE_VASPRINTF],
+[
+ AC_LIBOBJ([vasprintf])
+ AC_LIBOBJ([asprintf])
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ if test $ac_cv_func_vasprintf = yes; then
+ REPLACE_VASPRINTF=1
+ else
+ HAVE_VASPRINTF=0
+ fi
+ gl_PREREQ_VASPRINTF_H
+ gl_PREREQ_VASPRINTF
+ gl_PREREQ_ASPRINTF
+])
+
+# Prerequisites of the vasprintf portion of lib/stdio.h.
+AC_DEFUN([gl_PREREQ_VASPRINTF_H],
+[
+ dnl Persuade glibc <stdio.h> to declare asprintf() and vasprintf().
+ AC_REQUIRE([AC_USE_SYSTEM_EXTENSIONS])
+])
+
+# Prerequisites of lib/vasprintf.c.
+AC_DEFUN([gl_PREREQ_VASPRINTF],
+[
+])
+
+# Prerequisites of lib/asprintf.c.
+AC_DEFUN([gl_PREREQ_ASPRINTF],
+[
+])
--- /dev/null
+# vsnprintf.m4 serial 5
+dnl Copyright (C) 2002-2004, 2007-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_VSNPRINTF],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ gl_cv_func_vsnprintf_usable=no
+ AC_CHECK_FUNCS([vsnprintf])
+ if test $ac_cv_func_vsnprintf = yes; then
+ gl_SNPRINTF_SIZE1
+ case "$gl_cv_func_snprintf_size1" in
+ *yes)
+ gl_SNPRINTF_RETVAL_C99
+ case "$gl_cv_func_snprintf_retval_c99" in
+ *yes)
+ gl_cv_func_vsnprintf_usable=yes
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ if test $gl_cv_func_vsnprintf_usable = no; then
+ gl_REPLACE_VSNPRINTF
+ fi
+ AC_CHECK_DECLS_ONCE([vsnprintf])
+ if test $ac_cv_have_decl_vsnprintf = no; then
+ HAVE_DECL_VSNPRINTF=0
+ fi
+])
+
+AC_DEFUN([gl_REPLACE_VSNPRINTF],
+[
+ AC_REQUIRE([gl_STDIO_H_DEFAULTS])
+ AC_LIBOBJ([vsnprintf])
+ if test $ac_cv_func_vsnprintf = yes; then
+ REPLACE_VSNPRINTF=1
+ fi
+ gl_PREREQ_VSNPRINTF
+])
+
+# Prerequisites of lib/vsnprintf.c.
+AC_DEFUN([gl_PREREQ_VSNPRINTF], [:])
--- /dev/null
+# warn-on-use.m4 serial 2
+dnl Copyright (C) 2010-2011 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+# gl_WARN_ON_USE_PREPARE(INCLUDES, NAMES)
+# ---------------------------------------
+# For each whitespace-separated element in the list of NAMES, define
+# HAVE_RAW_DECL_name if the function has a declaration among INCLUDES
+# even after being undefined as a macro.
+#
+# See warn-on-use.h for some hints on how to poison function names, as
+# well as ideas on poisoning global variables and macros. NAMES may
+# include global variables, but remember that only functions work with
+# _GL_WARN_ON_USE. Typically, INCLUDES only needs to list a single
+# header, but if the replacement header pulls in other headers because
+# some systems declare functions in the wrong header, then INCLUDES
+# should do likewise.
+#
+# If you assume C89, then it is generally safe to assume declarations
+# for functions declared in that standard (such as gets) without
+# needing gl_WARN_ON_USE_PREPARE.
+AC_DEFUN([gl_WARN_ON_USE_PREPARE],
+[
+ m4_foreach_w([gl_decl], [$2],
+ [AH_TEMPLATE([HAVE_RAW_DECL_]AS_TR_CPP(m4_defn([gl_decl])),
+ [Define to 1 if ]m4_defn([gl_decl])[ is declared even after
+ undefining macros.])])dnl
+ for gl_func in m4_flatten([$2]); do
+ AS_VAR_PUSHDEF([gl_Symbol], [gl_cv_have_raw_decl_$gl_func])dnl
+ AC_CACHE_CHECK([whether $gl_func is declared without a macro],
+ gl_Symbol,
+ [AC_COMPILE_IFELSE([AC_LANG_PROGRAM([$1],
+[@%:@undef $gl_func
+ (void) $gl_func;])],
+ [AS_VAR_SET(gl_Symbol, [yes])], [AS_VAR_SET(gl_Symbol, [no])])])
+ AS_VAR_IF(gl_Symbol, [yes],
+ [AC_DEFINE_UNQUOTED(AS_TR_CPP([HAVE_RAW_DECL_$gl_func]), [1])
+ dnl shortcut - if the raw declaration exists, then set a cache
+ dnl variable to allow skipping any later AC_CHECK_DECL efforts
+ eval ac_cv_have_decl_$gl_func=yes])
+ AS_VAR_POPDEF([gl_Symbol])dnl
+ done
+])
--- /dev/null
+/* malloc() function that is glibc compatible.
+
+ Copyright (C) 1997-1998, 2006-2007, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* written by Jim Meyering and Bruno Haible */
+
+#include <config.h>
+/* Only the AC_FUNC_MALLOC macro defines 'malloc' already in config.h. */
+#ifdef malloc
+# define NEED_MALLOC_GNU 1
+# undef malloc
+/* Whereas the gnulib module 'malloc-gnu' defines HAVE_MALLOC_GNU. */
+#elif GNULIB_MALLOC_GNU && !HAVE_MALLOC_GNU
+# define NEED_MALLOC_GNU 1
+#endif
+
+/* Specification. */
+#include <stdlib.h>
+
+#include <errno.h>
+
+/* Call the system's malloc below. */
+#undef malloc
+
+/* Allocate an N-byte block of memory from the heap.
+ If N is zero, allocate a 1-byte block. */
+
+void *
+rpl_malloc (size_t n)
+{
+ void *result;
+
+#if NEED_MALLOC_GNU
+ if (n == 0)
+ n = 1;
+#endif
+
+ result = malloc (n);
+
+#if !HAVE_MALLOC_POSIX
+ if (result == NULL)
+ errno = ENOMEM;
+#endif
+
+ return result;
+}
--- /dev/null
+/* Copyright (C) 1991, 1993, 1996-1997, 1999-2000, 2003-2004, 2006, 2008-2011
+ Free Software Foundation, Inc.
+
+ Based on strlen implementation by Torbjorn Granlund (tege@sics.se),
+ with help from Dan Sahlin (dan@sics.se) and
+ commentary by Jim Blandy (jimb@ai.mit.edu);
+ adaptation to memchr suggested by Dick Karpinski (dick@cca.ucsf.edu),
+ and implemented by Roland McGrath (roland@ai.mit.edu).
+
+NOTE: The canonical source of this file is maintained with the GNU C Library.
+Bugs can be reported to bug-glibc@prep.ai.mit.edu.
+
+This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU Lesser General Public License as published by the
+Free Software Foundation; either version 2.1 of the License, or any
+later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#ifndef _LIBC
+# include <config.h>
+#endif
+
+#include <string.h>
+
+#include <stddef.h>
+
+#if defined _LIBC
+# include <memcopy.h>
+#else
+# define reg_char char
+#endif
+
+#include <limits.h>
+
+#if HAVE_BP_SYM_H || defined _LIBC
+# include <bp-sym.h>
+#else
+# define BP_SYM(sym) sym
+#endif
+
+#undef __memchr
+#ifdef _LIBC
+# undef memchr
+#endif
+
+#ifndef weak_alias
+# define __memchr memchr
+#endif
+
+/* Search no more than N bytes of S for C. */
+void *
+__memchr (void const *s, int c_in, size_t n)
+{
+ /* On 32-bit hardware, choosing longword to be a 32-bit unsigned
+ long instead of a 64-bit uintmax_t tends to give better
+ performance. On 64-bit hardware, unsigned long is generally 64
+ bits already. Change this typedef to experiment with
+ performance. */
+ typedef unsigned long int longword;
+
+ const unsigned char *char_ptr;
+ const longword *longword_ptr;
+ longword repeated_one;
+ longword repeated_c;
+ unsigned reg_char c;
+
+ c = (unsigned char) c_in;
+
+ /* Handle the first few bytes by reading one byte at a time.
+ Do this until CHAR_PTR is aligned on a longword boundary. */
+ for (char_ptr = (const unsigned char *) s;
+ n > 0 && (size_t) char_ptr % sizeof (longword) != 0;
+ --n, ++char_ptr)
+ if (*char_ptr == c)
+ return (void *) char_ptr;
+
+ longword_ptr = (const longword *) char_ptr;
+
+ /* All these elucidatory comments refer to 4-byte longwords,
+ but the theory applies equally well to any size longwords. */
+
+ /* Compute auxiliary longword values:
+ repeated_one is a value which has a 1 in every byte.
+ repeated_c has c in every byte. */
+ repeated_one = 0x01010101;
+ repeated_c = c | (c << 8);
+ repeated_c |= repeated_c << 16;
+ if (0xffffffffU < (longword) -1)
+ {
+ repeated_one |= repeated_one << 31 << 1;
+ repeated_c |= repeated_c << 31 << 1;
+ if (8 < sizeof (longword))
+ {
+ size_t i;
+
+ for (i = 64; i < sizeof (longword) * 8; i *= 2)
+ {
+ repeated_one |= repeated_one << i;
+ repeated_c |= repeated_c << i;
+ }
+ }
+ }
+
+ /* Instead of the traditional loop which tests each byte, we will test a
+ longword at a time. The tricky part is testing if *any of the four*
+ bytes in the longword in question are equal to c. We first use an xor
+ with repeated_c. This reduces the task to testing whether *any of the
+ four* bytes in longword1 is zero.
+
+ We compute tmp =
+ ((longword1 - repeated_one) & ~longword1) & (repeated_one << 7).
+ That is, we perform the following operations:
+ 1. Subtract repeated_one.
+ 2. & ~longword1.
+ 3. & a mask consisting of 0x80 in every byte.
+ Consider what happens in each byte:
+ - If a byte of longword1 is zero, step 1 and 2 transform it into 0xff,
+ and step 3 transforms it into 0x80. A carry can also be propagated
+ to more significant bytes.
+ - If a byte of longword1 is nonzero, let its lowest 1 bit be at
+ position k (0 <= k <= 7); so the lowest k bits are 0. After step 1,
+ the byte ends in a single bit of value 0 and k bits of value 1.
+ After step 2, the result is just k bits of value 1: 2^k - 1. After
+ step 3, the result is 0. And no carry is produced.
+ So, if longword1 has only non-zero bytes, tmp is zero.
+ Whereas if longword1 has a zero byte, call j the position of the least
+ significant zero byte. Then the result has a zero at positions 0, ...,
+ j-1 and a 0x80 at position j. We cannot predict the result at the more
+ significant bytes (positions j+1..3), but it does not matter since we
+ already have a non-zero bit at position 8*j+7.
+
+ So, the test whether any byte in longword1 is zero is equivalent to
+ testing whether tmp is nonzero. */
+
+ while (n >= sizeof (longword))
+ {
+ longword longword1 = *longword_ptr ^ repeated_c;
+
+ if ((((longword1 - repeated_one) & ~longword1)
+ & (repeated_one << 7)) != 0)
+ break;
+ longword_ptr++;
+ n -= sizeof (longword);
+ }
+
+ char_ptr = (const unsigned char *) longword_ptr;
+
+ /* At this point, we know that either n < sizeof (longword), or one of the
+ sizeof (longword) bytes starting at char_ptr is == c. On little-endian
+ machines, we could determine the first such byte without any further
+ memory accesses, just by looking at the tmp result from the last loop
+ iteration. But this does not work on big-endian machines. Choose code
+ that works in both cases. */
+
+ for (; n > 0; --n, ++char_ptr)
+ {
+ if (*char_ptr == c)
+ return (void *) char_ptr;
+ }
+
+ return NULL;
+}
+#ifdef weak_alias
+weak_alias (__memchr, BP_SYM (memchr))
+#endif
--- /dev/null
+# Suppress a valgrind message about use of uninitialized memory in memchr().
+# POSIX states that when the character is found, memchr must not read extra
+# bytes in an overestimated length (for example, where memchr is used to
+# implement strnlen). However, we use a safe word read to provide a speedup.
+{
+ memchr-value4
+ Memcheck:Value4
+ fun:rpl_memchr
+}
+{
+ memchr-value8
+ Memcheck:Value8
+ fun:rpl_memchr
+}
--- /dev/null
+/* Copyright (C) 1991-1994, 1996-1998, 2000, 2004, 2007-2011 Free Software
+ Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* This particular implementation was written by Eric Blake, 2008. */
+
+#ifndef _LIBC
+# include <config.h>
+#endif
+
+/* Specification of memmem. */
+#include <string.h>
+
+#ifndef _LIBC
+# define __builtin_expect(expr, val) (expr)
+#endif
+
+#define RETURN_TYPE void *
+#define AVAILABLE(h, h_l, j, n_l) ((j) <= (h_l) - (n_l))
+#include "str-two-way.h"
+
+/* Return the first occurrence of NEEDLE in HAYSTACK. Return HAYSTACK
+ if NEEDLE_LEN is 0, otherwise NULL if NEEDLE is not found in
+ HAYSTACK. */
+void *
+memmem (const void *haystack_start, size_t haystack_len,
+ const void *needle_start, size_t needle_len)
+{
+ /* Abstract memory is considered to be an array of 'unsigned char' values,
+ not an array of 'char' values. See ISO C 99 section 6.2.6.1. */
+ const unsigned char *haystack = (const unsigned char *) haystack_start;
+ const unsigned char *needle = (const unsigned char *) needle_start;
+
+ if (needle_len == 0)
+ /* The first occurrence of the empty string is deemed to occur at
+ the beginning of the string. */
+ return (void *) haystack;
+
+ /* Sanity check, otherwise the loop might search through the whole
+ memory. */
+ if (__builtin_expect (haystack_len < needle_len, 0))
+ return NULL;
+
+ /* Use optimizations in memchr when possible, to reduce the search
+ size of haystack using a linear algorithm with a smaller
+ coefficient. However, avoid memchr for long needles, since we
+ can often achieve sublinear performance. */
+ if (needle_len < LONG_NEEDLE_THRESHOLD)
+ {
+ haystack = memchr (haystack, *needle, haystack_len);
+ if (!haystack || __builtin_expect (needle_len == 1, 0))
+ return (void *) haystack;
+ haystack_len -= haystack - (const unsigned char *) haystack_start;
+ if (haystack_len < needle_len)
+ return NULL;
+ return two_way_short_needle (haystack, haystack_len, needle, needle_len);
+ }
+ else
+ return two_way_long_needle (haystack, haystack_len, needle, needle_len);
+}
+
+#undef LONG_NEEDLE_THRESHOLD
--- /dev/null
+/* MIN, MAX macros.
+ Copyright (C) 1995, 1998, 2001, 2003, 2005, 2009-2011 Free Software
+ Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _MINMAX_H
+#define _MINMAX_H
+
+/* Note: MIN, MAX are also defined in <sys/param.h> on some systems
+ (glibc, IRIX, HP-UX, OSF/1). Therefore you might get warnings about
+ MIN, MAX macro redefinitions on some systems; the workaround is to
+ #include this file as the last one among the #include list. */
+
+/* Before we define the following symbols we get the <limits.h> file
+ since otherwise we get redefinitions on some systems if <limits.h> is
+ included after this file. Likewise for <sys/param.h>.
+ If more than one of these system headers define MIN and MAX, pick just
+ one of the headers (because the definitions most likely are the same). */
+#if HAVE_MINMAX_IN_LIMITS_H
+# include <limits.h>
+#elif HAVE_MINMAX_IN_SYS_PARAM_H
+# include <sys/param.h>
+#endif
+
+/* Note: MIN and MAX should be used with two arguments of the
+ same type. They might not return the minimum and maximum of their two
+ arguments, if the arguments have different types or have unusual
+ floating-point values. For example, on a typical host with 32-bit 'int',
+ 64-bit 'long long', and 64-bit IEEE 754 'double' types:
+
+ MAX (-1, 2147483648) returns 4294967295.
+ MAX (9007199254740992.0, 9007199254740993) returns 9007199254740992.0.
+ MAX (NaN, 0.0) returns 0.0.
+ MAX (+0.0, -0.0) returns -0.0.
+
+ and in each case the answer is in some sense bogus. */
+
+/* MAX(a,b) returns the maximum of A and B. */
+#ifndef MAX
+# define MAX(a,b) ((a) > (b) ? (a) : (b))
+#endif
+
+/* MIN(a,b) returns the minimum of A and B. */
+#ifndef MIN
+# define MIN(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+#endif /* _MINMAX_H */
--- /dev/null
+/* Provide a netdb.h header file for systems lacking it (read: MinGW).
+ Copyright (C) 2008-2011 Free Software Foundation, Inc.
+ Written by Simon Josefsson.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* This file is supposed to be used on platforms that lack <netdb.h>.
+ It is intended to provide definitions and prototypes needed by an
+ application. */
+
+#ifndef _GL_NETDB_H
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+#if @HAVE_NETDB_H@
+
+/* The include_next requires a split double-inclusion guard. */
+# @INCLUDE_NEXT@ @NEXT_NETDB_H@
+
+#endif
+
+#ifndef _GL_NETDB_H
+#define _GL_NETDB_H
+
+/* Get netdb.h definitions such as struct hostent for MinGW. */
+#include <sys/socket.h>
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+/* Declarations for a platform that lacks <netdb.h>, or where it is
+ incomplete. */
+
+#if @GNULIB_GETADDRINFO@
+
+# if !@HAVE_STRUCT_ADDRINFO@
+
+# if !GNULIB_defined_struct_addrinfo
+/* Structure to contain information about address of a service provider. */
+struct addrinfo
+{
+ int ai_flags; /* Input flags. */
+ int ai_family; /* Protocol family for socket. */
+ int ai_socktype; /* Socket type. */
+ int ai_protocol; /* Protocol for socket. */
+ socklen_t ai_addrlen; /* Length of socket address. */
+ struct sockaddr *ai_addr; /* Socket address for socket. */
+ char *ai_canonname; /* Canonical name for service location. */
+ struct addrinfo *ai_next; /* Pointer to next in list. */
+};
+# define GNULIB_defined_struct_addrinfo 1
+# endif
+# endif
+
+/* Possible values for `ai_flags' field in `addrinfo' structure. */
+# ifndef AI_PASSIVE
+# define AI_PASSIVE 0x0001 /* Socket address is intended for `bind'. */
+# endif
+# ifndef AI_CANONNAME
+# define AI_CANONNAME 0x0002 /* Request for canonical name. */
+# endif
+# ifndef AI_NUMERICSERV
+# define AI_NUMERICSERV 0x0400 /* Don't use name resolution. */
+# endif
+
+# if 0
+# define AI_NUMERICHOST 0x0004 /* Don't use name resolution. */
+# endif
+
+/* These symbolic constants are required to be present by POSIX, but
+ our getaddrinfo replacement doesn't use them (yet). Setting them
+ to 0 on systems that doesn't have them avoids causing problems for
+ system getaddrinfo implementations that would be confused by
+ unknown values. */
+# ifndef AI_V4MAPPED
+# define AI_V4MAPPED 0 /* 0x0008: IPv4 mapped addresses are acceptable. */
+# endif
+# ifndef AI_ALL
+# define AI_ALL 0 /* 0x0010: Return IPv4 mapped and IPv6 addresses. */
+# endif
+# ifndef AI_ADDRCONFIG
+# define AI_ADDRCONFIG 0 /* 0x0020: Use configuration of this host to choose
+ returned address type. */
+# endif
+
+/* Error values for `getaddrinfo' function. */
+# ifndef EAI_BADFLAGS
+# define EAI_BADFLAGS -1 /* Invalid value for `ai_flags' field. */
+# define EAI_NONAME -2 /* NAME or SERVICE is unknown. */
+# define EAI_AGAIN -3 /* Temporary failure in name resolution. */
+# define EAI_FAIL -4 /* Non-recoverable failure in name res. */
+# define EAI_NODATA -5 /* No address associated with NAME. */
+# define EAI_FAMILY -6 /* `ai_family' not supported. */
+# define EAI_SOCKTYPE -7 /* `ai_socktype' not supported. */
+# define EAI_SERVICE -8 /* SERVICE not supported for `ai_socktype'. */
+# define EAI_MEMORY -10 /* Memory allocation failure. */
+# endif
+
+/* Since EAI_NODATA is deprecated by RFC3493, some systems (at least
+ FreeBSD, which does define EAI_BADFLAGS) have removed the definition
+ in favor of EAI_NONAME. */
+# if !defined EAI_NODATA && defined EAI_NONAME
+# define EAI_NODATA EAI_NONAME
+# endif
+
+# ifndef EAI_OVERFLOW
+/* Not defined on mingw32 and Haiku. */
+# define EAI_OVERFLOW -12 /* Argument buffer overflow. */
+# endif
+# ifndef EAI_ADDRFAMILY
+/* Not defined on mingw32. */
+# define EAI_ADDRFAMILY -9 /* Address family for NAME not supported. */
+# endif
+# ifndef EAI_SYSTEM
+/* Not defined on mingw32. */
+# define EAI_SYSTEM -11 /* System error returned in `errno'. */
+# endif
+
+# if 0
+/* The commented out definitions below are not yet implemented in the
+ GNULIB getaddrinfo() replacement, so are not yet needed.
+
+ If they are restored, be sure to protect the definitions with #ifndef. */
+# ifndef EAI_INPROGRESS
+# define EAI_INPROGRESS -100 /* Processing request in progress. */
+# define EAI_CANCELED -101 /* Request canceled. */
+# define EAI_NOTCANCELED -102 /* Request not canceled. */
+# define EAI_ALLDONE -103 /* All requests done. */
+# define EAI_INTR -104 /* Interrupted by a signal. */
+# define EAI_IDN_ENCODE -105 /* IDN encoding failed. */
+# endif
+# endif
+
+# if !@HAVE_DECL_GETADDRINFO@
+/* Translate name of a service location and/or a service name to set of
+ socket addresses.
+ For more details, see the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/getaddrinfo.html>. */
+extern int getaddrinfo (const char *restrict nodename,
+ const char *restrict servname,
+ const struct addrinfo *restrict hints,
+ struct addrinfo **restrict res)
+ _GL_ARG_NONNULL ((4));
+# endif
+
+# if !@HAVE_DECL_FREEADDRINFO@
+/* Free `addrinfo' structure AI including associated storage.
+ For more details, see the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/getaddrinfo.html>. */
+extern void freeaddrinfo (struct addrinfo *ai) _GL_ARG_NONNULL ((1));
+# endif
+
+# if !@HAVE_DECL_GAI_STRERROR@
+/* Convert error return from getaddrinfo() to a string.
+ For more details, see the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/gai_strerror.html>. */
+extern const char *gai_strerror (int ecode);
+# endif
+
+# if !@HAVE_DECL_GETNAMEINFO@
+/* Convert socket address to printable node and service names.
+ For more details, see the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/getnameinfo.html>. */
+extern int getnameinfo (const struct sockaddr *restrict sa, socklen_t salen,
+ char *restrict node, socklen_t nodelen,
+ char *restrict service, socklen_t servicelen,
+ int flags)
+ _GL_ARG_NONNULL ((1));
+# endif
+
+/* Possible flags for getnameinfo. */
+# ifndef NI_NUMERICHOST
+# define NI_NUMERICHOST 1
+# endif
+# ifndef NI_NUMERICSERV
+# define NI_NUMERICSERV 2
+# endif
+
+#elif defined GNULIB_POSIXCHECK
+
+# undef getaddrinfo
+# if HAVE_RAW_DECL_GETADDRINFO
+_GL_WARN_ON_USE (getaddrinfo, "getaddrinfo is unportable - "
+ "use gnulib module getaddrinfo for portability");
+# endif
+
+# undef freeaddrinfo
+# if HAVE_RAW_DECL_FREEADDRINFO
+_GL_WARN_ON_USE (freeaddrinfo, "freeaddrinfo is unportable - "
+ "use gnulib module getaddrinfo for portability");
+# endif
+
+# undef gai_strerror
+# if HAVE_RAW_DECL_GAI_STRERROR
+_GL_WARN_ON_USE (gai_strerror, "gai_strerror is unportable - "
+ "use gnulib module getaddrinfo for portability");
+# endif
+
+# undef getnameinfo
+# if HAVE_RAW_DECL_GETNAMEINFO
+_GL_WARN_ON_USE (getnameinfo, "getnameinfo is unportable - "
+ "use gnulib module getaddrinfo for portability");
+# endif
+
+#endif
+
+#endif /* _GL_NETDB_H */
+#endif /* _GL_NETDB_H */
--- /dev/null
+/* Decomposed printf argument list.
+ Copyright (C) 1999, 2002-2003, 2005-2007, 2009-2011 Free Software
+ Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* This file can be parametrized with the following macros:
+ ENABLE_UNISTDIO Set to 1 to enable the unistdio extensions.
+ PRINTF_FETCHARGS Name of the function to be defined.
+ STATIC Set to 'static' to declare the function static. */
+
+#ifndef PRINTF_FETCHARGS
+# include <config.h>
+#endif
+
+/* Specification. */
+#ifndef PRINTF_FETCHARGS
+# include "printf-args.h"
+#endif
+
+#ifdef STATIC
+STATIC
+#endif
+int
+PRINTF_FETCHARGS (va_list args, arguments *a)
+{
+ size_t i;
+ argument *ap;
+
+ for (i = 0, ap = &a->arg[0]; i < a->count; i++, ap++)
+ switch (ap->type)
+ {
+ case TYPE_SCHAR:
+ ap->a.a_schar = va_arg (args, /*signed char*/ int);
+ break;
+ case TYPE_UCHAR:
+ ap->a.a_uchar = va_arg (args, /*unsigned char*/ int);
+ break;
+ case TYPE_SHORT:
+ ap->a.a_short = va_arg (args, /*short*/ int);
+ break;
+ case TYPE_USHORT:
+ ap->a.a_ushort = va_arg (args, /*unsigned short*/ int);
+ break;
+ case TYPE_INT:
+ ap->a.a_int = va_arg (args, int);
+ break;
+ case TYPE_UINT:
+ ap->a.a_uint = va_arg (args, unsigned int);
+ break;
+ case TYPE_LONGINT:
+ ap->a.a_longint = va_arg (args, long int);
+ break;
+ case TYPE_ULONGINT:
+ ap->a.a_ulongint = va_arg (args, unsigned long int);
+ break;
+#if HAVE_LONG_LONG_INT
+ case TYPE_LONGLONGINT:
+ ap->a.a_longlongint = va_arg (args, long long int);
+ break;
+ case TYPE_ULONGLONGINT:
+ ap->a.a_ulonglongint = va_arg (args, unsigned long long int);
+ break;
+#endif
+ case TYPE_DOUBLE:
+ ap->a.a_double = va_arg (args, double);
+ break;
+ case TYPE_LONGDOUBLE:
+ ap->a.a_longdouble = va_arg (args, long double);
+ break;
+ case TYPE_CHAR:
+ ap->a.a_char = va_arg (args, int);
+ break;
+#if HAVE_WINT_T
+ case TYPE_WIDE_CHAR:
+ /* Although ISO C 99 7.24.1.(2) says that wint_t is "unchanged by
+ default argument promotions", this is not the case in mingw32,
+ where wint_t is 'unsigned short'. */
+ ap->a.a_wide_char =
+ (sizeof (wint_t) < sizeof (int)
+ ? (wint_t) va_arg (args, int)
+ : va_arg (args, wint_t));
+ break;
+#endif
+ case TYPE_STRING:
+ ap->a.a_string = va_arg (args, const char *);
+ /* A null pointer is an invalid argument for "%s", but in practice
+ it occurs quite frequently in printf statements that produce
+ debug output. Use a fallback in this case. */
+ if (ap->a.a_string == NULL)
+ ap->a.a_string = "(NULL)";
+ break;
+#if HAVE_WCHAR_T
+ case TYPE_WIDE_STRING:
+ ap->a.a_wide_string = va_arg (args, const wchar_t *);
+ /* A null pointer is an invalid argument for "%ls", but in practice
+ it occurs quite frequently in printf statements that produce
+ debug output. Use a fallback in this case. */
+ if (ap->a.a_wide_string == NULL)
+ {
+ static const wchar_t wide_null_string[] =
+ {
+ (wchar_t)'(',
+ (wchar_t)'N', (wchar_t)'U', (wchar_t)'L', (wchar_t)'L',
+ (wchar_t)')',
+ (wchar_t)0
+ };
+ ap->a.a_wide_string = wide_null_string;
+ }
+ break;
+#endif
+ case TYPE_POINTER:
+ ap->a.a_pointer = va_arg (args, void *);
+ break;
+ case TYPE_COUNT_SCHAR_POINTER:
+ ap->a.a_count_schar_pointer = va_arg (args, signed char *);
+ break;
+ case TYPE_COUNT_SHORT_POINTER:
+ ap->a.a_count_short_pointer = va_arg (args, short *);
+ break;
+ case TYPE_COUNT_INT_POINTER:
+ ap->a.a_count_int_pointer = va_arg (args, int *);
+ break;
+ case TYPE_COUNT_LONGINT_POINTER:
+ ap->a.a_count_longint_pointer = va_arg (args, long int *);
+ break;
+#if HAVE_LONG_LONG_INT
+ case TYPE_COUNT_LONGLONGINT_POINTER:
+ ap->a.a_count_longlongint_pointer = va_arg (args, long long int *);
+ break;
+#endif
+#if ENABLE_UNISTDIO
+ /* The unistdio extensions. */
+ case TYPE_U8_STRING:
+ ap->a.a_u8_string = va_arg (args, const uint8_t *);
+ /* A null pointer is an invalid argument for "%U", but in practice
+ it occurs quite frequently in printf statements that produce
+ debug output. Use a fallback in this case. */
+ if (ap->a.a_u8_string == NULL)
+ {
+ static const uint8_t u8_null_string[] =
+ { '(', 'N', 'U', 'L', 'L', ')', 0 };
+ ap->a.a_u8_string = u8_null_string;
+ }
+ break;
+ case TYPE_U16_STRING:
+ ap->a.a_u16_string = va_arg (args, const uint16_t *);
+ /* A null pointer is an invalid argument for "%lU", but in practice
+ it occurs quite frequently in printf statements that produce
+ debug output. Use a fallback in this case. */
+ if (ap->a.a_u16_string == NULL)
+ {
+ static const uint16_t u16_null_string[] =
+ { '(', 'N', 'U', 'L', 'L', ')', 0 };
+ ap->a.a_u16_string = u16_null_string;
+ }
+ break;
+ case TYPE_U32_STRING:
+ ap->a.a_u32_string = va_arg (args, const uint32_t *);
+ /* A null pointer is an invalid argument for "%llU", but in practice
+ it occurs quite frequently in printf statements that produce
+ debug output. Use a fallback in this case. */
+ if (ap->a.a_u32_string == NULL)
+ {
+ static const uint32_t u32_null_string[] =
+ { '(', 'N', 'U', 'L', 'L', ')', 0 };
+ ap->a.a_u32_string = u32_null_string;
+ }
+ break;
+#endif
+ default:
+ /* Unknown type. */
+ return -1;
+ }
+ return 0;
+}
--- /dev/null
+/* Decomposed printf argument list.
+ Copyright (C) 1999, 2002-2003, 2006-2007, 2011 Free Software
+ Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _PRINTF_ARGS_H
+#define _PRINTF_ARGS_H
+
+/* This file can be parametrized with the following macros:
+ ENABLE_UNISTDIO Set to 1 to enable the unistdio extensions.
+ PRINTF_FETCHARGS Name of the function to be declared.
+ STATIC Set to 'static' to declare the function static. */
+
+/* Default parameters. */
+#ifndef PRINTF_FETCHARGS
+# define PRINTF_FETCHARGS printf_fetchargs
+#endif
+
+/* Get size_t. */
+#include <stddef.h>
+
+/* Get wchar_t. */
+#if HAVE_WCHAR_T
+# include <stddef.h>
+#endif
+
+/* Get wint_t. */
+#if HAVE_WINT_T
+# include <wchar.h>
+#endif
+
+/* Get va_list. */
+#include <stdarg.h>
+
+
+/* Argument types */
+typedef enum
+{
+ TYPE_NONE,
+ TYPE_SCHAR,
+ TYPE_UCHAR,
+ TYPE_SHORT,
+ TYPE_USHORT,
+ TYPE_INT,
+ TYPE_UINT,
+ TYPE_LONGINT,
+ TYPE_ULONGINT,
+#if HAVE_LONG_LONG_INT
+ TYPE_LONGLONGINT,
+ TYPE_ULONGLONGINT,
+#endif
+ TYPE_DOUBLE,
+ TYPE_LONGDOUBLE,
+ TYPE_CHAR,
+#if HAVE_WINT_T
+ TYPE_WIDE_CHAR,
+#endif
+ TYPE_STRING,
+#if HAVE_WCHAR_T
+ TYPE_WIDE_STRING,
+#endif
+ TYPE_POINTER,
+ TYPE_COUNT_SCHAR_POINTER,
+ TYPE_COUNT_SHORT_POINTER,
+ TYPE_COUNT_INT_POINTER,
+ TYPE_COUNT_LONGINT_POINTER
+#if HAVE_LONG_LONG_INT
+, TYPE_COUNT_LONGLONGINT_POINTER
+#endif
+#if ENABLE_UNISTDIO
+ /* The unistdio extensions. */
+, TYPE_U8_STRING
+, TYPE_U16_STRING
+, TYPE_U32_STRING
+#endif
+} arg_type;
+
+/* Polymorphic argument */
+typedef struct
+{
+ arg_type type;
+ union
+ {
+ signed char a_schar;
+ unsigned char a_uchar;
+ short a_short;
+ unsigned short a_ushort;
+ int a_int;
+ unsigned int a_uint;
+ long int a_longint;
+ unsigned long int a_ulongint;
+#if HAVE_LONG_LONG_INT
+ long long int a_longlongint;
+ unsigned long long int a_ulonglongint;
+#endif
+ float a_float;
+ double a_double;
+ long double a_longdouble;
+ int a_char;
+#if HAVE_WINT_T
+ wint_t a_wide_char;
+#endif
+ const char* a_string;
+#if HAVE_WCHAR_T
+ const wchar_t* a_wide_string;
+#endif
+ void* a_pointer;
+ signed char * a_count_schar_pointer;
+ short * a_count_short_pointer;
+ int * a_count_int_pointer;
+ long int * a_count_longint_pointer;
+#if HAVE_LONG_LONG_INT
+ long long int * a_count_longlongint_pointer;
+#endif
+#if ENABLE_UNISTDIO
+ /* The unistdio extensions. */
+ const uint8_t * a_u8_string;
+ const uint16_t * a_u16_string;
+ const uint32_t * a_u32_string;
+#endif
+ }
+ a;
+}
+argument;
+
+/* Number of directly allocated arguments (no malloc() needed). */
+#define N_DIRECT_ALLOC_ARGUMENTS 7
+
+typedef struct
+{
+ size_t count;
+ argument *arg;
+ argument direct_alloc_arg[N_DIRECT_ALLOC_ARGUMENTS];
+}
+arguments;
+
+
+/* Fetch the arguments, putting them into a. */
+#ifdef STATIC
+STATIC
+#else
+extern
+#endif
+int PRINTF_FETCHARGS (va_list args, arguments *a);
+
+#endif /* _PRINTF_ARGS_H */
--- /dev/null
+/* Formatted output to strings.
+ Copyright (C) 1999-2000, 2002-2003, 2006-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* This file can be parametrized with the following macros:
+ CHAR_T The element type of the format string.
+ CHAR_T_ONLY_ASCII Set to 1 to enable verification that all characters
+ in the format string are ASCII.
+ DIRECTIVE Structure denoting a format directive.
+ Depends on CHAR_T.
+ DIRECTIVES Structure denoting the set of format directives of a
+ format string. Depends on CHAR_T.
+ PRINTF_PARSE Function that parses a format string.
+ Depends on CHAR_T.
+ STATIC Set to 'static' to declare the function static.
+ ENABLE_UNISTDIO Set to 1 to enable the unistdio extensions. */
+
+#ifndef PRINTF_PARSE
+# include <config.h>
+#endif
+
+/* Specification. */
+#ifndef PRINTF_PARSE
+# include "printf-parse.h"
+#endif
+
+/* Default parameters. */
+#ifndef PRINTF_PARSE
+# define PRINTF_PARSE printf_parse
+# define CHAR_T char
+# define DIRECTIVE char_directive
+# define DIRECTIVES char_directives
+#endif
+
+/* Get size_t, NULL. */
+#include <stddef.h>
+
+/* Get intmax_t. */
+#if defined IN_LIBINTL || defined IN_LIBASPRINTF
+# if HAVE_STDINT_H_WITH_UINTMAX
+# include <stdint.h>
+# endif
+# if HAVE_INTTYPES_H_WITH_UINTMAX
+# include <inttypes.h>
+# endif
+#else
+# include <stdint.h>
+#endif
+
+/* malloc(), realloc(), free(). */
+#include <stdlib.h>
+
+/* memcpy(). */
+#include <string.h>
+
+/* errno. */
+#include <errno.h>
+
+/* Checked size_t computations. */
+#include "xsize.h"
+
+#if CHAR_T_ONLY_ASCII
+/* c_isascii(). */
+# include "c-ctype.h"
+#endif
+
+#ifdef STATIC
+STATIC
+#endif
+int
+PRINTF_PARSE (const CHAR_T *format, DIRECTIVES *d, arguments *a)
+{
+ const CHAR_T *cp = format; /* pointer into format */
+ size_t arg_posn = 0; /* number of regular arguments consumed */
+ size_t d_allocated; /* allocated elements of d->dir */
+ size_t a_allocated; /* allocated elements of a->arg */
+ size_t max_width_length = 0;
+ size_t max_precision_length = 0;
+
+ d->count = 0;
+ d_allocated = N_DIRECT_ALLOC_DIRECTIVES;
+ d->dir = d->direct_alloc_dir;
+
+ a->count = 0;
+ a_allocated = N_DIRECT_ALLOC_ARGUMENTS;
+ a->arg = a->direct_alloc_arg;
+
+#define REGISTER_ARG(_index_,_type_) \
+ { \
+ size_t n = (_index_); \
+ if (n >= a_allocated) \
+ { \
+ size_t memory_size; \
+ argument *memory; \
+ \
+ a_allocated = xtimes (a_allocated, 2); \
+ if (a_allocated <= n) \
+ a_allocated = xsum (n, 1); \
+ memory_size = xtimes (a_allocated, sizeof (argument)); \
+ if (size_overflow_p (memory_size)) \
+ /* Overflow, would lead to out of memory. */ \
+ goto out_of_memory; \
+ memory = (argument *) (a->arg != a->direct_alloc_arg \
+ ? realloc (a->arg, memory_size) \
+ : malloc (memory_size)); \
+ if (memory == NULL) \
+ /* Out of memory. */ \
+ goto out_of_memory; \
+ if (a->arg == a->direct_alloc_arg) \
+ memcpy (memory, a->arg, a->count * sizeof (argument)); \
+ a->arg = memory; \
+ } \
+ while (a->count <= n) \
+ a->arg[a->count++].type = TYPE_NONE; \
+ if (a->arg[n].type == TYPE_NONE) \
+ a->arg[n].type = (_type_); \
+ else if (a->arg[n].type != (_type_)) \
+ /* Ambiguous type for positional argument. */ \
+ goto error; \
+ }
+
+ while (*cp != '\0')
+ {
+ CHAR_T c = *cp++;
+ if (c == '%')
+ {
+ size_t arg_index = ARG_NONE;
+ DIRECTIVE *dp = &d->dir[d->count]; /* pointer to next directive */
+
+ /* Initialize the next directive. */
+ dp->dir_start = cp - 1;
+ dp->flags = 0;
+ dp->width_start = NULL;
+ dp->width_end = NULL;
+ dp->width_arg_index = ARG_NONE;
+ dp->precision_start = NULL;
+ dp->precision_end = NULL;
+ dp->precision_arg_index = ARG_NONE;
+ dp->arg_index = ARG_NONE;
+
+ /* Test for positional argument. */
+ if (*cp >= '0' && *cp <= '9')
+ {
+ const CHAR_T *np;
+
+ for (np = cp; *np >= '0' && *np <= '9'; np++)
+ ;
+ if (*np == '$')
+ {
+ size_t n = 0;
+
+ for (np = cp; *np >= '0' && *np <= '9'; np++)
+ n = xsum (xtimes (n, 10), *np - '0');
+ if (n == 0)
+ /* Positional argument 0. */
+ goto error;
+ if (size_overflow_p (n))
+ /* n too large, would lead to out of memory later. */
+ goto error;
+ arg_index = n - 1;
+ cp = np + 1;
+ }
+ }
+
+ /* Read the flags. */
+ for (;;)
+ {
+ if (*cp == '\'')
+ {
+ dp->flags |= FLAG_GROUP;
+ cp++;
+ }
+ else if (*cp == '-')
+ {
+ dp->flags |= FLAG_LEFT;
+ cp++;
+ }
+ else if (*cp == '+')
+ {
+ dp->flags |= FLAG_SHOWSIGN;
+ cp++;
+ }
+ else if (*cp == ' ')
+ {
+ dp->flags |= FLAG_SPACE;
+ cp++;
+ }
+ else if (*cp == '#')
+ {
+ dp->flags |= FLAG_ALT;
+ cp++;
+ }
+ else if (*cp == '0')
+ {
+ dp->flags |= FLAG_ZERO;
+ cp++;
+ }
+#if __GLIBC__ >= 2 && !defined __UCLIBC__
+ else if (*cp == 'I')
+ {
+ dp->flags |= FLAG_LOCALIZED;
+ cp++;
+ }
+#endif
+ else
+ break;
+ }
+
+ /* Parse the field width. */
+ if (*cp == '*')
+ {
+ dp->width_start = cp;
+ cp++;
+ dp->width_end = cp;
+ if (max_width_length < 1)
+ max_width_length = 1;
+
+ /* Test for positional argument. */
+ if (*cp >= '0' && *cp <= '9')
+ {
+ const CHAR_T *np;
+
+ for (np = cp; *np >= '0' && *np <= '9'; np++)
+ ;
+ if (*np == '$')
+ {
+ size_t n = 0;
+
+ for (np = cp; *np >= '0' && *np <= '9'; np++)
+ n = xsum (xtimes (n, 10), *np - '0');
+ if (n == 0)
+ /* Positional argument 0. */
+ goto error;
+ if (size_overflow_p (n))
+ /* n too large, would lead to out of memory later. */
+ goto error;
+ dp->width_arg_index = n - 1;
+ cp = np + 1;
+ }
+ }
+ if (dp->width_arg_index == ARG_NONE)
+ {
+ dp->width_arg_index = arg_posn++;
+ if (dp->width_arg_index == ARG_NONE)
+ /* arg_posn wrapped around. */
+ goto error;
+ }
+ REGISTER_ARG (dp->width_arg_index, TYPE_INT);
+ }
+ else if (*cp >= '0' && *cp <= '9')
+ {
+ size_t width_length;
+
+ dp->width_start = cp;
+ for (; *cp >= '0' && *cp <= '9'; cp++)
+ ;
+ dp->width_end = cp;
+ width_length = dp->width_end - dp->width_start;
+ if (max_width_length < width_length)
+ max_width_length = width_length;
+ }
+
+ /* Parse the precision. */
+ if (*cp == '.')
+ {
+ cp++;
+ if (*cp == '*')
+ {
+ dp->precision_start = cp - 1;
+ cp++;
+ dp->precision_end = cp;
+ if (max_precision_length < 2)
+ max_precision_length = 2;
+
+ /* Test for positional argument. */
+ if (*cp >= '0' && *cp <= '9')
+ {
+ const CHAR_T *np;
+
+ for (np = cp; *np >= '0' && *np <= '9'; np++)
+ ;
+ if (*np == '$')
+ {
+ size_t n = 0;
+
+ for (np = cp; *np >= '0' && *np <= '9'; np++)
+ n = xsum (xtimes (n, 10), *np - '0');
+ if (n == 0)
+ /* Positional argument 0. */
+ goto error;
+ if (size_overflow_p (n))
+ /* n too large, would lead to out of memory
+ later. */
+ goto error;
+ dp->precision_arg_index = n - 1;
+ cp = np + 1;
+ }
+ }
+ if (dp->precision_arg_index == ARG_NONE)
+ {
+ dp->precision_arg_index = arg_posn++;
+ if (dp->precision_arg_index == ARG_NONE)
+ /* arg_posn wrapped around. */
+ goto error;
+ }
+ REGISTER_ARG (dp->precision_arg_index, TYPE_INT);
+ }
+ else
+ {
+ size_t precision_length;
+
+ dp->precision_start = cp - 1;
+ for (; *cp >= '0' && *cp <= '9'; cp++)
+ ;
+ dp->precision_end = cp;
+ precision_length = dp->precision_end - dp->precision_start;
+ if (max_precision_length < precision_length)
+ max_precision_length = precision_length;
+ }
+ }
+
+ {
+ arg_type type;
+
+ /* Parse argument type/size specifiers. */
+ {
+ int flags = 0;
+
+ for (;;)
+ {
+ if (*cp == 'h')
+ {
+ flags |= (1 << (flags & 1));
+ cp++;
+ }
+ else if (*cp == 'L')
+ {
+ flags |= 4;
+ cp++;
+ }
+ else if (*cp == 'l')
+ {
+ flags += 8;
+ cp++;
+ }
+ else if (*cp == 'j')
+ {
+ if (sizeof (intmax_t) > sizeof (long))
+ {
+ /* intmax_t = long long */
+ flags += 16;
+ }
+ else if (sizeof (intmax_t) > sizeof (int))
+ {
+ /* intmax_t = long */
+ flags += 8;
+ }
+ cp++;
+ }
+ else if (*cp == 'z' || *cp == 'Z')
+ {
+ /* 'z' is standardized in ISO C 99, but glibc uses 'Z'
+ because the warning facility in gcc-2.95.2 understands
+ only 'Z' (see gcc-2.95.2/gcc/c-common.c:1784). */
+ if (sizeof (size_t) > sizeof (long))
+ {
+ /* size_t = long long */
+ flags += 16;
+ }
+ else if (sizeof (size_t) > sizeof (int))
+ {
+ /* size_t = long */
+ flags += 8;
+ }
+ cp++;
+ }
+ else if (*cp == 't')
+ {
+ if (sizeof (ptrdiff_t) > sizeof (long))
+ {
+ /* ptrdiff_t = long long */
+ flags += 16;
+ }
+ else if (sizeof (ptrdiff_t) > sizeof (int))
+ {
+ /* ptrdiff_t = long */
+ flags += 8;
+ }
+ cp++;
+ }
+#if defined __APPLE__ && defined __MACH__
+ /* On MacOS X 10.3, PRIdMAX is defined as "qd".
+ We cannot change it to "lld" because PRIdMAX must also
+ be understood by the system's printf routines. */
+ else if (*cp == 'q')
+ {
+ if (64 / 8 > sizeof (long))
+ {
+ /* int64_t = long long */
+ flags += 16;
+ }
+ else
+ {
+ /* int64_t = long */
+ flags += 8;
+ }
+ cp++;
+ }
+#endif
+#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ /* On native Win32, PRIdMAX is defined as "I64d".
+ We cannot change it to "lld" because PRIdMAX must also
+ be understood by the system's printf routines. */
+ else if (*cp == 'I' && cp[1] == '6' && cp[2] == '4')
+ {
+ if (64 / 8 > sizeof (long))
+ {
+ /* __int64 = long long */
+ flags += 16;
+ }
+ else
+ {
+ /* __int64 = long */
+ flags += 8;
+ }
+ cp += 3;
+ }
+#endif
+ else
+ break;
+ }
+
+ /* Read the conversion character. */
+ c = *cp++;
+ switch (c)
+ {
+ case 'd': case 'i':
+#if HAVE_LONG_LONG_INT
+ /* If 'long long' exists and is larger than 'long': */
+ if (flags >= 16 || (flags & 4))
+ type = TYPE_LONGLONGINT;
+ else
+#endif
+ /* If 'long long' exists and is the same as 'long', we parse
+ "lld" into TYPE_LONGINT. */
+ if (flags >= 8)
+ type = TYPE_LONGINT;
+ else if (flags & 2)
+ type = TYPE_SCHAR;
+ else if (flags & 1)
+ type = TYPE_SHORT;
+ else
+ type = TYPE_INT;
+ break;
+ case 'o': case 'u': case 'x': case 'X':
+#if HAVE_LONG_LONG_INT
+ /* If 'long long' exists and is larger than 'long': */
+ if (flags >= 16 || (flags & 4))
+ type = TYPE_ULONGLONGINT;
+ else
+#endif
+ /* If 'unsigned long long' exists and is the same as
+ 'unsigned long', we parse "llu" into TYPE_ULONGINT. */
+ if (flags >= 8)
+ type = TYPE_ULONGINT;
+ else if (flags & 2)
+ type = TYPE_UCHAR;
+ else if (flags & 1)
+ type = TYPE_USHORT;
+ else
+ type = TYPE_UINT;
+ break;
+ case 'f': case 'F': case 'e': case 'E': case 'g': case 'G':
+ case 'a': case 'A':
+ if (flags >= 16 || (flags & 4))
+ type = TYPE_LONGDOUBLE;
+ else
+ type = TYPE_DOUBLE;
+ break;
+ case 'c':
+ if (flags >= 8)
+#if HAVE_WINT_T
+ type = TYPE_WIDE_CHAR;
+#else
+ goto error;
+#endif
+ else
+ type = TYPE_CHAR;
+ break;
+#if HAVE_WINT_T
+ case 'C':
+ type = TYPE_WIDE_CHAR;
+ c = 'c';
+ break;
+#endif
+ case 's':
+ if (flags >= 8)
+#if HAVE_WCHAR_T
+ type = TYPE_WIDE_STRING;
+#else
+ goto error;
+#endif
+ else
+ type = TYPE_STRING;
+ break;
+#if HAVE_WCHAR_T
+ case 'S':
+ type = TYPE_WIDE_STRING;
+ c = 's';
+ break;
+#endif
+ case 'p':
+ type = TYPE_POINTER;
+ break;
+ case 'n':
+#if HAVE_LONG_LONG_INT
+ /* If 'long long' exists and is larger than 'long': */
+ if (flags >= 16 || (flags & 4))
+ type = TYPE_COUNT_LONGLONGINT_POINTER;
+ else
+#endif
+ /* If 'long long' exists and is the same as 'long', we parse
+ "lln" into TYPE_COUNT_LONGINT_POINTER. */
+ if (flags >= 8)
+ type = TYPE_COUNT_LONGINT_POINTER;
+ else if (flags & 2)
+ type = TYPE_COUNT_SCHAR_POINTER;
+ else if (flags & 1)
+ type = TYPE_COUNT_SHORT_POINTER;
+ else
+ type = TYPE_COUNT_INT_POINTER;
+ break;
+#if ENABLE_UNISTDIO
+ /* The unistdio extensions. */
+ case 'U':
+ if (flags >= 16)
+ type = TYPE_U32_STRING;
+ else if (flags >= 8)
+ type = TYPE_U16_STRING;
+ else
+ type = TYPE_U8_STRING;
+ break;
+#endif
+ case '%':
+ type = TYPE_NONE;
+ break;
+ default:
+ /* Unknown conversion character. */
+ goto error;
+ }
+ }
+
+ if (type != TYPE_NONE)
+ {
+ dp->arg_index = arg_index;
+ if (dp->arg_index == ARG_NONE)
+ {
+ dp->arg_index = arg_posn++;
+ if (dp->arg_index == ARG_NONE)
+ /* arg_posn wrapped around. */
+ goto error;
+ }
+ REGISTER_ARG (dp->arg_index, type);
+ }
+ dp->conversion = c;
+ dp->dir_end = cp;
+ }
+
+ d->count++;
+ if (d->count >= d_allocated)
+ {
+ size_t memory_size;
+ DIRECTIVE *memory;
+
+ d_allocated = xtimes (d_allocated, 2);
+ memory_size = xtimes (d_allocated, sizeof (DIRECTIVE));
+ if (size_overflow_p (memory_size))
+ /* Overflow, would lead to out of memory. */
+ goto out_of_memory;
+ memory = (DIRECTIVE *) (d->dir != d->direct_alloc_dir
+ ? realloc (d->dir, memory_size)
+ : malloc (memory_size));
+ if (memory == NULL)
+ /* Out of memory. */
+ goto out_of_memory;
+ if (d->dir == d->direct_alloc_dir)
+ memcpy (memory, d->dir, d->count * sizeof (DIRECTIVE));
+ d->dir = memory;
+ }
+ }
+#if CHAR_T_ONLY_ASCII
+ else if (!c_isascii (c))
+ {
+ /* Non-ASCII character. Not supported. */
+ goto error;
+ }
+#endif
+ }
+ d->dir[d->count].dir_start = cp;
+
+ d->max_width_length = max_width_length;
+ d->max_precision_length = max_precision_length;
+ return 0;
+
+error:
+ if (a->arg != a->direct_alloc_arg)
+ free (a->arg);
+ if (d->dir != d->direct_alloc_dir)
+ free (d->dir);
+ errno = EINVAL;
+ return -1;
+
+out_of_memory:
+ if (a->arg != a->direct_alloc_arg)
+ free (a->arg);
+ if (d->dir != d->direct_alloc_dir)
+ free (d->dir);
+ errno = ENOMEM;
+ return -1;
+}
+
+#undef PRINTF_PARSE
+#undef DIRECTIVES
+#undef DIRECTIVE
+#undef CHAR_T_ONLY_ASCII
+#undef CHAR_T
--- /dev/null
+/* Parse printf format string.
+ Copyright (C) 1999, 2002-2003, 2005, 2007, 2010-2011 Free Software
+ Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _PRINTF_PARSE_H
+#define _PRINTF_PARSE_H
+
+/* This file can be parametrized with the following macros:
+ ENABLE_UNISTDIO Set to 1 to enable the unistdio extensions.
+ STATIC Set to 'static' to declare the function static. */
+
+#if HAVE_FEATURES_H
+# include <features.h> /* for __GLIBC__, __UCLIBC__ */
+#endif
+
+#include "printf-args.h"
+
+
+/* Flags */
+#define FLAG_GROUP 1 /* ' flag */
+#define FLAG_LEFT 2 /* - flag */
+#define FLAG_SHOWSIGN 4 /* + flag */
+#define FLAG_SPACE 8 /* space flag */
+#define FLAG_ALT 16 /* # flag */
+#define FLAG_ZERO 32
+#if __GLIBC__ >= 2 && !defined __UCLIBC__
+# define FLAG_LOCALIZED 64 /* I flag, uses localized digits */
+#endif
+
+/* arg_index value indicating that no argument is consumed. */
+#define ARG_NONE (~(size_t)0)
+
+/* xxx_directive: A parsed directive.
+ xxx_directives: A parsed format string. */
+
+/* Number of directly allocated directives (no malloc() needed). */
+#define N_DIRECT_ALLOC_DIRECTIVES 7
+
+/* A parsed directive. */
+typedef struct
+{
+ const char* dir_start;
+ const char* dir_end;
+ int flags;
+ const char* width_start;
+ const char* width_end;
+ size_t width_arg_index;
+ const char* precision_start;
+ const char* precision_end;
+ size_t precision_arg_index;
+ char conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
+ size_t arg_index;
+}
+char_directive;
+
+/* A parsed format string. */
+typedef struct
+{
+ size_t count;
+ char_directive *dir;
+ size_t max_width_length;
+ size_t max_precision_length;
+ char_directive direct_alloc_dir[N_DIRECT_ALLOC_DIRECTIVES];
+}
+char_directives;
+
+#if ENABLE_UNISTDIO
+
+/* A parsed directive. */
+typedef struct
+{
+ const uint8_t* dir_start;
+ const uint8_t* dir_end;
+ int flags;
+ const uint8_t* width_start;
+ const uint8_t* width_end;
+ size_t width_arg_index;
+ const uint8_t* precision_start;
+ const uint8_t* precision_end;
+ size_t precision_arg_index;
+ uint8_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
+ size_t arg_index;
+}
+u8_directive;
+
+/* A parsed format string. */
+typedef struct
+{
+ size_t count;
+ u8_directive *dir;
+ size_t max_width_length;
+ size_t max_precision_length;
+ u8_directive direct_alloc_dir[N_DIRECT_ALLOC_DIRECTIVES];
+}
+u8_directives;
+
+/* A parsed directive. */
+typedef struct
+{
+ const uint16_t* dir_start;
+ const uint16_t* dir_end;
+ int flags;
+ const uint16_t* width_start;
+ const uint16_t* width_end;
+ size_t width_arg_index;
+ const uint16_t* precision_start;
+ const uint16_t* precision_end;
+ size_t precision_arg_index;
+ uint16_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
+ size_t arg_index;
+}
+u16_directive;
+
+/* A parsed format string. */
+typedef struct
+{
+ size_t count;
+ u16_directive *dir;
+ size_t max_width_length;
+ size_t max_precision_length;
+ u16_directive direct_alloc_dir[N_DIRECT_ALLOC_DIRECTIVES];
+}
+u16_directives;
+
+/* A parsed directive. */
+typedef struct
+{
+ const uint32_t* dir_start;
+ const uint32_t* dir_end;
+ int flags;
+ const uint32_t* width_start;
+ const uint32_t* width_end;
+ size_t width_arg_index;
+ const uint32_t* precision_start;
+ const uint32_t* precision_end;
+ size_t precision_arg_index;
+ uint32_t conversion; /* d i o u x X f F e E g G a A c s p n U % but not C S */
+ size_t arg_index;
+}
+u32_directive;
+
+/* A parsed format string. */
+typedef struct
+{
+ size_t count;
+ u32_directive *dir;
+ size_t max_width_length;
+ size_t max_precision_length;
+ u32_directive direct_alloc_dir[N_DIRECT_ALLOC_DIRECTIVES];
+}
+u32_directives;
+
+#endif
+
+
+/* Parses the format string. Fills in the number N of directives, and fills
+ in directives[0], ..., directives[N-1], and sets directives[N].dir_start
+ to the end of the format string. Also fills in the arg_type fields of the
+ arguments and the needed count of arguments. */
+#if ENABLE_UNISTDIO
+extern int
+ ulc_printf_parse (const char *format, char_directives *d, arguments *a);
+extern int
+ u8_printf_parse (const uint8_t *format, u8_directives *d, arguments *a);
+extern int
+ u16_printf_parse (const uint16_t *format, u16_directives *d,
+ arguments *a);
+extern int
+ u32_printf_parse (const uint32_t *format, u32_directives *d,
+ arguments *a);
+#else
+# ifdef STATIC
+STATIC
+# else
+extern
+# endif
+int printf_parse (const char *format, char_directives *d, arguments *a);
+#endif
+
+#endif /* _PRINTF_PARSE_H */
--- /dev/null
+/* read-file.c -- read file contents into a string
+ Copyright (C) 2006, 2009-2011 Free Software Foundation, Inc.
+ Written by Simon Josefsson and Bruno Haible.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+#include "read-file.h"
+
+/* Get fstat. */
+#include <sys/stat.h>
+
+/* Get ftello. */
+#include <stdio.h>
+
+/* Get SIZE_MAX. */
+#include <stdint.h>
+
+/* Get malloc, realloc, free. */
+#include <stdlib.h>
+
+/* Get errno. */
+#include <errno.h>
+
+/* Read a STREAM and return a newly allocated string with the content,
+ and set *LENGTH to the length of the string. The string is
+ zero-terminated, but the terminating zero byte is not counted in
+ *LENGTH. On errors, *LENGTH is undefined, errno preserves the
+ values set by system functions (if any), and NULL is returned. */
+char *
+fread_file (FILE *stream, size_t *length)
+{
+ char *buf = NULL;
+ size_t alloc = BUFSIZ;
+
+ /* For a regular file, allocate a buffer that has exactly the right
+ size. This avoids the need to do dynamic reallocations later. */
+ {
+ struct stat st;
+
+ if (fstat (fileno (stream), &st) >= 0 && S_ISREG (st.st_mode))
+ {
+ off_t pos = ftello (stream);
+
+ if (pos >= 0 && pos < st.st_size)
+ {
+ off_t alloc_off = st.st_size - pos;
+
+ /* '1' below, accounts for the trailing NUL. */
+ if (SIZE_MAX - 1 < alloc_off)
+ {
+ errno = ENOMEM;
+ return NULL;
+ }
+
+ alloc = alloc_off + 1;
+ }
+ }
+ }
+
+ if (!(buf = malloc (alloc)))
+ return NULL; /* errno is ENOMEM. */
+
+ {
+ size_t size = 0; /* number of bytes read so far */
+ int save_errno;
+
+ for (;;)
+ {
+ /* This reads 1 more than the size of a regular file
+ so that we get eof immediately. */
+ size_t requested = alloc - size;
+ size_t count = fread (buf + size, 1, requested, stream);
+ size += count;
+
+ if (count != requested)
+ {
+ save_errno = errno;
+ if (ferror (stream))
+ break;
+
+ /* Shrink the allocated memory if possible. */
+ if (size < alloc - 1)
+ {
+ char *smaller_buf = realloc (buf, size + 1);
+ if (smaller_buf != NULL)
+ buf = smaller_buf;
+ }
+
+ buf[size] = '\0';
+ *length = size;
+ return buf;
+ }
+
+ {
+ char *new_buf;
+
+ if (alloc == SIZE_MAX)
+ {
+ save_errno = ENOMEM;
+ break;
+ }
+
+ if (alloc < SIZE_MAX - alloc / 2)
+ alloc = alloc + alloc / 2;
+ else
+ alloc = SIZE_MAX;
+
+ if (!(new_buf = realloc (buf, alloc)))
+ {
+ save_errno = errno;
+ break;
+ }
+
+ buf = new_buf;
+ }
+ }
+
+ free (buf);
+ errno = save_errno;
+ return NULL;
+ }
+}
+
+static char *
+internal_read_file (const char *filename, size_t *length, const char *mode)
+{
+ FILE *stream = fopen (filename, mode);
+ char *out;
+ int save_errno;
+
+ if (!stream)
+ return NULL;
+
+ out = fread_file (stream, length);
+
+ save_errno = errno;
+
+ if (fclose (stream) != 0)
+ {
+ if (out)
+ {
+ save_errno = errno;
+ free (out);
+ }
+ errno = save_errno;
+ return NULL;
+ }
+
+ return out;
+}
+
+/* Open and read the contents of FILENAME, and return a newly
+ allocated string with the content, and set *LENGTH to the length of
+ the string. The string is zero-terminated, but the terminating
+ zero byte is not counted in *LENGTH. On errors, *LENGTH is
+ undefined, errno preserves the values set by system functions (if
+ any), and NULL is returned. */
+char *
+read_file (const char *filename, size_t *length)
+{
+ return internal_read_file (filename, length, "r");
+}
+
+/* Open (on non-POSIX systems, in binary mode) and read the contents
+ of FILENAME, and return a newly allocated string with the content,
+ and set LENGTH to the length of the string. The string is
+ zero-terminated, but the terminating zero byte is not counted in
+ the LENGTH variable. On errors, *LENGTH is undefined, errno
+ preserves the values set by system functions (if any), and NULL is
+ returned. */
+char *
+read_binary_file (const char *filename, size_t *length)
+{
+ return internal_read_file (filename, length, "rb");
+}
--- /dev/null
+/* read-file.h -- read file contents into a string
+ Copyright (C) 2006, 2009-2011 Free Software Foundation, Inc.
+ Written by Simon Josefsson.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef READ_FILE_H
+#define READ_FILE_H
+
+/* Get size_t. */
+#include <stddef.h>
+
+/* Get FILE. */
+#include <stdio.h>
+
+extern char *fread_file (FILE * stream, size_t * length);
+
+extern char *read_file (const char *filename, size_t * length);
+
+extern char *read_binary_file (const char *filename, size_t * length);
+
+#endif /* READ_FILE_H */
--- /dev/null
+/* realloc() function that is glibc compatible.
+
+ Copyright (C) 1997, 2003-2004, 2006-2007, 2009-2011 Free Software
+ Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* written by Jim Meyering and Bruno Haible */
+
+#include <config.h>
+
+/* Only the AC_FUNC_REALLOC macro defines 'realloc' already in config.h. */
+#ifdef realloc
+# define NEED_REALLOC_GNU 1
+/* Whereas the gnulib module 'realloc-gnu' defines HAVE_REALLOC_GNU. */
+#elif GNULIB_REALLOC_GNU && !HAVE_REALLOC_GNU
+# define NEED_REALLOC_GNU 1
+#endif
+
+/* Infer the properties of the system's malloc function.
+ The gnulib module 'malloc-gnu' defines HAVE_MALLOC_GNU. */
+#if GNULIB_MALLOC_GNU && HAVE_MALLOC_GNU
+# define SYSTEM_MALLOC_GLIBC_COMPATIBLE 1
+#endif
+
+/* Below we want to call the system's malloc and realloc.
+ Undefine the symbols here so that including <stdlib.h> provides a
+ declaration of malloc(), not of rpl_malloc(), and likewise for realloc. */
+#undef malloc
+#undef realloc
+
+/* Specification. */
+#include <stdlib.h>
+
+#include <errno.h>
+
+/* Below we want to call the system's malloc and realloc.
+ Undefine the symbols, if they were defined by gnulib's <stdlib.h>
+ replacement. */
+#undef malloc
+#undef realloc
+
+/* Change the size of an allocated block of memory P to N bytes,
+ with error checking. If N is zero, change it to 1. If P is NULL,
+ use malloc. */
+
+void *
+rpl_realloc (void *p, size_t n)
+{
+ void *result;
+
+#if NEED_REALLOC_GNU
+ if (n == 0)
+ {
+ n = 1;
+
+ /* In theory realloc might fail, so don't rely on it to free. */
+ free (p);
+ p = NULL;
+ }
+#endif
+
+ if (p == NULL)
+ {
+#if GNULIB_REALLOC_GNU && !NEED_REALLOC_GNU && !SYSTEM_MALLOC_GLIBC_COMPATIBLE
+ if (n == 0)
+ n = 1;
+#endif
+ result = malloc (n);
+ }
+ else
+ result = realloc (p, n);
+
+#if !HAVE_REALLOC_POSIX
+ if (result == NULL)
+ errno = ENOMEM;
+#endif
+
+ return result;
+}
--- /dev/null
+/* size_max.h -- declare SIZE_MAX through system headers
+ Copyright (C) 2005-2006, 2009-2011 Free Software Foundation, Inc.
+ Written by Simon Josefsson.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef GNULIB_SIZE_MAX_H
+#define GNULIB_SIZE_MAX_H
+
+/* Get SIZE_MAX declaration on systems like Solaris 7/8/9. */
+# include <limits.h>
+/* Get SIZE_MAX declaration on systems like glibc 2. */
+# if HAVE_STDINT_H
+# include <stdint.h>
+# endif
+/* On systems where these include files don't define it, SIZE_MAX is defined
+ in config.h. */
+
+#endif /* GNULIB_SIZE_MAX_H */
--- /dev/null
+/* Formatted output to strings.
+ Copyright (C) 2004, 2006-2011 Free Software Foundation, Inc.
+ Written by Simon Josefsson and Paul Eggert.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include <stdio.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "vasnprintf.h"
+
+/* Print formatted output to string STR. Similar to sprintf, but
+ additional length SIZE limit how much is written into STR. Returns
+ string length of formatted string (which may be larger than SIZE).
+ STR may be NULL, in which case nothing will be written. On error,
+ return a negative value. */
+int
+snprintf (char *str, size_t size, const char *format, ...)
+{
+ char *output;
+ size_t len;
+ size_t lenbuf = size;
+ va_list args;
+
+ va_start (args, format);
+ output = vasnprintf (str, &lenbuf, format, args);
+ len = lenbuf;
+ va_end (args);
+
+ if (!output)
+ return -1;
+
+ if (output != str)
+ {
+ if (size)
+ {
+ size_t pruned_len = (len < size ? len : size - 1);
+ memcpy (str, output, pruned_len);
+ str[pruned_len] = '\0';
+ }
+
+ free (output);
+ }
+
+ if (INT_MAX < len)
+ {
+ errno = EOVERFLOW;
+ return -1;
+ }
+
+ return len;
+}
--- /dev/null
+/* sockets.c --- wrappers for Windows socket functions
+
+ Copyright (C) 2008-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Simon Josefsson */
+
+#include <config.h>
+
+/* Specification. */
+#include "sockets.h"
+
+#if WINDOWS_SOCKETS
+
+/* This includes winsock2.h on MinGW. */
+# include <sys/socket.h>
+
+# include "close-hook.h"
+
+/* Get set_winsock_errno, FD_TO_SOCKET etc. */
+# include "w32sock.h"
+
+static int
+close_fd_maybe_socket (int fd, const struct close_hook *remaining_list)
+{
+ SOCKET sock;
+ WSANETWORKEVENTS ev;
+
+ /* Test whether fd refers to a socket. */
+ sock = FD_TO_SOCKET (fd);
+ ev.lNetworkEvents = 0xDEADBEEF;
+ WSAEnumNetworkEvents (sock, NULL, &ev);
+ if (ev.lNetworkEvents != 0xDEADBEEF)
+ {
+ /* fd refers to a socket. */
+ /* FIXME: other applications, like squid, use an undocumented
+ _free_osfhnd free function. But this is not enough: The 'osfile'
+ flags for fd also needs to be cleared, but it is hard to access it.
+ Instead, here we just close twice the file descriptor. */
+ if (closesocket (sock))
+ {
+ set_winsock_errno ();
+ return -1;
+ }
+ else
+ {
+ /* This call frees the file descriptor and does a
+ CloseHandle ((HANDLE) _get_osfhandle (fd)), which fails. */
+ _close (fd);
+ return 0;
+ }
+ }
+ else
+ /* Some other type of file descriptor. */
+ return execute_close_hooks (fd, remaining_list);
+}
+
+static struct close_hook close_sockets_hook;
+
+static int initialized_sockets_version /* = 0 */;
+
+#endif /* WINDOWS_SOCKETS */
+
+int
+gl_sockets_startup (int version)
+{
+#if WINDOWS_SOCKETS
+ if (version > initialized_sockets_version)
+ {
+ WSADATA data;
+ int err;
+
+ err = WSAStartup (version, &data);
+ if (err != 0)
+ return 1;
+
+ if (data.wVersion < version)
+ return 2;
+
+ if (initialized_sockets_version == 0)
+ register_close_hook (close_fd_maybe_socket, &close_sockets_hook);
+
+ initialized_sockets_version = version;
+ }
+#endif
+
+ return 0;
+}
+
+int
+gl_sockets_cleanup (void)
+{
+#if WINDOWS_SOCKETS
+ int err;
+
+ initialized_sockets_version = 0;
+
+ unregister_close_hook (&close_sockets_hook);
+
+ err = WSACleanup ();
+ if (err != 0)
+ return 1;
+#endif
+
+ return 0;
+}
--- /dev/null
+/* sockets.h - wrappers for Windows socket functions
+
+ Copyright (C) 2008-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Simon Josefsson */
+
+#ifndef SOCKETS_H
+# define SOCKETS_H 1
+
+#define SOCKETS_1_0 0x100 /* don't use - does not work on Windows XP */
+#define SOCKETS_1_1 0x101
+#define SOCKETS_2_0 0x200 /* don't use - does not work on Windows XP */
+#define SOCKETS_2_1 0x201
+#define SOCKETS_2_2 0x202
+
+int gl_sockets_startup (int version);
+int gl_sockets_cleanup (void);
+
+/* This function is useful it you create a socket using gnulib's
+ Winsock wrappers but needs to pass on the socket handle to some
+ other library that only accepts sockets. */
+#if WINDOWS_SOCKETS
+
+#include <sys/socket.h>
+
+static inline SOCKET
+gl_fd_to_handle (int fd)
+{
+ return _get_osfhandle (fd);
+}
+
+#else
+
+#define gl_fd_to_handle(x) (x)
+
+#endif /* WINDOWS_SOCKETS */
+
+#endif /* SOCKETS_H */
--- /dev/null
+/* Copyright (C) 2001-2003, 2006-2011 Free Software Foundation, Inc.
+ Written by Bruno Haible <haible@clisp.cons.org>, 2001.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _GL_STDBOOL_H
+#define _GL_STDBOOL_H
+
+/* ISO C 99 <stdbool.h> for platforms that lack it. */
+
+/* Usage suggestions:
+
+ Programs that use <stdbool.h> should be aware of some limitations
+ and standards compliance issues.
+
+ Standards compliance:
+
+ - <stdbool.h> must be #included before 'bool', 'false', 'true'
+ can be used.
+
+ - You cannot assume that sizeof (bool) == 1.
+
+ - Programs should not undefine the macros bool, true, and false,
+ as C99 lists that as an "obsolescent feature".
+
+ Limitations of this substitute, when used in a C89 environment:
+
+ - <stdbool.h> must be #included before the '_Bool' type can be used.
+
+ - You cannot assume that _Bool is a typedef; it might be a macro.
+
+ - Bit-fields of type 'bool' are not supported. Portable code
+ should use 'unsigned int foo : 1;' rather than 'bool foo : 1;'.
+
+ - In C99, casts and automatic conversions to '_Bool' or 'bool' are
+ performed in such a way that every nonzero value gets converted
+ to 'true', and zero gets converted to 'false'. This doesn't work
+ with this substitute. With this substitute, only the values 0 and 1
+ give the expected result when converted to _Bool' or 'bool'.
+
+ - C99 allows the use of (_Bool)0.0 in constant expressions, but
+ this substitute cannot always provide this property.
+
+ Also, it is suggested that programs use 'bool' rather than '_Bool';
+ this isn't required, but 'bool' is more common. */
+
+
+/* 7.16. Boolean type and values */
+
+/* BeOS <sys/socket.h> already #defines false 0, true 1. We use the same
+ definitions below, but temporarily we have to #undef them. */
+#if defined __BEOS__ && !defined __HAIKU__
+# include <OS.h> /* defines bool but not _Bool */
+# undef false
+# undef true
+#endif
+
+/* For the sake of symbolic names in gdb, we define true and false as
+ enum constants, not only as macros.
+ It is tempting to write
+ typedef enum { false = 0, true = 1 } _Bool;
+ so that gdb prints values of type 'bool' symbolically. But if we do
+ this, values of type '_Bool' may promote to 'int' or 'unsigned int'
+ (see ISO C 99 6.7.2.2.(4)); however, '_Bool' must promote to 'int'
+ (see ISO C 99 6.3.1.1.(2)). So we add a negative value to the
+ enum; this ensures that '_Bool' promotes to 'int'. */
+#if defined __cplusplus || (defined __BEOS__ && !defined __HAIKU__)
+ /* A compiler known to have 'bool'. */
+ /* If the compiler already has both 'bool' and '_Bool', we can assume they
+ are the same types. */
+# if !@HAVE__BOOL@
+typedef bool _Bool;
+# endif
+#else
+# if !defined __GNUC__
+ /* If @HAVE__BOOL@:
+ Some HP-UX cc and AIX IBM C compiler versions have compiler bugs when
+ the built-in _Bool type is used. See
+ http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html
+ http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html
+ http://lists.gnu.org/archive/html/bug-coreutils/2005-10/msg00086.html
+ Similar bugs are likely with other compilers as well; this file
+ wouldn't be used if <stdbool.h> was working.
+ So we override the _Bool type.
+ If !@HAVE__BOOL@:
+ Need to define _Bool ourselves. As 'signed char' or as an enum type?
+ Use of a typedef, with SunPRO C, leads to a stupid
+ "warning: _Bool is a keyword in ISO C99".
+ Use of an enum type, with IRIX cc, leads to a stupid
+ "warning(1185): enumerated type mixed with another type".
+ Even the existence of an enum type, without a typedef,
+ "Invalid enumerator. (badenum)" with HP-UX cc on Tru64.
+ The only benefit of the enum, debuggability, is not important
+ with these compilers. So use 'signed char' and no enum. */
+# define _Bool signed char
+# else
+ /* With this compiler, trust the _Bool type if the compiler has it. */
+# if !@HAVE__BOOL@
+typedef enum { _Bool_must_promote_to_int = -1, false = 0, true = 1 } _Bool;
+# endif
+# endif
+#endif
+#define bool _Bool
+
+/* The other macros must be usable in preprocessor directives. */
+#define false 0
+#define true 1
+#define __bool_true_false_are_defined 1
+
+#endif /* _GL_STDBOOL_H */
--- /dev/null
+/* A substitute for POSIX 2008 <stddef.h>, for platforms that have issues.
+
+ Copyright (C) 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* Written by Eric Blake. */
+
+/*
+ * POSIX 2008 <stddef.h> for platforms that have issues.
+ * <http://www.opengroup.org/susv3xbd/stddef.h.html>
+ */
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+#if defined __need_wchar_t || defined __need_size_t \
+ || defined __need_ptrdiff_t || defined __need_NULL \
+ || defined __need_wint_t
+/* Special invocation convention inside gcc header files. In
+ particular, gcc provides a version of <stddef.h> that blindly
+ redefines NULL even when __need_wint_t was defined, even though
+ wint_t is not normally provided by <stddef.h>. Hence, we must
+ remember if special invocation has ever been used to obtain wint_t,
+ in which case we need to clean up NULL yet again. */
+
+# if !(defined _GL_STDDEF_H && defined _GL_STDDEF_WINT_T)
+# ifdef __need_wint_t
+# undef _GL_STDDEF_H
+# define _GL_STDDEF_WINT_T
+# endif
+# @INCLUDE_NEXT@ @NEXT_STDDEF_H@
+# endif
+
+#else
+/* Normal invocation convention. */
+
+# ifndef _GL_STDDEF_H
+
+/* The include_next requires a split double-inclusion guard. */
+
+# @INCLUDE_NEXT@ @NEXT_STDDEF_H@
+
+# ifndef _GL_STDDEF_H
+# define _GL_STDDEF_H
+
+/* On NetBSD 5.0, the definition of NULL lacks proper parentheses. */
+#if @REPLACE_NULL@
+# undef NULL
+# ifdef __cplusplus
+ /* ISO C++ says that the macro NULL must expand to an integer constant
+ expression, hence '((void *) 0)' is not allowed in C++. */
+# if __GNUG__ >= 3
+ /* GNU C++ has a __null macro that behaves like an integer ('int' or
+ 'long') but has the same size as a pointer. Use that, to avoid
+ warnings. */
+# define NULL __null
+# else
+# define NULL 0L
+# endif
+# else
+# define NULL ((void *) 0)
+# endif
+#endif
+
+/* Some platforms lack wchar_t. */
+#if !@HAVE_WCHAR_T@
+# define wchar_t int
+#endif
+
+# endif /* _GL_STDDEF_H */
+# endif /* _GL_STDDEF_H */
+#endif /* __need_XXX */
--- /dev/null
+/* Copyright (C) 2001-2002, 2004-2011 Free Software Foundation, Inc.
+ Written by Paul Eggert, Bruno Haible, Sam Steingold, Peter Burwood.
+ This file is part of gnulib.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/*
+ * ISO C 99 <stdint.h> for platforms that lack it.
+ * <http://www.opengroup.org/susv3xbd/stdint.h.html>
+ */
+
+#ifndef _GL_STDINT_H
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* When including a system file that in turn includes <inttypes.h>,
+ use the system <inttypes.h>, not our substitute. This avoids
+ problems with (for example) VMS, whose <sys/bitypes.h> includes
+ <inttypes.h>. */
+#define _GL_JUST_INCLUDE_SYSTEM_INTTYPES_H
+
+/* Get those types that are already defined in other system include
+ files, so that we can "#define int8_t signed char" below without
+ worrying about a later system include file containing a "typedef
+ signed char int8_t;" that will get messed up by our macro. Our
+ macros should all be consistent with the system versions, except
+ for the "fast" types and macros, which we recommend against using
+ in public interfaces due to compiler differences. */
+
+#if @HAVE_STDINT_H@
+# if defined __sgi && ! defined __c99
+ /* Bypass IRIX's <stdint.h> if in C89 mode, since it merely annoys users
+ with "This header file is to be used only for c99 mode compilations"
+ diagnostics. */
+# define __STDINT_H__
+# endif
+ /* Other systems may have an incomplete or buggy <stdint.h>.
+ Include it before <inttypes.h>, since any "#include <stdint.h>"
+ in <inttypes.h> would reinclude us, skipping our contents because
+ _GL_STDINT_H is defined.
+ The include_next requires a split double-inclusion guard. */
+# @INCLUDE_NEXT@ @NEXT_STDINT_H@
+#endif
+
+#if ! defined _GL_STDINT_H && ! defined _GL_JUST_INCLUDE_SYSTEM_STDINT_H
+#define _GL_STDINT_H
+
+/* <sys/types.h> defines some of the stdint.h types as well, on glibc,
+ IRIX 6.5, and OpenBSD 3.8 (via <machine/types.h>).
+ AIX 5.2 <sys/types.h> isn't needed and causes troubles.
+ MacOS X 10.4.6 <sys/types.h> includes <stdint.h> (which is us), but
+ relies on the system <stdint.h> definitions, so include
+ <sys/types.h> after @NEXT_STDINT_H@. */
+#if @HAVE_SYS_TYPES_H@ && ! defined _AIX
+# include <sys/types.h>
+#endif
+
+/* Get LONG_MIN, LONG_MAX, ULONG_MAX. */
+#include <limits.h>
+
+#if @HAVE_INTTYPES_H@
+ /* In OpenBSD 3.8, <inttypes.h> includes <machine/types.h>, which defines
+ int{8,16,32,64}_t, uint{8,16,32,64}_t and __BIT_TYPES_DEFINED__.
+ <inttypes.h> also defines intptr_t and uintptr_t. */
+# include <inttypes.h>
+#elif @HAVE_SYS_INTTYPES_H@
+ /* Solaris 7 <sys/inttypes.h> has the types except the *_fast*_t types, and
+ the macros except for *_FAST*_*, INTPTR_MIN, PTRDIFF_MIN, PTRDIFF_MAX. */
+# include <sys/inttypes.h>
+#endif
+
+#if @HAVE_SYS_BITYPES_H@ && ! defined __BIT_TYPES_DEFINED__
+ /* Linux libc4 >= 4.6.7 and libc5 have a <sys/bitypes.h> that defines
+ int{8,16,32,64}_t and __BIT_TYPES_DEFINED__. In libc5 >= 5.2.2 it is
+ included by <sys/types.h>. */
+# include <sys/bitypes.h>
+#endif
+
+#undef _GL_JUST_INCLUDE_SYSTEM_INTTYPES_H
+
+/* Minimum and maximum values for a integer type under the usual assumption.
+ Return an unspecified value if BITS == 0, adding a check to pacify
+ picky compilers. */
+
+#define _STDINT_MIN(signed, bits, zero) \
+ ((signed) ? (- ((zero) + 1) << ((bits) ? (bits) - 1 : 0)) : (zero))
+
+#define _STDINT_MAX(signed, bits, zero) \
+ ((signed) \
+ ? ~ _STDINT_MIN (signed, bits, zero) \
+ : /* The expression for the unsigned case. The subtraction of (signed) \
+ is a nop in the unsigned case and avoids "signed integer overflow" \
+ warnings in the signed case. */ \
+ ((((zero) + 1) << ((bits) ? (bits) - 1 - (signed) : 0)) - 1) * 2 + 1)
+
+#if !GNULIB_defined_stdint_types
+
+/* 7.18.1.1. Exact-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. */
+
+#undef int8_t
+#undef uint8_t
+typedef signed char gl_int8_t;
+typedef unsigned char gl_uint8_t;
+#define int8_t gl_int8_t
+#define uint8_t gl_uint8_t
+
+#undef int16_t
+#undef uint16_t
+typedef short int gl_int16_t;
+typedef unsigned short int gl_uint16_t;
+#define int16_t gl_int16_t
+#define uint16_t gl_uint16_t
+
+#undef int32_t
+#undef uint32_t
+typedef int gl_int32_t;
+typedef unsigned int gl_uint32_t;
+#define int32_t gl_int32_t
+#define uint32_t gl_uint32_t
+
+/* If the system defines INT64_MAX, assume int64_t works. That way,
+ if the underlying platform defines int64_t to be a 64-bit long long
+ int, the code below won't mistakenly define it to be a 64-bit long
+ int, which would mess up C++ name mangling. We must use #ifdef
+ rather than #if, to avoid an error with HP-UX 10.20 cc. */
+
+#ifdef INT64_MAX
+# define GL_INT64_T
+#else
+/* Do not undefine int64_t if gnulib is not being used with 64-bit
+ types, since otherwise it breaks platforms like Tandem/NSK. */
+# if LONG_MAX >> 31 >> 31 == 1
+# undef int64_t
+typedef long int gl_int64_t;
+# define int64_t gl_int64_t
+# define GL_INT64_T
+# elif defined _MSC_VER
+# undef int64_t
+typedef __int64 gl_int64_t;
+# define int64_t gl_int64_t
+# define GL_INT64_T
+# elif @HAVE_LONG_LONG_INT@
+# undef int64_t
+typedef long long int gl_int64_t;
+# define int64_t gl_int64_t
+# define GL_INT64_T
+# endif
+#endif
+
+#ifdef UINT64_MAX
+# define GL_UINT64_T
+#else
+# if ULONG_MAX >> 31 >> 31 >> 1 == 1
+# undef uint64_t
+typedef unsigned long int gl_uint64_t;
+# define uint64_t gl_uint64_t
+# define GL_UINT64_T
+# elif defined _MSC_VER
+# undef uint64_t
+typedef unsigned __int64 gl_uint64_t;
+# define uint64_t gl_uint64_t
+# define GL_UINT64_T
+# elif @HAVE_UNSIGNED_LONG_LONG_INT@
+# undef uint64_t
+typedef unsigned long long int gl_uint64_t;
+# define uint64_t gl_uint64_t
+# define GL_UINT64_T
+# endif
+#endif
+
+/* Avoid collision with Solaris 2.5.1 <pthread.h> etc. */
+#define _UINT8_T
+#define _UINT32_T
+#define _UINT64_T
+
+
+/* 7.18.1.2. Minimum-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the leastN_t types
+ are the same as the corresponding N_t types. */
+
+#undef int_least8_t
+#undef uint_least8_t
+#undef int_least16_t
+#undef uint_least16_t
+#undef int_least32_t
+#undef uint_least32_t
+#undef int_least64_t
+#undef uint_least64_t
+#define int_least8_t int8_t
+#define uint_least8_t uint8_t
+#define int_least16_t int16_t
+#define uint_least16_t uint16_t
+#define int_least32_t int32_t
+#define uint_least32_t uint32_t
+#ifdef GL_INT64_T
+# define int_least64_t int64_t
+#endif
+#ifdef GL_UINT64_T
+# define uint_least64_t uint64_t
+#endif
+
+/* 7.18.1.3. Fastest minimum-width integer types */
+
+/* Note: Other <stdint.h> substitutes may define these types differently.
+ It is not recommended to use these types in public header files. */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the fastN_t types
+ are taken from the same list of types. Assume that 'long int'
+ is fast enough for all narrower integers. */
+
+#undef int_fast8_t
+#undef uint_fast8_t
+#undef int_fast16_t
+#undef uint_fast16_t
+#undef int_fast32_t
+#undef uint_fast32_t
+#undef int_fast64_t
+#undef uint_fast64_t
+typedef long int gl_int_fast8_t;
+typedef unsigned long int gl_uint_fast8_t;
+typedef long int gl_int_fast16_t;
+typedef unsigned long int gl_uint_fast16_t;
+typedef long int gl_int_fast32_t;
+typedef unsigned long int gl_uint_fast32_t;
+#define int_fast8_t gl_int_fast8_t
+#define uint_fast8_t gl_uint_fast8_t
+#define int_fast16_t gl_int_fast16_t
+#define uint_fast16_t gl_uint_fast16_t
+#define int_fast32_t gl_int_fast32_t
+#define uint_fast32_t gl_uint_fast32_t
+#ifdef GL_INT64_T
+# define int_fast64_t int64_t
+#endif
+#ifdef GL_UINT64_T
+# define uint_fast64_t uint64_t
+#endif
+
+/* 7.18.1.4. Integer types capable of holding object pointers */
+
+#undef intptr_t
+#undef uintptr_t
+typedef long int gl_intptr_t;
+typedef unsigned long int gl_uintptr_t;
+#define intptr_t gl_intptr_t
+#define uintptr_t gl_uintptr_t
+
+/* 7.18.1.5. Greatest-width integer types */
+
+/* Note: These types are compiler dependent. It may be unwise to use them in
+ public header files. */
+
+#undef intmax_t
+#if @HAVE_LONG_LONG_INT@ && LONG_MAX >> 30 == 1
+typedef long long int gl_intmax_t;
+# define intmax_t gl_intmax_t
+#elif defined GL_INT64_T
+# define intmax_t int64_t
+#else
+typedef long int gl_intmax_t;
+# define intmax_t gl_intmax_t
+#endif
+
+#undef uintmax_t
+#if @HAVE_UNSIGNED_LONG_LONG_INT@ && ULONG_MAX >> 31 == 1
+typedef unsigned long long int gl_uintmax_t;
+# define uintmax_t gl_uintmax_t
+#elif defined GL_UINT64_T
+# define uintmax_t uint64_t
+#else
+typedef unsigned long int gl_uintmax_t;
+# define uintmax_t gl_uintmax_t
+#endif
+
+/* Verify that intmax_t and uintmax_t have the same size. Too much code
+ breaks if this is not the case. If this check fails, the reason is likely
+ to be found in the autoconf macros. */
+typedef int _verify_intmax_size[sizeof (intmax_t) == sizeof (uintmax_t)
+ ? 1 : -1];
+
+#define GNULIB_defined_stdint_types 1
+#endif /* !GNULIB_defined_stdint_types */
+
+/* 7.18.2. Limits of specified-width integer types */
+
+#if ! defined __cplusplus || defined __STDC_LIMIT_MACROS
+
+/* 7.18.2.1. Limits of exact-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. */
+
+#undef INT8_MIN
+#undef INT8_MAX
+#undef UINT8_MAX
+#define INT8_MIN (~ INT8_MAX)
+#define INT8_MAX 127
+#define UINT8_MAX 255
+
+#undef INT16_MIN
+#undef INT16_MAX
+#undef UINT16_MAX
+#define INT16_MIN (~ INT16_MAX)
+#define INT16_MAX 32767
+#define UINT16_MAX 65535
+
+#undef INT32_MIN
+#undef INT32_MAX
+#undef UINT32_MAX
+#define INT32_MIN (~ INT32_MAX)
+#define INT32_MAX 2147483647
+#define UINT32_MAX 4294967295U
+
+#if defined GL_INT64_T && ! defined INT64_MAX
+/* Prefer (- INTMAX_C (1) << 63) over (~ INT64_MAX) because SunPRO C 5.0
+ evaluates the latter incorrectly in preprocessor expressions. */
+# define INT64_MIN (- INTMAX_C (1) << 63)
+# define INT64_MAX INTMAX_C (9223372036854775807)
+#endif
+
+#if defined GL_UINT64_T && ! defined UINT64_MAX
+# define UINT64_MAX UINTMAX_C (18446744073709551615)
+#endif
+
+/* 7.18.2.2. Limits of minimum-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the leastN_t types
+ are the same as the corresponding N_t types. */
+
+#undef INT_LEAST8_MIN
+#undef INT_LEAST8_MAX
+#undef UINT_LEAST8_MAX
+#define INT_LEAST8_MIN INT8_MIN
+#define INT_LEAST8_MAX INT8_MAX
+#define UINT_LEAST8_MAX UINT8_MAX
+
+#undef INT_LEAST16_MIN
+#undef INT_LEAST16_MAX
+#undef UINT_LEAST16_MAX
+#define INT_LEAST16_MIN INT16_MIN
+#define INT_LEAST16_MAX INT16_MAX
+#define UINT_LEAST16_MAX UINT16_MAX
+
+#undef INT_LEAST32_MIN
+#undef INT_LEAST32_MAX
+#undef UINT_LEAST32_MAX
+#define INT_LEAST32_MIN INT32_MIN
+#define INT_LEAST32_MAX INT32_MAX
+#define UINT_LEAST32_MAX UINT32_MAX
+
+#undef INT_LEAST64_MIN
+#undef INT_LEAST64_MAX
+#ifdef GL_INT64_T
+# define INT_LEAST64_MIN INT64_MIN
+# define INT_LEAST64_MAX INT64_MAX
+#endif
+
+#undef UINT_LEAST64_MAX
+#ifdef GL_UINT64_T
+# define UINT_LEAST64_MAX UINT64_MAX
+#endif
+
+/* 7.18.2.3. Limits of fastest minimum-width integer types */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits. Therefore the fastN_t types
+ are taken from the same list of types. */
+
+#undef INT_FAST8_MIN
+#undef INT_FAST8_MAX
+#undef UINT_FAST8_MAX
+#define INT_FAST8_MIN LONG_MIN
+#define INT_FAST8_MAX LONG_MAX
+#define UINT_FAST8_MAX ULONG_MAX
+
+#undef INT_FAST16_MIN
+#undef INT_FAST16_MAX
+#undef UINT_FAST16_MAX
+#define INT_FAST16_MIN LONG_MIN
+#define INT_FAST16_MAX LONG_MAX
+#define UINT_FAST16_MAX ULONG_MAX
+
+#undef INT_FAST32_MIN
+#undef INT_FAST32_MAX
+#undef UINT_FAST32_MAX
+#define INT_FAST32_MIN LONG_MIN
+#define INT_FAST32_MAX LONG_MAX
+#define UINT_FAST32_MAX ULONG_MAX
+
+#undef INT_FAST64_MIN
+#undef INT_FAST64_MAX
+#ifdef GL_INT64_T
+# define INT_FAST64_MIN INT64_MIN
+# define INT_FAST64_MAX INT64_MAX
+#endif
+
+#undef UINT_FAST64_MAX
+#ifdef GL_UINT64_T
+# define UINT_FAST64_MAX UINT64_MAX
+#endif
+
+/* 7.18.2.4. Limits of integer types capable of holding object pointers */
+
+#undef INTPTR_MIN
+#undef INTPTR_MAX
+#undef UINTPTR_MAX
+#define INTPTR_MIN LONG_MIN
+#define INTPTR_MAX LONG_MAX
+#define UINTPTR_MAX ULONG_MAX
+
+/* 7.18.2.5. Limits of greatest-width integer types */
+
+#undef INTMAX_MIN
+#undef INTMAX_MAX
+#ifdef INT64_MAX
+# define INTMAX_MIN INT64_MIN
+# define INTMAX_MAX INT64_MAX
+#else
+# define INTMAX_MIN INT32_MIN
+# define INTMAX_MAX INT32_MAX
+#endif
+
+#undef UINTMAX_MAX
+#ifdef UINT64_MAX
+# define UINTMAX_MAX UINT64_MAX
+#else
+# define UINTMAX_MAX UINT32_MAX
+#endif
+
+/* 7.18.3. Limits of other integer types */
+
+/* ptrdiff_t limits */
+#undef PTRDIFF_MIN
+#undef PTRDIFF_MAX
+#if @APPLE_UNIVERSAL_BUILD@
+# ifdef _LP64
+# define PTRDIFF_MIN _STDINT_MIN (1, 64, 0l)
+# define PTRDIFF_MAX _STDINT_MAX (1, 64, 0l)
+# else
+# define PTRDIFF_MIN _STDINT_MIN (1, 32, 0)
+# define PTRDIFF_MAX _STDINT_MAX (1, 32, 0)
+# endif
+#else
+# define PTRDIFF_MIN \
+ _STDINT_MIN (1, @BITSIZEOF_PTRDIFF_T@, 0@PTRDIFF_T_SUFFIX@)
+# define PTRDIFF_MAX \
+ _STDINT_MAX (1, @BITSIZEOF_PTRDIFF_T@, 0@PTRDIFF_T_SUFFIX@)
+#endif
+
+/* sig_atomic_t limits */
+#undef SIG_ATOMIC_MIN
+#undef SIG_ATOMIC_MAX
+#define SIG_ATOMIC_MIN \
+ _STDINT_MIN (@HAVE_SIGNED_SIG_ATOMIC_T@, @BITSIZEOF_SIG_ATOMIC_T@, \
+ 0@SIG_ATOMIC_T_SUFFIX@)
+#define SIG_ATOMIC_MAX \
+ _STDINT_MAX (@HAVE_SIGNED_SIG_ATOMIC_T@, @BITSIZEOF_SIG_ATOMIC_T@, \
+ 0@SIG_ATOMIC_T_SUFFIX@)
+
+
+/* size_t limit */
+#undef SIZE_MAX
+#if @APPLE_UNIVERSAL_BUILD@
+# ifdef _LP64
+# define SIZE_MAX _STDINT_MAX (0, 64, 0ul)
+# else
+# define SIZE_MAX _STDINT_MAX (0, 32, 0ul)
+# endif
+#else
+# define SIZE_MAX _STDINT_MAX (0, @BITSIZEOF_SIZE_T@, 0@SIZE_T_SUFFIX@)
+#endif
+
+/* wchar_t limits */
+/* Get WCHAR_MIN, WCHAR_MAX.
+ This include is not on the top, above, because on OSF/1 4.0 we have a
+ sequence of nested includes
+ <wchar.h> -> <stdio.h> -> <getopt.h> -> <stdlib.h>, and the latter includes
+ <stdint.h> and assumes its types are already defined. */
+#if @HAVE_WCHAR_H@ && ! (defined WCHAR_MIN && defined WCHAR_MAX)
+ /* BSD/OS 4.0.1 has a bug: <stddef.h>, <stdio.h> and <time.h> must be
+ included before <wchar.h>. */
+# include <stddef.h>
+# include <stdio.h>
+# include <time.h>
+# define _GL_JUST_INCLUDE_SYSTEM_WCHAR_H
+# include <wchar.h>
+# undef _GL_JUST_INCLUDE_SYSTEM_WCHAR_H
+#endif
+#undef WCHAR_MIN
+#undef WCHAR_MAX
+#define WCHAR_MIN \
+ _STDINT_MIN (@HAVE_SIGNED_WCHAR_T@, @BITSIZEOF_WCHAR_T@, 0@WCHAR_T_SUFFIX@)
+#define WCHAR_MAX \
+ _STDINT_MAX (@HAVE_SIGNED_WCHAR_T@, @BITSIZEOF_WCHAR_T@, 0@WCHAR_T_SUFFIX@)
+
+/* wint_t limits */
+#undef WINT_MIN
+#undef WINT_MAX
+#define WINT_MIN \
+ _STDINT_MIN (@HAVE_SIGNED_WINT_T@, @BITSIZEOF_WINT_T@, 0@WINT_T_SUFFIX@)
+#define WINT_MAX \
+ _STDINT_MAX (@HAVE_SIGNED_WINT_T@, @BITSIZEOF_WINT_T@, 0@WINT_T_SUFFIX@)
+
+#endif /* !defined __cplusplus || defined __STDC_LIMIT_MACROS */
+
+/* 7.18.4. Macros for integer constants */
+
+#if ! defined __cplusplus || defined __STDC_CONSTANT_MACROS
+
+/* 7.18.4.1. Macros for minimum-width integer constants */
+/* According to ISO C 99 Technical Corrigendum 1 */
+
+/* Here we assume a standard architecture where the hardware integer
+ types have 8, 16, 32, optionally 64 bits, and int is 32 bits. */
+
+#undef INT8_C
+#undef UINT8_C
+#define INT8_C(x) x
+#define UINT8_C(x) x
+
+#undef INT16_C
+#undef UINT16_C
+#define INT16_C(x) x
+#define UINT16_C(x) x
+
+#undef INT32_C
+#undef UINT32_C
+#define INT32_C(x) x
+#define UINT32_C(x) x ## U
+
+#undef INT64_C
+#undef UINT64_C
+#if LONG_MAX >> 31 >> 31 == 1
+# define INT64_C(x) x##L
+#elif defined _MSC_VER
+# define INT64_C(x) x##i64
+#elif @HAVE_LONG_LONG_INT@
+# define INT64_C(x) x##LL
+#endif
+#if ULONG_MAX >> 31 >> 31 >> 1 == 1
+# define UINT64_C(x) x##UL
+#elif defined _MSC_VER
+# define UINT64_C(x) x##ui64
+#elif @HAVE_UNSIGNED_LONG_LONG_INT@
+# define UINT64_C(x) x##ULL
+#endif
+
+/* 7.18.4.2. Macros for greatest-width integer constants */
+
+#undef INTMAX_C
+#if @HAVE_LONG_LONG_INT@ && LONG_MAX >> 30 == 1
+# define INTMAX_C(x) x##LL
+#elif defined GL_INT64_T
+# define INTMAX_C(x) INT64_C(x)
+#else
+# define INTMAX_C(x) x##L
+#endif
+
+#undef UINTMAX_C
+#if @HAVE_UNSIGNED_LONG_LONG_INT@ && ULONG_MAX >> 31 == 1
+# define UINTMAX_C(x) x##ULL
+#elif defined GL_UINT64_T
+# define UINTMAX_C(x) UINT64_C(x)
+#else
+# define UINTMAX_C(x) x##UL
+#endif
+
+#endif /* !defined __cplusplus || defined __STDC_CONSTANT_MACROS */
+
+#endif /* _GL_STDINT_H */
+#endif /* !defined _GL_STDINT_H && !defined _GL_JUST_INCLUDE_SYSTEM_STDINT_H */
--- /dev/null
+/* Implementation details of FILE streams.
+ Copyright (C) 2007-2008, 2010-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Many stdio implementations have the same logic and therefore can share
+ the same implementation of stdio extension API, except that some fields
+ have different naming conventions, or their access requires some casts. */
+
+
+/* BSD stdio derived implementations. */
+
+#if defined __NetBSD__ /* NetBSD */
+/* Get __NetBSD_Version__. */
+# include <sys/param.h>
+#endif
+
+#if defined __sferror || defined __DragonFly__ /* FreeBSD, NetBSD, OpenBSD, DragonFly, MacOS X, Cygwin */
+
+# if defined __DragonFly__ /* DragonFly */
+ /* See <http://www.dragonflybsd.org/cvsweb/src/lib/libc/stdio/priv_stdio.h?rev=HEAD&content-type=text/x-cvsweb-markup>. */
+# define fp_ ((struct { struct __FILE_public pub; \
+ struct { unsigned char *_base; int _size; } _bf; \
+ void *cookie; \
+ void *_close; \
+ void *_read; \
+ void *_seek; \
+ void *_write; \
+ struct { unsigned char *_base; int _size; } _ub; \
+ int _ur; \
+ unsigned char _ubuf[3]; \
+ unsigned char _nbuf[1]; \
+ struct { unsigned char *_base; int _size; } _lb; \
+ int _blksize; \
+ fpos_t _offset; \
+ /* More fields, not relevant here. */ \
+ } *) fp)
+ /* See <http://www.dragonflybsd.org/cvsweb/src/include/stdio.h?rev=HEAD&content-type=text/x-cvsweb-markup>. */
+# define _p pub._p
+# define _flags pub._flags
+# define _r pub._r
+# define _w pub._w
+# else
+# define fp_ fp
+# endif
+
+# if (defined __NetBSD__ && __NetBSD_Version__ >= 105270000) || defined __OpenBSD__ /* NetBSD >= 1.5ZA, OpenBSD */
+ /* See <http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdio/fileext.h?rev=HEAD&content-type=text/x-cvsweb-markup>
+ and <http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdio/fileext.h?rev=HEAD&content-type=text/x-cvsweb-markup> */
+ struct __sfileext
+ {
+ struct __sbuf _ub; /* ungetc buffer */
+ /* More fields, not relevant here. */
+ };
+# define fp_ub ((struct __sfileext *) fp->_ext._base)->_ub
+# else /* FreeBSD, NetBSD <= 1.5Z, DragonFly, MacOS X, Cygwin */
+# define fp_ub fp_->_ub
+# endif
+
+# define HASUB(fp) (fp_ub._base != NULL)
+
+#endif
+
+
+/* SystemV derived implementations. */
+
+#ifdef __TANDEM /* NonStop Kernel */
+# ifndef _IOERR
+/* These values were determined by the program 'stdioext-flags' at
+ <http://lists.gnu.org/archive/html/bug-gnulib/2010-12/msg00165.html>. */
+# define _IOERR 0x40
+# define _IOREAD 0x80
+# define _IOWRT 0x4
+# define _IORW 0x100
+# endif
+#endif
+
+#if defined _IOERR
+
+# if defined __sun && defined _LP64 /* Solaris/{SPARC,AMD64} 64-bit */
+# define fp_ ((struct { unsigned char *_ptr; \
+ unsigned char *_base; \
+ unsigned char *_end; \
+ long _cnt; \
+ int _file; \
+ unsigned int _flag; \
+ } *) fp)
+# else
+# define fp_ fp
+# endif
+
+# if defined _SCO_DS /* OpenServer */
+# define _cnt __cnt
+# define _ptr __ptr
+# define _base __base
+# define _flag __flag
+# endif
+
+#endif
--- /dev/null
+/* POSIX compatible FILE stream write function.
+ Copyright (C) 2008-2011 Free Software Foundation, Inc.
+ Written by Bruno Haible <bruno@clisp.org>, 2008.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+/* Specification. */
+#include <stdio.h>
+
+/* Replace these functions only if module 'sigpipe' is requested. */
+#if GNULIB_SIGPIPE
+
+/* On native Windows platforms, SIGPIPE does not exist. When write() is
+ called on a pipe with no readers, WriteFile() fails with error
+ GetLastError() = ERROR_NO_DATA, and write() in consequence fails with
+ error EINVAL. This write() function is at the basis of the function
+ which flushes the buffer of a FILE stream. */
+
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+
+# include <errno.h>
+# include <signal.h>
+# include <io.h>
+
+# define WIN32_LEAN_AND_MEAN /* avoid including junk */
+# include <windows.h>
+
+# define CALL_WITH_SIGPIPE_EMULATION(RETTYPE, EXPRESSION, FAILED) \
+ if (ferror (stream)) \
+ return (EXPRESSION); \
+ else \
+ { \
+ RETTYPE ret; \
+ SetLastError (0); \
+ ret = (EXPRESSION); \
+ if (FAILED && GetLastError () == ERROR_NO_DATA && ferror (stream)) \
+ { \
+ int fd = fileno (stream); \
+ if (fd >= 0 \
+ && GetFileType ((HANDLE) _get_osfhandle (fd)) == FILE_TYPE_PIPE)\
+ { \
+ /* Try to raise signal SIGPIPE. */ \
+ raise (SIGPIPE); \
+ /* If it is currently blocked or ignored, change errno from \
+ EINVAL to EPIPE. */ \
+ errno = EPIPE; \
+ } \
+ } \
+ return ret; \
+ }
+
+# if !REPLACE_PRINTF_POSIX /* avoid collision with printf.c */
+int
+printf (const char *format, ...)
+{
+ int retval;
+ va_list args;
+
+ va_start (args, format);
+ retval = vfprintf (stdout, format, args);
+ va_end (args);
+
+ return retval;
+}
+# endif
+
+# if !REPLACE_FPRINTF_POSIX /* avoid collision with fprintf.c */
+int
+fprintf (FILE *stream, const char *format, ...)
+{
+ int retval;
+ va_list args;
+
+ va_start (args, format);
+ retval = vfprintf (stream, format, args);
+ va_end (args);
+
+ return retval;
+}
+# endif
+
+# if !REPLACE_VPRINTF_POSIX /* avoid collision with vprintf.c */
+int
+vprintf (const char *format, va_list args)
+{
+ return vfprintf (stdout, format, args);
+}
+# endif
+
+# if !REPLACE_VFPRINTF_POSIX /* avoid collision with vfprintf.c */
+int
+vfprintf (FILE *stream, const char *format, va_list args)
+#undef vfprintf
+{
+ CALL_WITH_SIGPIPE_EMULATION (int, vfprintf (stream, format, args), ret == EOF)
+}
+# endif
+
+int
+putchar (int c)
+{
+ return fputc (c, stdout);
+}
+
+int
+fputc (int c, FILE *stream)
+#undef fputc
+{
+ CALL_WITH_SIGPIPE_EMULATION (int, fputc (c, stream), ret == EOF)
+}
+
+int
+fputs (const char *string, FILE *stream)
+#undef fputs
+{
+ CALL_WITH_SIGPIPE_EMULATION (int, fputs (string, stream), ret == EOF)
+}
+
+int
+puts (const char *string)
+#undef puts
+{
+ FILE *stream = stdout;
+ CALL_WITH_SIGPIPE_EMULATION (int, puts (string), ret == EOF)
+}
+
+size_t
+fwrite (const void *ptr, size_t s, size_t n, FILE *stream)
+#undef fwrite
+{
+ CALL_WITH_SIGPIPE_EMULATION (size_t, fwrite (ptr, s, n, stream), ret < n)
+}
+
+# endif
+#endif
--- /dev/null
+/* A GNU-like <stdio.h>.
+
+ Copyright (C) 2004, 2007-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+#if defined __need_FILE || defined __need___FILE || defined _GL_ALREADY_INCLUDING_STDIO_H
+/* Special invocation convention:
+ - Inside glibc header files.
+ - On OSF/1 5.1 we have a sequence of nested includes
+ <stdio.h> -> <getopt.h> -> <ctype.h> -> <sys/localedef.h> ->
+ <sys/lc_core.h> -> <nl_types.h> -> <mesg.h> -> <stdio.h>.
+ In this situation, the functions are not yet declared, therefore we cannot
+ provide the C++ aliases. */
+
+#@INCLUDE_NEXT@ @NEXT_STDIO_H@
+
+#else
+/* Normal invocation convention. */
+
+#ifndef _GL_STDIO_H
+
+#define _GL_ALREADY_INCLUDING_STDIO_H
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_STDIO_H@
+
+#undef _GL_ALREADY_INCLUDING_STDIO_H
+
+#ifndef _GL_STDIO_H
+#define _GL_STDIO_H
+
+/* Get va_list. Needed on many systems, including glibc 2.8. */
+#include <stdarg.h>
+
+#include <stddef.h>
+
+/* Get off_t and ssize_t. Needed on many systems, including glibc 2.8
+ and eglibc 2.11.2. */
+#include <sys/types.h>
+
+/* The __attribute__ feature is available in gcc versions 2.5 and later.
+ The __-protected variants of the attributes 'format' and 'printf' are
+ accepted by gcc versions 2.6.4 (effectively 2.7) and later.
+ We enable _GL_ATTRIBUTE_FORMAT only if these are supported too, because
+ gnulib and libintl do '#define printf __printf__' when they override
+ the 'printf' function. */
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+# define _GL_ATTRIBUTE_FORMAT(spec) __attribute__ ((__format__ spec))
+#else
+# define _GL_ATTRIBUTE_FORMAT(spec) /* empty */
+#endif
+#define _GL_ATTRIBUTE_FORMAT_PRINTF(formatstring_parameter, first_argument) \
+ _GL_ATTRIBUTE_FORMAT ((__printf__, formatstring_parameter, first_argument))
+
+/* Solaris 10 declares renameat in <unistd.h>, not in <stdio.h>. */
+/* But in any case avoid namespace pollution on glibc systems. */
+#if (@GNULIB_RENAMEAT@ || defined GNULIB_POSIXCHECK) && defined __sun \
+ && ! defined __GLIBC__
+# include <unistd.h>
+#endif
+
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+/* Macros for stringification. */
+#define _GL_STDIO_STRINGIZE(token) #token
+#define _GL_STDIO_MACROEXPAND_AND_STRINGIZE(token) _GL_STDIO_STRINGIZE(token)
+
+
+#if @GNULIB_DPRINTF@
+# if @REPLACE_DPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define dprintf rpl_dprintf
+# endif
+_GL_FUNCDECL_RPL (dprintf, int, (int fd, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (dprintf, int, (int fd, const char *format, ...));
+# else
+# if !@HAVE_DPRINTF@
+_GL_FUNCDECL_SYS (dprintf, int, (int fd, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (dprintf, int, (int fd, const char *format, ...));
+# endif
+_GL_CXXALIASWARN (dprintf);
+#elif defined GNULIB_POSIXCHECK
+# undef dprintf
+# if HAVE_RAW_DECL_DPRINTF
+_GL_WARN_ON_USE (dprintf, "dprintf is unportable - "
+ "use gnulib module dprintf for portability");
+# endif
+#endif
+
+#if @GNULIB_FCLOSE@
+/* Close STREAM and its underlying file descriptor. */
+# if @REPLACE_FCLOSE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define fclose rpl_fclose
+# endif
+_GL_FUNCDECL_RPL (fclose, int, (FILE *stream) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (fclose, int, (FILE *stream));
+# else
+_GL_CXXALIAS_SYS (fclose, int, (FILE *stream));
+# endif
+_GL_CXXALIASWARN (fclose);
+#elif defined GNULIB_POSIXCHECK
+# undef fclose
+/* Assume fclose is always declared. */
+_GL_WARN_ON_USE (fclose, "fclose is not always POSIX compliant - "
+ "use gnulib module fclose for portable POSIX compliance");
+#endif
+
+#if @GNULIB_FFLUSH@
+/* Flush all pending data on STREAM according to POSIX rules. Both
+ output and seekable input streams are supported.
+ Note! LOSS OF DATA can occur if fflush is applied on an input stream
+ that is _not_seekable_ or on an update stream that is _not_seekable_
+ and in which the most recent operation was input. Seekability can
+ be tested with lseek(fileno(fp),0,SEEK_CUR). */
+# if @REPLACE_FFLUSH@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define fflush rpl_fflush
+# endif
+_GL_FUNCDECL_RPL (fflush, int, (FILE *gl_stream));
+_GL_CXXALIAS_RPL (fflush, int, (FILE *gl_stream));
+# else
+_GL_CXXALIAS_SYS (fflush, int, (FILE *gl_stream));
+# endif
+_GL_CXXALIASWARN (fflush);
+#elif defined GNULIB_POSIXCHECK
+# undef fflush
+/* Assume fflush is always declared. */
+_GL_WARN_ON_USE (fflush, "fflush is not always POSIX compliant - "
+ "use gnulib module fflush for portable POSIX compliance");
+#endif
+
+/* It is very rare that the developer ever has full control of stdin,
+ so any use of gets warrants an unconditional warning. Assume it is
+ always declared, since it is required by C89. */
+#undef gets
+_GL_WARN_ON_USE (gets, "gets is a security hole - use fgets instead");
+
+#if @GNULIB_FOPEN@
+# if @REPLACE_FOPEN@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fopen
+# define fopen rpl_fopen
+# endif
+_GL_FUNCDECL_RPL (fopen, FILE *, (const char *filename, const char *mode)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (fopen, FILE *, (const char *filename, const char *mode));
+# else
+_GL_CXXALIAS_SYS (fopen, FILE *, (const char *filename, const char *mode));
+# endif
+_GL_CXXALIASWARN (fopen);
+#elif defined GNULIB_POSIXCHECK
+# undef fopen
+/* Assume fopen is always declared. */
+_GL_WARN_ON_USE (fopen, "fopen on Win32 platforms is not POSIX compatible - "
+ "use gnulib module fopen for portability");
+#endif
+
+#if @GNULIB_FPRINTF_POSIX@ || @GNULIB_FPRINTF@
+# if (@GNULIB_FPRINTF_POSIX@ && @REPLACE_FPRINTF@) \
+ || (@GNULIB_FPRINTF@ && @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@)
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define fprintf rpl_fprintf
+# endif
+# define GNULIB_overrides_fprintf 1
+_GL_FUNCDECL_RPL (fprintf, int, (FILE *fp, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (fprintf, int, (FILE *fp, const char *format, ...));
+# else
+_GL_CXXALIAS_SYS (fprintf, int, (FILE *fp, const char *format, ...));
+# endif
+_GL_CXXALIASWARN (fprintf);
+#endif
+#if !@GNULIB_FPRINTF_POSIX@ && defined GNULIB_POSIXCHECK
+# if !GNULIB_overrides_fprintf
+# undef fprintf
+# endif
+/* Assume fprintf is always declared. */
+_GL_WARN_ON_USE (fprintf, "fprintf is not always POSIX compliant - "
+ "use gnulib module fprintf-posix for portable "
+ "POSIX compliance");
+#endif
+
+#if @GNULIB_FPURGE@
+/* Discard all pending buffered I/O data on STREAM.
+ STREAM must not be wide-character oriented.
+ When discarding pending output, the file position is set back to where it
+ was before the write calls. When discarding pending input, the file
+ position is advanced to match the end of the previously read input.
+ Return 0 if successful. Upon error, return -1 and set errno. */
+# if @REPLACE_FPURGE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define fpurge rpl_fpurge
+# endif
+_GL_FUNCDECL_RPL (fpurge, int, (FILE *gl_stream) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (fpurge, int, (FILE *gl_stream));
+# else
+# if !@HAVE_DECL_FPURGE@
+_GL_FUNCDECL_SYS (fpurge, int, (FILE *gl_stream) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (fpurge, int, (FILE *gl_stream));
+# endif
+_GL_CXXALIASWARN (fpurge);
+#elif defined GNULIB_POSIXCHECK
+# undef fpurge
+# if HAVE_RAW_DECL_FPURGE
+_GL_WARN_ON_USE (fpurge, "fpurge is not always present - "
+ "use gnulib module fpurge for portability");
+# endif
+#endif
+
+#if @GNULIB_FPUTC@
+# if @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fputc
+# define fputc rpl_fputc
+# endif
+_GL_FUNCDECL_RPL (fputc, int, (int c, FILE *stream) _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (fputc, int, (int c, FILE *stream));
+# else
+_GL_CXXALIAS_SYS (fputc, int, (int c, FILE *stream));
+# endif
+_GL_CXXALIASWARN (fputc);
+#endif
+
+#if @GNULIB_FPUTS@
+# if @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fputs
+# define fputs rpl_fputs
+# endif
+_GL_FUNCDECL_RPL (fputs, int, (const char *string, FILE *stream)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (fputs, int, (const char *string, FILE *stream));
+# else
+_GL_CXXALIAS_SYS (fputs, int, (const char *string, FILE *stream));
+# endif
+_GL_CXXALIASWARN (fputs);
+#endif
+
+#if @GNULIB_FREOPEN@
+# if @REPLACE_FREOPEN@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef freopen
+# define freopen rpl_freopen
+# endif
+_GL_FUNCDECL_RPL (freopen, FILE *,
+ (const char *filename, const char *mode, FILE *stream)
+ _GL_ARG_NONNULL ((2, 3)));
+_GL_CXXALIAS_RPL (freopen, FILE *,
+ (const char *filename, const char *mode, FILE *stream));
+# else
+_GL_CXXALIAS_SYS (freopen, FILE *,
+ (const char *filename, const char *mode, FILE *stream));
+# endif
+_GL_CXXALIASWARN (freopen);
+#elif defined GNULIB_POSIXCHECK
+# undef freopen
+/* Assume freopen is always declared. */
+_GL_WARN_ON_USE (freopen,
+ "freopen on Win32 platforms is not POSIX compatible - "
+ "use gnulib module freopen for portability");
+#endif
+
+
+/* Set up the following warnings, based on which modules are in use.
+ GNU Coding Standards discourage the use of fseek, since it imposes
+ an arbitrary limitation on some 32-bit hosts. Remember that the
+ fseek module depends on the fseeko module, so we only have three
+ cases to consider:
+
+ 1. The developer is not using either module. Issue a warning under
+ GNULIB_POSIXCHECK for both functions, to remind them that both
+ functions have bugs on some systems. _GL_NO_LARGE_FILES has no
+ impact on this warning.
+
+ 2. The developer is using both modules. They may be unaware of the
+ arbitrary limitations of fseek, so issue a warning under
+ GNULIB_POSIXCHECK. On the other hand, they may be using both
+ modules intentionally, so the developer can define
+ _GL_NO_LARGE_FILES in the compilation units where the use of fseek
+ is safe, to silence the warning.
+
+ 3. The developer is using the fseeko module, but not fseek. Gnulib
+ guarantees that fseek will still work around platform bugs in that
+ case, but we presume that the developer is aware of the pitfalls of
+ fseek and was trying to avoid it, so issue a warning even when
+ GNULIB_POSIXCHECK is undefined. Again, _GL_NO_LARGE_FILES can be
+ defined to silence the warning in particular compilation units.
+ In C++ compilations with GNULIB_NAMESPACE, in order to avoid that
+ fseek gets defined as a macro, it is recommended that the developer
+ uses the fseek module, even if he is not calling the fseek function.
+
+ Most gnulib clients that perform stream operations should fall into
+ category 3. */
+
+#if @GNULIB_FSEEK@
+# if defined GNULIB_POSIXCHECK && !defined _GL_NO_LARGE_FILES
+# define _GL_FSEEK_WARN /* Category 2, above. */
+# undef fseek
+# endif
+# if @REPLACE_FSEEK@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fseek
+# define fseek rpl_fseek
+# endif
+_GL_FUNCDECL_RPL (fseek, int, (FILE *fp, long offset, int whence)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (fseek, int, (FILE *fp, long offset, int whence));
+# else
+_GL_CXXALIAS_SYS (fseek, int, (FILE *fp, long offset, int whence));
+# endif
+_GL_CXXALIASWARN (fseek);
+#endif
+
+#if @GNULIB_FSEEKO@
+# if !@GNULIB_FSEEK@ && !defined _GL_NO_LARGE_FILES
+# define _GL_FSEEK_WARN /* Category 3, above. */
+# undef fseek
+# endif
+# if @REPLACE_FSEEKO@
+/* Provide an fseeko function that is aware of a preceding fflush(), and which
+ detects pipes. */
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fseeko
+# define fseeko rpl_fseeko
+# endif
+_GL_FUNCDECL_RPL (fseeko, int, (FILE *fp, off_t offset, int whence)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (fseeko, int, (FILE *fp, off_t offset, int whence));
+# else
+# if ! @HAVE_DECL_FSEEKO@
+_GL_FUNCDECL_SYS (fseeko, int, (FILE *fp, off_t offset, int whence)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (fseeko, int, (FILE *fp, off_t offset, int whence));
+# endif
+_GL_CXXALIASWARN (fseeko);
+# if (@REPLACE_FSEEKO@ || !@HAVE_FSEEKO@) && !@GNULIB_FSEEK@
+ /* Provide an fseek function that is consistent with fseeko. */
+ /* In order to avoid that fseek gets defined as a macro here, the
+ developer can request the 'fseek' module. */
+# if !GNULIB_defined_fseek_function
+# undef fseek
+# define fseek rpl_fseek
+static inline int _GL_ARG_NONNULL ((1))
+rpl_fseek (FILE *fp, long offset, int whence)
+{
+# if @REPLACE_FSEEKO@
+ return rpl_fseeko (fp, offset, whence);
+# else
+ return fseeko (fp, offset, whence);
+# endif
+}
+# define GNULIB_defined_fseek_function 1
+# endif
+# endif
+#elif defined GNULIB_POSIXCHECK
+# define _GL_FSEEK_WARN /* Category 1, above. */
+# undef fseek
+# undef fseeko
+# if HAVE_RAW_DECL_FSEEKO
+_GL_WARN_ON_USE (fseeko, "fseeko is unportable - "
+ "use gnulib module fseeko for portability");
+# endif
+#endif
+
+#ifdef _GL_FSEEK_WARN
+# undef _GL_FSEEK_WARN
+/* Here, either fseek is undefined (but C89 guarantees that it is
+ declared), or it is defined as rpl_fseek (declared above). */
+_GL_WARN_ON_USE (fseek, "fseek cannot handle files larger than 4 GB "
+ "on 32-bit platforms - "
+ "use fseeko function for handling of large files");
+#endif
+
+
+/* ftell, ftello. See the comments on fseek/fseeko. */
+
+#if @GNULIB_FTELL@
+# if defined GNULIB_POSIXCHECK && !defined _GL_NO_LARGE_FILES
+# define _GL_FTELL_WARN /* Category 2, above. */
+# undef ftell
+# endif
+# if @REPLACE_FTELL@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef ftell
+# define ftell rpl_ftell
+# endif
+_GL_FUNCDECL_RPL (ftell, long, (FILE *fp) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (ftell, long, (FILE *fp));
+# else
+_GL_CXXALIAS_SYS (ftell, long, (FILE *fp));
+# endif
+_GL_CXXALIASWARN (ftell);
+#endif
+
+#if @GNULIB_FTELLO@
+# if !@GNULIB_FTELL@ && !defined _GL_NO_LARGE_FILES
+# define _GL_FTELL_WARN /* Category 3, above. */
+# undef ftell
+# endif
+# if @REPLACE_FTELLO@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef ftello
+# define ftello rpl_ftello
+# endif
+_GL_FUNCDECL_RPL (ftello, off_t, (FILE *fp) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (ftello, off_t, (FILE *fp));
+# else
+# if ! @HAVE_DECL_FTELLO@
+_GL_FUNCDECL_SYS (ftello, off_t, (FILE *fp) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (ftello, off_t, (FILE *fp));
+# endif
+_GL_CXXALIASWARN (ftello);
+# if (@REPLACE_FTELLO@ || !@HAVE_FTELLO@) && !@GNULIB_FTELL@
+ /* Provide an ftell function that is consistent with ftello. */
+ /* In order to avoid that ftell gets defined as a macro here, the
+ developer can request the 'ftell' module. */
+# if !GNULIB_defined_ftell_function
+# undef ftell
+# define ftell rpl_ftell
+static inline long _GL_ARG_NONNULL ((1))
+rpl_ftell (FILE *f)
+{
+# if @REPLACE_FTELLO@
+ return rpl_ftello (f);
+# else
+ return ftello (f);
+# endif
+}
+# define GNULIB_defined_ftell_function 1
+# endif
+# endif
+#elif defined GNULIB_POSIXCHECK
+# define _GL_FTELL_WARN /* Category 1, above. */
+# undef ftell
+# undef ftello
+# if HAVE_RAW_DECL_FTELLO
+_GL_WARN_ON_USE (ftello, "ftello is unportable - "
+ "use gnulib module ftello for portability");
+# endif
+#endif
+
+#ifdef _GL_FTELL_WARN
+# undef _GL_FTELL_WARN
+/* Here, either ftell is undefined (but C89 guarantees that it is
+ declared), or it is defined as rpl_ftell (declared above). */
+_GL_WARN_ON_USE (ftell, "ftell cannot handle files larger than 4 GB "
+ "on 32-bit platforms - "
+ "use ftello function for handling of large files");
+#endif
+
+
+#if @GNULIB_FWRITE@
+# if @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fwrite
+# define fwrite rpl_fwrite
+# endif
+_GL_FUNCDECL_RPL (fwrite, size_t,
+ (const void *ptr, size_t s, size_t n, FILE *stream)
+ _GL_ARG_NONNULL ((1, 4)));
+_GL_CXXALIAS_RPL (fwrite, size_t,
+ (const void *ptr, size_t s, size_t n, FILE *stream));
+# else
+_GL_CXXALIAS_SYS (fwrite, size_t,
+ (const void *ptr, size_t s, size_t n, FILE *stream));
+# endif
+_GL_CXXALIASWARN (fwrite);
+#endif
+
+#if @GNULIB_GETDELIM@
+/* Read input, up to (and including) the next occurrence of DELIMITER, from
+ STREAM, store it in *LINEPTR (and NUL-terminate it).
+ *LINEPTR is a pointer returned from malloc (or NULL), pointing to *LINESIZE
+ bytes of space. It is realloc'd as necessary.
+ Return the number of bytes read and stored at *LINEPTR (not including the
+ NUL terminator), or -1 on error or EOF. */
+# if @REPLACE_GETDELIM@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef getdelim
+# define getdelim rpl_getdelim
+# endif
+_GL_FUNCDECL_RPL (getdelim, ssize_t,
+ (char **lineptr, size_t *linesize, int delimiter,
+ FILE *stream)
+ _GL_ARG_NONNULL ((1, 2, 4)));
+_GL_CXXALIAS_RPL (getdelim, ssize_t,
+ (char **lineptr, size_t *linesize, int delimiter,
+ FILE *stream));
+# else
+# if !@HAVE_DECL_GETDELIM@
+_GL_FUNCDECL_SYS (getdelim, ssize_t,
+ (char **lineptr, size_t *linesize, int delimiter,
+ FILE *stream)
+ _GL_ARG_NONNULL ((1, 2, 4)));
+# endif
+_GL_CXXALIAS_SYS (getdelim, ssize_t,
+ (char **lineptr, size_t *linesize, int delimiter,
+ FILE *stream));
+# endif
+_GL_CXXALIASWARN (getdelim);
+#elif defined GNULIB_POSIXCHECK
+# undef getdelim
+# if HAVE_RAW_DECL_GETDELIM
+_GL_WARN_ON_USE (getdelim, "getdelim is unportable - "
+ "use gnulib module getdelim for portability");
+# endif
+#endif
+
+#if @GNULIB_GETLINE@
+/* Read a line, up to (and including) the next newline, from STREAM, store it
+ in *LINEPTR (and NUL-terminate it).
+ *LINEPTR is a pointer returned from malloc (or NULL), pointing to *LINESIZE
+ bytes of space. It is realloc'd as necessary.
+ Return the number of bytes read and stored at *LINEPTR (not including the
+ NUL terminator), or -1 on error or EOF. */
+# if @REPLACE_GETLINE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef getline
+# define getline rpl_getline
+# endif
+_GL_FUNCDECL_RPL (getline, ssize_t,
+ (char **lineptr, size_t *linesize, FILE *stream)
+ _GL_ARG_NONNULL ((1, 2, 3)));
+_GL_CXXALIAS_RPL (getline, ssize_t,
+ (char **lineptr, size_t *linesize, FILE *stream));
+# else
+# if !@HAVE_DECL_GETLINE@
+_GL_FUNCDECL_SYS (getline, ssize_t,
+ (char **lineptr, size_t *linesize, FILE *stream)
+ _GL_ARG_NONNULL ((1, 2, 3)));
+# endif
+_GL_CXXALIAS_SYS (getline, ssize_t,
+ (char **lineptr, size_t *linesize, FILE *stream));
+# endif
+# if @HAVE_DECL_GETLINE@
+_GL_CXXALIASWARN (getline);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef getline
+# if HAVE_RAW_DECL_GETLINE
+_GL_WARN_ON_USE (getline, "getline is unportable - "
+ "use gnulib module getline for portability");
+# endif
+#endif
+
+#if @GNULIB_OBSTACK_PRINTF@ || @GNULIB_OBSTACK_PRINTF_POSIX@
+struct obstack;
+/* Grow an obstack with formatted output. Return the number of
+ bytes added to OBS. No trailing nul byte is added, and the
+ object should be closed with obstack_finish before use. Upon
+ memory allocation error, call obstack_alloc_failed_handler. Upon
+ other error, return -1. */
+# if @REPLACE_OBSTACK_PRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define obstack_printf rpl_obstack_printf
+# endif
+_GL_FUNCDECL_RPL (obstack_printf, int,
+ (struct obstack *obs, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (obstack_printf, int,
+ (struct obstack *obs, const char *format, ...));
+# else
+# if !@HAVE_DECL_OBSTACK_PRINTF@
+_GL_FUNCDECL_SYS (obstack_printf, int,
+ (struct obstack *obs, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (obstack_printf, int,
+ (struct obstack *obs, const char *format, ...));
+# endif
+_GL_CXXALIASWARN (obstack_printf);
+# if @REPLACE_OBSTACK_PRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define obstack_vprintf rpl_obstack_vprintf
+# endif
+_GL_FUNCDECL_RPL (obstack_vprintf, int,
+ (struct obstack *obs, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (obstack_vprintf, int,
+ (struct obstack *obs, const char *format, va_list args));
+# else
+# if !@HAVE_DECL_OBSTACK_PRINTF@
+_GL_FUNCDECL_SYS (obstack_vprintf, int,
+ (struct obstack *obs, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (obstack_vprintf, int,
+ (struct obstack *obs, const char *format, va_list args));
+# endif
+_GL_CXXALIASWARN (obstack_vprintf);
+#endif
+
+#if @GNULIB_PERROR@
+/* Print a message to standard error, describing the value of ERRNO,
+ (if STRING is not NULL and not empty) prefixed with STRING and ": ",
+ and terminated with a newline. */
+# if @REPLACE_PERROR@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define perror rpl_perror
+# endif
+_GL_FUNCDECL_RPL (perror, void, (const char *string));
+_GL_CXXALIAS_RPL (perror, void, (const char *string));
+# else
+_GL_CXXALIAS_SYS (perror, void, (const char *string));
+# endif
+_GL_CXXALIASWARN (perror);
+#elif defined GNULIB_POSIXCHECK
+# undef perror
+/* Assume perror is always declared. */
+_GL_WARN_ON_USE (perror, "perror is not always POSIX compliant - "
+ "use gnulib module perror for portability");
+#endif
+
+#if @GNULIB_POPEN@
+# if @REPLACE_POPEN@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef popen
+# define popen rpl_popen
+# endif
+_GL_FUNCDECL_RPL (popen, FILE *, (const char *cmd, const char *mode)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (popen, FILE *, (const char *cmd, const char *mode));
+# else
+_GL_CXXALIAS_SYS (popen, FILE *, (const char *cmd, const char *mode));
+# endif
+_GL_CXXALIASWARN (popen);
+#elif defined GNULIB_POSIXCHECK
+# undef popen
+# if HAVE_RAW_DECL_POPEN
+_GL_WARN_ON_USE (popen, "popen is buggy on some platforms - "
+ "use gnulib module popen or pipe for more portability");
+# endif
+#endif
+
+#if @GNULIB_PRINTF_POSIX@ || @GNULIB_PRINTF@
+# if (@GNULIB_PRINTF_POSIX@ && @REPLACE_PRINTF@) \
+ || (@GNULIB_PRINTF@ && @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@)
+# if defined __GNUC__
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+/* Don't break __attribute__((format(printf,M,N))). */
+# define printf __printf__
+# endif
+_GL_FUNCDECL_RPL_1 (__printf__, int,
+ (const char *format, ...)
+ __asm__ (@ASM_SYMBOL_PREFIX@
+ _GL_STDIO_MACROEXPAND_AND_STRINGIZE(rpl_printf))
+ _GL_ATTRIBUTE_FORMAT_PRINTF (1, 2)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL_1 (printf, __printf__, int, (const char *format, ...));
+# else
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define printf rpl_printf
+# endif
+_GL_FUNCDECL_RPL (printf, int,
+ (const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (1, 2)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (printf, int, (const char *format, ...));
+# endif
+# define GNULIB_overrides_printf 1
+# else
+_GL_CXXALIAS_SYS (printf, int, (const char *format, ...));
+# endif
+_GL_CXXALIASWARN (printf);
+#endif
+#if !@GNULIB_PRINTF_POSIX@ && defined GNULIB_POSIXCHECK
+# if !GNULIB_overrides_printf
+# undef printf
+# endif
+/* Assume printf is always declared. */
+_GL_WARN_ON_USE (printf, "printf is not always POSIX compliant - "
+ "use gnulib module printf-posix for portable "
+ "POSIX compliance");
+#endif
+
+#if @GNULIB_PUTC@
+# if @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef putc
+# define putc rpl_fputc
+# endif
+_GL_FUNCDECL_RPL (fputc, int, (int c, FILE *stream) _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL_1 (putc, rpl_fputc, int, (int c, FILE *stream));
+# else
+_GL_CXXALIAS_SYS (putc, int, (int c, FILE *stream));
+# endif
+_GL_CXXALIASWARN (putc);
+#endif
+
+#if @GNULIB_PUTCHAR@
+# if @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef putchar
+# define putchar rpl_putchar
+# endif
+_GL_FUNCDECL_RPL (putchar, int, (int c));
+_GL_CXXALIAS_RPL (putchar, int, (int c));
+# else
+_GL_CXXALIAS_SYS (putchar, int, (int c));
+# endif
+_GL_CXXALIASWARN (putchar);
+#endif
+
+#if @GNULIB_PUTS@
+# if @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef puts
+# define puts rpl_puts
+# endif
+_GL_FUNCDECL_RPL (puts, int, (const char *string) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (puts, int, (const char *string));
+# else
+_GL_CXXALIAS_SYS (puts, int, (const char *string));
+# endif
+_GL_CXXALIASWARN (puts);
+#endif
+
+#if @GNULIB_REMOVE@
+# if @REPLACE_REMOVE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef remove
+# define remove rpl_remove
+# endif
+_GL_FUNCDECL_RPL (remove, int, (const char *name) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (remove, int, (const char *name));
+# else
+_GL_CXXALIAS_SYS (remove, int, (const char *name));
+# endif
+_GL_CXXALIASWARN (remove);
+#elif defined GNULIB_POSIXCHECK
+# undef remove
+/* Assume remove is always declared. */
+_GL_WARN_ON_USE (remove, "remove cannot handle directories on some platforms - "
+ "use gnulib module remove for more portability");
+#endif
+
+#if @GNULIB_RENAME@
+# if @REPLACE_RENAME@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef rename
+# define rename rpl_rename
+# endif
+_GL_FUNCDECL_RPL (rename, int,
+ (const char *old_filename, const char *new_filename)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (rename, int,
+ (const char *old_filename, const char *new_filename));
+# else
+_GL_CXXALIAS_SYS (rename, int,
+ (const char *old_filename, const char *new_filename));
+# endif
+_GL_CXXALIASWARN (rename);
+#elif defined GNULIB_POSIXCHECK
+# undef rename
+/* Assume rename is always declared. */
+_GL_WARN_ON_USE (rename, "rename is buggy on some platforms - "
+ "use gnulib module rename for more portability");
+#endif
+
+#if @GNULIB_RENAMEAT@
+# if @REPLACE_RENAMEAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef renameat
+# define renameat rpl_renameat
+# endif
+_GL_FUNCDECL_RPL (renameat, int,
+ (int fd1, char const *file1, int fd2, char const *file2)
+ _GL_ARG_NONNULL ((2, 4)));
+_GL_CXXALIAS_RPL (renameat, int,
+ (int fd1, char const *file1, int fd2, char const *file2));
+# else
+# if !@HAVE_RENAMEAT@
+_GL_FUNCDECL_SYS (renameat, int,
+ (int fd1, char const *file1, int fd2, char const *file2)
+ _GL_ARG_NONNULL ((2, 4)));
+# endif
+_GL_CXXALIAS_SYS (renameat, int,
+ (int fd1, char const *file1, int fd2, char const *file2));
+# endif
+_GL_CXXALIASWARN (renameat);
+#elif defined GNULIB_POSIXCHECK
+# undef renameat
+# if HAVE_RAW_DECL_RENAMEAT
+_GL_WARN_ON_USE (renameat, "renameat is not portable - "
+ "use gnulib module renameat for portability");
+# endif
+#endif
+
+#if @GNULIB_SNPRINTF@
+# if @REPLACE_SNPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define snprintf rpl_snprintf
+# endif
+_GL_FUNCDECL_RPL (snprintf, int,
+ (char *str, size_t size, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (3, 4)
+ _GL_ARG_NONNULL ((3)));
+_GL_CXXALIAS_RPL (snprintf, int,
+ (char *str, size_t size, const char *format, ...));
+# else
+# if !@HAVE_DECL_SNPRINTF@
+_GL_FUNCDECL_SYS (snprintf, int,
+ (char *str, size_t size, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (3, 4)
+ _GL_ARG_NONNULL ((3)));
+# endif
+_GL_CXXALIAS_SYS (snprintf, int,
+ (char *str, size_t size, const char *format, ...));
+# endif
+_GL_CXXALIASWARN (snprintf);
+#elif defined GNULIB_POSIXCHECK
+# undef snprintf
+# if HAVE_RAW_DECL_SNPRINTF
+_GL_WARN_ON_USE (snprintf, "snprintf is unportable - "
+ "use gnulib module snprintf for portability");
+# endif
+#endif
+
+/* Some people would argue that sprintf should be handled like gets
+ (for example, OpenBSD issues a link warning for both functions),
+ since both can cause security holes due to buffer overruns.
+ However, we believe that sprintf can be used safely, and is more
+ efficient than snprintf in those safe cases; and as proof of our
+ belief, we use sprintf in several gnulib modules. So this header
+ intentionally avoids adding a warning to sprintf except when
+ GNULIB_POSIXCHECK is defined. */
+
+#if @GNULIB_SPRINTF_POSIX@
+# if @REPLACE_SPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define sprintf rpl_sprintf
+# endif
+_GL_FUNCDECL_RPL (sprintf, int, (char *str, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (sprintf, int, (char *str, const char *format, ...));
+# else
+_GL_CXXALIAS_SYS (sprintf, int, (char *str, const char *format, ...));
+# endif
+_GL_CXXALIASWARN (sprintf);
+#elif defined GNULIB_POSIXCHECK
+# undef sprintf
+/* Assume sprintf is always declared. */
+_GL_WARN_ON_USE (sprintf, "sprintf is not always POSIX compliant - "
+ "use gnulib module sprintf-posix for portable "
+ "POSIX compliance");
+#endif
+
+#if @GNULIB_TMPFILE@
+# if @REPLACE_TMPFILE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define tmpfile rpl_tmpfile
+# endif
+_GL_FUNCDECL_RPL (tmpfile, FILE *, (void));
+_GL_CXXALIAS_RPL (tmpfile, FILE *, (void));
+# else
+_GL_CXXALIAS_SYS (tmpfile, FILE *, (void));
+# endif
+_GL_CXXALIASWARN (tmpfile);
+#elif defined GNULIB_POSIXCHECK
+# undef tmpfile
+# if HAVE_RAW_DECL_TMPFILE
+_GL_WARN_ON_USE (tmpfile, "tmpfile is not usable on mingw - "
+ "use gnulib module tmpfile for portability");
+# endif
+#endif
+
+#if @GNULIB_VASPRINTF@
+/* Write formatted output to a string dynamically allocated with malloc().
+ If the memory allocation succeeds, store the address of the string in
+ *RESULT and return the number of resulting bytes, excluding the trailing
+ NUL. Upon memory allocation error, or some other error, return -1. */
+# if @REPLACE_VASPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define asprintf rpl_asprintf
+# endif
+_GL_FUNCDECL_RPL (asprintf, int,
+ (char **result, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (asprintf, int,
+ (char **result, const char *format, ...));
+# else
+# if !@HAVE_VASPRINTF@
+_GL_FUNCDECL_SYS (asprintf, int,
+ (char **result, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 3)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (asprintf, int,
+ (char **result, const char *format, ...));
+# endif
+_GL_CXXALIASWARN (asprintf);
+# if @REPLACE_VASPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define vasprintf rpl_vasprintf
+# endif
+_GL_FUNCDECL_RPL (vasprintf, int,
+ (char **result, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (vasprintf, int,
+ (char **result, const char *format, va_list args));
+# else
+# if !@HAVE_VASPRINTF@
+_GL_FUNCDECL_SYS (vasprintf, int,
+ (char **result, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (vasprintf, int,
+ (char **result, const char *format, va_list args));
+# endif
+_GL_CXXALIASWARN (vasprintf);
+#endif
+
+#if @GNULIB_VDPRINTF@
+# if @REPLACE_VDPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define vdprintf rpl_vdprintf
+# endif
+_GL_FUNCDECL_RPL (vdprintf, int, (int fd, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (vdprintf, int, (int fd, const char *format, va_list args));
+# else
+# if !@HAVE_VDPRINTF@
+_GL_FUNCDECL_SYS (vdprintf, int, (int fd, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((2)));
+# endif
+/* Need to cast, because on Solaris, the third parameter will likely be
+ __va_list args. */
+_GL_CXXALIAS_SYS_CAST (vdprintf, int,
+ (int fd, const char *format, va_list args));
+# endif
+_GL_CXXALIASWARN (vdprintf);
+#elif defined GNULIB_POSIXCHECK
+# undef vdprintf
+# if HAVE_RAW_DECL_VDPRINTF
+_GL_WARN_ON_USE (vdprintf, "vdprintf is unportable - "
+ "use gnulib module vdprintf for portability");
+# endif
+#endif
+
+#if @GNULIB_VFPRINTF_POSIX@ || @GNULIB_VFPRINTF@
+# if (@GNULIB_VFPRINTF_POSIX@ && @REPLACE_VFPRINTF@) \
+ || (@GNULIB_VFPRINTF@ && @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@)
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define vfprintf rpl_vfprintf
+# endif
+# define GNULIB_overrides_vfprintf 1
+_GL_FUNCDECL_RPL (vfprintf, int, (FILE *fp, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (vfprintf, int, (FILE *fp, const char *format, va_list args));
+# else
+/* Need to cast, because on Solaris, the third parameter is
+ __va_list args
+ and GCC's fixincludes did not change this to __gnuc_va_list. */
+_GL_CXXALIAS_SYS_CAST (vfprintf, int,
+ (FILE *fp, const char *format, va_list args));
+# endif
+_GL_CXXALIASWARN (vfprintf);
+#endif
+#if !@GNULIB_VFPRINTF_POSIX@ && defined GNULIB_POSIXCHECK
+# if !GNULIB_overrides_vfprintf
+# undef vfprintf
+# endif
+/* Assume vfprintf is always declared. */
+_GL_WARN_ON_USE (vfprintf, "vfprintf is not always POSIX compliant - "
+ "use gnulib module vfprintf-posix for portable "
+ "POSIX compliance");
+#endif
+
+#if @GNULIB_VPRINTF_POSIX@ || @GNULIB_VPRINTF@
+# if (@GNULIB_VPRINTF_POSIX@ && @REPLACE_VPRINTF@) \
+ || (@GNULIB_VPRINTF@ && @REPLACE_STDIO_WRITE_FUNCS@ && @GNULIB_STDIO_H_SIGPIPE@)
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define vprintf rpl_vprintf
+# endif
+# define GNULIB_overrides_vprintf 1
+_GL_FUNCDECL_RPL (vprintf, int, (const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (1, 0)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (vprintf, int, (const char *format, va_list args));
+# else
+/* Need to cast, because on Solaris, the second parameter is
+ __va_list args
+ and GCC's fixincludes did not change this to __gnuc_va_list. */
+_GL_CXXALIAS_SYS_CAST (vprintf, int, (const char *format, va_list args));
+# endif
+_GL_CXXALIASWARN (vprintf);
+#endif
+#if !@GNULIB_VPRINTF_POSIX@ && defined GNULIB_POSIXCHECK
+# if !GNULIB_overrides_vprintf
+# undef vprintf
+# endif
+/* Assume vprintf is always declared. */
+_GL_WARN_ON_USE (vprintf, "vprintf is not always POSIX compliant - "
+ "use gnulib module vprintf-posix for portable "
+ "POSIX compliance");
+#endif
+
+#if @GNULIB_VSNPRINTF@
+# if @REPLACE_VSNPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define vsnprintf rpl_vsnprintf
+# endif
+_GL_FUNCDECL_RPL (vsnprintf, int,
+ (char *str, size_t size, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (3, 0)
+ _GL_ARG_NONNULL ((3)));
+_GL_CXXALIAS_RPL (vsnprintf, int,
+ (char *str, size_t size, const char *format, va_list args));
+# else
+# if !@HAVE_DECL_VSNPRINTF@
+_GL_FUNCDECL_SYS (vsnprintf, int,
+ (char *str, size_t size, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (3, 0)
+ _GL_ARG_NONNULL ((3)));
+# endif
+_GL_CXXALIAS_SYS (vsnprintf, int,
+ (char *str, size_t size, const char *format, va_list args));
+# endif
+_GL_CXXALIASWARN (vsnprintf);
+#elif defined GNULIB_POSIXCHECK
+# undef vsnprintf
+# if HAVE_RAW_DECL_VSNPRINTF
+_GL_WARN_ON_USE (vsnprintf, "vsnprintf is unportable - "
+ "use gnulib module vsnprintf for portability");
+# endif
+#endif
+
+#if @GNULIB_VSPRINTF_POSIX@
+# if @REPLACE_VSPRINTF@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define vsprintf rpl_vsprintf
+# endif
+_GL_FUNCDECL_RPL (vsprintf, int,
+ (char *str, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT_PRINTF (2, 0)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (vsprintf, int,
+ (char *str, const char *format, va_list args));
+# else
+/* Need to cast, because on Solaris, the third parameter is
+ __va_list args
+ and GCC's fixincludes did not change this to __gnuc_va_list. */
+_GL_CXXALIAS_SYS_CAST (vsprintf, int,
+ (char *str, const char *format, va_list args));
+# endif
+_GL_CXXALIASWARN (vsprintf);
+#elif defined GNULIB_POSIXCHECK
+# undef vsprintf
+/* Assume vsprintf is always declared. */
+_GL_WARN_ON_USE (vsprintf, "vsprintf is not always POSIX compliant - "
+ "use gnulib module vsprintf-posix for portable "
+ "POSIX compliance");
+#endif
+
+
+#endif /* _GL_STDIO_H */
+#endif /* _GL_STDIO_H */
+#endif
--- /dev/null
+/* A GNU-like <stdlib.h>.
+
+ Copyright (C) 1995, 2001-2004, 2006-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+#if defined __need_malloc_and_calloc
+/* Special invocation convention inside glibc header files. */
+
+#@INCLUDE_NEXT@ @NEXT_STDLIB_H@
+
+#else
+/* Normal invocation convention. */
+
+#ifndef _GL_STDLIB_H
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_STDLIB_H@
+
+#ifndef _GL_STDLIB_H
+#define _GL_STDLIB_H
+
+/* NetBSD 5.0 mis-defines NULL. */
+#include <stddef.h>
+
+/* MirBSD 10 defines WEXITSTATUS in <sys/wait.h>, not in <stdlib.h>. */
+#if @GNULIB_SYSTEM_POSIX@ && !defined WEXITSTATUS
+# include <sys/wait.h>
+#endif
+
+/* Solaris declares getloadavg() in <sys/loadavg.h>. */
+#if (@GNULIB_GETLOADAVG@ || defined GNULIB_POSIXCHECK) && @HAVE_SYS_LOADAVG_H@
+# include <sys/loadavg.h>
+#endif
+
+#if @GNULIB_RANDOM_R@
+
+/* OSF/1 5.1 declares 'struct random_data' in <random.h>, which is included
+ from <stdlib.h> if _REENTRANT is defined. Include it whenever we need
+ 'struct random_data'. */
+# if @HAVE_RANDOM_H@
+# include <random.h>
+# endif
+
+# if !@HAVE_STRUCT_RANDOM_DATA@ || !@HAVE_RANDOM_R@
+# include <stdint.h>
+# endif
+
+# if !@HAVE_STRUCT_RANDOM_DATA@
+/* Define 'struct random_data'.
+ But allow multiple gnulib generated <stdlib.h> replacements to coexist. */
+# if !GNULIB_defined_struct_random_data
+struct random_data
+{
+ int32_t *fptr; /* Front pointer. */
+ int32_t *rptr; /* Rear pointer. */
+ int32_t *state; /* Array of state values. */
+ int rand_type; /* Type of random number generator. */
+ int rand_deg; /* Degree of random number generator. */
+ int rand_sep; /* Distance between front and rear. */
+ int32_t *end_ptr; /* Pointer behind state table. */
+};
+# define GNULIB_defined_struct_random_data 1
+# endif
+# endif
+#endif
+
+#if (@GNULIB_MKSTEMP@ || @GNULIB_GETSUBOPT@ || defined GNULIB_POSIXCHECK) && ! defined __GLIBC__ && !((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__)
+/* On MacOS X 10.3, only <unistd.h> declares mkstemp. */
+/* On Cygwin 1.7.1, only <unistd.h> declares getsubopt. */
+/* But avoid namespace pollution on glibc systems and native Windows. */
+# include <unistd.h>
+#endif
+
+#if 3 <= __GNUC__ || __GNUC__ == 2 && 8 <= __GNUC_MINOR__
+# define _GL_ATTRIBUTE_NORETURN __attribute__ ((__noreturn__))
+#else
+# define _GL_ATTRIBUTE_NORETURN
+#endif
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+
+/* Some systems do not define EXIT_*, despite otherwise supporting C89. */
+#ifndef EXIT_SUCCESS
+# define EXIT_SUCCESS 0
+#endif
+/* Tandem/NSK and other platforms that define EXIT_FAILURE as -1 interfere
+ with proper operation of xargs. */
+#ifndef EXIT_FAILURE
+# define EXIT_FAILURE 1
+#elif EXIT_FAILURE != 1
+# undef EXIT_FAILURE
+# define EXIT_FAILURE 1
+#endif
+
+
+#if @GNULIB__EXIT@
+/* Terminate the current process with the given return code, without running
+ the 'atexit' handlers. */
+# if !@HAVE__EXIT@
+_GL_FUNCDECL_SYS (_Exit, void, (int status) _GL_ATTRIBUTE_NORETURN);
+# endif
+_GL_CXXALIAS_SYS (_Exit, void, (int status));
+_GL_CXXALIASWARN (_Exit);
+#elif defined GNULIB_POSIXCHECK
+# undef _Exit
+# if HAVE_RAW_DECL__EXIT
+_GL_WARN_ON_USE (_Exit, "_Exit is unportable - "
+ "use gnulib module _Exit for portability");
+# endif
+#endif
+
+
+#if @GNULIB_ATOLL@
+/* Parse a signed decimal integer.
+ Returns the value of the integer. Errors are not detected. */
+# if !@HAVE_ATOLL@
+_GL_FUNCDECL_SYS (atoll, long long, (const char *string) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (atoll, long long, (const char *string));
+_GL_CXXALIASWARN (atoll);
+#elif defined GNULIB_POSIXCHECK
+# undef atoll
+# if HAVE_RAW_DECL_ATOLL
+_GL_WARN_ON_USE (atoll, "atoll is unportable - "
+ "use gnulib module atoll for portability");
+# endif
+#endif
+
+#if @GNULIB_CALLOC_POSIX@
+# if @REPLACE_CALLOC@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef calloc
+# define calloc rpl_calloc
+# endif
+_GL_FUNCDECL_RPL (calloc, void *, (size_t nmemb, size_t size));
+_GL_CXXALIAS_RPL (calloc, void *, (size_t nmemb, size_t size));
+# else
+_GL_CXXALIAS_SYS (calloc, void *, (size_t nmemb, size_t size));
+# endif
+_GL_CXXALIASWARN (calloc);
+#elif defined GNULIB_POSIXCHECK
+# undef calloc
+/* Assume calloc is always declared. */
+_GL_WARN_ON_USE (calloc, "calloc is not POSIX compliant everywhere - "
+ "use gnulib module calloc-posix for portability");
+#endif
+
+#if @GNULIB_CANONICALIZE_FILE_NAME@
+# if @REPLACE_CANONICALIZE_FILE_NAME@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define canonicalize_file_name rpl_canonicalize_file_name
+# endif
+_GL_FUNCDECL_RPL (canonicalize_file_name, char *, (const char *name)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (canonicalize_file_name, char *, (const char *name));
+# else
+# if !@HAVE_CANONICALIZE_FILE_NAME@
+_GL_FUNCDECL_SYS (canonicalize_file_name, char *, (const char *name)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (canonicalize_file_name, char *, (const char *name));
+# endif
+_GL_CXXALIASWARN (canonicalize_file_name);
+#elif defined GNULIB_POSIXCHECK
+# undef canonicalize_file_name
+# if HAVE_RAW_DECL_CANONICALIZE_FILE_NAME
+_GL_WARN_ON_USE (canonicalize_file_name,
+ "canonicalize_file_name is unportable - "
+ "use gnulib module canonicalize-lgpl for portability");
+# endif
+#endif
+
+#if @GNULIB_GETLOADAVG@
+/* Store max(NELEM,3) load average numbers in LOADAVG[].
+ The three numbers are the load average of the last 1 minute, the last 5
+ minutes, and the last 15 minutes, respectively.
+ LOADAVG is an array of NELEM numbers. */
+# if !@HAVE_DECL_GETLOADAVG@
+_GL_FUNCDECL_SYS (getloadavg, int, (double loadavg[], int nelem)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (getloadavg, int, (double loadavg[], int nelem));
+_GL_CXXALIASWARN (getloadavg);
+#elif defined GNULIB_POSIXCHECK
+# undef getloadavg
+# if HAVE_RAW_DECL_GETLOADAVG
+_GL_WARN_ON_USE (getloadavg, "getloadavg is not portable - "
+ "use gnulib module getloadavg for portability");
+# endif
+#endif
+
+#if @GNULIB_GETSUBOPT@
+/* Assuming *OPTIONP is a comma separated list of elements of the form
+ "token" or "token=value", getsubopt parses the first of these elements.
+ If the first element refers to a "token" that is member of the given
+ NULL-terminated array of tokens:
+ - It replaces the comma with a NUL byte, updates *OPTIONP to point past
+ the first option and the comma, sets *VALUEP to the value of the
+ element (or NULL if it doesn't contain an "=" sign),
+ - It returns the index of the "token" in the given array of tokens.
+ Otherwise it returns -1, and *OPTIONP and *VALUEP are undefined.
+ For more details see the POSIX:2001 specification.
+ http://www.opengroup.org/susv3xsh/getsubopt.html */
+# if !@HAVE_GETSUBOPT@
+_GL_FUNCDECL_SYS (getsubopt, int,
+ (char **optionp, char *const *tokens, char **valuep)
+ _GL_ARG_NONNULL ((1, 2, 3)));
+# endif
+_GL_CXXALIAS_SYS (getsubopt, int,
+ (char **optionp, char *const *tokens, char **valuep));
+_GL_CXXALIASWARN (getsubopt);
+#elif defined GNULIB_POSIXCHECK
+# undef getsubopt
+# if HAVE_RAW_DECL_GETSUBOPT
+_GL_WARN_ON_USE (getsubopt, "getsubopt is unportable - "
+ "use gnulib module getsubopt for portability");
+# endif
+#endif
+
+#if @GNULIB_GRANTPT@
+/* Change the ownership and access permission of the slave side of the
+ pseudo-terminal whose master side is specified by FD. */
+# if !@HAVE_GRANTPT@
+_GL_FUNCDECL_SYS (grantpt, int, (int fd));
+# endif
+_GL_CXXALIAS_SYS (grantpt, int, (int fd));
+_GL_CXXALIASWARN (grantpt);
+#elif defined GNULIB_POSIXCHECK
+# undef grantpt
+# if HAVE_RAW_DECL_GRANTPT
+_GL_WARN_ON_USE (ptsname, "grantpt is not portable - "
+ "use gnulib module grantpt for portability");
+# endif
+#endif
+
+#if @GNULIB_MALLOC_POSIX@
+# if @REPLACE_MALLOC@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef malloc
+# define malloc rpl_malloc
+# endif
+_GL_FUNCDECL_RPL (malloc, void *, (size_t size));
+_GL_CXXALIAS_RPL (malloc, void *, (size_t size));
+# else
+_GL_CXXALIAS_SYS (malloc, void *, (size_t size));
+# endif
+_GL_CXXALIASWARN (malloc);
+#elif defined GNULIB_POSIXCHECK
+# undef malloc
+/* Assume malloc is always declared. */
+_GL_WARN_ON_USE (malloc, "malloc is not POSIX compliant everywhere - "
+ "use gnulib module malloc-posix for portability");
+#endif
+
+#if @GNULIB_MKDTEMP@
+/* Create a unique temporary directory from TEMPLATE.
+ The last six characters of TEMPLATE must be "XXXXXX";
+ they are replaced with a string that makes the directory name unique.
+ Returns TEMPLATE, or a null pointer if it cannot get a unique name.
+ The directory is created mode 700. */
+# if !@HAVE_MKDTEMP@
+_GL_FUNCDECL_SYS (mkdtemp, char *, (char * /*template*/) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (mkdtemp, char *, (char * /*template*/));
+_GL_CXXALIASWARN (mkdtemp);
+#elif defined GNULIB_POSIXCHECK
+# undef mkdtemp
+# if HAVE_RAW_DECL_MKDTEMP
+_GL_WARN_ON_USE (mkdtemp, "mkdtemp is unportable - "
+ "use gnulib module mkdtemp for portability");
+# endif
+#endif
+
+#if @GNULIB_MKOSTEMP@
+/* Create a unique temporary file from TEMPLATE.
+ The last six characters of TEMPLATE must be "XXXXXX";
+ they are replaced with a string that makes the file name unique.
+ The flags are a bitmask, possibly including O_CLOEXEC (defined in <fcntl.h>)
+ and O_TEXT, O_BINARY (defined in "binary-io.h").
+ The file is then created, with the specified flags, ensuring it didn't exist
+ before.
+ The file is created read-write (mask at least 0600 & ~umask), but it may be
+ world-readable and world-writable (mask 0666 & ~umask), depending on the
+ implementation.
+ Returns the open file descriptor if successful, otherwise -1 and errno
+ set. */
+# if !@HAVE_MKOSTEMP@
+_GL_FUNCDECL_SYS (mkostemp, int, (char * /*template*/, int /*flags*/)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (mkostemp, int, (char * /*template*/, int /*flags*/));
+_GL_CXXALIASWARN (mkostemp);
+#elif defined GNULIB_POSIXCHECK
+# undef mkostemp
+# if HAVE_RAW_DECL_MKOSTEMP
+_GL_WARN_ON_USE (mkostemp, "mkostemp is unportable - "
+ "use gnulib module mkostemp for portability");
+# endif
+#endif
+
+#if @GNULIB_MKOSTEMPS@
+/* Create a unique temporary file from TEMPLATE.
+ The last six characters of TEMPLATE before a suffix of length
+ SUFFIXLEN must be "XXXXXX";
+ they are replaced with a string that makes the file name unique.
+ The flags are a bitmask, possibly including O_CLOEXEC (defined in <fcntl.h>)
+ and O_TEXT, O_BINARY (defined in "binary-io.h").
+ The file is then created, with the specified flags, ensuring it didn't exist
+ before.
+ The file is created read-write (mask at least 0600 & ~umask), but it may be
+ world-readable and world-writable (mask 0666 & ~umask), depending on the
+ implementation.
+ Returns the open file descriptor if successful, otherwise -1 and errno
+ set. */
+# if !@HAVE_MKOSTEMPS@
+_GL_FUNCDECL_SYS (mkostemps, int,
+ (char * /*template*/, int /*suffixlen*/, int /*flags*/)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (mkostemps, int,
+ (char * /*template*/, int /*suffixlen*/, int /*flags*/));
+_GL_CXXALIASWARN (mkostemps);
+#elif defined GNULIB_POSIXCHECK
+# undef mkostemps
+# if HAVE_RAW_DECL_MKOSTEMPS
+_GL_WARN_ON_USE (mkostemps, "mkostemps is unportable - "
+ "use gnulib module mkostemps for portability");
+# endif
+#endif
+
+#if @GNULIB_MKSTEMP@
+/* Create a unique temporary file from TEMPLATE.
+ The last six characters of TEMPLATE must be "XXXXXX";
+ they are replaced with a string that makes the file name unique.
+ The file is then created, ensuring it didn't exist before.
+ The file is created read-write (mask at least 0600 & ~umask), but it may be
+ world-readable and world-writable (mask 0666 & ~umask), depending on the
+ implementation.
+ Returns the open file descriptor if successful, otherwise -1 and errno
+ set. */
+# if @REPLACE_MKSTEMP@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define mkstemp rpl_mkstemp
+# endif
+_GL_FUNCDECL_RPL (mkstemp, int, (char * /*template*/) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mkstemp, int, (char * /*template*/));
+# else
+# if ! @HAVE_MKSTEMP@
+_GL_FUNCDECL_SYS (mkstemp, int, (char * /*template*/) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (mkstemp, int, (char * /*template*/));
+# endif
+_GL_CXXALIASWARN (mkstemp);
+#elif defined GNULIB_POSIXCHECK
+# undef mkstemp
+# if HAVE_RAW_DECL_MKSTEMP
+_GL_WARN_ON_USE (mkstemp, "mkstemp is unportable - "
+ "use gnulib module mkstemp for portability");
+# endif
+#endif
+
+#if @GNULIB_MKSTEMPS@
+/* Create a unique temporary file from TEMPLATE.
+ The last six characters of TEMPLATE prior to a suffix of length
+ SUFFIXLEN must be "XXXXXX";
+ they are replaced with a string that makes the file name unique.
+ The file is then created, ensuring it didn't exist before.
+ The file is created read-write (mask at least 0600 & ~umask), but it may be
+ world-readable and world-writable (mask 0666 & ~umask), depending on the
+ implementation.
+ Returns the open file descriptor if successful, otherwise -1 and errno
+ set. */
+# if !@HAVE_MKSTEMPS@
+_GL_FUNCDECL_SYS (mkstemps, int, (char * /*template*/, int /*suffixlen*/)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (mkstemps, int, (char * /*template*/, int /*suffixlen*/));
+_GL_CXXALIASWARN (mkstemps);
+#elif defined GNULIB_POSIXCHECK
+# undef mkstemps
+# if HAVE_RAW_DECL_MKSTEMPS
+_GL_WARN_ON_USE (mkstemps, "mkstemps is unportable - "
+ "use gnulib module mkstemps for portability");
+# endif
+#endif
+
+#if @GNULIB_PTSNAME@
+/* Return the pathname of the pseudo-terminal slave associated with
+ the master FD is open on, or NULL on errors. */
+# if !@HAVE_PTSNAME@
+_GL_FUNCDECL_SYS (ptsname, char *, (int fd));
+# endif
+_GL_CXXALIAS_SYS (ptsname, char *, (int fd));
+_GL_CXXALIASWARN (ptsname);
+#elif defined GNULIB_POSIXCHECK
+# undef ptsname
+# if HAVE_RAW_DECL_PTSNAME
+_GL_WARN_ON_USE (ptsname, "ptsname is not portable - "
+ "use gnulib module ptsname for portability");
+# endif
+#endif
+
+#if @GNULIB_PUTENV@
+# if @REPLACE_PUTENV@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef putenv
+# define putenv rpl_putenv
+# endif
+_GL_FUNCDECL_RPL (putenv, int, (char *string) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (putenv, int, (char *string));
+# else
+_GL_CXXALIAS_SYS (putenv, int, (char *string));
+# endif
+_GL_CXXALIASWARN (putenv);
+#endif
+
+
+#if @GNULIB_RANDOM_R@
+# if !@HAVE_RANDOM_R@
+# ifndef RAND_MAX
+# define RAND_MAX 2147483647
+# endif
+# endif
+#endif
+
+#if @GNULIB_RANDOM_R@
+# if !@HAVE_RANDOM_R@
+_GL_FUNCDECL_SYS (random_r, int, (struct random_data *buf, int32_t *result)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (random_r, int, (struct random_data *buf, int32_t *result));
+_GL_CXXALIASWARN (random_r);
+#elif defined GNULIB_POSIXCHECK
+# undef random_r
+# if HAVE_RAW_DECL_RANDOM_R
+_GL_WARN_ON_USE (random_r, "random_r is unportable - "
+ "use gnulib module random_r for portability");
+# endif
+#endif
+
+#if @GNULIB_RANDOM_R@
+# if !@HAVE_RANDOM_R@
+_GL_FUNCDECL_SYS (srandom_r, int,
+ (unsigned int seed, struct random_data *rand_state)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (srandom_r, int,
+ (unsigned int seed, struct random_data *rand_state));
+_GL_CXXALIASWARN (srandom_r);
+#elif defined GNULIB_POSIXCHECK
+# undef srandom_r
+# if HAVE_RAW_DECL_SRANDOM_R
+_GL_WARN_ON_USE (srandom_r, "srandom_r is unportable - "
+ "use gnulib module random_r for portability");
+# endif
+#endif
+
+#if @GNULIB_RANDOM_R@
+# if !@HAVE_RANDOM_R@
+_GL_FUNCDECL_SYS (initstate_r, int,
+ (unsigned int seed, char *buf, size_t buf_size,
+ struct random_data *rand_state)
+ _GL_ARG_NONNULL ((2, 4)));
+# endif
+_GL_CXXALIAS_SYS (initstate_r, int,
+ (unsigned int seed, char *buf, size_t buf_size,
+ struct random_data *rand_state));
+_GL_CXXALIASWARN (initstate_r);
+#elif defined GNULIB_POSIXCHECK
+# undef initstate_r
+# if HAVE_RAW_DECL_INITSTATE_R
+_GL_WARN_ON_USE (initstate_r, "initstate_r is unportable - "
+ "use gnulib module random_r for portability");
+# endif
+#endif
+
+#if @GNULIB_RANDOM_R@
+# if !@HAVE_RANDOM_R@
+_GL_FUNCDECL_SYS (setstate_r, int,
+ (char *arg_state, struct random_data *rand_state)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (setstate_r, int,
+ (char *arg_state, struct random_data *rand_state));
+_GL_CXXALIASWARN (setstate_r);
+#elif defined GNULIB_POSIXCHECK
+# undef setstate_r
+# if HAVE_RAW_DECL_SETSTATE_R
+_GL_WARN_ON_USE (setstate_r, "setstate_r is unportable - "
+ "use gnulib module random_r for portability");
+# endif
+#endif
+
+
+#if @GNULIB_REALLOC_POSIX@
+# if @REPLACE_REALLOC@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef realloc
+# define realloc rpl_realloc
+# endif
+_GL_FUNCDECL_RPL (realloc, void *, (void *ptr, size_t size));
+_GL_CXXALIAS_RPL (realloc, void *, (void *ptr, size_t size));
+# else
+_GL_CXXALIAS_SYS (realloc, void *, (void *ptr, size_t size));
+# endif
+_GL_CXXALIASWARN (realloc);
+#elif defined GNULIB_POSIXCHECK
+# undef realloc
+/* Assume realloc is always declared. */
+_GL_WARN_ON_USE (realloc, "realloc is not POSIX compliant everywhere - "
+ "use gnulib module realloc-posix for portability");
+#endif
+
+#if @GNULIB_REALPATH@
+# if @REPLACE_REALPATH@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define realpath rpl_realpath
+# endif
+_GL_FUNCDECL_RPL (realpath, char *, (const char *name, char *resolved)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (realpath, char *, (const char *name, char *resolved));
+# else
+# if !@HAVE_REALPATH@
+_GL_FUNCDECL_SYS (realpath, char *, (const char *name, char *resolved)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (realpath, char *, (const char *name, char *resolved));
+# endif
+_GL_CXXALIASWARN (realpath);
+#elif defined GNULIB_POSIXCHECK
+# undef realpath
+# if HAVE_RAW_DECL_REALPATH
+_GL_WARN_ON_USE (realpath, "realpath is unportable - use gnulib module "
+ "canonicalize or canonicalize-lgpl for portability");
+# endif
+#endif
+
+#if @GNULIB_RPMATCH@
+/* Test a user response to a question.
+ Return 1 if it is affirmative, 0 if it is negative, or -1 if not clear. */
+# if !@HAVE_RPMATCH@
+_GL_FUNCDECL_SYS (rpmatch, int, (const char *response) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (rpmatch, int, (const char *response));
+_GL_CXXALIASWARN (rpmatch);
+#elif defined GNULIB_POSIXCHECK
+# undef rpmatch
+# if HAVE_RAW_DECL_RPMATCH
+_GL_WARN_ON_USE (rpmatch, "rpmatch is unportable - "
+ "use gnulib module rpmatch for portability");
+# endif
+#endif
+
+#if @GNULIB_SETENV@
+/* Set NAME to VALUE in the environment.
+ If REPLACE is nonzero, overwrite an existing value. */
+# if @REPLACE_SETENV@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef setenv
+# define setenv rpl_setenv
+# endif
+_GL_FUNCDECL_RPL (setenv, int,
+ (const char *name, const char *value, int replace)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (setenv, int,
+ (const char *name, const char *value, int replace));
+# else
+# if !@HAVE_DECL_SETENV@
+_GL_FUNCDECL_SYS (setenv, int,
+ (const char *name, const char *value, int replace)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (setenv, int,
+ (const char *name, const char *value, int replace));
+# endif
+# if !(@REPLACE_SETENV@ && !@HAVE_DECL_SETENV@)
+_GL_CXXALIASWARN (setenv);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef setenv
+# if HAVE_RAW_DECL_SETENV
+_GL_WARN_ON_USE (setenv, "setenv is unportable - "
+ "use gnulib module setenv for portability");
+# endif
+#endif
+
+#if @GNULIB_STRTOD@
+ /* Parse a double from STRING, updating ENDP if appropriate. */
+# if @REPLACE_STRTOD@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define strtod rpl_strtod
+# endif
+_GL_FUNCDECL_RPL (strtod, double, (const char *str, char **endp)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (strtod, double, (const char *str, char **endp));
+# else
+# if !@HAVE_STRTOD@
+_GL_FUNCDECL_SYS (strtod, double, (const char *str, char **endp)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (strtod, double, (const char *str, char **endp));
+# endif
+_GL_CXXALIASWARN (strtod);
+#elif defined GNULIB_POSIXCHECK
+# undef strtod
+# if HAVE_RAW_DECL_STRTOD
+_GL_WARN_ON_USE (strtod, "strtod is unportable - "
+ "use gnulib module strtod for portability");
+# endif
+#endif
+
+#if @GNULIB_STRTOLL@
+/* Parse a signed integer whose textual representation starts at STRING.
+ The integer is expected to be in base BASE (2 <= BASE <= 36); if BASE == 0,
+ it may be decimal or octal (with prefix "0") or hexadecimal (with prefix
+ "0x").
+ If ENDPTR is not NULL, the address of the first byte after the integer is
+ stored in *ENDPTR.
+ Upon overflow, the return value is LLONG_MAX or LLONG_MIN, and errno is set
+ to ERANGE. */
+# if !@HAVE_STRTOLL@
+_GL_FUNCDECL_SYS (strtoll, long long,
+ (const char *string, char **endptr, int base)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (strtoll, long long,
+ (const char *string, char **endptr, int base));
+_GL_CXXALIASWARN (strtoll);
+#elif defined GNULIB_POSIXCHECK
+# undef strtoll
+# if HAVE_RAW_DECL_STRTOLL
+_GL_WARN_ON_USE (strtoll, "strtoll is unportable - "
+ "use gnulib module strtoll for portability");
+# endif
+#endif
+
+#if @GNULIB_STRTOULL@
+/* Parse an unsigned integer whose textual representation starts at STRING.
+ The integer is expected to be in base BASE (2 <= BASE <= 36); if BASE == 0,
+ it may be decimal or octal (with prefix "0") or hexadecimal (with prefix
+ "0x").
+ If ENDPTR is not NULL, the address of the first byte after the integer is
+ stored in *ENDPTR.
+ Upon overflow, the return value is ULLONG_MAX, and errno is set to
+ ERANGE. */
+# if !@HAVE_STRTOULL@
+_GL_FUNCDECL_SYS (strtoull, unsigned long long,
+ (const char *string, char **endptr, int base)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (strtoull, unsigned long long,
+ (const char *string, char **endptr, int base));
+_GL_CXXALIASWARN (strtoull);
+#elif defined GNULIB_POSIXCHECK
+# undef strtoull
+# if HAVE_RAW_DECL_STRTOULL
+_GL_WARN_ON_USE (strtoull, "strtoull is unportable - "
+ "use gnulib module strtoull for portability");
+# endif
+#endif
+
+#if @GNULIB_UNLOCKPT@
+/* Unlock the slave side of the pseudo-terminal whose master side is specified
+ by FD, so that it can be opened. */
+# if !@HAVE_UNLOCKPT@
+_GL_FUNCDECL_SYS (unlockpt, int, (int fd));
+# endif
+_GL_CXXALIAS_SYS (unlockpt, int, (int fd));
+_GL_CXXALIASWARN (unlockpt);
+#elif defined GNULIB_POSIXCHECK
+# undef unlockpt
+# if HAVE_RAW_DECL_UNLOCKPT
+_GL_WARN_ON_USE (unlockpt, "unlockpt is not portable - "
+ "use gnulib module unlockpt for portability");
+# endif
+#endif
+
+#if @GNULIB_UNSETENV@
+/* Remove the variable NAME from the environment. */
+# if @REPLACE_UNSETENV@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef unsetenv
+# define unsetenv rpl_unsetenv
+# endif
+_GL_FUNCDECL_RPL (unsetenv, int, (const char *name) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (unsetenv, int, (const char *name));
+# else
+# if !@HAVE_DECL_UNSETENV@
+_GL_FUNCDECL_SYS (unsetenv, int, (const char *name) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (unsetenv, int, (const char *name));
+# endif
+# if !(@REPLACE_UNSETENV@ && !@HAVE_DECL_UNSETENV@)
+_GL_CXXALIASWARN (unsetenv);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef unsetenv
+# if HAVE_RAW_DECL_UNSETENV
+_GL_WARN_ON_USE (unsetenv, "unsetenv is unportable - "
+ "use gnulib module unsetenv for portability");
+# endif
+#endif
+
+
+#endif /* _GL_STDLIB_H */
+#endif /* _GL_STDLIB_H */
+#endif
--- /dev/null
+/* Byte-wise substring search, using the Two-Way algorithm.
+ Copyright (C) 2008-2011 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+ Written by Eric Blake <ebb9@byu.net>, 2008.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* Before including this file, you need to include <config.h> and
+ <string.h>, and define:
+ RESULT_TYPE A macro that expands to the return type.
+ AVAILABLE(h, h_l, j, n_l)
+ A macro that returns nonzero if there are
+ at least N_L bytes left starting at H[J].
+ H is 'unsigned char *', H_L, J, and N_L
+ are 'size_t'; H_L is an lvalue. For
+ NUL-terminated searches, H_L can be
+ modified each iteration to avoid having
+ to compute the end of H up front.
+
+ For case-insensitivity, you may optionally define:
+ CMP_FUNC(p1, p2, l) A macro that returns 0 iff the first L
+ characters of P1 and P2 are equal.
+ CANON_ELEMENT(c) A macro that canonicalizes an element right after
+ it has been fetched from one of the two strings.
+ The argument is an 'unsigned char'; the result
+ must be an 'unsigned char' as well.
+
+ This file undefines the macros documented above, and defines
+ LONG_NEEDLE_THRESHOLD.
+*/
+
+#include <limits.h>
+#include <stdint.h>
+
+/* We use the Two-Way string matching algorithm, which guarantees
+ linear complexity with constant space. Additionally, for long
+ needles, we also use a bad character shift table similar to the
+ Boyer-Moore algorithm to achieve improved (potentially sub-linear)
+ performance.
+
+ See http://www-igm.univ-mlv.fr/~lecroq/string/node26.html#SECTION00260
+ and http://en.wikipedia.org/wiki/Boyer-Moore_string_search_algorithm
+*/
+
+/* Point at which computing a bad-byte shift table is likely to be
+ worthwhile. Small needles should not compute a table, since it
+ adds (1 << CHAR_BIT) + NEEDLE_LEN computations of preparation for a
+ speedup no greater than a factor of NEEDLE_LEN. The larger the
+ needle, the better the potential performance gain. On the other
+ hand, on non-POSIX systems with CHAR_BIT larger than eight, the
+ memory required for the table is prohibitive. */
+#if CHAR_BIT < 10
+# define LONG_NEEDLE_THRESHOLD 32U
+#else
+# define LONG_NEEDLE_THRESHOLD SIZE_MAX
+#endif
+
+#ifndef MAX
+# define MAX(a, b) ((a < b) ? (b) : (a))
+#endif
+
+#ifndef CANON_ELEMENT
+# define CANON_ELEMENT(c) c
+#endif
+#ifndef CMP_FUNC
+# define CMP_FUNC memcmp
+#endif
+
+/* Perform a critical factorization of NEEDLE, of length NEEDLE_LEN.
+ Return the index of the first byte in the right half, and set
+ *PERIOD to the global period of the right half.
+
+ The global period of a string is the smallest index (possibly its
+ length) at which all remaining bytes in the string are repetitions
+ of the prefix (the last repetition may be a subset of the prefix).
+
+ When NEEDLE is factored into two halves, a local period is the
+ length of the smallest word that shares a suffix with the left half
+ and shares a prefix with the right half. All factorizations of a
+ non-empty NEEDLE have a local period of at least 1 and no greater
+ than NEEDLE_LEN.
+
+ A critical factorization has the property that the local period
+ equals the global period. All strings have at least one critical
+ factorization with the left half smaller than the global period.
+ And while some strings have more than one critical factorization,
+ it is provable that with an ordered alphabet, at least one of the
+ critical factorizations corresponds to a maximal suffix.
+
+ Given an ordered alphabet, a critical factorization can be computed
+ in linear time, with 2 * NEEDLE_LEN comparisons, by computing the
+ shorter of two ordered maximal suffixes. The ordered maximal
+ suffixes are determined by lexicographic comparison while tracking
+ periodicity. */
+static size_t
+critical_factorization (const unsigned char *needle, size_t needle_len,
+ size_t *period)
+{
+ /* Index of last byte of left half. */
+ size_t max_suffix, max_suffix_rev;
+ size_t j; /* Index into NEEDLE for current candidate suffix. */
+ size_t k; /* Offset into current period. */
+ size_t p; /* Intermediate period. */
+ unsigned char a, b; /* Current comparison bytes. */
+
+ /* Special case NEEDLE_LEN of 1 or 2 (all callers already filtered
+ out 0-length needles. */
+ if (needle_len < 3)
+ {
+ *period = 1;
+ return needle_len - 1;
+ }
+
+ /* Invariants:
+ 1 <= j < NEEDLE_LEN - 1
+ 0 <= max_suffix{,_rev} < j
+ min(max_suffix, max_suffix_rev) < global period of NEEDLE
+ 1 <= p <= global period of NEEDLE
+ p == global period of the substring NEEDLE[max_suffix{,_rev}+1...j]
+ 1 <= k <= p
+ */
+
+ /* Perform lexicographic search. */
+ max_suffix = 0;
+ j = k = p = 1;
+ while (j + k < needle_len)
+ {
+ a = CANON_ELEMENT (needle[j + k]);
+ b = CANON_ELEMENT (needle[max_suffix + k]);
+ if (a < b)
+ {
+ /* Suffix is smaller, period is entire prefix so far. */
+ j += k;
+ k = 1;
+ p = j - max_suffix;
+ }
+ else if (a == b)
+ {
+ /* Advance through repetition of the current period. */
+ if (k != p)
+ ++k;
+ else
+ {
+ j += p;
+ k = 1;
+ }
+ }
+ else /* b < a */
+ {
+ /* Suffix is larger, start over from current location. */
+ max_suffix = j++;
+ k = p = 1;
+ }
+ }
+ *period = p;
+
+ /* Perform reverse lexicographic search. */
+ max_suffix_rev = 0;
+ j = k = p = 1;
+ while (j + k < needle_len)
+ {
+ a = CANON_ELEMENT (needle[j + k]);
+ b = CANON_ELEMENT (needle[max_suffix_rev + k]);
+ if (b < a)
+ {
+ /* Suffix is smaller, period is entire prefix so far. */
+ j += k;
+ k = 1;
+ p = j - max_suffix_rev;
+ }
+ else if (a == b)
+ {
+ /* Advance through repetition of the current period. */
+ if (k != p)
+ ++k;
+ else
+ {
+ j += p;
+ k = 1;
+ }
+ }
+ else /* a < b */
+ {
+ /* Suffix is larger, start over from current location. */
+ max_suffix_rev = j++;
+ k = p = 1;
+ }
+ }
+
+ /* Choose the shorter suffix. Return the index of the first byte of
+ the right half, rather than the last byte of the left half.
+
+ For some examples, 'banana' has two critical factorizations, both
+ exposed by the two lexicographic extreme suffixes of 'anana' and
+ 'nana', where both suffixes have a period of 2. On the other
+ hand, with 'aab' and 'bba', both strings have a single critical
+ factorization of the last byte, with the suffix having a period
+ of 1. While the maximal lexicographic suffix of 'aab' is 'b',
+ the maximal lexicographic suffix of 'bba' is 'ba', which is not a
+ critical factorization. Conversely, the maximal reverse
+ lexicographic suffix of 'a' works for 'bba', but not 'ab' for
+ 'aab'. The shorter suffix of the two will always be a critical
+ factorization. */
+ if (max_suffix_rev + 1 < max_suffix + 1)
+ return max_suffix + 1;
+ *period = p;
+ return max_suffix_rev + 1;
+}
+
+/* Return the first location of non-empty NEEDLE within HAYSTACK, or
+ NULL. HAYSTACK_LEN is the minimum known length of HAYSTACK. This
+ method is optimized for NEEDLE_LEN < LONG_NEEDLE_THRESHOLD.
+ Performance is guaranteed to be linear, with an initialization cost
+ of 2 * NEEDLE_LEN comparisons.
+
+ If AVAILABLE does not modify HAYSTACK_LEN (as in memmem), then at
+ most 2 * HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching.
+ If AVAILABLE modifies HAYSTACK_LEN (as in strstr), then at most 3 *
+ HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching. */
+static RETURN_TYPE
+two_way_short_needle (const unsigned char *haystack, size_t haystack_len,
+ const unsigned char *needle, size_t needle_len)
+{
+ size_t i; /* Index into current byte of NEEDLE. */
+ size_t j; /* Index into current window of HAYSTACK. */
+ size_t period; /* The period of the right half of needle. */
+ size_t suffix; /* The index of the right half of needle. */
+
+ /* Factor the needle into two halves, such that the left half is
+ smaller than the global period, and the right half is
+ periodic (with a period as large as NEEDLE_LEN - suffix). */
+ suffix = critical_factorization (needle, needle_len, &period);
+
+ /* Perform the search. Each iteration compares the right half
+ first. */
+ if (CMP_FUNC (needle, needle + period, suffix) == 0)
+ {
+ /* Entire needle is periodic; a mismatch in the left half can
+ only advance by the period, so use memory to avoid rescanning
+ known occurrences of the period in the right half. */
+ size_t memory = 0;
+ j = 0;
+ while (AVAILABLE (haystack, haystack_len, j, needle_len))
+ {
+ /* Scan for matches in right half. */
+ i = MAX (suffix, memory);
+ while (i < needle_len && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ ++i;
+ if (needle_len <= i)
+ {
+ /* Scan for matches in left half. */
+ i = suffix - 1;
+ while (memory < i + 1 && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ --i;
+ if (i + 1 < memory + 1)
+ return (RETURN_TYPE) (haystack + j);
+ /* No match, so remember how many repetitions of period
+ on the right half were scanned. */
+ j += period;
+ memory = needle_len - period;
+ }
+ else
+ {
+ j += i - suffix + 1;
+ memory = 0;
+ }
+ }
+ }
+ else
+ {
+ /* The two halves of needle are distinct; no extra memory is
+ required, and any mismatch results in a maximal shift. */
+ period = MAX (suffix, needle_len - suffix) + 1;
+ j = 0;
+ while (AVAILABLE (haystack, haystack_len, j, needle_len))
+ {
+ /* Scan for matches in right half. */
+ i = suffix;
+ while (i < needle_len && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ ++i;
+ if (needle_len <= i)
+ {
+ /* Scan for matches in left half. */
+ i = suffix - 1;
+ while (i != SIZE_MAX && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ --i;
+ if (i == SIZE_MAX)
+ return (RETURN_TYPE) (haystack + j);
+ j += period;
+ }
+ else
+ j += i - suffix + 1;
+ }
+ }
+ return NULL;
+}
+
+/* Return the first location of non-empty NEEDLE within HAYSTACK, or
+ NULL. HAYSTACK_LEN is the minimum known length of HAYSTACK. This
+ method is optimized for LONG_NEEDLE_THRESHOLD <= NEEDLE_LEN.
+ Performance is guaranteed to be linear, with an initialization cost
+ of 3 * NEEDLE_LEN + (1 << CHAR_BIT) operations.
+
+ If AVAILABLE does not modify HAYSTACK_LEN (as in memmem), then at
+ most 2 * HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching,
+ and sublinear performance O(HAYSTACK_LEN / NEEDLE_LEN) is possible.
+ If AVAILABLE modifies HAYSTACK_LEN (as in strstr), then at most 3 *
+ HAYSTACK_LEN - NEEDLE_LEN comparisons occur in searching, and
+ sublinear performance is not possible. */
+static RETURN_TYPE
+two_way_long_needle (const unsigned char *haystack, size_t haystack_len,
+ const unsigned char *needle, size_t needle_len)
+{
+ size_t i; /* Index into current byte of NEEDLE. */
+ size_t j; /* Index into current window of HAYSTACK. */
+ size_t period; /* The period of the right half of needle. */
+ size_t suffix; /* The index of the right half of needle. */
+ size_t shift_table[1U << CHAR_BIT]; /* See below. */
+
+ /* Factor the needle into two halves, such that the left half is
+ smaller than the global period, and the right half is
+ periodic (with a period as large as NEEDLE_LEN - suffix). */
+ suffix = critical_factorization (needle, needle_len, &period);
+
+ /* Populate shift_table. For each possible byte value c,
+ shift_table[c] is the distance from the last occurrence of c to
+ the end of NEEDLE, or NEEDLE_LEN if c is absent from the NEEDLE.
+ shift_table[NEEDLE[NEEDLE_LEN - 1]] contains the only 0. */
+ for (i = 0; i < 1U << CHAR_BIT; i++)
+ shift_table[i] = needle_len;
+ for (i = 0; i < needle_len; i++)
+ shift_table[CANON_ELEMENT (needle[i])] = needle_len - i - 1;
+
+ /* Perform the search. Each iteration compares the right half
+ first. */
+ if (CMP_FUNC (needle, needle + period, suffix) == 0)
+ {
+ /* Entire needle is periodic; a mismatch in the left half can
+ only advance by the period, so use memory to avoid rescanning
+ known occurrences of the period in the right half. */
+ size_t memory = 0;
+ size_t shift;
+ j = 0;
+ while (AVAILABLE (haystack, haystack_len, j, needle_len))
+ {
+ /* Check the last byte first; if it does not match, then
+ shift to the next possible match location. */
+ shift = shift_table[CANON_ELEMENT (haystack[j + needle_len - 1])];
+ if (0 < shift)
+ {
+ if (memory && shift < period)
+ {
+ /* Since needle is periodic, but the last period has
+ a byte out of place, there can be no match until
+ after the mismatch. */
+ shift = needle_len - period;
+ }
+ memory = 0;
+ j += shift;
+ continue;
+ }
+ /* Scan for matches in right half. The last byte has
+ already been matched, by virtue of the shift table. */
+ i = MAX (suffix, memory);
+ while (i < needle_len - 1 && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ ++i;
+ if (needle_len - 1 <= i)
+ {
+ /* Scan for matches in left half. */
+ i = suffix - 1;
+ while (memory < i + 1 && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ --i;
+ if (i + 1 < memory + 1)
+ return (RETURN_TYPE) (haystack + j);
+ /* No match, so remember how many repetitions of period
+ on the right half were scanned. */
+ j += period;
+ memory = needle_len - period;
+ }
+ else
+ {
+ j += i - suffix + 1;
+ memory = 0;
+ }
+ }
+ }
+ else
+ {
+ /* The two halves of needle are distinct; no extra memory is
+ required, and any mismatch results in a maximal shift. */
+ size_t shift;
+ period = MAX (suffix, needle_len - suffix) + 1;
+ j = 0;
+ while (AVAILABLE (haystack, haystack_len, j, needle_len))
+ {
+ /* Check the last byte first; if it does not match, then
+ shift to the next possible match location. */
+ shift = shift_table[CANON_ELEMENT (haystack[j + needle_len - 1])];
+ if (0 < shift)
+ {
+ j += shift;
+ continue;
+ }
+ /* Scan for matches in right half. The last byte has
+ already been matched, by virtue of the shift table. */
+ i = suffix;
+ while (i < needle_len - 1 && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ ++i;
+ if (needle_len - 1 <= i)
+ {
+ /* Scan for matches in left half. */
+ i = suffix - 1;
+ while (i != SIZE_MAX && (CANON_ELEMENT (needle[i])
+ == CANON_ELEMENT (haystack[i + j])))
+ --i;
+ if (i == SIZE_MAX)
+ return (RETURN_TYPE) (haystack + j);
+ j += period;
+ }
+ else
+ j += i - suffix + 1;
+ }
+ }
+ return NULL;
+}
+
+#undef AVAILABLE
+#undef CANON_ELEMENT
+#undef CMP_FUNC
+#undef MAX
+#undef RETURN_TYPE
--- /dev/null
+/* Case-insensitive string comparison function.
+ Copyright (C) 1998-1999, 2005-2007, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include <string.h>
+
+#include <ctype.h>
+#include <limits.h>
+
+#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch))
+
+/* Compare strings S1 and S2, ignoring case, returning less than, equal to or
+ greater than zero if S1 is lexicographically less than, equal to or greater
+ than S2.
+ Note: This function does not work with multibyte strings! */
+
+int
+strcasecmp (const char *s1, const char *s2)
+{
+ const unsigned char *p1 = (const unsigned char *) s1;
+ const unsigned char *p2 = (const unsigned char *) s2;
+ unsigned char c1, c2;
+
+ if (p1 == p2)
+ return 0;
+
+ do
+ {
+ c1 = TOLOWER (*p1);
+ c2 = TOLOWER (*p2);
+
+ if (c1 == '\0')
+ break;
+
+ ++p1;
+ ++p2;
+ }
+ while (c1 == c2);
+
+ if (UCHAR_MAX <= INT_MAX)
+ return c1 - c2;
+ else
+ /* On machines where 'char' and 'int' are types of the same size, the
+ difference of two 'unsigned char' values - including the sign bit -
+ doesn't fit in an 'int'. */
+ return (c1 > c2 ? 1 : c1 < c2 ? -1 : 0);
+}
--- /dev/null
+/* A GNU-like <string.h>.
+
+ Copyright (C) 1995-1996, 2001-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _GL_STRING_H
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_STRING_H@
+
+#ifndef _GL_STRING_H
+#define _GL_STRING_H
+
+/* NetBSD 5.0 mis-defines NULL. */
+#include <stddef.h>
+
+/* MirBSD defines mbslen as a macro. */
+#if @GNULIB_MBSLEN@ && defined __MirBSD__
+# include <wchar.h>
+#endif
+
+/* The __attribute__ feature is available in gcc versions 2.5 and later.
+ The attribute __pure__ was added in gcc 2.96. */
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96)
+# define _GL_ATTRIBUTE_PURE __attribute__ ((__pure__))
+#else
+# define _GL_ATTRIBUTE_PURE /* empty */
+#endif
+
+/* NetBSD 5.0 declares strsignal in <unistd.h>, not in <string.h>. */
+/* But in any case avoid namespace pollution on glibc systems. */
+#if (@GNULIB_STRSIGNAL@ || defined GNULIB_POSIXCHECK) && defined __NetBSD__ \
+ && ! defined __GLIBC__
+# include <unistd.h>
+#endif
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+
+/* Return the first instance of C within N bytes of S, or NULL. */
+#if @GNULIB_MEMCHR@
+# if @REPLACE_MEMCHR@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define memchr rpl_memchr
+# endif
+_GL_FUNCDECL_RPL (memchr, void *, (void const *__s, int __c, size_t __n)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (memchr, void *, (void const *__s, int __c, size_t __n));
+# else
+# if ! @HAVE_MEMCHR@
+_GL_FUNCDECL_SYS (memchr, void *, (void const *__s, int __c, size_t __n)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1)));
+# endif
+ /* On some systems, this function is defined as an overloaded function:
+ extern "C" { const void * std::memchr (const void *, int, size_t); }
+ extern "C++" { void * std::memchr (void *, int, size_t); } */
+_GL_CXXALIAS_SYS_CAST2 (memchr,
+ void *, (void const *__s, int __c, size_t __n),
+ void const *, (void const *__s, int __c, size_t __n));
+# endif
+# if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 10) && !defined __UCLIBC__) \
+ && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4))
+_GL_CXXALIASWARN1 (memchr, void *, (void *__s, int __c, size_t __n));
+_GL_CXXALIASWARN1 (memchr, void const *,
+ (void const *__s, int __c, size_t __n));
+# else
+_GL_CXXALIASWARN (memchr);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef memchr
+/* Assume memchr is always declared. */
+_GL_WARN_ON_USE (memchr, "memchr has platform-specific bugs - "
+ "use gnulib module memchr for portability" );
+#endif
+
+/* Return the first occurrence of NEEDLE in HAYSTACK. */
+#if @GNULIB_MEMMEM@
+# if @REPLACE_MEMMEM@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define memmem rpl_memmem
+# endif
+_GL_FUNCDECL_RPL (memmem, void *,
+ (void const *__haystack, size_t __haystack_len,
+ void const *__needle, size_t __needle_len)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1, 3)));
+_GL_CXXALIAS_RPL (memmem, void *,
+ (void const *__haystack, size_t __haystack_len,
+ void const *__needle, size_t __needle_len));
+# else
+# if ! @HAVE_DECL_MEMMEM@
+_GL_FUNCDECL_SYS (memmem, void *,
+ (void const *__haystack, size_t __haystack_len,
+ void const *__needle, size_t __needle_len)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1, 3)));
+# endif
+_GL_CXXALIAS_SYS (memmem, void *,
+ (void const *__haystack, size_t __haystack_len,
+ void const *__needle, size_t __needle_len));
+# endif
+_GL_CXXALIASWARN (memmem);
+#elif defined GNULIB_POSIXCHECK
+# undef memmem
+# if HAVE_RAW_DECL_MEMMEM
+_GL_WARN_ON_USE (memmem, "memmem is unportable and often quadratic - "
+ "use gnulib module memmem-simple for portability, "
+ "and module memmem for speed" );
+# endif
+#endif
+
+/* Copy N bytes of SRC to DEST, return pointer to bytes after the
+ last written byte. */
+#if @GNULIB_MEMPCPY@
+# if ! @HAVE_MEMPCPY@
+_GL_FUNCDECL_SYS (mempcpy, void *,
+ (void *restrict __dest, void const *restrict __src,
+ size_t __n)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (mempcpy, void *,
+ (void *restrict __dest, void const *restrict __src,
+ size_t __n));
+_GL_CXXALIASWARN (mempcpy);
+#elif defined GNULIB_POSIXCHECK
+# undef mempcpy
+# if HAVE_RAW_DECL_MEMPCPY
+_GL_WARN_ON_USE (mempcpy, "mempcpy is unportable - "
+ "use gnulib module mempcpy for portability");
+# endif
+#endif
+
+/* Search backwards through a block for a byte (specified as an int). */
+#if @GNULIB_MEMRCHR@
+# if ! @HAVE_DECL_MEMRCHR@
+_GL_FUNCDECL_SYS (memrchr, void *, (void const *, int, size_t)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1)));
+# endif
+ /* On some systems, this function is defined as an overloaded function:
+ extern "C++" { const void * std::memrchr (const void *, int, size_t); }
+ extern "C++" { void * std::memrchr (void *, int, size_t); } */
+_GL_CXXALIAS_SYS_CAST2 (memrchr,
+ void *, (void const *, int, size_t),
+ void const *, (void const *, int, size_t));
+# if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 10) && !defined __UCLIBC__) \
+ && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4))
+_GL_CXXALIASWARN1 (memrchr, void *, (void *, int, size_t));
+_GL_CXXALIASWARN1 (memrchr, void const *, (void const *, int, size_t));
+# else
+_GL_CXXALIASWARN (memrchr);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef memrchr
+# if HAVE_RAW_DECL_MEMRCHR
+_GL_WARN_ON_USE (memrchr, "memrchr is unportable - "
+ "use gnulib module memrchr for portability");
+# endif
+#endif
+
+/* Find the first occurrence of C in S. More efficient than
+ memchr(S,C,N), at the expense of undefined behavior if C does not
+ occur within N bytes. */
+#if @GNULIB_RAWMEMCHR@
+# if ! @HAVE_RAWMEMCHR@
+_GL_FUNCDECL_SYS (rawmemchr, void *, (void const *__s, int __c_in)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1)));
+# endif
+ /* On some systems, this function is defined as an overloaded function:
+ extern "C++" { const void * std::rawmemchr (const void *, int); }
+ extern "C++" { void * std::rawmemchr (void *, int); } */
+_GL_CXXALIAS_SYS_CAST2 (rawmemchr,
+ void *, (void const *__s, int __c_in),
+ void const *, (void const *__s, int __c_in));
+# if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 10) && !defined __UCLIBC__) \
+ && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4))
+_GL_CXXALIASWARN1 (rawmemchr, void *, (void *__s, int __c_in));
+_GL_CXXALIASWARN1 (rawmemchr, void const *, (void const *__s, int __c_in));
+# else
+_GL_CXXALIASWARN (rawmemchr);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef rawmemchr
+# if HAVE_RAW_DECL_RAWMEMCHR
+_GL_WARN_ON_USE (rawmemchr, "rawmemchr is unportable - "
+ "use gnulib module rawmemchr for portability");
+# endif
+#endif
+
+/* Copy SRC to DST, returning the address of the terminating '\0' in DST. */
+#if @GNULIB_STPCPY@
+# if ! @HAVE_STPCPY@
+_GL_FUNCDECL_SYS (stpcpy, char *,
+ (char *restrict __dst, char const *restrict __src)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (stpcpy, char *,
+ (char *restrict __dst, char const *restrict __src));
+_GL_CXXALIASWARN (stpcpy);
+#elif defined GNULIB_POSIXCHECK
+# undef stpcpy
+# if HAVE_RAW_DECL_STPCPY
+_GL_WARN_ON_USE (stpcpy, "stpcpy is unportable - "
+ "use gnulib module stpcpy for portability");
+# endif
+#endif
+
+/* Copy no more than N bytes of SRC to DST, returning a pointer past the
+ last non-NUL byte written into DST. */
+#if @GNULIB_STPNCPY@
+# if @REPLACE_STPNCPY@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef stpncpy
+# define stpncpy rpl_stpncpy
+# endif
+_GL_FUNCDECL_RPL (stpncpy, char *,
+ (char *restrict __dst, char const *restrict __src,
+ size_t __n)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (stpncpy, char *,
+ (char *restrict __dst, char const *restrict __src,
+ size_t __n));
+# else
+# if ! @HAVE_STPNCPY@
+_GL_FUNCDECL_SYS (stpncpy, char *,
+ (char *restrict __dst, char const *restrict __src,
+ size_t __n)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (stpncpy, char *,
+ (char *restrict __dst, char const *restrict __src,
+ size_t __n));
+# endif
+_GL_CXXALIASWARN (stpncpy);
+#elif defined GNULIB_POSIXCHECK
+# undef stpncpy
+# if HAVE_RAW_DECL_STPNCPY
+_GL_WARN_ON_USE (stpncpy, "stpncpy is unportable - "
+ "use gnulib module stpncpy for portability");
+# endif
+#endif
+
+#if defined GNULIB_POSIXCHECK
+/* strchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+# undef strchr
+/* Assume strchr is always declared. */
+_GL_WARN_ON_USE (strchr, "strchr cannot work correctly on character strings "
+ "in some multibyte locales - "
+ "use mbschr if you care about internationalization");
+#endif
+
+/* Find the first occurrence of C in S or the final NUL byte. */
+#if @GNULIB_STRCHRNUL@
+# if ! @HAVE_STRCHRNUL@
+_GL_FUNCDECL_SYS (strchrnul, char *, (char const *__s, int __c_in)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1)));
+# endif
+ /* On some systems, this function is defined as an overloaded function:
+ extern "C++" { const char * std::strchrnul (const char *, int); }
+ extern "C++" { char * std::strchrnul (char *, int); } */
+_GL_CXXALIAS_SYS_CAST2 (strchrnul,
+ char *, (char const *__s, int __c_in),
+ char const *, (char const *__s, int __c_in));
+# if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 10) && !defined __UCLIBC__) \
+ && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4))
+_GL_CXXALIASWARN1 (strchrnul, char *, (char *__s, int __c_in));
+_GL_CXXALIASWARN1 (strchrnul, char const *, (char const *__s, int __c_in));
+# else
+_GL_CXXALIASWARN (strchrnul);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef strchrnul
+# if HAVE_RAW_DECL_STRCHRNUL
+_GL_WARN_ON_USE (strchrnul, "strchrnul is unportable - "
+ "use gnulib module strchrnul for portability");
+# endif
+#endif
+
+/* Duplicate S, returning an identical malloc'd string. */
+#if @GNULIB_STRDUP@
+# if @REPLACE_STRDUP@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strdup
+# define strdup rpl_strdup
+# endif
+_GL_FUNCDECL_RPL (strdup, char *, (char const *__s) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (strdup, char *, (char const *__s));
+# else
+# if defined __cplusplus && defined GNULIB_NAMESPACE && defined strdup
+ /* strdup exists as a function and as a macro. Get rid of the macro. */
+# undef strdup
+# endif
+# if !(@HAVE_DECL_STRDUP@ || defined strdup)
+_GL_FUNCDECL_SYS (strdup, char *, (char const *__s) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (strdup, char *, (char const *__s));
+# endif
+_GL_CXXALIASWARN (strdup);
+#elif defined GNULIB_POSIXCHECK
+# undef strdup
+# if HAVE_RAW_DECL_STRDUP
+_GL_WARN_ON_USE (strdup, "strdup is unportable - "
+ "use gnulib module strdup for portability");
+# endif
+#endif
+
+/* Append no more than N characters from SRC onto DEST. */
+#if @GNULIB_STRNCAT@
+# if @REPLACE_STRNCAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strncat
+# define strncat rpl_strncat
+# endif
+_GL_FUNCDECL_RPL (strncat, char *, (char *dest, const char *src, size_t n)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (strncat, char *, (char *dest, const char *src, size_t n));
+# else
+_GL_CXXALIAS_SYS (strncat, char *, (char *dest, const char *src, size_t n));
+# endif
+_GL_CXXALIASWARN (strncat);
+#elif defined GNULIB_POSIXCHECK
+# undef strncat
+# if HAVE_RAW_DECL_STRNCAT
+_GL_WARN_ON_USE (strncat, "strncat is unportable - "
+ "use gnulib module strncat for portability");
+# endif
+#endif
+
+/* Return a newly allocated copy of at most N bytes of STRING. */
+#if @GNULIB_STRNDUP@
+# if @REPLACE_STRNDUP@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strndup
+# define strndup rpl_strndup
+# endif
+_GL_FUNCDECL_RPL (strndup, char *, (char const *__string, size_t __n)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (strndup, char *, (char const *__string, size_t __n));
+# else
+# if ! @HAVE_DECL_STRNDUP@
+_GL_FUNCDECL_SYS (strndup, char *, (char const *__string, size_t __n)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (strndup, char *, (char const *__string, size_t __n));
+# endif
+_GL_CXXALIASWARN (strndup);
+#elif defined GNULIB_POSIXCHECK
+# undef strndup
+# if HAVE_RAW_DECL_STRNDUP
+_GL_WARN_ON_USE (strndup, "strndup is unportable - "
+ "use gnulib module strndup for portability");
+# endif
+#endif
+
+/* Find the length (number of bytes) of STRING, but scan at most
+ MAXLEN bytes. If no '\0' terminator is found in that many bytes,
+ return MAXLEN. */
+#if @GNULIB_STRNLEN@
+# if @REPLACE_STRNLEN@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strnlen
+# define strnlen rpl_strnlen
+# endif
+_GL_FUNCDECL_RPL (strnlen, size_t, (char const *__string, size_t __maxlen)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (strnlen, size_t, (char const *__string, size_t __maxlen));
+# else
+# if ! @HAVE_DECL_STRNLEN@
+_GL_FUNCDECL_SYS (strnlen, size_t, (char const *__string, size_t __maxlen)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (strnlen, size_t, (char const *__string, size_t __maxlen));
+# endif
+_GL_CXXALIASWARN (strnlen);
+#elif defined GNULIB_POSIXCHECK
+# undef strnlen
+# if HAVE_RAW_DECL_STRNLEN
+_GL_WARN_ON_USE (strnlen, "strnlen is unportable - "
+ "use gnulib module strnlen for portability");
+# endif
+#endif
+
+#if defined GNULIB_POSIXCHECK
+/* strcspn() assumes the second argument is a list of single-byte characters.
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+# undef strcspn
+/* Assume strcspn is always declared. */
+_GL_WARN_ON_USE (strcspn, "strcspn cannot work correctly on character strings "
+ "in multibyte locales - "
+ "use mbscspn if you care about internationalization");
+#endif
+
+/* Find the first occurrence in S of any character in ACCEPT. */
+#if @GNULIB_STRPBRK@
+# if ! @HAVE_STRPBRK@
+_GL_FUNCDECL_SYS (strpbrk, char *, (char const *__s, char const *__accept)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+ /* On some systems, this function is defined as an overloaded function:
+ extern "C" { const char * strpbrk (const char *, const char *); }
+ extern "C++" { char * strpbrk (char *, const char *); } */
+_GL_CXXALIAS_SYS_CAST2 (strpbrk,
+ char *, (char const *__s, char const *__accept),
+ const char *, (char const *__s, char const *__accept));
+# if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 10) && !defined __UCLIBC__) \
+ && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4))
+_GL_CXXALIASWARN1 (strpbrk, char *, (char *__s, char const *__accept));
+_GL_CXXALIASWARN1 (strpbrk, char const *,
+ (char const *__s, char const *__accept));
+# else
+_GL_CXXALIASWARN (strpbrk);
+# endif
+# if defined GNULIB_POSIXCHECK
+/* strpbrk() assumes the second argument is a list of single-byte characters.
+ Even in this simple case, it does not work with multibyte strings if the
+ locale encoding is GB18030 and one of the characters to be searched is a
+ digit. */
+# undef strpbrk
+_GL_WARN_ON_USE (strpbrk, "strpbrk cannot work correctly on character strings "
+ "in multibyte locales - "
+ "use mbspbrk if you care about internationalization");
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef strpbrk
+# if HAVE_RAW_DECL_STRPBRK
+_GL_WARN_ON_USE (strpbrk, "strpbrk is unportable - "
+ "use gnulib module strpbrk for portability");
+# endif
+#endif
+
+#if defined GNULIB_POSIXCHECK
+/* strspn() assumes the second argument is a list of single-byte characters.
+ Even in this simple case, it cannot work with multibyte strings. */
+# undef strspn
+/* Assume strspn is always declared. */
+_GL_WARN_ON_USE (strspn, "strspn cannot work correctly on character strings "
+ "in multibyte locales - "
+ "use mbsspn if you care about internationalization");
+#endif
+
+#if defined GNULIB_POSIXCHECK
+/* strrchr() does not work with multibyte strings if the locale encoding is
+ GB18030 and the character to be searched is a digit. */
+# undef strrchr
+/* Assume strrchr is always declared. */
+_GL_WARN_ON_USE (strrchr, "strrchr cannot work correctly on character strings "
+ "in some multibyte locales - "
+ "use mbsrchr if you care about internationalization");
+#endif
+
+/* Search the next delimiter (char listed in DELIM) starting at *STRINGP.
+ If one is found, overwrite it with a NUL, and advance *STRINGP
+ to point to the next char after it. Otherwise, set *STRINGP to NULL.
+ If *STRINGP was already NULL, nothing happens.
+ Return the old value of *STRINGP.
+
+ This is a variant of strtok() that is multithread-safe and supports
+ empty fields.
+
+ Caveat: It modifies the original string.
+ Caveat: These functions cannot be used on constant strings.
+ Caveat: The identity of the delimiting character is lost.
+ Caveat: It doesn't work with multibyte strings unless all of the delimiter
+ characters are ASCII characters < 0x30.
+
+ See also strtok_r(). */
+#if @GNULIB_STRSEP@
+# if ! @HAVE_STRSEP@
+_GL_FUNCDECL_SYS (strsep, char *,
+ (char **restrict __stringp, char const *restrict __delim)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (strsep, char *,
+ (char **restrict __stringp, char const *restrict __delim));
+_GL_CXXALIASWARN (strsep);
+# if defined GNULIB_POSIXCHECK
+# undef strsep
+_GL_WARN_ON_USE (strsep, "strsep cannot work correctly on character strings "
+ "in multibyte locales - "
+ "use mbssep if you care about internationalization");
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef strsep
+# if HAVE_RAW_DECL_STRSEP
+_GL_WARN_ON_USE (strsep, "strsep is unportable - "
+ "use gnulib module strsep for portability");
+# endif
+#endif
+
+#if @GNULIB_STRSTR@
+# if @REPLACE_STRSTR@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define strstr rpl_strstr
+# endif
+_GL_FUNCDECL_RPL (strstr, char *, (const char *haystack, const char *needle)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (strstr, char *, (const char *haystack, const char *needle));
+# else
+ /* On some systems, this function is defined as an overloaded function:
+ extern "C++" { const char * strstr (const char *, const char *); }
+ extern "C++" { char * strstr (char *, const char *); } */
+_GL_CXXALIAS_SYS_CAST2 (strstr,
+ char *, (const char *haystack, const char *needle),
+ const char *, (const char *haystack, const char *needle));
+# endif
+# if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 10) && !defined __UCLIBC__) \
+ && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4))
+_GL_CXXALIASWARN1 (strstr, char *, (char *haystack, const char *needle));
+_GL_CXXALIASWARN1 (strstr, const char *,
+ (const char *haystack, const char *needle));
+# else
+_GL_CXXALIASWARN (strstr);
+# endif
+#elif defined GNULIB_POSIXCHECK
+/* strstr() does not work with multibyte strings if the locale encoding is
+ different from UTF-8:
+ POSIX says that it operates on "strings", and "string" in POSIX is defined
+ as a sequence of bytes, not of characters. */
+# undef strstr
+/* Assume strstr is always declared. */
+_GL_WARN_ON_USE (strstr, "strstr is quadratic on many systems, and cannot "
+ "work correctly on character strings in most "
+ "multibyte locales - "
+ "use mbsstr if you care about internationalization, "
+ "or use strstr if you care about speed");
+#endif
+
+/* Find the first occurrence of NEEDLE in HAYSTACK, using case-insensitive
+ comparison. */
+#if @GNULIB_STRCASESTR@
+# if @REPLACE_STRCASESTR@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define strcasestr rpl_strcasestr
+# endif
+_GL_FUNCDECL_RPL (strcasestr, char *,
+ (const char *haystack, const char *needle)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (strcasestr, char *,
+ (const char *haystack, const char *needle));
+# else
+# if ! @HAVE_STRCASESTR@
+_GL_FUNCDECL_SYS (strcasestr, char *,
+ (const char *haystack, const char *needle)
+ _GL_ATTRIBUTE_PURE
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+ /* On some systems, this function is defined as an overloaded function:
+ extern "C++" { const char * strcasestr (const char *, const char *); }
+ extern "C++" { char * strcasestr (char *, const char *); } */
+_GL_CXXALIAS_SYS_CAST2 (strcasestr,
+ char *, (const char *haystack, const char *needle),
+ const char *, (const char *haystack, const char *needle));
+# endif
+# if ((__GLIBC__ == 2 && __GLIBC_MINOR__ >= 10) && !defined __UCLIBC__) \
+ && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4))
+_GL_CXXALIASWARN1 (strcasestr, char *, (char *haystack, const char *needle));
+_GL_CXXALIASWARN1 (strcasestr, const char *,
+ (const char *haystack, const char *needle));
+# else
+_GL_CXXALIASWARN (strcasestr);
+# endif
+#elif defined GNULIB_POSIXCHECK
+/* strcasestr() does not work with multibyte strings:
+ It is a glibc extension, and glibc implements it only for unibyte
+ locales. */
+# undef strcasestr
+# if HAVE_RAW_DECL_STRCASESTR
+_GL_WARN_ON_USE (strcasestr, "strcasestr does work correctly on character "
+ "strings in multibyte locales - "
+ "use mbscasestr if you care about "
+ "internationalization, or use c-strcasestr if you want "
+ "a locale independent function");
+# endif
+#endif
+
+/* Parse S into tokens separated by characters in DELIM.
+ If S is NULL, the saved pointer in SAVE_PTR is used as
+ the next starting point. For example:
+ char s[] = "-abc-=-def";
+ char *sp;
+ x = strtok_r(s, "-", &sp); // x = "abc", sp = "=-def"
+ x = strtok_r(NULL, "-=", &sp); // x = "def", sp = NULL
+ x = strtok_r(NULL, "=", &sp); // x = NULL
+ // s = "abc\0-def\0"
+
+ This is a variant of strtok() that is multithread-safe.
+
+ For the POSIX documentation for this function, see:
+ http://www.opengroup.org/susv3xsh/strtok.html
+
+ Caveat: It modifies the original string.
+ Caveat: These functions cannot be used on constant strings.
+ Caveat: The identity of the delimiting character is lost.
+ Caveat: It doesn't work with multibyte strings unless all of the delimiter
+ characters are ASCII characters < 0x30.
+
+ See also strsep(). */
+#if @GNULIB_STRTOK_R@
+# if @REPLACE_STRTOK_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strtok_r
+# define strtok_r rpl_strtok_r
+# endif
+_GL_FUNCDECL_RPL (strtok_r, char *,
+ (char *restrict s, char const *restrict delim,
+ char **restrict save_ptr)
+ _GL_ARG_NONNULL ((2, 3)));
+_GL_CXXALIAS_RPL (strtok_r, char *,
+ (char *restrict s, char const *restrict delim,
+ char **restrict save_ptr));
+# else
+# if @UNDEFINE_STRTOK_R@ || defined GNULIB_POSIXCHECK
+# undef strtok_r
+# endif
+# if ! @HAVE_DECL_STRTOK_R@
+_GL_FUNCDECL_SYS (strtok_r, char *,
+ (char *restrict s, char const *restrict delim,
+ char **restrict save_ptr)
+ _GL_ARG_NONNULL ((2, 3)));
+# endif
+_GL_CXXALIAS_SYS (strtok_r, char *,
+ (char *restrict s, char const *restrict delim,
+ char **restrict save_ptr));
+# endif
+_GL_CXXALIASWARN (strtok_r);
+# if defined GNULIB_POSIXCHECK
+_GL_WARN_ON_USE (strtok_r, "strtok_r cannot work correctly on character "
+ "strings in multibyte locales - "
+ "use mbstok_r if you care about internationalization");
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef strtok_r
+# if HAVE_RAW_DECL_STRTOK_R
+_GL_WARN_ON_USE (strtok_r, "strtok_r is unportable - "
+ "use gnulib module strtok_r for portability");
+# endif
+#endif
+
+
+/* The following functions are not specified by POSIX. They are gnulib
+ extensions. */
+
+#if @GNULIB_MBSLEN@
+/* Return the number of multibyte characters in the character string STRING.
+ This considers multibyte characters, unlike strlen, which counts bytes. */
+# ifdef __MirBSD__ /* MirBSD defines mbslen as a macro. Override it. */
+# undef mbslen
+# endif
+# if @HAVE_MBSLEN@ /* AIX, OSF/1, MirBSD define mbslen already in libc. */
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define mbslen rpl_mbslen
+# endif
+_GL_FUNCDECL_RPL (mbslen, size_t, (const char *string) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mbslen, size_t, (const char *string));
+# else
+_GL_FUNCDECL_SYS (mbslen, size_t, (const char *string) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_SYS (mbslen, size_t, (const char *string));
+# endif
+_GL_CXXALIASWARN (mbslen);
+#endif
+
+#if @GNULIB_MBSNLEN@
+/* Return the number of multibyte characters in the character string starting
+ at STRING and ending at STRING + LEN. */
+_GL_EXTERN_C size_t mbsnlen (const char *string, size_t len)
+ _GL_ARG_NONNULL ((1));
+#endif
+
+#if @GNULIB_MBSCHR@
+/* Locate the first single-byte character C in the character string STRING,
+ and return a pointer to it. Return NULL if C is not found in STRING.
+ Unlike strchr(), this function works correctly in multibyte locales with
+ encodings such as GB18030. */
+# if defined __hpux
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define mbschr rpl_mbschr /* avoid collision with HP-UX function */
+# endif
+_GL_FUNCDECL_RPL (mbschr, char *, (const char *string, int c)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mbschr, char *, (const char *string, int c));
+# else
+_GL_FUNCDECL_SYS (mbschr, char *, (const char *string, int c)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_SYS (mbschr, char *, (const char *string, int c));
+# endif
+_GL_CXXALIASWARN (mbschr);
+#endif
+
+#if @GNULIB_MBSRCHR@
+/* Locate the last single-byte character C in the character string STRING,
+ and return a pointer to it. Return NULL if C is not found in STRING.
+ Unlike strrchr(), this function works correctly in multibyte locales with
+ encodings such as GB18030. */
+# if defined __hpux
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define mbsrchr rpl_mbsrchr /* avoid collision with HP-UX function */
+# endif
+_GL_FUNCDECL_RPL (mbsrchr, char *, (const char *string, int c)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mbsrchr, char *, (const char *string, int c));
+# else
+_GL_FUNCDECL_SYS (mbsrchr, char *, (const char *string, int c)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_SYS (mbsrchr, char *, (const char *string, int c));
+# endif
+_GL_CXXALIASWARN (mbsrchr);
+#endif
+
+#if @GNULIB_MBSSTR@
+/* Find the first occurrence of the character string NEEDLE in the character
+ string HAYSTACK. Return NULL if NEEDLE is not found in HAYSTACK.
+ Unlike strstr(), this function works correctly in multibyte locales with
+ encodings different from UTF-8. */
+_GL_EXTERN_C char * mbsstr (const char *haystack, const char *needle)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSCASECMP@
+/* Compare the character strings S1 and S2, ignoring case, returning less than,
+ equal to or greater than zero if S1 is lexicographically less than, equal to
+ or greater than S2.
+ Note: This function may, in multibyte locales, return 0 for strings of
+ different lengths!
+ Unlike strcasecmp(), this function works correctly in multibyte locales. */
+_GL_EXTERN_C int mbscasecmp (const char *s1, const char *s2)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSNCASECMP@
+/* Compare the initial segment of the character string S1 consisting of at most
+ N characters with the initial segment of the character string S2 consisting
+ of at most N characters, ignoring case, returning less than, equal to or
+ greater than zero if the initial segment of S1 is lexicographically less
+ than, equal to or greater than the initial segment of S2.
+ Note: This function may, in multibyte locales, return 0 for initial segments
+ of different lengths!
+ Unlike strncasecmp(), this function works correctly in multibyte locales.
+ But beware that N is not a byte count but a character count! */
+_GL_EXTERN_C int mbsncasecmp (const char *s1, const char *s2, size_t n)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSPCASECMP@
+/* Compare the initial segment of the character string STRING consisting of
+ at most mbslen (PREFIX) characters with the character string PREFIX,
+ ignoring case. If the two match, return a pointer to the first byte
+ after this prefix in STRING. Otherwise, return NULL.
+ Note: This function may, in multibyte locales, return non-NULL if STRING
+ is of smaller length than PREFIX!
+ Unlike strncasecmp(), this function works correctly in multibyte
+ locales. */
+_GL_EXTERN_C char * mbspcasecmp (const char *string, const char *prefix)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSCASESTR@
+/* Find the first occurrence of the character string NEEDLE in the character
+ string HAYSTACK, using case-insensitive comparison.
+ Note: This function may, in multibyte locales, return success even if
+ strlen (haystack) < strlen (needle) !
+ Unlike strcasestr(), this function works correctly in multibyte locales. */
+_GL_EXTERN_C char * mbscasestr (const char *haystack, const char *needle)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSCSPN@
+/* Find the first occurrence in the character string STRING of any character
+ in the character string ACCEPT. Return the number of bytes from the
+ beginning of the string to this occurrence, or to the end of the string
+ if none exists.
+ Unlike strcspn(), this function works correctly in multibyte locales. */
+_GL_EXTERN_C size_t mbscspn (const char *string, const char *accept)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSPBRK@
+/* Find the first occurrence in the character string STRING of any character
+ in the character string ACCEPT. Return the pointer to it, or NULL if none
+ exists.
+ Unlike strpbrk(), this function works correctly in multibyte locales. */
+# if defined __hpux
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define mbspbrk rpl_mbspbrk /* avoid collision with HP-UX function */
+# endif
+_GL_FUNCDECL_RPL (mbspbrk, char *, (const char *string, const char *accept)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (mbspbrk, char *, (const char *string, const char *accept));
+# else
+_GL_FUNCDECL_SYS (mbspbrk, char *, (const char *string, const char *accept)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_SYS (mbspbrk, char *, (const char *string, const char *accept));
+# endif
+_GL_CXXALIASWARN (mbspbrk);
+#endif
+
+#if @GNULIB_MBSSPN@
+/* Find the first occurrence in the character string STRING of any character
+ not in the character string REJECT. Return the number of bytes from the
+ beginning of the string to this occurrence, or to the end of the string
+ if none exists.
+ Unlike strspn(), this function works correctly in multibyte locales. */
+_GL_EXTERN_C size_t mbsspn (const char *string, const char *reject)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSSEP@
+/* Search the next delimiter (multibyte character listed in the character
+ string DELIM) starting at the character string *STRINGP.
+ If one is found, overwrite it with a NUL, and advance *STRINGP to point
+ to the next multibyte character after it. Otherwise, set *STRINGP to NULL.
+ If *STRINGP was already NULL, nothing happens.
+ Return the old value of *STRINGP.
+
+ This is a variant of mbstok_r() that supports empty fields.
+
+ Caveat: It modifies the original string.
+ Caveat: These functions cannot be used on constant strings.
+ Caveat: The identity of the delimiting character is lost.
+
+ See also mbstok_r(). */
+_GL_EXTERN_C char * mbssep (char **stringp, const char *delim)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+
+#if @GNULIB_MBSTOK_R@
+/* Parse the character string STRING into tokens separated by characters in
+ the character string DELIM.
+ If STRING is NULL, the saved pointer in SAVE_PTR is used as
+ the next starting point. For example:
+ char s[] = "-abc-=-def";
+ char *sp;
+ x = mbstok_r(s, "-", &sp); // x = "abc", sp = "=-def"
+ x = mbstok_r(NULL, "-=", &sp); // x = "def", sp = NULL
+ x = mbstok_r(NULL, "=", &sp); // x = NULL
+ // s = "abc\0-def\0"
+
+ Caveat: It modifies the original string.
+ Caveat: These functions cannot be used on constant strings.
+ Caveat: The identity of the delimiting character is lost.
+
+ See also mbssep(). */
+_GL_EXTERN_C char * mbstok_r (char *string, const char *delim, char **save_ptr)
+ _GL_ARG_NONNULL ((2, 3));
+#endif
+
+/* Map any int, typically from errno, into an error message. */
+#if @GNULIB_STRERROR@
+# if @REPLACE_STRERROR@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strerror
+# define strerror rpl_strerror
+# endif
+_GL_FUNCDECL_RPL (strerror, char *, (int));
+_GL_CXXALIAS_RPL (strerror, char *, (int));
+# else
+_GL_CXXALIAS_SYS (strerror, char *, (int));
+# endif
+_GL_CXXALIASWARN (strerror);
+#elif defined GNULIB_POSIXCHECK
+# undef strerror
+/* Assume strerror is always declared. */
+_GL_WARN_ON_USE (strerror, "strerror is unportable - "
+ "use gnulib module strerror to guarantee non-NULL result");
+#endif
+
+/* Map any int, typically from errno, into an error message. Multithread-safe.
+ Uses the POSIX declaration, not the glibc declaration. */
+#if @GNULIB_STRERROR_R@
+# if @REPLACE_STRERROR_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef strerror_r
+# define strerror_r rpl_strerror_r
+# endif
+_GL_FUNCDECL_RPL (strerror_r, int, (int errnum, char *buf, size_t buflen)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (strerror_r, int, (int errnum, char *buf, size_t buflen));
+# else
+# if !@HAVE_DECL_STRERROR_R@
+_GL_FUNCDECL_SYS (strerror_r, int, (int errnum, char *buf, size_t buflen)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (strerror_r, int, (int errnum, char *buf, size_t buflen));
+# endif
+# if @HAVE_DECL_STRERROR_R@
+_GL_CXXALIASWARN (strerror_r);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef strerror_r
+# if HAVE_RAW_DECL_STRERROR_R
+_GL_WARN_ON_USE (strerror_r, "strerror_r is unportable - "
+ "use gnulib module strerror_r-posix for portability");
+# endif
+#endif
+
+#if @GNULIB_STRSIGNAL@
+# if @REPLACE_STRSIGNAL@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define strsignal rpl_strsignal
+# endif
+_GL_FUNCDECL_RPL (strsignal, char *, (int __sig));
+_GL_CXXALIAS_RPL (strsignal, char *, (int __sig));
+# else
+# if ! @HAVE_DECL_STRSIGNAL@
+_GL_FUNCDECL_SYS (strsignal, char *, (int __sig));
+# endif
+/* Need to cast, because on Cygwin 1.5.x systems, the return type is
+ 'const char *'. */
+_GL_CXXALIAS_SYS_CAST (strsignal, char *, (int __sig));
+# endif
+_GL_CXXALIASWARN (strsignal);
+#elif defined GNULIB_POSIXCHECK
+# undef strsignal
+# if HAVE_RAW_DECL_STRSIGNAL
+_GL_WARN_ON_USE (strsignal, "strsignal is unportable - "
+ "use gnulib module strsignal for portability");
+# endif
+#endif
+
+#if @GNULIB_STRVERSCMP@
+# if !@HAVE_STRVERSCMP@
+_GL_FUNCDECL_SYS (strverscmp, int, (const char *, const char *)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (strverscmp, int, (const char *, const char *));
+_GL_CXXALIASWARN (strverscmp);
+#elif defined GNULIB_POSIXCHECK
+# undef strverscmp
+# if HAVE_RAW_DECL_STRVERSCMP
+_GL_WARN_ON_USE (strverscmp, "strverscmp is unportable - "
+ "use gnulib module strverscmp for portability");
+# endif
+#endif
+
+
+#endif /* _GL_STRING_H */
+#endif /* _GL_STRING_H */
--- /dev/null
+/* A substitute <strings.h>.
+
+ Copyright (C) 2007-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _GL_STRINGS_H
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_STRINGS_H@
+
+#ifndef _GL_STRINGS_H
+#define _GL_STRINGS_H
+
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* Compare strings S1 and S2, ignoring case, returning less than, equal to or
+ greater than zero if S1 is lexicographically less than, equal to or greater
+ than S2.
+ Note: This function does not work in multibyte locales. */
+#if ! @HAVE_STRCASECMP@
+extern int strcasecmp (char const *s1, char const *s2)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+#if defined GNULIB_POSIXCHECK
+/* strcasecmp() does not work with multibyte strings:
+ POSIX says that it operates on "strings", and "string" in POSIX is defined
+ as a sequence of bytes, not of characters. */
+# undef strcasecmp
+# if HAVE_RAW_DECL_STRCASECMP
+_GL_WARN_ON_USE (strcasecmp, "strcasecmp cannot work correctly on character "
+ "strings in multibyte locales - "
+ "use mbscasecmp if you care about "
+ "internationalization, or use c_strcasecmp , "
+ "gnulib module c-strcase) if you want a locale "
+ "independent function");
+# endif
+#endif
+
+/* Compare no more than N bytes of strings S1 and S2, ignoring case,
+ returning less than, equal to or greater than zero if S1 is
+ lexicographically less than, equal to or greater than S2.
+ Note: This function cannot work correctly in multibyte locales. */
+#if ! @HAVE_DECL_STRNCASECMP@
+extern int strncasecmp (char const *s1, char const *s2, size_t n)
+ _GL_ARG_NONNULL ((1, 2));
+#endif
+#if defined GNULIB_POSIXCHECK
+/* strncasecmp() does not work with multibyte strings:
+ POSIX says that it operates on "strings", and "string" in POSIX is defined
+ as a sequence of bytes, not of characters. */
+# undef strncasecmp
+# if HAVE_RAW_DECL_STRNCASECMP
+_GL_WARN_ON_USE (strncasecmp, "strncasecmp cannot work correctly on character "
+ "strings in multibyte locales - "
+ "use mbsncasecmp or mbspcasecmp if you care about "
+ "internationalization, or use c_strncasecmp , "
+ "gnulib module c-strcase) if you want a locale "
+ "independent function");
+# endif
+#endif
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _GL_STRING_H */
+#endif /* _GL_STRING_H */
--- /dev/null
+/* strncasecmp.c -- case insensitive string comparator
+ Copyright (C) 1998-1999, 2005-2007, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#include <string.h>
+
+#include <ctype.h>
+#include <limits.h>
+
+#define TOLOWER(Ch) (isupper (Ch) ? tolower (Ch) : (Ch))
+
+/* Compare no more than N bytes of strings S1 and S2, ignoring case,
+ returning less than, equal to or greater than zero if S1 is
+ lexicographically less than, equal to or greater than S2.
+ Note: This function cannot work correctly in multibyte locales. */
+
+int
+strncasecmp (const char *s1, const char *s2, size_t n)
+{
+ register const unsigned char *p1 = (const unsigned char *) s1;
+ register const unsigned char *p2 = (const unsigned char *) s2;
+ unsigned char c1, c2;
+
+ if (p1 == p2 || n == 0)
+ return 0;
+
+ do
+ {
+ c1 = TOLOWER (*p1);
+ c2 = TOLOWER (*p2);
+
+ if (--n == 0 || c1 == '\0')
+ break;
+
+ ++p1;
+ ++p2;
+ }
+ while (c1 == c2);
+
+ if (UCHAR_MAX <= INT_MAX)
+ return c1 - c2;
+ else
+ /* On machines where 'char' and 'int' are types of the same size, the
+ difference of two 'unsigned char' values - including the sign bit -
+ doesn't fit in an 'int'. */
+ return (c1 > c2 ? 1 : c1 < c2 ? -1 : 0);
+}
--- /dev/null
+/* Compare strings while treating digits characters numerically.
+ Copyright (C) 1997, 2000, 2002, 2004, 2006, 2009-2011 Free Software
+ Foundation, Inc.
+ This file is part of the GNU C Library.
+ Contributed by Jean-François Bignolles <bignolle@ecoledoc.ibp.fr>, 1997.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#if !_LIBC
+# include <config.h>
+#endif
+
+#include <string.h>
+#include <ctype.h>
+
+/* states: S_N: normal, S_I: comparing integral part, S_F: comparing
+ fractional parts, S_Z: idem but with leading Zeroes only */
+#define S_N 0x0
+#define S_I 0x4
+#define S_F 0x8
+#define S_Z 0xC
+
+/* result_type: CMP: return diff; LEN: compare using len_diff/diff */
+#define CMP 2
+#define LEN 3
+
+
+/* ISDIGIT differs from isdigit, as follows:
+ - Its arg may be any int or unsigned int; it need not be an unsigned char
+ or EOF.
+ - It's typically faster.
+ POSIX says that only '0' through '9' are digits. Prefer ISDIGIT to
+ isdigit unless it's important to use the locale's definition
+ of `digit' even when the host does not conform to POSIX. */
+#define ISDIGIT(c) ((unsigned int) (c) - '0' <= 9)
+
+#undef __strverscmp
+#undef strverscmp
+
+#ifndef weak_alias
+# define __strverscmp strverscmp
+#endif
+
+/* Compare S1 and S2 as strings holding indices/version numbers,
+ returning less than, equal to or greater than zero if S1 is less than,
+ equal to or greater than S2 (for more info, see the texinfo doc).
+*/
+
+int
+__strverscmp (const char *s1, const char *s2)
+{
+ const unsigned char *p1 = (const unsigned char *) s1;
+ const unsigned char *p2 = (const unsigned char *) s2;
+ unsigned char c1, c2;
+ int state;
+ int diff;
+
+ /* Symbol(s) 0 [1-9] others (padding)
+ Transition (10) 0 (01) d (00) x (11) - */
+ static const unsigned int next_state[] =
+ {
+ /* state x d 0 - */
+ /* S_N */ S_N, S_I, S_Z, S_N,
+ /* S_I */ S_N, S_I, S_I, S_I,
+ /* S_F */ S_N, S_F, S_F, S_F,
+ /* S_Z */ S_N, S_F, S_Z, S_Z
+ };
+
+ static const int result_type[] =
+ {
+ /* state x/x x/d x/0 x/- d/x d/d d/0 d/-
+ 0/x 0/d 0/0 0/- -/x -/d -/0 -/- */
+
+ /* S_N */ CMP, CMP, CMP, CMP, CMP, LEN, CMP, CMP,
+ CMP, CMP, CMP, CMP, CMP, CMP, CMP, CMP,
+ /* S_I */ CMP, -1, -1, CMP, 1, LEN, LEN, CMP,
+ 1, LEN, LEN, CMP, CMP, CMP, CMP, CMP,
+ /* S_F */ CMP, CMP, CMP, CMP, CMP, LEN, CMP, CMP,
+ CMP, CMP, CMP, CMP, CMP, CMP, CMP, CMP,
+ /* S_Z */ CMP, 1, 1, CMP, -1, CMP, CMP, CMP,
+ -1, CMP, CMP, CMP
+ };
+
+ if (p1 == p2)
+ return 0;
+
+ c1 = *p1++;
+ c2 = *p2++;
+ /* Hint: '0' is a digit too. */
+ state = S_N | ((c1 == '0') + (ISDIGIT (c1) != 0));
+
+ while ((diff = c1 - c2) == 0 && c1 != '\0')
+ {
+ state = next_state[state];
+ c1 = *p1++;
+ c2 = *p2++;
+ state |= (c1 == '0') + (ISDIGIT (c1) != 0);
+ }
+
+ state = result_type[state << 2 | ((c2 == '0') + (ISDIGIT (c2) != 0))];
+
+ switch (state)
+ {
+ case CMP:
+ return diff;
+
+ case LEN:
+ while (ISDIGIT (*p1++))
+ if (!ISDIGIT (*p2++))
+ return 1;
+
+ return ISDIGIT (*p2) ? -1 : diff;
+
+ default:
+ return state;
+ }
+}
+#ifdef weak_alias
+weak_alias (__strverscmp, strverscmp)
+#endif
--- /dev/null
+/* Provide a sys/socket header file for systems lacking it (read: MinGW)
+ and for systems where it is incomplete.
+ Copyright (C) 2005-2011 Free Software Foundation, Inc.
+ Written by Simon Josefsson.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* This file is supposed to be used on platforms that lack <sys/socket.h>,
+ on platforms where <sys/socket.h> cannot be included standalone, and on
+ platforms where <sys/socket.h> does not provide all necessary definitions.
+ It is intended to provide definitions and prototypes needed by an
+ application. */
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+#if defined _GL_ALREADY_INCLUDING_SYS_SOCKET_H
+/* Special invocation convention:
+ - On Cygwin 1.5.x we have a sequence of nested includes
+ <sys/socket.h> -> <cygwin/socket.h> -> <asm/socket.h> -> <cygwin/if.h>,
+ and the latter includes <sys/socket.h>. In this situation, the functions
+ are not yet declared, therefore we cannot provide the C++ aliases. */
+
+#@INCLUDE_NEXT@ @NEXT_SYS_SOCKET_H@
+
+#else
+/* Normal invocation convention. */
+
+#ifndef _GL_SYS_SOCKET_H
+
+#if @HAVE_SYS_SOCKET_H@
+
+# define _GL_ALREADY_INCLUDING_SYS_SOCKET_H
+
+/* On many platforms, <sys/socket.h> assumes prior inclusion of
+ <sys/types.h>. */
+# include <sys/types.h>
+
+/* The include_next requires a split double-inclusion guard. */
+# @INCLUDE_NEXT@ @NEXT_SYS_SOCKET_H@
+
+# undef _GL_ALREADY_INCLUDING_SYS_SOCKET_H
+
+#endif
+
+#ifndef _GL_SYS_SOCKET_H
+#define _GL_SYS_SOCKET_H
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+#if !@HAVE_SA_FAMILY_T@
+# if !GNULIB_defined_sa_family_t
+typedef unsigned short sa_family_t;
+# define GNULIB_defined_sa_family_t 1
+# endif
+#endif
+
+#if @HAVE_STRUCT_SOCKADDR_STORAGE@
+/* Make the 'struct sockaddr_storage' field 'ss_family' visible on AIX 7.1. */
+# if !@HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@
+# ifndef ss_family
+# define ss_family __ss_family
+# endif
+# endif
+#else
+# include <alignof.h>
+/* Code taken from glibc sysdeps/unix/sysv/linux/bits/socket.h on
+ 2009-05-08, licensed under LGPLv2.1+, plus portability fixes. */
+# define __ss_aligntype unsigned long int
+# define _SS_SIZE 256
+# define _SS_PADSIZE \
+ (_SS_SIZE - ((sizeof (sa_family_t) >= alignof (__ss_aligntype) \
+ ? sizeof (sa_family_t) \
+ : alignof (__ss_aligntype)) \
+ + sizeof (__ss_aligntype)))
+
+# if !GNULIB_defined_struct_sockaddr_storage
+struct sockaddr_storage
+{
+ sa_family_t ss_family; /* Address family, etc. */
+ __ss_aligntype __ss_align; /* Force desired alignment. */
+ char __ss_padding[_SS_PADSIZE];
+};
+# define GNULIB_defined_struct_sockaddr_storage 1
+# endif
+
+#endif
+
+#if @HAVE_SYS_SOCKET_H@
+
+/* A platform that has <sys/socket.h>. */
+
+/* For shutdown(). */
+# if !defined SHUT_RD
+# define SHUT_RD 0
+# endif
+# if !defined SHUT_WR
+# define SHUT_WR 1
+# endif
+# if !defined SHUT_RDWR
+# define SHUT_RDWR 2
+# endif
+
+#else
+
+# ifdef __CYGWIN__
+# error "Cygwin does have a sys/socket.h, doesn't it?!?"
+# endif
+
+/* A platform that lacks <sys/socket.h>.
+
+ Currently only MinGW is supported. See the gnulib manual regarding
+ Windows sockets. MinGW has the header files winsock2.h and
+ ws2tcpip.h that declare the sys/socket.h definitions we need. Note
+ that you can influence which definitions you get by setting the
+ WINVER symbol before including these two files. For example,
+ getaddrinfo is only available if _WIN32_WINNT >= 0x0501 (that
+ symbol is set indiriectly through WINVER). You can set this by
+ adding AC_DEFINE(WINVER, 0x0501) to configure.ac. Note that your
+ code may not run on older Windows releases then. My Windows 2000
+ box was not able to run the code, for example. The situation is
+ slightly confusing because
+ <http://msdn.microsoft.com/en-us/library/ms738520>
+ suggests that getaddrinfo should be available on all Windows
+ releases. */
+
+
+# if @HAVE_WINSOCK2_H@
+# include <winsock2.h>
+# endif
+# if @HAVE_WS2TCPIP_H@
+# include <ws2tcpip.h>
+# endif
+
+/* For shutdown(). */
+# if !defined SHUT_RD && defined SD_RECEIVE
+# define SHUT_RD SD_RECEIVE
+# endif
+# if !defined SHUT_WR && defined SD_SEND
+# define SHUT_WR SD_SEND
+# endif
+# if !defined SHUT_RDWR && defined SD_BOTH
+# define SHUT_RDWR SD_BOTH
+# endif
+
+# if @HAVE_WINSOCK2_H@
+/* Include headers needed by the emulation code. */
+# include <sys/types.h>
+# include <io.h>
+
+# if !GNULIB_defined_socklen_t
+typedef int socklen_t;
+# define GNULIB_defined_socklen_t 1
+# endif
+
+# endif
+
+#endif
+
+#if @HAVE_WINSOCK2_H@
+
+# if !GNULIB_defined_rpl_fd_isset
+
+/* Re-define FD_ISSET to avoid a WSA call while we are not using
+ network sockets. */
+static inline int
+rpl_fd_isset (SOCKET fd, fd_set * set)
+{
+ u_int i;
+ if (set == NULL)
+ return 0;
+
+ for (i = 0; i < set->fd_count; i++)
+ if (set->fd_array[i] == fd)
+ return 1;
+
+ return 0;
+}
+
+# define GNULIB_defined_rpl_fd_isset 1
+# endif
+
+# undef FD_ISSET
+# define FD_ISSET(fd, set) rpl_fd_isset(fd, set)
+
+#endif
+
+/* Wrap everything else to use libc file descriptors for sockets. */
+
+#if @HAVE_WINSOCK2_H@ && !defined _GL_UNISTD_H
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef close
+# define close close_used_without_including_unistd_h
+# else
+ _GL_WARN_ON_USE (close,
+ "close() used without including <unistd.h>");
+# endif
+#endif
+
+#if @HAVE_WINSOCK2_H@ && !defined _GL_UNISTD_H
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef gethostname
+# define gethostname gethostname_used_without_including_unistd_h
+# else
+ _GL_WARN_ON_USE (gethostname,
+ "gethostname() used without including <unistd.h>");
+# endif
+#endif
+
+#if @GNULIB_SOCKET@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef socket
+# define socket rpl_socket
+# endif
+_GL_FUNCDECL_RPL (socket, int, (int domain, int type, int protocol));
+_GL_CXXALIAS_RPL (socket, int, (int domain, int type, int protocol));
+# else
+_GL_CXXALIAS_SYS (socket, int, (int domain, int type, int protocol));
+# endif
+_GL_CXXALIASWARN (socket);
+#elif @HAVE_WINSOCK2_H@
+# undef socket
+# define socket socket_used_without_requesting_gnulib_module_socket
+#elif defined GNULIB_POSIXCHECK
+# undef socket
+# if HAVE_RAW_DECL_SOCKET
+_GL_WARN_ON_USE (socket, "socket is not always POSIX compliant - "
+ "use gnulib module socket for portability");
+# endif
+#endif
+
+#if @GNULIB_CONNECT@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef connect
+# define connect rpl_connect
+# endif
+_GL_FUNCDECL_RPL (connect, int,
+ (int fd, const struct sockaddr *addr, socklen_t addrlen)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (connect, int,
+ (int fd, const struct sockaddr *addr, socklen_t addrlen));
+# else
+/* Need to cast, because on NonStop Kernel, the third parameter is
+ size_t addrlen. */
+_GL_CXXALIAS_SYS_CAST (connect, int,
+ (int fd,
+ const struct sockaddr *addr, socklen_t addrlen));
+# endif
+_GL_CXXALIASWARN (connect);
+#elif @HAVE_WINSOCK2_H@
+# undef connect
+# define connect socket_used_without_requesting_gnulib_module_connect
+#elif defined GNULIB_POSIXCHECK
+# undef connect
+# if HAVE_RAW_DECL_CONNECT
+_GL_WARN_ON_USE (connect, "connect is not always POSIX compliant - "
+ "use gnulib module connect for portability");
+# endif
+#endif
+
+#if @GNULIB_ACCEPT@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef accept
+# define accept rpl_accept
+# endif
+_GL_FUNCDECL_RPL (accept, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen));
+_GL_CXXALIAS_RPL (accept, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen));
+# else
+/* Need to cast, because on Solaris 10 systems, the third parameter is
+ void *addrlen. */
+_GL_CXXALIAS_SYS_CAST (accept, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen));
+# endif
+_GL_CXXALIASWARN (accept);
+#elif @HAVE_WINSOCK2_H@
+# undef accept
+# define accept accept_used_without_requesting_gnulib_module_accept
+#elif defined GNULIB_POSIXCHECK
+# undef accept
+# if HAVE_RAW_DECL_ACCEPT
+_GL_WARN_ON_USE (accept, "accept is not always POSIX compliant - "
+ "use gnulib module accept for portability");
+# endif
+#endif
+
+#if @GNULIB_BIND@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef bind
+# define bind rpl_bind
+# endif
+_GL_FUNCDECL_RPL (bind, int,
+ (int fd, const struct sockaddr *addr, socklen_t addrlen)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (bind, int,
+ (int fd, const struct sockaddr *addr, socklen_t addrlen));
+# else
+/* Need to cast, because on NonStop Kernel, the third parameter is
+ size_t addrlen. */
+_GL_CXXALIAS_SYS_CAST (bind, int,
+ (int fd,
+ const struct sockaddr *addr, socklen_t addrlen));
+# endif
+_GL_CXXALIASWARN (bind);
+#elif @HAVE_WINSOCK2_H@
+# undef bind
+# define bind bind_used_without_requesting_gnulib_module_bind
+#elif defined GNULIB_POSIXCHECK
+# undef bind
+# if HAVE_RAW_DECL_BIND
+_GL_WARN_ON_USE (bind, "bind is not always POSIX compliant - "
+ "use gnulib module bind for portability");
+# endif
+#endif
+
+#if @GNULIB_GETPEERNAME@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef getpeername
+# define getpeername rpl_getpeername
+# endif
+_GL_FUNCDECL_RPL (getpeername, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen)
+ _GL_ARG_NONNULL ((2, 3)));
+_GL_CXXALIAS_RPL (getpeername, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen));
+# else
+/* Need to cast, because on Solaris 10 systems, the third parameter is
+ void *addrlen. */
+_GL_CXXALIAS_SYS_CAST (getpeername, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen));
+# endif
+_GL_CXXALIASWARN (getpeername);
+#elif @HAVE_WINSOCK2_H@
+# undef getpeername
+# define getpeername getpeername_used_without_requesting_gnulib_module_getpeername
+#elif defined GNULIB_POSIXCHECK
+# undef getpeername
+# if HAVE_RAW_DECL_GETPEERNAME
+_GL_WARN_ON_USE (getpeername, "getpeername is not always POSIX compliant - "
+ "use gnulib module getpeername for portability");
+# endif
+#endif
+
+#if @GNULIB_GETSOCKNAME@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef getsockname
+# define getsockname rpl_getsockname
+# endif
+_GL_FUNCDECL_RPL (getsockname, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen)
+ _GL_ARG_NONNULL ((2, 3)));
+_GL_CXXALIAS_RPL (getsockname, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen));
+# else
+/* Need to cast, because on Solaris 10 systems, the third parameter is
+ void *addrlen. */
+_GL_CXXALIAS_SYS_CAST (getsockname, int,
+ (int fd, struct sockaddr *addr, socklen_t *addrlen));
+# endif
+_GL_CXXALIASWARN (getsockname);
+#elif @HAVE_WINSOCK2_H@
+# undef getsockname
+# define getsockname getsockname_used_without_requesting_gnulib_module_getsockname
+#elif defined GNULIB_POSIXCHECK
+# undef getsockname
+# if HAVE_RAW_DECL_GETSOCKNAME
+_GL_WARN_ON_USE (getsockname, "getsockname is not always POSIX compliant - "
+ "use gnulib module getsockname for portability");
+# endif
+#endif
+
+#if @GNULIB_GETSOCKOPT@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef getsockopt
+# define getsockopt rpl_getsockopt
+# endif
+_GL_FUNCDECL_RPL (getsockopt, int, (int fd, int level, int optname,
+ void *optval, socklen_t *optlen)
+ _GL_ARG_NONNULL ((4, 5)));
+_GL_CXXALIAS_RPL (getsockopt, int, (int fd, int level, int optname,
+ void *optval, socklen_t *optlen));
+# else
+/* Need to cast, because on Solaris 10 systems, the fifth parameter is
+ void *optlen. */
+_GL_CXXALIAS_SYS_CAST (getsockopt, int, (int fd, int level, int optname,
+ void *optval, socklen_t *optlen));
+# endif
+_GL_CXXALIASWARN (getsockopt);
+#elif @HAVE_WINSOCK2_H@
+# undef getsockopt
+# define getsockopt getsockopt_used_without_requesting_gnulib_module_getsockopt
+#elif defined GNULIB_POSIXCHECK
+# undef getsockopt
+# if HAVE_RAW_DECL_GETSOCKOPT
+_GL_WARN_ON_USE (getsockopt, "getsockopt is not always POSIX compliant - "
+ "use gnulib module getsockopt for portability");
+# endif
+#endif
+
+#if @GNULIB_LISTEN@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef listen
+# define listen rpl_listen
+# endif
+_GL_FUNCDECL_RPL (listen, int, (int fd, int backlog));
+_GL_CXXALIAS_RPL (listen, int, (int fd, int backlog));
+# else
+_GL_CXXALIAS_SYS (listen, int, (int fd, int backlog));
+# endif
+_GL_CXXALIASWARN (listen);
+#elif @HAVE_WINSOCK2_H@
+# undef listen
+# define listen listen_used_without_requesting_gnulib_module_listen
+#elif defined GNULIB_POSIXCHECK
+# undef listen
+# if HAVE_RAW_DECL_LISTEN
+_GL_WARN_ON_USE (listen, "listen is not always POSIX compliant - "
+ "use gnulib module listen for portability");
+# endif
+#endif
+
+#if @GNULIB_RECV@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef recv
+# define recv rpl_recv
+# endif
+_GL_FUNCDECL_RPL (recv, ssize_t, (int fd, void *buf, size_t len, int flags)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (recv, ssize_t, (int fd, void *buf, size_t len, int flags));
+# else
+_GL_CXXALIAS_SYS (recv, ssize_t, (int fd, void *buf, size_t len, int flags));
+# endif
+_GL_CXXALIASWARN (recv);
+#elif @HAVE_WINSOCK2_H@
+# undef recv
+# define recv recv_used_without_requesting_gnulib_module_recv
+#elif defined GNULIB_POSIXCHECK
+# undef recv
+# if HAVE_RAW_DECL_RECV
+_GL_WARN_ON_USE (recv, "recv is not always POSIX compliant - "
+ "use gnulib module recv for portability");
+# endif
+#endif
+
+#if @GNULIB_SEND@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef send
+# define send rpl_send
+# endif
+_GL_FUNCDECL_RPL (send, ssize_t,
+ (int fd, const void *buf, size_t len, int flags)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (send, ssize_t,
+ (int fd, const void *buf, size_t len, int flags));
+# else
+_GL_CXXALIAS_SYS (send, ssize_t,
+ (int fd, const void *buf, size_t len, int flags));
+# endif
+_GL_CXXALIASWARN (send);
+#elif @HAVE_WINSOCK2_H@
+# undef send
+# define send send_used_without_requesting_gnulib_module_send
+#elif defined GNULIB_POSIXCHECK
+# undef send
+# if HAVE_RAW_DECL_SEND
+_GL_WARN_ON_USE (send, "send is not always POSIX compliant - "
+ "use gnulib module send for portability");
+# endif
+#endif
+
+#if @GNULIB_RECVFROM@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef recvfrom
+# define recvfrom rpl_recvfrom
+# endif
+_GL_FUNCDECL_RPL (recvfrom, ssize_t,
+ (int fd, void *buf, size_t len, int flags,
+ struct sockaddr *from, socklen_t *fromlen)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (recvfrom, ssize_t,
+ (int fd, void *buf, size_t len, int flags,
+ struct sockaddr *from, socklen_t *fromlen));
+# else
+/* Need to cast, because on Solaris 10 systems, the sixth parameter is
+ void *fromlen. */
+_GL_CXXALIAS_SYS_CAST (recvfrom, ssize_t,
+ (int fd, void *buf, size_t len, int flags,
+ struct sockaddr *from, socklen_t *fromlen));
+# endif
+_GL_CXXALIASWARN (recvfrom);
+#elif @HAVE_WINSOCK2_H@
+# undef recvfrom
+# define recvfrom recvfrom_used_without_requesting_gnulib_module_recvfrom
+#elif defined GNULIB_POSIXCHECK
+# undef recvfrom
+# if HAVE_RAW_DECL_RECVFROM
+_GL_WARN_ON_USE (recvfrom, "recvfrom is not always POSIX compliant - "
+ "use gnulib module recvfrom for portability");
+# endif
+#endif
+
+#if @GNULIB_SENDTO@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef sendto
+# define sendto rpl_sendto
+# endif
+_GL_FUNCDECL_RPL (sendto, ssize_t,
+ (int fd, const void *buf, size_t len, int flags,
+ const struct sockaddr *to, socklen_t tolen)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (sendto, ssize_t,
+ (int fd, const void *buf, size_t len, int flags,
+ const struct sockaddr *to, socklen_t tolen));
+# else
+/* Need to cast, because on NonStop Kernel, the sixth parameter is
+ size_t tolen. */
+_GL_CXXALIAS_SYS_CAST (sendto, ssize_t,
+ (int fd, const void *buf, size_t len, int flags,
+ const struct sockaddr *to, socklen_t tolen));
+# endif
+_GL_CXXALIASWARN (sendto);
+#elif @HAVE_WINSOCK2_H@
+# undef sendto
+# define sendto sendto_used_without_requesting_gnulib_module_sendto
+#elif defined GNULIB_POSIXCHECK
+# undef sendto
+# if HAVE_RAW_DECL_SENDTO
+_GL_WARN_ON_USE (sendto, "sendto is not always POSIX compliant - "
+ "use gnulib module sendto for portability");
+# endif
+#endif
+
+#if @GNULIB_SETSOCKOPT@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef setsockopt
+# define setsockopt rpl_setsockopt
+# endif
+_GL_FUNCDECL_RPL (setsockopt, int, (int fd, int level, int optname,
+ const void * optval, socklen_t optlen)
+ _GL_ARG_NONNULL ((4)));
+_GL_CXXALIAS_RPL (setsockopt, int, (int fd, int level, int optname,
+ const void * optval, socklen_t optlen));
+# else
+/* Need to cast, because on NonStop Kernel, the fifth parameter is
+ size_t optlen. */
+_GL_CXXALIAS_SYS_CAST (setsockopt, int,
+ (int fd, int level, int optname,
+ const void * optval, socklen_t optlen));
+# endif
+_GL_CXXALIASWARN (setsockopt);
+#elif @HAVE_WINSOCK2_H@
+# undef setsockopt
+# define setsockopt setsockopt_used_without_requesting_gnulib_module_setsockopt
+#elif defined GNULIB_POSIXCHECK
+# undef setsockopt
+# if HAVE_RAW_DECL_SETSOCKOPT
+_GL_WARN_ON_USE (setsockopt, "setsockopt is not always POSIX compliant - "
+ "use gnulib module setsockopt for portability");
+# endif
+#endif
+
+#if @GNULIB_SHUTDOWN@
+# if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef shutdown
+# define shutdown rpl_shutdown
+# endif
+_GL_FUNCDECL_RPL (shutdown, int, (int fd, int how));
+_GL_CXXALIAS_RPL (shutdown, int, (int fd, int how));
+# else
+_GL_CXXALIAS_SYS (shutdown, int, (int fd, int how));
+# endif
+_GL_CXXALIASWARN (shutdown);
+#elif @HAVE_WINSOCK2_H@
+# undef shutdown
+# define shutdown shutdown_used_without_requesting_gnulib_module_shutdown
+#elif defined GNULIB_POSIXCHECK
+# undef shutdown
+# if HAVE_RAW_DECL_SHUTDOWN
+_GL_WARN_ON_USE (shutdown, "shutdown is not always POSIX compliant - "
+ "use gnulib module shutdown for portability");
+# endif
+#endif
+
+#if @HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef select
+# define select select_used_without_including_sys_select_h
+# else
+ _GL_WARN_ON_USE (select,
+ "select() used without including <sys/select.h>");
+# endif
+#endif
+
+#if @GNULIB_ACCEPT4@
+/* Accept a connection on a socket, with specific opening flags.
+ The flags are a bitmask, possibly including O_CLOEXEC (defined in <fcntl.h>)
+ and O_TEXT, O_BINARY (defined in "binary-io.h").
+ See also the Linux man page at
+ <http://www.kernel.org/doc/man-pages/online/pages/man2/accept4.2.html>. */
+# if @HAVE_ACCEPT4@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define accept4 rpl_accept4
+# endif
+_GL_FUNCDECL_RPL (accept4, int,
+ (int sockfd, struct sockaddr *addr, socklen_t *addrlen,
+ int flags));
+_GL_CXXALIAS_RPL (accept4, int,
+ (int sockfd, struct sockaddr *addr, socklen_t *addrlen,
+ int flags));
+# else
+_GL_FUNCDECL_SYS (accept4, int,
+ (int sockfd, struct sockaddr *addr, socklen_t *addrlen,
+ int flags));
+_GL_CXXALIAS_SYS (accept4, int,
+ (int sockfd, struct sockaddr *addr, socklen_t *addrlen,
+ int flags));
+# endif
+_GL_CXXALIASWARN (accept4);
+#elif defined GNULIB_POSIXCHECK
+# undef accept4
+# if HAVE_RAW_DECL_ACCEPT4
+_GL_WARN_ON_USE (accept4, "accept4 is unportable - "
+ "use gnulib module accept4 for portability");
+# endif
+#endif
+
+#endif /* _GL_SYS_SOCKET_H */
+#endif /* _GL_SYS_SOCKET_H */
+#endif
--- /dev/null
+/* Provide a more complete sys/stat header file.
+ Copyright (C) 2005-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* Written by Eric Blake, Paul Eggert, and Jim Meyering. */
+
+/* This file is supposed to be used on platforms where <sys/stat.h> is
+ incomplete. It is intended to provide definitions and prototypes
+ needed by an application. Start with what the system provides. */
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+#if defined __need_system_sys_stat_h
+/* Special invocation convention. */
+
+#@INCLUDE_NEXT@ @NEXT_SYS_STAT_H@
+
+#else
+/* Normal invocation convention. */
+
+#ifndef _GL_SYS_STAT_H
+
+/* Get nlink_t. */
+#include <sys/types.h>
+
+/* Get struct timespec. */
+#include <time.h>
+
+/* The include_next requires a split double-inclusion guard. */
+#@INCLUDE_NEXT@ @NEXT_SYS_STAT_H@
+
+#ifndef _GL_SYS_STAT_H
+#define _GL_SYS_STAT_H
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+/* Before doing "#define mkdir rpl_mkdir" below, we need to include all
+ headers that may declare mkdir(). */
+#if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+# include <io.h> /* mingw32, mingw64 */
+# include <direct.h> /* mingw64 */
+#endif
+
+#ifndef S_IFMT
+# define S_IFMT 0170000
+#endif
+
+#if STAT_MACROS_BROKEN
+# undef S_ISBLK
+# undef S_ISCHR
+# undef S_ISDIR
+# undef S_ISFIFO
+# undef S_ISLNK
+# undef S_ISNAM
+# undef S_ISMPB
+# undef S_ISMPC
+# undef S_ISNWK
+# undef S_ISREG
+# undef S_ISSOCK
+#endif
+
+#ifndef S_ISBLK
+# ifdef S_IFBLK
+# define S_ISBLK(m) (((m) & S_IFMT) == S_IFBLK)
+# else
+# define S_ISBLK(m) 0
+# endif
+#endif
+
+#ifndef S_ISCHR
+# ifdef S_IFCHR
+# define S_ISCHR(m) (((m) & S_IFMT) == S_IFCHR)
+# else
+# define S_ISCHR(m) 0
+# endif
+#endif
+
+#ifndef S_ISDIR
+# ifdef S_IFDIR
+# define S_ISDIR(m) (((m) & S_IFMT) == S_IFDIR)
+# else
+# define S_ISDIR(m) 0
+# endif
+#endif
+
+#ifndef S_ISDOOR /* Solaris 2.5 and up */
+# define S_ISDOOR(m) 0
+#endif
+
+#ifndef S_ISFIFO
+# ifdef S_IFIFO
+# define S_ISFIFO(m) (((m) & S_IFMT) == S_IFIFO)
+# else
+# define S_ISFIFO(m) 0
+# endif
+#endif
+
+#ifndef S_ISLNK
+# ifdef S_IFLNK
+# define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
+# else
+# define S_ISLNK(m) 0
+# endif
+#endif
+
+#ifndef S_ISMPB /* V7 */
+# ifdef S_IFMPB
+# define S_ISMPB(m) (((m) & S_IFMT) == S_IFMPB)
+# define S_ISMPC(m) (((m) & S_IFMT) == S_IFMPC)
+# else
+# define S_ISMPB(m) 0
+# define S_ISMPC(m) 0
+# endif
+#endif
+
+#ifndef S_ISNAM /* Xenix */
+# ifdef S_IFNAM
+# define S_ISNAM(m) (((m) & S_IFMT) == S_IFNAM)
+# else
+# define S_ISNAM(m) 0
+# endif
+#endif
+
+#ifndef S_ISNWK /* HP/UX */
+# ifdef S_IFNWK
+# define S_ISNWK(m) (((m) & S_IFMT) == S_IFNWK)
+# else
+# define S_ISNWK(m) 0
+# endif
+#endif
+
+#ifndef S_ISPORT /* Solaris 10 and up */
+# define S_ISPORT(m) 0
+#endif
+
+#ifndef S_ISREG
+# ifdef S_IFREG
+# define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
+# else
+# define S_ISREG(m) 0
+# endif
+#endif
+
+#ifndef S_ISSOCK
+# ifdef S_IFSOCK
+# define S_ISSOCK(m) (((m) & S_IFMT) == S_IFSOCK)
+# else
+# define S_ISSOCK(m) 0
+# endif
+#endif
+
+
+#ifndef S_TYPEISMQ
+# define S_TYPEISMQ(p) 0
+#endif
+
+#ifndef S_TYPEISTMO
+# define S_TYPEISTMO(p) 0
+#endif
+
+
+#ifndef S_TYPEISSEM
+# ifdef S_INSEM
+# define S_TYPEISSEM(p) (S_ISNAM ((p)->st_mode) && (p)->st_rdev == S_INSEM)
+# else
+# define S_TYPEISSEM(p) 0
+# endif
+#endif
+
+#ifndef S_TYPEISSHM
+# ifdef S_INSHD
+# define S_TYPEISSHM(p) (S_ISNAM ((p)->st_mode) && (p)->st_rdev == S_INSHD)
+# else
+# define S_TYPEISSHM(p) 0
+# endif
+#endif
+
+/* high performance ("contiguous data") */
+#ifndef S_ISCTG
+# define S_ISCTG(p) 0
+#endif
+
+/* Cray DMF (data migration facility): off line, with data */
+#ifndef S_ISOFD
+# define S_ISOFD(p) 0
+#endif
+
+/* Cray DMF (data migration facility): off line, with no data */
+#ifndef S_ISOFL
+# define S_ISOFL(p) 0
+#endif
+
+/* 4.4BSD whiteout */
+#ifndef S_ISWHT
+# define S_ISWHT(m) 0
+#endif
+
+/* If any of the following are undefined,
+ define them to their de facto standard values. */
+#if !S_ISUID
+# define S_ISUID 04000
+#endif
+#if !S_ISGID
+# define S_ISGID 02000
+#endif
+
+/* S_ISVTX is a common extension to POSIX. */
+#ifndef S_ISVTX
+# define S_ISVTX 01000
+#endif
+
+#if !S_IRUSR && S_IREAD
+# define S_IRUSR S_IREAD
+#endif
+#if !S_IRUSR
+# define S_IRUSR 00400
+#endif
+#if !S_IRGRP
+# define S_IRGRP (S_IRUSR >> 3)
+#endif
+#if !S_IROTH
+# define S_IROTH (S_IRUSR >> 6)
+#endif
+
+#if !S_IWUSR && S_IWRITE
+# define S_IWUSR S_IWRITE
+#endif
+#if !S_IWUSR
+# define S_IWUSR 00200
+#endif
+#if !S_IWGRP
+# define S_IWGRP (S_IWUSR >> 3)
+#endif
+#if !S_IWOTH
+# define S_IWOTH (S_IWUSR >> 6)
+#endif
+
+#if !S_IXUSR && S_IEXEC
+# define S_IXUSR S_IEXEC
+#endif
+#if !S_IXUSR
+# define S_IXUSR 00100
+#endif
+#if !S_IXGRP
+# define S_IXGRP (S_IXUSR >> 3)
+#endif
+#if !S_IXOTH
+# define S_IXOTH (S_IXUSR >> 6)
+#endif
+
+#if !S_IRWXU
+# define S_IRWXU (S_IRUSR | S_IWUSR | S_IXUSR)
+#endif
+#if !S_IRWXG
+# define S_IRWXG (S_IRGRP | S_IWGRP | S_IXGRP)
+#endif
+#if !S_IRWXO
+# define S_IRWXO (S_IROTH | S_IWOTH | S_IXOTH)
+#endif
+
+/* S_IXUGO is a common extension to POSIX. */
+#if !S_IXUGO
+# define S_IXUGO (S_IXUSR | S_IXGRP | S_IXOTH)
+#endif
+
+#ifndef S_IRWXUGO
+# define S_IRWXUGO (S_IRWXU | S_IRWXG | S_IRWXO)
+#endif
+
+/* Macros for futimens and utimensat. */
+#ifndef UTIME_NOW
+# define UTIME_NOW (-1)
+# define UTIME_OMIT (-2)
+#endif
+
+
+#if @GNULIB_FCHMODAT@
+# if !@HAVE_FCHMODAT@
+_GL_FUNCDECL_SYS (fchmodat, int,
+ (int fd, char const *file, mode_t mode, int flag)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (fchmodat, int,
+ (int fd, char const *file, mode_t mode, int flag));
+_GL_CXXALIASWARN (fchmodat);
+#elif defined GNULIB_POSIXCHECK
+# undef fchmodat
+# if HAVE_RAW_DECL_FCHMODAT
+_GL_WARN_ON_USE (fchmodat, "fchmodat is not portable - "
+ "use gnulib module openat for portability");
+# endif
+#endif
+
+
+#if @REPLACE_FSTAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define fstat rpl_fstat
+# endif
+_GL_FUNCDECL_RPL (fstat, int, (int fd, struct stat *buf) _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (fstat, int, (int fd, struct stat *buf));
+#else
+_GL_CXXALIAS_SYS (fstat, int, (int fd, struct stat *buf));
+#endif
+_GL_CXXALIASWARN (fstat);
+
+
+#if @GNULIB_FSTATAT@
+# if @REPLACE_FSTATAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fstatat
+# define fstatat rpl_fstatat
+# endif
+_GL_FUNCDECL_RPL (fstatat, int,
+ (int fd, char const *name, struct stat *st, int flags)
+ _GL_ARG_NONNULL ((2, 3)));
+_GL_CXXALIAS_RPL (fstatat, int,
+ (int fd, char const *name, struct stat *st, int flags));
+# else
+# if !@HAVE_FSTATAT@
+_GL_FUNCDECL_SYS (fstatat, int,
+ (int fd, char const *name, struct stat *st, int flags)
+ _GL_ARG_NONNULL ((2, 3)));
+# endif
+_GL_CXXALIAS_SYS (fstatat, int,
+ (int fd, char const *name, struct stat *st, int flags));
+# endif
+_GL_CXXALIASWARN (fstatat);
+#elif defined GNULIB_POSIXCHECK
+# undef fstatat
+# if HAVE_RAW_DECL_FSTATAT
+_GL_WARN_ON_USE (fstatat, "fstatat is not portable - "
+ "use gnulib module openat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_FUTIMENS@
+# if @REPLACE_FUTIMENS@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef futimens
+# define futimens rpl_futimens
+# endif
+_GL_FUNCDECL_RPL (futimens, int, (int fd, struct timespec const times[2]));
+_GL_CXXALIAS_RPL (futimens, int, (int fd, struct timespec const times[2]));
+# else
+# if !@HAVE_FUTIMENS@
+_GL_FUNCDECL_SYS (futimens, int, (int fd, struct timespec const times[2]));
+# endif
+_GL_CXXALIAS_SYS (futimens, int, (int fd, struct timespec const times[2]));
+# endif
+_GL_CXXALIASWARN (futimens);
+#elif defined GNULIB_POSIXCHECK
+# undef futimens
+# if HAVE_RAW_DECL_FUTIMENS
+_GL_WARN_ON_USE (futimens, "futimens is not portable - "
+ "use gnulib module futimens for portability");
+# endif
+#endif
+
+
+#if @GNULIB_LCHMOD@
+/* Change the mode of FILENAME to MODE, without dereferencing it if FILENAME
+ denotes a symbolic link. */
+# if !@HAVE_LCHMOD@
+/* The lchmod replacement follows symbolic links. Callers should take
+ this into account; lchmod should be applied only to arguments that
+ are known to not be symbolic links. On hosts that lack lchmod,
+ this can lead to race conditions between the check and the
+ invocation of lchmod, but we know of no workarounds that are
+ reliable in general. You might try requesting support for lchmod
+ from your operating system supplier. */
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define lchmod chmod
+# endif
+/* Need to cast, because on mingw, the second parameter of chmod is
+ int mode. */
+_GL_CXXALIAS_RPL_CAST_1 (lchmod, chmod, int,
+ (const char *filename, mode_t mode));
+# else
+# if 0 /* assume already declared */
+_GL_FUNCDECL_SYS (lchmod, int, (const char *filename, mode_t mode)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (lchmod, int, (const char *filename, mode_t mode));
+# endif
+# if @HAVE_LCHMOD@
+_GL_CXXALIASWARN (lchmod);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef lchmod
+# if HAVE_RAW_DECL_LCHMOD
+_GL_WARN_ON_USE (lchmod, "lchmod is unportable - "
+ "use gnulib module lchmod for portability");
+# endif
+#endif
+
+
+#if @GNULIB_LSTAT@
+# if ! @HAVE_LSTAT@
+/* mingw does not support symlinks, therefore it does not have lstat. But
+ without links, stat does just fine. */
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define lstat stat
+# endif
+_GL_CXXALIAS_RPL_1 (lstat, stat, int, (const char *name, struct stat *buf));
+# elif @REPLACE_LSTAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef lstat
+# define lstat rpl_lstat
+# endif
+_GL_FUNCDECL_RPL (lstat, int, (const char *name, struct stat *buf)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (lstat, int, (const char *name, struct stat *buf));
+# else
+_GL_CXXALIAS_SYS (lstat, int, (const char *name, struct stat *buf));
+# endif
+# if @HAVE_LSTAT@
+_GL_CXXALIASWARN (lstat);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef lstat
+# if HAVE_RAW_DECL_LSTAT
+_GL_WARN_ON_USE (lstat, "lstat is unportable - "
+ "use gnulib module lstat for portability");
+# endif
+#endif
+
+
+#if @REPLACE_MKDIR@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef mkdir
+# define mkdir rpl_mkdir
+# endif
+_GL_FUNCDECL_RPL (mkdir, int, (char const *name, mode_t mode)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mkdir, int, (char const *name, mode_t mode));
+#else
+/* mingw's _mkdir() function has 1 argument, but we pass 2 arguments.
+ Additionally, it declares _mkdir (and depending on compile flags, an
+ alias mkdir), only in the nonstandard includes <direct.h> and <io.h>,
+ which are included above. */
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+
+# if !GNULIB_defined_rpl_mkdir
+static inline int
+rpl_mkdir (char const *name, mode_t mode)
+{
+ return _mkdir (name);
+}
+# define GNULIB_defined_rpl_mkdir 1
+# endif
+
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define mkdir rpl_mkdir
+# endif
+_GL_CXXALIAS_RPL (mkdir, int, (char const *name, mode_t mode));
+# else
+_GL_CXXALIAS_SYS (mkdir, int, (char const *name, mode_t mode));
+# endif
+#endif
+_GL_CXXALIASWARN (mkdir);
+
+
+#if @GNULIB_MKDIRAT@
+# if !@HAVE_MKDIRAT@
+_GL_FUNCDECL_SYS (mkdirat, int, (int fd, char const *file, mode_t mode)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (mkdirat, int, (int fd, char const *file, mode_t mode));
+_GL_CXXALIASWARN (mkdirat);
+#elif defined GNULIB_POSIXCHECK
+# undef mkdirat
+# if HAVE_RAW_DECL_MKDIRAT
+_GL_WARN_ON_USE (mkdirat, "mkdirat is not portable - "
+ "use gnulib module openat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_MKFIFO@
+# if @REPLACE_MKFIFO@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef mkfifo
+# define mkfifo rpl_mkfifo
+# endif
+_GL_FUNCDECL_RPL (mkfifo, int, (char const *file, mode_t mode)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mkfifo, int, (char const *file, mode_t mode));
+# else
+# if !@HAVE_MKFIFO@
+_GL_FUNCDECL_SYS (mkfifo, int, (char const *file, mode_t mode)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (mkfifo, int, (char const *file, mode_t mode));
+# endif
+_GL_CXXALIASWARN (mkfifo);
+#elif defined GNULIB_POSIXCHECK
+# undef mkfifo
+# if HAVE_RAW_DECL_MKFIFO
+_GL_WARN_ON_USE (mkfifo, "mkfifo is not portable - "
+ "use gnulib module mkfifo for portability");
+# endif
+#endif
+
+
+#if @GNULIB_MKFIFOAT@
+# if !@HAVE_MKFIFOAT@
+_GL_FUNCDECL_SYS (mkfifoat, int, (int fd, char const *file, mode_t mode)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (mkfifoat, int, (int fd, char const *file, mode_t mode));
+_GL_CXXALIASWARN (mkfifoat);
+#elif defined GNULIB_POSIXCHECK
+# undef mkfifoat
+# if HAVE_RAW_DECL_MKFIFOAT
+_GL_WARN_ON_USE (mkfifoat, "mkfifoat is not portable - "
+ "use gnulib module mkfifoat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_MKNOD@
+# if @REPLACE_MKNOD@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef mknod
+# define mknod rpl_mknod
+# endif
+_GL_FUNCDECL_RPL (mknod, int, (char const *file, mode_t mode, dev_t dev)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mknod, int, (char const *file, mode_t mode, dev_t dev));
+# else
+# if !@HAVE_MKNOD@
+_GL_FUNCDECL_SYS (mknod, int, (char const *file, mode_t mode, dev_t dev)
+ _GL_ARG_NONNULL ((1)));
+# endif
+/* Need to cast, because on OSF/1 5.1, the third parameter is '...'. */
+_GL_CXXALIAS_SYS_CAST (mknod, int, (char const *file, mode_t mode, dev_t dev));
+# endif
+_GL_CXXALIASWARN (mknod);
+#elif defined GNULIB_POSIXCHECK
+# undef mknod
+# if HAVE_RAW_DECL_MKNOD
+_GL_WARN_ON_USE (mknod, "mknod is not portable - "
+ "use gnulib module mknod for portability");
+# endif
+#endif
+
+
+#if @GNULIB_MKNODAT@
+# if !@HAVE_MKNODAT@
+_GL_FUNCDECL_SYS (mknodat, int,
+ (int fd, char const *file, mode_t mode, dev_t dev)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (mknodat, int,
+ (int fd, char const *file, mode_t mode, dev_t dev));
+_GL_CXXALIASWARN (mknodat);
+#elif defined GNULIB_POSIXCHECK
+# undef mknodat
+# if HAVE_RAW_DECL_MKNODAT
+_GL_WARN_ON_USE (mknodat, "mknodat is not portable - "
+ "use gnulib module mkfifoat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_STAT@
+# if @REPLACE_STAT@
+/* We can't use the object-like #define stat rpl_stat, because of
+ struct stat. This means that rpl_stat will not be used if the user
+ does (stat)(a,b). Oh well. */
+# undef stat
+# ifdef _LARGE_FILES
+ /* With _LARGE_FILES defined, AIX (only) defines stat to stat64,
+ so we have to replace stat64() instead of stat(). */
+# define stat stat64
+# undef stat64
+# define stat64(name, st) rpl_stat (name, st)
+# else /* !_LARGE_FILES */
+# define stat(name, st) rpl_stat (name, st)
+# endif /* !_LARGE_FILES */
+_GL_EXTERN_C int stat (const char *name, struct stat *buf)
+ _GL_ARG_NONNULL ((1, 2));
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef stat
+# if HAVE_RAW_DECL_STAT
+_GL_WARN_ON_USE (stat, "stat is unportable - "
+ "use gnulib module stat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_UTIMENSAT@
+# if @REPLACE_UTIMENSAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef utimensat
+# define utimensat rpl_utimensat
+# endif
+_GL_FUNCDECL_RPL (utimensat, int, (int fd, char const *name,
+ struct timespec const times[2], int flag)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (utimensat, int, (int fd, char const *name,
+ struct timespec const times[2], int flag));
+# else
+# if !@HAVE_UTIMENSAT@
+_GL_FUNCDECL_SYS (utimensat, int, (int fd, char const *name,
+ struct timespec const times[2], int flag)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (utimensat, int, (int fd, char const *name,
+ struct timespec const times[2], int flag));
+# endif
+_GL_CXXALIASWARN (utimensat);
+#elif defined GNULIB_POSIXCHECK
+# undef utimensat
+# if HAVE_RAW_DECL_UTIMENSAT
+_GL_WARN_ON_USE (utimensat, "utimensat is not portable - "
+ "use gnulib module utimensat for portability");
+# endif
+#endif
+
+
+#endif /* _GL_SYS_STAT_H */
+#endif /* _GL_SYS_STAT_H */
+#endif
--- /dev/null
+/* A more-standard <time.h>.
+
+ Copyright (C) 2007-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* Don't get in the way of glibc when it includes time.h merely to
+ declare a few standard symbols, rather than to declare all the
+ symbols. Also, Solaris 8 <time.h> eventually includes itself
+ recursively; if that is happening, just include the system <time.h>
+ without adding our own declarations. */
+#if (defined __need_time_t || defined __need_clock_t \
+ || defined __need_timespec \
+ || defined _GL_TIME_H)
+
+# @INCLUDE_NEXT@ @NEXT_TIME_H@
+
+#else
+
+# define _GL_TIME_H
+
+# @INCLUDE_NEXT@ @NEXT_TIME_H@
+
+/* NetBSD 5.0 mis-defines NULL. */
+# include <stddef.h>
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+/* Some systems don't define struct timespec (e.g., AIX 4.1, Ultrix 4.3).
+ Or they define it with the wrong member names or define it in <sys/time.h>
+ (e.g., FreeBSD circa 1997). Stock Mingw does not define it, but the
+ pthreads-win32 library defines it in <pthread.h>. */
+# if ! @TIME_H_DEFINES_STRUCT_TIMESPEC@
+# if @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@
+# include <sys/time.h>
+# elif @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@
+# include <pthread.h>
+/* The pthreads-win32 <pthread.h> also defines a couple of broken macros. */
+# undef asctime_r
+# undef ctime_r
+# undef gmtime_r
+# undef localtime_r
+# undef rand_r
+# undef strtok_r
+# else
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# if !GNULIB_defined_struct_timespec
+# undef timespec
+# define timespec rpl_timespec
+struct timespec
+{
+ time_t tv_sec;
+ long int tv_nsec;
+};
+# define GNULIB_defined_struct_timespec 1
+# endif
+
+# ifdef __cplusplus
+}
+# endif
+
+# endif
+# endif
+
+# if !GNULIB_defined_struct_time_t_must_be_integral
+/* Per http://austingroupbugs.net/view.php?id=327, POSIX requires
+ time_t to be an integer type, even though C99 permits floating
+ point. We don't know of any implementation that uses floating
+ point, and it is much easier to write code that doesn't have to
+ worry about that corner case, so we force the issue. */
+struct __time_t_must_be_integral {
+ unsigned int __floating_time_t_unsupported : (time_t) 1;
+};
+# define GNULIB_defined_struct_time_t_must_be_integral 1
+# endif
+
+/* Sleep for at least RQTP seconds unless interrupted, If interrupted,
+ return -1 and store the remaining time into RMTP. See
+ <http://www.opengroup.org/susv3xsh/nanosleep.html>. */
+# if @GNULIB_NANOSLEEP@
+# if @REPLACE_NANOSLEEP@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define nanosleep rpl_nanosleep
+# endif
+_GL_FUNCDECL_RPL (nanosleep, int,
+ (struct timespec const *__rqtp, struct timespec *__rmtp)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (nanosleep, int,
+ (struct timespec const *__rqtp, struct timespec *__rmtp));
+# else
+# if ! @HAVE_NANOSLEEP@
+_GL_FUNCDECL_SYS (nanosleep, int,
+ (struct timespec const *__rqtp, struct timespec *__rmtp)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (nanosleep, int,
+ (struct timespec const *__rqtp, struct timespec *__rmtp));
+# endif
+_GL_CXXALIASWARN (nanosleep);
+# endif
+
+/* Return the 'time_t' representation of TP and normalize TP. */
+# if @GNULIB_MKTIME@
+# if @REPLACE_MKTIME@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define mktime rpl_mktime
+# endif
+_GL_FUNCDECL_RPL (mktime, time_t, (struct tm *__tp) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (mktime, time_t, (struct tm *__tp));
+# else
+_GL_CXXALIAS_SYS (mktime, time_t, (struct tm *__tp));
+# endif
+_GL_CXXALIASWARN (mktime);
+# endif
+
+/* Convert TIMER to RESULT, assuming local time and UTC respectively. See
+ <http://www.opengroup.org/susv3xsh/localtime_r.html> and
+ <http://www.opengroup.org/susv3xsh/gmtime_r.html>. */
+# if @GNULIB_TIME_R@
+# if @REPLACE_LOCALTIME_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef localtime_r
+# define localtime_r rpl_localtime_r
+# endif
+_GL_FUNCDECL_RPL (localtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (localtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result));
+# else
+# if ! @HAVE_DECL_LOCALTIME_R@
+_GL_FUNCDECL_SYS (localtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (localtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result));
+# endif
+# if @HAVE_DECL_LOCALTIME_R@
+_GL_CXXALIASWARN (localtime_r);
+# endif
+# if @REPLACE_LOCALTIME_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef gmtime_r
+# define gmtime_r rpl_gmtime_r
+# endif
+_GL_FUNCDECL_RPL (gmtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (gmtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result));
+# else
+# if ! @HAVE_DECL_LOCALTIME_R@
+_GL_FUNCDECL_SYS (gmtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (gmtime_r, struct tm *, (time_t const *restrict __timer,
+ struct tm *restrict __result));
+# endif
+# if @HAVE_DECL_LOCALTIME_R@
+_GL_CXXALIASWARN (gmtime_r);
+# endif
+# endif
+
+/* Parse BUF as a time stamp, assuming FORMAT specifies its layout, and store
+ the resulting broken-down time into TM. See
+ <http://www.opengroup.org/susv3xsh/strptime.html>. */
+# if @GNULIB_STRPTIME@
+# if ! @HAVE_STRPTIME@
+_GL_FUNCDECL_SYS (strptime, char *, (char const *restrict __buf,
+ char const *restrict __format,
+ struct tm *restrict __tm)
+ _GL_ARG_NONNULL ((1, 2, 3)));
+# endif
+_GL_CXXALIAS_SYS (strptime, char *, (char const *restrict __buf,
+ char const *restrict __format,
+ struct tm *restrict __tm));
+_GL_CXXALIASWARN (strptime);
+# endif
+
+/* Convert TM to a time_t value, assuming UTC. */
+# if @GNULIB_TIMEGM@
+# if @REPLACE_TIMEGM@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef timegm
+# define timegm rpl_timegm
+# endif
+_GL_FUNCDECL_RPL (timegm, time_t, (struct tm *__tm) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (timegm, time_t, (struct tm *__tm));
+# else
+# if ! @HAVE_TIMEGM@
+_GL_FUNCDECL_SYS (timegm, time_t, (struct tm *__tm) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (timegm, time_t, (struct tm *__tm));
+# endif
+_GL_CXXALIASWARN (timegm);
+# endif
+
+/* Encourage applications to avoid unsafe functions that can overrun
+ buffers when given outlandish struct tm values. Portable
+ applications should use strftime (or even sprintf) instead. */
+# if defined GNULIB_POSIXCHECK
+# undef asctime
+_GL_WARN_ON_USE (asctime, "asctime can overrun buffers in some cases - "
+ "better use strftime (or even sprintf) instead");
+# endif
+# if defined GNULIB_POSIXCHECK
+# undef asctime_r
+_GL_WARN_ON_USE (asctime, "asctime_r can overrun buffers in some cases - "
+ "better use strftime (or even sprintf) instead");
+# endif
+# if defined GNULIB_POSIXCHECK
+# undef ctime
+_GL_WARN_ON_USE (asctime, "ctime can overrun buffers in some cases - "
+ "better use strftime (or even sprintf) instead");
+# endif
+# if defined GNULIB_POSIXCHECK
+# undef ctime_r
+_GL_WARN_ON_USE (asctime, "ctime_r can overrun buffers in some cases - "
+ "better use strftime (or even sprintf) instead");
+# endif
+
+#endif
--- /dev/null
+/* Reentrant time functions like localtime_r.
+
+ Copyright (C) 2003, 2006-2007, 2010-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* Written by Paul Eggert. */
+
+#include <config.h>
+
+#include <time.h>
+
+static struct tm *
+copy_tm_result (struct tm *dest, struct tm const *src)
+{
+ if (! src)
+ return 0;
+ *dest = *src;
+ return dest;
+}
+
+
+struct tm *
+gmtime_r (time_t const * restrict t, struct tm * restrict tp)
+{
+ return copy_tm_result (tp, gmtime (t));
+}
+
+struct tm *
+localtime_r (time_t const * restrict t, struct tm * restrict tp)
+{
+ return copy_tm_result (tp, localtime (t));
+}
--- /dev/null
+/* Substitute for and wrapper around <unistd.h>.
+ Copyright (C) 2003-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#if __GNUC__ >= 3
+@PRAGMA_SYSTEM_HEADER@
+#endif
+@PRAGMA_COLUMNS@
+
+/* Special invocation convention:
+ - On mingw, several headers, including <winsock2.h>, include <unistd.h>,
+ but we need to ensure that both the system <unistd.h> and <winsock2.h>
+ are completely included before we replace gethostname. */
+#if @GNULIB_GETHOSTNAME@ && @UNISTD_H_HAVE_WINSOCK2_H@ \
+ && !defined _GL_WINSOCK2_H_WITNESS && defined _WINSOCK2_H
+/* <unistd.h> is being indirectly included for the first time from
+ <winsock2.h>; avoid declaring any overrides. */
+# if @HAVE_UNISTD_H@
+# @INCLUDE_NEXT@ @NEXT_UNISTD_H@
+# else
+# error unexpected; report this to bug-gnulib@gnu.org
+# endif
+# define _GL_WINSOCK2_H_WITNESS
+
+/* Normal invocation. */
+#elif !defined _GL_UNISTD_H
+
+/* The include_next requires a split double-inclusion guard. */
+#if @HAVE_UNISTD_H@
+# @INCLUDE_NEXT@ @NEXT_UNISTD_H@
+#endif
+
+/* Get all possible declarations of gethostname(). */
+#if @GNULIB_GETHOSTNAME@ && @UNISTD_H_HAVE_WINSOCK2_H@ \
+ && !defined _GL_INCLUDING_WINSOCK2_H
+# define _GL_INCLUDING_WINSOCK2_H
+# include <winsock2.h>
+# undef _GL_INCLUDING_WINSOCK2_H
+#endif
+
+#if !defined _GL_UNISTD_H && !defined _GL_INCLUDING_WINSOCK2_H
+#define _GL_UNISTD_H
+
+/* NetBSD 5.0 mis-defines NULL. Also get size_t. */
+#include <stddef.h>
+
+/* mingw doesn't define the SEEK_* or *_FILENO macros in <unistd.h>. */
+/* Cygwin 1.7.1 declares symlinkat in <stdio.h>, not in <unistd.h>. */
+/* But avoid namespace pollution on glibc systems. */
+#if (!(defined SEEK_CUR && defined SEEK_END && defined SEEK_SET) \
+ || ((@GNULIB_SYMLINKAT@ || defined GNULIB_POSIXCHECK) \
+ && defined __CYGWIN__)) \
+ && ! defined __GLIBC__
+# include <stdio.h>
+#endif
+
+/* Cygwin 1.7.1 declares unlinkat in <fcntl.h>, not in <unistd.h>. */
+/* But avoid namespace pollution on glibc systems. */
+#if (@GNULIB_UNLINKAT@ || defined GNULIB_POSIXCHECK) && defined __CYGWIN__ \
+ && ! defined __GLIBC__
+# include <fcntl.h>
+#endif
+
+/* mingw fails to declare _exit in <unistd.h>. */
+/* mingw, BeOS, Haiku declare environ in <stdlib.h>, not in <unistd.h>. */
+/* Solaris declares getcwd not only in <unistd.h> but also in <stdlib.h>. */
+/* But avoid namespace pollution on glibc systems. */
+#ifndef __GLIBC__
+# include <stdlib.h>
+#endif
+
+/* mingw declares getcwd in <io.h>, not in <unistd.h>. */
+#if ((@GNULIB_GETCWD@ || defined GNULIB_POSIXCHECK) \
+ && ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__))
+# include <io.h>
+#endif
+
+/* AIX and OSF/1 5.1 declare getdomainname in <netdb.h>, not in <unistd.h>.
+ NonStop Kernel declares gethostname in <netdb.h>, not in <unistd.h>. */
+/* But avoid namespace pollution on glibc systems. */
+#if ((@GNULIB_GETDOMAINNAME@ && (defined _AIX || defined __osf__)) \
+ || (@GNULIB_GETHOSTNAME@ && defined __TANDEM)) \
+ && !defined __GLIBC__
+# include <netdb.h>
+#endif
+
+#if (@GNULIB_WRITE@ || @GNULIB_READLINK@ || @GNULIB_READLINKAT@ \
+ || @GNULIB_PREAD@ || @GNULIB_PWRITE@ || defined GNULIB_POSIXCHECK)
+/* Get ssize_t. */
+# include <sys/types.h>
+#endif
+
+/* Get getopt(), optarg, optind, opterr, optopt.
+ But avoid namespace pollution on glibc systems. */
+#if @GNULIB_UNISTD_H_GETOPT@ && !defined __GLIBC__ && !defined _GL_SYSTEM_GETOPT
+# include <getopt.h>
+#endif
+
+/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
+
+/* The definition of _GL_ARG_NONNULL is copied here. */
+
+/* The definition of _GL_WARN_ON_USE is copied here. */
+
+
+#if @GNULIB_GETHOSTNAME@
+/* Get all possible declarations of gethostname(). */
+# if @UNISTD_H_HAVE_WINSOCK2_H@
+# if !defined _GL_SYS_SOCKET_H
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef socket
+# define socket socket_used_without_including_sys_socket_h
+# undef connect
+# define connect connect_used_without_including_sys_socket_h
+# undef accept
+# define accept accept_used_without_including_sys_socket_h
+# undef bind
+# define bind bind_used_without_including_sys_socket_h
+# undef getpeername
+# define getpeername getpeername_used_without_including_sys_socket_h
+# undef getsockname
+# define getsockname getsockname_used_without_including_sys_socket_h
+# undef getsockopt
+# define getsockopt getsockopt_used_without_including_sys_socket_h
+# undef listen
+# define listen listen_used_without_including_sys_socket_h
+# undef recv
+# define recv recv_used_without_including_sys_socket_h
+# undef send
+# define send send_used_without_including_sys_socket_h
+# undef recvfrom
+# define recvfrom recvfrom_used_without_including_sys_socket_h
+# undef sendto
+# define sendto sendto_used_without_including_sys_socket_h
+# undef setsockopt
+# define setsockopt setsockopt_used_without_including_sys_socket_h
+# undef shutdown
+# define shutdown shutdown_used_without_including_sys_socket_h
+# else
+ _GL_WARN_ON_USE (socket,
+ "socket() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (connect,
+ "connect() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (accept,
+ "accept() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (bind,
+ "bind() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (getpeername,
+ "getpeername() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (getsockname,
+ "getsockname() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (getsockopt,
+ "getsockopt() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (listen,
+ "listen() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (recv,
+ "recv() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (send,
+ "send() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (recvfrom,
+ "recvfrom() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (sendto,
+ "sendto() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (setsockopt,
+ "setsockopt() used without including <sys/socket.h>");
+ _GL_WARN_ON_USE (shutdown,
+ "shutdown() used without including <sys/socket.h>");
+# endif
+# endif
+# if !defined _GL_SYS_SELECT_H
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef select
+# define select select_used_without_including_sys_select_h
+# else
+ _GL_WARN_ON_USE (select,
+ "select() used without including <sys/select.h>");
+# endif
+# endif
+# endif
+#endif
+
+
+/* OS/2 EMX lacks these macros. */
+#ifndef STDIN_FILENO
+# define STDIN_FILENO 0
+#endif
+#ifndef STDOUT_FILENO
+# define STDOUT_FILENO 1
+#endif
+#ifndef STDERR_FILENO
+# define STDERR_FILENO 2
+#endif
+
+/* Ensure *_OK macros exist. */
+#ifndef F_OK
+# define F_OK 0
+# define X_OK 1
+# define W_OK 2
+# define R_OK 4
+#endif
+
+
+/* Declare overridden functions. */
+
+
+#if defined GNULIB_POSIXCHECK
+/* The access() function is a security risk. */
+_GL_WARN_ON_USE (access, "the access function is a security risk - "
+ "use the gnulib module faccessat instead");
+#endif
+
+
+#if @GNULIB_CHOWN@
+/* Change the owner of FILE to UID (if UID is not -1) and the group of FILE
+ to GID (if GID is not -1). Follow symbolic links.
+ Return 0 if successful, otherwise -1 and errno set.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/chown.html>. */
+# if @REPLACE_CHOWN@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef chown
+# define chown rpl_chown
+# endif
+_GL_FUNCDECL_RPL (chown, int, (const char *file, uid_t uid, gid_t gid)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (chown, int, (const char *file, uid_t uid, gid_t gid));
+# else
+# if !@HAVE_CHOWN@
+_GL_FUNCDECL_SYS (chown, int, (const char *file, uid_t uid, gid_t gid)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (chown, int, (const char *file, uid_t uid, gid_t gid));
+# endif
+_GL_CXXALIASWARN (chown);
+#elif defined GNULIB_POSIXCHECK
+# undef chown
+# if HAVE_RAW_DECL_CHOWN
+_GL_WARN_ON_USE (chown, "chown fails to follow symlinks on some systems and "
+ "doesn't treat a uid or gid of -1 on some systems - "
+ "use gnulib module chown for portability");
+# endif
+#endif
+
+
+#if @GNULIB_CLOSE@
+# if @REPLACE_CLOSE@
+/* Automatically included by modules that need a replacement for close. */
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef close
+# define close rpl_close
+# endif
+_GL_FUNCDECL_RPL (close, int, (int fd));
+_GL_CXXALIAS_RPL (close, int, (int fd));
+# else
+_GL_CXXALIAS_SYS (close, int, (int fd));
+# endif
+_GL_CXXALIASWARN (close);
+#elif @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@
+# undef close
+# define close close_used_without_requesting_gnulib_module_close
+#elif defined GNULIB_POSIXCHECK
+# undef close
+/* Assume close is always declared. */
+_GL_WARN_ON_USE (close, "close does not portably work on sockets - "
+ "use gnulib module close for portability");
+#endif
+
+
+#if @REPLACE_DUP@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define dup rpl_dup
+# endif
+_GL_FUNCDECL_RPL (dup, int, (int oldfd));
+_GL_CXXALIAS_RPL (dup, int, (int oldfd));
+#else
+_GL_CXXALIAS_SYS (dup, int, (int oldfd));
+#endif
+_GL_CXXALIASWARN (dup);
+
+
+#if @GNULIB_DUP2@
+/* Copy the file descriptor OLDFD into file descriptor NEWFD. Do nothing if
+ NEWFD = OLDFD, otherwise close NEWFD first if it is open.
+ Return newfd if successful, otherwise -1 and errno set.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/dup2.html>. */
+# if @REPLACE_DUP2@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define dup2 rpl_dup2
+# endif
+_GL_FUNCDECL_RPL (dup2, int, (int oldfd, int newfd));
+_GL_CXXALIAS_RPL (dup2, int, (int oldfd, int newfd));
+# else
+# if !@HAVE_DUP2@
+_GL_FUNCDECL_SYS (dup2, int, (int oldfd, int newfd));
+# endif
+_GL_CXXALIAS_SYS (dup2, int, (int oldfd, int newfd));
+# endif
+_GL_CXXALIASWARN (dup2);
+#elif defined GNULIB_POSIXCHECK
+# undef dup2
+# if HAVE_RAW_DECL_DUP2
+_GL_WARN_ON_USE (dup2, "dup2 is unportable - "
+ "use gnulib module dup2 for portability");
+# endif
+#endif
+
+
+#if @GNULIB_DUP3@
+/* Copy the file descriptor OLDFD into file descriptor NEWFD, with the
+ specified flags.
+ The flags are a bitmask, possibly including O_CLOEXEC (defined in <fcntl.h>)
+ and O_TEXT, O_BINARY (defined in "binary-io.h").
+ Close NEWFD first if it is open.
+ Return newfd if successful, otherwise -1 and errno set.
+ See the Linux man page at
+ <http://www.kernel.org/doc/man-pages/online/pages/man2/dup3.2.html>. */
+# if @HAVE_DUP3@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define dup3 rpl_dup3
+# endif
+_GL_FUNCDECL_RPL (dup3, int, (int oldfd, int newfd, int flags));
+_GL_CXXALIAS_RPL (dup3, int, (int oldfd, int newfd, int flags));
+# else
+_GL_FUNCDECL_SYS (dup3, int, (int oldfd, int newfd, int flags));
+_GL_CXXALIAS_SYS (dup3, int, (int oldfd, int newfd, int flags));
+# endif
+_GL_CXXALIASWARN (dup3);
+#elif defined GNULIB_POSIXCHECK
+# undef dup3
+# if HAVE_RAW_DECL_DUP3
+_GL_WARN_ON_USE (dup3, "dup3 is unportable - "
+ "use gnulib module dup3 for portability");
+# endif
+#endif
+
+
+#if @GNULIB_ENVIRON@
+# if !@HAVE_DECL_ENVIRON@
+/* Set of environment variables and values. An array of strings of the form
+ "VARIABLE=VALUE", terminated with a NULL. */
+# if defined __APPLE__ && defined __MACH__
+# include <crt_externs.h>
+# define environ (*_NSGetEnviron ())
+# else
+# ifdef __cplusplus
+extern "C" {
+# endif
+extern char **environ;
+# ifdef __cplusplus
+}
+# endif
+# endif
+# endif
+#elif defined GNULIB_POSIXCHECK
+# if HAVE_RAW_DECL_ENVIRON
+static inline char ***
+rpl_environ (void)
+{
+ return &environ;
+}
+_GL_WARN_ON_USE (rpl_environ, "environ is unportable - "
+ "use gnulib module environ for portability");
+# undef environ
+# define environ (*rpl_environ ())
+# endif
+#endif
+
+
+#if @GNULIB_EUIDACCESS@
+/* Like access(), except that it uses the effective user id and group id of
+ the current process. */
+# if !@HAVE_EUIDACCESS@
+_GL_FUNCDECL_SYS (euidaccess, int, (const char *filename, int mode)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (euidaccess, int, (const char *filename, int mode));
+_GL_CXXALIASWARN (euidaccess);
+# if defined GNULIB_POSIXCHECK
+/* Like access(), this function is a security risk. */
+_GL_WARN_ON_USE (euidaccess, "the euidaccess function is a security risk - "
+ "use the gnulib module faccessat instead");
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef euidaccess
+# if HAVE_RAW_DECL_EUIDACCESS
+_GL_WARN_ON_USE (euidaccess, "euidaccess is unportable - "
+ "use gnulib module euidaccess for portability");
+# endif
+#endif
+
+
+#if @GNULIB_FACCESSAT@
+# if !@HAVE_FACCESSAT@
+_GL_FUNCDECL_SYS (faccessat, int,
+ (int fd, char const *file, int mode, int flag)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (faccessat, int,
+ (int fd, char const *file, int mode, int flag));
+_GL_CXXALIASWARN (faccessat);
+#elif defined GNULIB_POSIXCHECK
+# undef faccessat
+# if HAVE_RAW_DECL_FACCESSAT
+_GL_WARN_ON_USE (faccessat, "faccessat is not portable - "
+ "use gnulib module faccessat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_FCHDIR@
+/* Change the process' current working directory to the directory on which
+ the given file descriptor is open.
+ Return 0 if successful, otherwise -1 and errno set.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/fchdir.html>. */
+# if ! @HAVE_FCHDIR@
+_GL_FUNCDECL_SYS (fchdir, int, (int /*fd*/));
+
+/* Gnulib internal hooks needed to maintain the fchdir metadata. */
+_GL_EXTERN_C int _gl_register_fd (int fd, const char *filename)
+ _GL_ARG_NONNULL ((2));
+_GL_EXTERN_C void _gl_unregister_fd (int fd);
+_GL_EXTERN_C int _gl_register_dup (int oldfd, int newfd);
+_GL_EXTERN_C const char *_gl_directory_name (int fd);
+
+# else
+# if !@HAVE_DECL_FCHDIR@
+_GL_FUNCDECL_SYS (fchdir, int, (int /*fd*/));
+# endif
+# endif
+_GL_CXXALIAS_SYS (fchdir, int, (int /*fd*/));
+_GL_CXXALIASWARN (fchdir);
+#elif defined GNULIB_POSIXCHECK
+# undef fchdir
+# if HAVE_RAW_DECL_FCHDIR
+_GL_WARN_ON_USE (fchdir, "fchdir is unportable - "
+ "use gnulib module fchdir for portability");
+# endif
+#endif
+
+
+#if @GNULIB_FCHOWNAT@
+# if @REPLACE_FCHOWNAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef fchownat
+# define fchownat rpl_fchownat
+# endif
+_GL_FUNCDECL_RPL (fchownat, int, (int fd, char const *file,
+ uid_t owner, gid_t group, int flag)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (fchownat, int, (int fd, char const *file,
+ uid_t owner, gid_t group, int flag));
+# else
+# if !@HAVE_FCHOWNAT@
+_GL_FUNCDECL_SYS (fchownat, int, (int fd, char const *file,
+ uid_t owner, gid_t group, int flag)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (fchownat, int, (int fd, char const *file,
+ uid_t owner, gid_t group, int flag));
+# endif
+_GL_CXXALIASWARN (fchownat);
+#elif defined GNULIB_POSIXCHECK
+# undef fchownat
+# if HAVE_RAW_DECL_FCHOWNAT
+_GL_WARN_ON_USE (fchownat, "fchownat is not portable - "
+ "use gnulib module openat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_FSYNC@
+/* Synchronize changes to a file.
+ Return 0 if successful, otherwise -1 and errno set.
+ See POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/fsync.html>. */
+# if !@HAVE_FSYNC@
+_GL_FUNCDECL_SYS (fsync, int, (int fd));
+# endif
+_GL_CXXALIAS_SYS (fsync, int, (int fd));
+_GL_CXXALIASWARN (fsync);
+#elif defined GNULIB_POSIXCHECK
+# undef fsync
+# if HAVE_RAW_DECL_FSYNC
+_GL_WARN_ON_USE (fsync, "fsync is unportable - "
+ "use gnulib module fsync for portability");
+# endif
+#endif
+
+
+#if @GNULIB_FTRUNCATE@
+/* Change the size of the file to which FD is opened to become equal to LENGTH.
+ Return 0 if successful, otherwise -1 and errno set.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/ftruncate.html>. */
+# if !@HAVE_FTRUNCATE@
+_GL_FUNCDECL_SYS (ftruncate, int, (int fd, off_t length));
+# endif
+_GL_CXXALIAS_SYS (ftruncate, int, (int fd, off_t length));
+_GL_CXXALIASWARN (ftruncate);
+#elif defined GNULIB_POSIXCHECK
+# undef ftruncate
+# if HAVE_RAW_DECL_FTRUNCATE
+_GL_WARN_ON_USE (ftruncate, "ftruncate is unportable - "
+ "use gnulib module ftruncate for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETCWD@
+/* Get the name of the current working directory, and put it in SIZE bytes
+ of BUF.
+ Return BUF if successful, or NULL if the directory couldn't be determined
+ or SIZE was too small.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/getcwd.html>.
+ Additionally, the gnulib module 'getcwd' guarantees the following GNU
+ extension: If BUF is NULL, an array is allocated with 'malloc'; the array
+ is SIZE bytes long, unless SIZE == 0, in which case it is as big as
+ necessary. */
+# if @REPLACE_GETCWD@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define getcwd rpl_getcwd
+# endif
+_GL_FUNCDECL_RPL (getcwd, char *, (char *buf, size_t size));
+_GL_CXXALIAS_RPL (getcwd, char *, (char *buf, size_t size));
+# else
+/* Need to cast, because on mingw, the second parameter is
+ int size. */
+_GL_CXXALIAS_SYS_CAST (getcwd, char *, (char *buf, size_t size));
+# endif
+_GL_CXXALIASWARN (getcwd);
+#elif defined GNULIB_POSIXCHECK
+# undef getcwd
+# if HAVE_RAW_DECL_GETCWD
+_GL_WARN_ON_USE (getcwd, "getcwd is unportable - "
+ "use gnulib module getcwd for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETDOMAINNAME@
+/* Return the NIS domain name of the machine.
+ WARNING! The NIS domain name is unrelated to the fully qualified host name
+ of the machine. It is also unrelated to email addresses.
+ WARNING! The NIS domain name is usually the empty string or "(none)" when
+ not using NIS.
+
+ Put up to LEN bytes of the NIS domain name into NAME.
+ Null terminate it if the name is shorter than LEN.
+ If the NIS domain name is longer than LEN, set errno = EINVAL and return -1.
+ Return 0 if successful, otherwise set errno and return -1. */
+# if @REPLACE_GETDOMAINNAME@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef getdomainname
+# define getdomainname rpl_getdomainname
+# endif
+_GL_FUNCDECL_RPL (getdomainname, int, (char *name, size_t len)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (getdomainname, int, (char *name, size_t len));
+# else
+# if !@HAVE_DECL_GETDOMAINNAME@
+_GL_FUNCDECL_SYS (getdomainname, int, (char *name, size_t len)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (getdomainname, int, (char *name, size_t len));
+# endif
+_GL_CXXALIASWARN (getdomainname);
+#elif defined GNULIB_POSIXCHECK
+# undef getdomainname
+# if HAVE_RAW_DECL_GETDOMAINNAME
+_GL_WARN_ON_USE (getdomainname, "getdomainname is unportable - "
+ "use gnulib module getdomainname for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETDTABLESIZE@
+/* Return the maximum number of file descriptors in the current process.
+ In POSIX, this is same as sysconf (_SC_OPEN_MAX). */
+# if !@HAVE_GETDTABLESIZE@
+_GL_FUNCDECL_SYS (getdtablesize, int, (void));
+# endif
+_GL_CXXALIAS_SYS (getdtablesize, int, (void));
+_GL_CXXALIASWARN (getdtablesize);
+#elif defined GNULIB_POSIXCHECK
+# undef getdtablesize
+# if HAVE_RAW_DECL_GETDTABLESIZE
+_GL_WARN_ON_USE (getdtablesize, "getdtablesize is unportable - "
+ "use gnulib module getdtablesize for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETGROUPS@
+/* Return the supplemental groups that the current process belongs to.
+ It is unspecified whether the effective group id is in the list.
+ If N is 0, return the group count; otherwise, N describes how many
+ entries are available in GROUPS. Return -1 and set errno if N is
+ not 0 and not large enough. Fails with ENOSYS on some systems. */
+# if @REPLACE_GETGROUPS@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef getgroups
+# define getgroups rpl_getgroups
+# endif
+_GL_FUNCDECL_RPL (getgroups, int, (int n, gid_t *groups));
+_GL_CXXALIAS_RPL (getgroups, int, (int n, gid_t *groups));
+# else
+# if !@HAVE_GETGROUPS@
+_GL_FUNCDECL_SYS (getgroups, int, (int n, gid_t *groups));
+# endif
+_GL_CXXALIAS_SYS (getgroups, int, (int n, gid_t *groups));
+# endif
+_GL_CXXALIASWARN (getgroups);
+#elif defined GNULIB_POSIXCHECK
+# undef getgroups
+# if HAVE_RAW_DECL_GETGROUPS
+_GL_WARN_ON_USE (getgroups, "getgroups is unportable - "
+ "use gnulib module getgroups for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETHOSTNAME@
+/* Return the standard host name of the machine.
+ WARNING! The host name may or may not be fully qualified.
+
+ Put up to LEN bytes of the host name into NAME.
+ Null terminate it if the name is shorter than LEN.
+ If the host name is longer than LEN, set errno = EINVAL and return -1.
+ Return 0 if successful, otherwise set errno and return -1. */
+# if @UNISTD_H_HAVE_WINSOCK2_H@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef gethostname
+# define gethostname rpl_gethostname
+# endif
+_GL_FUNCDECL_RPL (gethostname, int, (char *name, size_t len)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (gethostname, int, (char *name, size_t len));
+# else
+# if !@HAVE_GETHOSTNAME@
+_GL_FUNCDECL_SYS (gethostname, int, (char *name, size_t len)
+ _GL_ARG_NONNULL ((1)));
+# endif
+/* Need to cast, because on Solaris 10 and OSF/1 5.1 systems, the second
+ parameter is
+ int len. */
+_GL_CXXALIAS_SYS_CAST (gethostname, int, (char *name, size_t len));
+# endif
+_GL_CXXALIASWARN (gethostname);
+#elif @UNISTD_H_HAVE_WINSOCK2_H@
+# undef gethostname
+# define gethostname gethostname_used_without_requesting_gnulib_module_gethostname
+#elif defined GNULIB_POSIXCHECK
+# undef gethostname
+# if HAVE_RAW_DECL_GETHOSTNAME
+_GL_WARN_ON_USE (gethostname, "gethostname is unportable - "
+ "use gnulib module gethostname for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETLOGIN@
+/* Returns the user's login name, or NULL if it cannot be found. Upon error,
+ returns NULL with errno set.
+
+ See <http://www.opengroup.org/susv3xsh/getlogin.html>.
+
+ Most programs don't need to use this function, because the information is
+ available through environment variables:
+ ${LOGNAME-$USER} on Unix platforms,
+ $USERNAME on native Windows platforms.
+ */
+# if !@HAVE_GETLOGIN@
+_GL_FUNCDECL_SYS (getlogin, char *, (void));
+# endif
+_GL_CXXALIAS_SYS (getlogin, char *, (void));
+_GL_CXXALIASWARN (getlogin);
+#elif defined GNULIB_POSIXCHECK
+# undef getlogin
+# if HAVE_RAW_DECL_GETLOGIN
+_GL_WARN_ON_USE (getlogin, "getlogin is unportable - "
+ "use gnulib module getlogin for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETLOGIN_R@
+/* Copies the user's login name to NAME.
+ The array pointed to by NAME has room for SIZE bytes.
+
+ Returns 0 if successful. Upon error, an error number is returned, or -1 in
+ the case that the login name cannot be found but no specific error is
+ provided (this case is hopefully rare but is left open by the POSIX spec).
+
+ See <http://www.opengroup.org/susv3xsh/getlogin.html>.
+
+ Most programs don't need to use this function, because the information is
+ available through environment variables:
+ ${LOGNAME-$USER} on Unix platforms,
+ $USERNAME on native Windows platforms.
+ */
+# if @REPLACE_GETLOGIN_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define getlogin_r rpl_getlogin_r
+# endif
+_GL_FUNCDECL_RPL (getlogin_r, int, (char *name, size_t size)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (getlogin_r, int, (char *name, size_t size));
+# else
+# if !@HAVE_DECL_GETLOGIN_R@
+_GL_FUNCDECL_SYS (getlogin_r, int, (char *name, size_t size)
+ _GL_ARG_NONNULL ((1)));
+# endif
+/* Need to cast, because on Solaris 10 systems, the second argument is
+ int size. */
+_GL_CXXALIAS_SYS_CAST (getlogin_r, int, (char *name, size_t size));
+# endif
+_GL_CXXALIASWARN (getlogin_r);
+#elif defined GNULIB_POSIXCHECK
+# undef getlogin_r
+# if HAVE_RAW_DECL_GETLOGIN_R
+_GL_WARN_ON_USE (getlogin_r, "getlogin_r is unportable - "
+ "use gnulib module getlogin_r for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETPAGESIZE@
+# if @REPLACE_GETPAGESIZE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define getpagesize rpl_getpagesize
+# endif
+_GL_FUNCDECL_RPL (getpagesize, int, (void));
+_GL_CXXALIAS_RPL (getpagesize, int, (void));
+# else
+# if !@HAVE_GETPAGESIZE@
+# if !defined getpagesize
+/* This is for POSIX systems. */
+# if !defined _gl_getpagesize && defined _SC_PAGESIZE
+# if ! (defined __VMS && __VMS_VER < 70000000)
+# define _gl_getpagesize() sysconf (_SC_PAGESIZE)
+# endif
+# endif
+/* This is for older VMS. */
+# if !defined _gl_getpagesize && defined __VMS
+# ifdef __ALPHA
+# define _gl_getpagesize() 8192
+# else
+# define _gl_getpagesize() 512
+# endif
+# endif
+/* This is for BeOS. */
+# if !defined _gl_getpagesize && @HAVE_OS_H@
+# include <OS.h>
+# if defined B_PAGE_SIZE
+# define _gl_getpagesize() B_PAGE_SIZE
+# endif
+# endif
+/* This is for AmigaOS4.0. */
+# if !defined _gl_getpagesize && defined __amigaos4__
+# define _gl_getpagesize() 2048
+# endif
+/* This is for older Unix systems. */
+# if !defined _gl_getpagesize && @HAVE_SYS_PARAM_H@
+# include <sys/param.h>
+# ifdef EXEC_PAGESIZE
+# define _gl_getpagesize() EXEC_PAGESIZE
+# else
+# ifdef NBPG
+# ifndef CLSIZE
+# define CLSIZE 1
+# endif
+# define _gl_getpagesize() (NBPG * CLSIZE)
+# else
+# ifdef NBPC
+# define _gl_getpagesize() NBPC
+# endif
+# endif
+# endif
+# endif
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define getpagesize() _gl_getpagesize ()
+# else
+# if !GNULIB_defined_getpagesize_function
+static inline int
+getpagesize ()
+{
+ return _gl_getpagesize ();
+}
+# define GNULIB_defined_getpagesize_function 1
+# endif
+# endif
+# endif
+# endif
+/* Need to cast, because on Cygwin 1.5.x systems, the return type is size_t. */
+_GL_CXXALIAS_SYS_CAST (getpagesize, int, (void));
+# endif
+# if @HAVE_DECL_GETPAGESIZE@
+_GL_CXXALIASWARN (getpagesize);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef getpagesize
+# if HAVE_RAW_DECL_GETPAGESIZE
+_GL_WARN_ON_USE (getpagesize, "getpagesize is unportable - "
+ "use gnulib module getpagesize for portability");
+# endif
+#endif
+
+
+#if @GNULIB_GETUSERSHELL@
+/* Return the next valid login shell on the system, or NULL when the end of
+ the list has been reached. */
+# if !@HAVE_DECL_GETUSERSHELL@
+_GL_FUNCDECL_SYS (getusershell, char *, (void));
+# endif
+_GL_CXXALIAS_SYS (getusershell, char *, (void));
+_GL_CXXALIASWARN (getusershell);
+#elif defined GNULIB_POSIXCHECK
+# undef getusershell
+# if HAVE_RAW_DECL_GETUSERSHELL
+_GL_WARN_ON_USE (getusershell, "getusershell is unportable - "
+ "use gnulib module getusershell for portability");
+# endif
+#endif
+
+#if @GNULIB_GETUSERSHELL@
+/* Rewind to pointer that is advanced at each getusershell() call. */
+# if !@HAVE_DECL_GETUSERSHELL@
+_GL_FUNCDECL_SYS (setusershell, void, (void));
+# endif
+_GL_CXXALIAS_SYS (setusershell, void, (void));
+_GL_CXXALIASWARN (setusershell);
+#elif defined GNULIB_POSIXCHECK
+# undef setusershell
+# if HAVE_RAW_DECL_SETUSERSHELL
+_GL_WARN_ON_USE (setusershell, "setusershell is unportable - "
+ "use gnulib module getusershell for portability");
+# endif
+#endif
+
+#if @GNULIB_GETUSERSHELL@
+/* Free the pointer that is advanced at each getusershell() call and
+ associated resources. */
+# if !@HAVE_DECL_GETUSERSHELL@
+_GL_FUNCDECL_SYS (endusershell, void, (void));
+# endif
+_GL_CXXALIAS_SYS (endusershell, void, (void));
+_GL_CXXALIASWARN (endusershell);
+#elif defined GNULIB_POSIXCHECK
+# undef endusershell
+# if HAVE_RAW_DECL_ENDUSERSHELL
+_GL_WARN_ON_USE (endusershell, "endusershell is unportable - "
+ "use gnulib module getusershell for portability");
+# endif
+#endif
+
+
+#if @GNULIB_LCHOWN@
+/* Change the owner of FILE to UID (if UID is not -1) and the group of FILE
+ to GID (if GID is not -1). Do not follow symbolic links.
+ Return 0 if successful, otherwise -1 and errno set.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/lchown.html>. */
+# if @REPLACE_LCHOWN@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef lchown
+# define lchown rpl_lchown
+# endif
+_GL_FUNCDECL_RPL (lchown, int, (char const *file, uid_t owner, gid_t group)
+ _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (lchown, int, (char const *file, uid_t owner, gid_t group));
+# else
+# if !@HAVE_LCHOWN@
+_GL_FUNCDECL_SYS (lchown, int, (char const *file, uid_t owner, gid_t group)
+ _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (lchown, int, (char const *file, uid_t owner, gid_t group));
+# endif
+_GL_CXXALIASWARN (lchown);
+#elif defined GNULIB_POSIXCHECK
+# undef lchown
+# if HAVE_RAW_DECL_LCHOWN
+_GL_WARN_ON_USE (lchown, "lchown is unportable to pre-POSIX.1-2001 systems - "
+ "use gnulib module lchown for portability");
+# endif
+#endif
+
+
+#if @GNULIB_LINK@
+/* Create a new hard link for an existing file.
+ Return 0 if successful, otherwise -1 and errno set.
+ See POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/link.html>. */
+# if @REPLACE_LINK@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define link rpl_link
+# endif
+_GL_FUNCDECL_RPL (link, int, (const char *path1, const char *path2)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (link, int, (const char *path1, const char *path2));
+# else
+# if !@HAVE_LINK@
+_GL_FUNCDECL_SYS (link, int, (const char *path1, const char *path2)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (link, int, (const char *path1, const char *path2));
+# endif
+_GL_CXXALIASWARN (link);
+#elif defined GNULIB_POSIXCHECK
+# undef link
+# if HAVE_RAW_DECL_LINK
+_GL_WARN_ON_USE (link, "link is unportable - "
+ "use gnulib module link for portability");
+# endif
+#endif
+
+
+#if @GNULIB_LINKAT@
+/* Create a new hard link for an existing file, relative to two
+ directories. FLAG controls whether symlinks are followed.
+ Return 0 if successful, otherwise -1 and errno set. */
+# if @REPLACE_LINKAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef linkat
+# define linkat rpl_linkat
+# endif
+_GL_FUNCDECL_RPL (linkat, int,
+ (int fd1, const char *path1, int fd2, const char *path2,
+ int flag)
+ _GL_ARG_NONNULL ((2, 4)));
+_GL_CXXALIAS_RPL (linkat, int,
+ (int fd1, const char *path1, int fd2, const char *path2,
+ int flag));
+# else
+# if !@HAVE_LINKAT@
+_GL_FUNCDECL_SYS (linkat, int,
+ (int fd1, const char *path1, int fd2, const char *path2,
+ int flag)
+ _GL_ARG_NONNULL ((2, 4)));
+# endif
+_GL_CXXALIAS_SYS (linkat, int,
+ (int fd1, const char *path1, int fd2, const char *path2,
+ int flag));
+# endif
+_GL_CXXALIASWARN (linkat);
+#elif defined GNULIB_POSIXCHECK
+# undef linkat
+# if HAVE_RAW_DECL_LINKAT
+_GL_WARN_ON_USE (linkat, "linkat is unportable - "
+ "use gnulib module linkat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_LSEEK@
+/* Set the offset of FD relative to SEEK_SET, SEEK_CUR, or SEEK_END.
+ Return the new offset if successful, otherwise -1 and errno set.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/lseek.html>. */
+# if @REPLACE_LSEEK@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define lseek rpl_lseek
+# endif
+_GL_FUNCDECL_RPL (lseek, off_t, (int fd, off_t offset, int whence));
+_GL_CXXALIAS_RPL (lseek, off_t, (int fd, off_t offset, int whence));
+# else
+_GL_CXXALIAS_SYS (lseek, off_t, (int fd, off_t offset, int whence));
+# endif
+_GL_CXXALIASWARN (lseek);
+#elif defined GNULIB_POSIXCHECK
+# undef lseek
+# if HAVE_RAW_DECL_LSEEK
+_GL_WARN_ON_USE (lseek, "lseek does not fail with ESPIPE on pipes on some "
+ "systems - use gnulib module lseek for portability");
+# endif
+#endif
+
+
+#if @GNULIB_PIPE@
+/* Create a pipe, defaulting to O_BINARY mode.
+ Store the read-end as fd[0] and the write-end as fd[1].
+ Return 0 upon success, or -1 with errno set upon failure. */
+# if !@HAVE_PIPE@
+_GL_FUNCDECL_SYS (pipe, int, (int fd[2]) _GL_ARG_NONNULL ((1)));
+# endif
+_GL_CXXALIAS_SYS (pipe, int, (int fd[2]));
+_GL_CXXALIASWARN (pipe);
+#elif defined GNULIB_POSIXCHECK
+# undef pipe
+# if HAVE_RAW_DECL_PIPE
+_GL_WARN_ON_USE (pipe, "pipe is unportable - "
+ "use gnulib module pipe-posix for portability");
+# endif
+#endif
+
+
+#if @GNULIB_PIPE2@
+/* Create a pipe, applying the given flags when opening the read-end of the
+ pipe and the write-end of the pipe.
+ The flags are a bitmask, possibly including O_CLOEXEC (defined in <fcntl.h>)
+ and O_TEXT, O_BINARY (defined in "binary-io.h").
+ Store the read-end as fd[0] and the write-end as fd[1].
+ Return 0 upon success, or -1 with errno set upon failure.
+ See also the Linux man page at
+ <http://www.kernel.org/doc/man-pages/online/pages/man2/pipe2.2.html>. */
+# if @HAVE_PIPE2@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define pipe2 rpl_pipe2
+# endif
+_GL_FUNCDECL_RPL (pipe2, int, (int fd[2], int flags) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (pipe2, int, (int fd[2], int flags));
+# else
+_GL_FUNCDECL_SYS (pipe2, int, (int fd[2], int flags) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_SYS (pipe2, int, (int fd[2], int flags));
+# endif
+_GL_CXXALIASWARN (pipe2);
+#elif defined GNULIB_POSIXCHECK
+# undef pipe2
+# if HAVE_RAW_DECL_PIPE2
+_GL_WARN_ON_USE (pipe2, "pipe2 is unportable - "
+ "use gnulib module pipe2 for portability");
+# endif
+#endif
+
+
+#if @GNULIB_PREAD@
+/* Read at most BUFSIZE bytes from FD into BUF, starting at OFFSET.
+ Return the number of bytes placed into BUF if successful, otherwise
+ set errno and return -1. 0 indicates EOF. See the POSIX:2001
+ specification <http://www.opengroup.org/susv3xsh/pread.html>. */
+# if @REPLACE_PREAD@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define pread rpl_pread
+# endif
+_GL_FUNCDECL_RPL (pread, ssize_t,
+ (int fd, void *buf, size_t bufsize, off_t offset)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (pread, ssize_t,
+ (int fd, void *buf, size_t bufsize, off_t offset));
+# else
+# if !@HAVE_PREAD@
+_GL_FUNCDECL_SYS (pread, ssize_t,
+ (int fd, void *buf, size_t bufsize, off_t offset)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (pread, ssize_t,
+ (int fd, void *buf, size_t bufsize, off_t offset));
+# endif
+_GL_CXXALIASWARN (pread);
+#elif defined GNULIB_POSIXCHECK
+# undef pread
+# if HAVE_RAW_DECL_PREAD
+_GL_WARN_ON_USE (pread, "pread is unportable - "
+ "use gnulib module pread for portability");
+# endif
+#endif
+
+
+#if @GNULIB_PWRITE@
+/* Write at most BUFSIZE bytes from BUF into FD, starting at OFFSET.
+ Return the number of bytes written if successful, otherwise
+ set errno and return -1. 0 indicates nothing written. See the
+ POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/pwrite.html>. */
+# if @REPLACE_PWRITE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define pwrite rpl_pwrite
+# endif
+_GL_FUNCDECL_RPL (pwrite, ssize_t,
+ (int fd, const void *buf, size_t bufsize, off_t offset)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (pwrite, ssize_t,
+ (int fd, const void *buf, size_t bufsize, off_t offset));
+# else
+# if !@HAVE_PWRITE@
+_GL_FUNCDECL_SYS (pwrite, ssize_t,
+ (int fd, const void *buf, size_t bufsize, off_t offset)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (pwrite, ssize_t,
+ (int fd, const void *buf, size_t bufsize, off_t offset));
+# endif
+_GL_CXXALIASWARN (pwrite);
+#elif defined GNULIB_POSIXCHECK
+# undef pwrite
+# if HAVE_RAW_DECL_PWRITE
+_GL_WARN_ON_USE (pwrite, "pwrite is unportable - "
+ "use gnulib module pwrite for portability");
+# endif
+#endif
+
+
+#if @GNULIB_READLINK@
+/* Read the contents of the symbolic link FILE and place the first BUFSIZE
+ bytes of it into BUF. Return the number of bytes placed into BUF if
+ successful, otherwise -1 and errno set.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/readlink.html>. */
+# if @REPLACE_READLINK@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define readlink rpl_readlink
+# endif
+_GL_FUNCDECL_RPL (readlink, ssize_t,
+ (const char *file, char *buf, size_t bufsize)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (readlink, ssize_t,
+ (const char *file, char *buf, size_t bufsize));
+# else
+# if !@HAVE_READLINK@
+_GL_FUNCDECL_SYS (readlink, ssize_t,
+ (const char *file, char *buf, size_t bufsize)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (readlink, ssize_t,
+ (const char *file, char *buf, size_t bufsize));
+# endif
+_GL_CXXALIASWARN (readlink);
+#elif defined GNULIB_POSIXCHECK
+# undef readlink
+# if HAVE_RAW_DECL_READLINK
+_GL_WARN_ON_USE (readlink, "readlink is unportable - "
+ "use gnulib module readlink for portability");
+# endif
+#endif
+
+
+#if @GNULIB_READLINKAT@
+# if !@HAVE_READLINKAT@
+_GL_FUNCDECL_SYS (readlinkat, ssize_t,
+ (int fd, char const *file, char *buf, size_t len)
+ _GL_ARG_NONNULL ((2, 3)));
+# endif
+_GL_CXXALIAS_SYS (readlinkat, ssize_t,
+ (int fd, char const *file, char *buf, size_t len));
+_GL_CXXALIASWARN (readlinkat);
+#elif defined GNULIB_POSIXCHECK
+# undef readlinkat
+# if HAVE_RAW_DECL_READLINKAT
+_GL_WARN_ON_USE (readlinkat, "readlinkat is not portable - "
+ "use gnulib module readlinkat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_RMDIR@
+/* Remove the directory DIR. */
+# if @REPLACE_RMDIR@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# define rmdir rpl_rmdir
+# endif
+_GL_FUNCDECL_RPL (rmdir, int, (char const *name) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (rmdir, int, (char const *name));
+# else
+_GL_CXXALIAS_SYS (rmdir, int, (char const *name));
+# endif
+_GL_CXXALIASWARN (rmdir);
+#elif defined GNULIB_POSIXCHECK
+# undef rmdir
+# if HAVE_RAW_DECL_RMDIR
+_GL_WARN_ON_USE (rmdir, "rmdir is unportable - "
+ "use gnulib module rmdir for portability");
+# endif
+#endif
+
+
+#if @GNULIB_SLEEP@
+/* Pause the execution of the current thread for N seconds.
+ Returns the number of seconds left to sleep.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/sleep.html>. */
+# if @REPLACE_SLEEP@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef sleep
+# define sleep rpl_sleep
+# endif
+_GL_FUNCDECL_RPL (sleep, unsigned int, (unsigned int n));
+_GL_CXXALIAS_RPL (sleep, unsigned int, (unsigned int n));
+# else
+# if !@HAVE_SLEEP@
+_GL_FUNCDECL_SYS (sleep, unsigned int, (unsigned int n));
+# endif
+_GL_CXXALIAS_SYS (sleep, unsigned int, (unsigned int n));
+# endif
+_GL_CXXALIASWARN (sleep);
+#elif defined GNULIB_POSIXCHECK
+# undef sleep
+# if HAVE_RAW_DECL_SLEEP
+_GL_WARN_ON_USE (sleep, "sleep is unportable - "
+ "use gnulib module sleep for portability");
+# endif
+#endif
+
+
+#if @GNULIB_SYMLINK@
+# if @REPLACE_SYMLINK@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef symlink
+# define symlink rpl_symlink
+# endif
+_GL_FUNCDECL_RPL (symlink, int, (char const *contents, char const *file)
+ _GL_ARG_NONNULL ((1, 2)));
+_GL_CXXALIAS_RPL (symlink, int, (char const *contents, char const *file));
+# else
+# if !@HAVE_SYMLINK@
+_GL_FUNCDECL_SYS (symlink, int, (char const *contents, char const *file)
+ _GL_ARG_NONNULL ((1, 2)));
+# endif
+_GL_CXXALIAS_SYS (symlink, int, (char const *contents, char const *file));
+# endif
+_GL_CXXALIASWARN (symlink);
+#elif defined GNULIB_POSIXCHECK
+# undef symlink
+# if HAVE_RAW_DECL_SYMLINK
+_GL_WARN_ON_USE (symlink, "symlink is not portable - "
+ "use gnulib module symlink for portability");
+# endif
+#endif
+
+
+#if @GNULIB_SYMLINKAT@
+# if !@HAVE_SYMLINKAT@
+_GL_FUNCDECL_SYS (symlinkat, int,
+ (char const *contents, int fd, char const *file)
+ _GL_ARG_NONNULL ((1, 3)));
+# endif
+_GL_CXXALIAS_SYS (symlinkat, int,
+ (char const *contents, int fd, char const *file));
+_GL_CXXALIASWARN (symlinkat);
+#elif defined GNULIB_POSIXCHECK
+# undef symlinkat
+# if HAVE_RAW_DECL_SYMLINKAT
+_GL_WARN_ON_USE (symlinkat, "symlinkat is not portable - "
+ "use gnulib module symlinkat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_TTYNAME_R@
+/* Store at most BUFLEN characters of the pathname of the terminal FD is
+ open on in BUF. Return 0 on success, otherwise an error number. */
+# if @REPLACE_TTYNAME_R@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef ttyname_r
+# define ttyname_r rpl_ttyname_r
+# endif
+_GL_FUNCDECL_RPL (ttyname_r, int,
+ (int fd, char *buf, size_t buflen) _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (ttyname_r, int,
+ (int fd, char *buf, size_t buflen));
+# else
+# if !@HAVE_DECL_TTYNAME_R@
+_GL_FUNCDECL_SYS (ttyname_r, int,
+ (int fd, char *buf, size_t buflen) _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (ttyname_r, int,
+ (int fd, char *buf, size_t buflen));
+# endif
+_GL_CXXALIASWARN (ttyname_r);
+#elif defined GNULIB_POSIXCHECK
+# undef ttyname_r
+# if HAVE_RAW_DECL_TTYNAME_R
+_GL_WARN_ON_USE (ttyname_r, "ttyname_r is not portable - "
+ "use gnulib module ttyname_r for portability");
+# endif
+#endif
+
+
+#if @GNULIB_UNLINK@
+# if @REPLACE_UNLINK@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef unlink
+# define unlink rpl_unlink
+# endif
+_GL_FUNCDECL_RPL (unlink, int, (char const *file) _GL_ARG_NONNULL ((1)));
+_GL_CXXALIAS_RPL (unlink, int, (char const *file));
+# else
+_GL_CXXALIAS_SYS (unlink, int, (char const *file));
+# endif
+_GL_CXXALIASWARN (unlink);
+#elif defined GNULIB_POSIXCHECK
+# undef unlink
+# if HAVE_RAW_DECL_UNLINK
+_GL_WARN_ON_USE (unlink, "unlink is not portable - "
+ "use gnulib module unlink for portability");
+# endif
+#endif
+
+
+#if @GNULIB_UNLINKAT@
+# if @REPLACE_UNLINKAT@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef unlinkat
+# define unlinkat rpl_unlinkat
+# endif
+_GL_FUNCDECL_RPL (unlinkat, int, (int fd, char const *file, int flag)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (unlinkat, int, (int fd, char const *file, int flag));
+# else
+# if !@HAVE_UNLINKAT@
+_GL_FUNCDECL_SYS (unlinkat, int, (int fd, char const *file, int flag)
+ _GL_ARG_NONNULL ((2)));
+# endif
+_GL_CXXALIAS_SYS (unlinkat, int, (int fd, char const *file, int flag));
+# endif
+_GL_CXXALIASWARN (unlinkat);
+#elif defined GNULIB_POSIXCHECK
+# undef unlinkat
+# if HAVE_RAW_DECL_UNLINKAT
+_GL_WARN_ON_USE (unlinkat, "unlinkat is not portable - "
+ "use gnulib module openat for portability");
+# endif
+#endif
+
+
+#if @GNULIB_USLEEP@
+/* Pause the execution of the current thread for N microseconds.
+ Returns 0 on completion, or -1 on range error.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/sleep.html>. */
+# if @REPLACE_USLEEP@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef usleep
+# define usleep rpl_usleep
+# endif
+_GL_FUNCDECL_RPL (usleep, int, (useconds_t n));
+_GL_CXXALIAS_RPL (usleep, int, (useconds_t n));
+# else
+# if !@HAVE_USLEEP@
+_GL_FUNCDECL_SYS (usleep, int, (useconds_t n));
+# endif
+_GL_CXXALIAS_SYS (usleep, int, (useconds_t n));
+# endif
+_GL_CXXALIASWARN (usleep);
+#elif defined GNULIB_POSIXCHECK
+# undef usleep
+# if HAVE_RAW_DECL_USLEEP
+_GL_WARN_ON_USE (usleep, "usleep is unportable - "
+ "use gnulib module usleep for portability");
+# endif
+#endif
+
+
+#if @GNULIB_WRITE@
+/* Write up to COUNT bytes starting at BUF to file descriptor FD.
+ See the POSIX:2001 specification
+ <http://www.opengroup.org/susv3xsh/write.html>. */
+# if @REPLACE_WRITE@ && @GNULIB_UNISTD_H_SIGPIPE@
+# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
+# undef write
+# define write rpl_write
+# endif
+_GL_FUNCDECL_RPL (write, ssize_t, (int fd, const void *buf, size_t count)
+ _GL_ARG_NONNULL ((2)));
+_GL_CXXALIAS_RPL (write, ssize_t, (int fd, const void *buf, size_t count));
+# else
+/* Need to cast, because on mingw, the third parameter is
+ unsigned int count
+ and the return type is 'int'. */
+_GL_CXXALIAS_SYS_CAST (write, ssize_t, (int fd, const void *buf, size_t count));
+# endif
+_GL_CXXALIASWARN (write);
+#endif
+
+
+#endif /* _GL_UNISTD_H */
+#endif /* _GL_UNISTD_H */
--- /dev/null
+/* vsprintf with automatic memory allocation.
+ Copyright (C) 1999, 2002-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* This file can be parametrized with the following macros:
+ VASNPRINTF The name of the function being defined.
+ FCHAR_T The element type of the format string.
+ DCHAR_T The element type of the destination (result) string.
+ FCHAR_T_ONLY_ASCII Set to 1 to enable verification that all characters
+ in the format string are ASCII. MUST be set if
+ FCHAR_T and DCHAR_T are not the same type.
+ DIRECTIVE Structure denoting a format directive.
+ Depends on FCHAR_T.
+ DIRECTIVES Structure denoting the set of format directives of a
+ format string. Depends on FCHAR_T.
+ PRINTF_PARSE Function that parses a format string.
+ Depends on FCHAR_T.
+ DCHAR_CPY memcpy like function for DCHAR_T[] arrays.
+ DCHAR_SET memset like function for DCHAR_T[] arrays.
+ DCHAR_MBSNLEN mbsnlen like function for DCHAR_T[] arrays.
+ SNPRINTF The system's snprintf (or similar) function.
+ This may be either snprintf or swprintf.
+ TCHAR_T The element type of the argument and result string
+ of the said SNPRINTF function. This may be either
+ char or wchar_t. The code exploits that
+ sizeof (TCHAR_T) | sizeof (DCHAR_T) and
+ alignof (TCHAR_T) <= alignof (DCHAR_T).
+ DCHAR_IS_TCHAR Set to 1 if DCHAR_T and TCHAR_T are the same type.
+ DCHAR_CONV_FROM_ENCODING A function to convert from char[] to DCHAR[].
+ DCHAR_IS_UINT8_T Set to 1 if DCHAR_T is uint8_t.
+ DCHAR_IS_UINT16_T Set to 1 if DCHAR_T is uint16_t.
+ DCHAR_IS_UINT32_T Set to 1 if DCHAR_T is uint32_t. */
+
+/* Tell glibc's <stdio.h> to provide a prototype for snprintf().
+ This must come before <config.h> because <config.h> may include
+ <features.h>, and once <features.h> has been included, it's too late. */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE 1
+#endif
+
+#ifndef VASNPRINTF
+# include <config.h>
+#endif
+#ifndef IN_LIBINTL
+# include <alloca.h>
+#endif
+
+/* Specification. */
+#ifndef VASNPRINTF
+# if WIDE_CHAR_VERSION
+# include "vasnwprintf.h"
+# else
+# include "vasnprintf.h"
+# endif
+#endif
+
+#include <locale.h> /* localeconv() */
+#include <stdio.h> /* snprintf(), sprintf() */
+#include <stdlib.h> /* abort(), malloc(), realloc(), free() */
+#include <string.h> /* memcpy(), strlen() */
+#include <errno.h> /* errno */
+#include <limits.h> /* CHAR_BIT */
+#include <float.h> /* DBL_MAX_EXP, LDBL_MAX_EXP */
+#if HAVE_NL_LANGINFO
+# include <langinfo.h>
+#endif
+#ifndef VASNPRINTF
+# if WIDE_CHAR_VERSION
+# include "wprintf-parse.h"
+# else
+# include "printf-parse.h"
+# endif
+#endif
+
+/* Checked size_t computations. */
+#include "xsize.h"
+
+#include "verify.h"
+
+#if (NEED_PRINTF_DOUBLE || NEED_PRINTF_LONG_DOUBLE) && !defined IN_LIBINTL
+# include <math.h>
+# include "float+.h"
+#endif
+
+#if (NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_DOUBLE) && !defined IN_LIBINTL
+# include <math.h>
+# include "isnand-nolibm.h"
+#endif
+
+#if (NEED_PRINTF_LONG_DOUBLE || NEED_PRINTF_INFINITE_LONG_DOUBLE) && !defined IN_LIBINTL
+# include <math.h>
+# include "isnanl-nolibm.h"
+# include "fpucw.h"
+#endif
+
+#if (NEED_PRINTF_DIRECTIVE_A || NEED_PRINTF_DOUBLE) && !defined IN_LIBINTL
+# include <math.h>
+# include "isnand-nolibm.h"
+# include "printf-frexp.h"
+#endif
+
+#if (NEED_PRINTF_DIRECTIVE_A || NEED_PRINTF_LONG_DOUBLE) && !defined IN_LIBINTL
+# include <math.h>
+# include "isnanl-nolibm.h"
+# include "printf-frexpl.h"
+# include "fpucw.h"
+#endif
+
+/* Default parameters. */
+#ifndef VASNPRINTF
+# if WIDE_CHAR_VERSION
+# define VASNPRINTF vasnwprintf
+# define FCHAR_T wchar_t
+# define DCHAR_T wchar_t
+# define TCHAR_T wchar_t
+# define DCHAR_IS_TCHAR 1
+# define DIRECTIVE wchar_t_directive
+# define DIRECTIVES wchar_t_directives
+# define PRINTF_PARSE wprintf_parse
+# define DCHAR_CPY wmemcpy
+# define DCHAR_SET wmemset
+# else
+# define VASNPRINTF vasnprintf
+# define FCHAR_T char
+# define DCHAR_T char
+# define TCHAR_T char
+# define DCHAR_IS_TCHAR 1
+# define DIRECTIVE char_directive
+# define DIRECTIVES char_directives
+# define PRINTF_PARSE printf_parse
+# define DCHAR_CPY memcpy
+# define DCHAR_SET memset
+# endif
+#endif
+#if WIDE_CHAR_VERSION
+ /* TCHAR_T is wchar_t. */
+# define USE_SNPRINTF 1
+# if HAVE_DECL__SNWPRINTF
+ /* On Windows, the function swprintf() has a different signature than
+ on Unix; we use the function _snwprintf() or - on mingw - snwprintf()
+ instead. The mingw function snwprintf() has fewer bugs than the
+ MSVCRT function _snwprintf(), so prefer that. */
+# if defined __MINGW32__
+# define SNPRINTF snwprintf
+# else
+# define SNPRINTF _snwprintf
+# endif
+# else
+ /* Unix. */
+# define SNPRINTF swprintf
+# endif
+#else
+ /* TCHAR_T is char. */
+ /* Use snprintf if it exists under the name 'snprintf' or '_snprintf'.
+ But don't use it on BeOS, since BeOS snprintf produces no output if the
+ size argument is >= 0x3000000.
+ Also don't use it on Linux libc5, since there snprintf with size = 1
+ writes any output without bounds, like sprintf. */
+# if (HAVE_DECL__SNPRINTF || HAVE_SNPRINTF) && !defined __BEOS__ && !(__GNU_LIBRARY__ == 1)
+# define USE_SNPRINTF 1
+# else
+# define USE_SNPRINTF 0
+# endif
+# if HAVE_DECL__SNPRINTF
+ /* Windows. The mingw function snprintf() has fewer bugs than the MSVCRT
+ function _snprintf(), so prefer that. */
+# if defined __MINGW32__
+# define SNPRINTF snprintf
+ /* Here we need to call the native snprintf, not rpl_snprintf. */
+# undef snprintf
+# else
+# define SNPRINTF _snprintf
+# endif
+# else
+ /* Unix. */
+# define SNPRINTF snprintf
+ /* Here we need to call the native snprintf, not rpl_snprintf. */
+# undef snprintf
+# endif
+#endif
+/* Here we need to call the native sprintf, not rpl_sprintf. */
+#undef sprintf
+
+/* GCC >= 4.0 with -Wall emits unjustified "... may be used uninitialized"
+ warnings in this file. Use -Dlint to suppress them. */
+#ifdef lint
+# define IF_LINT(Code) Code
+#else
+# define IF_LINT(Code) /* empty */
+#endif
+
+/* Avoid some warnings from "gcc -Wshadow".
+ This file doesn't use the exp() and remainder() functions. */
+#undef exp
+#define exp expo
+#undef remainder
+#define remainder rem
+
+#if (!USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99) && !WIDE_CHAR_VERSION
+# if (HAVE_STRNLEN && !defined _AIX)
+# define local_strnlen strnlen
+# else
+# ifndef local_strnlen_defined
+# define local_strnlen_defined 1
+static size_t
+local_strnlen (const char *string, size_t maxlen)
+{
+ const char *end = memchr (string, '\0', maxlen);
+ return end ? (size_t) (end - string) : maxlen;
+}
+# endif
+# endif
+#endif
+
+#if (((!USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99) && WIDE_CHAR_VERSION) || ((!USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99 || (NEED_PRINTF_DIRECTIVE_LS && !defined IN_LIBINTL)) && !WIDE_CHAR_VERSION && DCHAR_IS_TCHAR)) && HAVE_WCHAR_T
+# if HAVE_WCSLEN
+# define local_wcslen wcslen
+# else
+ /* Solaris 2.5.1 has wcslen() in a separate library libw.so. To avoid
+ a dependency towards this library, here is a local substitute.
+ Define this substitute only once, even if this file is included
+ twice in the same compilation unit. */
+# ifndef local_wcslen_defined
+# define local_wcslen_defined 1
+static size_t
+local_wcslen (const wchar_t *s)
+{
+ const wchar_t *ptr;
+
+ for (ptr = s; *ptr != (wchar_t) 0; ptr++)
+ ;
+ return ptr - s;
+}
+# endif
+# endif
+#endif
+
+#if (!USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99) && HAVE_WCHAR_T && WIDE_CHAR_VERSION
+# if HAVE_WCSNLEN
+# define local_wcsnlen wcsnlen
+# else
+# ifndef local_wcsnlen_defined
+# define local_wcsnlen_defined 1
+static size_t
+local_wcsnlen (const wchar_t *s, size_t maxlen)
+{
+ const wchar_t *ptr;
+
+ for (ptr = s; maxlen > 0 && *ptr != (wchar_t) 0; ptr++, maxlen--)
+ ;
+ return ptr - s;
+}
+# endif
+# endif
+#endif
+
+#if (NEED_PRINTF_DIRECTIVE_A || NEED_PRINTF_LONG_DOUBLE || NEED_PRINTF_INFINITE_LONG_DOUBLE || NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_DOUBLE) && !defined IN_LIBINTL
+/* Determine the decimal-point character according to the current locale. */
+# ifndef decimal_point_char_defined
+# define decimal_point_char_defined 1
+static char
+decimal_point_char (void)
+{
+ const char *point;
+ /* Determine it in a multithread-safe way. We know nl_langinfo is
+ multithread-safe on glibc systems and MacOS X systems, but is not required
+ to be multithread-safe by POSIX. sprintf(), however, is multithread-safe.
+ localeconv() is rarely multithread-safe. */
+# if HAVE_NL_LANGINFO && (__GLIBC__ || defined __UCLIBC__ || (defined __APPLE__ && defined __MACH__))
+ point = nl_langinfo (RADIXCHAR);
+# elif 1
+ char pointbuf[5];
+ sprintf (pointbuf, "%#.0f", 1.0);
+ point = &pointbuf[1];
+# else
+ point = localeconv () -> decimal_point;
+# endif
+ /* The decimal point is always a single byte: either '.' or ','. */
+ return (point[0] != '\0' ? point[0] : '.');
+}
+# endif
+#endif
+
+#if NEED_PRINTF_INFINITE_DOUBLE && !NEED_PRINTF_DOUBLE && !defined IN_LIBINTL
+
+/* Equivalent to !isfinite(x) || x == 0, but does not require libm. */
+static int
+is_infinite_or_zero (double x)
+{
+ return isnand (x) || x + x == x;
+}
+
+#endif
+
+#if NEED_PRINTF_INFINITE_LONG_DOUBLE && !NEED_PRINTF_LONG_DOUBLE && !defined IN_LIBINTL
+
+/* Equivalent to !isfinite(x) || x == 0, but does not require libm. */
+static int
+is_infinite_or_zerol (long double x)
+{
+ return isnanl (x) || x + x == x;
+}
+
+#endif
+
+#if (NEED_PRINTF_LONG_DOUBLE || NEED_PRINTF_DOUBLE) && !defined IN_LIBINTL
+
+/* Converting 'long double' to decimal without rare rounding bugs requires
+ real bignums. We use the naming conventions of GNU gmp, but vastly simpler
+ (and slower) algorithms. */
+
+typedef unsigned int mp_limb_t;
+# define GMP_LIMB_BITS 32
+verify (sizeof (mp_limb_t) * CHAR_BIT == GMP_LIMB_BITS);
+
+typedef unsigned long long mp_twolimb_t;
+# define GMP_TWOLIMB_BITS 64
+verify (sizeof (mp_twolimb_t) * CHAR_BIT == GMP_TWOLIMB_BITS);
+
+/* Representation of a bignum >= 0. */
+typedef struct
+{
+ size_t nlimbs;
+ mp_limb_t *limbs; /* Bits in little-endian order, allocated with malloc(). */
+} mpn_t;
+
+/* Compute the product of two bignums >= 0.
+ Return the allocated memory in case of success, NULL in case of memory
+ allocation failure. */
+static void *
+multiply (mpn_t src1, mpn_t src2, mpn_t *dest)
+{
+ const mp_limb_t *p1;
+ const mp_limb_t *p2;
+ size_t len1;
+ size_t len2;
+
+ if (src1.nlimbs <= src2.nlimbs)
+ {
+ len1 = src1.nlimbs;
+ p1 = src1.limbs;
+ len2 = src2.nlimbs;
+ p2 = src2.limbs;
+ }
+ else
+ {
+ len1 = src2.nlimbs;
+ p1 = src2.limbs;
+ len2 = src1.nlimbs;
+ p2 = src1.limbs;
+ }
+ /* Now 0 <= len1 <= len2. */
+ if (len1 == 0)
+ {
+ /* src1 or src2 is zero. */
+ dest->nlimbs = 0;
+ dest->limbs = (mp_limb_t *) malloc (1);
+ }
+ else
+ {
+ /* Here 1 <= len1 <= len2. */
+ size_t dlen;
+ mp_limb_t *dp;
+ size_t k, i, j;
+
+ dlen = len1 + len2;
+ dp = (mp_limb_t *) malloc (dlen * sizeof (mp_limb_t));
+ if (dp == NULL)
+ return NULL;
+ for (k = len2; k > 0; )
+ dp[--k] = 0;
+ for (i = 0; i < len1; i++)
+ {
+ mp_limb_t digit1 = p1[i];
+ mp_twolimb_t carry = 0;
+ for (j = 0; j < len2; j++)
+ {
+ mp_limb_t digit2 = p2[j];
+ carry += (mp_twolimb_t) digit1 * (mp_twolimb_t) digit2;
+ carry += dp[i + j];
+ dp[i + j] = (mp_limb_t) carry;
+ carry = carry >> GMP_LIMB_BITS;
+ }
+ dp[i + len2] = (mp_limb_t) carry;
+ }
+ /* Normalise. */
+ while (dlen > 0 && dp[dlen - 1] == 0)
+ dlen--;
+ dest->nlimbs = dlen;
+ dest->limbs = dp;
+ }
+ return dest->limbs;
+}
+
+/* Compute the quotient of a bignum a >= 0 and a bignum b > 0.
+ a is written as a = q * b + r with 0 <= r < b. q is the quotient, r
+ the remainder.
+ Finally, round-to-even is performed: If r > b/2 or if r = b/2 and q is odd,
+ q is incremented.
+ Return the allocated memory in case of success, NULL in case of memory
+ allocation failure. */
+static void *
+divide (mpn_t a, mpn_t b, mpn_t *q)
+{
+ /* Algorithm:
+ First normalise a and b: a=[a[m-1],...,a[0]], b=[b[n-1],...,b[0]]
+ with m>=0 and n>0 (in base beta = 2^GMP_LIMB_BITS).
+ If m<n, then q:=0 and r:=a.
+ If m>=n=1, perform a single-precision division:
+ r:=0, j:=m,
+ while j>0 do
+ {Here (q[m-1]*beta^(m-1)+...+q[j]*beta^j) * b[0] + r*beta^j =
+ = a[m-1]*beta^(m-1)+...+a[j]*beta^j und 0<=r<b[0]<beta}
+ j:=j-1, r:=r*beta+a[j], q[j]:=floor(r/b[0]), r:=r-b[0]*q[j].
+ Normalise [q[m-1],...,q[0]], yields q.
+ If m>=n>1, perform a multiple-precision division:
+ We have a/b < beta^(m-n+1).
+ s:=intDsize-1-(highest bit in b[n-1]), 0<=s<intDsize.
+ Shift a and b left by s bits, copying them. r:=a.
+ r=[r[m],...,r[0]], b=[b[n-1],...,b[0]] with b[n-1]>=beta/2.
+ For j=m-n,...,0: {Here 0 <= r < b*beta^(j+1).}
+ Compute q* :
+ q* := floor((r[j+n]*beta+r[j+n-1])/b[n-1]).
+ In case of overflow (q* >= beta) set q* := beta-1.
+ Compute c2 := ((r[j+n]*beta+r[j+n-1]) - q* * b[n-1])*beta + r[j+n-2]
+ and c3 := b[n-2] * q*.
+ {We have 0 <= c2 < 2*beta^2, even 0 <= c2 < beta^2 if no overflow
+ occurred. Furthermore 0 <= c3 < beta^2.
+ If there was overflow and
+ r[j+n]*beta+r[j+n-1] - q* * b[n-1] >= beta, i.e. c2 >= beta^2,
+ the next test can be skipped.}
+ While c3 > c2, {Here 0 <= c2 < c3 < beta^2}
+ Put q* := q* - 1, c2 := c2 + b[n-1]*beta, c3 := c3 - b[n-2].
+ If q* > 0:
+ Put r := r - b * q* * beta^j. In detail:
+ [r[n+j],...,r[j]] := [r[n+j],...,r[j]] - q* * [b[n-1],...,b[0]].
+ hence: u:=0, for i:=0 to n-1 do
+ u := u + q* * b[i],
+ r[j+i]:=r[j+i]-(u mod beta) (+ beta, if carry),
+ u:=u div beta (+ 1, if carry in subtraction)
+ r[n+j]:=r[n+j]-u.
+ {Since always u = (q* * [b[i-1],...,b[0]] div beta^i) + 1
+ < q* + 1 <= beta,
+ the carry u does not overflow.}
+ If a negative carry occurs, put q* := q* - 1
+ and [r[n+j],...,r[j]] := [r[n+j],...,r[j]] + [0,b[n-1],...,b[0]].
+ Set q[j] := q*.
+ Normalise [q[m-n],..,q[0]]; this yields the quotient q.
+ Shift [r[n-1],...,r[0]] right by s bits and normalise; this yields the
+ rest r.
+ The room for q[j] can be allocated at the memory location of r[n+j].
+ Finally, round-to-even:
+ Shift r left by 1 bit.
+ If r > b or if r = b and q[0] is odd, q := q+1.
+ */
+ const mp_limb_t *a_ptr = a.limbs;
+ size_t a_len = a.nlimbs;
+ const mp_limb_t *b_ptr = b.limbs;
+ size_t b_len = b.nlimbs;
+ mp_limb_t *roomptr;
+ mp_limb_t *tmp_roomptr = NULL;
+ mp_limb_t *q_ptr;
+ size_t q_len;
+ mp_limb_t *r_ptr;
+ size_t r_len;
+
+ /* Allocate room for a_len+2 digits.
+ (Need a_len+1 digits for the real division and 1 more digit for the
+ final rounding of q.) */
+ roomptr = (mp_limb_t *) malloc ((a_len + 2) * sizeof (mp_limb_t));
+ if (roomptr == NULL)
+ return NULL;
+
+ /* Normalise a. */
+ while (a_len > 0 && a_ptr[a_len - 1] == 0)
+ a_len--;
+
+ /* Normalise b. */
+ for (;;)
+ {
+ if (b_len == 0)
+ /* Division by zero. */
+ abort ();
+ if (b_ptr[b_len - 1] == 0)
+ b_len--;
+ else
+ break;
+ }
+
+ /* Here m = a_len >= 0 and n = b_len > 0. */
+
+ if (a_len < b_len)
+ {
+ /* m<n: trivial case. q=0, r := copy of a. */
+ r_ptr = roomptr;
+ r_len = a_len;
+ memcpy (r_ptr, a_ptr, a_len * sizeof (mp_limb_t));
+ q_ptr = roomptr + a_len;
+ q_len = 0;
+ }
+ else if (b_len == 1)
+ {
+ /* n=1: single precision division.
+ beta^(m-1) <= a < beta^m ==> beta^(m-2) <= a/b < beta^m */
+ r_ptr = roomptr;
+ q_ptr = roomptr + 1;
+ {
+ mp_limb_t den = b_ptr[0];
+ mp_limb_t remainder = 0;
+ const mp_limb_t *sourceptr = a_ptr + a_len;
+ mp_limb_t *destptr = q_ptr + a_len;
+ size_t count;
+ for (count = a_len; count > 0; count--)
+ {
+ mp_twolimb_t num =
+ ((mp_twolimb_t) remainder << GMP_LIMB_BITS) | *--sourceptr;
+ *--destptr = num / den;
+ remainder = num % den;
+ }
+ /* Normalise and store r. */
+ if (remainder > 0)
+ {
+ r_ptr[0] = remainder;
+ r_len = 1;
+ }
+ else
+ r_len = 0;
+ /* Normalise q. */
+ q_len = a_len;
+ if (q_ptr[q_len - 1] == 0)
+ q_len--;
+ }
+ }
+ else
+ {
+ /* n>1: multiple precision division.
+ beta^(m-1) <= a < beta^m, beta^(n-1) <= b < beta^n ==>
+ beta^(m-n-1) <= a/b < beta^(m-n+1). */
+ /* Determine s. */
+ size_t s;
+ {
+ mp_limb_t msd = b_ptr[b_len - 1]; /* = b[n-1], > 0 */
+ s = 31;
+ if (msd >= 0x10000)
+ {
+ msd = msd >> 16;
+ s -= 16;
+ }
+ if (msd >= 0x100)
+ {
+ msd = msd >> 8;
+ s -= 8;
+ }
+ if (msd >= 0x10)
+ {
+ msd = msd >> 4;
+ s -= 4;
+ }
+ if (msd >= 0x4)
+ {
+ msd = msd >> 2;
+ s -= 2;
+ }
+ if (msd >= 0x2)
+ {
+ msd = msd >> 1;
+ s -= 1;
+ }
+ }
+ /* 0 <= s < GMP_LIMB_BITS.
+ Copy b, shifting it left by s bits. */
+ if (s > 0)
+ {
+ tmp_roomptr = (mp_limb_t *) malloc (b_len * sizeof (mp_limb_t));
+ if (tmp_roomptr == NULL)
+ {
+ free (roomptr);
+ return NULL;
+ }
+ {
+ const mp_limb_t *sourceptr = b_ptr;
+ mp_limb_t *destptr = tmp_roomptr;
+ mp_twolimb_t accu = 0;
+ size_t count;
+ for (count = b_len; count > 0; count--)
+ {
+ accu += (mp_twolimb_t) *sourceptr++ << s;
+ *destptr++ = (mp_limb_t) accu;
+ accu = accu >> GMP_LIMB_BITS;
+ }
+ /* accu must be zero, since that was how s was determined. */
+ if (accu != 0)
+ abort ();
+ }
+ b_ptr = tmp_roomptr;
+ }
+ /* Copy a, shifting it left by s bits, yields r.
+ Memory layout:
+ At the beginning: r = roomptr[0..a_len],
+ at the end: r = roomptr[0..b_len-1], q = roomptr[b_len..a_len] */
+ r_ptr = roomptr;
+ if (s == 0)
+ {
+ memcpy (r_ptr, a_ptr, a_len * sizeof (mp_limb_t));
+ r_ptr[a_len] = 0;
+ }
+ else
+ {
+ const mp_limb_t *sourceptr = a_ptr;
+ mp_limb_t *destptr = r_ptr;
+ mp_twolimb_t accu = 0;
+ size_t count;
+ for (count = a_len; count > 0; count--)
+ {
+ accu += (mp_twolimb_t) *sourceptr++ << s;
+ *destptr++ = (mp_limb_t) accu;
+ accu = accu >> GMP_LIMB_BITS;
+ }
+ *destptr++ = (mp_limb_t) accu;
+ }
+ q_ptr = roomptr + b_len;
+ q_len = a_len - b_len + 1; /* q will have m-n+1 limbs */
+ {
+ size_t j = a_len - b_len; /* m-n */
+ mp_limb_t b_msd = b_ptr[b_len - 1]; /* b[n-1] */
+ mp_limb_t b_2msd = b_ptr[b_len - 2]; /* b[n-2] */
+ mp_twolimb_t b_msdd = /* b[n-1]*beta+b[n-2] */
+ ((mp_twolimb_t) b_msd << GMP_LIMB_BITS) | b_2msd;
+ /* Division loop, traversed m-n+1 times.
+ j counts down, b is unchanged, beta/2 <= b[n-1] < beta. */
+ for (;;)
+ {
+ mp_limb_t q_star;
+ mp_limb_t c1;
+ if (r_ptr[j + b_len] < b_msd) /* r[j+n] < b[n-1] ? */
+ {
+ /* Divide r[j+n]*beta+r[j+n-1] by b[n-1], no overflow. */
+ mp_twolimb_t num =
+ ((mp_twolimb_t) r_ptr[j + b_len] << GMP_LIMB_BITS)
+ | r_ptr[j + b_len - 1];
+ q_star = num / b_msd;
+ c1 = num % b_msd;
+ }
+ else
+ {
+ /* Overflow, hence r[j+n]*beta+r[j+n-1] >= beta*b[n-1]. */
+ q_star = (mp_limb_t)~(mp_limb_t)0; /* q* = beta-1 */
+ /* Test whether r[j+n]*beta+r[j+n-1] - (beta-1)*b[n-1] >= beta
+ <==> r[j+n]*beta+r[j+n-1] + b[n-1] >= beta*b[n-1]+beta
+ <==> b[n-1] < floor((r[j+n]*beta+r[j+n-1]+b[n-1])/beta)
+ {<= beta !}.
+ If yes, jump directly to the subtraction loop.
+ (Otherwise, r[j+n]*beta+r[j+n-1] - (beta-1)*b[n-1] < beta
+ <==> floor((r[j+n]*beta+r[j+n-1]+b[n-1])/beta) = b[n-1] ) */
+ if (r_ptr[j + b_len] > b_msd
+ || (c1 = r_ptr[j + b_len - 1] + b_msd) < b_msd)
+ /* r[j+n] >= b[n-1]+1 or
+ r[j+n] = b[n-1] and the addition r[j+n-1]+b[n-1] gives a
+ carry. */
+ goto subtract;
+ }
+ /* q_star = q*,
+ c1 = (r[j+n]*beta+r[j+n-1]) - q* * b[n-1] (>=0, <beta). */
+ {
+ mp_twolimb_t c2 = /* c1*beta+r[j+n-2] */
+ ((mp_twolimb_t) c1 << GMP_LIMB_BITS) | r_ptr[j + b_len - 2];
+ mp_twolimb_t c3 = /* b[n-2] * q* */
+ (mp_twolimb_t) b_2msd * (mp_twolimb_t) q_star;
+ /* While c2 < c3, increase c2 and decrease c3.
+ Consider c3-c2. While it is > 0, decrease it by
+ b[n-1]*beta+b[n-2]. Because of b[n-1]*beta+b[n-2] >= beta^2/2
+ this can happen only twice. */
+ if (c3 > c2)
+ {
+ q_star = q_star - 1; /* q* := q* - 1 */
+ if (c3 - c2 > b_msdd)
+ q_star = q_star - 1; /* q* := q* - 1 */
+ }
+ }
+ if (q_star > 0)
+ subtract:
+ {
+ /* Subtract r := r - b * q* * beta^j. */
+ mp_limb_t cr;
+ {
+ const mp_limb_t *sourceptr = b_ptr;
+ mp_limb_t *destptr = r_ptr + j;
+ mp_twolimb_t carry = 0;
+ size_t count;
+ for (count = b_len; count > 0; count--)
+ {
+ /* Here 0 <= carry <= q*. */
+ carry =
+ carry
+ + (mp_twolimb_t) q_star * (mp_twolimb_t) *sourceptr++
+ + (mp_limb_t) ~(*destptr);
+ /* Here 0 <= carry <= beta*q* + beta-1. */
+ *destptr++ = ~(mp_limb_t) carry;
+ carry = carry >> GMP_LIMB_BITS; /* <= q* */
+ }
+ cr = (mp_limb_t) carry;
+ }
+ /* Subtract cr from r_ptr[j + b_len], then forget about
+ r_ptr[j + b_len]. */
+ if (cr > r_ptr[j + b_len])
+ {
+ /* Subtraction gave a carry. */
+ q_star = q_star - 1; /* q* := q* - 1 */
+ /* Add b back. */
+ {
+ const mp_limb_t *sourceptr = b_ptr;
+ mp_limb_t *destptr = r_ptr + j;
+ mp_limb_t carry = 0;
+ size_t count;
+ for (count = b_len; count > 0; count--)
+ {
+ mp_limb_t source1 = *sourceptr++;
+ mp_limb_t source2 = *destptr;
+ *destptr++ = source1 + source2 + carry;
+ carry =
+ (carry
+ ? source1 >= (mp_limb_t) ~source2
+ : source1 > (mp_limb_t) ~source2);
+ }
+ }
+ /* Forget about the carry and about r[j+n]. */
+ }
+ }
+ /* q* is determined. Store it as q[j]. */
+ q_ptr[j] = q_star;
+ if (j == 0)
+ break;
+ j--;
+ }
+ }
+ r_len = b_len;
+ /* Normalise q. */
+ if (q_ptr[q_len - 1] == 0)
+ q_len--;
+# if 0 /* Not needed here, since we need r only to compare it with b/2, and
+ b is shifted left by s bits. */
+ /* Shift r right by s bits. */
+ if (s > 0)
+ {
+ mp_limb_t ptr = r_ptr + r_len;
+ mp_twolimb_t accu = 0;
+ size_t count;
+ for (count = r_len; count > 0; count--)
+ {
+ accu = (mp_twolimb_t) (mp_limb_t) accu << GMP_LIMB_BITS;
+ accu += (mp_twolimb_t) *--ptr << (GMP_LIMB_BITS - s);
+ *ptr = (mp_limb_t) (accu >> GMP_LIMB_BITS);
+ }
+ }
+# endif
+ /* Normalise r. */
+ while (r_len > 0 && r_ptr[r_len - 1] == 0)
+ r_len--;
+ }
+ /* Compare r << 1 with b. */
+ if (r_len > b_len)
+ goto increment_q;
+ {
+ size_t i;
+ for (i = b_len;;)
+ {
+ mp_limb_t r_i =
+ (i <= r_len && i > 0 ? r_ptr[i - 1] >> (GMP_LIMB_BITS - 1) : 0)
+ | (i < r_len ? r_ptr[i] << 1 : 0);
+ mp_limb_t b_i = (i < b_len ? b_ptr[i] : 0);
+ if (r_i > b_i)
+ goto increment_q;
+ if (r_i < b_i)
+ goto keep_q;
+ if (i == 0)
+ break;
+ i--;
+ }
+ }
+ if (q_len > 0 && ((q_ptr[0] & 1) != 0))
+ /* q is odd. */
+ increment_q:
+ {
+ size_t i;
+ for (i = 0; i < q_len; i++)
+ if (++(q_ptr[i]) != 0)
+ goto keep_q;
+ q_ptr[q_len++] = 1;
+ }
+ keep_q:
+ if (tmp_roomptr != NULL)
+ free (tmp_roomptr);
+ q->limbs = q_ptr;
+ q->nlimbs = q_len;
+ return roomptr;
+}
+
+/* Convert a bignum a >= 0, multiplied with 10^extra_zeroes, to decimal
+ representation.
+ Destroys the contents of a.
+ Return the allocated memory - containing the decimal digits in low-to-high
+ order, terminated with a NUL character - in case of success, NULL in case
+ of memory allocation failure. */
+static char *
+convert_to_decimal (mpn_t a, size_t extra_zeroes)
+{
+ mp_limb_t *a_ptr = a.limbs;
+ size_t a_len = a.nlimbs;
+ /* 0.03345 is slightly larger than log(2)/(9*log(10)). */
+ size_t c_len = 9 * ((size_t)(a_len * (GMP_LIMB_BITS * 0.03345f)) + 1);
+ char *c_ptr = (char *) malloc (xsum (c_len, extra_zeroes));
+ if (c_ptr != NULL)
+ {
+ char *d_ptr = c_ptr;
+ for (; extra_zeroes > 0; extra_zeroes--)
+ *d_ptr++ = '0';
+ while (a_len > 0)
+ {
+ /* Divide a by 10^9, in-place. */
+ mp_limb_t remainder = 0;
+ mp_limb_t *ptr = a_ptr + a_len;
+ size_t count;
+ for (count = a_len; count > 0; count--)
+ {
+ mp_twolimb_t num =
+ ((mp_twolimb_t) remainder << GMP_LIMB_BITS) | *--ptr;
+ *ptr = num / 1000000000;
+ remainder = num % 1000000000;
+ }
+ /* Store the remainder as 9 decimal digits. */
+ for (count = 9; count > 0; count--)
+ {
+ *d_ptr++ = '0' + (remainder % 10);
+ remainder = remainder / 10;
+ }
+ /* Normalize a. */
+ if (a_ptr[a_len - 1] == 0)
+ a_len--;
+ }
+ /* Remove leading zeroes. */
+ while (d_ptr > c_ptr && d_ptr[-1] == '0')
+ d_ptr--;
+ /* But keep at least one zero. */
+ if (d_ptr == c_ptr)
+ *d_ptr++ = '0';
+ /* Terminate the string. */
+ *d_ptr = '\0';
+ }
+ return c_ptr;
+}
+
+# if NEED_PRINTF_LONG_DOUBLE
+
+/* Assuming x is finite and >= 0:
+ write x as x = 2^e * m, where m is a bignum.
+ Return the allocated memory in case of success, NULL in case of memory
+ allocation failure. */
+static void *
+decode_long_double (long double x, int *ep, mpn_t *mp)
+{
+ mpn_t m;
+ int exp;
+ long double y;
+ size_t i;
+
+ /* Allocate memory for result. */
+ m.nlimbs = (LDBL_MANT_BIT + GMP_LIMB_BITS - 1) / GMP_LIMB_BITS;
+ m.limbs = (mp_limb_t *) malloc (m.nlimbs * sizeof (mp_limb_t));
+ if (m.limbs == NULL)
+ return NULL;
+ /* Split into exponential part and mantissa. */
+ y = frexpl (x, &exp);
+ if (!(y >= 0.0L && y < 1.0L))
+ abort ();
+ /* x = 2^exp * y = 2^(exp - LDBL_MANT_BIT) * (y * LDBL_MANT_BIT), and the
+ latter is an integer. */
+ /* Convert the mantissa (y * LDBL_MANT_BIT) to a sequence of limbs.
+ I'm not sure whether it's safe to cast a 'long double' value between
+ 2^31 and 2^32 to 'unsigned int', therefore play safe and cast only
+ 'long double' values between 0 and 2^16 (to 'unsigned int' or 'int',
+ doesn't matter). */
+# if (LDBL_MANT_BIT % GMP_LIMB_BITS) != 0
+# if (LDBL_MANT_BIT % GMP_LIMB_BITS) > GMP_LIMB_BITS / 2
+ {
+ mp_limb_t hi, lo;
+ y *= (mp_limb_t) 1 << (LDBL_MANT_BIT % (GMP_LIMB_BITS / 2));
+ hi = (int) y;
+ y -= hi;
+ if (!(y >= 0.0L && y < 1.0L))
+ abort ();
+ y *= (mp_limb_t) 1 << (GMP_LIMB_BITS / 2);
+ lo = (int) y;
+ y -= lo;
+ if (!(y >= 0.0L && y < 1.0L))
+ abort ();
+ m.limbs[LDBL_MANT_BIT / GMP_LIMB_BITS] = (hi << (GMP_LIMB_BITS / 2)) | lo;
+ }
+# else
+ {
+ mp_limb_t d;
+ y *= (mp_limb_t) 1 << (LDBL_MANT_BIT % GMP_LIMB_BITS);
+ d = (int) y;
+ y -= d;
+ if (!(y >= 0.0L && y < 1.0L))
+ abort ();
+ m.limbs[LDBL_MANT_BIT / GMP_LIMB_BITS] = d;
+ }
+# endif
+# endif
+ for (i = LDBL_MANT_BIT / GMP_LIMB_BITS; i > 0; )
+ {
+ mp_limb_t hi, lo;
+ y *= (mp_limb_t) 1 << (GMP_LIMB_BITS / 2);
+ hi = (int) y;
+ y -= hi;
+ if (!(y >= 0.0L && y < 1.0L))
+ abort ();
+ y *= (mp_limb_t) 1 << (GMP_LIMB_BITS / 2);
+ lo = (int) y;
+ y -= lo;
+ if (!(y >= 0.0L && y < 1.0L))
+ abort ();
+ m.limbs[--i] = (hi << (GMP_LIMB_BITS / 2)) | lo;
+ }
+#if 0 /* On FreeBSD 6.1/x86, 'long double' numbers sometimes have excess
+ precision. */
+ if (!(y == 0.0L))
+ abort ();
+#endif
+ /* Normalise. */
+ while (m.nlimbs > 0 && m.limbs[m.nlimbs - 1] == 0)
+ m.nlimbs--;
+ *mp = m;
+ *ep = exp - LDBL_MANT_BIT;
+ return m.limbs;
+}
+
+# endif
+
+# if NEED_PRINTF_DOUBLE
+
+/* Assuming x is finite and >= 0:
+ write x as x = 2^e * m, where m is a bignum.
+ Return the allocated memory in case of success, NULL in case of memory
+ allocation failure. */
+static void *
+decode_double (double x, int *ep, mpn_t *mp)
+{
+ mpn_t m;
+ int exp;
+ double y;
+ size_t i;
+
+ /* Allocate memory for result. */
+ m.nlimbs = (DBL_MANT_BIT + GMP_LIMB_BITS - 1) / GMP_LIMB_BITS;
+ m.limbs = (mp_limb_t *) malloc (m.nlimbs * sizeof (mp_limb_t));
+ if (m.limbs == NULL)
+ return NULL;
+ /* Split into exponential part and mantissa. */
+ y = frexp (x, &exp);
+ if (!(y >= 0.0 && y < 1.0))
+ abort ();
+ /* x = 2^exp * y = 2^(exp - DBL_MANT_BIT) * (y * DBL_MANT_BIT), and the
+ latter is an integer. */
+ /* Convert the mantissa (y * DBL_MANT_BIT) to a sequence of limbs.
+ I'm not sure whether it's safe to cast a 'double' value between
+ 2^31 and 2^32 to 'unsigned int', therefore play safe and cast only
+ 'double' values between 0 and 2^16 (to 'unsigned int' or 'int',
+ doesn't matter). */
+# if (DBL_MANT_BIT % GMP_LIMB_BITS) != 0
+# if (DBL_MANT_BIT % GMP_LIMB_BITS) > GMP_LIMB_BITS / 2
+ {
+ mp_limb_t hi, lo;
+ y *= (mp_limb_t) 1 << (DBL_MANT_BIT % (GMP_LIMB_BITS / 2));
+ hi = (int) y;
+ y -= hi;
+ if (!(y >= 0.0 && y < 1.0))
+ abort ();
+ y *= (mp_limb_t) 1 << (GMP_LIMB_BITS / 2);
+ lo = (int) y;
+ y -= lo;
+ if (!(y >= 0.0 && y < 1.0))
+ abort ();
+ m.limbs[DBL_MANT_BIT / GMP_LIMB_BITS] = (hi << (GMP_LIMB_BITS / 2)) | lo;
+ }
+# else
+ {
+ mp_limb_t d;
+ y *= (mp_limb_t) 1 << (DBL_MANT_BIT % GMP_LIMB_BITS);
+ d = (int) y;
+ y -= d;
+ if (!(y >= 0.0 && y < 1.0))
+ abort ();
+ m.limbs[DBL_MANT_BIT / GMP_LIMB_BITS] = d;
+ }
+# endif
+# endif
+ for (i = DBL_MANT_BIT / GMP_LIMB_BITS; i > 0; )
+ {
+ mp_limb_t hi, lo;
+ y *= (mp_limb_t) 1 << (GMP_LIMB_BITS / 2);
+ hi = (int) y;
+ y -= hi;
+ if (!(y >= 0.0 && y < 1.0))
+ abort ();
+ y *= (mp_limb_t) 1 << (GMP_LIMB_BITS / 2);
+ lo = (int) y;
+ y -= lo;
+ if (!(y >= 0.0 && y < 1.0))
+ abort ();
+ m.limbs[--i] = (hi << (GMP_LIMB_BITS / 2)) | lo;
+ }
+ if (!(y == 0.0))
+ abort ();
+ /* Normalise. */
+ while (m.nlimbs > 0 && m.limbs[m.nlimbs - 1] == 0)
+ m.nlimbs--;
+ *mp = m;
+ *ep = exp - DBL_MANT_BIT;
+ return m.limbs;
+}
+
+# endif
+
+/* Assuming x = 2^e * m is finite and >= 0, and n is an integer:
+ Returns the decimal representation of round (x * 10^n).
+ Return the allocated memory - containing the decimal digits in low-to-high
+ order, terminated with a NUL character - in case of success, NULL in case
+ of memory allocation failure. */
+static char *
+scale10_round_decimal_decoded (int e, mpn_t m, void *memory, int n)
+{
+ int s;
+ size_t extra_zeroes;
+ unsigned int abs_n;
+ unsigned int abs_s;
+ mp_limb_t *pow5_ptr;
+ size_t pow5_len;
+ unsigned int s_limbs;
+ unsigned int s_bits;
+ mpn_t pow5;
+ mpn_t z;
+ void *z_memory;
+ char *digits;
+
+ if (memory == NULL)
+ return NULL;
+ /* x = 2^e * m, hence
+ y = round (2^e * 10^n * m) = round (2^(e+n) * 5^n * m)
+ = round (2^s * 5^n * m). */
+ s = e + n;
+ extra_zeroes = 0;
+ /* Factor out a common power of 10 if possible. */
+ if (s > 0 && n > 0)
+ {
+ extra_zeroes = (s < n ? s : n);
+ s -= extra_zeroes;
+ n -= extra_zeroes;
+ }
+ /* Here y = round (2^s * 5^n * m) * 10^extra_zeroes.
+ Before converting to decimal, we need to compute
+ z = round (2^s * 5^n * m). */
+ /* Compute 5^|n|, possibly shifted by |s| bits if n and s have the same
+ sign. 2.322 is slightly larger than log(5)/log(2). */
+ abs_n = (n >= 0 ? n : -n);
+ abs_s = (s >= 0 ? s : -s);
+ pow5_ptr = (mp_limb_t *) malloc (((int)(abs_n * (2.322f / GMP_LIMB_BITS)) + 1
+ + abs_s / GMP_LIMB_BITS + 1)
+ * sizeof (mp_limb_t));
+ if (pow5_ptr == NULL)
+ {
+ free (memory);
+ return NULL;
+ }
+ /* Initialize with 1. */
+ pow5_ptr[0] = 1;
+ pow5_len = 1;
+ /* Multiply with 5^|n|. */
+ if (abs_n > 0)
+ {
+ static mp_limb_t const small_pow5[13 + 1] =
+ {
+ 1, 5, 25, 125, 625, 3125, 15625, 78125, 390625, 1953125, 9765625,
+ 48828125, 244140625, 1220703125
+ };
+ unsigned int n13;
+ for (n13 = 0; n13 <= abs_n; n13 += 13)
+ {
+ mp_limb_t digit1 = small_pow5[n13 + 13 <= abs_n ? 13 : abs_n - n13];
+ size_t j;
+ mp_twolimb_t carry = 0;
+ for (j = 0; j < pow5_len; j++)
+ {
+ mp_limb_t digit2 = pow5_ptr[j];
+ carry += (mp_twolimb_t) digit1 * (mp_twolimb_t) digit2;
+ pow5_ptr[j] = (mp_limb_t) carry;
+ carry = carry >> GMP_LIMB_BITS;
+ }
+ if (carry > 0)
+ pow5_ptr[pow5_len++] = (mp_limb_t) carry;
+ }
+ }
+ s_limbs = abs_s / GMP_LIMB_BITS;
+ s_bits = abs_s % GMP_LIMB_BITS;
+ if (n >= 0 ? s >= 0 : s <= 0)
+ {
+ /* Multiply with 2^|s|. */
+ if (s_bits > 0)
+ {
+ mp_limb_t *ptr = pow5_ptr;
+ mp_twolimb_t accu = 0;
+ size_t count;
+ for (count = pow5_len; count > 0; count--)
+ {
+ accu += (mp_twolimb_t) *ptr << s_bits;
+ *ptr++ = (mp_limb_t) accu;
+ accu = accu >> GMP_LIMB_BITS;
+ }
+ if (accu > 0)
+ {
+ *ptr = (mp_limb_t) accu;
+ pow5_len++;
+ }
+ }
+ if (s_limbs > 0)
+ {
+ size_t count;
+ for (count = pow5_len; count > 0;)
+ {
+ count--;
+ pow5_ptr[s_limbs + count] = pow5_ptr[count];
+ }
+ for (count = s_limbs; count > 0;)
+ {
+ count--;
+ pow5_ptr[count] = 0;
+ }
+ pow5_len += s_limbs;
+ }
+ pow5.limbs = pow5_ptr;
+ pow5.nlimbs = pow5_len;
+ if (n >= 0)
+ {
+ /* Multiply m with pow5. No division needed. */
+ z_memory = multiply (m, pow5, &z);
+ }
+ else
+ {
+ /* Divide m by pow5 and round. */
+ z_memory = divide (m, pow5, &z);
+ }
+ }
+ else
+ {
+ pow5.limbs = pow5_ptr;
+ pow5.nlimbs = pow5_len;
+ if (n >= 0)
+ {
+ /* n >= 0, s < 0.
+ Multiply m with pow5, then divide by 2^|s|. */
+ mpn_t numerator;
+ mpn_t denominator;
+ void *tmp_memory;
+ tmp_memory = multiply (m, pow5, &numerator);
+ if (tmp_memory == NULL)
+ {
+ free (pow5_ptr);
+ free (memory);
+ return NULL;
+ }
+ /* Construct 2^|s|. */
+ {
+ mp_limb_t *ptr = pow5_ptr + pow5_len;
+ size_t i;
+ for (i = 0; i < s_limbs; i++)
+ ptr[i] = 0;
+ ptr[s_limbs] = (mp_limb_t) 1 << s_bits;
+ denominator.limbs = ptr;
+ denominator.nlimbs = s_limbs + 1;
+ }
+ z_memory = divide (numerator, denominator, &z);
+ free (tmp_memory);
+ }
+ else
+ {
+ /* n < 0, s > 0.
+ Multiply m with 2^s, then divide by pow5. */
+ mpn_t numerator;
+ mp_limb_t *num_ptr;
+ num_ptr = (mp_limb_t *) malloc ((m.nlimbs + s_limbs + 1)
+ * sizeof (mp_limb_t));
+ if (num_ptr == NULL)
+ {
+ free (pow5_ptr);
+ free (memory);
+ return NULL;
+ }
+ {
+ mp_limb_t *destptr = num_ptr;
+ {
+ size_t i;
+ for (i = 0; i < s_limbs; i++)
+ *destptr++ = 0;
+ }
+ if (s_bits > 0)
+ {
+ const mp_limb_t *sourceptr = m.limbs;
+ mp_twolimb_t accu = 0;
+ size_t count;
+ for (count = m.nlimbs; count > 0; count--)
+ {
+ accu += (mp_twolimb_t) *sourceptr++ << s_bits;
+ *destptr++ = (mp_limb_t) accu;
+ accu = accu >> GMP_LIMB_BITS;
+ }
+ if (accu > 0)
+ *destptr++ = (mp_limb_t) accu;
+ }
+ else
+ {
+ const mp_limb_t *sourceptr = m.limbs;
+ size_t count;
+ for (count = m.nlimbs; count > 0; count--)
+ *destptr++ = *sourceptr++;
+ }
+ numerator.limbs = num_ptr;
+ numerator.nlimbs = destptr - num_ptr;
+ }
+ z_memory = divide (numerator, pow5, &z);
+ free (num_ptr);
+ }
+ }
+ free (pow5_ptr);
+ free (memory);
+
+ /* Here y = round (x * 10^n) = z * 10^extra_zeroes. */
+
+ if (z_memory == NULL)
+ return NULL;
+ digits = convert_to_decimal (z, extra_zeroes);
+ free (z_memory);
+ return digits;
+}
+
+# if NEED_PRINTF_LONG_DOUBLE
+
+/* Assuming x is finite and >= 0, and n is an integer:
+ Returns the decimal representation of round (x * 10^n).
+ Return the allocated memory - containing the decimal digits in low-to-high
+ order, terminated with a NUL character - in case of success, NULL in case
+ of memory allocation failure. */
+static char *
+scale10_round_decimal_long_double (long double x, int n)
+{
+ int e IF_LINT(= 0);
+ mpn_t m;
+ void *memory = decode_long_double (x, &e, &m);
+ return scale10_round_decimal_decoded (e, m, memory, n);
+}
+
+# endif
+
+# if NEED_PRINTF_DOUBLE
+
+/* Assuming x is finite and >= 0, and n is an integer:
+ Returns the decimal representation of round (x * 10^n).
+ Return the allocated memory - containing the decimal digits in low-to-high
+ order, terminated with a NUL character - in case of success, NULL in case
+ of memory allocation failure. */
+static char *
+scale10_round_decimal_double (double x, int n)
+{
+ int e IF_LINT(= 0);
+ mpn_t m;
+ void *memory = decode_double (x, &e, &m);
+ return scale10_round_decimal_decoded (e, m, memory, n);
+}
+
+# endif
+
+# if NEED_PRINTF_LONG_DOUBLE
+
+/* Assuming x is finite and > 0:
+ Return an approximation for n with 10^n <= x < 10^(n+1).
+ The approximation is usually the right n, but may be off by 1 sometimes. */
+static int
+floorlog10l (long double x)
+{
+ int exp;
+ long double y;
+ double z;
+ double l;
+
+ /* Split into exponential part and mantissa. */
+ y = frexpl (x, &exp);
+ if (!(y >= 0.0L && y < 1.0L))
+ abort ();
+ if (y == 0.0L)
+ return INT_MIN;
+ if (y < 0.5L)
+ {
+ while (y < (1.0L / (1 << (GMP_LIMB_BITS / 2)) / (1 << (GMP_LIMB_BITS / 2))))
+ {
+ y *= 1.0L * (1 << (GMP_LIMB_BITS / 2)) * (1 << (GMP_LIMB_BITS / 2));
+ exp -= GMP_LIMB_BITS;
+ }
+ if (y < (1.0L / (1 << 16)))
+ {
+ y *= 1.0L * (1 << 16);
+ exp -= 16;
+ }
+ if (y < (1.0L / (1 << 8)))
+ {
+ y *= 1.0L * (1 << 8);
+ exp -= 8;
+ }
+ if (y < (1.0L / (1 << 4)))
+ {
+ y *= 1.0L * (1 << 4);
+ exp -= 4;
+ }
+ if (y < (1.0L / (1 << 2)))
+ {
+ y *= 1.0L * (1 << 2);
+ exp -= 2;
+ }
+ if (y < (1.0L / (1 << 1)))
+ {
+ y *= 1.0L * (1 << 1);
+ exp -= 1;
+ }
+ }
+ if (!(y >= 0.5L && y < 1.0L))
+ abort ();
+ /* Compute an approximation for l = log2(x) = exp + log2(y). */
+ l = exp;
+ z = y;
+ if (z < 0.70710678118654752444)
+ {
+ z *= 1.4142135623730950488;
+ l -= 0.5;
+ }
+ if (z < 0.8408964152537145431)
+ {
+ z *= 1.1892071150027210667;
+ l -= 0.25;
+ }
+ if (z < 0.91700404320467123175)
+ {
+ z *= 1.0905077326652576592;
+ l -= 0.125;
+ }
+ if (z < 0.9576032806985736469)
+ {
+ z *= 1.0442737824274138403;
+ l -= 0.0625;
+ }
+ /* Now 0.95 <= z <= 1.01. */
+ z = 1 - z;
+ /* log2(1-z) = 1/log(2) * (- z - z^2/2 - z^3/3 - z^4/4 - ...)
+ Four terms are enough to get an approximation with error < 10^-7. */
+ l -= 1.4426950408889634074 * z * (1.0 + z * (0.5 + z * ((1.0 / 3) + z * 0.25)));
+ /* Finally multiply with log(2)/log(10), yields an approximation for
+ log10(x). */
+ l *= 0.30102999566398119523;
+ /* Round down to the next integer. */
+ return (int) l + (l < 0 ? -1 : 0);
+}
+
+# endif
+
+# if NEED_PRINTF_DOUBLE
+
+/* Assuming x is finite and > 0:
+ Return an approximation for n with 10^n <= x < 10^(n+1).
+ The approximation is usually the right n, but may be off by 1 sometimes. */
+static int
+floorlog10 (double x)
+{
+ int exp;
+ double y;
+ double z;
+ double l;
+
+ /* Split into exponential part and mantissa. */
+ y = frexp (x, &exp);
+ if (!(y >= 0.0 && y < 1.0))
+ abort ();
+ if (y == 0.0)
+ return INT_MIN;
+ if (y < 0.5)
+ {
+ while (y < (1.0 / (1 << (GMP_LIMB_BITS / 2)) / (1 << (GMP_LIMB_BITS / 2))))
+ {
+ y *= 1.0 * (1 << (GMP_LIMB_BITS / 2)) * (1 << (GMP_LIMB_BITS / 2));
+ exp -= GMP_LIMB_BITS;
+ }
+ if (y < (1.0 / (1 << 16)))
+ {
+ y *= 1.0 * (1 << 16);
+ exp -= 16;
+ }
+ if (y < (1.0 / (1 << 8)))
+ {
+ y *= 1.0 * (1 << 8);
+ exp -= 8;
+ }
+ if (y < (1.0 / (1 << 4)))
+ {
+ y *= 1.0 * (1 << 4);
+ exp -= 4;
+ }
+ if (y < (1.0 / (1 << 2)))
+ {
+ y *= 1.0 * (1 << 2);
+ exp -= 2;
+ }
+ if (y < (1.0 / (1 << 1)))
+ {
+ y *= 1.0 * (1 << 1);
+ exp -= 1;
+ }
+ }
+ if (!(y >= 0.5 && y < 1.0))
+ abort ();
+ /* Compute an approximation for l = log2(x) = exp + log2(y). */
+ l = exp;
+ z = y;
+ if (z < 0.70710678118654752444)
+ {
+ z *= 1.4142135623730950488;
+ l -= 0.5;
+ }
+ if (z < 0.8408964152537145431)
+ {
+ z *= 1.1892071150027210667;
+ l -= 0.25;
+ }
+ if (z < 0.91700404320467123175)
+ {
+ z *= 1.0905077326652576592;
+ l -= 0.125;
+ }
+ if (z < 0.9576032806985736469)
+ {
+ z *= 1.0442737824274138403;
+ l -= 0.0625;
+ }
+ /* Now 0.95 <= z <= 1.01. */
+ z = 1 - z;
+ /* log2(1-z) = 1/log(2) * (- z - z^2/2 - z^3/3 - z^4/4 - ...)
+ Four terms are enough to get an approximation with error < 10^-7. */
+ l -= 1.4426950408889634074 * z * (1.0 + z * (0.5 + z * ((1.0 / 3) + z * 0.25)));
+ /* Finally multiply with log(2)/log(10), yields an approximation for
+ log10(x). */
+ l *= 0.30102999566398119523;
+ /* Round down to the next integer. */
+ return (int) l + (l < 0 ? -1 : 0);
+}
+
+# endif
+
+/* Tests whether a string of digits consists of exactly PRECISION zeroes and
+ a single '1' digit. */
+static int
+is_borderline (const char *digits, size_t precision)
+{
+ for (; precision > 0; precision--, digits++)
+ if (*digits != '0')
+ return 0;
+ if (*digits != '1')
+ return 0;
+ digits++;
+ return *digits == '\0';
+}
+
+#endif
+
+#if !USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99
+
+/* Use a different function name, to make it possible that the 'wchar_t'
+ parametrization and the 'char' parametrization get compiled in the same
+ translation unit. */
+# if WIDE_CHAR_VERSION
+# define MAX_ROOM_NEEDED wmax_room_needed
+# else
+# define MAX_ROOM_NEEDED max_room_needed
+# endif
+
+/* Returns the number of TCHAR_T units needed as temporary space for the result
+ of sprintf or SNPRINTF of a single conversion directive. */
+static inline size_t
+MAX_ROOM_NEEDED (const arguments *ap, size_t arg_index, FCHAR_T conversion,
+ arg_type type, int flags, size_t width, int has_precision,
+ size_t precision, int pad_ourselves)
+{
+ size_t tmp_length;
+
+ switch (conversion)
+ {
+ case 'd': case 'i': case 'u':
+# if HAVE_LONG_LONG_INT
+ if (type == TYPE_LONGLONGINT || type == TYPE_ULONGLONGINT)
+ tmp_length =
+ (unsigned int) (sizeof (unsigned long long) * CHAR_BIT
+ * 0.30103 /* binary -> decimal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+# endif
+ if (type == TYPE_LONGINT || type == TYPE_ULONGINT)
+ tmp_length =
+ (unsigned int) (sizeof (unsigned long) * CHAR_BIT
+ * 0.30103 /* binary -> decimal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+ tmp_length =
+ (unsigned int) (sizeof (unsigned int) * CHAR_BIT
+ * 0.30103 /* binary -> decimal */
+ )
+ + 1; /* turn floor into ceil */
+ if (tmp_length < precision)
+ tmp_length = precision;
+ /* Multiply by 2, as an estimate for FLAG_GROUP. */
+ tmp_length = xsum (tmp_length, tmp_length);
+ /* Add 1, to account for a leading sign. */
+ tmp_length = xsum (tmp_length, 1);
+ break;
+
+ case 'o':
+# if HAVE_LONG_LONG_INT
+ if (type == TYPE_LONGLONGINT || type == TYPE_ULONGLONGINT)
+ tmp_length =
+ (unsigned int) (sizeof (unsigned long long) * CHAR_BIT
+ * 0.333334 /* binary -> octal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+# endif
+ if (type == TYPE_LONGINT || type == TYPE_ULONGINT)
+ tmp_length =
+ (unsigned int) (sizeof (unsigned long) * CHAR_BIT
+ * 0.333334 /* binary -> octal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+ tmp_length =
+ (unsigned int) (sizeof (unsigned int) * CHAR_BIT
+ * 0.333334 /* binary -> octal */
+ )
+ + 1; /* turn floor into ceil */
+ if (tmp_length < precision)
+ tmp_length = precision;
+ /* Add 1, to account for a leading sign. */
+ tmp_length = xsum (tmp_length, 1);
+ break;
+
+ case 'x': case 'X':
+# if HAVE_LONG_LONG_INT
+ if (type == TYPE_LONGLONGINT || type == TYPE_ULONGLONGINT)
+ tmp_length =
+ (unsigned int) (sizeof (unsigned long long) * CHAR_BIT
+ * 0.25 /* binary -> hexadecimal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+# endif
+ if (type == TYPE_LONGINT || type == TYPE_ULONGINT)
+ tmp_length =
+ (unsigned int) (sizeof (unsigned long) * CHAR_BIT
+ * 0.25 /* binary -> hexadecimal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+ tmp_length =
+ (unsigned int) (sizeof (unsigned int) * CHAR_BIT
+ * 0.25 /* binary -> hexadecimal */
+ )
+ + 1; /* turn floor into ceil */
+ if (tmp_length < precision)
+ tmp_length = precision;
+ /* Add 2, to account for a leading sign or alternate form. */
+ tmp_length = xsum (tmp_length, 2);
+ break;
+
+ case 'f': case 'F':
+ if (type == TYPE_LONGDOUBLE)
+ tmp_length =
+ (unsigned int) (LDBL_MAX_EXP
+ * 0.30103 /* binary -> decimal */
+ * 2 /* estimate for FLAG_GROUP */
+ )
+ + 1 /* turn floor into ceil */
+ + 10; /* sign, decimal point etc. */
+ else
+ tmp_length =
+ (unsigned int) (DBL_MAX_EXP
+ * 0.30103 /* binary -> decimal */
+ * 2 /* estimate for FLAG_GROUP */
+ )
+ + 1 /* turn floor into ceil */
+ + 10; /* sign, decimal point etc. */
+ tmp_length = xsum (tmp_length, precision);
+ break;
+
+ case 'e': case 'E': case 'g': case 'G':
+ tmp_length =
+ 12; /* sign, decimal point, exponent etc. */
+ tmp_length = xsum (tmp_length, precision);
+ break;
+
+ case 'a': case 'A':
+ if (type == TYPE_LONGDOUBLE)
+ tmp_length =
+ (unsigned int) (LDBL_DIG
+ * 0.831 /* decimal -> hexadecimal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+ tmp_length =
+ (unsigned int) (DBL_DIG
+ * 0.831 /* decimal -> hexadecimal */
+ )
+ + 1; /* turn floor into ceil */
+ if (tmp_length < precision)
+ tmp_length = precision;
+ /* Account for sign, decimal point etc. */
+ tmp_length = xsum (tmp_length, 12);
+ break;
+
+ case 'c':
+# if HAVE_WINT_T && !WIDE_CHAR_VERSION
+ if (type == TYPE_WIDE_CHAR)
+ tmp_length = MB_CUR_MAX;
+ else
+# endif
+ tmp_length = 1;
+ break;
+
+ case 's':
+# if HAVE_WCHAR_T
+ if (type == TYPE_WIDE_STRING)
+ {
+# if WIDE_CHAR_VERSION
+ /* ISO C says about %ls in fwprintf:
+ "If the precision is not specified or is greater than the size
+ of the array, the array shall contain a null wide character."
+ So if there is a precision, we must not use wcslen. */
+ const wchar_t *arg = ap->arg[arg_index].a.a_wide_string;
+
+ if (has_precision)
+ tmp_length = local_wcsnlen (arg, precision);
+ else
+ tmp_length = local_wcslen (arg);
+# else
+ /* ISO C says about %ls in fprintf:
+ "If a precision is specified, no more than that many bytes are
+ written (including shift sequences, if any), and the array
+ shall contain a null wide character if, to equal the multibyte
+ character sequence length given by the precision, the function
+ would need to access a wide character one past the end of the
+ array."
+ So if there is a precision, we must not use wcslen. */
+ /* This case has already been handled separately in VASNPRINTF. */
+ abort ();
+# endif
+ }
+ else
+# endif
+ {
+# if WIDE_CHAR_VERSION
+ /* ISO C says about %s in fwprintf:
+ "If the precision is not specified or is greater than the size
+ of the converted array, the converted array shall contain a
+ null wide character."
+ So if there is a precision, we must not use strlen. */
+ /* This case has already been handled separately in VASNPRINTF. */
+ abort ();
+# else
+ /* ISO C says about %s in fprintf:
+ "If the precision is not specified or greater than the size of
+ the array, the array shall contain a null character."
+ So if there is a precision, we must not use strlen. */
+ const char *arg = ap->arg[arg_index].a.a_string;
+
+ if (has_precision)
+ tmp_length = local_strnlen (arg, precision);
+ else
+ tmp_length = strlen (arg);
+# endif
+ }
+ break;
+
+ case 'p':
+ tmp_length =
+ (unsigned int) (sizeof (void *) * CHAR_BIT
+ * 0.25 /* binary -> hexadecimal */
+ )
+ + 1 /* turn floor into ceil */
+ + 2; /* account for leading 0x */
+ break;
+
+ default:
+ abort ();
+ }
+
+ if (!pad_ourselves)
+ {
+# if ENABLE_UNISTDIO
+ /* Padding considers the number of characters, therefore the number of
+ elements after padding may be
+ > max (tmp_length, width)
+ but is certainly
+ <= tmp_length + width. */
+ tmp_length = xsum (tmp_length, width);
+# else
+ /* Padding considers the number of elements, says POSIX. */
+ if (tmp_length < width)
+ tmp_length = width;
+# endif
+ }
+
+ tmp_length = xsum (tmp_length, 1); /* account for trailing NUL */
+
+ return tmp_length;
+}
+
+#endif
+
+DCHAR_T *
+VASNPRINTF (DCHAR_T *resultbuf, size_t *lengthp,
+ const FCHAR_T *format, va_list args)
+{
+ DIRECTIVES d;
+ arguments a;
+
+ if (PRINTF_PARSE (format, &d, &a) < 0)
+ /* errno is already set. */
+ return NULL;
+
+#define CLEANUP() \
+ if (d.dir != d.direct_alloc_dir) \
+ free (d.dir); \
+ if (a.arg != a.direct_alloc_arg) \
+ free (a.arg);
+
+ if (PRINTF_FETCHARGS (args, &a) < 0)
+ {
+ CLEANUP ();
+ errno = EINVAL;
+ return NULL;
+ }
+
+ {
+ size_t buf_neededlength;
+ TCHAR_T *buf;
+ TCHAR_T *buf_malloced;
+ const FCHAR_T *cp;
+ size_t i;
+ DIRECTIVE *dp;
+ /* Output string accumulator. */
+ DCHAR_T *result;
+ size_t allocated;
+ size_t length;
+
+ /* Allocate a small buffer that will hold a directive passed to
+ sprintf or snprintf. */
+ buf_neededlength =
+ xsum4 (7, d.max_width_length, d.max_precision_length, 6);
+#if HAVE_ALLOCA
+ if (buf_neededlength < 4000 / sizeof (TCHAR_T))
+ {
+ buf = (TCHAR_T *) alloca (buf_neededlength * sizeof (TCHAR_T));
+ buf_malloced = NULL;
+ }
+ else
+#endif
+ {
+ size_t buf_memsize = xtimes (buf_neededlength, sizeof (TCHAR_T));
+ if (size_overflow_p (buf_memsize))
+ goto out_of_memory_1;
+ buf = (TCHAR_T *) malloc (buf_memsize);
+ if (buf == NULL)
+ goto out_of_memory_1;
+ buf_malloced = buf;
+ }
+
+ if (resultbuf != NULL)
+ {
+ result = resultbuf;
+ allocated = *lengthp;
+ }
+ else
+ {
+ result = NULL;
+ allocated = 0;
+ }
+ length = 0;
+ /* Invariants:
+ result is either == resultbuf or == NULL or malloc-allocated.
+ If length > 0, then result != NULL. */
+
+ /* Ensures that allocated >= needed. Aborts through a jump to
+ out_of_memory if needed is SIZE_MAX or otherwise too big. */
+#define ENSURE_ALLOCATION(needed) \
+ if ((needed) > allocated) \
+ { \
+ size_t memory_size; \
+ DCHAR_T *memory; \
+ \
+ allocated = (allocated > 0 ? xtimes (allocated, 2) : 12); \
+ if ((needed) > allocated) \
+ allocated = (needed); \
+ memory_size = xtimes (allocated, sizeof (DCHAR_T)); \
+ if (size_overflow_p (memory_size)) \
+ goto out_of_memory; \
+ if (result == resultbuf || result == NULL) \
+ memory = (DCHAR_T *) malloc (memory_size); \
+ else \
+ memory = (DCHAR_T *) realloc (result, memory_size); \
+ if (memory == NULL) \
+ goto out_of_memory; \
+ if (result == resultbuf && length > 0) \
+ DCHAR_CPY (memory, result, length); \
+ result = memory; \
+ }
+
+ for (cp = format, i = 0, dp = &d.dir[0]; ; cp = dp->dir_end, i++, dp++)
+ {
+ if (cp != dp->dir_start)
+ {
+ size_t n = dp->dir_start - cp;
+ size_t augmented_length = xsum (length, n);
+
+ ENSURE_ALLOCATION (augmented_length);
+ /* This copies a piece of FCHAR_T[] into a DCHAR_T[]. Here we
+ need that the format string contains only ASCII characters
+ if FCHAR_T and DCHAR_T are not the same type. */
+ if (sizeof (FCHAR_T) == sizeof (DCHAR_T))
+ {
+ DCHAR_CPY (result + length, (const DCHAR_T *) cp, n);
+ length = augmented_length;
+ }
+ else
+ {
+ do
+ result[length++] = (unsigned char) *cp++;
+ while (--n > 0);
+ }
+ }
+ if (i == d.count)
+ break;
+
+ /* Execute a single directive. */
+ if (dp->conversion == '%')
+ {
+ size_t augmented_length;
+
+ if (!(dp->arg_index == ARG_NONE))
+ abort ();
+ augmented_length = xsum (length, 1);
+ ENSURE_ALLOCATION (augmented_length);
+ result[length] = '%';
+ length = augmented_length;
+ }
+ else
+ {
+ if (!(dp->arg_index != ARG_NONE))
+ abort ();
+
+ if (dp->conversion == 'n')
+ {
+ switch (a.arg[dp->arg_index].type)
+ {
+ case TYPE_COUNT_SCHAR_POINTER:
+ *a.arg[dp->arg_index].a.a_count_schar_pointer = length;
+ break;
+ case TYPE_COUNT_SHORT_POINTER:
+ *a.arg[dp->arg_index].a.a_count_short_pointer = length;
+ break;
+ case TYPE_COUNT_INT_POINTER:
+ *a.arg[dp->arg_index].a.a_count_int_pointer = length;
+ break;
+ case TYPE_COUNT_LONGINT_POINTER:
+ *a.arg[dp->arg_index].a.a_count_longint_pointer = length;
+ break;
+#if HAVE_LONG_LONG_INT
+ case TYPE_COUNT_LONGLONGINT_POINTER:
+ *a.arg[dp->arg_index].a.a_count_longlongint_pointer = length;
+ break;
+#endif
+ default:
+ abort ();
+ }
+ }
+#if ENABLE_UNISTDIO
+ /* The unistdio extensions. */
+ else if (dp->conversion == 'U')
+ {
+ arg_type type = a.arg[dp->arg_index].type;
+ int flags = dp->flags;
+ int has_width;
+ size_t width;
+ int has_precision;
+ size_t precision;
+
+ has_width = 0;
+ width = 0;
+ if (dp->width_start != dp->width_end)
+ {
+ if (dp->width_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->width_arg_index].a.a_int;
+ if (arg < 0)
+ {
+ /* "A negative field width is taken as a '-' flag
+ followed by a positive field width." */
+ flags |= FLAG_LEFT;
+ width = (unsigned int) (-arg);
+ }
+ else
+ width = arg;
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->width_start;
+
+ do
+ width = xsum (xtimes (width, 10), *digitp++ - '0');
+ while (digitp != dp->width_end);
+ }
+ has_width = 1;
+ }
+
+ has_precision = 0;
+ precision = 0;
+ if (dp->precision_start != dp->precision_end)
+ {
+ if (dp->precision_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->precision_arg_index].a.a_int;
+ /* "A negative precision is taken as if the precision
+ were omitted." */
+ if (arg >= 0)
+ {
+ precision = arg;
+ has_precision = 1;
+ }
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->precision_start + 1;
+
+ precision = 0;
+ while (digitp != dp->precision_end)
+ precision = xsum (xtimes (precision, 10), *digitp++ - '0');
+ has_precision = 1;
+ }
+ }
+
+ switch (type)
+ {
+ case TYPE_U8_STRING:
+ {
+ const uint8_t *arg = a.arg[dp->arg_index].a.a_u8_string;
+ const uint8_t *arg_end;
+ size_t characters;
+
+ if (has_precision)
+ {
+ /* Use only PRECISION characters, from the left. */
+ arg_end = arg;
+ characters = 0;
+ for (; precision > 0; precision--)
+ {
+ int count = u8_strmblen (arg_end);
+ if (count == 0)
+ break;
+ if (count < 0)
+ {
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else if (has_width)
+ {
+ /* Use the entire string, and count the number of
+ characters. */
+ arg_end = arg;
+ characters = 0;
+ for (;;)
+ {
+ int count = u8_strmblen (arg_end);
+ if (count == 0)
+ break;
+ if (count < 0)
+ {
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else
+ {
+ /* Use the entire string. */
+ arg_end = arg + u8_strlen (arg);
+ /* The number of characters doesn't matter. */
+ characters = 0;
+ }
+
+ if (has_width && width > characters
+ && !(dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+
+# if DCHAR_IS_UINT8_T
+ {
+ size_t n = arg_end - arg;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_CPY (result + length, arg, n);
+ length += n;
+ }
+# else
+ { /* Convert. */
+ DCHAR_T *converted = result + length;
+ size_t converted_len = allocated - length;
+# if DCHAR_IS_TCHAR
+ /* Convert from UTF-8 to locale encoding. */
+ converted =
+ u8_conv_to_encoding (locale_charset (),
+ iconveh_question_mark,
+ arg, arg_end - arg, NULL,
+ converted, &converted_len);
+# else
+ /* Convert from UTF-8 to UTF-16/UTF-32. */
+ converted =
+ U8_TO_DCHAR (arg, arg_end - arg,
+ converted, &converted_len);
+# endif
+ if (converted == NULL)
+ {
+ int saved_errno = errno;
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = saved_errno;
+ return NULL;
+ }
+ if (converted != result + length)
+ {
+ ENSURE_ALLOCATION (xsum (length, converted_len));
+ DCHAR_CPY (result + length, converted, converted_len);
+ free (converted);
+ }
+ length += converted_len;
+ }
+# endif
+
+ if (has_width && width > characters
+ && (dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+ }
+ break;
+
+ case TYPE_U16_STRING:
+ {
+ const uint16_t *arg = a.arg[dp->arg_index].a.a_u16_string;
+ const uint16_t *arg_end;
+ size_t characters;
+
+ if (has_precision)
+ {
+ /* Use only PRECISION characters, from the left. */
+ arg_end = arg;
+ characters = 0;
+ for (; precision > 0; precision--)
+ {
+ int count = u16_strmblen (arg_end);
+ if (count == 0)
+ break;
+ if (count < 0)
+ {
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else if (has_width)
+ {
+ /* Use the entire string, and count the number of
+ characters. */
+ arg_end = arg;
+ characters = 0;
+ for (;;)
+ {
+ int count = u16_strmblen (arg_end);
+ if (count == 0)
+ break;
+ if (count < 0)
+ {
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else
+ {
+ /* Use the entire string. */
+ arg_end = arg + u16_strlen (arg);
+ /* The number of characters doesn't matter. */
+ characters = 0;
+ }
+
+ if (has_width && width > characters
+ && !(dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+
+# if DCHAR_IS_UINT16_T
+ {
+ size_t n = arg_end - arg;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_CPY (result + length, arg, n);
+ length += n;
+ }
+# else
+ { /* Convert. */
+ DCHAR_T *converted = result + length;
+ size_t converted_len = allocated - length;
+# if DCHAR_IS_TCHAR
+ /* Convert from UTF-16 to locale encoding. */
+ converted =
+ u16_conv_to_encoding (locale_charset (),
+ iconveh_question_mark,
+ arg, arg_end - arg, NULL,
+ converted, &converted_len);
+# else
+ /* Convert from UTF-16 to UTF-8/UTF-32. */
+ converted =
+ U16_TO_DCHAR (arg, arg_end - arg,
+ converted, &converted_len);
+# endif
+ if (converted == NULL)
+ {
+ int saved_errno = errno;
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = saved_errno;
+ return NULL;
+ }
+ if (converted != result + length)
+ {
+ ENSURE_ALLOCATION (xsum (length, converted_len));
+ DCHAR_CPY (result + length, converted, converted_len);
+ free (converted);
+ }
+ length += converted_len;
+ }
+# endif
+
+ if (has_width && width > characters
+ && (dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+ }
+ break;
+
+ case TYPE_U32_STRING:
+ {
+ const uint32_t *arg = a.arg[dp->arg_index].a.a_u32_string;
+ const uint32_t *arg_end;
+ size_t characters;
+
+ if (has_precision)
+ {
+ /* Use only PRECISION characters, from the left. */
+ arg_end = arg;
+ characters = 0;
+ for (; precision > 0; precision--)
+ {
+ int count = u32_strmblen (arg_end);
+ if (count == 0)
+ break;
+ if (count < 0)
+ {
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else if (has_width)
+ {
+ /* Use the entire string, and count the number of
+ characters. */
+ arg_end = arg;
+ characters = 0;
+ for (;;)
+ {
+ int count = u32_strmblen (arg_end);
+ if (count == 0)
+ break;
+ if (count < 0)
+ {
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else
+ {
+ /* Use the entire string. */
+ arg_end = arg + u32_strlen (arg);
+ /* The number of characters doesn't matter. */
+ characters = 0;
+ }
+
+ if (has_width && width > characters
+ && !(dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+
+# if DCHAR_IS_UINT32_T
+ {
+ size_t n = arg_end - arg;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_CPY (result + length, arg, n);
+ length += n;
+ }
+# else
+ { /* Convert. */
+ DCHAR_T *converted = result + length;
+ size_t converted_len = allocated - length;
+# if DCHAR_IS_TCHAR
+ /* Convert from UTF-32 to locale encoding. */
+ converted =
+ u32_conv_to_encoding (locale_charset (),
+ iconveh_question_mark,
+ arg, arg_end - arg, NULL,
+ converted, &converted_len);
+# else
+ /* Convert from UTF-32 to UTF-8/UTF-16. */
+ converted =
+ U32_TO_DCHAR (arg, arg_end - arg,
+ converted, &converted_len);
+# endif
+ if (converted == NULL)
+ {
+ int saved_errno = errno;
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = saved_errno;
+ return NULL;
+ }
+ if (converted != result + length)
+ {
+ ENSURE_ALLOCATION (xsum (length, converted_len));
+ DCHAR_CPY (result + length, converted, converted_len);
+ free (converted);
+ }
+ length += converted_len;
+ }
+# endif
+
+ if (has_width && width > characters
+ && (dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+ }
+ break;
+
+ default:
+ abort ();
+ }
+ }
+#endif
+#if (!USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99 || (NEED_PRINTF_DIRECTIVE_LS && !defined IN_LIBINTL)) && HAVE_WCHAR_T
+ else if (dp->conversion == 's'
+# if WIDE_CHAR_VERSION
+ && a.arg[dp->arg_index].type != TYPE_WIDE_STRING
+# else
+ && a.arg[dp->arg_index].type == TYPE_WIDE_STRING
+# endif
+ )
+ {
+ /* The normal handling of the 's' directive below requires
+ allocating a temporary buffer. The determination of its
+ length (tmp_length), in the case when a precision is
+ specified, below requires a conversion between a char[]
+ string and a wchar_t[] wide string. It could be done, but
+ we have no guarantee that the implementation of sprintf will
+ use the exactly same algorithm. Without this guarantee, it
+ is possible to have buffer overrun bugs. In order to avoid
+ such bugs, we implement the entire processing of the 's'
+ directive ourselves. */
+ int flags = dp->flags;
+ int has_width;
+ size_t width;
+ int has_precision;
+ size_t precision;
+
+ has_width = 0;
+ width = 0;
+ if (dp->width_start != dp->width_end)
+ {
+ if (dp->width_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->width_arg_index].a.a_int;
+ if (arg < 0)
+ {
+ /* "A negative field width is taken as a '-' flag
+ followed by a positive field width." */
+ flags |= FLAG_LEFT;
+ width = (unsigned int) (-arg);
+ }
+ else
+ width = arg;
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->width_start;
+
+ do
+ width = xsum (xtimes (width, 10), *digitp++ - '0');
+ while (digitp != dp->width_end);
+ }
+ has_width = 1;
+ }
+
+ has_precision = 0;
+ precision = 6;
+ if (dp->precision_start != dp->precision_end)
+ {
+ if (dp->precision_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->precision_arg_index].a.a_int;
+ /* "A negative precision is taken as if the precision
+ were omitted." */
+ if (arg >= 0)
+ {
+ precision = arg;
+ has_precision = 1;
+ }
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->precision_start + 1;
+
+ precision = 0;
+ while (digitp != dp->precision_end)
+ precision = xsum (xtimes (precision, 10), *digitp++ - '0');
+ has_precision = 1;
+ }
+ }
+
+# if WIDE_CHAR_VERSION
+ /* %s in vasnwprintf. See the specification of fwprintf. */
+ {
+ const char *arg = a.arg[dp->arg_index].a.a_string;
+ const char *arg_end;
+ size_t characters;
+
+ if (has_precision)
+ {
+ /* Use only as many bytes as needed to produce PRECISION
+ wide characters, from the left. */
+# if HAVE_MBRTOWC
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ arg_end = arg;
+ characters = 0;
+ for (; precision > 0; precision--)
+ {
+ int count;
+# if HAVE_MBRTOWC
+ count = mbrlen (arg_end, MB_CUR_MAX, &state);
+# else
+ count = mblen (arg_end, MB_CUR_MAX);
+# endif
+ if (count == 0)
+ /* Found the terminating NUL. */
+ break;
+ if (count < 0)
+ {
+ /* Invalid or incomplete multibyte character. */
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else if (has_width)
+ {
+ /* Use the entire string, and count the number of wide
+ characters. */
+# if HAVE_MBRTOWC
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ arg_end = arg;
+ characters = 0;
+ for (;;)
+ {
+ int count;
+# if HAVE_MBRTOWC
+ count = mbrlen (arg_end, MB_CUR_MAX, &state);
+# else
+ count = mblen (arg_end, MB_CUR_MAX);
+# endif
+ if (count == 0)
+ /* Found the terminating NUL. */
+ break;
+ if (count < 0)
+ {
+ /* Invalid or incomplete multibyte character. */
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end += count;
+ characters++;
+ }
+ }
+ else
+ {
+ /* Use the entire string. */
+ arg_end = arg + strlen (arg);
+ /* The number of characters doesn't matter. */
+ characters = 0;
+ }
+
+ if (has_width && width > characters
+ && !(dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+
+ if (has_precision || has_width)
+ {
+ /* We know the number of wide characters in advance. */
+ size_t remaining;
+# if HAVE_MBRTOWC
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ ENSURE_ALLOCATION (xsum (length, characters));
+ for (remaining = characters; remaining > 0; remaining--)
+ {
+ wchar_t wc;
+ int count;
+# if HAVE_MBRTOWC
+ count = mbrtowc (&wc, arg, arg_end - arg, &state);
+# else
+ count = mbtowc (&wc, arg, arg_end - arg);
+# endif
+ if (count <= 0)
+ /* mbrtowc not consistent with mbrlen, or mbtowc
+ not consistent with mblen. */
+ abort ();
+ result[length++] = wc;
+ arg += count;
+ }
+ if (!(arg == arg_end))
+ abort ();
+ }
+ else
+ {
+# if HAVE_MBRTOWC
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ while (arg < arg_end)
+ {
+ wchar_t wc;
+ int count;
+# if HAVE_MBRTOWC
+ count = mbrtowc (&wc, arg, arg_end - arg, &state);
+# else
+ count = mbtowc (&wc, arg, arg_end - arg);
+# endif
+ if (count <= 0)
+ /* mbrtowc not consistent with mbrlen, or mbtowc
+ not consistent with mblen. */
+ abort ();
+ ENSURE_ALLOCATION (xsum (length, 1));
+ result[length++] = wc;
+ arg += count;
+ }
+ }
+
+ if (has_width && width > characters
+ && (dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - characters;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+ }
+# else
+ /* %ls in vasnprintf. See the specification of fprintf. */
+ {
+ const wchar_t *arg = a.arg[dp->arg_index].a.a_wide_string;
+ const wchar_t *arg_end;
+ size_t characters;
+# if !DCHAR_IS_TCHAR
+ /* This code assumes that TCHAR_T is 'char'. */
+ verify (sizeof (TCHAR_T) == 1);
+ TCHAR_T *tmpsrc;
+ DCHAR_T *tmpdst;
+ size_t tmpdst_len;
+# endif
+ size_t w;
+
+ if (has_precision)
+ {
+ /* Use only as many wide characters as needed to produce
+ at most PRECISION bytes, from the left. */
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ arg_end = arg;
+ characters = 0;
+ while (precision > 0)
+ {
+ char cbuf[64]; /* Assume MB_CUR_MAX <= 64. */
+ int count;
+
+ if (*arg_end == 0)
+ /* Found the terminating null wide character. */
+ break;
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ count = wcrtomb (cbuf, *arg_end, &state);
+# else
+ count = wctomb (cbuf, *arg_end);
+# endif
+ if (count < 0)
+ {
+ /* Cannot convert. */
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ if (precision < count)
+ break;
+ arg_end++;
+ characters += count;
+ precision -= count;
+ }
+ }
+# if DCHAR_IS_TCHAR
+ else if (has_width)
+# else
+ else
+# endif
+ {
+ /* Use the entire string, and count the number of
+ bytes. */
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ arg_end = arg;
+ characters = 0;
+ for (;;)
+ {
+ char cbuf[64]; /* Assume MB_CUR_MAX <= 64. */
+ int count;
+
+ if (*arg_end == 0)
+ /* Found the terminating null wide character. */
+ break;
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ count = wcrtomb (cbuf, *arg_end, &state);
+# else
+ count = wctomb (cbuf, *arg_end);
+# endif
+ if (count < 0)
+ {
+ /* Cannot convert. */
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ arg_end++;
+ characters += count;
+ }
+ }
+# if DCHAR_IS_TCHAR
+ else
+ {
+ /* Use the entire string. */
+ arg_end = arg + local_wcslen (arg);
+ /* The number of bytes doesn't matter. */
+ characters = 0;
+ }
+# endif
+
+# if !DCHAR_IS_TCHAR
+ /* Convert the string into a piece of temporary memory. */
+ tmpsrc = (TCHAR_T *) malloc (characters * sizeof (TCHAR_T));
+ if (tmpsrc == NULL)
+ goto out_of_memory;
+ {
+ TCHAR_T *tmpptr = tmpsrc;
+ size_t remaining;
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ for (remaining = characters; remaining > 0; )
+ {
+ char cbuf[64]; /* Assume MB_CUR_MAX <= 64. */
+ int count;
+
+ if (*arg == 0)
+ abort ();
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ count = wcrtomb (cbuf, *arg, &state);
+# else
+ count = wctomb (cbuf, *arg);
+# endif
+ if (count <= 0)
+ /* Inconsistency. */
+ abort ();
+ memcpy (tmpptr, cbuf, count);
+ tmpptr += count;
+ arg++;
+ remaining -= count;
+ }
+ if (!(arg == arg_end))
+ abort ();
+ }
+
+ /* Convert from TCHAR_T[] to DCHAR_T[]. */
+ tmpdst =
+ DCHAR_CONV_FROM_ENCODING (locale_charset (),
+ iconveh_question_mark,
+ tmpsrc, characters,
+ NULL,
+ NULL, &tmpdst_len);
+ if (tmpdst == NULL)
+ {
+ int saved_errno = errno;
+ free (tmpsrc);
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = saved_errno;
+ return NULL;
+ }
+ free (tmpsrc);
+# endif
+
+ if (has_width)
+ {
+# if ENABLE_UNISTDIO
+ /* Outside POSIX, it's preferrable to compare the width
+ against the number of _characters_ of the converted
+ value. */
+ w = DCHAR_MBSNLEN (result + length, characters);
+# else
+ /* The width is compared against the number of _bytes_
+ of the converted value, says POSIX. */
+ w = characters;
+# endif
+ }
+ else
+ /* w doesn't matter. */
+ w = 0;
+
+ if (has_width && width > w
+ && !(dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - w;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+
+# if DCHAR_IS_TCHAR
+ if (has_precision || has_width)
+ {
+ /* We know the number of bytes in advance. */
+ size_t remaining;
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ ENSURE_ALLOCATION (xsum (length, characters));
+ for (remaining = characters; remaining > 0; )
+ {
+ char cbuf[64]; /* Assume MB_CUR_MAX <= 64. */
+ int count;
+
+ if (*arg == 0)
+ abort ();
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ count = wcrtomb (cbuf, *arg, &state);
+# else
+ count = wctomb (cbuf, *arg);
+# endif
+ if (count <= 0)
+ /* Inconsistency. */
+ abort ();
+ memcpy (result + length, cbuf, count);
+ length += count;
+ arg++;
+ remaining -= count;
+ }
+ if (!(arg == arg_end))
+ abort ();
+ }
+ else
+ {
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ mbstate_t state;
+ memset (&state, '\0', sizeof (mbstate_t));
+# endif
+ while (arg < arg_end)
+ {
+ char cbuf[64]; /* Assume MB_CUR_MAX <= 64. */
+ int count;
+
+ if (*arg == 0)
+ abort ();
+# if HAVE_WCRTOMB && !defined GNULIB_defined_mbstate_t
+ count = wcrtomb (cbuf, *arg, &state);
+# else
+ count = wctomb (cbuf, *arg);
+# endif
+ if (count <= 0)
+ {
+ /* Cannot convert. */
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EILSEQ;
+ return NULL;
+ }
+ ENSURE_ALLOCATION (xsum (length, count));
+ memcpy (result + length, cbuf, count);
+ length += count;
+ arg++;
+ }
+ }
+# else
+ ENSURE_ALLOCATION (xsum (length, tmpdst_len));
+ DCHAR_CPY (result + length, tmpdst, tmpdst_len);
+ free (tmpdst);
+ length += tmpdst_len;
+# endif
+
+ if (has_width && width > w
+ && (dp->flags & FLAG_LEFT))
+ {
+ size_t n = width - w;
+ ENSURE_ALLOCATION (xsum (length, n));
+ DCHAR_SET (result + length, ' ', n);
+ length += n;
+ }
+ }
+# endif
+ }
+#endif
+#if (NEED_PRINTF_DIRECTIVE_A || NEED_PRINTF_LONG_DOUBLE || NEED_PRINTF_DOUBLE) && !defined IN_LIBINTL
+ else if ((dp->conversion == 'a' || dp->conversion == 'A')
+# if !(NEED_PRINTF_DIRECTIVE_A || (NEED_PRINTF_LONG_DOUBLE && NEED_PRINTF_DOUBLE))
+ && (0
+# if NEED_PRINTF_DOUBLE
+ || a.arg[dp->arg_index].type == TYPE_DOUBLE
+# endif
+# if NEED_PRINTF_LONG_DOUBLE
+ || a.arg[dp->arg_index].type == TYPE_LONGDOUBLE
+# endif
+ )
+# endif
+ )
+ {
+ arg_type type = a.arg[dp->arg_index].type;
+ int flags = dp->flags;
+ int has_width;
+ size_t width;
+ int has_precision;
+ size_t precision;
+ size_t tmp_length;
+ DCHAR_T tmpbuf[700];
+ DCHAR_T *tmp;
+ DCHAR_T *pad_ptr;
+ DCHAR_T *p;
+
+ has_width = 0;
+ width = 0;
+ if (dp->width_start != dp->width_end)
+ {
+ if (dp->width_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->width_arg_index].a.a_int;
+ if (arg < 0)
+ {
+ /* "A negative field width is taken as a '-' flag
+ followed by a positive field width." */
+ flags |= FLAG_LEFT;
+ width = (unsigned int) (-arg);
+ }
+ else
+ width = arg;
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->width_start;
+
+ do
+ width = xsum (xtimes (width, 10), *digitp++ - '0');
+ while (digitp != dp->width_end);
+ }
+ has_width = 1;
+ }
+
+ has_precision = 0;
+ precision = 0;
+ if (dp->precision_start != dp->precision_end)
+ {
+ if (dp->precision_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->precision_arg_index].a.a_int;
+ /* "A negative precision is taken as if the precision
+ were omitted." */
+ if (arg >= 0)
+ {
+ precision = arg;
+ has_precision = 1;
+ }
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->precision_start + 1;
+
+ precision = 0;
+ while (digitp != dp->precision_end)
+ precision = xsum (xtimes (precision, 10), *digitp++ - '0');
+ has_precision = 1;
+ }
+ }
+
+ /* Allocate a temporary buffer of sufficient size. */
+ if (type == TYPE_LONGDOUBLE)
+ tmp_length =
+ (unsigned int) ((LDBL_DIG + 1)
+ * 0.831 /* decimal -> hexadecimal */
+ )
+ + 1; /* turn floor into ceil */
+ else
+ tmp_length =
+ (unsigned int) ((DBL_DIG + 1)
+ * 0.831 /* decimal -> hexadecimal */
+ )
+ + 1; /* turn floor into ceil */
+ if (tmp_length < precision)
+ tmp_length = precision;
+ /* Account for sign, decimal point etc. */
+ tmp_length = xsum (tmp_length, 12);
+
+ if (tmp_length < width)
+ tmp_length = width;
+
+ tmp_length = xsum (tmp_length, 1); /* account for trailing NUL */
+
+ if (tmp_length <= sizeof (tmpbuf) / sizeof (DCHAR_T))
+ tmp = tmpbuf;
+ else
+ {
+ size_t tmp_memsize = xtimes (tmp_length, sizeof (DCHAR_T));
+
+ if (size_overflow_p (tmp_memsize))
+ /* Overflow, would lead to out of memory. */
+ goto out_of_memory;
+ tmp = (DCHAR_T *) malloc (tmp_memsize);
+ if (tmp == NULL)
+ /* Out of memory. */
+ goto out_of_memory;
+ }
+
+ pad_ptr = NULL;
+ p = tmp;
+ if (type == TYPE_LONGDOUBLE)
+ {
+# if NEED_PRINTF_DIRECTIVE_A || NEED_PRINTF_LONG_DOUBLE
+ long double arg = a.arg[dp->arg_index].a.a_longdouble;
+
+ if (isnanl (arg))
+ {
+ if (dp->conversion == 'A')
+ {
+ *p++ = 'N'; *p++ = 'A'; *p++ = 'N';
+ }
+ else
+ {
+ *p++ = 'n'; *p++ = 'a'; *p++ = 'n';
+ }
+ }
+ else
+ {
+ int sign = 0;
+ DECL_LONG_DOUBLE_ROUNDING
+
+ BEGIN_LONG_DOUBLE_ROUNDING ();
+
+ if (signbit (arg)) /* arg < 0.0L or negative zero */
+ {
+ sign = -1;
+ arg = -arg;
+ }
+
+ if (sign < 0)
+ *p++ = '-';
+ else if (flags & FLAG_SHOWSIGN)
+ *p++ = '+';
+ else if (flags & FLAG_SPACE)
+ *p++ = ' ';
+
+ if (arg > 0.0L && arg + arg == arg)
+ {
+ if (dp->conversion == 'A')
+ {
+ *p++ = 'I'; *p++ = 'N'; *p++ = 'F';
+ }
+ else
+ {
+ *p++ = 'i'; *p++ = 'n'; *p++ = 'f';
+ }
+ }
+ else
+ {
+ int exponent;
+ long double mantissa;
+
+ if (arg > 0.0L)
+ mantissa = printf_frexpl (arg, &exponent);
+ else
+ {
+ exponent = 0;
+ mantissa = 0.0L;
+ }
+
+ if (has_precision
+ && precision < (unsigned int) ((LDBL_DIG + 1) * 0.831) + 1)
+ {
+ /* Round the mantissa. */
+ long double tail = mantissa;
+ size_t q;
+
+ for (q = precision; ; q--)
+ {
+ int digit = (int) tail;
+ tail -= digit;
+ if (q == 0)
+ {
+ if (digit & 1 ? tail >= 0.5L : tail > 0.5L)
+ tail = 1 - tail;
+ else
+ tail = - tail;
+ break;
+ }
+ tail *= 16.0L;
+ }
+ if (tail != 0.0L)
+ for (q = precision; q > 0; q--)
+ tail *= 0.0625L;
+ mantissa += tail;
+ }
+
+ *p++ = '0';
+ *p++ = dp->conversion - 'A' + 'X';
+ pad_ptr = p;
+ {
+ int digit;
+
+ digit = (int) mantissa;
+ mantissa -= digit;
+ *p++ = '0' + digit;
+ if ((flags & FLAG_ALT)
+ || mantissa > 0.0L || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ /* This loop terminates because we assume
+ that FLT_RADIX is a power of 2. */
+ while (mantissa > 0.0L)
+ {
+ mantissa *= 16.0L;
+ digit = (int) mantissa;
+ mantissa -= digit;
+ *p++ = digit
+ + (digit < 10
+ ? '0'
+ : dp->conversion - 10);
+ if (precision > 0)
+ precision--;
+ }
+ while (precision > 0)
+ {
+ *p++ = '0';
+ precision--;
+ }
+ }
+ }
+ *p++ = dp->conversion - 'A' + 'P';
+# if WIDE_CHAR_VERSION
+ {
+ static const wchar_t decimal_format[] =
+ { '%', '+', 'd', '\0' };
+ SNPRINTF (p, 6 + 1, decimal_format, exponent);
+ }
+ while (*p != '\0')
+ p++;
+# else
+ if (sizeof (DCHAR_T) == 1)
+ {
+ sprintf ((char *) p, "%+d", exponent);
+ while (*p != '\0')
+ p++;
+ }
+ else
+ {
+ char expbuf[6 + 1];
+ const char *ep;
+ sprintf (expbuf, "%+d", exponent);
+ for (ep = expbuf; (*p = *ep) != '\0'; ep++)
+ p++;
+ }
+# endif
+ }
+
+ END_LONG_DOUBLE_ROUNDING ();
+ }
+# else
+ abort ();
+# endif
+ }
+ else
+ {
+# if NEED_PRINTF_DIRECTIVE_A || NEED_PRINTF_DOUBLE
+ double arg = a.arg[dp->arg_index].a.a_double;
+
+ if (isnand (arg))
+ {
+ if (dp->conversion == 'A')
+ {
+ *p++ = 'N'; *p++ = 'A'; *p++ = 'N';
+ }
+ else
+ {
+ *p++ = 'n'; *p++ = 'a'; *p++ = 'n';
+ }
+ }
+ else
+ {
+ int sign = 0;
+
+ if (signbit (arg)) /* arg < 0.0 or negative zero */
+ {
+ sign = -1;
+ arg = -arg;
+ }
+
+ if (sign < 0)
+ *p++ = '-';
+ else if (flags & FLAG_SHOWSIGN)
+ *p++ = '+';
+ else if (flags & FLAG_SPACE)
+ *p++ = ' ';
+
+ if (arg > 0.0 && arg + arg == arg)
+ {
+ if (dp->conversion == 'A')
+ {
+ *p++ = 'I'; *p++ = 'N'; *p++ = 'F';
+ }
+ else
+ {
+ *p++ = 'i'; *p++ = 'n'; *p++ = 'f';
+ }
+ }
+ else
+ {
+ int exponent;
+ double mantissa;
+
+ if (arg > 0.0)
+ mantissa = printf_frexp (arg, &exponent);
+ else
+ {
+ exponent = 0;
+ mantissa = 0.0;
+ }
+
+ if (has_precision
+ && precision < (unsigned int) ((DBL_DIG + 1) * 0.831) + 1)
+ {
+ /* Round the mantissa. */
+ double tail = mantissa;
+ size_t q;
+
+ for (q = precision; ; q--)
+ {
+ int digit = (int) tail;
+ tail -= digit;
+ if (q == 0)
+ {
+ if (digit & 1 ? tail >= 0.5 : tail > 0.5)
+ tail = 1 - tail;
+ else
+ tail = - tail;
+ break;
+ }
+ tail *= 16.0;
+ }
+ if (tail != 0.0)
+ for (q = precision; q > 0; q--)
+ tail *= 0.0625;
+ mantissa += tail;
+ }
+
+ *p++ = '0';
+ *p++ = dp->conversion - 'A' + 'X';
+ pad_ptr = p;
+ {
+ int digit;
+
+ digit = (int) mantissa;
+ mantissa -= digit;
+ *p++ = '0' + digit;
+ if ((flags & FLAG_ALT)
+ || mantissa > 0.0 || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ /* This loop terminates because we assume
+ that FLT_RADIX is a power of 2. */
+ while (mantissa > 0.0)
+ {
+ mantissa *= 16.0;
+ digit = (int) mantissa;
+ mantissa -= digit;
+ *p++ = digit
+ + (digit < 10
+ ? '0'
+ : dp->conversion - 10);
+ if (precision > 0)
+ precision--;
+ }
+ while (precision > 0)
+ {
+ *p++ = '0';
+ precision--;
+ }
+ }
+ }
+ *p++ = dp->conversion - 'A' + 'P';
+# if WIDE_CHAR_VERSION
+ {
+ static const wchar_t decimal_format[] =
+ { '%', '+', 'd', '\0' };
+ SNPRINTF (p, 6 + 1, decimal_format, exponent);
+ }
+ while (*p != '\0')
+ p++;
+# else
+ if (sizeof (DCHAR_T) == 1)
+ {
+ sprintf ((char *) p, "%+d", exponent);
+ while (*p != '\0')
+ p++;
+ }
+ else
+ {
+ char expbuf[6 + 1];
+ const char *ep;
+ sprintf (expbuf, "%+d", exponent);
+ for (ep = expbuf; (*p = *ep) != '\0'; ep++)
+ p++;
+ }
+# endif
+ }
+ }
+# else
+ abort ();
+# endif
+ }
+ /* The generated string now extends from tmp to p, with the
+ zero padding insertion point being at pad_ptr. */
+ if (has_width && p - tmp < width)
+ {
+ size_t pad = width - (p - tmp);
+ DCHAR_T *end = p + pad;
+
+ if (flags & FLAG_LEFT)
+ {
+ /* Pad with spaces on the right. */
+ for (; pad > 0; pad--)
+ *p++ = ' ';
+ }
+ else if ((flags & FLAG_ZERO) && pad_ptr != NULL)
+ {
+ /* Pad with zeroes. */
+ DCHAR_T *q = end;
+
+ while (p > pad_ptr)
+ *--q = *--p;
+ for (; pad > 0; pad--)
+ *p++ = '0';
+ }
+ else
+ {
+ /* Pad with spaces on the left. */
+ DCHAR_T *q = end;
+
+ while (p > tmp)
+ *--q = *--p;
+ for (; pad > 0; pad--)
+ *p++ = ' ';
+ }
+
+ p = end;
+ }
+
+ {
+ size_t count = p - tmp;
+
+ if (count >= tmp_length)
+ /* tmp_length was incorrectly calculated - fix the
+ code above! */
+ abort ();
+
+ /* Make room for the result. */
+ if (count >= allocated - length)
+ {
+ size_t n = xsum (length, count);
+
+ ENSURE_ALLOCATION (n);
+ }
+
+ /* Append the result. */
+ memcpy (result + length, tmp, count * sizeof (DCHAR_T));
+ if (tmp != tmpbuf)
+ free (tmp);
+ length += count;
+ }
+ }
+#endif
+#if (NEED_PRINTF_INFINITE_DOUBLE || NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_LONG_DOUBLE || NEED_PRINTF_LONG_DOUBLE) && !defined IN_LIBINTL
+ else if ((dp->conversion == 'f' || dp->conversion == 'F'
+ || dp->conversion == 'e' || dp->conversion == 'E'
+ || dp->conversion == 'g' || dp->conversion == 'G'
+ || dp->conversion == 'a' || dp->conversion == 'A')
+ && (0
+# if NEED_PRINTF_DOUBLE
+ || a.arg[dp->arg_index].type == TYPE_DOUBLE
+# elif NEED_PRINTF_INFINITE_DOUBLE
+ || (a.arg[dp->arg_index].type == TYPE_DOUBLE
+ /* The systems (mingw) which produce wrong output
+ for Inf, -Inf, and NaN also do so for -0.0.
+ Therefore we treat this case here as well. */
+ && is_infinite_or_zero (a.arg[dp->arg_index].a.a_double))
+# endif
+# if NEED_PRINTF_LONG_DOUBLE
+ || a.arg[dp->arg_index].type == TYPE_LONGDOUBLE
+# elif NEED_PRINTF_INFINITE_LONG_DOUBLE
+ || (a.arg[dp->arg_index].type == TYPE_LONGDOUBLE
+ /* Some systems produce wrong output for Inf,
+ -Inf, and NaN. Some systems in this category
+ (IRIX 5.3) also do so for -0.0. Therefore we
+ treat this case here as well. */
+ && is_infinite_or_zerol (a.arg[dp->arg_index].a.a_longdouble))
+# endif
+ ))
+ {
+# if (NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_DOUBLE) && (NEED_PRINTF_LONG_DOUBLE || NEED_PRINTF_INFINITE_LONG_DOUBLE)
+ arg_type type = a.arg[dp->arg_index].type;
+# endif
+ int flags = dp->flags;
+ int has_width;
+ size_t width;
+ int has_precision;
+ size_t precision;
+ size_t tmp_length;
+ DCHAR_T tmpbuf[700];
+ DCHAR_T *tmp;
+ DCHAR_T *pad_ptr;
+ DCHAR_T *p;
+
+ has_width = 0;
+ width = 0;
+ if (dp->width_start != dp->width_end)
+ {
+ if (dp->width_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->width_arg_index].a.a_int;
+ if (arg < 0)
+ {
+ /* "A negative field width is taken as a '-' flag
+ followed by a positive field width." */
+ flags |= FLAG_LEFT;
+ width = (unsigned int) (-arg);
+ }
+ else
+ width = arg;
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->width_start;
+
+ do
+ width = xsum (xtimes (width, 10), *digitp++ - '0');
+ while (digitp != dp->width_end);
+ }
+ has_width = 1;
+ }
+
+ has_precision = 0;
+ precision = 0;
+ if (dp->precision_start != dp->precision_end)
+ {
+ if (dp->precision_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->precision_arg_index].a.a_int;
+ /* "A negative precision is taken as if the precision
+ were omitted." */
+ if (arg >= 0)
+ {
+ precision = arg;
+ has_precision = 1;
+ }
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->precision_start + 1;
+
+ precision = 0;
+ while (digitp != dp->precision_end)
+ precision = xsum (xtimes (precision, 10), *digitp++ - '0');
+ has_precision = 1;
+ }
+ }
+
+ /* POSIX specifies the default precision to be 6 for %f, %F,
+ %e, %E, but not for %g, %G. Implementations appear to use
+ the same default precision also for %g, %G. But for %a, %A,
+ the default precision is 0. */
+ if (!has_precision)
+ if (!(dp->conversion == 'a' || dp->conversion == 'A'))
+ precision = 6;
+
+ /* Allocate a temporary buffer of sufficient size. */
+# if NEED_PRINTF_DOUBLE && NEED_PRINTF_LONG_DOUBLE
+ tmp_length = (type == TYPE_LONGDOUBLE ? LDBL_DIG + 1 : DBL_DIG + 1);
+# elif NEED_PRINTF_INFINITE_DOUBLE && NEED_PRINTF_LONG_DOUBLE
+ tmp_length = (type == TYPE_LONGDOUBLE ? LDBL_DIG + 1 : 0);
+# elif NEED_PRINTF_LONG_DOUBLE
+ tmp_length = LDBL_DIG + 1;
+# elif NEED_PRINTF_DOUBLE
+ tmp_length = DBL_DIG + 1;
+# else
+ tmp_length = 0;
+# endif
+ if (tmp_length < precision)
+ tmp_length = precision;
+# if NEED_PRINTF_LONG_DOUBLE
+# if NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_DOUBLE
+ if (type == TYPE_LONGDOUBLE)
+# endif
+ if (dp->conversion == 'f' || dp->conversion == 'F')
+ {
+ long double arg = a.arg[dp->arg_index].a.a_longdouble;
+ if (!(isnanl (arg) || arg + arg == arg))
+ {
+ /* arg is finite and nonzero. */
+ int exponent = floorlog10l (arg < 0 ? -arg : arg);
+ if (exponent >= 0 && tmp_length < exponent + precision)
+ tmp_length = exponent + precision;
+ }
+ }
+# endif
+# if NEED_PRINTF_DOUBLE
+# if NEED_PRINTF_LONG_DOUBLE || NEED_PRINTF_INFINITE_LONG_DOUBLE
+ if (type == TYPE_DOUBLE)
+# endif
+ if (dp->conversion == 'f' || dp->conversion == 'F')
+ {
+ double arg = a.arg[dp->arg_index].a.a_double;
+ if (!(isnand (arg) || arg + arg == arg))
+ {
+ /* arg is finite and nonzero. */
+ int exponent = floorlog10 (arg < 0 ? -arg : arg);
+ if (exponent >= 0 && tmp_length < exponent + precision)
+ tmp_length = exponent + precision;
+ }
+ }
+# endif
+ /* Account for sign, decimal point etc. */
+ tmp_length = xsum (tmp_length, 12);
+
+ if (tmp_length < width)
+ tmp_length = width;
+
+ tmp_length = xsum (tmp_length, 1); /* account for trailing NUL */
+
+ if (tmp_length <= sizeof (tmpbuf) / sizeof (DCHAR_T))
+ tmp = tmpbuf;
+ else
+ {
+ size_t tmp_memsize = xtimes (tmp_length, sizeof (DCHAR_T));
+
+ if (size_overflow_p (tmp_memsize))
+ /* Overflow, would lead to out of memory. */
+ goto out_of_memory;
+ tmp = (DCHAR_T *) malloc (tmp_memsize);
+ if (tmp == NULL)
+ /* Out of memory. */
+ goto out_of_memory;
+ }
+
+ pad_ptr = NULL;
+ p = tmp;
+
+# if NEED_PRINTF_LONG_DOUBLE || NEED_PRINTF_INFINITE_LONG_DOUBLE
+# if NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_DOUBLE
+ if (type == TYPE_LONGDOUBLE)
+# endif
+ {
+ long double arg = a.arg[dp->arg_index].a.a_longdouble;
+
+ if (isnanl (arg))
+ {
+ if (dp->conversion >= 'A' && dp->conversion <= 'Z')
+ {
+ *p++ = 'N'; *p++ = 'A'; *p++ = 'N';
+ }
+ else
+ {
+ *p++ = 'n'; *p++ = 'a'; *p++ = 'n';
+ }
+ }
+ else
+ {
+ int sign = 0;
+ DECL_LONG_DOUBLE_ROUNDING
+
+ BEGIN_LONG_DOUBLE_ROUNDING ();
+
+ if (signbit (arg)) /* arg < 0.0L or negative zero */
+ {
+ sign = -1;
+ arg = -arg;
+ }
+
+ if (sign < 0)
+ *p++ = '-';
+ else if (flags & FLAG_SHOWSIGN)
+ *p++ = '+';
+ else if (flags & FLAG_SPACE)
+ *p++ = ' ';
+
+ if (arg > 0.0L && arg + arg == arg)
+ {
+ if (dp->conversion >= 'A' && dp->conversion <= 'Z')
+ {
+ *p++ = 'I'; *p++ = 'N'; *p++ = 'F';
+ }
+ else
+ {
+ *p++ = 'i'; *p++ = 'n'; *p++ = 'f';
+ }
+ }
+ else
+ {
+# if NEED_PRINTF_LONG_DOUBLE
+ pad_ptr = p;
+
+ if (dp->conversion == 'f' || dp->conversion == 'F')
+ {
+ char *digits;
+ size_t ndigits;
+
+ digits =
+ scale10_round_decimal_long_double (arg, precision);
+ if (digits == NULL)
+ {
+ END_LONG_DOUBLE_ROUNDING ();
+ goto out_of_memory;
+ }
+ ndigits = strlen (digits);
+
+ if (ndigits > precision)
+ do
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ while (ndigits > precision);
+ else
+ *p++ = '0';
+ /* Here ndigits <= precision. */
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > ndigits; precision--)
+ *p++ = '0';
+ while (ndigits > 0)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+
+ free (digits);
+ }
+ else if (dp->conversion == 'e' || dp->conversion == 'E')
+ {
+ int exponent;
+
+ if (arg == 0.0L)
+ {
+ exponent = 0;
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > 0; precision--)
+ *p++ = '0';
+ }
+ }
+ else
+ {
+ /* arg > 0.0L. */
+ int adjusted;
+ char *digits;
+ size_t ndigits;
+
+ exponent = floorlog10l (arg);
+ adjusted = 0;
+ for (;;)
+ {
+ digits =
+ scale10_round_decimal_long_double (arg,
+ (int)precision - exponent);
+ if (digits == NULL)
+ {
+ END_LONG_DOUBLE_ROUNDING ();
+ goto out_of_memory;
+ }
+ ndigits = strlen (digits);
+
+ if (ndigits == precision + 1)
+ break;
+ if (ndigits < precision
+ || ndigits > precision + 2)
+ /* The exponent was not guessed
+ precisely enough. */
+ abort ();
+ if (adjusted)
+ /* None of two values of exponent is
+ the right one. Prevent an endless
+ loop. */
+ abort ();
+ free (digits);
+ if (ndigits == precision)
+ exponent -= 1;
+ else
+ exponent += 1;
+ adjusted = 1;
+ }
+ /* Here ndigits = precision+1. */
+ if (is_borderline (digits, precision))
+ {
+ /* Maybe the exponent guess was too high
+ and a smaller exponent can be reached
+ by turning a 10...0 into 9...9x. */
+ char *digits2 =
+ scale10_round_decimal_long_double (arg,
+ (int)precision - exponent + 1);
+ if (digits2 == NULL)
+ {
+ free (digits);
+ END_LONG_DOUBLE_ROUNDING ();
+ goto out_of_memory;
+ }
+ if (strlen (digits2) == precision + 1)
+ {
+ free (digits);
+ digits = digits2;
+ exponent -= 1;
+ }
+ else
+ free (digits2);
+ }
+ /* Here ndigits = precision+1. */
+
+ *p++ = digits[--ndigits];
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > 0)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+
+ free (digits);
+ }
+
+ *p++ = dp->conversion; /* 'e' or 'E' */
+# if WIDE_CHAR_VERSION
+ {
+ static const wchar_t decimal_format[] =
+ { '%', '+', '.', '2', 'd', '\0' };
+ SNPRINTF (p, 6 + 1, decimal_format, exponent);
+ }
+ while (*p != '\0')
+ p++;
+# else
+ if (sizeof (DCHAR_T) == 1)
+ {
+ sprintf ((char *) p, "%+.2d", exponent);
+ while (*p != '\0')
+ p++;
+ }
+ else
+ {
+ char expbuf[6 + 1];
+ const char *ep;
+ sprintf (expbuf, "%+.2d", exponent);
+ for (ep = expbuf; (*p = *ep) != '\0'; ep++)
+ p++;
+ }
+# endif
+ }
+ else if (dp->conversion == 'g' || dp->conversion == 'G')
+ {
+ if (precision == 0)
+ precision = 1;
+ /* precision >= 1. */
+
+ if (arg == 0.0L)
+ /* The exponent is 0, >= -4, < precision.
+ Use fixed-point notation. */
+ {
+ size_t ndigits = precision;
+ /* Number of trailing zeroes that have to be
+ dropped. */
+ size_t nzeroes =
+ (flags & FLAG_ALT ? 0 : precision - 1);
+
+ --ndigits;
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || ndigits > nzeroes)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = '0';
+ }
+ }
+ }
+ else
+ {
+ /* arg > 0.0L. */
+ int exponent;
+ int adjusted;
+ char *digits;
+ size_t ndigits;
+ size_t nzeroes;
+
+ exponent = floorlog10l (arg);
+ adjusted = 0;
+ for (;;)
+ {
+ digits =
+ scale10_round_decimal_long_double (arg,
+ (int)(precision - 1) - exponent);
+ if (digits == NULL)
+ {
+ END_LONG_DOUBLE_ROUNDING ();
+ goto out_of_memory;
+ }
+ ndigits = strlen (digits);
+
+ if (ndigits == precision)
+ break;
+ if (ndigits < precision - 1
+ || ndigits > precision + 1)
+ /* The exponent was not guessed
+ precisely enough. */
+ abort ();
+ if (adjusted)
+ /* None of two values of exponent is
+ the right one. Prevent an endless
+ loop. */
+ abort ();
+ free (digits);
+ if (ndigits < precision)
+ exponent -= 1;
+ else
+ exponent += 1;
+ adjusted = 1;
+ }
+ /* Here ndigits = precision. */
+ if (is_borderline (digits, precision - 1))
+ {
+ /* Maybe the exponent guess was too high
+ and a smaller exponent can be reached
+ by turning a 10...0 into 9...9x. */
+ char *digits2 =
+ scale10_round_decimal_long_double (arg,
+ (int)(precision - 1) - exponent + 1);
+ if (digits2 == NULL)
+ {
+ free (digits);
+ END_LONG_DOUBLE_ROUNDING ();
+ goto out_of_memory;
+ }
+ if (strlen (digits2) == precision)
+ {
+ free (digits);
+ digits = digits2;
+ exponent -= 1;
+ }
+ else
+ free (digits2);
+ }
+ /* Here ndigits = precision. */
+
+ /* Determine the number of trailing zeroes
+ that have to be dropped. */
+ nzeroes = 0;
+ if ((flags & FLAG_ALT) == 0)
+ while (nzeroes < ndigits
+ && digits[nzeroes] == '0')
+ nzeroes++;
+
+ /* The exponent is now determined. */
+ if (exponent >= -4
+ && exponent < (long)precision)
+ {
+ /* Fixed-point notation:
+ max(exponent,0)+1 digits, then the
+ decimal point, then the remaining
+ digits without trailing zeroes. */
+ if (exponent >= 0)
+ {
+ size_t count = exponent + 1;
+ /* Note: count <= precision = ndigits. */
+ for (; count > 0; count--)
+ *p++ = digits[--ndigits];
+ if ((flags & FLAG_ALT) || ndigits > nzeroes)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+ }
+ else
+ {
+ size_t count = -exponent - 1;
+ *p++ = '0';
+ *p++ = decimal_point_char ();
+ for (; count > 0; count--)
+ *p++ = '0';
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+ }
+ else
+ {
+ /* Exponential notation. */
+ *p++ = digits[--ndigits];
+ if ((flags & FLAG_ALT) || ndigits > nzeroes)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+ *p++ = dp->conversion - 'G' + 'E'; /* 'e' or 'E' */
+# if WIDE_CHAR_VERSION
+ {
+ static const wchar_t decimal_format[] =
+ { '%', '+', '.', '2', 'd', '\0' };
+ SNPRINTF (p, 6 + 1, decimal_format, exponent);
+ }
+ while (*p != '\0')
+ p++;
+# else
+ if (sizeof (DCHAR_T) == 1)
+ {
+ sprintf ((char *) p, "%+.2d", exponent);
+ while (*p != '\0')
+ p++;
+ }
+ else
+ {
+ char expbuf[6 + 1];
+ const char *ep;
+ sprintf (expbuf, "%+.2d", exponent);
+ for (ep = expbuf; (*p = *ep) != '\0'; ep++)
+ p++;
+ }
+# endif
+ }
+
+ free (digits);
+ }
+ }
+ else
+ abort ();
+# else
+ /* arg is finite. */
+ if (!(arg == 0.0L))
+ abort ();
+
+ pad_ptr = p;
+
+ if (dp->conversion == 'f' || dp->conversion == 'F')
+ {
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > 0; precision--)
+ *p++ = '0';
+ }
+ }
+ else if (dp->conversion == 'e' || dp->conversion == 'E')
+ {
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > 0; precision--)
+ *p++ = '0';
+ }
+ *p++ = dp->conversion; /* 'e' or 'E' */
+ *p++ = '+';
+ *p++ = '0';
+ *p++ = '0';
+ }
+ else if (dp->conversion == 'g' || dp->conversion == 'G')
+ {
+ *p++ = '0';
+ if (flags & FLAG_ALT)
+ {
+ size_t ndigits =
+ (precision > 0 ? precision - 1 : 0);
+ *p++ = decimal_point_char ();
+ for (; ndigits > 0; --ndigits)
+ *p++ = '0';
+ }
+ }
+ else if (dp->conversion == 'a' || dp->conversion == 'A')
+ {
+ *p++ = '0';
+ *p++ = dp->conversion - 'A' + 'X';
+ pad_ptr = p;
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > 0; precision--)
+ *p++ = '0';
+ }
+ *p++ = dp->conversion - 'A' + 'P';
+ *p++ = '+';
+ *p++ = '0';
+ }
+ else
+ abort ();
+# endif
+ }
+
+ END_LONG_DOUBLE_ROUNDING ();
+ }
+ }
+# if NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_DOUBLE
+ else
+# endif
+# endif
+# if NEED_PRINTF_DOUBLE || NEED_PRINTF_INFINITE_DOUBLE
+ {
+ double arg = a.arg[dp->arg_index].a.a_double;
+
+ if (isnand (arg))
+ {
+ if (dp->conversion >= 'A' && dp->conversion <= 'Z')
+ {
+ *p++ = 'N'; *p++ = 'A'; *p++ = 'N';
+ }
+ else
+ {
+ *p++ = 'n'; *p++ = 'a'; *p++ = 'n';
+ }
+ }
+ else
+ {
+ int sign = 0;
+
+ if (signbit (arg)) /* arg < 0.0 or negative zero */
+ {
+ sign = -1;
+ arg = -arg;
+ }
+
+ if (sign < 0)
+ *p++ = '-';
+ else if (flags & FLAG_SHOWSIGN)
+ *p++ = '+';
+ else if (flags & FLAG_SPACE)
+ *p++ = ' ';
+
+ if (arg > 0.0 && arg + arg == arg)
+ {
+ if (dp->conversion >= 'A' && dp->conversion <= 'Z')
+ {
+ *p++ = 'I'; *p++ = 'N'; *p++ = 'F';
+ }
+ else
+ {
+ *p++ = 'i'; *p++ = 'n'; *p++ = 'f';
+ }
+ }
+ else
+ {
+# if NEED_PRINTF_DOUBLE
+ pad_ptr = p;
+
+ if (dp->conversion == 'f' || dp->conversion == 'F')
+ {
+ char *digits;
+ size_t ndigits;
+
+ digits =
+ scale10_round_decimal_double (arg, precision);
+ if (digits == NULL)
+ goto out_of_memory;
+ ndigits = strlen (digits);
+
+ if (ndigits > precision)
+ do
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ while (ndigits > precision);
+ else
+ *p++ = '0';
+ /* Here ndigits <= precision. */
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > ndigits; precision--)
+ *p++ = '0';
+ while (ndigits > 0)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+
+ free (digits);
+ }
+ else if (dp->conversion == 'e' || dp->conversion == 'E')
+ {
+ int exponent;
+
+ if (arg == 0.0)
+ {
+ exponent = 0;
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > 0; precision--)
+ *p++ = '0';
+ }
+ }
+ else
+ {
+ /* arg > 0.0. */
+ int adjusted;
+ char *digits;
+ size_t ndigits;
+
+ exponent = floorlog10 (arg);
+ adjusted = 0;
+ for (;;)
+ {
+ digits =
+ scale10_round_decimal_double (arg,
+ (int)precision - exponent);
+ if (digits == NULL)
+ goto out_of_memory;
+ ndigits = strlen (digits);
+
+ if (ndigits == precision + 1)
+ break;
+ if (ndigits < precision
+ || ndigits > precision + 2)
+ /* The exponent was not guessed
+ precisely enough. */
+ abort ();
+ if (adjusted)
+ /* None of two values of exponent is
+ the right one. Prevent an endless
+ loop. */
+ abort ();
+ free (digits);
+ if (ndigits == precision)
+ exponent -= 1;
+ else
+ exponent += 1;
+ adjusted = 1;
+ }
+ /* Here ndigits = precision+1. */
+ if (is_borderline (digits, precision))
+ {
+ /* Maybe the exponent guess was too high
+ and a smaller exponent can be reached
+ by turning a 10...0 into 9...9x. */
+ char *digits2 =
+ scale10_round_decimal_double (arg,
+ (int)precision - exponent + 1);
+ if (digits2 == NULL)
+ {
+ free (digits);
+ goto out_of_memory;
+ }
+ if (strlen (digits2) == precision + 1)
+ {
+ free (digits);
+ digits = digits2;
+ exponent -= 1;
+ }
+ else
+ free (digits2);
+ }
+ /* Here ndigits = precision+1. */
+
+ *p++ = digits[--ndigits];
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > 0)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+
+ free (digits);
+ }
+
+ *p++ = dp->conversion; /* 'e' or 'E' */
+# if WIDE_CHAR_VERSION
+ {
+ static const wchar_t decimal_format[] =
+ /* Produce the same number of exponent digits
+ as the native printf implementation. */
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ { '%', '+', '.', '3', 'd', '\0' };
+# else
+ { '%', '+', '.', '2', 'd', '\0' };
+# endif
+ SNPRINTF (p, 6 + 1, decimal_format, exponent);
+ }
+ while (*p != '\0')
+ p++;
+# else
+ {
+ static const char decimal_format[] =
+ /* Produce the same number of exponent digits
+ as the native printf implementation. */
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ "%+.3d";
+# else
+ "%+.2d";
+# endif
+ if (sizeof (DCHAR_T) == 1)
+ {
+ sprintf ((char *) p, decimal_format, exponent);
+ while (*p != '\0')
+ p++;
+ }
+ else
+ {
+ char expbuf[6 + 1];
+ const char *ep;
+ sprintf (expbuf, decimal_format, exponent);
+ for (ep = expbuf; (*p = *ep) != '\0'; ep++)
+ p++;
+ }
+ }
+# endif
+ }
+ else if (dp->conversion == 'g' || dp->conversion == 'G')
+ {
+ if (precision == 0)
+ precision = 1;
+ /* precision >= 1. */
+
+ if (arg == 0.0)
+ /* The exponent is 0, >= -4, < precision.
+ Use fixed-point notation. */
+ {
+ size_t ndigits = precision;
+ /* Number of trailing zeroes that have to be
+ dropped. */
+ size_t nzeroes =
+ (flags & FLAG_ALT ? 0 : precision - 1);
+
+ --ndigits;
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || ndigits > nzeroes)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = '0';
+ }
+ }
+ }
+ else
+ {
+ /* arg > 0.0. */
+ int exponent;
+ int adjusted;
+ char *digits;
+ size_t ndigits;
+ size_t nzeroes;
+
+ exponent = floorlog10 (arg);
+ adjusted = 0;
+ for (;;)
+ {
+ digits =
+ scale10_round_decimal_double (arg,
+ (int)(precision - 1) - exponent);
+ if (digits == NULL)
+ goto out_of_memory;
+ ndigits = strlen (digits);
+
+ if (ndigits == precision)
+ break;
+ if (ndigits < precision - 1
+ || ndigits > precision + 1)
+ /* The exponent was not guessed
+ precisely enough. */
+ abort ();
+ if (adjusted)
+ /* None of two values of exponent is
+ the right one. Prevent an endless
+ loop. */
+ abort ();
+ free (digits);
+ if (ndigits < precision)
+ exponent -= 1;
+ else
+ exponent += 1;
+ adjusted = 1;
+ }
+ /* Here ndigits = precision. */
+ if (is_borderline (digits, precision - 1))
+ {
+ /* Maybe the exponent guess was too high
+ and a smaller exponent can be reached
+ by turning a 10...0 into 9...9x. */
+ char *digits2 =
+ scale10_round_decimal_double (arg,
+ (int)(precision - 1) - exponent + 1);
+ if (digits2 == NULL)
+ {
+ free (digits);
+ goto out_of_memory;
+ }
+ if (strlen (digits2) == precision)
+ {
+ free (digits);
+ digits = digits2;
+ exponent -= 1;
+ }
+ else
+ free (digits2);
+ }
+ /* Here ndigits = precision. */
+
+ /* Determine the number of trailing zeroes
+ that have to be dropped. */
+ nzeroes = 0;
+ if ((flags & FLAG_ALT) == 0)
+ while (nzeroes < ndigits
+ && digits[nzeroes] == '0')
+ nzeroes++;
+
+ /* The exponent is now determined. */
+ if (exponent >= -4
+ && exponent < (long)precision)
+ {
+ /* Fixed-point notation:
+ max(exponent,0)+1 digits, then the
+ decimal point, then the remaining
+ digits without trailing zeroes. */
+ if (exponent >= 0)
+ {
+ size_t count = exponent + 1;
+ /* Note: count <= precision = ndigits. */
+ for (; count > 0; count--)
+ *p++ = digits[--ndigits];
+ if ((flags & FLAG_ALT) || ndigits > nzeroes)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+ }
+ else
+ {
+ size_t count = -exponent - 1;
+ *p++ = '0';
+ *p++ = decimal_point_char ();
+ for (; count > 0; count--)
+ *p++ = '0';
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+ }
+ else
+ {
+ /* Exponential notation. */
+ *p++ = digits[--ndigits];
+ if ((flags & FLAG_ALT) || ndigits > nzeroes)
+ {
+ *p++ = decimal_point_char ();
+ while (ndigits > nzeroes)
+ {
+ --ndigits;
+ *p++ = digits[ndigits];
+ }
+ }
+ *p++ = dp->conversion - 'G' + 'E'; /* 'e' or 'E' */
+# if WIDE_CHAR_VERSION
+ {
+ static const wchar_t decimal_format[] =
+ /* Produce the same number of exponent digits
+ as the native printf implementation. */
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ { '%', '+', '.', '3', 'd', '\0' };
+# else
+ { '%', '+', '.', '2', 'd', '\0' };
+# endif
+ SNPRINTF (p, 6 + 1, decimal_format, exponent);
+ }
+ while (*p != '\0')
+ p++;
+# else
+ {
+ static const char decimal_format[] =
+ /* Produce the same number of exponent digits
+ as the native printf implementation. */
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ "%+.3d";
+# else
+ "%+.2d";
+# endif
+ if (sizeof (DCHAR_T) == 1)
+ {
+ sprintf ((char *) p, decimal_format, exponent);
+ while (*p != '\0')
+ p++;
+ }
+ else
+ {
+ char expbuf[6 + 1];
+ const char *ep;
+ sprintf (expbuf, decimal_format, exponent);
+ for (ep = expbuf; (*p = *ep) != '\0'; ep++)
+ p++;
+ }
+ }
+# endif
+ }
+
+ free (digits);
+ }
+ }
+ else
+ abort ();
+# else
+ /* arg is finite. */
+ if (!(arg == 0.0))
+ abort ();
+
+ pad_ptr = p;
+
+ if (dp->conversion == 'f' || dp->conversion == 'F')
+ {
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > 0; precision--)
+ *p++ = '0';
+ }
+ }
+ else if (dp->conversion == 'e' || dp->conversion == 'E')
+ {
+ *p++ = '0';
+ if ((flags & FLAG_ALT) || precision > 0)
+ {
+ *p++ = decimal_point_char ();
+ for (; precision > 0; precision--)
+ *p++ = '0';
+ }
+ *p++ = dp->conversion; /* 'e' or 'E' */
+ *p++ = '+';
+ /* Produce the same number of exponent digits as
+ the native printf implementation. */
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ *p++ = '0';
+# endif
+ *p++ = '0';
+ *p++ = '0';
+ }
+ else if (dp->conversion == 'g' || dp->conversion == 'G')
+ {
+ *p++ = '0';
+ if (flags & FLAG_ALT)
+ {
+ size_t ndigits =
+ (precision > 0 ? precision - 1 : 0);
+ *p++ = decimal_point_char ();
+ for (; ndigits > 0; --ndigits)
+ *p++ = '0';
+ }
+ }
+ else
+ abort ();
+# endif
+ }
+ }
+ }
+# endif
+
+ /* The generated string now extends from tmp to p, with the
+ zero padding insertion point being at pad_ptr. */
+ if (has_width && p - tmp < width)
+ {
+ size_t pad = width - (p - tmp);
+ DCHAR_T *end = p + pad;
+
+ if (flags & FLAG_LEFT)
+ {
+ /* Pad with spaces on the right. */
+ for (; pad > 0; pad--)
+ *p++ = ' ';
+ }
+ else if ((flags & FLAG_ZERO) && pad_ptr != NULL)
+ {
+ /* Pad with zeroes. */
+ DCHAR_T *q = end;
+
+ while (p > pad_ptr)
+ *--q = *--p;
+ for (; pad > 0; pad--)
+ *p++ = '0';
+ }
+ else
+ {
+ /* Pad with spaces on the left. */
+ DCHAR_T *q = end;
+
+ while (p > tmp)
+ *--q = *--p;
+ for (; pad > 0; pad--)
+ *p++ = ' ';
+ }
+
+ p = end;
+ }
+
+ {
+ size_t count = p - tmp;
+
+ if (count >= tmp_length)
+ /* tmp_length was incorrectly calculated - fix the
+ code above! */
+ abort ();
+
+ /* Make room for the result. */
+ if (count >= allocated - length)
+ {
+ size_t n = xsum (length, count);
+
+ ENSURE_ALLOCATION (n);
+ }
+
+ /* Append the result. */
+ memcpy (result + length, tmp, count * sizeof (DCHAR_T));
+ if (tmp != tmpbuf)
+ free (tmp);
+ length += count;
+ }
+ }
+#endif
+ else
+ {
+ arg_type type = a.arg[dp->arg_index].type;
+ int flags = dp->flags;
+#if !USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99 || !DCHAR_IS_TCHAR || ENABLE_UNISTDIO || NEED_PRINTF_FLAG_LEFTADJUST || NEED_PRINTF_FLAG_ZERO || NEED_PRINTF_UNBOUNDED_PRECISION
+ int has_width;
+ size_t width;
+#endif
+#if !USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99 || NEED_PRINTF_UNBOUNDED_PRECISION
+ int has_precision;
+ size_t precision;
+#endif
+#if NEED_PRINTF_UNBOUNDED_PRECISION
+ int prec_ourselves;
+#else
+# define prec_ourselves 0
+#endif
+#if NEED_PRINTF_FLAG_LEFTADJUST
+# define pad_ourselves 1
+#elif !DCHAR_IS_TCHAR || ENABLE_UNISTDIO || NEED_PRINTF_FLAG_ZERO || NEED_PRINTF_UNBOUNDED_PRECISION
+ int pad_ourselves;
+#else
+# define pad_ourselves 0
+#endif
+ TCHAR_T *fbp;
+ unsigned int prefix_count;
+ int prefixes[2] IF_LINT (= { 0 });
+ int orig_errno;
+#if !USE_SNPRINTF
+ size_t tmp_length;
+ TCHAR_T tmpbuf[700];
+ TCHAR_T *tmp;
+#endif
+
+#if !USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99 || !DCHAR_IS_TCHAR || ENABLE_UNISTDIO || NEED_PRINTF_FLAG_LEFTADJUST || NEED_PRINTF_FLAG_ZERO || NEED_PRINTF_UNBOUNDED_PRECISION
+ has_width = 0;
+ width = 0;
+ if (dp->width_start != dp->width_end)
+ {
+ if (dp->width_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->width_arg_index].a.a_int;
+ if (arg < 0)
+ {
+ /* "A negative field width is taken as a '-' flag
+ followed by a positive field width." */
+ flags |= FLAG_LEFT;
+ width = (unsigned int) (-arg);
+ }
+ else
+ width = arg;
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->width_start;
+
+ do
+ width = xsum (xtimes (width, 10), *digitp++ - '0');
+ while (digitp != dp->width_end);
+ }
+ has_width = 1;
+ }
+#endif
+
+#if !USE_SNPRINTF || !HAVE_SNPRINTF_RETVAL_C99 || NEED_PRINTF_UNBOUNDED_PRECISION
+ has_precision = 0;
+ precision = 6;
+ if (dp->precision_start != dp->precision_end)
+ {
+ if (dp->precision_arg_index != ARG_NONE)
+ {
+ int arg;
+
+ if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
+ abort ();
+ arg = a.arg[dp->precision_arg_index].a.a_int;
+ /* "A negative precision is taken as if the precision
+ were omitted." */
+ if (arg >= 0)
+ {
+ precision = arg;
+ has_precision = 1;
+ }
+ }
+ else
+ {
+ const FCHAR_T *digitp = dp->precision_start + 1;
+
+ precision = 0;
+ while (digitp != dp->precision_end)
+ precision = xsum (xtimes (precision, 10), *digitp++ - '0');
+ has_precision = 1;
+ }
+ }
+#endif
+
+ /* Decide whether to handle the precision ourselves. */
+#if NEED_PRINTF_UNBOUNDED_PRECISION
+ switch (dp->conversion)
+ {
+ case 'd': case 'i': case 'u':
+ case 'o':
+ case 'x': case 'X': case 'p':
+ prec_ourselves = has_precision && (precision > 0);
+ break;
+ default:
+ prec_ourselves = 0;
+ break;
+ }
+#endif
+
+ /* Decide whether to perform the padding ourselves. */
+#if !NEED_PRINTF_FLAG_LEFTADJUST && (!DCHAR_IS_TCHAR || ENABLE_UNISTDIO || NEED_PRINTF_FLAG_ZERO || NEED_PRINTF_UNBOUNDED_PRECISION)
+ switch (dp->conversion)
+ {
+# if !DCHAR_IS_TCHAR || ENABLE_UNISTDIO
+ /* If we need conversion from TCHAR_T[] to DCHAR_T[], we need
+ to perform the padding after this conversion. Functions
+ with unistdio extensions perform the padding based on
+ character count rather than element count. */
+ case 'c': case 's':
+# endif
+# if NEED_PRINTF_FLAG_ZERO
+ case 'f': case 'F': case 'e': case 'E': case 'g': case 'G':
+ case 'a': case 'A':
+# endif
+ pad_ourselves = 1;
+ break;
+ default:
+ pad_ourselves = prec_ourselves;
+ break;
+ }
+#endif
+
+#if !USE_SNPRINTF
+ /* Allocate a temporary buffer of sufficient size for calling
+ sprintf. */
+ tmp_length =
+ MAX_ROOM_NEEDED (&a, dp->arg_index, dp->conversion, type,
+ flags, width, has_precision, precision,
+ pad_ourselves);
+
+ if (tmp_length <= sizeof (tmpbuf) / sizeof (TCHAR_T))
+ tmp = tmpbuf;
+ else
+ {
+ size_t tmp_memsize = xtimes (tmp_length, sizeof (TCHAR_T));
+
+ if (size_overflow_p (tmp_memsize))
+ /* Overflow, would lead to out of memory. */
+ goto out_of_memory;
+ tmp = (TCHAR_T *) malloc (tmp_memsize);
+ if (tmp == NULL)
+ /* Out of memory. */
+ goto out_of_memory;
+ }
+#endif
+
+ /* Construct the format string for calling snprintf or
+ sprintf. */
+ fbp = buf;
+ *fbp++ = '%';
+#if NEED_PRINTF_FLAG_GROUPING
+ /* The underlying implementation doesn't support the ' flag.
+ Produce no grouping characters in this case; this is
+ acceptable because the grouping is locale dependent. */
+#else
+ if (flags & FLAG_GROUP)
+ *fbp++ = '\'';
+#endif
+ if (flags & FLAG_LEFT)
+ *fbp++ = '-';
+ if (flags & FLAG_SHOWSIGN)
+ *fbp++ = '+';
+ if (flags & FLAG_SPACE)
+ *fbp++ = ' ';
+ if (flags & FLAG_ALT)
+ *fbp++ = '#';
+#if __GLIBC__ >= 2 && !defined __UCLIBC__
+ if (flags & FLAG_LOCALIZED)
+ *fbp++ = 'I';
+#endif
+ if (!pad_ourselves)
+ {
+ if (flags & FLAG_ZERO)
+ *fbp++ = '0';
+ if (dp->width_start != dp->width_end)
+ {
+ size_t n = dp->width_end - dp->width_start;
+ /* The width specification is known to consist only
+ of standard ASCII characters. */
+ if (sizeof (FCHAR_T) == sizeof (TCHAR_T))
+ {
+ memcpy (fbp, dp->width_start, n * sizeof (TCHAR_T));
+ fbp += n;
+ }
+ else
+ {
+ const FCHAR_T *mp = dp->width_start;
+ do
+ *fbp++ = (unsigned char) *mp++;
+ while (--n > 0);
+ }
+ }
+ }
+ if (!prec_ourselves)
+ {
+ if (dp->precision_start != dp->precision_end)
+ {
+ size_t n = dp->precision_end - dp->precision_start;
+ /* The precision specification is known to consist only
+ of standard ASCII characters. */
+ if (sizeof (FCHAR_T) == sizeof (TCHAR_T))
+ {
+ memcpy (fbp, dp->precision_start, n * sizeof (TCHAR_T));
+ fbp += n;
+ }
+ else
+ {
+ const FCHAR_T *mp = dp->precision_start;
+ do
+ *fbp++ = (unsigned char) *mp++;
+ while (--n > 0);
+ }
+ }
+ }
+
+ switch (type)
+ {
+#if HAVE_LONG_LONG_INT
+ case TYPE_LONGLONGINT:
+ case TYPE_ULONGLONGINT:
+# if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
+ *fbp++ = 'I';
+ *fbp++ = '6';
+ *fbp++ = '4';
+ break;
+# else
+ *fbp++ = 'l';
+ /*FALLTHROUGH*/
+# endif
+#endif
+ case TYPE_LONGINT:
+ case TYPE_ULONGINT:
+#if HAVE_WINT_T
+ case TYPE_WIDE_CHAR:
+#endif
+#if HAVE_WCHAR_T
+ case TYPE_WIDE_STRING:
+#endif
+ *fbp++ = 'l';
+ break;
+ case TYPE_LONGDOUBLE:
+ *fbp++ = 'L';
+ break;
+ default:
+ break;
+ }
+#if NEED_PRINTF_DIRECTIVE_F
+ if (dp->conversion == 'F')
+ *fbp = 'f';
+ else
+#endif
+ *fbp = dp->conversion;
+#if USE_SNPRINTF
+# if !(((__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 3)) && !defined __UCLIBC__) || ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__))
+ fbp[1] = '%';
+ fbp[2] = 'n';
+ fbp[3] = '\0';
+# else
+ /* On glibc2 systems from glibc >= 2.3 - probably also older
+ ones - we know that snprintf's return value conforms to
+ ISO C 99: the tests gl_SNPRINTF_RETVAL_C99 and
+ gl_SNPRINTF_TRUNCATION_C99 pass.
+ Therefore we can avoid using %n in this situation.
+ On glibc2 systems from 2004-10-18 or newer, the use of %n
+ in format strings in writable memory may crash the program
+ (if compiled with _FORTIFY_SOURCE=2), so we should avoid it
+ in this situation. */
+ /* On native Win32 systems (such as mingw), we can avoid using
+ %n because:
+ - Although the gl_SNPRINTF_TRUNCATION_C99 test fails,
+ snprintf does not write more than the specified number
+ of bytes. (snprintf (buf, 3, "%d %d", 4567, 89) writes
+ '4', '5', '6' into buf, not '4', '5', '\0'.)
+ - Although the gl_SNPRINTF_RETVAL_C99 test fails, snprintf
+ allows us to recognize the case of an insufficient
+ buffer size: it returns -1 in this case.
+ On native Win32 systems (such as mingw) where the OS is
+ Windows Vista, the use of %n in format strings by default
+ crashes the program. See
+ <http://gcc.gnu.org/ml/gcc/2007-06/msg00122.html> and
+ <http://msdn2.microsoft.com/en-us/library/ms175782(VS.80).aspx>
+ So we should avoid %n in this situation. */
+ fbp[1] = '\0';
+# endif
+#else
+ fbp[1] = '\0';
+#endif
+
+ /* Construct the arguments for calling snprintf or sprintf. */
+ prefix_count = 0;
+ if (!pad_ourselves && dp->width_arg_index != ARG_NONE)
+ {
+ if (!(a.arg[dp->width_arg_index].type == TYPE_INT))
+ abort ();
+ prefixes[prefix_count++] = a.arg[dp->width_arg_index].a.a_int;
+ }
+ if (!prec_ourselves && dp->precision_arg_index != ARG_NONE)
+ {
+ if (!(a.arg[dp->precision_arg_index].type == TYPE_INT))
+ abort ();
+ prefixes[prefix_count++] = a.arg[dp->precision_arg_index].a.a_int;
+ }
+
+#if USE_SNPRINTF
+ /* The SNPRINTF result is appended after result[0..length].
+ The latter is an array of DCHAR_T; SNPRINTF appends an
+ array of TCHAR_T to it. This is possible because
+ sizeof (TCHAR_T) divides sizeof (DCHAR_T) and
+ alignof (TCHAR_T) <= alignof (DCHAR_T). */
+# define TCHARS_PER_DCHAR (sizeof (DCHAR_T) / sizeof (TCHAR_T))
+ /* Ensure that maxlen below will be >= 2. Needed on BeOS,
+ where an snprintf() with maxlen==1 acts like sprintf(). */
+ ENSURE_ALLOCATION (xsum (length,
+ (2 + TCHARS_PER_DCHAR - 1)
+ / TCHARS_PER_DCHAR));
+ /* Prepare checking whether snprintf returns the count
+ via %n. */
+ *(TCHAR_T *) (result + length) = '\0';
+#endif
+
+ orig_errno = errno;
+
+ for (;;)
+ {
+ int count = -1;
+
+#if USE_SNPRINTF
+ int retcount = 0;
+ size_t maxlen = allocated - length;
+ /* SNPRINTF can fail if its second argument is
+ > INT_MAX. */
+ if (maxlen > INT_MAX / TCHARS_PER_DCHAR)
+ maxlen = INT_MAX / TCHARS_PER_DCHAR;
+ maxlen = maxlen * TCHARS_PER_DCHAR;
+# define SNPRINTF_BUF(arg) \
+ switch (prefix_count) \
+ { \
+ case 0: \
+ retcount = SNPRINTF ((TCHAR_T *) (result + length), \
+ maxlen, buf, \
+ arg, &count); \
+ break; \
+ case 1: \
+ retcount = SNPRINTF ((TCHAR_T *) (result + length), \
+ maxlen, buf, \
+ prefixes[0], arg, &count); \
+ break; \
+ case 2: \
+ retcount = SNPRINTF ((TCHAR_T *) (result + length), \
+ maxlen, buf, \
+ prefixes[0], prefixes[1], arg, \
+ &count); \
+ break; \
+ default: \
+ abort (); \
+ }
+#else
+# define SNPRINTF_BUF(arg) \
+ switch (prefix_count) \
+ { \
+ case 0: \
+ count = sprintf (tmp, buf, arg); \
+ break; \
+ case 1: \
+ count = sprintf (tmp, buf, prefixes[0], arg); \
+ break; \
+ case 2: \
+ count = sprintf (tmp, buf, prefixes[0], prefixes[1],\
+ arg); \
+ break; \
+ default: \
+ abort (); \
+ }
+#endif
+
+ errno = 0;
+ switch (type)
+ {
+ case TYPE_SCHAR:
+ {
+ int arg = a.arg[dp->arg_index].a.a_schar;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_UCHAR:
+ {
+ unsigned int arg = a.arg[dp->arg_index].a.a_uchar;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_SHORT:
+ {
+ int arg = a.arg[dp->arg_index].a.a_short;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_USHORT:
+ {
+ unsigned int arg = a.arg[dp->arg_index].a.a_ushort;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_INT:
+ {
+ int arg = a.arg[dp->arg_index].a.a_int;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_UINT:
+ {
+ unsigned int arg = a.arg[dp->arg_index].a.a_uint;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_LONGINT:
+ {
+ long int arg = a.arg[dp->arg_index].a.a_longint;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_ULONGINT:
+ {
+ unsigned long int arg = a.arg[dp->arg_index].a.a_ulongint;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+#if HAVE_LONG_LONG_INT
+ case TYPE_LONGLONGINT:
+ {
+ long long int arg = a.arg[dp->arg_index].a.a_longlongint;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_ULONGLONGINT:
+ {
+ unsigned long long int arg = a.arg[dp->arg_index].a.a_ulonglongint;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+#endif
+ case TYPE_DOUBLE:
+ {
+ double arg = a.arg[dp->arg_index].a.a_double;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_LONGDOUBLE:
+ {
+ long double arg = a.arg[dp->arg_index].a.a_longdouble;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ case TYPE_CHAR:
+ {
+ int arg = a.arg[dp->arg_index].a.a_char;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+#if HAVE_WINT_T
+ case TYPE_WIDE_CHAR:
+ {
+ wint_t arg = a.arg[dp->arg_index].a.a_wide_char;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+#endif
+ case TYPE_STRING:
+ {
+ const char *arg = a.arg[dp->arg_index].a.a_string;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+#if HAVE_WCHAR_T
+ case TYPE_WIDE_STRING:
+ {
+ const wchar_t *arg = a.arg[dp->arg_index].a.a_wide_string;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+#endif
+ case TYPE_POINTER:
+ {
+ void *arg = a.arg[dp->arg_index].a.a_pointer;
+ SNPRINTF_BUF (arg);
+ }
+ break;
+ default:
+ abort ();
+ }
+
+#if USE_SNPRINTF
+ /* Portability: Not all implementations of snprintf()
+ are ISO C 99 compliant. Determine the number of
+ bytes that snprintf() has produced or would have
+ produced. */
+ if (count >= 0)
+ {
+ /* Verify that snprintf() has NUL-terminated its
+ result. */
+ if (count < maxlen
+ && ((TCHAR_T *) (result + length)) [count] != '\0')
+ abort ();
+ /* Portability hack. */
+ if (retcount > count)
+ count = retcount;
+ }
+ else
+ {
+ /* snprintf() doesn't understand the '%n'
+ directive. */
+ if (fbp[1] != '\0')
+ {
+ /* Don't use the '%n' directive; instead, look
+ at the snprintf() return value. */
+ fbp[1] = '\0';
+ continue;
+ }
+ else
+ {
+ /* Look at the snprintf() return value. */
+ if (retcount < 0)
+ {
+# if !HAVE_SNPRINTF_RETVAL_C99
+ /* HP-UX 10.20 snprintf() is doubly deficient:
+ It doesn't understand the '%n' directive,
+ *and* it returns -1 (rather than the length
+ that would have been required) when the
+ buffer is too small.
+ But a failure at this point can also come
+ from other reasons than a too small buffer,
+ such as an invalid wide string argument to
+ the %ls directive, or possibly an invalid
+ floating-point argument. */
+ size_t tmp_length =
+ MAX_ROOM_NEEDED (&a, dp->arg_index,
+ dp->conversion, type, flags,
+ width, has_precision,
+ precision, pad_ourselves);
+
+ if (maxlen < tmp_length)
+ {
+ /* Make more room. But try to do through
+ this reallocation only once. */
+ size_t bigger_need =
+ xsum (length,
+ xsum (tmp_length,
+ TCHARS_PER_DCHAR - 1)
+ / TCHARS_PER_DCHAR);
+ /* And always grow proportionally.
+ (There may be several arguments, each
+ needing a little more room than the
+ previous one.) */
+ size_t bigger_need2 =
+ xsum (xtimes (allocated, 2), 12);
+ if (bigger_need < bigger_need2)
+ bigger_need = bigger_need2;
+ ENSURE_ALLOCATION (bigger_need);
+ continue;
+ }
+# endif
+ }
+ else
+ count = retcount;
+ }
+ }
+#endif
+
+ /* Attempt to handle failure. */
+ if (count < 0)
+ {
+ /* SNPRINTF or sprintf failed. Save and use the errno
+ that it has set, if any. */
+ int saved_errno = errno;
+
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno =
+ (saved_errno != 0
+ ? saved_errno
+ : (dp->conversion == 'c' || dp->conversion == 's'
+ ? EILSEQ
+ : EINVAL));
+ return NULL;
+ }
+
+#if USE_SNPRINTF
+ /* Handle overflow of the allocated buffer.
+ If such an overflow occurs, a C99 compliant snprintf()
+ returns a count >= maxlen. However, a non-compliant
+ snprintf() function returns only count = maxlen - 1. To
+ cover both cases, test whether count >= maxlen - 1. */
+ if ((unsigned int) count + 1 >= maxlen)
+ {
+ /* If maxlen already has attained its allowed maximum,
+ allocating more memory will not increase maxlen.
+ Instead of looping, bail out. */
+ if (maxlen == INT_MAX / TCHARS_PER_DCHAR)
+ goto overflow;
+ else
+ {
+ /* Need at least (count + 1) * sizeof (TCHAR_T)
+ bytes. (The +1 is for the trailing NUL.)
+ But ask for (count + 2) * sizeof (TCHAR_T)
+ bytes, so that in the next round, we likely get
+ maxlen > (unsigned int) count + 1
+ and so we don't get here again.
+ And allocate proportionally, to avoid looping
+ eternally if snprintf() reports a too small
+ count. */
+ size_t n =
+ xmax (xsum (length,
+ ((unsigned int) count + 2
+ + TCHARS_PER_DCHAR - 1)
+ / TCHARS_PER_DCHAR),
+ xtimes (allocated, 2));
+
+ ENSURE_ALLOCATION (n);
+ continue;
+ }
+ }
+#endif
+
+#if NEED_PRINTF_UNBOUNDED_PRECISION
+ if (prec_ourselves)
+ {
+ /* Handle the precision. */
+ TCHAR_T *prec_ptr =
+# if USE_SNPRINTF
+ (TCHAR_T *) (result + length);
+# else
+ tmp;
+# endif
+ size_t prefix_count;
+ size_t move;
+
+ prefix_count = 0;
+ /* Put the additional zeroes after the sign. */
+ if (count >= 1
+ && (*prec_ptr == '-' || *prec_ptr == '+'
+ || *prec_ptr == ' '))
+ prefix_count = 1;
+ /* Put the additional zeroes after the 0x prefix if
+ (flags & FLAG_ALT) || (dp->conversion == 'p'). */
+ else if (count >= 2
+ && prec_ptr[0] == '0'
+ && (prec_ptr[1] == 'x' || prec_ptr[1] == 'X'))
+ prefix_count = 2;
+
+ move = count - prefix_count;
+ if (precision > move)
+ {
+ /* Insert zeroes. */
+ size_t insert = precision - move;
+ TCHAR_T *prec_end;
+
+# if USE_SNPRINTF
+ size_t n =
+ xsum (length,
+ (count + insert + TCHARS_PER_DCHAR - 1)
+ / TCHARS_PER_DCHAR);
+ length += (count + TCHARS_PER_DCHAR - 1) / TCHARS_PER_DCHAR;
+ ENSURE_ALLOCATION (n);
+ length -= (count + TCHARS_PER_DCHAR - 1) / TCHARS_PER_DCHAR;
+ prec_ptr = (TCHAR_T *) (result + length);
+# endif
+
+ prec_end = prec_ptr + count;
+ prec_ptr += prefix_count;
+
+ while (prec_end > prec_ptr)
+ {
+ prec_end--;
+ prec_end[insert] = prec_end[0];
+ }
+
+ prec_end += insert;
+ do
+ *--prec_end = '0';
+ while (prec_end > prec_ptr);
+
+ count += insert;
+ }
+ }
+#endif
+
+#if !USE_SNPRINTF
+ if (count >= tmp_length)
+ /* tmp_length was incorrectly calculated - fix the
+ code above! */
+ abort ();
+#endif
+
+#if !DCHAR_IS_TCHAR
+ /* Convert from TCHAR_T[] to DCHAR_T[]. */
+ if (dp->conversion == 'c' || dp->conversion == 's')
+ {
+ /* type = TYPE_CHAR or TYPE_WIDE_CHAR or TYPE_STRING
+ TYPE_WIDE_STRING.
+ The result string is not certainly ASCII. */
+ const TCHAR_T *tmpsrc;
+ DCHAR_T *tmpdst;
+ size_t tmpdst_len;
+ /* This code assumes that TCHAR_T is 'char'. */
+ verify (sizeof (TCHAR_T) == 1);
+# if USE_SNPRINTF
+ tmpsrc = (TCHAR_T *) (result + length);
+# else
+ tmpsrc = tmp;
+# endif
+ tmpdst =
+ DCHAR_CONV_FROM_ENCODING (locale_charset (),
+ iconveh_question_mark,
+ tmpsrc, count,
+ NULL,
+ NULL, &tmpdst_len);
+ if (tmpdst == NULL)
+ {
+ int saved_errno = errno;
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = saved_errno;
+ return NULL;
+ }
+ ENSURE_ALLOCATION (xsum (length, tmpdst_len));
+ DCHAR_CPY (result + length, tmpdst, tmpdst_len);
+ free (tmpdst);
+ count = tmpdst_len;
+ }
+ else
+ {
+ /* The result string is ASCII.
+ Simple 1:1 conversion. */
+# if USE_SNPRINTF
+ /* If sizeof (DCHAR_T) == sizeof (TCHAR_T), it's a
+ no-op conversion, in-place on the array starting
+ at (result + length). */
+ if (sizeof (DCHAR_T) != sizeof (TCHAR_T))
+# endif
+ {
+ const TCHAR_T *tmpsrc;
+ DCHAR_T *tmpdst;
+ size_t n;
+
+# if USE_SNPRINTF
+ if (result == resultbuf)
+ {
+ tmpsrc = (TCHAR_T *) (result + length);
+ /* ENSURE_ALLOCATION will not move tmpsrc
+ (because it's part of resultbuf). */
+ ENSURE_ALLOCATION (xsum (length, count));
+ }
+ else
+ {
+ /* ENSURE_ALLOCATION will move the array
+ (because it uses realloc(). */
+ ENSURE_ALLOCATION (xsum (length, count));
+ tmpsrc = (TCHAR_T *) (result + length);
+ }
+# else
+ tmpsrc = tmp;
+ ENSURE_ALLOCATION (xsum (length, count));
+# endif
+ tmpdst = result + length;
+ /* Copy backwards, because of overlapping. */
+ tmpsrc += count;
+ tmpdst += count;
+ for (n = count; n > 0; n--)
+ *--tmpdst = (unsigned char) *--tmpsrc;
+ }
+ }
+#endif
+
+#if DCHAR_IS_TCHAR && !USE_SNPRINTF
+ /* Make room for the result. */
+ if (count > allocated - length)
+ {
+ /* Need at least count elements. But allocate
+ proportionally. */
+ size_t n =
+ xmax (xsum (length, count), xtimes (allocated, 2));
+
+ ENSURE_ALLOCATION (n);
+ }
+#endif
+
+ /* Here count <= allocated - length. */
+
+ /* Perform padding. */
+#if !DCHAR_IS_TCHAR || ENABLE_UNISTDIO || NEED_PRINTF_FLAG_LEFTADJUST || NEED_PRINTF_FLAG_ZERO || NEED_PRINTF_UNBOUNDED_PRECISION
+ if (pad_ourselves && has_width)
+ {
+ size_t w;
+# if ENABLE_UNISTDIO
+ /* Outside POSIX, it's preferrable to compare the width
+ against the number of _characters_ of the converted
+ value. */
+ w = DCHAR_MBSNLEN (result + length, count);
+# else
+ /* The width is compared against the number of _bytes_
+ of the converted value, says POSIX. */
+ w = count;
+# endif
+ if (w < width)
+ {
+ size_t pad = width - w;
+
+ /* Make room for the result. */
+ if (xsum (count, pad) > allocated - length)
+ {
+ /* Need at least count + pad elements. But
+ allocate proportionally. */
+ size_t n =
+ xmax (xsum3 (length, count, pad),
+ xtimes (allocated, 2));
+
+# if USE_SNPRINTF
+ length += count;
+ ENSURE_ALLOCATION (n);
+ length -= count;
+# else
+ ENSURE_ALLOCATION (n);
+# endif
+ }
+ /* Here count + pad <= allocated - length. */
+
+ {
+# if !DCHAR_IS_TCHAR || USE_SNPRINTF
+ DCHAR_T * const rp = result + length;
+# else
+ DCHAR_T * const rp = tmp;
+# endif
+ DCHAR_T *p = rp + count;
+ DCHAR_T *end = p + pad;
+ DCHAR_T *pad_ptr;
+# if !DCHAR_IS_TCHAR || ENABLE_UNISTDIO
+ if (dp->conversion == 'c'
+ || dp->conversion == 's')
+ /* No zero-padding for string directives. */
+ pad_ptr = NULL;
+ else
+# endif
+ {
+ pad_ptr = (*rp == '-' ? rp + 1 : rp);
+ /* No zero-padding of "inf" and "nan". */
+ if ((*pad_ptr >= 'A' && *pad_ptr <= 'Z')
+ || (*pad_ptr >= 'a' && *pad_ptr <= 'z'))
+ pad_ptr = NULL;
+ }
+ /* The generated string now extends from rp to p,
+ with the zero padding insertion point being at
+ pad_ptr. */
+
+ count = count + pad; /* = end - rp */
+
+ if (flags & FLAG_LEFT)
+ {
+ /* Pad with spaces on the right. */
+ for (; pad > 0; pad--)
+ *p++ = ' ';
+ }
+ else if ((flags & FLAG_ZERO) && pad_ptr != NULL)
+ {
+ /* Pad with zeroes. */
+ DCHAR_T *q = end;
+
+ while (p > pad_ptr)
+ *--q = *--p;
+ for (; pad > 0; pad--)
+ *p++ = '0';
+ }
+ else
+ {
+ /* Pad with spaces on the left. */
+ DCHAR_T *q = end;
+
+ while (p > rp)
+ *--q = *--p;
+ for (; pad > 0; pad--)
+ *p++ = ' ';
+ }
+ }
+ }
+ }
+#endif
+
+ /* Here still count <= allocated - length. */
+
+#if !DCHAR_IS_TCHAR || USE_SNPRINTF
+ /* The snprintf() result did fit. */
+#else
+ /* Append the sprintf() result. */
+ memcpy (result + length, tmp, count * sizeof (DCHAR_T));
+#endif
+#if !USE_SNPRINTF
+ if (tmp != tmpbuf)
+ free (tmp);
+#endif
+
+#if NEED_PRINTF_DIRECTIVE_F
+ if (dp->conversion == 'F')
+ {
+ /* Convert the %f result to upper case for %F. */
+ DCHAR_T *rp = result + length;
+ size_t rc;
+ for (rc = count; rc > 0; rc--, rp++)
+ if (*rp >= 'a' && *rp <= 'z')
+ *rp = *rp - 'a' + 'A';
+ }
+#endif
+
+ length += count;
+ break;
+ }
+ errno = orig_errno;
+#undef pad_ourselves
+#undef prec_ourselves
+ }
+ }
+ }
+
+ /* Add the final NUL. */
+ ENSURE_ALLOCATION (xsum (length, 1));
+ result[length] = '\0';
+
+ if (result != resultbuf && length + 1 < allocated)
+ {
+ /* Shrink the allocated memory if possible. */
+ DCHAR_T *memory;
+
+ memory = (DCHAR_T *) realloc (result, (length + 1) * sizeof (DCHAR_T));
+ if (memory != NULL)
+ result = memory;
+ }
+
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ *lengthp = length;
+ /* Note that we can produce a big string of a length > INT_MAX. POSIX
+ says that snprintf() fails with errno = EOVERFLOW in this case, but
+ that's only because snprintf() returns an 'int'. This function does
+ not have this limitation. */
+ return result;
+
+#if USE_SNPRINTF
+ overflow:
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ CLEANUP ();
+ errno = EOVERFLOW;
+ return NULL;
+#endif
+
+ out_of_memory:
+ if (!(result == resultbuf || result == NULL))
+ free (result);
+ if (buf_malloced != NULL)
+ free (buf_malloced);
+ out_of_memory_1:
+ CLEANUP ();
+ errno = ENOMEM;
+ return NULL;
+ }
+}
+
+#undef MAX_ROOM_NEEDED
+#undef TCHARS_PER_DCHAR
+#undef SNPRINTF
+#undef USE_SNPRINTF
+#undef DCHAR_SET
+#undef DCHAR_CPY
+#undef PRINTF_PARSE
+#undef DIRECTIVES
+#undef DIRECTIVE
+#undef DCHAR_IS_TCHAR
+#undef TCHAR_T
+#undef DCHAR_T
+#undef FCHAR_T
+#undef VASNPRINTF
--- /dev/null
+/* vsprintf with automatic memory allocation.
+ Copyright (C) 2002-2004, 2007-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _VASNPRINTF_H
+#define _VASNPRINTF_H
+
+/* Get va_list. */
+#include <stdarg.h>
+
+/* Get size_t. */
+#include <stddef.h>
+
+/* The __attribute__ feature is available in gcc versions 2.5 and later.
+ The __-protected variants of the attributes 'format' and 'printf' are
+ accepted by gcc versions 2.6.4 (effectively 2.7) and later.
+ We enable _GL_ATTRIBUTE_FORMAT only if these are supported too, because
+ gnulib and libintl do '#define printf __printf__' when they override
+ the 'printf' function. */
+#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7)
+# define _GL_ATTRIBUTE_FORMAT(spec) __attribute__ ((__format__ spec))
+#else
+# define _GL_ATTRIBUTE_FORMAT(spec) /* empty */
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Write formatted output to a string dynamically allocated with malloc().
+ You can pass a preallocated buffer for the result in RESULTBUF and its
+ size in *LENGTHP; otherwise you pass RESULTBUF = NULL.
+ If successful, return the address of the string (this may be = RESULTBUF
+ if no dynamic memory allocation was necessary) and set *LENGTHP to the
+ number of resulting bytes, excluding the trailing NUL. Upon error, set
+ errno and return NULL.
+
+ When dynamic memory allocation occurs, the preallocated buffer is left
+ alone (with possibly modified contents). This makes it possible to use
+ a statically allocated or stack-allocated buffer, like this:
+
+ char buf[100];
+ size_t len = sizeof (buf);
+ char *output = vasnprintf (buf, &len, format, args);
+ if (output == NULL)
+ ... error handling ...;
+ else
+ {
+ ... use the output string ...;
+ if (output != buf)
+ free (output);
+ }
+ */
+#if REPLACE_VASNPRINTF
+# define asnprintf rpl_asnprintf
+# define vasnprintf rpl_vasnprintf
+#endif
+extern char * asnprintf (char *resultbuf, size_t *lengthp, const char *format, ...)
+ _GL_ATTRIBUTE_FORMAT ((__printf__, 3, 4));
+extern char * vasnprintf (char *resultbuf, size_t *lengthp, const char *format, va_list args)
+ _GL_ATTRIBUTE_FORMAT ((__printf__, 3, 0));
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _VASNPRINTF_H */
--- /dev/null
+/* Formatted output to strings.
+ Copyright (C) 1999, 2002, 2006-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#include <config.h>
+
+/* Specification. */
+#ifdef IN_LIBASPRINTF
+# include "vasprintf.h"
+#else
+# include <stdio.h>
+#endif
+
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+
+#include "vasnprintf.h"
+
+int
+vasprintf (char **resultp, const char *format, va_list args)
+{
+ size_t length;
+ char *result = vasnprintf (NULL, &length, format, args);
+ if (result == NULL)
+ return -1;
+
+ if (length > INT_MAX)
+ {
+ free (result);
+ errno = EOVERFLOW;
+ return -1;
+ }
+
+ *resultp = result;
+ /* Return the number of resulting bytes, excluding the trailing NUL. */
+ return length;
+}
--- /dev/null
+/* Compile-time assert-like macros.
+
+ Copyright (C) 2005-2006, 2009-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Paul Eggert, Bruno Haible, and Jim Meyering. */
+
+#ifndef VERIFY_H
+# define VERIFY_H 1
+
+/* Each of these macros verifies that its argument R is nonzero. To
+ be portable, R should be an integer constant expression. Unlike
+ assert (R), there is no run-time overhead.
+
+ There are two macros, since no single macro can be used in all
+ contexts in C. verify_true (R) is for scalar contexts, including
+ integer constant expression contexts. verify (R) is for declaration
+ contexts, e.g., the top level.
+
+ Symbols ending in "__" are private to this header.
+
+ The code below uses several ideas.
+
+ * The first step is ((R) ? 1 : -1). Given an expression R, of
+ integral or boolean or floating-point type, this yields an
+ expression of integral type, whose value is later verified to be
+ constant and nonnegative.
+
+ * Next this expression W is wrapped in a type
+ struct verify_type__ { unsigned int verify_error_if_negative_size__: W; }.
+ If W is negative, this yields a compile-time error. No compiler can
+ deal with a bit-field of negative size.
+
+ One might think that an array size check would have the same
+ effect, that is, that the type struct { unsigned int dummy[W]; }
+ would work as well. However, inside a function, some compilers
+ (such as C++ compilers and GNU C) allow local parameters and
+ variables inside array size expressions. With these compilers,
+ an array size check would not properly diagnose this misuse of
+ the verify macro:
+
+ void function (int n) { verify (n < 0); }
+
+ * For the verify macro, the struct verify_type__ will need to
+ somehow be embedded into a declaration. To be portable, this
+ declaration must declare an object, a constant, a function, or a
+ typedef name. If the declared entity uses the type directly,
+ such as in
+
+ struct dummy {...};
+ typedef struct {...} dummy;
+ extern struct {...} *dummy;
+ extern void dummy (struct {...} *);
+ extern struct {...} *dummy (void);
+
+ two uses of the verify macro would yield colliding declarations
+ if the entity names are not disambiguated. A workaround is to
+ attach the current line number to the entity name:
+
+ #define _GL_CONCAT0(x, y) x##y
+ #define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
+ extern struct {...} * _GL_CONCAT (dummy, __LINE__);
+
+ But this has the problem that two invocations of verify from
+ within the same macro would collide, since the __LINE__ value
+ would be the same for both invocations. (The GCC __COUNTER__
+ macro solves this problem, but is not portable.)
+
+ A solution is to use the sizeof operator. It yields a number,
+ getting rid of the identity of the type. Declarations like
+
+ extern int dummy [sizeof (struct {...})];
+ extern void dummy (int [sizeof (struct {...})]);
+ extern int (*dummy (void)) [sizeof (struct {...})];
+
+ can be repeated.
+
+ * Should the implementation use a named struct or an unnamed struct?
+ Which of the following alternatives can be used?
+
+ extern int dummy [sizeof (struct {...})];
+ extern int dummy [sizeof (struct verify_type__ {...})];
+ extern void dummy (int [sizeof (struct {...})]);
+ extern void dummy (int [sizeof (struct verify_type__ {...})]);
+ extern int (*dummy (void)) [sizeof (struct {...})];
+ extern int (*dummy (void)) [sizeof (struct verify_type__ {...})];
+
+ In the second and sixth case, the struct type is exported to the
+ outer scope; two such declarations therefore collide. GCC warns
+ about the first, third, and fourth cases. So the only remaining
+ possibility is the fifth case:
+
+ extern int (*dummy (void)) [sizeof (struct {...})];
+
+ * GCC warns about duplicate declarations of the dummy function if
+ -Wredundant_decls is used. GCC 4.3 and later have a builtin
+ __COUNTER__ macro that can let us generate unique identifiers for
+ each dummy function, to suppress this warning.
+
+ * This implementation exploits the fact that GCC does not warn about
+ the last declaration mentioned above. If a future version of GCC
+ introduces a warning for this, the problem could be worked around
+ by using code specialized to GCC, just as __COUNTER__ is already
+ being used if available.
+
+ #if 4 <= __GNUC__
+ # define verify(R) [another version to keep GCC happy]
+ #endif
+
+ * In C++, any struct definition inside sizeof is invalid.
+ Use a template type to work around the problem. */
+
+/* Concatenate two preprocessor tokens. */
+# define _GL_CONCAT(x, y) _GL_CONCAT0 (x, y)
+# define _GL_CONCAT0(x, y) x##y
+
+/* _GL_COUNTER is an integer, preferably one that changes each time we
+ use it. Use __COUNTER__ if it works, falling back on __LINE__
+ otherwise. __LINE__ isn't perfect, but it's better than a
+ constant. */
+# if defined __COUNTER__ && __COUNTER__ != __COUNTER__
+# define _GL_COUNTER __COUNTER__
+# else
+# define _GL_COUNTER __LINE__
+# endif
+
+/* Generate a symbol with the given prefix, making it unique if
+ possible. */
+# define _GL_GENSYM(prefix) _GL_CONCAT (prefix, _GL_COUNTER)
+
+/* Verify requirement R at compile-time, as an integer constant expression.
+ Return 1. */
+
+# ifdef __cplusplus
+template <int w>
+ struct verify_type__ { unsigned int verify_error_if_negative_size__: w; };
+# define verify_true(R) \
+ (!!sizeof (verify_type__<(R) ? 1 : -1>))
+# else
+# define verify_true(R) \
+ (!!sizeof \
+ (struct { unsigned int verify_error_if_negative_size__: (R) ? 1 : -1; }))
+# endif
+
+/* Verify requirement R at compile-time, as a declaration without a
+ trailing ';'. */
+
+# define verify(R) \
+ extern int (* _GL_GENSYM (verify_function) (void)) [verify_true (R)]
+
+#endif
--- /dev/null
+/* Formatted output to strings.
+ Copyright (C) 2004, 2006-2011 Free Software Foundation, Inc.
+ Written by Simon Josefsson and Yoann Vandoorselaere <yoann@prelude-ids.org>.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License along
+ with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+/* Specification. */
+#include <stdio.h>
+
+#include <errno.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "vasnprintf.h"
+
+/* Print formatted output to string STR. Similar to vsprintf, but
+ additional length SIZE limit how much is written into STR. Returns
+ string length of formatted string (which may be larger than SIZE).
+ STR may be NULL, in which case nothing will be written. On error,
+ return a negative value. */
+int
+vsnprintf (char *str, size_t size, const char *format, va_list args)
+{
+ char *output;
+ size_t len;
+ size_t lenbuf = size;
+
+ output = vasnprintf (str, &lenbuf, format, args);
+ len = lenbuf;
+
+ if (!output)
+ return -1;
+
+ if (output != str)
+ {
+ if (size)
+ {
+ size_t pruned_len = (len < size ? len : size - 1);
+ memcpy (str, output, pruned_len);
+ str[pruned_len] = '\0';
+ }
+
+ free (output);
+ }
+
+ if (len > INT_MAX)
+ {
+ errno = EOVERFLOW;
+ return -1;
+ }
+
+ return len;
+}
--- /dev/null
+/* w32sock.h --- internal auxilliary functions for Windows socket functions
+
+ Copyright (C) 2008-2011 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Paolo Bonzini */
+
+#include <errno.h>
+
+/* Get O_RDWR and O_BINARY. */
+#include <fcntl.h>
+
+/* Get _get_osfhandle() and _open_osfhandle(). */
+#include <io.h>
+
+#define FD_TO_SOCKET(fd) ((SOCKET) _get_osfhandle ((fd)))
+#define SOCKET_TO_FD(fh) (_open_osfhandle ((long) (fh), O_RDWR | O_BINARY))
+
+static inline void
+set_winsock_errno (void)
+{
+ int err = WSAGetLastError ();
+
+ /* Map some WSAE* errors to the runtime library's error codes. */
+ switch (err)
+ {
+ case WSA_INVALID_HANDLE:
+ errno = EBADF;
+ break;
+ case WSA_NOT_ENOUGH_MEMORY:
+ errno = ENOMEM;
+ break;
+ case WSA_INVALID_PARAMETER:
+ errno = EINVAL;
+ break;
+ case WSAEWOULDBLOCK:
+ errno = EWOULDBLOCK;
+ break;
+ case WSAENAMETOOLONG:
+ errno = ENAMETOOLONG;
+ break;
+ case WSAENOTEMPTY:
+ errno = ENOTEMPTY;
+ break;
+ default:
+ errno = (err > 10000 && err < 10025) ? err - 10000 : err;
+ break;
+ }
+}
--- /dev/null
+/* xsize.h -- Checked size_t computations.
+
+ Copyright (C) 2003, 2008-2011 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+#ifndef _XSIZE_H
+#define _XSIZE_H
+
+/* Get size_t. */
+#include <stddef.h>
+
+/* Get SIZE_MAX. */
+#include <limits.h>
+#if HAVE_STDINT_H
+# include <stdint.h>
+#endif
+
+/* The size of memory objects is often computed through expressions of
+ type size_t. Example:
+ void* p = malloc (header_size + n * element_size).
+ These computations can lead to overflow. When this happens, malloc()
+ returns a piece of memory that is way too small, and the program then
+ crashes while attempting to fill the memory.
+ To avoid this, the functions and macros in this file check for overflow.
+ The convention is that SIZE_MAX represents overflow.
+ malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc
+ implementation that uses mmap --, it's recommended to use size_overflow_p()
+ or size_in_bounds_p() before invoking malloc().
+ The example thus becomes:
+ size_t size = xsum (header_size, xtimes (n, element_size));
+ void *p = (size_in_bounds_p (size) ? malloc (size) : NULL);
+*/
+
+/* Convert an arbitrary value >= 0 to type size_t. */
+#define xcast_size_t(N) \
+ ((N) <= SIZE_MAX ? (size_t) (N) : SIZE_MAX)
+
+/* Sum of two sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xsum (size_t size1, size_t size2)
+{
+ size_t sum = size1 + size2;
+ return (sum >= size1 ? sum : SIZE_MAX);
+}
+
+/* Sum of three sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xsum3 (size_t size1, size_t size2, size_t size3)
+{
+ return xsum (xsum (size1, size2), size3);
+}
+
+/* Sum of four sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
+{
+ return xsum (xsum (xsum (size1, size2), size3), size4);
+}
+
+/* Maximum of two sizes, with overflow check. */
+static inline size_t
+#if __GNUC__ >= 3
+__attribute__ ((__pure__))
+#endif
+xmax (size_t size1, size_t size2)
+{
+ /* No explicit check is needed here, because for any n:
+ max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX. */
+ return (size1 >= size2 ? size1 : size2);
+}
+
+/* Multiplication of a count with an element size, with overflow check.
+ The count must be >= 0 and the element size must be > 0.
+ This is a macro, not an inline function, so that it works correctly even
+ when N is of a wider type and N > SIZE_MAX. */
+#define xtimes(N, ELSIZE) \
+ ((N) <= SIZE_MAX / (ELSIZE) ? (size_t) (N) * (ELSIZE) : SIZE_MAX)
+
+/* Check for overflow. */
+#define size_overflow_p(SIZE) \
+ ((SIZE) == SIZE_MAX)
+/* Check against overflow. */
+#define size_in_bounds_p(SIZE) \
+ ((SIZE) != SIZE_MAX)
+
+#endif /* _XSIZE_H */
--- /dev/null
+GNUTLS { }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- This file contains parts of PKCS-1 structures and some stuff
+-- required for DSA keys.
+
+RSAPublicKey ::= SEQUENCE {
+ modulus INTEGER, -- n
+ publicExponent INTEGER -- e
+}
+
+--
+-- Representation of RSA private key with information for the
+-- CRT algorithm.
+--
+RSAPrivateKey ::= SEQUENCE {
+ version Version,
+ modulus INTEGER, -- (Usually large) n
+ publicExponent INTEGER, -- (Usually small) e
+ privateExponent INTEGER, -- (Usually large) d
+ prime1 INTEGER, -- (Usually large) p
+ prime2 INTEGER, -- (Usually large) q
+ exponent1 INTEGER, -- (Usually large) d mod (p-1)
+ exponent2 INTEGER, -- (Usually large) d mod (q-1)
+ coefficient INTEGER, -- (Usually large) (inverse of q) mod p
+ otherPrimeInfos OtherPrimeInfos OPTIONAL
+}
+
+Version ::= INTEGER { two-prime(0), multi(1) }
+-- (CONSTRAINED BY { version must be multi if otherPrimeInfos present }) --
+
+OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo
+
+OtherPrimeInfo ::= SEQUENCE {
+ prime INTEGER, -- ri
+ exponent INTEGER, -- di
+ coefficient INTEGER -- ti
+}
+
+-- for signature calculation
+-- added by nmav
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL
+}
+ -- contains a value of the type
+ -- registered for use with the
+ -- algorithm object identifier value
+
+DigestInfo ::= SEQUENCE {
+ digestAlgorithm DigestAlgorithmIdentifier,
+ digest Digest
+}
+
+DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+Digest ::= OCTET STRING
+
+DSAPublicKey ::= INTEGER
+
+DSAParameters ::= SEQUENCE {
+ p INTEGER,
+ q INTEGER,
+ g INTEGER
+}
+
+DSASignatureValue ::= SEQUENCE {
+ r INTEGER,
+ s INTEGER
+}
+
+DSAPrivateKey ::= SEQUENCE {
+ version INTEGER, -- should be zero
+ p INTEGER,
+ q INTEGER,
+ g INTEGER,
+ Y INTEGER, -- public
+ priv INTEGER
+}
+
+-- from PKCS#3
+DHParameter ::= SEQUENCE {
+ prime INTEGER, -- p
+ base INTEGER, -- g
+ privateValueLength INTEGER OPTIONAL
+}
+
+
+END
--- /dev/null
+# Process this file with autoconf to produce a pkg-config metadata file.
+
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved. This file is offered as-is,
+# without any warranty.
+
+# Author: Simon Josefsson
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: GnuTLS
+Description: Transport Security Layer implementation for the GNU system
+URL: http://www.gnu.org/software/gnutls/
+Version: @VERSION@
+Libs: -L${libdir} -lgnutls
+Libs.private: @LTLIBPAKCHOIS@ @LTLIBGCRYPT@ @NETTLE_LIBS@
+@GNUTLS_REQUIRES_PRIVATE@
+Cflags: -I${includedir}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_record.h>
+#include <debug.h>
+
+/* I18n of error codes. */
+#include "gettext.h"
+#define _(String) dgettext (PACKAGE, String)
+#define N_(String) gettext_noop (String)
+
+typedef struct
+{
+ gnutls_alert_description_t alert;
+ const char *desc;
+} gnutls_alert_entry;
+
+static const gnutls_alert_entry sup_alerts[] = {
+ {GNUTLS_A_CLOSE_NOTIFY, N_("Close notify")},
+ {GNUTLS_A_UNEXPECTED_MESSAGE, N_("Unexpected message")},
+ {GNUTLS_A_BAD_RECORD_MAC, N_("Bad record MAC")},
+ {GNUTLS_A_DECRYPTION_FAILED, N_("Decryption failed")},
+ {GNUTLS_A_RECORD_OVERFLOW, N_("Record overflow")},
+ {GNUTLS_A_DECOMPRESSION_FAILURE, N_("Decompression failed")},
+ {GNUTLS_A_HANDSHAKE_FAILURE, N_("Handshake failed")},
+ {GNUTLS_A_BAD_CERTIFICATE, N_("Certificate is bad")},
+ {GNUTLS_A_UNSUPPORTED_CERTIFICATE, N_("Certificate is not supported")},
+ {GNUTLS_A_CERTIFICATE_REVOKED, N_("Certificate was revoked")},
+ {GNUTLS_A_CERTIFICATE_EXPIRED, N_("Certificate is expired")},
+ {GNUTLS_A_CERTIFICATE_UNKNOWN, N_("Unknown certificate")},
+ {GNUTLS_A_ILLEGAL_PARAMETER, N_("Illegal parameter")},
+ {GNUTLS_A_UNKNOWN_CA, N_("CA is unknown")},
+ {GNUTLS_A_ACCESS_DENIED, N_("Access was denied")},
+ {GNUTLS_A_DECODE_ERROR, N_("Decode error")},
+ {GNUTLS_A_DECRYPT_ERROR, N_("Decrypt error")},
+ {GNUTLS_A_EXPORT_RESTRICTION, N_("Export restriction")},
+ {GNUTLS_A_PROTOCOL_VERSION, N_("Error in protocol version")},
+ {GNUTLS_A_INSUFFICIENT_SECURITY, N_("Insufficient security")},
+ {GNUTLS_A_USER_CANCELED, N_("User canceled")},
+ {GNUTLS_A_INTERNAL_ERROR, N_("Internal error")},
+ {GNUTLS_A_NO_RENEGOTIATION, N_("No renegotiation is allowed")},
+ {GNUTLS_A_CERTIFICATE_UNOBTAINABLE,
+ N_("Could not retrieve the specified certificate")},
+ {GNUTLS_A_UNSUPPORTED_EXTENSION, N_("An unsupported extension was sent")},
+ {GNUTLS_A_UNRECOGNIZED_NAME,
+ N_("The server name sent was not recognized")},
+ {GNUTLS_A_UNKNOWN_PSK_IDENTITY,
+ N_("The SRP/PSK username is missing or not known")},
+ {GNUTLS_A_INNER_APPLICATION_FAILURE,
+ N_("Inner application negotiation failed")},
+ {GNUTLS_A_INNER_APPLICATION_VERIFICATION,
+ N_("Inner application verification failed")},
+ {0, NULL}
+};
+
+/**
+ * gnutls_alert_get_name:
+ * @alert: is an alert number #gnutls_session_t structure.
+ *
+ * This function will return a string that describes the given alert
+ * number, or %NULL. See gnutls_alert_get().
+ *
+ * Returns: string corresponding to #gnutls_alert_description_t value.
+ **/
+const char *
+gnutls_alert_get_name (gnutls_alert_description_t alert)
+{
+ const gnutls_alert_entry *p;
+
+ for (p = sup_alerts; p->desc != NULL; p++)
+ if (p->alert == alert)
+ return _(p->desc);
+
+ return NULL;
+}
+
+/**
+ * gnutls_alert_send:
+ * @session: is a #gnutls_session_t structure.
+ * @level: is the level of the alert
+ * @desc: is the alert description
+ *
+ * This function will send an alert to the peer in order to inform
+ * him of something important (eg. his Certificate could not be verified).
+ * If the alert level is Fatal then the peer is expected to close the
+ * connection, otherwise he may ignore the alert and continue.
+ *
+ * The error code of the underlying record send function will be
+ * returned, so you may also receive %GNUTLS_E_INTERRUPTED or
+ * %GNUTLS_E_AGAIN as well.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_alert_send (gnutls_session_t session, gnutls_alert_level_t level,
+ gnutls_alert_description_t desc)
+{
+ uint8_t data[2];
+ int ret;
+ const char *name;
+
+ data[0] = (uint8_t) level;
+ data[1] = (uint8_t) desc;
+
+ name = gnutls_alert_get_name ((int) data[1]);
+ if (name == NULL)
+ name = "(unknown)";
+ _gnutls_record_log ("REC: Sending Alert[%d|%d] - %s\n", data[0],
+ data[1], name);
+
+ if ((ret =
+ _gnutls_send_int (session, GNUTLS_ALERT, -1, EPOCH_WRITE_CURRENT, data,
+ 2, MBUFFER_FLUSH)) >= 0)
+ return 0;
+ else
+ return ret;
+}
+
+/**
+ * gnutls_error_to_alert:
+ * @err: is a negative integer
+ * @level: the alert level will be stored there
+ *
+ * Get an alert depending on the error code returned by a gnutls
+ * function. All alerts sent by this function should be considered
+ * fatal. The only exception is when @err is %GNUTLS_E_REHANDSHAKE,
+ * where a warning alert should be sent to the peer indicating that no
+ * renegotiation will be performed.
+ *
+ * If there is no mapping to a valid alert the alert to indicate
+ * internal error is returned.
+ *
+ * Returns: the alert code to use for a particular error code.
+ **/
+int
+gnutls_error_to_alert (int err, int *level)
+{
+ int ret, _level = -1;
+
+ switch (err)
+ { /* send appropriate alert */
+ case GNUTLS_E_DECRYPTION_FAILED:
+ /* GNUTLS_A_DECRYPTION_FAILED is not sent, because
+ * it is not defined in SSL3. Note that we must
+ * not distinguish Decryption failures from mac
+ * check failures, due to the possibility of some
+ * attacks.
+ */
+ ret = GNUTLS_A_BAD_RECORD_MAC;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DECOMPRESSION_FAILED:
+ ret = GNUTLS_A_DECOMPRESSION_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER:
+ case GNUTLS_E_ILLEGAL_SRP_USERNAME:
+ ret = GNUTLS_A_ILLEGAL_PARAMETER;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_SRP_USERNAME:
+ ret = GNUTLS_A_UNKNOWN_PSK_IDENTITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_ASN1_ELEMENT_NOT_FOUND:
+ case GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND:
+ case GNUTLS_E_ASN1_DER_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_FOUND:
+ case GNUTLS_E_ASN1_GENERIC_ERROR:
+ case GNUTLS_E_ASN1_VALUE_NOT_VALID:
+ case GNUTLS_E_ASN1_TAG_ERROR:
+ case GNUTLS_E_ASN1_TAG_IMPLICIT:
+ case GNUTLS_E_ASN1_TYPE_ANY_ERROR:
+ case GNUTLS_E_ASN1_SYNTAX_ERROR:
+ case GNUTLS_E_ASN1_DER_OVERFLOW:
+ case GNUTLS_E_CERTIFICATE_ERROR:
+ ret = GNUTLS_A_BAD_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNKNOWN_CIPHER_SUITE:
+ case GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM:
+ case GNUTLS_E_INSUFFICIENT_CREDENTIALS:
+ case GNUTLS_E_NO_CIPHER_SUITES:
+ case GNUTLS_E_NO_COMPRESSION_ALGORITHMS:
+ case GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM:
+ case GNUTLS_E_SAFE_RENEGOTIATION_FAILED:
+ case GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL:
+ ret = GNUTLS_A_HANDSHAKE_FAILURE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION:
+ ret = GNUTLS_A_UNSUPPORTED_EXTENSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET:
+ case GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET:
+ ret = GNUTLS_A_UNEXPECTED_MESSAGE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_REHANDSHAKE:
+ case GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED:
+ ret = GNUTLS_A_NO_RENEGOTIATION;
+ _level = GNUTLS_AL_WARNING;
+ break;
+ case GNUTLS_E_UNSUPPORTED_VERSION_PACKET:
+ ret = GNUTLS_A_PROTOCOL_VERSION;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE:
+ ret = GNUTLS_A_UNSUPPORTED_CERTIFICATE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_UNEXPECTED_PACKET_LENGTH:
+ ret = GNUTLS_A_RECORD_OVERFLOW;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_INTERNAL_ERROR:
+ case GNUTLS_E_NO_TEMPORARY_DH_PARAMS:
+ case GNUTLS_E_NO_TEMPORARY_RSA_PARAMS:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_OPENPGP_GETKEY_FAILED:
+ ret = GNUTLS_A_CERTIFICATE_UNOBTAINABLE;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ case GNUTLS_E_DH_PRIME_UNACCEPTABLE:
+ case GNUTLS_E_NO_CERTIFICATE_FOUND:
+ ret = GNUTLS_A_INSUFFICIENT_SECURITY;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ default:
+ ret = GNUTLS_A_INTERNAL_ERROR;
+ _level = GNUTLS_AL_FATAL;
+ break;
+ }
+
+ if (level != NULL)
+ *level = _level;
+
+ return ret;
+}
+
+/**
+ * gnutls_alert_send_appropriate:
+ * @session: is a #gnutls_session_t structure.
+ * @err: is an integer
+ *
+ * Sends an alert to the peer depending on the error code returned by
+ * a gnutls function. This function will call gnutls_error_to_alert()
+ * to determine the appropriate alert to send.
+ *
+ * This function may also return %GNUTLS_E_AGAIN, or
+ * %GNUTLS_E_INTERRUPTED.
+ *
+ * If the return value is %GNUTLS_E_INVALID_REQUEST, then no alert has
+ * been sent to the peer.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ */
+int
+gnutls_alert_send_appropriate (gnutls_session_t session, int err)
+{
+ int alert;
+ int level;
+
+ alert = gnutls_error_to_alert (err, &level);
+ if (alert < 0)
+ {
+ return alert;
+ }
+
+ return gnutls_alert_send (session, level, alert);
+}
+
+/**
+ * gnutls_alert_get:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function will return the last alert number received. This
+ * function should be called if %GNUTLS_E_WARNING_ALERT_RECEIVED or
+ * %GNUTLS_E_FATAL_ALERT_RECEIVED has been returned by a gnutls
+ * function. The peer may send alerts if he thinks some things were
+ * not right. Check gnutls.h for the available alert descriptions.
+ *
+ * If no alert has been received the returned value is undefined.
+ *
+ * Returns: returns the last alert received, a
+ * #gnutls_alert_description_t value.
+ **/
+gnutls_alert_description_t
+gnutls_alert_get (gnutls_session_t session)
+{
+ return session->internals.last_alert;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ * 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_algorithms.h"
+#include "gnutls_errors.h"
+#include "gnutls_cert.h"
+#include <x509/common.h>
+
+
+typedef struct
+{
+ const char *name;
+ gnutls_sec_param_t sec_param;
+ int bits; /* security level */
+ int pk_bits; /* DH, RSA, SRP */
+ int dsa_bits; /* bits for DSA. Handled differently since
+ * choice of key size in DSA is political.
+ */
+ int subgroup_bits; /* subgroup bits */
+ int ecc_bits; /* bits for ECC keys */
+} gnutls_sec_params_entry;
+
+static const gnutls_sec_params_entry sec_params[] = {
+ {"Weak", GNUTLS_SEC_PARAM_WEAK, 64, 816, 1024, 128, 128},
+ {"Low", GNUTLS_SEC_PARAM_LOW, 80, 1248, 2048, 160, 160},
+ {"Normal", GNUTLS_SEC_PARAM_NORMAL, 112, 2432, 3072, 224, 224},
+ {"High", GNUTLS_SEC_PARAM_HIGH, 128, 3248, 3072, 256, 256},
+ {"Ultra", GNUTLS_SEC_PARAM_ULTRA, 256, 15424, 3072, 512, 512},
+ {NULL, 0, 0, 0, 0, 0}
+};
+
+#define GNUTLS_SEC_PARAM_LOOP(b) \
+ { const gnutls_sec_params_entry *p; \
+ for(p = sec_params; p->name != NULL; p++) { b ; } }
+
+
+/* Cred type mappings to KX algorithms
+ * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
+ * more than one credentials type.
+ */
+typedef struct
+{
+ gnutls_kx_algorithm_t algorithm;
+ gnutls_credentials_type_t client_type;
+ gnutls_credentials_type_t server_type; /* The type of credentials a server
+ * needs to set */
+} gnutls_cred_map;
+
+static const gnutls_cred_map cred_mappings[] = {
+ {GNUTLS_KX_ANON_DH, GNUTLS_CRD_ANON, GNUTLS_CRD_ANON},
+ {GNUTLS_KX_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_RSA_EXPORT, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_DHE_PSK, GNUTLS_CRD_PSK, GNUTLS_CRD_PSK},
+ {GNUTLS_KX_SRP, GNUTLS_CRD_SRP, GNUTLS_CRD_SRP},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_CRD_SRP, GNUTLS_CRD_CERTIFICATE},
+ {0, 0, 0}
+};
+
+#define GNUTLS_KX_MAP_LOOP(b) \
+ const gnutls_cred_map *p; \
+ for(p = cred_mappings; p->algorithm != 0; p++) { b ; }
+
+#define GNUTLS_KX_MAP_ALG_LOOP_SERVER(a) \
+ GNUTLS_KX_MAP_LOOP( if(p->server_type == type) { a; break; })
+
+/* KX mappings to PK algorithms */
+typedef struct
+{
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_pk_algorithm_t pk_algorithm;
+ enum encipher_type encipher_type; /* CIPHER_ENCRYPT if this algorithm is to be used
+ * for encryption, CIPHER_SIGN if signature only,
+ * CIPHER_IGN if this does not apply at all.
+ *
+ * This is useful to certificate cipher suites, which check
+ * against the certificate key usage bits.
+ */
+} gnutls_pk_map;
+
+/* This table maps the Key exchange algorithms to
+ * the certificate algorithms. Eg. if we have
+ * RSA algorithm in the certificate then we can
+ * use GNUTLS_KX_RSA or GNUTLS_KX_DHE_RSA.
+ */
+static const gnutls_pk_map pk_mappings[] = {
+ {GNUTLS_KX_RSA, GNUTLS_PK_RSA, CIPHER_ENCRYPT},
+ {GNUTLS_KX_RSA_EXPORT, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_DHE_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_RSA, GNUTLS_PK_RSA, CIPHER_SIGN},
+ {GNUTLS_KX_DHE_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {GNUTLS_KX_SRP_DSS, GNUTLS_PK_DSA, CIPHER_SIGN},
+ {0, 0, 0}
+};
+
+#define GNUTLS_PK_MAP_LOOP(b) \
+ const gnutls_pk_map *p; \
+ for(p = pk_mappings; p->kx_algorithm != 0; p++) { b }
+
+#define GNUTLS_PK_MAP_ALG_LOOP(a) \
+ GNUTLS_PK_MAP_LOOP( if(p->kx_algorithm == kx_algorithm) { a; break; })
+
+
+
+/* TLS Versions */
+
+typedef struct
+{
+ const char *name;
+ gnutls_protocol_t id; /* gnutls internal version number */
+ int major; /* defined by the protocol */
+ int minor; /* defined by the protocol */
+ int supported; /* 0 not supported, > 0 is supported */
+} gnutls_version_entry;
+
+static const gnutls_version_entry sup_versions[] = {
+ {"SSL3.0", GNUTLS_SSL3, 3, 0, 1},
+ {"TLS1.0", GNUTLS_TLS1, 3, 1, 1},
+ {"TLS1.1", GNUTLS_TLS1_1, 3, 2, 1},
+ {"TLS1.2", GNUTLS_TLS1_2, 3, 3, 1},
+ {0, 0, 0, 0, 0}
+};
+
+/* Keep the contents of this struct the same as the previous one. */
+static const gnutls_protocol_t supported_protocols[] = {
+ GNUTLS_SSL3,
+ GNUTLS_TLS1,
+ GNUTLS_TLS1_1,
+ GNUTLS_TLS1_2,
+ 0
+};
+
+#define GNUTLS_VERSION_LOOP(b) \
+ const gnutls_version_entry *p; \
+ for(p = sup_versions; p->name != NULL; p++) { b ; }
+
+#define GNUTLS_VERSION_ALG_LOOP(a) \
+ GNUTLS_VERSION_LOOP( if(p->id == version) { a; break; })
+
+struct gnutls_cipher_entry
+{
+ const char *name;
+ gnutls_cipher_algorithm_t id;
+ uint16_t blocksize;
+ uint16_t keysize;
+ cipher_type_t block;
+ uint16_t iv;
+ int export_flag; /* 0 non export */
+};
+typedef struct gnutls_cipher_entry gnutls_cipher_entry;
+
+/* Note that all algorithms are in CBC or STREAM modes.
+ * Do not add any algorithms in other modes (avoid modified algorithms).
+ * View first: "The order of encryption and authentication for
+ * protecting communications" by Hugo Krawczyk - CRYPTO 2001
+ *
+ * Make sure to updated MAX_CIPHER_BLOCK_SIZE and MAX_CIPHER_KEY_SIZE as well.
+ */
+static const gnutls_cipher_entry algorithms[] = {
+ {"AES-256-CBC", GNUTLS_CIPHER_AES_256_CBC, 16, 32, CIPHER_BLOCK, 16, 0},
+ {"AES-192-CBC", GNUTLS_CIPHER_AES_192_CBC, 16, 24, CIPHER_BLOCK, 16, 0},
+ {"AES-128-CBC", GNUTLS_CIPHER_AES_128_CBC, 16, 16, CIPHER_BLOCK, 16, 0},
+ {"3DES-CBC", GNUTLS_CIPHER_3DES_CBC, 8, 24, CIPHER_BLOCK, 8, 0},
+ {"DES-CBC", GNUTLS_CIPHER_DES_CBC, 8, 8, CIPHER_BLOCK, 8, 0},
+ {"ARCFOUR-128", GNUTLS_CIPHER_ARCFOUR_128, 1, 16, CIPHER_STREAM, 0, 0},
+ {"ARCFOUR-40", GNUTLS_CIPHER_ARCFOUR_40, 1, 5, CIPHER_STREAM, 0, 1},
+ {"RC2-40", GNUTLS_CIPHER_RC2_40_CBC, 8, 5, CIPHER_BLOCK, 8, 1},
+#ifdef ENABLE_CAMELLIA
+ {"CAMELLIA-256-CBC", GNUTLS_CIPHER_CAMELLIA_256_CBC, 16, 32, CIPHER_BLOCK,
+ 16, 0},
+ {"CAMELLIA-128-CBC", GNUTLS_CIPHER_CAMELLIA_128_CBC, 16, 16, CIPHER_BLOCK,
+ 16, 0},
+#endif
+
+#ifdef ENABLE_OPENPGP
+ {"IDEA-PGP-CFB", GNUTLS_CIPHER_IDEA_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0},
+ {"3DES-PGP-CFB", GNUTLS_CIPHER_3DES_PGP_CFB, 8, 24, CIPHER_BLOCK, 8, 0},
+ {"CAST5-PGP-CFB", GNUTLS_CIPHER_CAST5_PGP_CFB, 8, 16, CIPHER_BLOCK, 8, 0},
+ {"BLOWFISH-PGP-CFB", GNUTLS_CIPHER_BLOWFISH_PGP_CFB, 8,
+ 16 /*actually unlimited */ , CIPHER_BLOCK, 8, 0},
+ {"SAFER-SK128-PGP-CFB", GNUTLS_CIPHER_SAFER_SK128_PGP_CFB, 8, 16,
+ CIPHER_BLOCK, 8, 0},
+ {"AES-128-PGP-CFB", GNUTLS_CIPHER_AES128_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
+ 0},
+ {"AES-192-PGP-CFB", GNUTLS_CIPHER_AES192_PGP_CFB, 16, 24, CIPHER_BLOCK, 16,
+ 0},
+ {"AES-256-PGP-CFB", GNUTLS_CIPHER_AES256_PGP_CFB, 16, 32, CIPHER_BLOCK, 16,
+ 0},
+ {"TWOFISH-PGP-CFB", GNUTLS_CIPHER_TWOFISH_PGP_CFB, 16, 16, CIPHER_BLOCK, 16,
+ 0},
+#endif
+ {"NULL", GNUTLS_CIPHER_NULL, 1, 0, CIPHER_STREAM, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0}
+};
+
+/* Keep the contents of this struct the same as the previous one. */
+static const gnutls_cipher_algorithm_t supported_ciphers[] = {
+ GNUTLS_CIPHER_AES_256_CBC,
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_CIPHER_ARCFOUR_40,
+ GNUTLS_CIPHER_RC2_40_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
+ GNUTLS_CIPHER_NULL,
+ 0
+};
+
+#define GNUTLS_LOOP(b) \
+ const gnutls_cipher_entry *p; \
+ for(p = algorithms; p->name != NULL; p++) { b ; }
+
+#define GNUTLS_ALG_LOOP(a) \
+ GNUTLS_LOOP( if(p->id == algorithm) { a; break; } )
+
+
+struct gnutls_hash_entry
+{
+ const char *name;
+ const char *oid;
+ gnutls_mac_algorithm_t id;
+ size_t key_size; /* in case of mac */
+};
+typedef struct gnutls_hash_entry gnutls_hash_entry;
+
+static const gnutls_hash_entry hash_algorithms[] = {
+ {"SHA1", HASH_OID_SHA1, GNUTLS_MAC_SHA1, 20},
+ {"MD5", HASH_OID_MD5, GNUTLS_MAC_MD5, 16},
+ {"SHA256", HASH_OID_SHA256, GNUTLS_MAC_SHA256, 32},
+ {"SHA384", HASH_OID_SHA384, GNUTLS_MAC_SHA384, 48},
+ {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
+ {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */
+ {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0},
+ {0, 0, 0, 0}
+};
+
+/* Keep the contents of this struct the same as the previous one. */
+static const gnutls_mac_algorithm_t supported_macs[] = {
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_MD5,
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA384,
+ GNUTLS_MAC_SHA512,
+ GNUTLS_MAC_MD2,
+ GNUTLS_MAC_RMD160,
+ GNUTLS_MAC_NULL,
+ 0
+};
+
+#define GNUTLS_HASH_LOOP(b) \
+ const gnutls_hash_entry *p; \
+ for(p = hash_algorithms; p->name != NULL; p++) { b ; }
+
+#define GNUTLS_HASH_ALG_LOOP(a) \
+ GNUTLS_HASH_LOOP( if(p->id == algorithm) { a; break; } )
+
+/* Key Exchange Section */
+
+
+extern mod_auth_st rsa_auth_struct;
+extern mod_auth_st rsa_export_auth_struct;
+extern mod_auth_st dhe_rsa_auth_struct;
+extern mod_auth_st dhe_dss_auth_struct;
+extern mod_auth_st anon_auth_struct;
+extern mod_auth_st srp_auth_struct;
+extern mod_auth_st psk_auth_struct;
+extern mod_auth_st dhe_psk_auth_struct;
+extern mod_auth_st srp_rsa_auth_struct;
+extern mod_auth_st srp_dss_auth_struct;
+
+struct gnutls_kx_algo_entry
+{
+ const char *name;
+ gnutls_kx_algorithm_t algorithm;
+ mod_auth_st *auth_struct;
+ int needs_dh_params;
+ int needs_rsa_params;
+};
+typedef struct gnutls_kx_algo_entry gnutls_kx_algo_entry;
+
+static const gnutls_kx_algo_entry _gnutls_kx_algorithms[] = {
+#ifdef ENABLE_ANON
+ {"ANON-DH", GNUTLS_KX_ANON_DH, &anon_auth_struct, 1, 0},
+#endif
+ {"RSA", GNUTLS_KX_RSA, &rsa_auth_struct, 0, 0},
+ {"RSA-EXPORT", GNUTLS_KX_RSA_EXPORT, &rsa_export_auth_struct, 0,
+ 1 /* needs RSA params */ },
+ {"DHE-RSA", GNUTLS_KX_DHE_RSA, &dhe_rsa_auth_struct, 1, 0},
+ {"DHE-DSS", GNUTLS_KX_DHE_DSS, &dhe_dss_auth_struct, 1, 0},
+
+#ifdef ENABLE_SRP
+ {"SRP-DSS", GNUTLS_KX_SRP_DSS, &srp_dss_auth_struct, 0, 0},
+ {"SRP-RSA", GNUTLS_KX_SRP_RSA, &srp_rsa_auth_struct, 0, 0},
+ {"SRP", GNUTLS_KX_SRP, &srp_auth_struct, 0, 0},
+#endif
+#ifdef ENABLE_PSK
+ {"PSK", GNUTLS_KX_PSK, &psk_auth_struct, 0, 0},
+ {"DHE-PSK", GNUTLS_KX_DHE_PSK, &dhe_psk_auth_struct,
+ 1 /* needs DHE params */ , 0},
+#endif
+ {0, 0, 0, 0, 0}
+};
+
+/* Keep the contents of this struct the same as the previous one. */
+static const gnutls_kx_algorithm_t supported_kxs[] = {
+#ifdef ENABLE_ANON
+ GNUTLS_KX_ANON_DH,
+#endif
+ GNUTLS_KX_RSA,
+ GNUTLS_KX_RSA_EXPORT,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
+#ifdef ENABLE_SRP
+ GNUTLS_KX_SRP_DSS,
+ GNUTLS_KX_SRP_RSA,
+ GNUTLS_KX_SRP,
+#endif
+#ifdef ENABLE_PSK
+ GNUTLS_KX_PSK,
+ GNUTLS_KX_DHE_PSK,
+#endif
+ 0
+};
+
+#define GNUTLS_KX_LOOP(b) \
+ const gnutls_kx_algo_entry *p; \
+ for(p = _gnutls_kx_algorithms; p->name != NULL; p++) { b ; }
+
+#define GNUTLS_KX_ALG_LOOP(a) \
+ GNUTLS_KX_LOOP( if(p->algorithm == algorithm) { a; break; } )
+
+
+
+/* Cipher SUITES */
+#define GNUTLS_CIPHER_SUITE_ENTRY( name, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version ) \
+ { #name, {name}, block_algorithm, kx_algorithm, mac_algorithm, min_version, max_version }
+
+typedef struct
+{
+ const char *name;
+ cipher_suite_st id;
+ gnutls_cipher_algorithm_t block_algorithm;
+ gnutls_kx_algorithm_t kx_algorithm;
+ gnutls_mac_algorithm_t mac_algorithm;
+ gnutls_protocol_t min_version; /* this cipher suite is supported
+ * from 'version' and above;
+ */
+ gnutls_protocol_t max_version; /* this cipher suite is not supported after that */
+} gnutls_cipher_suite_entry;
+
+/* RSA with NULL cipher and MD5 MAC
+ * for test purposes.
+ */
+#define GNUTLS_RSA_NULL_MD5 { 0x00, 0x01 }
+#define GNUTLS_RSA_NULL_SHA1 { 0x00, 0x02 }
+#define GNUTLS_RSA_NULL_SHA256 { 0x00, 0x3B }
+
+/* ANONymous cipher suites.
+ */
+
+#define GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1 { 0x00, 0x1B }
+#define GNUTLS_ANON_DH_ARCFOUR_MD5 { 0x00, 0x18 }
+
+ /* rfc3268: */
+#define GNUTLS_ANON_DH_AES_128_CBC_SHA1 { 0x00, 0x34 }
+#define GNUTLS_ANON_DH_AES_256_CBC_SHA1 { 0x00, 0x3A }
+
+/* rfc4132 */
+#ifdef ENABLE_CAMELLIA
+#define GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1 { 0x00,0x46 }
+#define GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1 { 0x00,0x89 }
+#endif
+
+#define GNUTLS_ANON_DH_AES_128_CBC_SHA256 { 0x00, 0x6C }
+#define GNUTLS_ANON_DH_AES_256_CBC_SHA256 { 0x00, 0x6D }
+
+/* PSK (not in TLS 1.0)
+ * draft-ietf-tls-psk:
+ */
+#define GNUTLS_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8A }
+#define GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8B }
+#define GNUTLS_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x8C }
+#define GNUTLS_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x8D }
+
+#define GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1 { 0x00, 0x8E }
+#define GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1 { 0x00, 0x8F }
+#define GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1 { 0x00, 0x90 }
+#define GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1 { 0x00, 0x91 }
+
+
+/* SRP (rfc5054)
+ */
+#define GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1A }
+#define GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1 { 0xC0, 0x1B }
+#define GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1 { 0xC0, 0x1C }
+
+#define GNUTLS_SRP_SHA_AES_128_CBC_SHA1 { 0xC0, 0x1D }
+#define GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1 { 0xC0, 0x1E }
+#define GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1 { 0xC0, 0x1F }
+
+#define GNUTLS_SRP_SHA_AES_256_CBC_SHA1 { 0xC0, 0x20 }
+#define GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1 { 0xC0, 0x21 }
+#define GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1 { 0xC0, 0x22 }
+
+/* RSA
+ */
+#define GNUTLS_RSA_ARCFOUR_SHA1 { 0x00, 0x05 }
+#define GNUTLS_RSA_ARCFOUR_MD5 { 0x00, 0x04 }
+#define GNUTLS_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x0A }
+
+#define GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5 { 0x00, 0x03 }
+
+/* rfc3268:
+ */
+#define GNUTLS_RSA_AES_128_CBC_SHA1 { 0x00, 0x2F }
+#define GNUTLS_RSA_AES_256_CBC_SHA1 { 0x00, 0x35 }
+
+/* rfc4132 */
+#ifdef ENABLE_CAMELLIA
+#define GNUTLS_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x41 }
+#define GNUTLS_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x84 }
+#endif
+
+#define GNUTLS_RSA_AES_128_CBC_SHA256 { 0x00, 0x3C }
+#define GNUTLS_RSA_AES_256_CBC_SHA256 { 0x00, 0x3D }
+
+/* DHE DSS
+ */
+
+#define GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1 { 0x00, 0x13 }
+
+
+/* draft-ietf-tls-56-bit-ciphersuites-01:
+ */
+#define GNUTLS_DHE_DSS_ARCFOUR_SHA1 { 0x00, 0x66 }
+
+
+/* rfc3268:
+ */
+#define GNUTLS_DHE_DSS_AES_256_CBC_SHA1 { 0x00, 0x38 }
+#define GNUTLS_DHE_DSS_AES_128_CBC_SHA1 { 0x00, 0x32 }
+
+/* rfc4132 */
+#ifdef ENABLE_CAMELLIA
+#define GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1 { 0x00,0x44 }
+#define GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1 { 0x00,0x87 }
+#endif
+
+#define GNUTLS_DHE_DSS_AES_128_CBC_SHA256 { 0x00, 0x40 }
+#define GNUTLS_DHE_DSS_AES_256_CBC_SHA256 { 0x00, 0x6A }
+
+/* DHE RSA
+ */
+#define GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1 { 0x00, 0x16 }
+
+/* rfc3268:
+ */
+#define GNUTLS_DHE_RSA_AES_128_CBC_SHA1 { 0x00, 0x33 }
+#define GNUTLS_DHE_RSA_AES_256_CBC_SHA1 { 0x00, 0x39 }
+
+/* rfc4132 */
+#ifdef ENABLE_CAMELLIA
+#define GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1 { 0x00,0x45 }
+#define GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1 { 0x00,0x88 }
+#endif
+
+#define GNUTLS_DHE_RSA_AES_128_CBC_SHA256 { 0x00, 0x67 }
+#define GNUTLS_DHE_RSA_AES_256_CBC_SHA256 { 0x00, 0x6B }
+
+/* Safe renegotiation */
+
+#define CIPHER_SUITES_COUNT sizeof(cs_algorithms)/sizeof(gnutls_cipher_suite_entry)-1
+
+static const gnutls_cipher_suite_entry cs_algorithms[] = {
+ /* ANON_DH */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_ARCFOUR_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_ANON_DH, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_ANON_DH_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+
+ /* PSK */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_ARCFOUR_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_PSK_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ /* DHE-PSK */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_ARCFOUR_SHA1,
+ GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_PSK_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ /* SRP */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_SRP_SHA_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_SRP_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+
+ /* DHE_DSS */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_ARCFOUR_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+ /* DHE_RSA */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+ /* RSA-NULL */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_MD5,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA1,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_NULL_SHA256,
+ GNUTLS_CIPHER_NULL,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+
+ /* RSA-EXPORT */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_EXPORT_ARCFOUR_40_MD5,
+ GNUTLS_CIPHER_ARCFOUR_40,
+ GNUTLS_KX_RSA_EXPORT, GNUTLS_MAC_MD5,
+ GNUTLS_SSL3, GNUTLS_TLS1_0),
+
+ /* RSA */
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_SHA1,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_ARCFOUR_MD5,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_KX_RSA, GNUTLS_MAC_MD5, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_3DES_EDE_CBC_SHA1,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA1,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA1,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+ GNUTLS_VERSION_MAX),
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_CAMELLIA_256_CBC_SHA1,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA1, GNUTLS_TLS1,
+ GNUTLS_VERSION_MAX),
+#endif
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_128_CBC_SHA256,
+ GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+ GNUTLS_CIPHER_SUITE_ENTRY (GNUTLS_RSA_AES_256_CBC_SHA256,
+ GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
+ GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+ GNUTLS_VERSION_MAX),
+ {0, {{0, 0}}, 0, 0, 0, 0, 0}
+};
+
+#define GNUTLS_CIPHER_SUITE_LOOP(b) \
+ const gnutls_cipher_suite_entry *p; \
+ for(p = cs_algorithms; p->name != NULL; p++) { b ; }
+
+#define GNUTLS_CIPHER_SUITE_ALG_LOOP(a) \
+ GNUTLS_CIPHER_SUITE_LOOP( if( (p->id.suite[0] == suite->suite[0]) && (p->id.suite[1] == suite->suite[1])) { a; break; } )
+
+
+
+/* Generic Functions */
+
+int
+_gnutls_mac_priority (gnutls_session_t session,
+ gnutls_mac_algorithm_t algorithm)
+{ /* actually returns the priority */
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.mac.algorithms; i++)
+ {
+ if (session->internals.priorities.mac.priority[i] == algorithm)
+ return i;
+ }
+ return -1;
+}
+
+/**
+ * gnutls_mac_get_name:
+ * @algorithm: is a MAC algorithm
+ *
+ * Convert a #gnutls_mac_algorithm_t value to a string.
+ *
+ * Returns: a string that contains the name of the specified MAC
+ * algorithm, or %NULL.
+ **/
+const char *
+gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP (ret = p->name);
+
+ return ret;
+}
+
+/**
+ * gnutls_mac_get_id:
+ * @name: is a MAC algorithm name
+ *
+ * Convert a string to a #gnutls_mac_algorithm_t value. The names are
+ * compared in a case insensitive way.
+ *
+ * Returns: a #gnutls_mac_algorithm_t id of the specified MAC
+ * algorithm string, or %GNUTLS_MAC_UNKNOWN on failures.
+ **/
+gnutls_mac_algorithm_t
+gnutls_mac_get_id (const char *name)
+{
+ gnutls_mac_algorithm_t ret = GNUTLS_MAC_UNKNOWN;
+
+ GNUTLS_HASH_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
+
+ return ret;
+}
+
+/**
+ * gnutls_mac_get_key_size:
+ * @algorithm: is an encryption algorithm
+ *
+ * Get size of MAC key.
+ *
+ * Returns: length (in bytes) of the given MAC key size, or 0 if the
+ * given MAC algorithm is invalid.
+ **/
+size_t
+gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm)
+{
+ size_t ret = 0;
+
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP (ret = p->key_size);
+
+ return ret;
+}
+
+/**
+ * gnutls_mac_list:
+ *
+ * Get a list of hash algorithms for use as MACs. Note that not
+ * necessarily all MACs are supported in TLS cipher suites. For
+ * example, MD2 is not supported as a cipher suite, but is supported
+ * for other purposes (e.g., X.509 signature verification or similar).
+ *
+ * Returns: Return a zero-terminated list of #gnutls_mac_algorithm_t
+ * integers indicating the available MACs.
+ **/
+const gnutls_mac_algorithm_t *
+gnutls_mac_list (void)
+{
+ return supported_macs;
+}
+
+const char *
+_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t algorithm)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_HASH_ALG_LOOP (ret = p->oid);
+
+ return ret;
+}
+
+gnutls_mac_algorithm_t
+_gnutls_x509_oid2mac_algorithm (const char *oid)
+{
+ gnutls_mac_algorithm_t ret = 0;
+
+ GNUTLS_HASH_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
+ {
+ ret = p->id; break;}
+ );
+
+ if (ret == 0)
+ return GNUTLS_MAC_UNKNOWN;
+ return ret;
+}
+
+
+int
+_gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm)
+{
+ ssize_t ret = -1;
+ GNUTLS_HASH_ALG_LOOP (ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
+}
+
+/* CIPHER functions */
+
+/**
+ * gnutls_cipher_get_block_size:
+ * @algorithm: is an encryption algorithm
+ *
+ * Get block size for encryption algorithm.
+ *
+ * Returns: block size for encryption algorithm.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm)
+{
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP (ret = p->blocksize);
+ return ret;
+
+}
+
+ /* returns the priority */
+int
+_gnutls_cipher_priority (gnutls_session_t session,
+ gnutls_cipher_algorithm_t algorithm)
+{
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.cipher.algorithms; i++)
+ {
+ if (session->internals.priorities.cipher.priority[i] == algorithm)
+ return i;
+ }
+ return -1;
+}
+
+
+int
+_gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm)
+{
+ size_t ret = 0;
+
+ GNUTLS_ALG_LOOP (ret = p->block);
+ return ret;
+
+}
+
+/**
+ * gnutls_cipher_get_key_size:
+ * @algorithm: is an encryption algorithm
+ *
+ * Get key size for cipher.
+ *
+ * Returns: length (in bytes) of the given cipher's key size, or 0 if
+ * the given cipher is invalid.
+ **/
+size_t
+gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm)
+{ /* In bytes */
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP (ret = p->keysize);
+ return ret;
+
+}
+
+int
+_gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm)
+{ /* In bytes */
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP (ret = p->iv);
+ return ret;
+
+}
+
+int
+_gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm)
+{ /* In bytes */
+ size_t ret = 0;
+ GNUTLS_ALG_LOOP (ret = p->export_flag);
+ return ret;
+
+}
+
+/**
+ * gnutls_cipher_get_name:
+ * @algorithm: is an encryption algorithm
+ *
+ * Convert a #gnutls_cipher_algorithm_t type to a string.
+ *
+ * Returns: a pointer to a string that contains the name of the
+ * specified cipher, or %NULL.
+ **/
+const char *
+gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_ALG_LOOP (ret = p->name);
+
+ return ret;
+}
+
+/**
+ * gnutls_cipher_get_id:
+ * @name: is a MAC algorithm name
+ *
+ * The names are compared in a case insensitive way.
+ *
+ * Returns: return a #gnutls_cipher_algorithm_t value corresponding to
+ * the specified cipher, or %GNUTLS_CIPHER_UNKNOWN on error.
+ **/
+gnutls_cipher_algorithm_t
+gnutls_cipher_get_id (const char *name)
+{
+ gnutls_cipher_algorithm_t ret = GNUTLS_CIPHER_UNKNOWN;
+
+ GNUTLS_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
+
+ return ret;
+}
+
+/**
+ * gnutls_cipher_list:
+ *
+ * Get a list of supported cipher algorithms. Note that not
+ * necessarily all ciphers are supported as TLS cipher suites. For
+ * example, DES is not supported as a cipher suite, but is supported
+ * for other purposes (e.g., PKCS#8 or similar).
+ *
+ * Returns: a zero-terminated list of #gnutls_cipher_algorithm_t
+ * integers indicating the available ciphers.
+ *
+ **/
+const gnutls_cipher_algorithm_t *
+gnutls_cipher_list (void)
+{
+ return supported_ciphers;
+}
+
+int
+_gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm)
+{
+ ssize_t ret = -1;
+ GNUTLS_ALG_LOOP (ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
+}
+
+/* Key EXCHANGE functions */
+mod_auth_st *
+_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm)
+{
+ mod_auth_st *ret = NULL;
+ GNUTLS_KX_ALG_LOOP (ret = p->auth_struct);
+ return ret;
+
+}
+
+
+int
+_gnutls_kx_priority (gnutls_session_t session,
+ gnutls_kx_algorithm_t algorithm)
+{
+ unsigned int i;
+ for (i = 0; i < session->internals.priorities.kx.algorithms; i++)
+ {
+ if (session->internals.priorities.kx.priority[i] == algorithm)
+ return i;
+ }
+ return -1;
+}
+
+/**
+ * gnutls_kx_get_name:
+ * @algorithm: is a key exchange algorithm
+ *
+ * Convert a #gnutls_kx_algorithm_t value to a string.
+ *
+ * Returns: a pointer to a string that contains the name of the
+ * specified key exchange algorithm, or %NULL.
+ **/
+const char *
+gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_KX_ALG_LOOP (ret = p->name);
+
+ return ret;
+}
+
+/**
+ * gnutls_kx_get_id:
+ * @name: is a KX name
+ *
+ * Convert a string to a #gnutls_kx_algorithm_t value. The names are
+ * compared in a case insensitive way.
+ *
+ * Returns: an id of the specified KX algorithm, or %GNUTLS_KX_UNKNOWN
+ * on error.
+ **/
+gnutls_kx_algorithm_t
+gnutls_kx_get_id (const char *name)
+{
+ gnutls_cipher_algorithm_t ret = GNUTLS_KX_UNKNOWN;
+
+ GNUTLS_KX_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->algorithm);
+
+ return ret;
+}
+
+/**
+ * gnutls_kx_list:
+ *
+ * Get a list of supported key exchange algorithms.
+ *
+ * Returns: a zero-terminated list of #gnutls_kx_algorithm_t integers
+ * indicating the available key exchange algorithms.
+ **/
+const gnutls_kx_algorithm_t *
+gnutls_kx_list (void)
+{
+ return supported_kxs;
+}
+
+int
+_gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm)
+{
+ ssize_t ret = -1;
+ GNUTLS_KX_ALG_LOOP (ret = p->algorithm);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
+}
+
+int
+_gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm)
+{
+ ssize_t ret = 0;
+ GNUTLS_KX_ALG_LOOP (ret = p->needs_rsa_params);
+ return ret;
+}
+
+int
+_gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm)
+{
+ ssize_t ret = 0;
+ GNUTLS_KX_ALG_LOOP (ret = p->needs_dh_params);
+ return ret;
+}
+
+
+/* Version */
+int
+_gnutls_version_priority (gnutls_session_t session, gnutls_protocol_t version)
+{ /* actually returns the priority */
+ unsigned int i;
+
+ for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+ {
+ if (session->internals.priorities.protocol.priority[i] == version)
+ return i;
+ }
+ return -1;
+}
+
+gnutls_protocol_t
+_gnutls_version_lowest (gnutls_session_t session)
+{ /* returns the lowest version supported */
+ unsigned int i, min = 0xff;
+
+ for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+ {
+ if (session->internals.priorities.protocol.priority[i] < min)
+ min = session->internals.priorities.protocol.priority[i];
+ }
+
+ if (min == 0xff)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+
+ return min;
+}
+
+gnutls_protocol_t
+_gnutls_version_max (gnutls_session_t session)
+{ /* returns the maximum version supported */
+ unsigned int i, max = 0x00;
+
+ for (i = 0; i < session->internals.priorities.protocol.algorithms; i++)
+ {
+ if (session->internals.priorities.protocol.priority[i] > max)
+ max = session->internals.priorities.protocol.priority[i];
+ }
+
+ if (max == 0x00)
+ return GNUTLS_VERSION_UNKNOWN; /* unknown version */
+
+ return max;
+}
+
+
+/**
+ * gnutls_protocol_get_name:
+ * @version: is a (gnutls) version number
+ *
+ * Convert a #gnutls_protocol_t value to a string.
+ *
+ * Returns: a string that contains the name of the specified TLS
+ * version (e.g., "TLS1.0"), or %NULL.
+ **/
+const char *
+gnutls_protocol_get_name (gnutls_protocol_t version)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_VERSION_ALG_LOOP (ret = p->name);
+ return ret;
+}
+
+/**
+ * gnutls_protocol_get_id:
+ * @name: is a protocol name
+ *
+ * The names are compared in a case insensitive way.
+ *
+ * Returns: an id of the specified protocol, or
+ * %GNUTLS_VERSION_UNKNOWN on error.
+ **/
+gnutls_protocol_t
+gnutls_protocol_get_id (const char *name)
+{
+ gnutls_protocol_t ret = GNUTLS_VERSION_UNKNOWN;
+
+ GNUTLS_VERSION_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
+
+ return ret;
+}
+
+/**
+ * gnutls_protocol_list:
+ *
+ * Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.
+ *
+ * Returns: a zero-terminated list of #gnutls_protocol_t integers
+ * indicating the available protocols.
+ *
+ **/
+const gnutls_protocol_t *
+gnutls_protocol_list (void)
+{
+ return supported_protocols;
+}
+
+int
+_gnutls_version_get_minor (gnutls_protocol_t version)
+{
+ int ret = -1;
+
+ GNUTLS_VERSION_ALG_LOOP (ret = p->minor);
+ return ret;
+}
+
+gnutls_protocol_t
+_gnutls_version_get (int major, int minor)
+{
+ int ret = -1;
+
+ GNUTLS_VERSION_LOOP (if ((p->major == major) && (p->minor == minor))
+ ret = p->id);
+ return ret;
+}
+
+int
+_gnutls_version_get_major (gnutls_protocol_t version)
+{
+ int ret = -1;
+
+ GNUTLS_VERSION_ALG_LOOP (ret = p->major);
+ return ret;
+}
+
+/* Version Functions */
+
+int
+_gnutls_version_is_supported (gnutls_session_t session,
+ const gnutls_protocol_t version)
+{
+ int ret = 0;
+
+ GNUTLS_VERSION_ALG_LOOP (ret = p->supported);
+ if (ret == 0)
+ return 0;
+
+ if (_gnutls_version_priority (session, version) < 0)
+ return 0; /* disabled by the user */
+ else
+ return 1;
+}
+
+
+/* This function determines if the version specified has a
+ cipher-suite selected PRF hash function instead of the old
+ hardcoded MD5+SHA1. */
+int
+_gnutls_version_has_selectable_prf (gnutls_protocol_t version)
+{
+ return version == GNUTLS_TLS1_2;
+}
+
+/* This function determines if the version specified has selectable
+ signature/hash functions for certificate authentification. */
+int
+_gnutls_version_has_selectable_sighash (gnutls_protocol_t version)
+{
+ return version == GNUTLS_TLS1_2;
+}
+
+/* This function determines if the version specified has support for
+ TLS extensions. */
+int
+_gnutls_version_has_extensions (gnutls_protocol_t version)
+{
+ switch (version)
+ {
+ case GNUTLS_TLS1_0:
+ case GNUTLS_TLS1_1:
+ case GNUTLS_TLS1_2:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+/* This function determines if the version specified has explicit IVs
+ (for CBC attack prevention). */
+int
+_gnutls_version_has_explicit_iv (gnutls_protocol_t version)
+{
+ switch (version)
+ {
+ case GNUTLS_TLS1_1:
+ case GNUTLS_TLS1_2:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+/* This function determines if the version specified can have
+ non-minimal padding. */
+int
+_gnutls_version_has_variable_padding (gnutls_protocol_t version)
+{
+ switch (version)
+ {
+ case GNUTLS_TLS1_0:
+ case GNUTLS_TLS1_1:
+ case GNUTLS_TLS1_2:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
+/* Type to KX mappings */
+gnutls_kx_algorithm_t
+_gnutls_map_kx_get_kx (gnutls_credentials_type_t type, int server)
+{
+ gnutls_kx_algorithm_t ret = -1;
+
+ if (server)
+ {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
+ }
+ else
+ {
+ GNUTLS_KX_MAP_ALG_LOOP_SERVER (ret = p->algorithm);
+ }
+ return ret;
+}
+
+gnutls_credentials_type_t
+_gnutls_map_kx_get_cred (gnutls_kx_algorithm_t algorithm, int server)
+{
+ gnutls_credentials_type_t ret = -1;
+ if (server)
+ {
+ GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
+ p->server_type);
+ }
+ else
+ {
+ GNUTLS_KX_MAP_LOOP (if (p->algorithm == algorithm) ret =
+ p->client_type);
+ }
+
+ return ret;
+}
+
+
+/* Cipher Suite's functions */
+gnutls_cipher_algorithm_t
+_gnutls_cipher_suite_get_cipher_algo (const cipher_suite_st * suite)
+{
+ int ret = 0;
+ GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->block_algorithm);
+ return ret;
+}
+
+gnutls_protocol_t
+_gnutls_cipher_suite_is_version_supported (const cipher_suite_st * suite,
+ gnutls_protocol_t version)
+{
+ int ret = 0;
+ GNUTLS_CIPHER_SUITE_ALG_LOOP ((version >= p->min_version
+ && version <= p->max_version) ? (ret =
+ 1) : (ret =
+ 0));
+ return ret;
+}
+
+gnutls_kx_algorithm_t
+_gnutls_cipher_suite_get_kx_algo (const cipher_suite_st * suite)
+{
+ int ret = 0;
+
+ GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->kx_algorithm);
+ return ret;
+
+}
+
+gnutls_mac_algorithm_t
+_gnutls_cipher_suite_get_mac_algo (const cipher_suite_st * suite)
+{ /* In bytes */
+ int ret = 0;
+ GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->mac_algorithm);
+ return ret;
+
+}
+
+const char *
+_gnutls_cipher_suite_get_name (cipher_suite_st * suite)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_CIPHER_SUITE_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_") - 1);
+
+ return ret;
+}
+
+/**
+ * gnutls_cipher_suite_get_name:
+ * @kx_algorithm: is a Key exchange algorithm
+ * @cipher_algorithm: is a cipher algorithm
+ * @mac_algorithm: is a MAC algorithm
+ *
+ * Note that the full cipher suite name must be prepended by TLS or
+ * SSL depending of the protocol in use.
+ *
+ * Returns: a string that contains the name of a TLS cipher suite,
+ * specified by the given algorithms, or %NULL.
+ **/
+const char *
+gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t kx_algorithm,
+ gnutls_cipher_algorithm_t cipher_algorithm,
+ gnutls_mac_algorithm_t mac_algorithm)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_CIPHER_SUITE_LOOP (if (kx_algorithm == p->kx_algorithm &&
+ cipher_algorithm == p->block_algorithm &&
+ mac_algorithm == p->mac_algorithm)
+ ret = p->name + sizeof ("GNUTLS_") - 1);
+
+ return ret;
+}
+
+/**
+ * gnutls_cipher_suite_info:
+ * @idx: index of cipher suite to get information about, starts on 0.
+ * @cs_id: output buffer with room for 2 bytes, indicating cipher suite value
+ * @kx: output variable indicating key exchange algorithm, or %NULL.
+ * @cipher: output variable indicating cipher, or %NULL.
+ * @mac: output variable indicating MAC algorithm, or %NULL.
+ * @version: output variable indicating TLS protocol version, or %NULL.
+ *
+ * Get information about supported cipher suites. Use the function
+ * iteratively to get information about all supported cipher suites.
+ * Call with idx=0 to get information about first cipher suite, then
+ * idx=1 and so on until the function returns NULL.
+ *
+ * Returns: the name of @idx cipher suite, and set the information
+ * about the cipher suite in the output variables. If @idx is out of
+ * bounds, %NULL is returned.
+ **/
+const char *
+gnutls_cipher_suite_info (size_t idx,
+ char *cs_id,
+ gnutls_kx_algorithm_t * kx,
+ gnutls_cipher_algorithm_t * cipher,
+ gnutls_mac_algorithm_t * mac,
+ gnutls_protocol_t * min_version)
+{
+ if (idx >= CIPHER_SUITES_COUNT)
+ return NULL;
+
+ if (cs_id)
+ memcpy (cs_id, cs_algorithms[idx].id.suite, 2);
+ if (kx)
+ *kx = cs_algorithms[idx].kx_algorithm;
+ if (cipher)
+ *cipher = cs_algorithms[idx].block_algorithm;
+ if (mac)
+ *mac = cs_algorithms[idx].mac_algorithm;
+ if (min_version)
+ *min_version = cs_algorithms[idx].min_version;
+
+ return cs_algorithms[idx].name + sizeof ("GNU") - 1;
+}
+
+
+static inline int
+_gnutls_cipher_suite_is_ok (cipher_suite_st * suite)
+{
+ size_t ret;
+ const char *name = NULL;
+
+ GNUTLS_CIPHER_SUITE_ALG_LOOP (name = p->name);
+ if (name != NULL)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
+
+}
+
+#define SWAP(x, y) memcpy(tmp,x,size); \
+ memcpy(x,y,size); \
+ memcpy(y,tmp,size);
+
+#define MAX_ELEM_SIZE 4
+static inline int
+_gnutls_partition (gnutls_session_t session, void *_base,
+ size_t nmemb, size_t size,
+ int (*compar) (gnutls_session_t,
+ const void *, const void *))
+{
+ uint8_t *base = _base;
+ uint8_t tmp[MAX_ELEM_SIZE];
+ uint8_t ptmp[MAX_ELEM_SIZE];
+ unsigned int pivot;
+ unsigned int i, j;
+ unsigned int full;
+
+ i = pivot = 0;
+ j = full = (nmemb - 1) * size;
+
+ memcpy (ptmp, &base[0], size); /* set pivot item */
+
+ while (i < j)
+ {
+ while ((compar (session, &base[i], ptmp) <= 0) && (i < full))
+ {
+ i += size;
+ }
+ while ((compar (session, &base[j], ptmp) >= 0) && (j > 0))
+ j -= size;
+
+ if (i < j)
+ {
+ SWAP (&base[j], &base[i]);
+ }
+ }
+
+ if (j > pivot)
+ {
+ SWAP (&base[pivot], &base[j]);
+ pivot = j;
+ }
+ else if (i < pivot)
+ {
+ SWAP (&base[pivot], &base[i]);
+ pivot = i;
+ }
+ return pivot / size;
+}
+
+static void
+_gnutls_qsort (gnutls_session_t session, void *_base, size_t nmemb,
+ size_t size, int (*compar) (gnutls_session_t, const void *,
+ const void *))
+{
+ unsigned int pivot;
+ char *base = _base;
+ size_t snmemb = nmemb;
+
+#ifdef DEBUG
+ if (size > MAX_ELEM_SIZE)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("QSORT BUG\n");
+ exit (1);
+ }
+#endif
+
+ if (snmemb <= 1)
+ return;
+ pivot = _gnutls_partition (session, _base, nmemb, size, compar);
+
+ _gnutls_qsort (session, base, pivot < nmemb ? pivot + 1 : pivot, size,
+ compar);
+ _gnutls_qsort (session, &base[(pivot + 1) * size], nmemb - pivot - 1,
+ size, compar);
+}
+
+
+/* a compare function for KX algorithms (using priorities).
+ * For use with qsort
+ */
+static int
+_gnutls_compare_algo (gnutls_session_t session, const void *i_A1,
+ const void *i_A2)
+{
+ gnutls_kx_algorithm_t kA1 =
+ _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A1);
+ gnutls_kx_algorithm_t kA2 =
+ _gnutls_cipher_suite_get_kx_algo ((const cipher_suite_st *) i_A2);
+ gnutls_cipher_algorithm_t cA1 =
+ _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A1);
+ gnutls_cipher_algorithm_t cA2 =
+ _gnutls_cipher_suite_get_cipher_algo ((const cipher_suite_st *) i_A2);
+ gnutls_mac_algorithm_t mA1 =
+ _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A1);
+ gnutls_mac_algorithm_t mA2 =
+ _gnutls_cipher_suite_get_mac_algo ((const cipher_suite_st *) i_A2);
+
+ int p1 = (_gnutls_kx_priority (session, kA1) + 1) * 64;
+ int p2 = (_gnutls_kx_priority (session, kA2) + 1) * 64;
+ p1 += (_gnutls_cipher_priority (session, cA1) + 1) * 8;
+ p2 += (_gnutls_cipher_priority (session, cA2) + 1) * 8;
+ p1 += _gnutls_mac_priority (session, mA1);
+ p2 += _gnutls_mac_priority (session, mA2);
+
+ if (p1 > p2)
+ {
+ return 1;
+ }
+ else
+ {
+ if (p1 == p2)
+ {
+ return 0;
+ }
+ return -1;
+ }
+}
+
+#ifdef SORT_DEBUG
+static void
+_gnutls_bsort (gnutls_session_t session, void *_base, size_t nmemb,
+ size_t size, int (*compar) (gnutls_session_t, const void *,
+ const void *))
+{
+ unsigned int i, j;
+ int full = nmemb * size;
+ char *base = _base;
+ char tmp[MAX_ELEM_SIZE];
+
+ for (i = 0; i < full; i += size)
+ {
+ for (j = 0; j < full; j += size)
+ {
+ if (compar (session, &base[i], &base[j]) < 0)
+ {
+ SWAP (&base[j], &base[i]);
+ }
+ }
+ }
+
+}
+#endif
+
+int
+_gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
+ cipher_suite_st ** ciphers)
+{
+
+#ifdef SORT_DEBUG
+ unsigned int i;
+#endif
+ int count;
+
+ count = _gnutls_supported_ciphersuites (session, ciphers);
+ if (count <= 0)
+ {
+ gnutls_assert ();
+ return count;
+ }
+#ifdef SORT_DEBUG
+ _gnutls_debug_log ("Unsorted: \n");
+ for (i = 0; i < count; i++)
+ _gnutls_debug_log ("\t%d: %s\n", i,
+ _gnutls_cipher_suite_get_name ((*ciphers)[i]));
+#endif
+
+ _gnutls_qsort (session, *ciphers, count,
+ sizeof (cipher_suite_st), _gnutls_compare_algo);
+
+#ifdef SORT_DEBUG
+ _gnutls_debug_log ("Sorted: \n");
+ for (i = 0; i < count; i++)
+ _gnutls_debug_log ("\t%d: %s\n", i,
+ _gnutls_cipher_suite_get_name ((*ciphers)[i]));
+#endif
+
+ return count;
+}
+
+int
+_gnutls_supported_ciphersuites (gnutls_session_t session,
+ cipher_suite_st ** _ciphers)
+{
+
+ unsigned int i, ret_count, j;
+ unsigned int count = CIPHER_SUITES_COUNT;
+ cipher_suite_st *tmp_ciphers;
+ cipher_suite_st *ciphers;
+ gnutls_protocol_t version;
+
+ if (count == 0)
+ {
+ return 0;
+ }
+
+ tmp_ciphers = gnutls_malloc (count * sizeof (cipher_suite_st));
+ if (tmp_ciphers == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ciphers = gnutls_malloc (count * sizeof (cipher_suite_st));
+ if (ciphers == NULL)
+ {
+ gnutls_free (tmp_ciphers);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ version = gnutls_protocol_get_version (session);
+
+ for (i = 0; i < count; i++)
+ {
+ memcpy (&tmp_ciphers[i], &cs_algorithms[i].id,
+ sizeof (cipher_suite_st));
+ }
+
+ for (i = j = 0; i < count; i++)
+ {
+ /* remove private cipher suites, if requested.
+ */
+ if (tmp_ciphers[i].suite[0] == 0xFF &&
+ session->internals.enable_private == 0)
+ continue;
+
+ /* remove cipher suites which do not support the
+ * protocol version used.
+ */
+ if (_gnutls_cipher_suite_is_version_supported (&tmp_ciphers[i], version)
+ == 0)
+ continue;
+
+ if (_gnutls_kx_priority
+ (session, _gnutls_cipher_suite_get_kx_algo (&tmp_ciphers[i])) < 0)
+ continue;
+ if (_gnutls_mac_priority
+ (session, _gnutls_cipher_suite_get_mac_algo (&tmp_ciphers[i])) < 0)
+ continue;
+ if (_gnutls_cipher_priority
+ (session,
+ _gnutls_cipher_suite_get_cipher_algo (&tmp_ciphers[i])) < 0)
+ continue;
+
+ memcpy (&ciphers[j], &tmp_ciphers[i], sizeof (cipher_suite_st));
+ j++;
+ }
+
+ ret_count = j;
+
+#if 0 /* expensive */
+ if (ret_count > 0 && ret_count != count)
+ {
+ ciphers =
+ gnutls_realloc_fast (ciphers, ret_count * sizeof (cipher_suite_st));
+ }
+ else
+ {
+ if (ret_count != count)
+ {
+ gnutls_free (ciphers);
+ ciphers = NULL;
+ }
+ }
+#endif
+
+ gnutls_free (tmp_ciphers);
+
+ /* This function can no longer return 0 cipher suites.
+ * It returns an error code instead.
+ */
+ if (ret_count == 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ciphers);
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+ *_ciphers = ciphers;
+ return ret_count;
+}
+
+/**
+ * gnutls_certificate_type_get_name:
+ * @type: is a certificate type
+ *
+ * Convert a #gnutls_certificate_type_t type to a string.
+ *
+ * Returns: a string that contains the name of the specified
+ * certificate type, or %NULL in case of unknown types.
+ **/
+const char *
+gnutls_certificate_type_get_name (gnutls_certificate_type_t type)
+{
+ const char *ret = NULL;
+
+ if (type == GNUTLS_CRT_X509)
+ ret = "X.509";
+ if (type == GNUTLS_CRT_OPENPGP)
+ ret = "OPENPGP";
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_type_get_id:
+ * @name: is a certificate type name
+ *
+ * The names are compared in a case insensitive way.
+ *
+ * Returns: a #gnutls_certificate_type_t for the specified in a
+ * string certificate type, or %GNUTLS_CRT_UNKNOWN on error.
+ **/
+gnutls_certificate_type_t
+gnutls_certificate_type_get_id (const char *name)
+{
+ gnutls_certificate_type_t ret = GNUTLS_CRT_UNKNOWN;
+
+ if (strcasecmp (name, "X.509") == 0 || strcasecmp (name, "X509") == 0)
+ return GNUTLS_CRT_X509;
+ if (strcasecmp (name, "OPENPGP") == 0)
+ return GNUTLS_CRT_OPENPGP;
+
+ return ret;
+}
+
+static const gnutls_certificate_type_t supported_certificate_types[] = {
+ GNUTLS_CRT_X509,
+ GNUTLS_CRT_OPENPGP,
+ 0
+};
+
+/**
+ * gnutls_certificate_type_list:
+ *
+ * Get a list of certificate types. Note that to be able to use
+ * OpenPGP certificates, you must link to libgnutls-extra and call
+ * gnutls_global_init_extra().
+ *
+ * Returns: a zero-terminated list of #gnutls_certificate_type_t
+ * integers indicating the available certificate types.
+ **/
+const gnutls_certificate_type_t *
+gnutls_certificate_type_list (void)
+{
+ return supported_certificate_types;
+}
+
+/* returns the gnutls_pk_algorithm_t which is compatible with
+ * the given gnutls_kx_algorithm_t.
+ */
+gnutls_pk_algorithm_t
+_gnutls_map_pk_get_pk (gnutls_kx_algorithm_t kx_algorithm)
+{
+ gnutls_pk_algorithm_t ret = -1;
+
+ GNUTLS_PK_MAP_ALG_LOOP (ret = p->pk_algorithm) return ret;
+}
+
+/* Returns the encipher type for the given key exchange algorithm.
+ * That one of CIPHER_ENCRYPT, CIPHER_SIGN, CIPHER_IGN.
+ *
+ * ex. GNUTLS_KX_RSA requires a certificate able to encrypt... so returns CIPHER_ENCRYPT.
+ */
+enum encipher_type
+_gnutls_kx_encipher_type (gnutls_kx_algorithm_t kx_algorithm)
+{
+ int ret = CIPHER_IGN;
+ GNUTLS_PK_MAP_ALG_LOOP (ret = p->encipher_type) return ret;
+
+}
+
+/* signature algorithms;
+ */
+struct gnutls_sign_entry
+{
+ const char *name;
+ const char *oid;
+ gnutls_sign_algorithm_t id;
+ gnutls_pk_algorithm_t pk;
+ gnutls_mac_algorithm_t mac;
+ /* See RFC 5246 HashAlgorithm and SignatureAlgorithm
+ for values to use in aid struct. */
+ const sign_algorithm_st aid;
+};
+typedef struct gnutls_sign_entry gnutls_sign_entry;
+
+#define TLS_SIGN_AID_UNKNOWN {255, 255}
+static const sign_algorithm_st unknown_tls_aid = TLS_SIGN_AID_UNKNOWN;
+
+static const gnutls_sign_entry sign_algorithms[] = {
+ {"RSA-SHA1", SIG_RSA_SHA1_OID, GNUTLS_SIGN_RSA_SHA1, GNUTLS_PK_RSA,
+ GNUTLS_MAC_SHA1, {2, 1}},
+ {"RSA-SHA224", SIG_RSA_SHA224_OID, GNUTLS_SIGN_RSA_SHA224, GNUTLS_PK_RSA,
+ GNUTLS_MAC_SHA224, {3, 1}},
+ {"RSA-SHA256", SIG_RSA_SHA256_OID, GNUTLS_SIGN_RSA_SHA256, GNUTLS_PK_RSA,
+ GNUTLS_MAC_SHA256, {4, 1}},
+ {"RSA-SHA384", SIG_RSA_SHA384_OID, GNUTLS_SIGN_RSA_SHA384, GNUTLS_PK_RSA,
+ GNUTLS_MAC_SHA384, {5, 1}},
+ {"RSA-SHA512", SIG_RSA_SHA512_OID, GNUTLS_SIGN_RSA_SHA512, GNUTLS_PK_RSA,
+ GNUTLS_MAC_SHA512, {6, 1}},
+ {"RSA-RMD160", SIG_RSA_RMD160_OID, GNUTLS_SIGN_RSA_RMD160, GNUTLS_PK_RSA,
+ GNUTLS_MAC_RMD160, TLS_SIGN_AID_UNKNOWN},
+ {"DSA-SHA1", SIG_DSA_SHA1_OID, GNUTLS_SIGN_DSA_SHA1, GNUTLS_PK_DSA,
+ GNUTLS_MAC_SHA1, {2, 2}},
+ {"DSA-SHA224", SIG_DSA_SHA224_OID, GNUTLS_SIGN_DSA_SHA224, GNUTLS_PK_DSA,
+ GNUTLS_MAC_SHA224, {3, 2}},
+ {"DSA-SHA256", SIG_DSA_SHA256_OID, GNUTLS_SIGN_DSA_SHA256, GNUTLS_PK_DSA,
+ GNUTLS_MAC_SHA256, {4, 2}},
+ {"RSA-MD5", SIG_RSA_MD5_OID, GNUTLS_SIGN_RSA_MD5, GNUTLS_PK_RSA,
+ GNUTLS_MAC_MD5, {1, 1}},
+ {"RSA-MD2", SIG_RSA_MD2_OID, GNUTLS_SIGN_RSA_MD2, GNUTLS_PK_RSA,
+ GNUTLS_MAC_MD2, TLS_SIGN_AID_UNKNOWN},
+ {"GOST R 34.10-2001", SIG_GOST_R3410_2001_OID, 0, 0, 0,
+ TLS_SIGN_AID_UNKNOWN},
+ {"GOST R 34.10-94", SIG_GOST_R3410_94_OID, 0, 0, 0, TLS_SIGN_AID_UNKNOWN},
+ {0, 0, 0, 0, 0, TLS_SIGN_AID_UNKNOWN}
+};
+
+/* Keep the contents of this struct the same as the previous one. */
+static const gnutls_sign_algorithm_t supported_sign[] = {
+ GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_SIGN_RSA_SHA224,
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_RSA_RMD160,
+ GNUTLS_SIGN_DSA_SHA1,
+ GNUTLS_SIGN_DSA_SHA224,
+ GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_SIGN_RSA_MD5,
+ GNUTLS_SIGN_RSA_MD2,
+ 0
+};
+
+#define GNUTLS_SIGN_LOOP(b) \
+ do { \
+ const gnutls_sign_entry *p; \
+ for(p = sign_algorithms; p->name != NULL; p++) { b ; } \
+ } while (0)
+
+#define GNUTLS_SIGN_ALG_LOOP(a) \
+ GNUTLS_SIGN_LOOP( if(p->id && p->id == sign) { a; break; } )
+
+/**
+ * gnutls_sign_algorithm_get_name:
+ * @sign: is a sign algorithm
+ *
+ * Convert a #gnutls_sign_algorithm_t value to a string.
+ *
+ * Returns: a string that contains the name of the specified sign
+ * algorithm, or %NULL.
+ **/
+const char *
+gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_SIGN_ALG_LOOP (ret = p->name);
+
+ return ret;
+}
+
+/**
+ * gnutls_sign_list:
+ *
+ * Get a list of supported public key signature algorithms.
+ *
+ * Returns: a zero-terminated list of #gnutls_sign_algorithm_t
+ * integers indicating the available ciphers.
+ *
+ **/
+const gnutls_sign_algorithm_t *
+gnutls_sign_list (void)
+{
+ return supported_sign;
+}
+
+/**
+ * gnutls_sign_get_id:
+ * @name: is a MAC algorithm name
+ *
+ * The names are compared in a case insensitive way.
+ *
+ * Returns: return a #gnutls_sign_algorithm_t value corresponding to
+ * the specified cipher, or %GNUTLS_SIGN_UNKNOWN on error.
+ **/
+gnutls_sign_algorithm_t
+gnutls_sign_get_id (const char *name)
+{
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+
+ GNUTLS_SIGN_LOOP (if (strcasecmp (p->name, name) == 0) ret = p->id);
+
+ return ret;
+
+}
+
+/**
+ * gnutls_sign_get_name:
+ * @algorithm: is a public key signature algorithm
+ *
+ * Convert a #gnutls_sign_algorithm_t value to a string.
+ *
+ * Returns: a pointer to a string that contains the name of the
+ * specified public key signature algorithm, or %NULL.
+ *
+ * Since: 2.6.0
+ **/
+const char *
+gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm)
+{
+ const char *ret = "SIGN_UNKNOWN";
+
+ GNUTLS_SIGN_LOOP (if (p->id == algorithm) ret = p->name);
+
+ return ret;
+}
+
+gnutls_sign_algorithm_t
+_gnutls_x509_oid2sign_algorithm (const char *oid)
+{
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP (if (p->oid && strcmp (oid, p->oid) == 0)
+ {
+ ret = p->id; break;}
+ );
+
+ if (ret == 0)
+ {
+ _gnutls_x509_log ("Unknown SIGN OID: '%s'\n", oid);
+ return GNUTLS_SIGN_UNKNOWN;
+ }
+ return ret;
+}
+
+gnutls_sign_algorithm_t
+_gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk, gnutls_mac_algorithm_t mac)
+{
+ gnutls_sign_algorithm_t ret = 0;
+
+ GNUTLS_SIGN_LOOP (if (pk == p->pk && mac == p->mac)
+ {
+ ret = p->id; break;}
+ );
+
+ if (ret == 0)
+ return GNUTLS_SIGN_UNKNOWN;
+ return ret;
+}
+
+const char *
+_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t pk,
+ gnutls_mac_algorithm_t mac)
+{
+ gnutls_sign_algorithm_t sign;
+ const char *ret = NULL;
+
+ sign = _gnutls_x509_pk_to_sign (pk, mac);
+ if (sign == GNUTLS_SIGN_UNKNOWN)
+ return NULL;
+
+ GNUTLS_SIGN_ALG_LOOP (ret = p->oid);
+ return ret;
+}
+
+gnutls_mac_algorithm_t
+_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t sign)
+{
+ gnutls_mac_algorithm_t ret = GNUTLS_DIG_UNKNOWN;
+
+ GNUTLS_SIGN_ALG_LOOP (ret = p->mac);
+
+ return ret;
+}
+
+gnutls_pk_algorithm_t
+_gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t sign)
+{
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+
+ GNUTLS_SIGN_ALG_LOOP (ret = p->pk);
+
+ return ret;
+}
+
+gnutls_sign_algorithm_t
+_gnutls_tls_aid_to_sign (const sign_algorithm_st * aid)
+{
+ gnutls_sign_algorithm_t ret = GNUTLS_SIGN_UNKNOWN;
+
+ if (memcmp(aid, &unknown_tls_aid, sizeof(aid))==0)
+ return ret;
+
+ GNUTLS_SIGN_LOOP (if (p->aid.hash_algorithm == aid->hash_algorithm
+ && p->aid.sign_algorithm == aid->sign_algorithm)
+ {
+ ret = p->id; break;
+ }
+ );
+
+
+ return ret;
+}
+
+/* Returns NULL if a valid AID is not found
+ */
+const sign_algorithm_st*
+_gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign)
+{
+ const sign_algorithm_st * ret = NULL;
+
+ GNUTLS_SIGN_ALG_LOOP (ret = &p->aid);
+
+ if (ret != NULL && memcmp(ret, &unknown_tls_aid, sizeof(*ret))==0)
+ return NULL;
+
+ return ret;
+}
+
+
+
+/* pk algorithms;
+ */
+struct gnutls_pk_entry
+{
+ const char *name;
+ const char *oid;
+ gnutls_pk_algorithm_t id;
+};
+typedef struct gnutls_pk_entry gnutls_pk_entry;
+
+static const gnutls_pk_entry pk_algorithms[] = {
+ /* having duplicate entries is ok, as long as the one
+ * we want to return OID from is first */
+ {"UNKNOWN", NULL, GNUTLS_PK_UNKNOWN},
+ {"RSA", PK_PKIX1_RSA_OID, GNUTLS_PK_RSA},
+ {"RSA (X.509)", PK_X509_RSA_OID, GNUTLS_PK_RSA}, /* some certificates use this OID for RSA */
+ {"RSA (MD5)", SIG_RSA_MD5_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with MD5 as an indicator of RSA */
+ {"RSA (SHA1)", SIG_RSA_SHA1_OID, GNUTLS_PK_RSA}, /* some other broken certificates set RSA with SHA1 as an indicator of RSA */
+ {"DSA", PK_DSA_OID, GNUTLS_PK_DSA},
+ {"GOST R 34.10-2001", PK_GOST_R3410_2001_OID, GNUTLS_PK_UNKNOWN},
+ {"GOST R 34.10-94", PK_GOST_R3410_94_OID, GNUTLS_PK_UNKNOWN},
+ {0, 0, 0}
+};
+
+/**
+ * gnutls_pk_algorithm_get_name:
+ * @algorithm: is a pk algorithm
+ *
+ * Convert a #gnutls_pk_algorithm_t value to a string.
+ *
+ * Returns: a string that contains the name of the specified public
+ * key algorithm, or %NULL.
+ **/
+const char *
+gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm)
+{
+ const char *ret = NULL;
+ const gnutls_pk_entry *p;
+
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->id == algorithm)
+ {
+ ret = p->name;
+ break;
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_pk_list:
+ *
+ * Get a list of supported public key algorithms.
+ *
+ * Returns: a zero-terminated list of #gnutls_pk_algorithm_t integers
+ * indicating the available ciphers.
+ *
+ * Since: 2.6.0
+ **/
+const gnutls_pk_algorithm_t *
+gnutls_pk_list (void)
+{
+ static const gnutls_pk_algorithm_t supported_pks[] = {
+ GNUTLS_PK_RSA,
+ GNUTLS_PK_DSA,
+ /* GNUTLS_PK_DH is not returned because it is not
+ * a real public key algorithm. I.e. cannot be used
+ * as a public key algorithm of a certificate.
+ */
+ 0
+ };
+
+ return supported_pks;
+}
+
+/**
+ * gnutls_pk_get_id:
+ * @name: is a string containing a public key algorithm name.
+ *
+ * Convert a string to a #gnutls_pk_algorithm_t value. The names are
+ * compared in a case insensitive way. For example,
+ * gnutls_pk_get_id("RSA") will return %GNUTLS_PK_RSA.
+ *
+ * Returns: a #gnutls_pk_algorithm_t id of the specified public key
+ * algorithm string, or %GNUTLS_PK_UNKNOWN on failures.
+ *
+ * Since: 2.6.0
+ **/
+gnutls_pk_algorithm_t
+gnutls_pk_get_id (const char *name)
+{
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
+
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (name && strcmp (p->name, name) == 0)
+ {
+ ret = p->id;
+ break;
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_pk_get_name:
+ * @algorithm: is a public key algorithm
+ *
+ * Convert a #gnutls_pk_algorithm_t value to a string.
+ *
+ * Returns: a pointer to a string that contains the name of the
+ * specified public key algorithm, or %NULL.
+ *
+ * Since: 2.6.0
+ **/
+const char *
+gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm)
+{
+ const char *ret = "Unknown";
+ const gnutls_pk_entry *p;
+
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (algorithm == p->id)
+ {
+ ret = p->name;
+ break;
+ }
+
+ return ret;
+}
+
+gnutls_pk_algorithm_t
+_gnutls_x509_oid2pk_algorithm (const char *oid)
+{
+ gnutls_pk_algorithm_t ret = GNUTLS_PK_UNKNOWN;
+ const gnutls_pk_entry *p;
+
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->oid && strcmp (p->oid, oid) == 0)
+ {
+ ret = p->id;
+ break;
+ }
+
+ return ret;
+}
+
+const char *
+_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t algorithm)
+{
+ const char *ret = NULL;
+ const gnutls_pk_entry *p;
+
+ for (p = pk_algorithms; p->name != NULL; p++)
+ if (p->id == algorithm)
+ {
+ ret = p->oid;
+ break;
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_sec_param_to_pk_bits:
+ * @algo: is a public key algorithm
+ * @param: is a security parameter
+ *
+ * When generating private and public key pairs a difficult question
+ * is which size of "bits" the modulus will be in RSA and the group size
+ * in DSA. The easy answer is 1024, which is also wrong. This function
+ * will convert a human understandable security parameter to an
+ * appropriate size for the specific algorithm.
+ *
+ * Returns: The number of bits, or zero.
+ *
+ **/
+unsigned int
+gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
+ gnutls_sec_param_t param)
+{
+ unsigned int ret = 0;
+
+ /* handle DSA differently */
+ if (algo == GNUTLS_PK_DSA)
+ {
+ GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
+ {
+ ret = p->dsa_bits; break;}
+ );
+ return ret;
+ }
+
+ GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
+ {
+ ret = p->pk_bits; break;}
+ );
+
+ return ret;
+}
+
+/* Returns the corresponding size for subgroup bits (q),
+ * given the group bits (p).
+ */
+unsigned int
+_gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits)
+{
+ unsigned int ret = 0;
+
+ GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits >= pk_bits)
+ {
+ ret = p->subgroup_bits; break;}
+ );
+
+ return ret;
+}
+
+/**
+ * gnutls_sec_param_get_name:
+ * @param: is a security parameter
+ *
+ * Convert a #gnutls_sec_param_t value to a string.
+ *
+ * Returns: a pointer to a string that contains the name of the
+ * specified public key algorithm, or %NULL.
+ *
+ **/
+const char *
+gnutls_sec_param_get_name (gnutls_sec_param_t param)
+{
+ const char *ret = "Unknown";
+
+ GNUTLS_SEC_PARAM_LOOP (if (p->sec_param == param)
+ {
+ ret = p->name; break;}
+ );
+
+ return ret;
+}
+
+/**
+ * gnutls_pk_bits_to_sec_param:
+ * @algo: is a public key algorithm
+ * @bits: is the number of bits
+ *
+ * This is the inverse of gnutls_sec_param_to_pk_bits(). Given an algorithm
+ * and the number of bits, it will return the security parameter. This is
+ * a rough indication.
+ *
+ * Returns: The security parameter.
+ *
+ **/
+gnutls_sec_param_t
+gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo, unsigned int bits)
+{
+ gnutls_sec_param_t ret = GNUTLS_SEC_PARAM_WEAK;
+
+ GNUTLS_SEC_PARAM_LOOP (if (p->pk_bits > bits)
+ {
+ break;}
+ ret = p->sec_param;);
+
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef ALGORITHMS_H
+#define ALGORITHMS_H
+
+#include "gnutls_auth.h"
+
+#define GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR 0x00
+#define GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR 0xFF
+
+/* Functions for version handling. */
+gnutls_protocol_t _gnutls_version_lowest (gnutls_session_t session);
+gnutls_protocol_t _gnutls_version_max (gnutls_session_t session);
+int _gnutls_version_priority (gnutls_session_t session,
+ gnutls_protocol_t version);
+int _gnutls_version_is_supported (gnutls_session_t session,
+ const gnutls_protocol_t version);
+int _gnutls_version_get_major (gnutls_protocol_t ver);
+int _gnutls_version_get_minor (gnutls_protocol_t ver);
+gnutls_protocol_t _gnutls_version_get (int major, int minor);
+
+/* Functions for feature checks */
+int _gnutls_version_has_selectable_prf (gnutls_protocol_t version);
+int _gnutls_version_has_selectable_sighash (gnutls_protocol_t version);
+int _gnutls_version_has_extensions (gnutls_protocol_t version);
+int _gnutls_version_has_explicit_iv (gnutls_protocol_t version);
+int _gnutls_version_has_variable_padding (gnutls_protocol_t version);
+
+/* Functions for MACs. */
+int _gnutls_mac_is_ok (gnutls_mac_algorithm_t algorithm);
+gnutls_mac_algorithm_t _gnutls_x509_oid2mac_algorithm (const char *oid);
+const char *_gnutls_x509_mac_to_oid (gnutls_mac_algorithm_t mac);
+
+/* Functions for cipher suites. */
+int _gnutls_supported_ciphersuites (gnutls_session_t session,
+ cipher_suite_st ** ciphers);
+int _gnutls_supported_ciphersuites_sorted (gnutls_session_t session,
+ cipher_suite_st ** ciphers);
+const char *_gnutls_cipher_suite_get_name (cipher_suite_st * algorithm);
+gnutls_cipher_algorithm_t _gnutls_cipher_suite_get_cipher_algo (const
+ cipher_suite_st
+ * algorithm);
+gnutls_kx_algorithm_t _gnutls_cipher_suite_get_kx_algo (const cipher_suite_st
+ * algorithm);
+gnutls_mac_algorithm_t _gnutls_cipher_suite_get_mac_algo (const
+ cipher_suite_st *
+ algorithm);
+gnutls_protocol_t _gnutls_cipher_suite_is_version_supported (const
+ cipher_suite_st *
+ algorithm,
+ gnutls_protocol_t);
+cipher_suite_st _gnutls_cipher_suite_get_suite_name (cipher_suite_st *
+ algorithm);
+
+/* Functions for ciphers. */
+int _gnutls_cipher_is_block (gnutls_cipher_algorithm_t algorithm);
+int _gnutls_cipher_is_ok (gnutls_cipher_algorithm_t algorithm);
+int _gnutls_cipher_get_iv_size (gnutls_cipher_algorithm_t algorithm);
+int _gnutls_cipher_get_export_flag (gnutls_cipher_algorithm_t algorithm);
+
+/* Functions for key exchange. */
+int _gnutls_kx_needs_dh_params (gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_needs_rsa_params (gnutls_kx_algorithm_t algorithm);
+mod_auth_st *_gnutls_kx_auth_struct (gnutls_kx_algorithm_t algorithm);
+int _gnutls_kx_is_ok (gnutls_kx_algorithm_t algorithm);
+
+/* Type to KX mappings. */
+gnutls_kx_algorithm_t _gnutls_map_kx_get_kx (gnutls_credentials_type_t type,
+ int server);
+gnutls_credentials_type_t _gnutls_map_kx_get_cred (gnutls_kx_algorithm_t
+ algorithm, int server);
+
+/* KX to PK mapping. */
+gnutls_pk_algorithm_t _gnutls_map_pk_get_pk (gnutls_kx_algorithm_t
+ kx_algorithm);
+gnutls_pk_algorithm_t _gnutls_x509_oid2pk_algorithm (const char *oid);
+const char *_gnutls_x509_pk_to_oid (gnutls_pk_algorithm_t pk);
+
+enum encipher_type
+{ CIPHER_ENCRYPT = 0, CIPHER_SIGN = 1, CIPHER_IGN };
+
+enum encipher_type _gnutls_kx_encipher_type (gnutls_kx_algorithm_t algorithm);
+
+/* Functions for sign algorithms. */
+gnutls_sign_algorithm_t _gnutls_x509_oid2sign_algorithm (const char *oid);
+gnutls_sign_algorithm_t _gnutls_x509_pk_to_sign (gnutls_pk_algorithm_t pk,
+ gnutls_mac_algorithm_t mac);
+gnutls_pk_algorithm_t _gnutls_x509_sign_to_pk (gnutls_sign_algorithm_t sign);
+const char *_gnutls_x509_sign_to_oid (gnutls_pk_algorithm_t,
+ gnutls_mac_algorithm_t mac);
+gnutls_sign_algorithm_t _gnutls_tls_aid_to_sign (const sign_algorithm_st *
+ aid);
+const sign_algorithm_st* _gnutls_sign_to_tls_aid (gnutls_sign_algorithm_t sign);
+gnutls_mac_algorithm_t
+_gnutls_sign_get_hash_algorithm (gnutls_sign_algorithm_t);
+gnutls_pk_algorithm_t _gnutls_sign_get_pk_algorithm (gnutls_sign_algorithm_t);
+
+int _gnutls_mac_priority (gnutls_session_t session,
+ gnutls_mac_algorithm_t algorithm);
+int _gnutls_cipher_priority (gnutls_session_t session,
+ gnutls_cipher_algorithm_t algorithm);
+int _gnutls_kx_priority (gnutls_session_t session,
+ gnutls_kx_algorithm_t algorithm);
+
+unsigned int _gnutls_pk_bits_to_subgroup_bits (unsigned int pk_bits);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "gnutls_int.h"
+
+#ifdef ENABLE_ANON
+
+#include "gnutls_errors.h"
+#include "auth_anon.h"
+#include "gnutls_auth.h"
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "gnutls_mpi.h"
+
+/**
+ * gnutls_anon_free_server_credentials:
+ * @sc: is a #gnutls_anon_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ **/
+void
+gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc)
+{
+
+ gnutls_free (sc);
+}
+
+/**
+ * gnutls_anon_allocate_server_credentials:
+ * @sc: is a pointer to a #gnutls_anon_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t *
+ sc)
+{
+
+ *sc = gnutls_calloc (1, sizeof (anon_server_credentials_st));
+
+ return 0;
+}
+
+
+/**
+ * gnutls_anon_free_client_credentials:
+ * @sc: is a #gnutls_anon_client_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ **/
+void
+gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc)
+{
+}
+
+static struct gnutls_anon_client_credentials_st anon_dummy_struct;
+static const gnutls_anon_client_credentials_t anon_dummy = &anon_dummy_struct;
+
+/**
+ * gnutls_anon_allocate_client_credentials:
+ * @sc: is a pointer to a #gnutls_anon_client_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus
+ * this helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t *
+ sc)
+{
+ /* anon_dummy is only there for *sc not to be null.
+ * it is not used at all;
+ */
+ *sc = anon_dummy;
+
+ return 0;
+}
+
+/**
+ * gnutls_anon_set_server_dh_params:
+ * @res: is a gnutls_anon_server_credentials_t structure
+ * @dh_params: is a structure that holds Diffie-Hellman parameters.
+ *
+ * This function will set the Diffie-Hellman parameters for an
+ * anonymous server to use. These parameters will be used in
+ * Anonymous Diffie-Hellman cipher suites.
+ **/
+void
+gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
+ gnutls_dh_params_t dh_params)
+{
+ res->dh_params = dh_params;
+}
+
+/**
+ * gnutls_anon_set_server_params_function:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @func: is the function to be called
+ *
+ * This function will set a callback in order for the server to get
+ * the Diffie-Hellman parameters for anonymous authentication. The
+ * callback should return zero on success.
+ **/
+void
+gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t res,
+ gnutls_params_function * func)
+{
+ res->params_func = func;
+}
+
+#endif
--- /dev/null
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <libtasn1.h>
+
+const ASN1_ARRAY_TYPE gnutls_asn1_tab[] = {
+ { "GNUTLS", 536872976, NULL },
+ { NULL, 1073741836, NULL },
+ { "RSAPublicKey", 1610612741, NULL },
+ { "modulus", 1073741827, NULL },
+ { "publicExponent", 3, NULL },
+ { "RSAPrivateKey", 1610612741, NULL },
+ { "version", 1073741826, "Version"},
+ { "modulus", 1073741827, NULL },
+ { "publicExponent", 1073741827, NULL },
+ { "privateExponent", 1073741827, NULL },
+ { "prime1", 1073741827, NULL },
+ { "prime2", 1073741827, NULL },
+ { "exponent1", 1073741827, NULL },
+ { "exponent2", 1073741827, NULL },
+ { "coefficient", 1073741827, NULL },
+ { "otherPrimeInfos", 16386, "OtherPrimeInfos"},
+ { "Version", 1610874883, NULL },
+ { "two-prime", 1073741825, "0"},
+ { "multi", 1, "1"},
+ { "OtherPrimeInfos", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "OtherPrimeInfo"},
+ { "OtherPrimeInfo", 1610612741, NULL },
+ { "prime", 1073741827, NULL },
+ { "exponent", 1073741827, NULL },
+ { "coefficient", 3, NULL },
+ { "AlgorithmIdentifier", 1610612741, NULL },
+ { "algorithm", 1073741836, NULL },
+ { "parameters", 541081613, NULL },
+ { "algorithm", 1, NULL },
+ { "DigestInfo", 1610612741, NULL },
+ { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
+ { "digest", 2, "Digest"},
+ { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ { "Digest", 1073741831, NULL },
+ { "DSAPublicKey", 1073741827, NULL },
+ { "DSAParameters", 1610612741, NULL },
+ { "p", 1073741827, NULL },
+ { "q", 1073741827, NULL },
+ { "g", 3, NULL },
+ { "DSASignatureValue", 1610612741, NULL },
+ { "r", 1073741827, NULL },
+ { "s", 3, NULL },
+ { "DSAPrivateKey", 1610612741, NULL },
+ { "version", 1073741827, NULL },
+ { "p", 1073741827, NULL },
+ { "q", 1073741827, NULL },
+ { "g", 1073741827, NULL },
+ { "Y", 1073741827, NULL },
+ { "priv", 3, NULL },
+ { "DHParameter", 536870917, NULL },
+ { "prime", 1073741827, NULL },
+ { "base", 1073741827, NULL },
+ { "privateValueLength", 16387, NULL },
+ { NULL, 0, NULL }
+};
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_auth.h"
+#include "gnutls_auth.h"
+#include "gnutls_algorithms.h"
+#include "auth_cert.h"
+#include "auth_psk.h"
+#include <gnutls_datum.h>
+
+#include "auth_anon.h"
+/* The functions here are used in order for authentication algorithms
+ * to be able to retrieve the needed credentials eg public and private
+ * key etc.
+ */
+
+/**
+ * gnutls_credentials_clear:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Clears all the credentials previously set in this session.
+ **/
+void
+gnutls_credentials_clear (gnutls_session_t session)
+{
+ if (session->key && session->key->cred)
+ { /* beginning of the list */
+ auth_cred_st *ccred, *ncred;
+ ccred = session->key->cred;
+ while (ccred != NULL)
+ {
+ ncred = ccred->next;
+ gnutls_free (ccred);
+ ccred = ncred;
+ }
+ session->key->cred = NULL;
+ }
+}
+
+/*
+ * This creates a linked list of the form:
+ * { algorithm, credentials, pointer to next }
+ */
+/**
+ * gnutls_credentials_set:
+ * @session: is a #gnutls_session_t structure.
+ * @type: is the type of the credentials
+ * @cred: is a pointer to a structure.
+ *
+ * Sets the needed credentials for the specified type. Eg username,
+ * password - or public and private keys etc. The @cred parameter is
+ * a structure that depends on the specified type and on the current
+ * session (client or server).
+ *
+ * In order to minimize memory usage, and share credentials between
+ * several threads gnutls keeps a pointer to cred, and not the whole
+ * cred structure. Thus you will have to keep the structure allocated
+ * until you call gnutls_deinit().
+ *
+ * For %GNUTLS_CRD_ANON, @cred should be
+ * #gnutls_anon_client_credentials_t in case of a client. In case of
+ * a server it should be #gnutls_anon_server_credentials_t.
+ *
+ * For %GNUTLS_CRD_SRP, @cred should be #gnutls_srp_client_credentials_t
+ * in case of a client, and #gnutls_srp_server_credentials_t, in case
+ * of a server.
+ *
+ * For %GNUTLS_CRD_CERTIFICATE, @cred should be
+ * #gnutls_certificate_credentials_t.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_credentials_set (gnutls_session_t session,
+ gnutls_credentials_type_t type, void *cred)
+{
+ auth_cred_st *ccred = NULL, *pcred = NULL;
+ int exists = 0;
+
+ if (session->key->cred == NULL)
+ { /* beginning of the list */
+
+ session->key->cred = gnutls_malloc (sizeof (auth_cred_st));
+ if (session->key->cred == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ /* copy credentials locally */
+ session->key->cred->credentials = cred;
+
+ session->key->cred->next = NULL;
+ session->key->cred->algorithm = type;
+ }
+ else
+ {
+ ccred = session->key->cred;
+ while (ccred != NULL)
+ {
+ if (ccred->algorithm == type)
+ {
+ exists = 1;
+ break;
+ }
+ pcred = ccred;
+ ccred = ccred->next;
+ }
+ /* After this, pcred is not null.
+ */
+
+ if (exists == 0)
+ { /* new entry */
+ pcred->next = gnutls_malloc (sizeof (auth_cred_st));
+ if (pcred->next == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ccred = pcred->next;
+
+ /* copy credentials locally */
+ ccred->credentials = cred;
+
+ ccred->next = NULL;
+ ccred->algorithm = type;
+ }
+ else
+ { /* modify existing entry */
+ ccred->credentials = cred;
+ }
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_auth_get_type:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns type of credentials for the current authentication schema.
+ * The returned information is to be used to distinguish the function used
+ * to access authentication data.
+ *
+ * Eg. for CERTIFICATE ciphersuites (key exchange algorithms:
+ * %GNUTLS_KX_RSA, %GNUTLS_KX_DHE_RSA), the same function are to be
+ * used to access the authentication data.
+ *
+ * Returns: The type of credentials for the current authentication
+ * schema, a #gnutls_credentials_type_t type.
+ **/
+gnutls_credentials_type_t
+gnutls_auth_get_type (gnutls_session_t session)
+{
+/* This is not the credentials we must set, but the authentication data
+ * we get by the peer, so it should be reversed.
+ */
+ int server = session->security_parameters.entity == GNUTLS_SERVER ? 0 : 1;
+
+ return
+ _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite),
+ server);
+}
+
+/**
+ * gnutls_auth_server_get_type:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns the type of credentials that were used for server authentication.
+ * The returned information is to be used to distinguish the function used
+ * to access authentication data.
+ *
+ * Returns: The type of credentials for the server authentication
+ * schema, a #gnutls_credentials_type_t type.
+ **/
+gnutls_credentials_type_t
+gnutls_auth_server_get_type (gnutls_session_t session)
+{
+ return
+ _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite), 1);
+}
+
+/**
+ * gnutls_auth_client_get_type:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Returns the type of credentials that were used for client authentication.
+ * The returned information is to be used to distinguish the function used
+ * to access authentication data.
+ *
+ * Returns: The type of credentials for the client authentication
+ * schema, a #gnutls_credentials_type_t type.
+ **/
+gnutls_credentials_type_t
+gnutls_auth_client_get_type (gnutls_session_t session)
+{
+ return
+ _gnutls_map_kx_get_cred (_gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite), 0);
+}
+
+
+/*
+ * This returns a pointer to the linked list. Don't
+ * free that!!!
+ */
+const void *
+_gnutls_get_kx_cred (gnutls_session_t session,
+ gnutls_kx_algorithm_t algo, int *err)
+{
+ int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
+
+ return _gnutls_get_cred (session->key,
+ _gnutls_map_kx_get_cred (algo, server), err);
+}
+
+const void *
+_gnutls_get_cred (gnutls_key_st key, gnutls_credentials_type_t type, int *err)
+{
+ const void *retval = NULL;
+ int _err = -1;
+ auth_cred_st *ccred;
+
+ if (key == NULL)
+ goto out;
+
+ ccred = key->cred;
+ while (ccred != NULL)
+ {
+ if (ccred->algorithm == type)
+ {
+ break;
+ }
+ ccred = ccred->next;
+ }
+ if (ccred == NULL)
+ goto out;
+
+ _err = 0;
+ retval = ccred->credentials;
+
+out:
+ if (err != NULL)
+ *err = _err;
+ return retval;
+}
+
+/*-
+ * _gnutls_get_auth_info - Returns a pointer to authentication information.
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function must be called after a successful gnutls_handshake().
+ * Returns a pointer to authentication information. That information
+ * is data obtained by the handshake protocol, the key exchange algorithm,
+ * and the TLS extensions messages.
+ *
+ * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t;
+ * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t;
+ * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t;
+ -*/
+void *
+_gnutls_get_auth_info (gnutls_session_t session)
+{
+ return session->key->auth_info;
+}
+
+/*-
+ * _gnutls_free_auth_info - Frees the auth info structure
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function frees the auth info structure and sets it to
+ * null. It must be called since some structures contain malloced
+ * elements.
+ -*/
+void
+_gnutls_free_auth_info (gnutls_session_t session)
+{
+ dh_info_st *dh_info;
+ rsa_info_st *rsa_info;
+
+ if (session == NULL || session->key == NULL)
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ switch (session->key->auth_info_type)
+ {
+ case GNUTLS_CRD_SRP:
+ break;
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info = _gnutls_get_auth_info (session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ _gnutls_free_dh_info (dh_info);
+ }
+ break;
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info = _gnutls_get_auth_info (session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ _gnutls_free_dh_info (dh_info);
+ }
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ unsigned int i;
+ cert_auth_info_t info = _gnutls_get_auth_info (session);
+
+ if (info == NULL)
+ break;
+
+ dh_info = &info->dh;
+ rsa_info = &info->rsa_export;
+ for (i = 0; i < info->ncerts; i++)
+ {
+ _gnutls_free_datum (&info->raw_certificate_list[i]);
+ }
+
+ gnutls_free (info->raw_certificate_list);
+ info->raw_certificate_list = NULL;
+ info->ncerts = 0;
+
+ _gnutls_free_dh_info (dh_info);
+ _gnutls_free_rsa_info (rsa_info);
+ }
+
+
+ break;
+ default:
+ return;
+
+ }
+
+ gnutls_free (session->key->auth_info);
+ session->key->auth_info = NULL;
+ session->key->auth_info_size = 0;
+ session->key->auth_info_type = 0;
+
+}
+
+/* This function will set the auth info structure in the key
+ * structure.
+ * If allow change is !=0 then this will allow changing the auth
+ * info structure to a different type.
+ */
+int
+_gnutls_auth_info_set (gnutls_session_t session,
+ gnutls_credentials_type_t type, int size,
+ int allow_change)
+{
+ if (session->key->auth_info == NULL)
+ {
+ session->key->auth_info = gnutls_calloc (1, size);
+ if (session->key->auth_info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ session->key->auth_info_type = type;
+ session->key->auth_info_size = size;
+ }
+ else
+ {
+ if (allow_change == 0)
+ {
+ /* If the credentials for the current authentication scheme,
+ * are not the one we want to set, then it's an error.
+ * This may happen if a rehandshake is performed an the
+ * ciphersuite which is negotiated has different authentication
+ * schema.
+ */
+ if (gnutls_auth_get_type (session) != session->key->auth_info_type)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+ else
+ {
+ /* The new behaviour: Here we reallocate the auth info structure
+ * in order to be able to negotiate different authentication
+ * types. Ie. perform an auth_anon and then authenticate again using a
+ * certificate (in order to prevent revealing the certificate's contents,
+ * to passive eavesdropers.
+ */
+ if (gnutls_auth_get_type (session) != session->key->auth_info_type)
+ {
+
+ _gnutls_free_auth_info (session);
+
+ session->key->auth_info = calloc (1, size);
+ if (session->key->auth_info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->key->auth_info_type = type;
+ session->key->auth_info_size = size;
+ }
+ }
+ }
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_AUTH_H
+#define GNUTLS_AUTH_H
+
+typedef struct mod_auth_st_int
+{
+ const char *name; /* null terminated */
+ int (*gnutls_generate_server_certificate) (gnutls_session_t, opaque **);
+ int (*gnutls_generate_client_certificate) (gnutls_session_t, opaque **);
+ int (*gnutls_generate_server_kx) (gnutls_session_t, opaque **);
+ int (*gnutls_generate_client_kx) (gnutls_session_t, opaque **); /* used in SRP */
+ int (*gnutls_generate_client_cert_vrfy) (gnutls_session_t, opaque **);
+ int (*gnutls_generate_server_certificate_request) (gnutls_session_t,
+ opaque **);
+
+ int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *,
+ size_t);
+ int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *,
+ size_t);
+ int (*gnutls_process_server_kx) (gnutls_session_t, opaque *, size_t);
+ int (*gnutls_process_client_kx) (gnutls_session_t, opaque *, size_t);
+ int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, size_t);
+ int (*gnutls_process_server_certificate_request) (gnutls_session_t,
+ opaque *, size_t);
+} mod_auth_st;
+
+const void *_gnutls_get_cred (gnutls_key_st key,
+ gnutls_credentials_type_t kx, int *err);
+const void *_gnutls_get_kx_cred (gnutls_session_t session,
+ gnutls_kx_algorithm_t algo, int *err);
+void *_gnutls_get_auth_info (gnutls_session_t session);
+int _gnutls_auth_info_set (gnutls_session_t session,
+ gnutls_credentials_type_t type, int size,
+ int allow_change);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This is the only file that uses the berkeley sockets API.
+ *
+ * Also holds all the buffering code used in gnutls.
+ * The buffering code works as:
+ *
+ * RECORD LAYER:
+ * 1. uses a buffer to hold data (application/handshake),
+ * we got but they were not requested, yet.
+ * (see gnutls_record_buffer_put(), gnutls_record_buffer_get_size() etc.)
+ *
+ * 2. uses a buffer to hold data that were incomplete (ie the read/write
+ * was interrupted)
+ * (see _gnutls_io_read_buffered(), _gnutls_io_write_buffered() etc.)
+ *
+ * HANDSHAKE LAYER:
+ * 1. Uses a buffer to hold data that was not sent or received
+ * complete. (E.g. sent 10 bytes of a handshake packet that is 20 bytes
+ * long).
+ * (see _gnutls_handshake_send_int(), _gnutls_handshake_recv_int())
+ *
+ * 2. Uses buffer to hold the last received handshake message.
+ * (see _gnutls_handshake_buffer_put() etc.)
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <gnutls_record.h>
+#include <gnutls_buffers.h>
+#include <gnutls_mbuffers.h>
+#include <system.h>
+
+#include <errno.h>
+
+#ifndef EAGAIN
+#define EAGAIN EWOULDBLOCK
+#endif
+
+/* this is the maximum number of messages allowed to queue.
+ */
+#define MAX_QUEUE 16
+
+/**
+ * gnutls_transport_set_errno:
+ * @session: is a #gnutls_session_t structure.
+ * @err: error value to store in session-specific errno variable.
+ *
+ * Store @err in the session-specific errno variable. Useful values
+ * for @err is EAGAIN and EINTR, other values are treated will be
+ * treated as real errors in the push/pull function.
+ *
+ * This function is useful in replacement push/pull functions set by
+ * gnutls_transport_set_push_function and
+ * gnutls_transport_set_pullpush_function under Windows, where the
+ * replacement push/pull may not have access to the same @errno
+ * variable that is used by GnuTLS (e.g., the application is linked to
+ * msvcr71.dll and gnutls is linked to msvcrt.dll).
+ *
+ * If you don't have the @session variable easily accessible from the
+ * push/pull function, and don't worry about thread conflicts, you can
+ * also use gnutls_transport_set_global_errno().
+ **/
+void
+gnutls_transport_set_errno (gnutls_session_t session, int err)
+{
+ session->internals.errnum = err;
+}
+
+/**
+ * gnutls_transport_set_global_errno:
+ * @err: error value to store in global errno variable.
+ *
+ * Store @err in the global errno variable. Useful values for @err is
+ * EAGAIN and EINTR, other values are treated will be treated as real
+ * errors in the push/pull function.
+ *
+ * This function is useful in replacement push/pull functions set by
+ * gnutls_transport_set_push_function and
+ * gnutls_transport_set_pullpush_function under Windows, where the
+ * replacement push/pull may not have access to the same @errno
+ * variable that is used by GnuTLS (e.g., the application is linked to
+ * msvcr71.dll and gnutls is linked to msvcrt.dll).
+ *
+ * Whether this function is thread safe or not depends on whether the
+ * global variable errno is thread safe, some system libraries make it
+ * a thread-local variable. When feasible, using the guaranteed
+ * thread-safe gnutls_transport_set_errno() may be better.
+ **/
+void
+gnutls_transport_set_global_errno (int err)
+{
+ errno = err;
+}
+
+/* Buffers received packets of type APPLICATION DATA and
+ * HANDSHAKE DATA.
+ */
+int
+_gnutls_record_buffer_put (content_type_t type,
+ gnutls_session_t session, opaque * data,
+ size_t length)
+{
+ gnutls_buffer_st *buf;
+
+ if (length == 0)
+ return 0;
+
+ switch (type)
+ {
+ case GNUTLS_APPLICATION_DATA:
+ buf = &session->internals.application_data_buffer;
+ _gnutls_buffers_log ("BUF[REC]: Inserted %d bytes of Data(%d)\n",
+ (int) length, (int) type);
+ break;
+
+ case GNUTLS_HANDSHAKE:
+ buf = &session->internals.handshake_data_buffer;
+ _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data(%d)\n",
+ (int) length, (int) type);
+ break;
+
+ case GNUTLS_INNER_APPLICATION:
+ buf = &session->internals.ia_data_buffer;
+ _gnutls_buffers_log ("BUF[IA]: Inserted %d bytes of Data(%d)\n",
+ (int) length, (int) type);
+ break;
+
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (_gnutls_buffer_append_data (buf, data, length) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_record_buffer_get_size (content_type_t type, gnutls_session_t session)
+{
+ switch (type)
+ {
+ case GNUTLS_APPLICATION_DATA:
+ return session->internals.application_data_buffer.length;
+
+ case GNUTLS_HANDSHAKE:
+ return session->internals.handshake_data_buffer.length;
+
+ case GNUTLS_INNER_APPLICATION:
+ return session->internals.ia_data_buffer.length;
+
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+}
+
+/**
+ * gnutls_record_check_pending:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function checks if there are any data to receive in the gnutls
+ * buffers.
+ *
+ * Note that you could also use select() to check for data in a TCP
+ * connection, instead of this function. GnuTLS leaves some data in
+ * the tcp buffer in order for select to work. However the select()
+ * alternative is not recommended and will be deprecated in later
+ * GnuTLS revisions.
+ *
+ * Returns: the size of that data or 0.
+ **/
+size_t
+gnutls_record_check_pending (gnutls_session_t session)
+{
+ return _gnutls_record_buffer_get_size (GNUTLS_APPLICATION_DATA, session);
+}
+
+int
+_gnutls_record_buffer_get (content_type_t type,
+ gnutls_session_t session, opaque * data,
+ size_t length)
+{
+ if (length == 0 || data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ switch (type)
+ {
+ case GNUTLS_APPLICATION_DATA:
+ _gnutls_buffer_pop_data (&session->internals.application_data_buffer,
+ data, &length);
+ _gnutls_buffers_log ("BUFFER[REC][AD]: Read %d bytes of Data(%d)\n",
+ (int) length, (int) type);
+ break;
+
+ case GNUTLS_HANDSHAKE:
+ _gnutls_buffer_pop_data (&session->internals.handshake_data_buffer,
+ data, &length);
+ _gnutls_buffers_log ("BUF[REC][HD]: Read %d bytes of Data(%d)\n",
+ (int) length, (int) type);
+ break;
+
+ case GNUTLS_INNER_APPLICATION:
+
+ _gnutls_buffer_pop_data (&session->internals.ia_data_buffer, data,
+ &length);
+ _gnutls_buffers_log ("BUF[REC][IA]: Read %d bytes of Data(%d)\n",
+ (int) length, (int) type);
+ break;
+
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ return length;
+}
+
+inline static void
+reset_errno (gnutls_session_t session)
+{
+ session->internals.errnum = 0;
+}
+
+inline static int
+get_errno (gnutls_session_t session)
+{
+ if (session->internals.errnum != 0)
+ return session->internals.errnum;
+ else
+ return session->internals.errno_func (session->
+ internals.transport_recv_ptr);
+}
+
+
+/* This function is like read. But it does not return -1 on error.
+ * It does return gnutls_errno instead.
+ *
+ * Flags are only used if the default recv() function is being used.
+ */
+static ssize_t
+_gnutls_read (gnutls_session_t session, mbuffer_st ** bufel,
+ size_t size, gnutls_pull_func pull_func)
+{
+ size_t left;
+ ssize_t i = 0;
+ char *ptr;
+ gnutls_transport_ptr_t fd = session->internals.transport_recv_ptr;
+
+ if (!bufel)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ *bufel = _mbuffer_alloc (0, size);
+ if (!*bufel)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ ptr = (*bufel)->msg.data;
+
+ session->internals.direction = 0;
+
+ left = size;
+ while (left > 0)
+ {
+ reset_errno (session);
+
+ i = pull_func (fd, &ptr[size - left], left);
+
+ if (i < 0)
+ {
+ int err = get_errno (session);
+
+ _gnutls_read_log ("READ: %d returned from %p, errno=%d gerrno=%d\n",
+ (int) i, fd, errno, session->internals.errnum);
+
+ if (err == EAGAIN || err == EINTR)
+ {
+ if (size - left > 0)
+ {
+
+ _gnutls_read_log ("READ: returning %d bytes from %p\n",
+ (int) (size - left), fd);
+
+ goto finish;
+ }
+
+ if (err == EAGAIN)
+ return GNUTLS_E_AGAIN;
+ return GNUTLS_E_INTERRUPTED;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PULL_ERROR;
+ }
+ }
+ else
+ {
+
+ _gnutls_read_log ("READ: Got %d bytes from %p\n", (int) i, fd);
+
+ if (i == 0)
+ break; /* EOF */
+ }
+
+ left -= i;
+ (*bufel)->msg.size += i;
+ }
+
+finish:
+
+ if (_gnutls_log_level >= 7)
+ {
+ _gnutls_read_log ("READ: read %d bytes from %p\n",
+ (int) (size - left), fd);
+
+ }
+
+ return (size - left);
+}
+
+
+
+static ssize_t
+_gnutls_writev_emu (gnutls_session_t session, const giovec_t * giovec,
+ int giovec_cnt)
+{
+ int ret, j = 0;
+ gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+ void *iptr;
+ size_t sizeOfPtr;
+ size_t total = 0;
+
+ for (j = 0; j < giovec_cnt; j++)
+ {
+ sizeOfPtr = giovec[j].iov_len;
+ iptr = giovec[j].iov_base;
+
+ ret = session->internals.push_func (fd, iptr, sizeOfPtr);
+
+ if (ret == -1)
+ break;
+
+ total += ret;
+ }
+
+ if (total > 0)
+ return total;
+
+ return ret;
+}
+
+static ssize_t
+_gnutls_writev (gnutls_session_t session, const giovec_t * giovec,
+ int giovec_cnt)
+{
+ int i;
+ gnutls_transport_ptr_t fd = session->internals.transport_send_ptr;
+
+ reset_errno (session);
+
+ if (session->internals.push_func != NULL)
+ i = _gnutls_writev_emu (session, giovec, giovec_cnt);
+ else
+ i = session->internals.vec_push_func (fd, giovec, giovec_cnt);
+
+ if (i == -1)
+ {
+ int err = get_errno (session);
+ _gnutls_debug_log ("errno: %d\n", err);
+ if (err == EAGAIN)
+ return GNUTLS_E_AGAIN;
+ else if (err == EINTR)
+ return GNUTLS_E_INTERRUPTED;
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PUSH_ERROR;
+ }
+ }
+ return i;
+}
+
+#define RCVLOWAT session->internals.lowat
+
+/* This function is only used with berkeley style sockets.
+ * Clears the peeked data (read with MSG_PEEK).
+ */
+int
+_gnutls_io_clear_peeked_data (gnutls_session_t session)
+{
+ mbuffer_st *peekdata;
+ int ret, sum;
+
+ if (session->internals.have_peeked_data == 0 || RCVLOWAT == 0)
+ return 0;
+
+ /* this was already read by using MSG_PEEK - so it shouldn't fail */
+ sum = 0;
+ do
+ { /* we need this to finish now */
+ ret =
+ _gnutls_read (session, &peekdata, RCVLOWAT - sum,
+ session->internals.pull_func);
+ if (ret > 0)
+ sum += ret;
+ _mbuffer_xfree (&peekdata);
+ }
+ while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN
+ || sum < RCVLOWAT);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ session->internals.have_peeked_data = 0;
+
+ return 0;
+}
+
+/* This function is like recv(with MSG_PEEK). But it does not return -1 on error.
+ * It does return gnutls_errno instead.
+ * This function reads data from the socket and keeps them in a buffer, of up to
+ * MAX_RECV_SIZE.
+ *
+ * This is not a general purpose function. It returns EXACTLY the data requested,
+ * which are stored in a local (in the session) buffer.
+ *
+ */
+ssize_t
+_gnutls_io_read_buffered (gnutls_session_t session, size_t total,
+ content_type_t recv_type)
+{
+ ssize_t ret = 0, ret2 = 0;
+ size_t min;
+ mbuffer_st *bufel = NULL;
+ size_t recvlowat, recvdata, readsize;
+
+ if (total > MAX_RECV_SIZE || total == 0)
+ {
+ gnutls_assert (); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* If an external pull function is used, then do not leave
+ * any data into the kernel buffer.
+ */
+ if (session->internals.pull_func != system_read)
+ {
+ recvlowat = 0;
+ }
+ else
+ {
+ /* leave peeked data to the kernel space only if application data
+ * is received and we don't have any peeked
+ * data in gnutls session.
+ */
+ if (recv_type != GNUTLS_APPLICATION_DATA
+ && session->internals.have_peeked_data == 0)
+ recvlowat = 0;
+ else
+ recvlowat = RCVLOWAT;
+ }
+
+
+
+ /* calculate the actual size, ie. get the minimum of the
+ * buffered data and the requested data.
+ */
+ min = MIN (session->internals.record_recv_buffer.byte_length, total);
+ if (min > 0)
+ {
+ /* if we have enough buffered data
+ * then just return them.
+ */
+ if (min == total)
+ {
+ return min;
+ }
+ }
+
+ /* min is over zero. recvdata is the data we must
+ * receive in order to return the requested data.
+ */
+ recvdata = total - min;
+ readsize = recvdata - recvlowat;
+
+ /* Check if the previously read data plus the new data to
+ * receive are longer than the maximum receive buffer size.
+ */
+ if ((session->internals.record_recv_buffer.byte_length + recvdata) >
+ MAX_RECV_SIZE)
+ {
+ gnutls_assert (); /* internal error */
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* READ DATA - but leave RCVLOWAT bytes in the kernel buffer.
+ */
+ if (readsize > 0)
+ {
+ ret =
+ _gnutls_read (session, &bufel, readsize,
+ session->internals.pull_func);
+
+ /* return immediately if we got an interrupt or eagain
+ * error.
+ */
+ if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
+ {
+ _mbuffer_xfree (&bufel);
+ return ret;
+ }
+ }
+
+ /* copy fresh data to our buffer.
+ */
+ if (ret > 0)
+ {
+ _gnutls_read_log
+ ("RB: Have %d bytes into buffer. Adding %d bytes.\n",
+ (int) session->internals.record_recv_buffer.byte_length, (int) ret);
+ _gnutls_read_log ("RB: Requested %d bytes\n", (int) total);
+
+ _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
+ }
+ else
+ _mbuffer_xfree (&bufel);
+
+
+ /* This is hack in order for select to work. Just leave recvlowat data,
+ * into the kernel buffer (using a read with MSG_PEEK), thus making
+ * select think, that the socket is ready for reading.
+ * MSG_PEEK is only used with berkeley style sockets.
+ */
+ if (ret == readsize && recvlowat > 0)
+ {
+ ret2 = _gnutls_read (session, &bufel, recvlowat, system_read_peek);
+
+ if (ret2 < 0 && gnutls_error_is_fatal (ret2) == 0)
+ {
+ _mbuffer_xfree (&bufel);
+ return ret2;
+ }
+
+ if (ret2 > 0)
+ {
+ _gnutls_read_log ("RB-PEEK: Read %d bytes in PEEK MODE.\n",
+ (int) ret2);
+ _gnutls_read_log
+ ("RB-PEEK: Have %d bytes into buffer. Adding %d bytes.\nRB: Requested %d bytes\n",
+ (int) session->internals.record_recv_buffer.byte_length,
+ (int) ret2, (int) total);
+ session->internals.have_peeked_data = 1;
+ _mbuffer_enqueue (&session->internals.record_recv_buffer, bufel);
+ }
+ else
+ _mbuffer_xfree (&bufel);
+ }
+
+ if (ret < 0 || ret2 < 0)
+ {
+ gnutls_assert ();
+ /* that's because they are initialized to 0 */
+ return MIN (ret, ret2);
+ }
+
+ ret += ret2;
+
+ if (ret > 0 && ret < recvlowat)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_AGAIN;
+ }
+
+ if (ret == 0)
+ { /* EOF */
+ gnutls_assert ();
+ return 0;
+ }
+
+ ret = session->internals.record_recv_buffer.byte_length;
+
+ if ((ret > 0) && ((size_t) ret < total))
+ {
+ /* Short Read */
+ gnutls_assert ();
+ return GNUTLS_E_AGAIN;
+ }
+ else
+ {
+ return ret;
+ }
+}
+
+/* This function is like write. But it does not return -1 on error.
+ * It does return gnutls_errno instead.
+ *
+ * This function takes full responsibility of freeing msg->data.
+ *
+ * In case of E_AGAIN and E_INTERRUPTED errors, you must call
+ * gnutls_write_flush(), until it returns ok (0).
+ *
+ * We need to push exactly the data in msg->size, since we cannot send
+ * less data. In TLS the peer must receive the whole packet in order
+ * to decrypt and verify the integrity.
+ *
+ */
+ssize_t
+_gnutls_io_write_buffered (gnutls_session_t session,
+ mbuffer_st * bufel, unsigned int mflag)
+{
+ mbuffer_head_st *const send_buffer = &session->internals.record_send_buffer;
+
+ _mbuffer_enqueue (send_buffer, bufel);
+
+ _gnutls_write_log
+ ("WRITE: enqueued %d bytes for %p. Total %d bytes.\n",
+ (int) bufel->msg.size, session->internals.transport_recv_ptr,
+ (int) send_buffer->byte_length);
+
+ if (mflag == MBUFFER_FLUSH)
+ return _gnutls_io_write_flush (session);
+ else
+ return bufel->msg.size;
+}
+
+typedef ssize_t (*send_func) (gnutls_session_t, const giovec_t *, int);
+
+/* This function writes the data that are left in the
+ * TLS write buffer (ie. because the previous write was
+ * interrupted.
+ */
+ssize_t
+_gnutls_io_write_flush (gnutls_session_t session)
+{
+ gnutls_datum_t msg;
+ mbuffer_head_st *send_buffer = &session->internals.record_send_buffer;
+ int ret;
+ ssize_t sent = 0, tosend = 0;
+ giovec_t iovec[MAX_QUEUE];
+ int i = 0;
+ mbuffer_st *cur;
+
+ _gnutls_write_log ("WRITE FLUSH: %d bytes in buffer.\n",
+ (int) send_buffer->byte_length);
+
+ for (cur = _mbuffer_get_first (send_buffer, &msg);
+ cur != NULL; cur = _mbuffer_get_next (cur, &msg))
+ {
+ iovec[i].iov_base = msg.data;
+ iovec[i++].iov_len = msg.size;
+ tosend += msg.size;
+
+ /* we buffer up to MAX_QUEUE messages */
+ if (i >= sizeof (iovec) / sizeof (iovec[0]))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ ret = _gnutls_writev (session, iovec, i);
+ if (ret >= 0)
+ {
+ _mbuffer_remove_bytes (send_buffer, ret);
+ _gnutls_write_log ("WRITE: wrote %d bytes, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ sent += ret;
+ }
+ else if (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN)
+ {
+ _gnutls_write_log ("WRITE interrupted: %d bytes left.\n",
+ (int) send_buffer->byte_length);
+ return ret;
+ }
+ else
+ {
+ _gnutls_write_log ("WRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (sent < tosend)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_AGAIN;
+ }
+
+ return sent;
+}
+
+/* This function writes the data that are left in the
+ * Handshake write buffer (ie. because the previous write was
+ * interrupted.
+ *
+ */
+ssize_t
+_gnutls_handshake_io_write_flush (gnutls_session_t session)
+{
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
+ gnutls_datum_t msg;
+ int ret;
+ ssize_t total = 0;
+ mbuffer_st *cur;
+
+ _gnutls_write_log ("HWRITE FLUSH: %d bytes in buffer.\n",
+ (int) send_buffer->byte_length);
+
+ for (cur = _mbuffer_get_first (send_buffer, &msg);
+ cur != NULL; cur = _mbuffer_get_first (send_buffer, &msg))
+ {
+ ret = _gnutls_send_int (session, GNUTLS_HANDSHAKE,
+ session->internals.handshake_send_buffer_htype,
+ EPOCH_WRITE_CURRENT,
+ msg.data, msg.size, 0 /* do not flush */ );
+
+ if (ret >= 0)
+ {
+ _mbuffer_remove_bytes (send_buffer, ret);
+
+ _gnutls_write_log ("HWRITE: wrote %d bytes, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ total += ret;
+ }
+ else
+ {
+ _gnutls_write_log ("HWRITE error: code %d, %d bytes left.\n",
+ ret, (int) send_buffer->byte_length);
+
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ return _gnutls_io_write_flush (session);
+
+}
+
+
+/* This is a send function for the gnutls handshake
+ * protocol. Just makes sure that all data have been sent.
+ *
+ */
+void
+_gnutls_handshake_io_cache_int (gnutls_session_t session,
+ gnutls_handshake_description_t htype,
+ mbuffer_st * bufel)
+{
+ mbuffer_head_st *const send_buffer =
+ &session->internals.handshake_send_buffer;
+
+ _mbuffer_enqueue (send_buffer, bufel);
+ session->internals.handshake_send_buffer_htype = htype;
+
+ _gnutls_write_log
+ ("HWRITE: enqueued %d. Total %d bytes.\n",
+ (int) bufel->msg.size, (int) send_buffer->byte_length);
+
+ return;
+}
+
+/* This is a receive function for the gnutls handshake
+ * protocol. Makes sure that we have received all data.
+ */
+ssize_t
+_gnutls_handshake_io_recv_int (gnutls_session_t session,
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ void *iptr, size_t sizeOfPtr)
+{
+ size_t left;
+ ssize_t i;
+ opaque *ptr;
+ size_t dsize;
+
+ ptr = iptr;
+ left = sizeOfPtr;
+
+ if (sizeOfPtr == 0 || iptr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (session->internals.handshake_recv_buffer.length > 0)
+ {
+ size_t tmp;
+
+ /* if we have already received some data */
+ if (sizeOfPtr <= session->internals.handshake_recv_buffer.length)
+ {
+ /* if requested less data then return it.
+ */
+ gnutls_assert ();
+
+ tmp = sizeOfPtr;
+ _gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer,
+ iptr, &tmp);
+ return tmp;
+ }
+ gnutls_assert ();
+
+ tmp = sizeOfPtr;
+ _gnutls_buffer_pop_data (&session->internals.handshake_recv_buffer,
+ iptr, &tmp);
+ left -= tmp;
+
+ htype = session->internals.handshake_recv_buffer_htype;
+ type = session->internals.handshake_recv_buffer_type;
+ }
+
+ while (left > 0)
+ {
+ dsize = sizeOfPtr - left;
+ i = _gnutls_recv_int (session, type, htype, &ptr[dsize], left);
+ if (i < 0)
+ {
+
+ if (dsize > 0 && (i == GNUTLS_E_INTERRUPTED || i == GNUTLS_E_AGAIN))
+ {
+ gnutls_assert ();
+
+ _gnutls_buffer_append_data (&session->internals.
+ handshake_recv_buffer, iptr, dsize);
+
+ session->internals.handshake_recv_buffer_htype = htype;
+ session->internals.handshake_recv_buffer_type = type;
+ }
+
+ return i;
+ }
+ else
+ {
+ if (i == 0)
+ break; /* EOF */
+ }
+
+ left -= i;
+
+ }
+
+ session->internals.handshake_recv_buffer.length = 0;
+
+ return sizeOfPtr - left;
+}
+
+/* Buffer for handshake packets. Keeps the packets in order
+ * for finished messages to use them. Used in HMAC calculation
+ * and finished messages.
+ */
+int
+_gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data,
+ size_t length)
+{
+
+ if (length == 0)
+ return 0;
+
+ if ((session->internals.max_handshake_data_buffer_size > 0) &&
+ ((length + session->internals.handshake_hash_buffer.length) >
+ session->internals.max_handshake_data_buffer_size))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HANDSHAKE_TOO_LARGE;
+ }
+
+ _gnutls_buffers_log ("BUF[HSK]: Inserted %d bytes of Data\n", (int) length);
+ if (_gnutls_buffer_append_data (&session->internals.handshake_hash_buffer,
+ data, length) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_handshake_buffer_get_size (gnutls_session_t session)
+{
+
+ return session->internals.handshake_hash_buffer.length;
+}
+
+/* this function does not touch the buffer
+ * and returns data from it (peek mode!)
+ */
+int
+_gnutls_handshake_buffer_get_ptr (gnutls_session_t session,
+ opaque ** data_ptr, size_t * length)
+{
+ if (length != NULL)
+ *length = session->internals.handshake_hash_buffer.length;
+
+ _gnutls_buffers_log ("BUF[HSK]: Peeked %d bytes of Data\n",
+ (int) session->internals.handshake_hash_buffer.length);
+
+ if (data_ptr != NULL)
+ *data_ptr = session->internals.handshake_hash_buffer.data;
+
+ return 0;
+}
+
+/* Does not free the buffer
+ */
+int
+_gnutls_handshake_buffer_empty (gnutls_session_t session)
+{
+
+ _gnutls_buffers_log ("BUF[HSK]: Emptied buffer\n");
+
+ session->internals.handshake_hash_buffer.length = 0;
+
+ return 0;
+}
+
+
+int
+_gnutls_handshake_buffer_clear (gnutls_session_t session)
+{
+
+ _gnutls_buffers_log ("BUF[HSK]: Cleared Data from buffer\n");
+ _gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
+
+ return 0;
+}
+
+/**
+ * gnutls_transport_set_pull_function:
+ * @session: is a #gnutls_session_t structure.
+ * @pull_func: a callback function similar to read()
+ *
+ * This is the function where you set a function for gnutls to receive
+ * data. Normally, if you use berkeley style sockets, do not need to
+ * use this function since the default (recv(2)) will probably be ok.
+ *
+ * PULL_FUNC is of the form,
+ * ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t);
+ **/
+void
+gnutls_transport_set_pull_function (gnutls_session_t session,
+ gnutls_pull_func pull_func)
+{
+ session->internals.pull_func = pull_func;
+}
+
+/**
+ * gnutls_transport_set_push_function:
+ * @session: is a #gnutls_session_t structure.
+ * @push_func: a callback function similar to write()
+ *
+ * This is the function where you set a push function for gnutls to
+ * use in order to send data. If you are going to use berkeley style
+ * sockets, you do not need to use this function since the default
+ * (send(2)) will probably be ok. Otherwise you should specify this
+ * function for gnutls to be able to send data.
+ *
+ * PUSH_FUNC is of the form,
+ * ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t);
+ **/
+void
+gnutls_transport_set_push_function (gnutls_session_t session,
+ gnutls_push_func push_func)
+{
+ session->internals.push_func = push_func;
+ session->internals.vec_push_func = NULL;
+}
+
+/**
+ * gnutls_transport_set_vec_push_function:
+ * @session: is a #gnutls_session_t structure.
+ * @vec_func: a callback function similar to writev()
+ *
+ * This is the function where you set a push function for gnutls to
+ * use in order to send data. If you are going to use berkeley style
+ * sockets, you do not need to use this function since the default
+ * (send(2)) will probably be ok. Otherwise you should specify this
+ * function for gnutls to be able to send data.
+ *
+ * PUSH_FUNC is of the form,
+ * ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t);
+ **/
+void
+gnutls_transport_set_vec_push_function (gnutls_session_t session,
+ gnutls_vec_push_func vec_func)
+{
+ session->internals.push_func = NULL;
+ session->internals.vec_push_func = vec_func;
+}
+
+/**
+ * gnutls_transport_set_errno_function:
+ * @session: is a #gnutls_session_t structure.
+ * @errno_func: a callback function similar to write()
+ *
+ * This is the function where you set a function to retrieve errno
+ * after a failed push or pull operation.
+ *
+ * errno_func is of the form,
+ * int (*gnutls_errno_func)(gnutls_transport_ptr_t);
+ * and should return the errno.
+ **/
+void
+gnutls_transport_set_errno_function (gnutls_session_t session,
+ gnutls_errno_func errno_func)
+{
+ session->internals.errno_func = errno_func;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef GNUTLS_BUFFERS_H
+#define GNUTLS_BUFFERS_H
+
+#define MBUFFER_FLUSH 1
+
+int _gnutls_record_buffer_put (content_type_t type,
+ gnutls_session_t session, opaque * data,
+ size_t length);
+int _gnutls_record_buffer_get_size (content_type_t type,
+ gnutls_session_t session);
+int _gnutls_record_buffer_get (content_type_t type,
+ gnutls_session_t session, opaque * data,
+ size_t length);
+ssize_t _gnutls_io_read_buffered (gnutls_session_t, size_t n, content_type_t);
+int _gnutls_io_clear_peeked_data (gnutls_session_t session);
+
+ssize_t _gnutls_io_write_buffered (gnutls_session_t session,
+ mbuffer_st * bufel, unsigned int mflag);
+
+int _gnutls_handshake_buffer_get_size (gnutls_session_t session);
+int _gnutls_handshake_buffer_put (gnutls_session_t session, opaque * data,
+ size_t length);
+int _gnutls_handshake_buffer_clear (gnutls_session_t session);
+int _gnutls_handshake_buffer_empty (gnutls_session_t session);
+int _gnutls_handshake_buffer_get_ptr (gnutls_session_t session,
+ opaque ** data_ptr, size_t * length);
+
+#define _gnutls_handshake_io_buffer_clear( session) \
+ _mbuffer_clear( &session->internals.handshake_send_buffer); \
+ _gnutls_buffer_clear( &session->internals.handshake_recv_buffer);
+
+ssize_t _gnutls_handshake_io_recv_int (gnutls_session_t, content_type_t,
+ gnutls_handshake_description_t, void *,
+ size_t);
+void _gnutls_handshake_io_cache_int (gnutls_session_t,
+ gnutls_handshake_description_t,
+ mbuffer_st * bufel);
+ssize_t _gnutls_io_write_flush (gnutls_session_t session);
+ssize_t _gnutls_handshake_io_write_flush (gnutls_session_t session);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
+ * 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Some of the stuff needed for Certificate authentication is contained
+ * in this file.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <auth_cert.h>
+#include <gnutls_cert.h>
+#include <gnutls_datum.h>
+#include <gnutls_mpi.h>
+#include <gnutls_global.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_dh.h>
+#include <gnutls_str.h>
+#include <gnutls_state.h>
+#include <gnutls_auth.h>
+#include <gnutls_x509.h>
+#include "x509/x509_int.h"
+#ifdef ENABLE_OPENPGP
+#include "openpgp/gnutls_openpgp.h"
+#endif
+
+/**
+ * gnutls_certificate_free_keys:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the keys and the certificates associated
+ * with the given credentials. This function must not be called when a
+ * TLS negotiation that uses the credentials is in progress.
+ *
+ **/
+void
+gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc)
+{
+ unsigned i, j;
+
+ for (i = 0; i < sc->ncerts; i++)
+ {
+ for (j = 0; j < sc->cert_list_length[i]; j++)
+ {
+ _gnutls_gcert_deinit (&sc->cert_list[i][j]);
+ }
+ gnutls_free (sc->cert_list[i]);
+ }
+
+ gnutls_free (sc->cert_list_length);
+ sc->cert_list_length = NULL;
+
+ gnutls_free (sc->cert_list);
+ sc->cert_list = NULL;
+
+ for (i = 0; i < sc->ncerts; i++)
+ {
+ gnutls_privkey_deinit (sc->pkey[i]);
+ }
+
+ gnutls_free (sc->pkey);
+ sc->pkey = NULL;
+
+ sc->ncerts = 0;
+
+}
+
+/**
+ * gnutls_certificate_free_cas:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the CAs associated with the given
+ * credentials. Servers that do not use
+ * gnutls_certificate_verify_peers2() may call this to save some
+ * memory.
+ **/
+void
+gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc)
+{
+ unsigned j;
+
+ for (j = 0; j < sc->x509_ncas; j++)
+ {
+ gnutls_x509_crt_deinit (sc->x509_ca_list[j]);
+ }
+
+ sc->x509_ncas = 0;
+
+ gnutls_free (sc->x509_ca_list);
+ sc->x509_ca_list = NULL;
+
+}
+
+/**
+ * gnutls_certificate_get_x509_cas:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ * @x509_ca_list: will point to the CA list. Should be treated as constant
+ * @ncas: the number of CAs
+ *
+ * This function will export all the CAs associated with the given
+ * credentials.
+ *
+ * Since: 2.4.0
+ **/
+void
+gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
+ gnutls_x509_crt_t ** x509_ca_list,
+ unsigned int *ncas)
+{
+ *x509_ca_list = sc->x509_ca_list;
+ *ncas = sc->x509_ncas;
+}
+
+/**
+ * gnutls_certificate_get_x509_crls:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ * @x509_crl_list: the exported CRL list. Should be treated as constant
+ * @ncrls: the number of exported CRLs
+ *
+ * This function will export all the CRLs associated with the given
+ * credentials.
+ *
+ * Since: 2.4.0
+ **/
+void
+gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc,
+ gnutls_x509_crl_t ** x509_crl_list,
+ unsigned int *ncrls)
+{
+ *x509_crl_list = sc->x509_crl_list;
+ *ncrls = sc->x509_ncrls;
+}
+
+#ifdef ENABLE_OPENPGP
+
+/**
+ * gnutls_certificate_get_openpgp_keyring:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ * @keyring: the exported keyring. Should be treated as constant
+ *
+ * This function will export the OpenPGP keyring associated with the
+ * given credentials.
+ *
+ * Since: 2.4.0
+ **/
+void
+gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t sc,
+ gnutls_openpgp_keyring_t * keyring)
+{
+ *keyring = sc->keyring;
+}
+
+#endif
+
+/**
+ * gnutls_certificate_free_ca_names:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the CA name in the given
+ * credentials. Clients may call this to save some memory since in
+ * client side the CA names are not used. Servers might want to use
+ * this function if a large list of trusted CAs is present and
+ * sending the names of it would just consume bandwidth without providing
+ * information to client.
+ *
+ * CA names are used by servers to advertize the CAs they support to
+ * clients.
+ **/
+void
+gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc)
+{
+ _gnutls_free_datum (&sc->x509_rdn_sequence);
+}
+
+/*-
+ * _gnutls_certificate_get_rsa_params - Returns the RSA parameters pointer
+ * @rsa_params: holds the RSA parameters or NULL.
+ * @func: function to retrieve the parameters or NULL.
+ * @session: The session.
+ *
+ * This function will return the rsa parameters pointer.
+ -*/
+gnutls_rsa_params_t
+_gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params,
+ gnutls_params_function * func,
+ gnutls_session_t session)
+{
+ gnutls_params_st params;
+ int ret;
+
+ if (session->internals.params.rsa_params)
+ {
+ return session->internals.params.rsa_params;
+ }
+
+ if (rsa_params)
+ {
+ session->internals.params.rsa_params = rsa_params;
+ }
+ else if (func)
+ {
+ ret = func (session, GNUTLS_PARAMS_RSA_EXPORT, ¶ms);
+ if (ret == 0 && params.type == GNUTLS_PARAMS_RSA_EXPORT)
+ {
+ session->internals.params.rsa_params = params.params.rsa_export;
+ session->internals.params.free_rsa_params = params.deinit;
+ }
+ }
+
+ return session->internals.params.rsa_params;
+}
+
+
+/**
+ * gnutls_certificate_free_credentials:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ *
+ * This function does not free any temporary parameters associated
+ * with this structure (ie RSA and DH parameters are not freed by this
+ * function).
+ **/
+void
+gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc)
+{
+ gnutls_certificate_free_keys (sc);
+ gnutls_certificate_free_cas (sc);
+ gnutls_certificate_free_ca_names (sc);
+#ifdef ENABLE_PKI
+ gnutls_certificate_free_crls (sc);
+#endif
+
+#ifdef ENABLE_OPENPGP
+ gnutls_openpgp_keyring_deinit (sc->keyring);
+#endif
+
+ gnutls_free (sc);
+}
+
+
+/**
+ * gnutls_certificate_allocate_credentials:
+ * @res: is a pointer to a #gnutls_certificate_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t *
+ res)
+{
+ *res = gnutls_calloc (1, sizeof (certificate_credentials_st));
+
+ if (*res == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ (*res)->verify_bits = DEFAULT_VERIFY_BITS;
+ (*res)->verify_depth = DEFAULT_VERIFY_DEPTH;
+
+ return 0;
+}
+
+
+/* returns the KX algorithms that are supported by a
+ * certificate. (Eg a certificate with RSA params, supports
+ * GNUTLS_KX_RSA algorithm).
+ * This function also uses the KeyUsage field of the certificate
+ * extensions in order to disable unneded algorithms.
+ */
+int
+_gnutls_selected_cert_supported_kx (gnutls_session_t session,
+ gnutls_kx_algorithm_t ** alg,
+ int *alg_size)
+{
+ gnutls_kx_algorithm_t kx;
+ gnutls_pk_algorithm_t pk;
+ gnutls_kx_algorithm_t kxlist[MAX_ALGOS];
+ gnutls_cert *cert;
+ int i;
+
+ if (session->internals.selected_cert_list_length == 0)
+ {
+ *alg_size = 0;
+ *alg = NULL;
+ return 0;
+ }
+
+ cert = &session->internals.selected_cert_list[0];
+ i = 0;
+
+ for (kx = 0; kx < MAX_ALGOS; kx++)
+ {
+ pk = _gnutls_map_pk_get_pk (kx);
+ if (pk == cert->subject_pk_algorithm)
+ {
+ /* then check key usage */
+ if (_gnutls_check_key_usage (cert, kx) == 0)
+ {
+ kxlist[i] = kx;
+ i++;
+ }
+ }
+ }
+
+ if (i == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *alg = gnutls_calloc (i, sizeof (gnutls_kx_algorithm_t));
+ if (*alg == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ *alg_size = i;
+
+ memcpy (*alg, kxlist, i * sizeof (gnutls_kx_algorithm_t));
+
+ return 0;
+}
+
+
+/**
+ * gnutls_certificate_server_set_request:
+ * @session: is a #gnutls_session_t structure.
+ * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE
+ *
+ * This function specifies if we (in case of a server) are going to
+ * send a certificate request message to the client. If @req is
+ * GNUTLS_CERT_REQUIRE then the server will return an error if the
+ * peer does not provide a certificate. If you do not call this
+ * function then the client will not be asked to send a certificate.
+ **/
+void
+gnutls_certificate_server_set_request (gnutls_session_t session,
+ gnutls_certificate_request_t req)
+{
+ session->internals.send_cert_req = req;
+}
+
+/**
+ * gnutls_certificate_client_set_retrieve_function:
+ * @cred: is a #gnutls_certificate_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function sets a callback to be called in order to retrieve the
+ * certificate to be used in the handshake.
+ *
+ * The callback's function prototype is:
+ * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
+ * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st);
+ *
+ * @req_ca_cert is only used in X.509 certificates.
+ * Contains a list with the CA names that the server considers trusted.
+ * Normally we should send a certificate that is signed
+ * by one of these CAs. These names are DER encoded. To get a more
+ * meaningful value use the function gnutls_x509_rdn_get().
+ *
+ * @pk_algos contains a list with server's acceptable signature algorithms.
+ * The certificate returned should support the server's given algorithms.
+ *
+ * @st should contain the certificates and private keys.
+ *
+ * If the callback function is provided then gnutls will call it, in the
+ * handshake, after the certificate request message has been received.
+ *
+ * The callback function should set the certificate list to be sent,
+ * and return 0 on success. If no certificate was selected then the
+ * number of certificates should be set to zero. The value (-1)
+ * indicates error and the handshake will be terminated.
+ **/
+void gnutls_certificate_client_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function * func)
+{
+ cred->client_get_cert_callback = func;
+}
+
+/**
+ * gnutls_certificate_server_set_retrieve_function:
+ * @cred: is a #gnutls_certificate_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function sets a callback to be called in order to retrieve the
+ * certificate to be used in the handshake.
+ *
+ * The callback's function prototype is:
+ * int (*callback)(gnutls_session_t, gnutls_retr_st* st);
+ *
+ * @st should contain the certificates and private keys.
+ *
+ * If the callback function is provided then gnutls will call it, in the
+ * handshake, after the certificate request message has been received.
+ *
+ * The callback function should set the certificate list to be sent, and
+ * return 0 on success. The value (-1) indicates error and the handshake
+ * will be terminated.
+ **/
+void gnutls_certificate_server_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function * func)
+{
+ cred->server_get_cert_callback = func;
+}
+
+/**
+ * gnutls_certificate_set_retrieve_function:
+ * @cred: is a #gnutls_certificate_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function sets a callback to be called in order to retrieve the
+ * certificate to be used in the handshake.
+ *
+ * The callback's function prototype is:
+ * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
+ * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st);
+ *
+ * @req_ca_cert is only used in X.509 certificates.
+ * Contains a list with the CA names that the server considers trusted.
+ * Normally we should send a certificate that is signed
+ * by one of these CAs. These names are DER encoded. To get a more
+ * meaningful value use the function gnutls_x509_rdn_get().
+ *
+ * @pk_algos contains a list with server's acceptable signature algorithms.
+ * The certificate returned should support the server's given algorithms.
+ *
+ * @st should contain the certificates and private keys.
+ *
+ * If the callback function is provided then gnutls will call it, in the
+ * handshake, after the certificate request message has been received.
+ *
+ * In server side pk_algos and req_ca_dn are NULL.
+ *
+ * The callback function should set the certificate list to be sent,
+ * and return 0 on success. If no certificate was selected then the
+ * number of certificates should be set to zero. The value (-1)
+ * indicates error and the handshake will be terminated.
+ **/
+void gnutls_certificate_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function * func)
+{
+ cred->get_cert_callback = func;
+}
+
+/**
+ * gnutls_certificate_set_verify_function:
+ * @cred: is a #gnutls_certificate_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function sets a callback to be called when peer's certificate
+ * has been received in order to verify it on receipt rather than
+ * doing after the handshake is completed.
+ *
+ * The callback's function prototype is:
+ * int (*callback)(gnutls_session_t);
+ *
+ * If the callback function is provided then gnutls will call it, in the
+ * handshake, just after the certificate message has been received.
+ * To verify or obtain the certificate the gnutls_certificate_verify_peers2(),
+ * gnutls_certificate_type_get(), gnutls_certificate_get_peers() functions
+ * can be used.
+ *
+ * The callback function should return 0 for the handshake to continue
+ * or non-zero to terminate.
+ *
+ * Since: 2.10.0
+ **/
+void
+ gnutls_certificate_set_verify_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_verify_function * func)
+{
+ cred->verify_callback = func;
+}
+
+/*-
+ * _gnutls_x509_extract_certificate_activation_time - return the peer's certificate activation time
+ * @cert: should contain an X.509 DER encoded certificate
+ *
+ * This function will return the certificate's activation time in UNIX time
+ * (ie seconds since 00:00:00 UTC January 1, 1970).
+ *
+ * Returns a (time_t) -1 in case of an error.
+ *
+ -*/
+static time_t
+_gnutls_x509_get_raw_crt_activation_time (const gnutls_datum_t * cert)
+{
+ gnutls_x509_crt_t xcert;
+ time_t result;
+
+ result = gnutls_x509_crt_init (&xcert);
+ if (result < 0)
+ return (time_t) - 1;
+
+ result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0)
+ {
+ gnutls_x509_crt_deinit (xcert);
+ return (time_t) - 1;
+ }
+
+ result = gnutls_x509_crt_get_activation_time (xcert);
+
+ gnutls_x509_crt_deinit (xcert);
+
+ return result;
+}
+
+/*-
+ * gnutls_x509_extract_certificate_expiration_time:
+ * @cert: should contain an X.509 DER encoded certificate
+ *
+ * This function will return the certificate's expiration time in UNIX
+ * time (ie seconds since 00:00:00 UTC January 1, 1970). Returns a
+ *
+ * (time_t) -1 in case of an error.
+ *
+ -*/
+static time_t
+_gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert)
+{
+ gnutls_x509_crt_t xcert;
+ time_t result;
+
+ result = gnutls_x509_crt_init (&xcert);
+ if (result < 0)
+ return (time_t) - 1;
+
+ result = gnutls_x509_crt_import (xcert, cert, GNUTLS_X509_FMT_DER);
+ if (result < 0)
+ {
+ gnutls_x509_crt_deinit (xcert);
+ return (time_t) - 1;
+ }
+
+ result = gnutls_x509_crt_get_expiration_time (xcert);
+
+ gnutls_x509_crt_deinit (xcert);
+
+ return result;
+}
+
+#ifdef ENABLE_OPENPGP
+/*-
+ * _gnutls_openpgp_crt_verify_peers - return the peer's certificate status
+ * @session: is a gnutls session
+ *
+ * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.).
+ * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
+ -*/
+static int
+_gnutls_openpgp_crt_verify_peers (gnutls_session_t session,
+ unsigned int *status)
+{
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ int peer_certificate_list_size, ret;
+
+ CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+
+ if (peer_certificate_list_size != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* Verify certificate
+ */
+ ret =
+ _gnutls_openpgp_verify_key (cred, &info->raw_certificate_list[0],
+ peer_certificate_list_size, status);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+#endif
+
+/**
+ * gnutls_certificate_verify_peers2:
+ * @session: is a gnutls session
+ * @status: is the output of the verification
+ *
+ * This function will try to verify the peer's certificate and return
+ * its status (trusted, invalid etc.). The value of @status should
+ * be one or more of the gnutls_certificate_status_t enumerated
+ * elements bitwise or'd. To avoid denial of service attacks some
+ * default upper limits regarding the certificate key size and chain
+ * size are set. To override them use
+ * gnutls_certificate_set_verify_limits().
+ *
+ * Note that you must also check the peer's name in order to check if
+ * the verified certificate belongs to the actual peer.
+ *
+ * This function uses gnutls_x509_crt_list_verify() with the CAs in
+ * the credentials as trusted CAs.
+ *
+ * Returns: a negative error code on error and zero on success.
+ **/
+int
+gnutls_certificate_verify_peers2 (gnutls_session_t session,
+ unsigned int *status)
+{
+ cert_auth_info_t info;
+
+ CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ switch (gnutls_certificate_type_get (session))
+ {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_cert_verify_peers (session, status);
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_openpgp_crt_verify_peers (session, status);
+#endif
+ default:
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+}
+
+/**
+ * gnutls_certificate_verify_peers:
+ * @session: is a gnutls session
+ *
+ * This function will try to verify the peer's certificate and return
+ * its status (trusted, invalid etc.). However you must also check
+ * the peer's name in order to check if the verified certificate
+ * belongs to the actual peer.
+ *
+ * This function uses gnutls_x509_crt_list_verify().
+ *
+ * Returns: one or more of the #gnutls_certificate_status_t
+ * enumerated elements bitwise or'd, or a negative value on error.
+ *
+ * Deprecated: Use gnutls_certificate_verify_peers2() instead.
+ **/
+int
+gnutls_certificate_verify_peers (gnutls_session_t session)
+{
+ unsigned int status;
+ int ret;
+
+ ret = gnutls_certificate_verify_peers2 (session, &status);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return status;
+}
+
+/**
+ * gnutls_certificate_expiration_time_peers:
+ * @session: is a gnutls session
+ *
+ * This function will return the peer's certificate expiration time.
+ *
+ * Returns: (time_t)-1 on error.
+ *
+ * Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times.
+ **/
+time_t
+gnutls_certificate_expiration_time_peers (gnutls_session_t session)
+{
+ cert_auth_info_t info;
+
+ CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get (session))
+ {
+ case GNUTLS_CRT_X509:
+ return
+ _gnutls_x509_get_raw_crt_expiration_time (&info->raw_certificate_list
+ [0]);
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_CRT_OPENPGP:
+ return
+ _gnutls_openpgp_get_raw_key_expiration_time
+ (&info->raw_certificate_list[0]);
+#endif
+ default:
+ return (time_t) - 1;
+ }
+}
+
+/**
+ * gnutls_certificate_activation_time_peers:
+ * @session: is a gnutls session
+ *
+ * This function will return the peer's certificate activation time.
+ * This is the creation time for openpgp keys.
+ *
+ * Returns: (time_t)-1 on error.
+ *
+ * Deprecated: gnutls_certificate_verify_peers2() now verifies activation times.
+ **/
+time_t
+gnutls_certificate_activation_time_peers (gnutls_session_t session)
+{
+ cert_auth_info_t info;
+
+ CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ return (time_t) - 1;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ switch (gnutls_certificate_type_get (session))
+ {
+ case GNUTLS_CRT_X509:
+ return
+ _gnutls_x509_get_raw_crt_activation_time (&info->raw_certificate_list
+ [0]);
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_CRT_OPENPGP:
+ return
+ _gnutls_openpgp_get_raw_key_creation_time (&info->raw_certificate_list
+ [0]);
+#endif
+ default:
+ return (time_t) - 1;
+ }
+}
+
+/* Converts the first certificate for the cert_auth_info structure
+ * to a gcert.
+ */
+int
+_gnutls_get_auth_info_gcert (gnutls_cert * gcert,
+ gnutls_certificate_type_t type,
+ cert_auth_info_t info,
+ int flags /* OR of ConvFlags */ )
+{
+ switch (type)
+ {
+ case GNUTLS_CRT_X509:
+ return _gnutls_x509_raw_cert_to_gcert (gcert,
+ &info->raw_certificate_list[0],
+ flags);
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_CRT_OPENPGP:
+ return _gnutls_openpgp_raw_crt_to_gcert (gcert,
+ &info->raw_certificate_list[0],
+ info->use_subkey ? info->
+ subkey_id : NULL);
+#endif
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+}
+
+/* This function will convert a der certificate to a format
+ * (structure) that gnutls can understand and use. Actually the
+ * important thing on this function is that it extracts the
+ * certificate's (public key) parameters.
+ *
+ * The noext flag is used to complete the handshake even if the
+ * extensions found in the certificate are unsupported and critical.
+ * The critical extensions will be catched by the verification functions.
+ */
+int
+_gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
+ const gnutls_datum_t * derCert,
+ int flags /* OR of ConvFlags */ )
+{
+ int ret;
+ gnutls_x509_crt_t cert;
+
+ ret = gnutls_x509_crt_init (&cert);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import (cert, derCert, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (cert);
+ return ret;
+ }
+
+ ret = _gnutls_x509_crt_to_gcert (gcert, cert, flags);
+ gnutls_x509_crt_deinit (cert);
+
+ return ret;
+}
+
+/* Like above but it accepts a parsed certificate instead.
+ */
+int
+_gnutls_x509_crt_to_gcert (gnutls_cert * gcert,
+ gnutls_x509_crt_t cert, unsigned int flags)
+{
+ int ret = 0;
+
+ memset (gcert, 0, sizeof (gnutls_cert));
+ gcert->cert_type = GNUTLS_CRT_X509;
+ gcert->sign_algo = gnutls_x509_crt_get_signature_algorithm (cert);
+
+ if (!(flags & CERT_NO_COPY))
+ {
+#define SMALL_DER 1536
+ opaque *der;
+ size_t der_size = SMALL_DER;
+
+ /* initially allocate a bogus size, just in case the certificate
+ * fits in it. That way we minimize the DER encodings performed.
+ */
+ der = gnutls_malloc (SMALL_DER);
+ if (der == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der, &der_size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ gnutls_free (der);
+ return ret;
+ }
+
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ der = gnutls_realloc (der, der_size);
+ if (der == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_x509_crt_export (cert, GNUTLS_X509_FMT_DER, der,
+ &der_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (der);
+ return ret;
+ }
+ }
+
+ gcert->raw.data = der;
+ gcert->raw.size = der_size;
+ }
+ else
+ /* now we have 0 or a bitwise or of things to decode */
+ flags ^= CERT_NO_COPY;
+
+
+ if (flags & CERT_ONLY_EXTENSIONS || flags == 0)
+ {
+ ret = gnutls_x509_crt_get_key_usage (cert, &gcert->key_usage, NULL);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ gcert->key_usage = 0;
+ else if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ gcert->version = gnutls_x509_crt_get_version (cert);
+ }
+ gcert->subject_pk_algorithm = gnutls_x509_crt_get_pk_algorithm (cert, NULL);
+
+ if (flags & CERT_ONLY_PUBKEY || flags == 0)
+ {
+ gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
+ ret =
+ _gnutls_x509_crt_get_mpis (cert, gcert->params, &gcert->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ return 0;
+
+}
+
+void
+_gnutls_gcert_deinit (gnutls_cert * cert)
+{
+ int i;
+
+ if (cert == NULL)
+ return;
+
+ for (i = 0; i < cert->params_size; i++)
+ {
+ _gnutls_mpi_release (&cert->params[i]);
+ }
+
+ _gnutls_free_datum (&cert->raw);
+}
+
+/**
+ * gnutls_sign_callback_set:
+ * @session: is a gnutls session
+ * @sign_func: function pointer to application's sign callback.
+ * @userdata: void pointer that will be passed to sign callback.
+ *
+ * Set the callback function. The function must have this prototype:
+ *
+ * typedef int (*gnutls_sign_func) (gnutls_session_t session,
+ * void *userdata,
+ * gnutls_certificate_type_t cert_type,
+ * const gnutls_datum_t * cert,
+ * const gnutls_datum_t * hash,
+ * gnutls_datum_t * signature);
+ *
+ * The @userdata parameter is passed to the @sign_func verbatim, and
+ * can be used to store application-specific data needed in the
+ * callback function. See also gnutls_sign_callback_get().
+ *
+ * Deprecated: Use the PKCS 11 interfaces instead.
+ */
+void
+gnutls_sign_callback_set (gnutls_session_t session,
+ gnutls_sign_func sign_func, void *userdata)
+{
+ session->internals.sign_func = sign_func;
+ session->internals.sign_func_userdata = userdata;
+}
+
+/**
+ * gnutls_sign_callback_get:
+ * @session: is a gnutls session
+ * @userdata: if non-%NULL, will be set to abstract callback pointer.
+ *
+ * Retrieve the callback function, and its userdata pointer.
+ *
+ * Returns: The function pointer set by gnutls_sign_callback_set(), or
+ * if not set, %NULL.
+ *
+ * Deprecated: Use the PKCS 11 interfaces instead.
+ */
+gnutls_sign_func
+gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
+{
+ if (userdata)
+ *userdata = session->internals.sign_func_userdata;
+ return session->internals.sign_func;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_CERT_H
+#define GNUTLS_CERT_H
+
+#include <gnutls_pk.h>
+#include "x509/x509_int.h"
+#include <gnutls/openpgp.h>
+
+#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
+
+/* parameters should not be larger than this limit */
+#define DSA_PUBLIC_PARAMS 4
+#define RSA_PUBLIC_PARAMS 2
+
+typedef struct gnutls_cert
+{
+ /* the size of params depends on the public
+ * key algorithm
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is public key
+ */
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size; /* holds the size of MPI params */
+
+ gnutls_pk_algorithm_t subject_pk_algorithm;
+
+ unsigned int key_usage; /* bits from KEY_*
+ */
+
+ unsigned int version;
+ /* holds the type (PGP, X509)
+ */
+ gnutls_certificate_type_t cert_type;
+ gnutls_sign_algorithm_t sign_algo;
+
+ gnutls_datum_t raw;
+
+#ifdef ENABLE_OPENPGP
+ int use_subkey;
+ gnutls_openpgp_keyid_t subkey_id;
+#endif
+} gnutls_cert;
+
+/* because gnutls_session_t is not defined when this file is included */
+struct gnutls_session_int;
+
+typedef enum ConvFlags
+{
+ CERT_NO_COPY = 2,
+ CERT_ONLY_PUBKEY = 4,
+ CERT_ONLY_EXTENSIONS = 16
+} ConvFlags;
+
+int _gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
+ const gnutls_datum_t * derCert,
+ int flags);
+int _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert,
+ unsigned int flags);
+
+void _gnutls_gcert_deinit (gnutls_cert * cert);
+
+int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
+ gnutls_kx_algorithm_t ** alg,
+ int *alg_size);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Some high level functions to be used in the record encryption are
+ * included here.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_compress.h"
+#include "gnutls_cipher.h"
+#include "gnutls_algorithms.h"
+#include "gnutls_hash_int.h"
+#include "gnutls_cipher_int.h"
+#include "debug.h"
+#include "gnutls_num.h"
+#include "gnutls_datum.h"
+#include "gnutls_kx.h"
+#include "gnutls_record.h"
+#include "gnutls_constate.h"
+#include <random.h>
+
+inline static int
+is_write_comp_null (gnutls_session_t session)
+{
+ record_parameters_st *record_params;
+
+ _gnutls_epoch_get (session, EPOCH_WRITE_CURRENT, &record_params);
+ if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
+ return 0;
+
+ return 1;
+}
+
+inline static int
+is_read_comp_null (gnutls_session_t session)
+{
+ record_parameters_st *record_params;
+
+ _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ if (record_params->compression_algorithm == GNUTLS_COMP_NULL)
+ return 0;
+
+ return 1;
+}
+
+
+/* returns ciphertext which contains the headers too. This also
+ * calculates the size in the header field.
+ *
+ * If random pad != 0 then the random pad data will be appended.
+ */
+int
+_gnutls_encrypt (gnutls_session_t session, const opaque * headers,
+ size_t headers_size, const opaque * data,
+ size_t data_size, opaque * ciphertext,
+ size_t ciphertext_size, content_type_t type, int random_pad,
+ record_parameters_st * params)
+{
+ gnutls_datum_t plain;
+ gnutls_datum_t comp;
+ int ret;
+ int free_comp = 1;
+
+ plain.data = (opaque *) data;
+ plain.size = data_size;
+
+ if (plain.size == 0 || is_write_comp_null (session) == 0)
+ {
+ comp = plain;
+ free_comp = 0;
+ }
+ else
+ {
+ /* Here comp is allocated and must be
+ * freed.
+ */
+ ret = _gnutls_m_plaintext2compressed (session, &comp, &plain, params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_compressed2ciphertext (session, &ciphertext[headers_size],
+ ciphertext_size - headers_size,
+ comp, type, random_pad, params);
+
+ if (free_comp)
+ _gnutls_free_datum (&comp);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ /* copy the headers */
+ memcpy (ciphertext, headers, headers_size);
+ _gnutls_write_uint16 (ret, &ciphertext[3]);
+
+ return ret + headers_size;
+}
+
+/* Decrypts the given data.
+ * Returns the decrypted data length.
+ */
+int
+_gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
+ size_t ciphertext_size, uint8_t * data,
+ size_t max_data_size, content_type_t type,
+ record_parameters_st * params)
+{
+ gnutls_datum_t gtxt;
+ gnutls_datum_t gcipher;
+ int ret;
+
+ if (ciphertext_size == 0)
+ return 0;
+
+ gcipher.size = ciphertext_size;
+ gcipher.data = ciphertext;
+
+ ret =
+ _gnutls_ciphertext2compressed (session, data, max_data_size,
+ gcipher, type, params);
+ if (ret < 0)
+ {
+ return ret;
+ }
+
+ if (ret == 0 || is_read_comp_null (session) == 0)
+ {
+ /* ret == ret */
+
+ }
+ else
+ {
+ gnutls_datum_t gcomp;
+
+ /* compression has this malloc overhead.
+ */
+
+ gcomp.data = data;
+ gcomp.size = ret;
+ ret = _gnutls_m_compressed2plaintext (session, >xt, &gcomp, params);
+ if (ret < 0)
+ {
+ return ret;
+ }
+
+ if (gtxt.size > MAX_RECORD_RECV_SIZE)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (>xt);
+ /* This shouldn't have happen and
+ * is a TLS fatal error.
+ */
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ /* This check is not really needed */
+ if (max_data_size < MAX_RECORD_RECV_SIZE)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (>xt);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ memcpy (data, gtxt.data, gtxt.size);
+ ret = gtxt.size;
+
+ _gnutls_free_datum (>xt);
+ }
+
+ return ret;
+}
+
+static inline int
+mac_init (digest_hd_st * td, gnutls_mac_algorithm_t mac, opaque * secret,
+ int secret_size, int ver)
+{
+ int ret = 0;
+
+ if (mac == GNUTLS_MAC_NULL)
+ {
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (ver == GNUTLS_SSL3)
+ { /* SSL 3.0 */
+ ret = _gnutls_mac_init_ssl3 (td, mac, secret, secret_size);
+ }
+ else
+ { /* TLS 1.x */
+ ret = _gnutls_hmac_init (td, mac, secret, secret_size);
+ }
+
+ return ret;
+}
+
+static inline void
+mac_hash (digest_hd_st * td, void *data, int data_size, int ver)
+{
+ if (ver == GNUTLS_SSL3)
+ { /* SSL 3.0 */
+ _gnutls_hash (td, data, data_size);
+ }
+ else
+ {
+ _gnutls_hmac (td, data, data_size);
+ }
+}
+
+static inline void
+mac_deinit (digest_hd_st * td, opaque * res, int ver)
+{
+ if (ver == GNUTLS_SSL3)
+ { /* SSL 3.0 */
+ _gnutls_mac_deinit_ssl3 (td, res);
+ }
+ else
+ {
+ _gnutls_hmac_deinit (td, res);
+ }
+}
+
+inline static int
+calc_enc_length (gnutls_session_t session, int data_size,
+ int hash_size, uint8_t * pad, int random_pad,
+ cipher_type_t block_algo, uint16_t blocksize)
+{
+ uint8_t rnd;
+ int length, ret;
+
+ *pad = 0;
+
+ switch (block_algo)
+ {
+ case CIPHER_STREAM:
+ length = data_size + hash_size;
+
+ break;
+ case CIPHER_BLOCK:
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, &rnd, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* make rnd a multiple of blocksize */
+ if (session->security_parameters.version == GNUTLS_SSL3 ||
+ random_pad == 0)
+ {
+ rnd = 0;
+ }
+ else
+ {
+ rnd = (rnd / blocksize) * blocksize;
+ /* added to avoid the case of pad calculated 0
+ * seen below for pad calculation.
+ */
+ if (rnd > blocksize)
+ rnd -= blocksize;
+ }
+
+ length = data_size + hash_size;
+
+ *pad = (uint8_t) (blocksize - (length % blocksize)) + rnd;
+
+ length += *pad;
+ if (_gnutls_version_has_explicit_iv
+ (session->security_parameters.version))
+ length += blocksize; /* for the IV */
+
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return length;
+}
+
+#define PREAMBLE_SIZE 16
+static inline int
+make_preamble (opaque * uint64_data, opaque type, uint16_t c_length,
+ opaque ver, opaque * preamble)
+{
+ opaque minor = _gnutls_version_get_minor (ver);
+ opaque major = _gnutls_version_get_major (ver);
+ opaque *p = preamble;
+
+ memcpy (p, uint64_data, 8);
+ p += 8;
+ *p = type;
+ p++;
+ if (_gnutls_version_has_variable_padding (ver))
+ { /* TLS 1.0 or higher */
+ *p = major;
+ p++;
+ *p = minor;
+ p++;
+ }
+ memcpy (p, &c_length, 2);
+ p += 2;
+ return p - preamble;
+}
+
+/* This is the actual encryption
+ * Encrypts the given compressed datum, and puts the result to cipher_data,
+ * which has cipher_size size.
+ * return the actual encrypted data length.
+ */
+int
+_gnutls_compressed2ciphertext (gnutls_session_t session,
+ opaque * cipher_data, int cipher_size,
+ gnutls_datum_t compressed,
+ content_type_t _type, int random_pad,
+ record_parameters_st * params)
+{
+ uint8_t MAC[MAX_HASH_SIZE];
+ uint16_t c_length;
+ uint8_t pad;
+ int length, ret;
+ uint8_t type = _type;
+ opaque preamble[PREAMBLE_SIZE];
+ int preamble_size;
+ int hash_size = _gnutls_hash_get_algo_len (params->mac_algorithm);
+ int blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
+ cipher_type_t block_algo =
+ _gnutls_cipher_is_block (params->cipher_algorithm);
+ opaque *data_ptr;
+ int ver = gnutls_protocol_get_version (session);
+
+
+ /* Initialize MAC */
+
+ c_length = _gnutls_conv_uint16 (compressed.size);
+
+ if (params->mac_algorithm != GNUTLS_MAC_NULL)
+ { /* actually when the algorithm in not the NULL one */
+ digest_hd_st td;
+
+ ret = mac_init (&td, params->mac_algorithm,
+ params->write.mac_secret.data,
+ params->write.mac_secret.size, ver);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ preamble_size =
+ make_preamble (UINT64DATA
+ (params->write.sequence_number),
+ type, c_length, ver, preamble);
+ mac_hash (&td, preamble, preamble_size, ver);
+ mac_hash (&td, compressed.data, compressed.size, ver);
+ mac_deinit (&td, MAC, ver);
+ }
+
+
+ /* Calculate the encrypted length (padding etc.)
+ */
+ length =
+ calc_enc_length (session, compressed.size, hash_size, &pad,
+ random_pad, block_algo, blocksize);
+ if (length < 0)
+ {
+ gnutls_assert ();
+ return length;
+ }
+
+ /* copy the encrypted data to cipher_data.
+ */
+ if (cipher_size < length)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ data_ptr = cipher_data;
+ if (block_algo == CIPHER_BLOCK &&
+ _gnutls_version_has_explicit_iv (session->security_parameters.version))
+ {
+ /* copy the random IV.
+ */
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, data_ptr, blocksize);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ data_ptr += blocksize;
+ }
+
+ memcpy (data_ptr, compressed.data, compressed.size);
+ data_ptr += compressed.size;
+
+ if (hash_size > 0)
+ {
+ memcpy (data_ptr, MAC, hash_size);
+ data_ptr += hash_size;
+ }
+ if (block_algo == CIPHER_BLOCK && pad > 0)
+ {
+ memset (data_ptr, pad - 1, pad);
+ }
+
+
+ /* Actual encryption (inplace).
+ */
+ ret =
+ _gnutls_cipher_encrypt (¶ms->write.cipher_state, cipher_data, length);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return length;
+}
+
+
+/* Deciphers the ciphertext packet, and puts the result to compress_data, of compress_size.
+ * Returns the actual compressed packet size.
+ */
+int
+_gnutls_ciphertext2compressed (gnutls_session_t session,
+ opaque * compress_data,
+ int compress_size,
+ gnutls_datum_t ciphertext, uint8_t type,
+ record_parameters_st * params)
+{
+ uint8_t MAC[MAX_HASH_SIZE];
+ uint16_t c_length;
+ uint8_t pad;
+ int length;
+ uint16_t blocksize;
+ int ret, i, pad_failed = 0;
+ opaque preamble[PREAMBLE_SIZE];
+ int preamble_size;
+ int ver = gnutls_protocol_get_version (session);
+ int hash_size = _gnutls_hash_get_algo_len (params->mac_algorithm);
+
+ blocksize = gnutls_cipher_get_block_size (params->cipher_algorithm);
+
+
+ /* actual decryption (inplace)
+ */
+ switch (_gnutls_cipher_is_block (params->cipher_algorithm))
+ {
+ case CIPHER_STREAM:
+ if ((ret =
+ _gnutls_cipher_decrypt (¶ms->read.cipher_state,
+ ciphertext.data, ciphertext.size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ length = ciphertext.size - hash_size;
+
+ break;
+ case CIPHER_BLOCK:
+ if ((ciphertext.size < blocksize) || (ciphertext.size % blocksize != 0))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ if ((ret =
+ _gnutls_cipher_decrypt (¶ms->read.cipher_state,
+ ciphertext.data, ciphertext.size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* ignore the IV in TLS 1.1.
+ */
+ if (_gnutls_version_has_explicit_iv
+ (session->security_parameters.version))
+ {
+ ciphertext.size -= blocksize;
+ ciphertext.data += blocksize;
+
+ if (ciphertext.size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+ }
+
+ pad = ciphertext.data[ciphertext.size - 1] + 1; /* pad */
+
+ if ((int) pad > (int) ciphertext.size - hash_size)
+ {
+ gnutls_assert ();
+ _gnutls_record_log
+ ("REC[%p]: Short record length %d > %d - %d (under attack?)\n",
+ session, pad, ciphertext.size, hash_size);
+ /* We do not fail here. We check below for the
+ * the pad_failed. If zero means success.
+ */
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ length = ciphertext.size - hash_size - pad;
+
+ /* Check the pading bytes (TLS 1.x)
+ */
+ if (_gnutls_version_has_variable_padding (ver) && pad_failed == 0)
+ for (i = 2; i < pad; i++)
+ {
+ if (ciphertext.data[ciphertext.size - i] !=
+ ciphertext.data[ciphertext.size - 1])
+ pad_failed = GNUTLS_E_DECRYPTION_FAILED;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (length < 0)
+ length = 0;
+ c_length = _gnutls_conv_uint16 ((uint16_t) length);
+
+ /* Pass the type, version, length and compressed through
+ * MAC.
+ */
+ if (params->mac_algorithm != GNUTLS_MAC_NULL)
+ {
+ digest_hd_st td;
+
+ ret = mac_init (&td, params->mac_algorithm,
+ params->read.mac_secret.data,
+ params->read.mac_secret.size, ver);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ preamble_size =
+ make_preamble (UINT64DATA
+ (params->read.sequence_number), type,
+ c_length, ver, preamble);
+ mac_hash (&td, preamble, preamble_size, ver);
+ if (length > 0)
+ mac_hash (&td, ciphertext.data, length, ver);
+
+ mac_deinit (&td, MAC, ver);
+ }
+
+ /* This one was introduced to avoid a timing attack against the TLS
+ * 1.0 protocol.
+ */
+ if (pad_failed != 0)
+ {
+ gnutls_assert ();
+ return pad_failed;
+ }
+
+ /* HMAC was not the same.
+ */
+ if (memcmp (MAC, &ciphertext.data[length], hash_size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ /* copy the decrypted stuff to compress_data.
+ */
+ if (compress_size < length)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+ memcpy (compress_data, ciphertext.data, length);
+
+ return length;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+int _gnutls_encrypt (gnutls_session_t session, const opaque * headers,
+ size_t headers_size, const opaque * data,
+ size_t data_size, opaque * ciphertext,
+ size_t ciphertext_size, content_type_t type,
+ int random_pad, record_parameters_st * params);
+
+int _gnutls_decrypt (gnutls_session_t session, opaque * ciphertext,
+ size_t ciphertext_size, uint8_t * data, size_t data_size,
+ content_type_t type, record_parameters_st * params);
+int _gnutls_compressed2ciphertext (gnutls_session_t session,
+ opaque * cipher_data, int cipher_size,
+ gnutls_datum_t compressed,
+ content_type_t _type, int random_pad,
+ record_parameters_st * params);
+int _gnutls_ciphertext2compressed (gnutls_session_t session,
+ opaque * compress_data,
+ int compress_size,
+ gnutls_datum_t ciphertext, uint8_t type,
+ record_parameters_st * params);
--- /dev/null
+/*
+ * Copyright (C) 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_cipher_int.h>
+#include <gnutls_datum.h>
+#include <gnutls/crypto.h>
+#include <crypto.h>
+
+#define SR(x, cleanup) if ( (x)<0 ) { \
+ gnutls_assert(); \
+ ret = GNUTLS_E_INTERNAL_ERROR; \
+ goto cleanup; \
+ }
+
+int
+_gnutls_cipher_init (cipher_hd_st * handle, gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key, const gnutls_datum_t * iv)
+{
+ int ret = GNUTLS_E_INTERNAL_ERROR;
+ const gnutls_crypto_cipher_st *cc = NULL;
+
+ /* check if a cipher has been registered
+ */
+ cc = _gnutls_get_crypto_cipher (cipher);
+ if (cc != NULL)
+ {
+ SR (cc->init (cipher, &handle->handle), cc_cleanup);
+ SR (cc->setkey (handle->handle, key->data, key->size), cc_cleanup);
+
+ handle->encrypt = cc->encrypt;
+ handle->decrypt = cc->decrypt;
+ handle->deinit = cc->deinit;
+
+ if (iv && iv->data && iv->size && cc->setiv)
+ SR (cc->setiv (handle->handle, iv->data, iv->size), cc_cleanup);
+ return 0;
+ }
+
+ /* otherwise use generic cipher interface
+ */
+ ret = _gnutls_cipher_ops.init (cipher, &handle->handle);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_cipher_ops.setkey (handle->handle, key->data, key->size);
+ if (ret < 0)
+ {
+ _gnutls_cipher_ops.deinit (handle->handle);
+ gnutls_assert ();
+ return ret;
+ }
+
+ handle->encrypt = _gnutls_cipher_ops.encrypt;
+ handle->decrypt = _gnutls_cipher_ops.decrypt;
+ handle->deinit = _gnutls_cipher_ops.deinit;
+
+ if (iv && iv->data != NULL && iv->size > 0)
+ _gnutls_cipher_ops.setiv (handle->handle, iv->data, iv->size);
+
+ return 0;
+
+cc_cleanup:
+
+ if (handle->handle)
+ cc->deinit (handle->handle);
+
+ return ret;
+}
+
+int
+_gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text, int textlen)
+{
+ if (handle != NULL && handle->handle != NULL)
+ {
+ return handle->encrypt (handle->handle, text, textlen, text, textlen);
+ }
+ return 0;
+}
+
+int
+_gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
+ int ciphertextlen)
+{
+ if (handle != NULL && handle->handle != NULL)
+ {
+ return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
+ ciphertext, ciphertextlen);
+ }
+ return 0;
+}
+
+int
+_gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
+ int textlen, void *ciphertext, int ciphertextlen)
+{
+ if (handle != NULL && handle->handle != NULL)
+ {
+ return handle->encrypt (handle->handle, text, textlen, ciphertext,
+ ciphertextlen);
+ }
+ return 0;
+}
+
+int
+_gnutls_cipher_decrypt2 (const cipher_hd_st * handle, const void *ciphertext,
+ int ciphertextlen, void *text, int textlen)
+{
+ if (handle != NULL && handle->handle != NULL)
+ {
+ return handle->decrypt (handle->handle, ciphertext, ciphertextlen,
+ text, textlen);
+ }
+ return 0;
+}
+
+void
+_gnutls_cipher_deinit (cipher_hd_st * handle)
+{
+ if (handle != NULL && handle->handle != NULL)
+ {
+ handle->deinit (handle->handle);
+ handle->handle = NULL;
+ }
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_CIPHER_INT
+#define GNUTLS_CIPHER_INT
+
+#include <gnutls/crypto.h>
+
+extern int crypto_cipher_prio;
+extern gnutls_crypto_cipher_st _gnutls_cipher_ops;
+
+typedef int (*cipher_encrypt_func) (void *hd, const void *plaintext, size_t,
+ void *ciphertext, size_t);
+typedef int (*cipher_decrypt_func) (void *hd, const void *ciphertext, size_t,
+ void *plaintext, size_t);
+typedef void (*cipher_deinit_func) (void *hd);
+
+typedef struct
+{
+ void *handle;
+ cipher_encrypt_func encrypt;
+ cipher_decrypt_func decrypt;
+ cipher_deinit_func deinit;
+} cipher_hd_st;
+
+int _gnutls_cipher_init (cipher_hd_st *, gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv);
+int _gnutls_cipher_encrypt (const cipher_hd_st * handle, void *text,
+ int textlen);
+int _gnutls_cipher_decrypt (const cipher_hd_st * handle, void *ciphertext,
+ int ciphertextlen);
+int _gnutls_cipher_encrypt2 (const cipher_hd_st * handle, const void *text,
+ int textlen, void *ciphertext,
+ int ciphertextlen);
+int _gnutls_cipher_decrypt2 (const cipher_hd_st * handle,
+ const void *ciphertext, int ciphertextlen,
+ void *text, int textlen);
+void _gnutls_cipher_deinit (cipher_hd_st * handle);
+
+#endif /* GNUTLS_CIPHER_INT */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2004, 2005, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the functions which convert the TLS plaintext
+ * packet to TLS compressed packet.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_compress.h"
+#include "gnutls_errors.h"
+#include "gnutls_constate.h"
+#include <gnutls_algorithms.h>
+#include <gnutls/gnutls.h>
+
+/* These functions allocate the return value internally
+ */
+int
+_gnutls_m_plaintext2compressed (gnutls_session_t session,
+ gnutls_datum_t * compressed,
+ const gnutls_datum_t * plaintext,
+ const record_parameters_st * params)
+{
+ int size;
+ opaque *data;
+
+ size =
+ _gnutls_compress (params->write.compression_state,
+ plaintext->data, plaintext->size, &data,
+ MAX_RECORD_SEND_SIZE + EXTRA_COMP_SIZE);
+ if (size < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+ compressed->data = data;
+ compressed->size = size;
+
+ return 0;
+}
+
+int
+_gnutls_m_compressed2plaintext (gnutls_session_t session,
+ gnutls_datum_t * plain,
+ const gnutls_datum_t * compressed,
+ const record_parameters_st * params)
+{
+ int size;
+ opaque *data;
+
+ size =
+ _gnutls_decompress (params->read.compression_state,
+ compressed->data, compressed->size, &data,
+ MAX_RECORD_RECV_SIZE);
+ if (size < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+ plain->data = data;
+ plain->size = size;
+
+ return 0;
+}
+
+
+/* Compression Section */
+#define GNUTLS_COMPRESSION_ENTRY(name, id, wb, ml, cl) \
+ { #name, name, id, wb, ml, cl}
+
+
+#define MAX_COMP_METHODS 5
+const int _gnutls_comp_algorithms_size = MAX_COMP_METHODS;
+
+gnutls_compression_entry _gnutls_compression_algorithms[MAX_COMP_METHODS] = {
+ GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_NULL, 0x00, 0, 0, 0),
+#ifdef HAVE_LIBZ
+ /* draft-ietf-tls-compression-02 */
+ GNUTLS_COMPRESSION_ENTRY (GNUTLS_COMP_DEFLATE, 0x01, 15, 8, 3),
+#endif
+ {0, 0, 0, 0, 0, 0}
+};
+
+static const gnutls_compression_method_t supported_compressions[] = {
+#ifdef USE_LZO
+ GNUTLS_COMP_LZO,
+#endif
+#ifdef HAVE_LIBZ
+ GNUTLS_COMP_DEFLATE,
+#endif
+ GNUTLS_COMP_NULL,
+ 0
+};
+
+#define GNUTLS_COMPRESSION_LOOP(b) \
+ const gnutls_compression_entry *p; \
+ for(p = _gnutls_compression_algorithms; p->name != NULL; p++) { b ; }
+#define GNUTLS_COMPRESSION_ALG_LOOP(a) \
+ GNUTLS_COMPRESSION_LOOP( if(p->id == algorithm) { a; break; } )
+#define GNUTLS_COMPRESSION_ALG_LOOP_NUM(a) \
+ GNUTLS_COMPRESSION_LOOP( if(p->num == num) { a; break; } )
+
+/* Compression Functions */
+
+/**
+ * gnutls_compression_get_name:
+ * @algorithm: is a Compression algorithm
+ *
+ * Convert a #gnutls_compression_method_t value to a string.
+ *
+ * Returns: a pointer to a string that contains the name of the
+ * specified compression algorithm, or %NULL.
+ **/
+const char *
+gnutls_compression_get_name (gnutls_compression_method_t algorithm)
+{
+ const char *ret = NULL;
+
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP (ret = p->name + sizeof ("GNUTLS_COMP_") - 1);
+
+ return ret;
+}
+
+/**
+ * gnutls_compression_get_id:
+ * @name: is a compression method name
+ *
+ * The names are compared in a case insensitive way.
+ *
+ * Returns: an id of the specified in a string compression method, or
+ * %GNUTLS_COMP_UNKNOWN on error.
+ **/
+gnutls_compression_method_t
+gnutls_compression_get_id (const char *name)
+{
+ gnutls_compression_method_t ret = GNUTLS_COMP_UNKNOWN;
+
+ GNUTLS_COMPRESSION_LOOP (if
+ (strcasecmp
+ (p->name + sizeof ("GNUTLS_COMP_") - 1,
+ name) == 0) ret = p->id);
+
+ return ret;
+}
+
+/**
+ * gnutls_compression_list:
+ *
+ * Get a list of compression methods. Note that to be able to use LZO
+ * compression, you must link to libgnutls-extra and call
+ * gnutls_global_init_extra().
+ *
+ * Returns: a zero-terminated list of #gnutls_compression_method_t
+ * integers indicating the available compression methods.
+ **/
+const gnutls_compression_method_t *
+gnutls_compression_list (void)
+{
+ return supported_compressions;
+}
+
+/* return the tls number of the specified algorithm */
+int
+_gnutls_compression_get_num (gnutls_compression_method_t algorithm)
+{
+ int ret = -1;
+
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP (ret = p->num);
+
+ return ret;
+}
+
+#ifdef HAVE_LIBZ
+
+static int
+get_wbits (gnutls_compression_method_t algorithm)
+{
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP (ret = p->window_bits);
+ return ret;
+}
+
+static int
+get_mem_level (gnutls_compression_method_t algorithm)
+{
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP (ret = p->mem_level);
+ return ret;
+}
+
+static int
+get_comp_level (gnutls_compression_method_t algorithm)
+{
+ int ret = -1;
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP (ret = p->comp_level);
+ return ret;
+}
+
+#endif
+
+/* returns the gnutls internal ID of the TLS compression
+ * method num
+ */
+gnutls_compression_method_t
+_gnutls_compression_get_id (int num)
+{
+ gnutls_compression_method_t ret = -1;
+
+ /* avoid prefix */
+ GNUTLS_COMPRESSION_ALG_LOOP_NUM (ret = p->id);
+
+ return ret;
+}
+
+int
+_gnutls_compression_is_ok (gnutls_compression_method_t algorithm)
+{
+ ssize_t ret = -1;
+ GNUTLS_COMPRESSION_ALG_LOOP (ret = p->id);
+ if (ret >= 0)
+ ret = 0;
+ else
+ ret = 1;
+ return ret;
+}
+
+
+
+/* For compression */
+
+#define MIN_PRIVATE_COMP_ALGO 0xEF
+
+/* returns the TLS numbers of the compression methods we support
+ */
+#define SUPPORTED_COMPRESSION_METHODS session->internals.priorities.compression.algorithms
+int
+_gnutls_supported_compression_methods (gnutls_session_t session,
+ uint8_t ** comp)
+{
+ unsigned int i, j;
+
+ *comp = gnutls_malloc (sizeof (uint8_t) * SUPPORTED_COMPRESSION_METHODS);
+ if (*comp == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ for (i = j = 0; i < SUPPORTED_COMPRESSION_METHODS; i++)
+ {
+ int tmp =
+ _gnutls_compression_get_num (session->internals.
+ priorities.compression.priority[i]);
+
+ /* remove private compression algorithms, if requested.
+ */
+ if (tmp == -1 || (tmp >= MIN_PRIVATE_COMP_ALGO &&
+ session->internals.enable_private == 0))
+ {
+ gnutls_assert ();
+ continue;
+ }
+
+ (*comp)[j] = (uint8_t) tmp;
+ j++;
+ }
+
+ if (j == 0)
+ {
+ gnutls_assert ();
+ gnutls_free (*comp);
+ *comp = NULL;
+ return GNUTLS_E_NO_COMPRESSION_ALGORITHMS;
+ }
+ return j;
+}
+
+
+#ifdef USE_LZO
+#ifdef USE_MINILZO
+/* Get the prototypes only. Since LZO is a GPLed library, the
+ * gnutls_global_init_extra() has to be called, before LZO compression
+ * can be used.
+ */
+#include "../libextra/minilzo/minilzo.h"
+#elif HAVE_LZO_LZO1X_H
+#include <lzo/lzo1x.h>
+#elif HAVE_LZO1X_H
+#include <lzo1x.h>
+#endif
+
+typedef int (*LZO_FUNC) ();
+
+LZO_FUNC _gnutls_lzo1x_decompress_safe = NULL;
+LZO_FUNC _gnutls_lzo1x_1_compress = NULL;
+
+#endif
+
+/* The flag d is the direction (compress, decompress). Non zero is
+ * decompress.
+ */
+comp_hd_t
+_gnutls_comp_init (gnutls_compression_method_t method, int d)
+{
+ comp_hd_t ret;
+
+ ret = gnutls_malloc (sizeof (struct comp_hd_t_STRUCT));
+ if (ret == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ret->algo = method;
+ ret->handle = NULL;
+
+ switch (method)
+ {
+ case GNUTLS_COMP_DEFLATE:
+#ifdef HAVE_LIBZ
+ {
+ int window_bits, mem_level;
+ int comp_level;
+ z_stream *zhandle;
+ int err;
+
+ window_bits = get_wbits (method);
+ mem_level = get_mem_level (method);
+ comp_level = get_comp_level (method);
+
+ ret->handle = gnutls_malloc (sizeof (z_stream));
+ if (ret->handle == NULL)
+ {
+ gnutls_assert ();
+ goto cleanup_ret;
+ }
+
+ zhandle = ret->handle;
+
+ zhandle->zalloc = (alloc_func) 0;
+ zhandle->zfree = (free_func) 0;
+ zhandle->opaque = (voidpf) 0;
+
+ if (d)
+ err = inflateInit2 (zhandle, window_bits);
+ else
+ {
+ err = deflateInit2 (zhandle,
+ comp_level, Z_DEFLATED,
+ window_bits, mem_level, Z_DEFAULT_STRATEGY);
+ }
+ if (err != Z_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (ret->handle);
+ goto cleanup_ret;
+ }
+ }
+ break;
+#endif
+ case GNUTLS_COMP_LZO:
+#ifdef USE_LZO
+ /* LZO does not use memory on decompressor */
+ if (!d)
+ {
+ ret->handle = gnutls_malloc (LZO1X_1_MEM_COMPRESS);
+
+ if (ret->handle == NULL)
+ {
+ gnutls_assert ();
+ goto cleanup_ret;
+ }
+ }
+ break;
+#endif
+ case GNUTLS_COMP_NULL:
+ case GNUTLS_COMP_UNKNOWN:
+ break;
+ }
+
+ return ret;
+
+cleanup_ret:
+ gnutls_free (ret);
+ return NULL;
+}
+
+/* The flag d is the direction (compress, decompress). Non zero is
+ * decompress.
+ */
+void
+_gnutls_comp_deinit (comp_hd_t handle, int d)
+{
+ if (handle != NULL)
+ {
+ switch (handle->algo)
+ {
+#ifdef HAVE_LIBZ
+ case GNUTLS_COMP_DEFLATE:
+ {
+ int err;
+
+ if (d)
+ err = inflateEnd (handle->handle);
+ else
+ err = deflateEnd (handle->handle);
+ break;
+ }
+#endif
+ default:
+ break;
+ }
+ gnutls_free (handle->handle);
+ gnutls_free (handle);
+
+ }
+}
+
+/* These functions are memory consuming
+ */
+
+int
+_gnutls_compress (comp_hd_t handle, const opaque * plain,
+ size_t plain_size, opaque ** compressed,
+ size_t max_comp_size)
+{
+ int compressed_size = GNUTLS_E_COMPRESSION_FAILED;
+
+ /* NULL compression is not handled here
+ */
+ if (handle == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ switch (handle->algo)
+ {
+#ifdef USE_LZO
+ case GNUTLS_COMP_LZO:
+ {
+ lzo_uint out_len;
+ size_t size;
+ int err;
+
+ if (_gnutls_lzo1x_1_compress == NULL)
+ return GNUTLS_E_COMPRESSION_FAILED;
+
+ size = plain_size + plain_size / 64 + 16 + 3;
+ *compressed = gnutls_malloc (size);
+ if (*compressed == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ err = _gnutls_lzo1x_1_compress (plain, plain_size, *compressed,
+ &out_len, handle->handle);
+
+ if (err != LZO_E_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+
+ compressed_size = out_len;
+ break;
+ }
+#endif
+#ifdef HAVE_LIBZ
+ case GNUTLS_COMP_DEFLATE:
+ {
+ uLongf size;
+ z_stream *zhandle;
+ int err;
+
+ size = (plain_size + plain_size) + 10;
+ *compressed = gnutls_malloc (size);
+ if (*compressed == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) plain;
+ zhandle->avail_in = plain_size;
+ zhandle->next_out = (Bytef *) * compressed;
+ zhandle->avail_out = size;
+
+ err = deflate (zhandle, Z_SYNC_FLUSH);
+
+ if (err != Z_OK || zhandle->avail_in != 0)
+ {
+ gnutls_assert ();
+ gnutls_free (*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+
+ compressed_size = size - zhandle->avail_out;
+ break;
+ }
+#endif
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
+
+#ifdef COMPRESSION_DEBUG
+ _gnutls_debug_log ("Compression ratio: %f\n",
+ (float) ((float) compressed_size / (float) plain_size));
+#endif
+
+ if ((size_t) compressed_size > max_comp_size)
+ {
+ gnutls_free (*compressed);
+ *compressed = NULL;
+ return GNUTLS_E_COMPRESSION_FAILED;
+ }
+
+ return compressed_size;
+}
+
+
+
+int
+_gnutls_decompress (comp_hd_t handle, opaque * compressed,
+ size_t compressed_size, opaque ** plain,
+ size_t max_record_size)
+{
+ int plain_size = GNUTLS_E_DECOMPRESSION_FAILED;
+
+ if (compressed_size > max_record_size + EXTRA_COMP_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ /* NULL compression is not handled here
+ */
+
+ if (handle == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ switch (handle->algo)
+ {
+#ifdef USE_LZO
+ case GNUTLS_COMP_LZO:
+ {
+ lzo_uint out_size;
+ lzo_uint new_size;
+ int err;
+
+ if (_gnutls_lzo1x_decompress_safe == NULL)
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+
+ *plain = NULL;
+ out_size = compressed_size + compressed_size;
+ plain_size = 0;
+
+ do
+ {
+ out_size += 512;
+ *plain = gnutls_realloc_fast (*plain, out_size);
+ if (*plain == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ new_size = out_size;
+ err =
+ _gnutls_lzo1x_decompress_safe (compressed,
+ compressed_size, *plain,
+ &new_size, NULL);
+
+ }
+ while ((err == LZO_E_OUTPUT_OVERRUN && out_size < max_record_size));
+
+ if (err != LZO_E_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (*plain);
+ *plain = NULL;
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ plain_size = new_size;
+ break;
+ }
+#endif
+#ifdef HAVE_LIBZ
+ case GNUTLS_COMP_DEFLATE:
+ {
+ uLongf out_size;
+ z_stream *zhandle;
+ int cur_pos;
+ int err;
+
+ *plain = NULL;
+ out_size = compressed_size + compressed_size;
+ plain_size = 0;
+
+ zhandle = handle->handle;
+
+ zhandle->next_in = (Bytef *) compressed;
+ zhandle->avail_in = compressed_size;
+
+ cur_pos = 0;
+
+ do
+ {
+ out_size += 512;
+ *plain = gnutls_realloc_fast (*plain, out_size);
+ if (*plain == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ zhandle->next_out = (Bytef *) (*plain + cur_pos);
+ zhandle->avail_out = out_size - cur_pos;
+
+ err = inflate (zhandle, Z_SYNC_FLUSH);
+
+ cur_pos = out_size - zhandle->avail_out;
+
+ }
+ while ((err == Z_BUF_ERROR && zhandle->avail_out == 0
+ && out_size < max_record_size)
+ || (err == Z_OK && zhandle->avail_in != 0));
+
+ if (err != Z_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (*plain);
+ *plain = NULL;
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ plain_size = out_size - zhandle->avail_out;
+ break;
+ }
+#endif
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ } /* switch */
+
+ if ((size_t) plain_size > max_record_size)
+ {
+ gnutls_assert ();
+ gnutls_free (*plain);
+ *plain = NULL;
+ return GNUTLS_E_DECOMPRESSION_FAILED;
+ }
+
+ return plain_size;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef GNUTLS_COMPRESS_H
+#define GNUTLS_COMPRESS_H
+
+int _gnutls_m_plaintext2compressed (gnutls_session_t session,
+ gnutls_datum_t * compressed,
+ const gnutls_datum_t * plaintext,
+ const record_parameters_st * params);
+int _gnutls_m_compressed2plaintext (gnutls_session_t session,
+ gnutls_datum_t * plain,
+ const gnutls_datum_t * compressed,
+ const record_parameters_st * params);
+
+/* Algorithm handling. */
+int _gnutls_supported_compression_methods (gnutls_session_t session,
+ uint8_t ** comp);
+int _gnutls_compression_is_ok (gnutls_compression_method_t algorithm);
+int _gnutls_compression_get_num (gnutls_compression_method_t algorithm);
+gnutls_compression_method_t _gnutls_compression_get_id (int num);
+
+#ifdef HAVE_LIBZ
+#include <zlib.h>
+#endif
+
+#define GNUTLS_COMP_FAILED NULL
+
+typedef struct comp_hd_t_STRUCT
+{
+ void *handle;
+ gnutls_compression_method_t algo;
+} *comp_hd_t;
+
+comp_hd_t _gnutls_comp_init (gnutls_compression_method_t, int d);
+void _gnutls_comp_deinit (comp_hd_t handle, int d);
+
+int _gnutls_decompress (comp_hd_t handle, opaque * compressed,
+ size_t compressed_size, opaque ** plain,
+ size_t max_record_size);
+int _gnutls_compress (comp_hd_t, const opaque * plain, size_t plain_size,
+ opaque ** compressed, size_t max_comp_size);
+
+struct gnutls_compression_entry
+{
+ const char *name;
+ gnutls_compression_method_t id;
+ /* the number reserved in TLS for the specific compression method */
+ int num;
+
+ /* used in zlib compressor */
+ int window_bits;
+ int mem_level;
+ int comp_level;
+};
+typedef struct gnutls_compression_entry gnutls_compression_entry;
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that are supposed to run after the handshake procedure is
+ * finished. These functions activate the established security parameters.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_constate.h>
+#include <gnutls_errors.h>
+#include <gnutls_kx.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_num.h>
+#include <gnutls_datum.h>
+#include <gnutls_state.h>
+#include <gnutls_extensions.h>
+#include <gnutls_buffers.h>
+
+static const char keyexp[] = "key expansion";
+static const int keyexp_length = sizeof (keyexp) - 1;
+
+static const char ivblock[] = "IV block";
+static const int ivblock_length = sizeof (ivblock) - 1;
+
+static const char cliwrite[] = "client write key";
+static const int cliwrite_length = sizeof (cliwrite) - 1;
+
+static const char servwrite[] = "server write key";
+static const int servwrite_length = sizeof (servwrite) - 1;
+
+#define EXPORT_FINAL_KEY_SIZE 16
+
+/* This function is to be called after handshake, when master_secret,
+ * client_random and server_random have been initialized.
+ * This function creates the keys and stores them into pending session.
+ * (session->cipher_specs)
+ */
+static int
+_gnutls_set_keys (gnutls_session_t session, record_parameters_st * params,
+ int hash_size, int IV_size, int key_size, int export_flag)
+{
+ /* FIXME: This function is too long
+ */
+ opaque rnd[2 * GNUTLS_RANDOM_SIZE];
+ opaque rrnd[2 * GNUTLS_RANDOM_SIZE];
+ int pos, ret;
+ int block_size;
+ char buf[65];
+ /* avoid using malloc */
+ opaque key_block[2 * MAX_HASH_SIZE + 2 * MAX_CIPHER_KEY_SIZE +
+ 2 * MAX_CIPHER_BLOCK_SIZE];
+ record_state_st *client_write, *server_write;
+
+ client_write =
+ session->security_parameters.entity ==
+ GNUTLS_CLIENT ? ¶ms->write : ¶ms->read;
+ server_write =
+ session->security_parameters.entity ==
+ GNUTLS_SERVER ? ¶ms->write : ¶ms->read;
+
+ block_size = 2 * hash_size + 2 * key_size;
+ if (export_flag == 0)
+ block_size += 2 * IV_size;
+
+ memcpy (rnd, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy (&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+
+ memcpy (rrnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy (&rrnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_generate_random
+ (session->security_parameters.master_secret, GNUTLS_MASTER_SIZE, rnd,
+ 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF (session, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, keyexp, keyexp_length,
+ rnd, 2 * GNUTLS_RANDOM_SIZE, block_size, key_block);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ _gnutls_hard_log ("INT: KEY BLOCK[%d]: %s\n", block_size,
+ _gnutls_bin2hex (key_block, block_size, buf,
+ sizeof (buf), NULL));
+
+ pos = 0;
+ if (hash_size > 0)
+ {
+
+ if (_gnutls_sset_datum
+ (&client_write->mac_secret, &key_block[pos], hash_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ pos += hash_size;
+
+ if (_gnutls_sset_datum
+ (&server_write->mac_secret, &key_block[pos], hash_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ pos += hash_size;
+ }
+
+ if (key_size > 0)
+ {
+ opaque key1[EXPORT_FINAL_KEY_SIZE];
+ opaque key2[EXPORT_FINAL_KEY_SIZE];
+ opaque *client_write_key, *server_write_key;
+ int client_write_key_size, server_write_key_size;
+
+ if (export_flag == 0)
+ {
+ client_write_key = &key_block[pos];
+ client_write_key_size = key_size;
+
+ pos += key_size;
+
+ server_write_key = &key_block[pos];
+ server_write_key_size = key_size;
+
+ pos += key_size;
+
+ }
+ else
+ { /* export */
+ client_write_key = key1;
+ server_write_key = key2;
+
+ /* generate the final keys */
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5 (&key_block[pos],
+ key_size, rrnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ client_write_key);
+
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF (session, &key_block[pos], key_size,
+ cliwrite, cliwrite_length,
+ rrnd,
+ 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, client_write_key);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ client_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret =
+ _gnutls_ssl3_hash_md5 (&key_block[pos], key_size,
+ rnd, 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE,
+ server_write_key);
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_PRF (session, &key_block[pos], key_size,
+ servwrite, servwrite_length,
+ rrnd, 2 * GNUTLS_RANDOM_SIZE,
+ EXPORT_FINAL_KEY_SIZE, server_write_key);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ server_write_key_size = EXPORT_FINAL_KEY_SIZE;
+ pos += key_size;
+ }
+
+ if (_gnutls_sset_datum
+ (&client_write->key, client_write_key, client_write_key_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_hard_log ("INT: CLIENT WRITE KEY [%d]: %s\n",
+ client_write_key_size,
+ _gnutls_bin2hex (client_write_key,
+ client_write_key_size, buf,
+ sizeof (buf), NULL));
+
+ if (_gnutls_sset_datum
+ (&server_write->key, server_write_key, server_write_key_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ _gnutls_hard_log ("INT: SERVER WRITE KEY [%d]: %s\n",
+ server_write_key_size,
+ _gnutls_bin2hex (server_write_key,
+ server_write_key_size, buf,
+ sizeof (buf), NULL));
+
+ }
+
+
+ /* IV generation in export and non export ciphers.
+ */
+ if (IV_size > 0 && export_flag == 0)
+ {
+ if (_gnutls_sset_datum
+ (&client_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ pos += IV_size;
+
+ if (_gnutls_sset_datum
+ (&server_write->IV, &key_block[pos], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ pos += IV_size;
+
+ }
+ else if (IV_size > 0 && export_flag != 0)
+ {
+ opaque iv_block[MAX_CIPHER_BLOCK_SIZE * 2];
+
+ if (session->security_parameters.version == GNUTLS_SSL3)
+ { /* SSL 3 */
+ ret = _gnutls_ssl3_hash_md5 ("", 0,
+ rrnd, GNUTLS_RANDOM_SIZE * 2,
+ IV_size, iv_block);
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+
+ ret = _gnutls_ssl3_hash_md5 ("", 0, rnd,
+ GNUTLS_RANDOM_SIZE * 2,
+ IV_size, &iv_block[IV_size]);
+
+ }
+ else
+ { /* TLS 1.0 */
+ ret = _gnutls_PRF (session, "", 0,
+ ivblock, ivblock_length, rrnd,
+ 2 * GNUTLS_RANDOM_SIZE, IV_size * 2, iv_block);
+ }
+
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ if (_gnutls_sset_datum (&client_write->IV, iv_block, IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ if (_gnutls_sset_datum
+ (&server_write->IV, &iv_block[IV_size], IV_size) < 0)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+ }
+
+ return 0;
+}
+
+static int
+_gnutls_init_record_state (record_parameters_st * params, int read,
+ record_state_st * state)
+{
+ int ret;
+
+ ret = _gnutls_cipher_init (&state->cipher_state,
+ params->cipher_algorithm,
+ &state->key, &state->IV);
+ if (ret < 0 && params->cipher_algorithm != GNUTLS_CIPHER_NULL)
+ return gnutls_assert_val (ret);
+
+ state->compression_state =
+ _gnutls_comp_init (params->compression_algorithm, read);
+
+ if (state->compression_state == GNUTLS_COMP_FAILED)
+ return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+
+ return 0;
+}
+
+int
+_gnutls_epoch_set_cipher_suite (gnutls_session_t session,
+ int epoch_rel, cipher_suite_st * suite)
+{
+ gnutls_cipher_algorithm_t cipher_algo;
+ gnutls_mac_algorithm_t mac_algo;
+ record_parameters_st *params;
+ int ret;
+
+ ret = _gnutls_epoch_get (session, epoch_rel, ¶ms);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ if (params->initialized
+ || params->cipher_algorithm != GNUTLS_CIPHER_UNKNOWN
+ || params->mac_algorithm != GNUTLS_MAC_UNKNOWN)
+ return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+
+ cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
+ mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
+
+ if (_gnutls_cipher_is_ok (cipher_algo) != 0
+ || _gnutls_mac_is_ok (mac_algo) != 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+ params->cipher_algorithm = cipher_algo;
+ params->mac_algorithm = mac_algo;
+
+ return 0;
+}
+
+int
+_gnutls_epoch_set_compression (gnutls_session_t session,
+ int epoch_rel,
+ gnutls_compression_method_t comp_algo)
+{
+ record_parameters_st *params;
+ int ret;
+
+ ret = _gnutls_epoch_get (session, epoch_rel, ¶ms);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ if (params->initialized
+ || params->compression_algorithm != GNUTLS_COMP_UNKNOWN)
+ return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_compression_is_ok (comp_algo) != 0)
+ return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+
+ params->compression_algorithm = comp_algo;
+
+ return 0;
+}
+
+void
+_gnutls_epoch_set_null_algos (gnutls_session_t session,
+ record_parameters_st * params)
+{
+ /* This is only called on startup. We are extra paranoid about this
+ because it may cause unencrypted application data to go out on
+ the wire. */
+ if (params->initialized || params->epoch != 0)
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ params->cipher_algorithm = GNUTLS_CIPHER_NULL;
+ params->mac_algorithm = GNUTLS_MAC_NULL;
+ params->compression_algorithm = GNUTLS_COMP_NULL;
+ params->initialized = 1;
+}
+
+int
+_gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch)
+{
+ int hash_size;
+ int IV_size;
+ int key_size, export_flag;
+ gnutls_cipher_algorithm_t cipher_algo;
+ gnutls_mac_algorithm_t mac_algo;
+ gnutls_compression_method_t comp_algo;
+ record_parameters_st *params;
+ int ret;
+
+ ret = _gnutls_epoch_get (session, epoch, ¶ms);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ if (params->initialized)
+ return 0;
+
+ _gnutls_record_log
+ ("REC[%p]: Initializing epoch #%u\n", session, params->epoch);
+
+ cipher_algo = params->cipher_algorithm;
+ mac_algo = params->mac_algorithm;
+ comp_algo = params->compression_algorithm;
+
+ if (_gnutls_cipher_is_ok (cipher_algo) != 0
+ || _gnutls_mac_is_ok (mac_algo) != 0)
+ return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_compression_is_ok (comp_algo) != 0)
+ return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+
+ IV_size = _gnutls_cipher_get_iv_size (cipher_algo);
+ key_size = gnutls_cipher_get_key_size (cipher_algo);
+ export_flag = _gnutls_cipher_get_export_flag (cipher_algo);
+ hash_size = _gnutls_hash_get_algo_len (mac_algo);
+
+ ret = _gnutls_set_keys
+ (session, params, hash_size, IV_size, key_size, export_flag);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ ret = _gnutls_init_record_state (params, 1, ¶ms->read);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ ret = _gnutls_init_record_state (params, 0, ¶ms->write);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ _gnutls_record_log ("REC[%p]: Epoch #%u ready\n", session, params->epoch);
+
+ params->initialized = 1;
+ return 0;
+}
+
+
+#define CPY_COMMON dst->entity = src->entity; \
+ dst->kx_algorithm = src->kx_algorithm; \
+ memcpy( &dst->current_cipher_suite, &src->current_cipher_suite, sizeof(cipher_suite_st)); \
+ memcpy( dst->master_secret, src->master_secret, GNUTLS_MASTER_SIZE); \
+ memcpy( dst->client_random, src->client_random, GNUTLS_RANDOM_SIZE); \
+ memcpy( dst->server_random, src->server_random, GNUTLS_RANDOM_SIZE); \
+ memcpy( dst->session_id, src->session_id, TLS_MAX_SESSION_ID_SIZE); \
+ dst->session_id_size = src->session_id_size; \
+ dst->cert_type = src->cert_type; \
+ dst->timestamp = src->timestamp; \
+ dst->max_record_recv_size = src->max_record_recv_size; \
+ dst->max_record_send_size = src->max_record_send_size; \
+ dst->version = src->version
+
+static void
+_gnutls_set_resumed_parameters (gnutls_session_t session)
+{
+ security_parameters_st *src =
+ &session->internals.resumed_security_parameters;
+ security_parameters_st *dst = &session->security_parameters;
+
+ CPY_COMMON;
+}
+
+/* Sets the current connection session to conform with the
+ * Security parameters(pending session), and initializes encryption.
+ * Actually it initializes and starts encryption ( so it needs
+ * secrets and random numbers to have been negotiated)
+ * This is to be called after sending the Change Cipher Spec packet.
+ */
+int
+_gnutls_connection_state_init (gnutls_session_t session)
+{
+ int ret;
+
+/* Setup the master secret
+ */
+ if ((ret = _gnutls_generate_master (session, 0)) < 0)
+ return gnutls_assert_val (ret);
+
+ return 0;
+}
+
+
+
+static int
+_gnutls_check_algos (gnutls_session_t session,
+ cipher_suite_st * suite,
+ gnutls_compression_method_t comp_algo)
+{
+ gnutls_cipher_algorithm_t cipher_algo;
+ gnutls_mac_algorithm_t mac_algo;
+
+ cipher_algo = _gnutls_cipher_suite_get_cipher_algo (suite);
+ mac_algo = _gnutls_cipher_suite_get_mac_algo (suite);
+
+ if (_gnutls_cipher_is_ok (cipher_algo) != 0)
+ return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_cipher_priority (session, cipher_algo) < 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+
+ if (_gnutls_mac_is_ok (mac_algo) != 0)
+ return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_mac_priority (session, mac_algo) < 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+
+ if (_gnutls_compression_is_ok (comp_algo) != 0)
+ return gnutls_assert_val (GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM);
+
+ return 0;
+}
+
+/* Initializes the read connection session
+ * (read encrypted data)
+ */
+int
+_gnutls_read_connection_state_init (gnutls_session_t session)
+{
+ const uint16_t epoch_next = session->security_parameters.epoch_next;
+ int ret;
+
+ /* Update internals from CipherSuite selected.
+ * If we are resuming just copy the connection session
+ */
+ if (session->internals.resumed == RESUME_FALSE)
+ {
+ ret = _gnutls_check_algos (session,
+ &session->
+ security_parameters.current_cipher_suite,
+ session->internals.compression_method);
+ if (ret < 0)
+ return ret;
+
+ ret = _gnutls_set_kx (session,
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
+ if (ret < 0)
+ return ret;
+ }
+ else if (session->security_parameters.entity == GNUTLS_CLIENT)
+ _gnutls_set_resumed_parameters (session);
+
+ ret = _gnutls_epoch_set_keys (session, epoch_next);
+ if (ret < 0)
+ return ret;
+
+ _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
+
+ session->security_parameters.epoch_read = epoch_next;
+ _gnutls_epoch_gc (session);
+
+ return 0;
+}
+
+
+
+/* Initializes the write connection session
+ * (write encrypted data)
+ */
+int
+_gnutls_write_connection_state_init (gnutls_session_t session)
+{
+ const uint16_t epoch_next = session->security_parameters.epoch_next;
+ int ret;
+
+/* Update internals from CipherSuite selected.
+ * If we are resuming just copy the connection session
+ */
+ if (session->internals.resumed == RESUME_FALSE)
+ {
+ ret = _gnutls_check_algos (session,
+ &session->
+ security_parameters.current_cipher_suite,
+ session->internals.compression_method);
+ if (ret < 0)
+ return ret;
+
+ ret = _gnutls_set_kx (session,
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
+ if (ret < 0)
+ return ret;
+ }
+ else if (session->security_parameters.entity == GNUTLS_SERVER)
+ _gnutls_set_resumed_parameters (session);
+
+ ret = _gnutls_epoch_set_keys (session, epoch_next);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ _gnutls_handshake_log ("HSK[%p]: Cipher Suite: %s\n", session,
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Initializing internal [write] cipher sessions\n", session);
+
+ session->security_parameters.epoch_write = epoch_next;
+ _gnutls_epoch_gc (session);
+
+ return 0;
+}
+
+/* Sets the specified kx algorithm into pending session
+ */
+int
+_gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo)
+{
+
+ if (_gnutls_kx_is_ok (algo) == 0)
+ {
+ session->security_parameters.kx_algorithm = algo;
+ }
+ else
+ return gnutls_assert_val (GNUTLS_E_INTERNAL_ERROR);
+
+ if (_gnutls_kx_priority (session, algo) < 0)
+ return gnutls_assert_val (GNUTLS_E_UNWANTED_ALGORITHM);
+
+ return 0;
+}
+
+static inline int
+epoch_resolve (gnutls_session_t session,
+ unsigned int epoch_rel, uint16_t * epoch_out)
+{
+ switch (epoch_rel)
+ {
+ case EPOCH_READ_CURRENT:
+ *epoch_out = session->security_parameters.epoch_read;
+ return 0;
+
+ case EPOCH_WRITE_CURRENT:
+ *epoch_out = session->security_parameters.epoch_write;
+ return 0;
+
+ case EPOCH_NEXT:
+ *epoch_out = session->security_parameters.epoch_next;
+ return 0;
+
+ default:
+ if (epoch_rel > 0xffffu)
+ return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+
+ *epoch_out = epoch_rel;
+ return 0;
+ }
+}
+
+static inline record_parameters_st **
+epoch_get_slot (gnutls_session_t session, uint16_t epoch)
+{
+ uint16_t epoch_index = epoch - session->security_parameters.epoch_min;
+
+ if (epoch_index >= MAX_EPOCH_INDEX)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ /* The slot may still be empty (NULL) */
+ return &session->record_parameters[epoch_index];
+}
+
+int
+_gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
+ record_parameters_st ** params_out)
+{
+ uint16_t epoch;
+ record_parameters_st **params;
+ int ret;
+
+ ret = epoch_resolve (session, epoch_rel, &epoch);
+ if (ret < 0)
+ return gnutls_assert_val (ret);
+
+ params = epoch_get_slot (session, epoch);
+ if (params == NULL || *params == NULL)
+ return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+
+ *params_out = *params;
+
+ return 0;
+}
+
+int
+_gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out)
+{
+ record_parameters_st **slot;
+
+ _gnutls_record_log ("REC[%p]: Allocating epoch #%u\n", session, epoch);
+
+ slot = epoch_get_slot (session, epoch);
+
+ /* If slot out of range or not empty. */
+ if (slot == NULL)
+ return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+
+ if (*slot != NULL)
+ return gnutls_assert_val (GNUTLS_E_INVALID_REQUEST);
+
+ *slot = gnutls_calloc (1, sizeof (record_parameters_st));
+ if (*slot == NULL)
+ return gnutls_assert_val (GNUTLS_E_MEMORY_ERROR);
+
+ (*slot)->epoch = epoch;
+ (*slot)->cipher_algorithm = GNUTLS_CIPHER_UNKNOWN;
+ (*slot)->mac_algorithm = GNUTLS_MAC_UNKNOWN;
+ (*slot)->compression_algorithm = GNUTLS_COMP_UNKNOWN;
+
+ if (out != NULL)
+ *out = *slot;
+
+ return 0;
+}
+
+static inline int
+epoch_alive (gnutls_session_t session, record_parameters_st * params)
+{
+ const security_parameters_st *sp = &session->security_parameters;
+
+ /* DTLS will, in addition, need to check the epoch timeout value. */
+ return (params->epoch == sp->epoch_read
+ || params->epoch == sp->epoch_write
+ || params->epoch == sp->epoch_next);
+}
+
+void
+_gnutls_epoch_gc (gnutls_session_t session)
+{
+ int i, j;
+ unsigned int min_index = 0;
+
+ _gnutls_record_log ("REC[%p]: Start of epoch cleanup\n", session);
+
+ /* Free all dead cipher state */
+ for (i = 0; i < MAX_EPOCH_INDEX; i++)
+ if (session->record_parameters[i] != NULL
+ && !epoch_alive (session, session->record_parameters[i]))
+ {
+ _gnutls_epoch_free (session, session->record_parameters[i]);
+ session->record_parameters[i] = NULL;
+ }
+
+ /* Look for contiguous NULLs at the start of the array */
+ for (i = 0; i < MAX_EPOCH_INDEX && session->record_parameters[i] == NULL;
+ i++);
+ min_index = i;
+
+ /* Pick up the slack in the epoch window. */
+ for (i = 0, j = min_index; j < MAX_EPOCH_INDEX; i++, j++)
+ session->record_parameters[i] = session->record_parameters[j];
+
+ /* Set the new epoch_min */
+ if (session->record_parameters[0] != NULL)
+ session->security_parameters.epoch_min =
+ session->record_parameters[0]->epoch;
+
+ _gnutls_record_log ("REC[%p]: End of epoch cleanup\n", session);
+}
+
+static inline void
+free_record_state (record_state_st * state, int read)
+{
+ _gnutls_free_datum (&state->mac_secret);
+ _gnutls_free_datum (&state->IV);
+ _gnutls_free_datum (&state->key);
+
+ _gnutls_cipher_deinit (&state->cipher_state);
+
+ if (state->compression_state != NULL)
+ _gnutls_comp_deinit (state->compression_state, read);
+}
+
+void
+_gnutls_epoch_free (gnutls_session_t session, record_parameters_st * params)
+{
+ _gnutls_record_log ("REC[%p]: Epoch #%u freed\n", session, params->epoch);
+
+ free_record_state (¶ms->read, 1);
+ free_record_state (¶ms->write, 0);
+
+ gnutls_free (params);
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_CONSTATE_H
+#define GNUTLS_CONSTATE_H
+
+int _gnutls_epoch_set_cipher_suite (gnutls_session_t session, int epoch_rel,
+ cipher_suite_st * suite);
+int _gnutls_epoch_set_compression (gnutls_session_t session, int epoch_rel,
+ gnutls_compression_method_t comp_algo);
+void _gnutls_epoch_set_null_algos (gnutls_session_t session,
+ record_parameters_st * params);
+int _gnutls_epoch_set_keys (gnutls_session_t session, uint16_t epoch);
+int _gnutls_connection_state_init (gnutls_session_t session);
+int _gnutls_read_connection_state_init (gnutls_session_t session);
+int _gnutls_write_connection_state_init (gnutls_session_t session);
+
+int _gnutls_set_kx (gnutls_session_t session, gnutls_kx_algorithm_t algo);
+
+int _gnutls_epoch_get (gnutls_session_t session, unsigned int epoch_rel,
+ record_parameters_st ** params_out);
+int _gnutls_epoch_alloc (gnutls_session_t session, uint16_t epoch,
+ record_parameters_st ** out);
+void _gnutls_epoch_gc (gnutls_session_t session);
+void _gnutls_epoch_free (gnutls_session_t session,
+ record_parameters_st * state);
+
+#endif
--- /dev/null
+void _gnutls_cryptodev_deinit (void);
+int _gnutls_cryptodev_init (void);
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* contains functions that make it easier to
+ * write vectors of <size|data>. The destination size
+ * should be preallocated (datum.size+(bits/8))
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_num.h>
+#include <gnutls_datum.h>
+#include <gnutls_errors.h>
+
+
+void
+_gnutls_write_datum16 (opaque * dest, gnutls_datum_t dat)
+{
+ _gnutls_write_uint16 (dat.size, dest);
+ if (dat.data != NULL)
+ memcpy (&dest[2], dat.data, dat.size);
+}
+
+void
+_gnutls_write_datum24 (opaque * dest, gnutls_datum_t dat)
+{
+ _gnutls_write_uint24 (dat.size, dest);
+ if (dat.data != NULL)
+ memcpy (&dest[3], dat.data, dat.size);
+}
+
+void
+_gnutls_write_datum32 (opaque * dest, gnutls_datum_t dat)
+{
+ _gnutls_write_uint32 (dat.size, dest);
+ if (dat.data != NULL)
+ memcpy (&dest[4], dat.data, dat.size);
+}
+
+void
+_gnutls_write_datum8 (opaque * dest, gnutls_datum_t dat)
+{
+ dest[0] = (uint8_t) dat.size;
+ if (dat.data != NULL)
+ memcpy (&dest[1], dat.data, dat.size);
+}
+
+
+int
+_gnutls_set_datum_m (gnutls_datum_t * dat, const void *data,
+ size_t data_size, gnutls_alloc_function galloc_func)
+{
+ if (data_size == 0 || data == NULL)
+ {
+ dat->data = NULL;
+ dat->size = 0;
+ return 0;
+ }
+
+ dat->data = galloc_func (data_size);
+ if (dat->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ dat->size = data_size;
+ memcpy (dat->data, data, data_size);
+
+ return 0;
+}
+
+int
+_gnutls_datum_append_m (gnutls_datum_t * dst, const void *data,
+ size_t data_size,
+ gnutls_realloc_function grealloc_func)
+{
+
+ dst->data = grealloc_func (dst->data, data_size + dst->size);
+ if (dst->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ memcpy (&dst->data[dst->size], data, data_size);
+ dst->size += data_size;
+
+ return 0;
+}
+
+void
+_gnutls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function gfree_func)
+{
+ if (dat->data != NULL)
+ gfree_func (dat->data);
+
+ dat->data = NULL;
+ dat->size = 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_DATUM_H
+#define GNUTLS_DATUM_H
+
+void _gnutls_write_datum16 (opaque * dest, gnutls_datum_t dat);
+void _gnutls_write_datum24 (opaque * dest, gnutls_datum_t dat);
+void _gnutls_write_datum32 (opaque * dest, gnutls_datum_t dat);
+void _gnutls_write_datum8 (opaque * dest, gnutls_datum_t dat);
+
+int _gnutls_set_datum_m (gnutls_datum_t * dat, const void *data,
+ size_t data_size, gnutls_alloc_function);
+#define _gnutls_set_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_malloc)
+#define _gnutls_sset_datum( x, y, z) _gnutls_set_datum_m(x,y,z, gnutls_secure_malloc)
+
+int _gnutls_datum_append_m (gnutls_datum_t * dat, const void *data,
+ size_t data_size, gnutls_realloc_function);
+#define _gnutls_datum_append(x,y,z) _gnutls_datum_append_m(x,y,z, gnutls_realloc)
+
+void _gnutls_free_datum_m (gnutls_datum_t * dat, gnutls_free_function);
+#define _gnutls_free_datum(x) _gnutls_free_datum_m(x, gnutls_free)
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains functions that manipulate a database backend for
+ * resumed sessions.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include <gnutls_db.h>
+#include "debug.h"
+#include <gnutls_session_pack.h>
+#include <gnutls_datum.h>
+
+/**
+ * gnutls_db_set_retrieve_function:
+ * @session: is a #gnutls_session_t structure.
+ * @retr_func: is the function.
+ *
+ * Sets the function that will be used to retrieve data from the
+ * resumed sessions database. This function must return a
+ * gnutls_datum_t containing the data on success, or a gnutls_datum_t
+ * containing null and 0 on failure.
+ *
+ * The datum's data must be allocated using the function
+ * gnutls_malloc().
+ *
+ * The first argument to @retr_func will be null unless
+ * gnutls_db_set_ptr() has been called.
+ **/
+void
+gnutls_db_set_retrieve_function (gnutls_session_t session,
+ gnutls_db_retr_func retr_func)
+{
+ session->internals.db_retrieve_func = retr_func;
+}
+
+/**
+ * gnutls_db_set_remove_function:
+ * @session: is a #gnutls_session_t structure.
+ * @rem_func: is the function.
+ *
+ * Sets the function that will be used to remove data from the
+ * resumed sessions database. This function must return 0 on success.
+ *
+ * The first argument to @rem_func will be null unless
+ * gnutls_db_set_ptr() has been called.
+ **/
+void
+gnutls_db_set_remove_function (gnutls_session_t session,
+ gnutls_db_remove_func rem_func)
+{
+ session->internals.db_remove_func = rem_func;
+}
+
+/**
+ * gnutls_db_set_store_function:
+ * @session: is a #gnutls_session_t structure.
+ * @store_func: is the function
+ *
+ * Sets the function that will be used to store data from the resumed
+ * sessions database. This function must remove 0 on success.
+ *
+ * The first argument to store_func() will be null unless
+ * gnutls_db_set_ptr() has been called.
+ **/
+void
+gnutls_db_set_store_function (gnutls_session_t session,
+ gnutls_db_store_func store_func)
+{
+ session->internals.db_store_func = store_func;
+}
+
+/**
+ * gnutls_db_set_ptr:
+ * @session: is a #gnutls_session_t structure.
+ * @ptr: is the pointer
+ *
+ * Sets the pointer that will be provided to db store, retrieve and
+ * delete functions, as the first argument.
+ **/
+void
+gnutls_db_set_ptr (gnutls_session_t session, void *ptr)
+{
+ session->internals.db_ptr = ptr;
+}
+
+/**
+ * gnutls_db_get_ptr:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get db function pointer.
+ *
+ * Returns: the pointer that will be sent to db store, retrieve and
+ * delete functions, as the first argument.
+ **/
+void *
+gnutls_db_get_ptr (gnutls_session_t session)
+{
+ return session->internals.db_ptr;
+}
+
+/**
+ * gnutls_db_set_cache_expiration:
+ * @session: is a #gnutls_session_t structure.
+ * @seconds: is the number of seconds.
+ *
+ * Set the expiration time for resumed sessions. The default is 3600
+ * (one hour) at the time writing this.
+ **/
+void
+gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds)
+{
+ session->internals.expire_time = seconds;
+}
+
+/**
+ * gnutls_db_check_entry:
+ * @session: is a #gnutls_session_t structure.
+ * @session_entry: is the session data (not key)
+ *
+ * Check if database entry has expired. This function is to be used
+ * when you want to clear unnesessary session which occupy space in
+ * your backend.
+ *
+ * Returns: Returns %GNUTLS_E_EXPIRED, if the database entry has
+ * expired or 0 otherwise.
+ **/
+int
+gnutls_db_check_entry (gnutls_session_t session, gnutls_datum_t session_entry)
+{
+ time_t timestamp;
+
+ timestamp = time (0);
+
+ if (session_entry.data != NULL)
+ if (timestamp -
+ ((security_parameters_st *) (session_entry.data))->timestamp <=
+ session->internals.expire_time
+ || ((security_parameters_st *) (session_entry.data))->timestamp >
+ timestamp
+ || ((security_parameters_st *) (session_entry.data))->timestamp == 0)
+ return GNUTLS_E_EXPIRED;
+
+ return 0;
+}
+
+/* The format of storing data is:
+ * (forget it). Check gnutls_session_pack.c
+ */
+int
+_gnutls_server_register_current_session (gnutls_session_t session)
+{
+ gnutls_datum_t key;
+ gnutls_datum_t content;
+ int ret = 0;
+
+ key.data = session->security_parameters.session_id;
+ key.size = session->security_parameters.session_id_size;
+
+ if (session->internals.resumable == RESUME_FALSE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (session->security_parameters.session_id == NULL
+ || session->security_parameters.session_id_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+/* copy data */
+ ret = _gnutls_session_pack (session, &content);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_store_session (session, key, content);
+ _gnutls_free_datum (&content);
+
+ return ret;
+}
+
+/* Checks if both db_store and db_retrieve functions have
+ * been set up.
+ */
+static int
+_gnutls_db_func_is_ok (gnutls_session_t session)
+{
+ if (session->internals.db_store_func != NULL &&
+ session->internals.db_retrieve_func != NULL &&
+ session->internals.db_remove_func != NULL)
+ return 0;
+ else
+ return GNUTLS_E_DB_ERROR;
+}
+
+
+int
+_gnutls_server_restore_session (gnutls_session_t session,
+ uint8_t * session_id, int session_id_size)
+{
+ gnutls_datum_t data;
+ gnutls_datum_t key;
+ int ret;
+
+ key.data = session_id;
+ key.size = session_id_size;
+
+ if (_gnutls_db_func_is_ok (session) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ data = _gnutls_retrieve_session (session, key);
+
+ if (data.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ /* expiration check is performed inside */
+ ret = gnutls_session_set_data (session, data.data, data.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ gnutls_free (data.data);
+
+ return 0;
+}
+
+int
+_gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
+ int session_id_size)
+{
+ gnutls_datum_t key;
+
+ key.data = session_id;
+ key.size = session_id_size;
+
+ return _gnutls_remove_session (session, key);
+}
+
+
+/* Stores session data to the db backend.
+ */
+int
+_gnutls_store_session (gnutls_session_t session,
+ gnutls_datum_t session_id, gnutls_datum_t session_data)
+{
+ int ret = 0;
+
+ if (session->internals.resumable == RESUME_FALSE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (_gnutls_db_func_is_ok (session) != 0)
+ {
+ return GNUTLS_E_DB_ERROR;
+ }
+
+ if (session_id.data == NULL || session_id.size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ if (session_data.data == NULL || session_data.size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+ /* if we can't read why bother writing? */
+
+ if (session->internals.db_store_func != NULL)
+ ret =
+ session->internals.db_store_func (session->internals.db_ptr,
+ session_id, session_data);
+
+ return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
+
+}
+
+/* Retrieves session data from the db backend.
+ */
+gnutls_datum_t
+_gnutls_retrieve_session (gnutls_session_t session, gnutls_datum_t session_id)
+{
+ gnutls_datum_t ret = { NULL, 0 };
+
+ if (session_id.data == NULL || session_id.size == 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (session->internals.db_retrieve_func != NULL)
+ ret =
+ session->internals.db_retrieve_func (session->internals.db_ptr,
+ session_id);
+
+ return ret;
+
+}
+
+/* Removes session data from the db backend.
+ */
+int
+_gnutls_remove_session (gnutls_session_t session, gnutls_datum_t session_id)
+{
+ int ret = 0;
+
+ if (_gnutls_db_func_is_ok (session) != 0)
+ {
+ return GNUTLS_E_DB_ERROR;
+ }
+
+ if (session_id.data == NULL || session_id.size == 0)
+ return GNUTLS_E_INVALID_SESSION;
+
+ /* if we can't read why bother writing? */
+ if (session->internals.db_remove_func != NULL)
+ ret =
+ session->internals.db_remove_func (session->internals.db_ptr,
+ session_id);
+
+ return (ret == 0 ? ret : GNUTLS_E_DB_ERROR);
+
+}
+
+/**
+ * gnutls_db_remove_session:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function will remove the current session data from the
+ * session database. This will prevent future handshakes reusing
+ * these session data. This function should be called if a session
+ * was terminated abnormally, and before gnutls_deinit() is called.
+ *
+ * Normally gnutls_deinit() will remove abnormally terminated
+ * sessions.
+ **/
+void
+gnutls_db_remove_session (gnutls_session_t session)
+{
+ _gnutls_db_remove_session (session,
+ session->security_parameters.session_id,
+ session->security_parameters.session_id_size);
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+int _gnutls_server_register_current_session (gnutls_session_t session);
+int _gnutls_server_restore_session (gnutls_session_t session,
+ uint8_t * session_id,
+ int session_id_size);
+int _gnutls_db_remove_session (gnutls_session_t session, uint8_t * session_id,
+ int session_id_size);
+int _gnutls_store_session (gnutls_session_t session,
+ gnutls_datum_t session_id,
+ gnutls_datum_t session_data);
+gnutls_datum_t _gnutls_retrieve_session (gnutls_session_t session,
+ gnutls_datum_t session_id);
+int _gnutls_remove_session (gnutls_session_t session,
+ gnutls_datum_t session_id);
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_dh.h>
+
+
+/*
+ --Example--
+ you: X = g ^ x mod p;
+ peer:Y = g ^ y mod p;
+
+ your_key = Y ^ x mod p;
+ his_key = X ^ y mod p;
+
+// generate our secret and the public value (X) for it
+ X = gnutls_calc_dh_secret(&x, g, p);
+// now we can calculate the shared secret
+ key = gnutls_calc_dh_key(Y, x, g, p);
+ _gnutls_mpi_release(x);
+ _gnutls_mpi_release(g);
+*/
+
+#define MAX_BITS 18000
+
+/* returns the public value (X), and the secret (ret_x).
+ */
+bigint_t
+gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime)
+{
+ bigint_t e, x = NULL;
+ int x_size = _gnutls_mpi_get_nbits (prime) - 1;
+ /* The size of the secret key is less than
+ * prime/2
+ */
+
+ if (x_size > MAX_BITS || x_size <= 0)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ x = _gnutls_mpi_randomize (NULL, x_size, GNUTLS_RND_RANDOM);
+ if (x == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ e = _gnutls_mpi_alloc_like (prime);
+ if (e == NULL)
+ {
+ gnutls_assert ();
+ if (ret_x)
+ *ret_x = NULL;
+
+ _gnutls_mpi_release (&x);
+ return NULL;
+ }
+
+ _gnutls_mpi_powm (e, g, x, prime);
+
+ if (ret_x)
+ *ret_x = x;
+ else
+ _gnutls_mpi_release (&x);
+ return e;
+}
+
+
+bigint_t
+gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime)
+{
+ bigint_t k;
+ int bits;
+
+ bits = _gnutls_mpi_get_nbits (prime);
+ if (bits <= 0 || bits > MAX_BITS)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ k = _gnutls_mpi_alloc_like (prime);
+ if (k == NULL)
+ return NULL;
+ _gnutls_mpi_powm (k, f, x, prime);
+ return k;
+}
+
+/*-
+ * _gnutls_get_dh_params - Returns the DH parameters pointer
+ * @dh_params: is an DH parameters structure, or NULL.
+ * @func: is a callback function to receive the parameters or NULL.
+ * @session: a gnutls session.
+ *
+ * This function will return the dh parameters pointer.
+ -*/
+gnutls_dh_params_t
+_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
+ gnutls_params_function * func,
+ gnutls_session_t session)
+{
+ gnutls_params_st params;
+ int ret;
+
+ /* if cached return the cached */
+ if (session->internals.params.dh_params)
+ return session->internals.params.dh_params;
+
+ if (dh_params)
+ {
+ session->internals.params.dh_params = dh_params;
+ }
+ else if (func)
+ {
+ ret = func (session, GNUTLS_PARAMS_DH, ¶ms);
+ if (ret == 0 && params.type == GNUTLS_PARAMS_DH)
+ {
+ session->internals.params.dh_params = params.params.dh;
+ session->internals.params.free_dh_params = params.deinit;
+ }
+ }
+
+ return session->internals.params.dh_params;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_DH_H
+#define GNUTLS_DH_H
+
+const bigint_t *_gnutls_dh_params_to_mpi (gnutls_dh_params_t);
+bigint_t gnutls_calc_dh_secret (bigint_t * ret_x, bigint_t g, bigint_t prime);
+bigint_t gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime);
+
+gnutls_dh_params_t
+_gnutls_get_dh_params (gnutls_dh_params_t dh_params,
+ gnutls_params_function * func,
+ gnutls_session_t session);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2003, 2004, 2005, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <x509_b64.h> /* for PKCS3 PEM decoding */
+#include <gnutls_global.h>
+#include <gnutls_dh.h>
+#include <gnutls_pk.h>
+#include <gnutls/crypto.h>
+#include "x509/x509_int.h"
+#include "debug.h"
+
+
+/* returns the prime and the generator of DH params.
+ */
+const bigint_t *
+_gnutls_dh_params_to_mpi (gnutls_dh_params_t dh_primes)
+{
+ if (dh_primes == NULL || dh_primes->params[1] == NULL ||
+ dh_primes->params[0] == NULL)
+ {
+ return NULL;
+ }
+
+ return dh_primes->params;
+}
+
+
+/**
+ * gnutls_dh_params_import_raw:
+ * @dh_params: Is a structure that will hold the prime numbers
+ * @prime: holds the new prime
+ * @generator: holds the new generator
+ *
+ * This function will replace the pair of prime and generator for use
+ * in the Diffie-Hellman key exchange. The new parameters should be
+ * stored in the appropriate gnutls_datum.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
+ const gnutls_datum_t * prime,
+ const gnutls_datum_t * generator)
+{
+ bigint_t tmp_prime, tmp_g;
+ size_t siz;
+
+ siz = prime->size;
+ if (_gnutls_mpi_scan_nz (&tmp_prime, prime->data, siz))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = generator->size;
+ if (_gnutls_mpi_scan_nz (&tmp_g, generator->data, siz))
+ {
+ _gnutls_mpi_release (&tmp_prime);
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ /* store the generated values
+ */
+ dh_params->params[0] = tmp_prime;
+ dh_params->params[1] = tmp_g;
+
+ return 0;
+
+}
+
+/**
+ * gnutls_dh_params_init:
+ * @dh_params: Is a structure that will hold the prime numbers
+ *
+ * This function will initialize the DH parameters structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_dh_params_init (gnutls_dh_params_t * dh_params)
+{
+
+ (*dh_params) = gnutls_calloc (1, sizeof (dh_params_st));
+ if (*dh_params == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_dh_params_deinit:
+ * @dh_params: Is a structure that holds the prime numbers
+ *
+ * This function will deinitialize the DH parameters structure.
+ **/
+void
+gnutls_dh_params_deinit (gnutls_dh_params_t dh_params)
+{
+ if (dh_params == NULL)
+ return;
+
+ _gnutls_mpi_release (&dh_params->params[0]);
+ _gnutls_mpi_release (&dh_params->params[1]);
+
+ gnutls_free (dh_params);
+
+}
+
+/**
+ * gnutls_dh_params_cpy:
+ * @dst: Is the destination structure, which should be initialized.
+ * @src: Is the source structure
+ *
+ * This function will copy the DH parameters structure from source
+ * to destination.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src)
+{
+ if (src == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ dst->params[0] = _gnutls_mpi_copy (src->params[0]);
+ dst->params[1] = _gnutls_mpi_copy (src->params[1]);
+
+ if (dst->params[0] == NULL || dst->params[1] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ return 0;
+}
+
+
+/**
+ * gnutls_dh_params_generate2:
+ * @params: Is the structure that the DH parameters will be stored
+ * @bits: is the prime's number of bits
+ *
+ * This function will generate a new pair of prime and generator for use in
+ * the Diffie-Hellman key exchange. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ * This function is normally slow.
+ *
+ * Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits() to
+ * get bits for %GNUTLS_PK_DSA.
+ * Also note that the DH parameters are only useful to servers.
+ * Since clients use the parameters sent by the server, it's of
+ * no use to call this in client side.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_dh_params_generate2 (gnutls_dh_params_t params, unsigned int bits)
+{
+ int ret;
+ gnutls_group_st group;
+
+ ret = _gnutls_mpi_generate_group (&group, bits);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ params->params[0] = group.p;
+ params->params[1] = group.g;
+
+ return 0;
+}
+
+/**
+ * gnutls_dh_params_import_pkcs3:
+ * @params: A structure where the parameters will be copied to
+ * @pkcs3_params: should contain a PKCS3 DHParams structure PEM or DER encoded
+ * @format: the format of params. PEM or DER.
+ *
+ * This function will extract the DHParams found in a PKCS3 formatted
+ * structure. This is the format generated by "openssl dhparam" tool.
+ *
+ * If the structure is PEM encoded, it should have a header
+ * of "BEGIN DH PARAMETERS".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
+ const gnutls_datum_t * pkcs3_params,
+ gnutls_x509_crt_fmt_t format)
+{
+ ASN1_TYPE c2;
+ int result, need_free = 0;
+ gnutls_datum_t _params;
+
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ result = _gnutls_fbase64_decode ("DH PARAMETERS",
+ pkcs3_params->data,
+ pkcs3_params->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+
+ _params.data = out;
+ _params.size = result;
+
+ need_free = 1;
+
+ }
+ else
+ {
+ _params.data = pkcs3_params->data;
+ _params.size = pkcs3_params->size;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ if (need_free != 0)
+ {
+ gnutls_free (_params.data);
+ _params.data = NULL;
+ }
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, _params.data, _params.size, NULL);
+
+ if (need_free != 0)
+ {
+ gnutls_free (_params.data);
+ _params.data = NULL;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+
+ _gnutls_x509_log ("DHParams: Decoding error %d\n", result);
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ /* Read PRIME
+ */
+ result = _gnutls_x509_read_int (c2, "prime", ¶ms->params[0]);
+ if (result < 0)
+ {
+ asn1_delete_structure (&c2);
+ gnutls_assert ();
+ return result;
+ }
+
+ /* read the generator
+ */
+ result = _gnutls_x509_read_int (c2, "base", ¶ms->params[1]);
+ if (result < 0)
+ {
+ asn1_delete_structure (&c2);
+ _gnutls_mpi_release (¶ms->params[0]);
+ gnutls_assert ();
+ return result;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+}
+
+/**
+ * gnutls_dh_params_export_pkcs3:
+ * @params: Holds the DH parameters
+ * @format: the format of output params. One of PEM or DER.
+ * @params_data: will contain a PKCS3 DHParams structure PEM or DER encoded
+ * @params_data_size: holds the size of params_data (and will be replaced by the actual size of parameters)
+ *
+ * This function will export the given dh parameters to a PKCS3
+ * DHParams structure. This is the format generated by "openssl dhparam" tool.
+ * If the buffer provided is not long enough to hold the output, then
+ * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN DH PARAMETERS".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
+{
+ ASN1_TYPE c2;
+ int result, _params_data_size;
+ size_t g_size, p_size;
+ opaque *p_data, *g_data;
+ opaque *all_data;
+
+ _gnutls_mpi_print_lz (params->params[1], NULL, &g_size);
+ _gnutls_mpi_print_lz (params->params[0], NULL, &p_size);
+
+ all_data = gnutls_malloc (g_size + p_size);
+ if (all_data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p_data = &all_data[0];
+ _gnutls_mpi_print_lz (params->params[0], p_data, &p_size);
+
+ g_data = &all_data[p_size];
+ _gnutls_mpi_print_lz (params->params[1], g_data, &g_size);
+
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DHParameter", &c2))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (all_data);
+ return _gnutls_asn2err (result);
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value (c2, "prime",
+ p_data, p_size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (all_data);
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ /* Write the GENERATOR
+ */
+ if ((result = asn1_write_value (c2, "base",
+ g_data, g_size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (all_data);
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ gnutls_free (all_data);
+
+ if ((result = asn1_write_value (c2, "privateValueLength",
+ NULL, 0)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ if (format == GNUTLS_X509_FMT_DER)
+ {
+ if (params_data == NULL)
+ *params_data_size = 0;
+
+ _params_data_size = *params_data_size;
+ result =
+ asn1_der_coding (c2, "", params_data, &_params_data_size, NULL);
+ *params_data_size = _params_data_size;
+ asn1_delete_structure (&c2);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ if (result == ASN1_MEM_ERROR)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ return _gnutls_asn2err (result);
+ }
+
+ }
+ else
+ { /* PEM */
+ opaque *tmp;
+ opaque *out;
+ int len;
+
+ len = 0;
+ asn1_der_coding (c2, "", NULL, &len, NULL);
+
+ tmp = gnutls_malloc (len);
+ if (tmp == NULL)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if ((result =
+ asn1_der_coding (c2, "", tmp, &len, NULL)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (tmp);
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ asn1_delete_structure (&c2);
+
+ result = _gnutls_fbase64_encode ("DH PARAMETERS", tmp, len, &out);
+
+ gnutls_free (tmp);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (result == 0)
+ { /* oooops */
+ gnutls_assert ();
+ gnutls_free (out);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((unsigned) result > *params_data_size)
+ {
+ gnutls_assert ();
+ gnutls_free (out);
+ *params_data_size = result;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *params_data_size = result - 1;
+
+ if (params_data)
+ memcpy (params_data, out, result);
+
+ gnutls_free (out);
+
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_dh_params_export_raw:
+ * @params: Holds the DH parameters
+ * @prime: will hold the new prime
+ * @generator: will hold the new generator
+ * @bits: if non null will hold is the prime's number of bits
+ *
+ * This function will export the pair of prime and generator for use
+ * in the Diffie-Hellman key exchange. The new parameters will be
+ * allocated using gnutls_malloc() and will be stored in the
+ * appropriate datum.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_dh_params_export_raw (gnutls_dh_params_t params,
+ gnutls_datum_t * prime,
+ gnutls_datum_t * generator, unsigned int *bits)
+{
+ int ret;
+
+ if (params->params[1] == NULL || params->params[0] == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint (params->params[1], generator);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint (params->params[0], prime);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (generator);
+ return ret;
+ }
+
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits (params->params[0]);
+
+ return 0;
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include "gnutls_errors.h"
+#include <libtasn1.h>
+#ifdef STDC_HEADERS
+#include <stdarg.h>
+#endif
+
+/* I18n of error codes. */
+#include "gettext.h"
+#define _(String) dgettext (PACKAGE, String)
+#define N_(String) gettext_noop (String)
+
+#define ERROR_ENTRY(desc, name, fatal) \
+ { desc, #name, name, fatal}
+
+struct gnutls_error_entry
+{
+ const char *desc;
+ const char *_name;
+ int number;
+ int fatal; /* whether this error is fatal and the session for handshake
+ * should be terminated.
+ */
+};
+typedef struct gnutls_error_entry gnutls_error_entry;
+
+static const gnutls_error_entry error_algorithms[] = {
+ /* "Short Description", Error code define, critical (0,1) -- 1 in most cases */
+ ERROR_ENTRY (N_("Success."), GNUTLS_E_SUCCESS, 0),
+ ERROR_ENTRY (N_("Could not negotiate a supported cipher suite."),
+ GNUTLS_E_UNKNOWN_CIPHER_SUITE, 1),
+ ERROR_ENTRY (N_("The cipher type is unsupported."),
+ GNUTLS_E_UNKNOWN_CIPHER_TYPE, 1),
+ ERROR_ENTRY (N_("The certificate and the given key do not match."),
+ GNUTLS_E_CERTIFICATE_KEY_MISMATCH, 1),
+ ERROR_ENTRY (N_("Could not negotiate a supported compression method."),
+ GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM, 1),
+ ERROR_ENTRY (N_("An unknown public key algorithm was encountered."),
+ GNUTLS_E_UNKNOWN_PK_ALGORITHM, 1),
+
+ ERROR_ENTRY (N_("An algorithm that is not enabled was negotiated."),
+ GNUTLS_E_UNWANTED_ALGORITHM, 1),
+ ERROR_ENTRY (N_("A large TLS record packet was received."),
+ GNUTLS_E_LARGE_PACKET, 1),
+ ERROR_ENTRY (N_("A record packet with illegal version was received."),
+ GNUTLS_E_UNSUPPORTED_VERSION_PACKET, 1),
+ ERROR_ENTRY (N_
+ ("The Diffie-Hellman prime sent by the server is not acceptable (not long enough)."),
+ GNUTLS_E_DH_PRIME_UNACCEPTABLE, 1),
+ ERROR_ENTRY (N_("A TLS packet with unexpected length was received."),
+ GNUTLS_E_UNEXPECTED_PACKET_LENGTH, 1),
+ ERROR_ENTRY (N_
+ ("The specified session has been invalidated for some reason."),
+ GNUTLS_E_INVALID_SESSION, 1),
+
+ ERROR_ENTRY (N_("GnuTLS internal error."), GNUTLS_E_INTERNAL_ERROR, 1),
+ ERROR_ENTRY (N_("An illegal TLS extension was received."),
+ GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION, 1),
+ ERROR_ENTRY (N_("A TLS fatal alert has been received."),
+ GNUTLS_E_FATAL_ALERT_RECEIVED, 1),
+ ERROR_ENTRY (N_("An unexpected TLS packet was received."),
+ GNUTLS_E_UNEXPECTED_PACKET, 1),
+ ERROR_ENTRY (N_("A TLS warning alert has been received."),
+ GNUTLS_E_WARNING_ALERT_RECEIVED, 0),
+ ERROR_ENTRY (N_
+ ("An error was encountered at the TLS Finished packet calculation."),
+ GNUTLS_E_ERROR_IN_FINISHED_PACKET, 1),
+ ERROR_ENTRY (N_("The peer did not send any certificate."),
+ GNUTLS_E_NO_CERTIFICATE_FOUND, 1),
+ ERROR_ENTRY (N_("The given DSA key is incompatible with the selected TLS protocol."),
+ GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL, 1),
+
+ ERROR_ENTRY (N_("There is already a crypto algorithm with lower priority."),
+ GNUTLS_E_CRYPTO_ALREADY_REGISTERED, 1),
+
+ ERROR_ENTRY (N_("No temporary RSA parameters were found."),
+ GNUTLS_E_NO_TEMPORARY_RSA_PARAMS, 1),
+ ERROR_ENTRY (N_("No temporary DH parameters were found."),
+ GNUTLS_E_NO_TEMPORARY_DH_PARAMS, 1),
+ ERROR_ENTRY (N_("An unexpected TLS handshake packet was received."),
+ GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET, 1),
+ ERROR_ENTRY (N_("The scanning of a large integer has failed."),
+ GNUTLS_E_MPI_SCAN_FAILED, 1),
+ ERROR_ENTRY (N_("Could not export a large integer."),
+ GNUTLS_E_MPI_PRINT_FAILED, 1),
+ ERROR_ENTRY (N_("Decryption has failed."), GNUTLS_E_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY (N_("Encryption has failed."), GNUTLS_E_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY (N_("Public key decryption has failed."),
+ GNUTLS_E_PK_DECRYPTION_FAILED, 1),
+ ERROR_ENTRY (N_("Public key encryption has failed."),
+ GNUTLS_E_PK_ENCRYPTION_FAILED, 1),
+ ERROR_ENTRY (N_("Public key signing has failed."), GNUTLS_E_PK_SIGN_FAILED,
+ 1),
+ ERROR_ENTRY (N_("Public key signature verification has failed."),
+ GNUTLS_E_PK_SIG_VERIFY_FAILED, 1),
+ ERROR_ENTRY (N_("Decompression of the TLS record packet has failed."),
+ GNUTLS_E_DECOMPRESSION_FAILED, 1),
+ ERROR_ENTRY (N_("Compression of the TLS record packet has failed."),
+ GNUTLS_E_COMPRESSION_FAILED, 1),
+
+ ERROR_ENTRY (N_("Internal error in memory allocation."),
+ GNUTLS_E_MEMORY_ERROR, 1),
+ ERROR_ENTRY (N_("An unimplemented or disabled feature has been requested."),
+ GNUTLS_E_UNIMPLEMENTED_FEATURE, 1),
+ ERROR_ENTRY (N_("Insufficient credentials for that request."),
+ GNUTLS_E_INSUFFICIENT_CREDENTIALS, 1),
+ ERROR_ENTRY (N_("Error in password file."), GNUTLS_E_SRP_PWD_ERROR, 1),
+ ERROR_ENTRY (N_("Wrong padding in PKCS1 packet."), GNUTLS_E_PKCS1_WRONG_PAD,
+ 1),
+ ERROR_ENTRY (N_("The requested session has expired."), GNUTLS_E_EXPIRED, 1),
+ ERROR_ENTRY (N_("Hashing has failed."), GNUTLS_E_HASH_FAILED, 1),
+ ERROR_ENTRY (N_("Base64 decoding error."), GNUTLS_E_BASE64_DECODING_ERROR,
+ 1),
+ ERROR_ENTRY (N_("Base64 unexpected header error."),
+ GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR,
+ 1),
+ ERROR_ENTRY (N_("Base64 encoding error."), GNUTLS_E_BASE64_ENCODING_ERROR,
+ 1),
+ ERROR_ENTRY (N_("Parsing error in password file."),
+ GNUTLS_E_SRP_PWD_PARSING_ERROR, 1),
+ ERROR_ENTRY (N_("The requested data were not available."),
+ GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, 1),
+ ERROR_ENTRY (N_("Error in the pull function."), GNUTLS_E_PULL_ERROR, 1),
+ ERROR_ENTRY (N_("Error in the push function."), GNUTLS_E_PUSH_ERROR, 1),
+ ERROR_ENTRY (N_
+ ("The upper limit of record packet sequence numbers has been reached. Wow!"),
+ GNUTLS_E_RECORD_LIMIT_REACHED, 1),
+ ERROR_ENTRY (N_("Error in the certificate."), GNUTLS_E_CERTIFICATE_ERROR,
+ 1),
+ ERROR_ENTRY (N_("Unknown Subject Alternative name in X.509 certificate."),
+ GNUTLS_E_X509_UNKNOWN_SAN, 1),
+
+ ERROR_ENTRY (N_("Unsupported critical extension in X.509 certificate."),
+ GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION, 1),
+ ERROR_ENTRY (N_("Key usage violation in certificate has been detected."),
+ GNUTLS_E_KEY_USAGE_VIOLATION, 1),
+ ERROR_ENTRY (N_("Resource temporarily unavailable, try again."),
+ GNUTLS_E_AGAIN, 0),
+ ERROR_ENTRY (N_("Function was interrupted."), GNUTLS_E_INTERRUPTED, 0),
+ ERROR_ENTRY (N_("Rehandshake was requested by the peer."),
+ GNUTLS_E_REHANDSHAKE, 0),
+ ERROR_ENTRY (N_
+ ("TLS Application data were received, while expecting handshake data."),
+ GNUTLS_E_GOT_APPLICATION_DATA, 1),
+ ERROR_ENTRY (N_("Error in Database backend."), GNUTLS_E_DB_ERROR, 1),
+ ERROR_ENTRY (N_("The certificate type is not supported."),
+ GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE, 1),
+ ERROR_ENTRY (N_("The given memory buffer is too short to hold parameters."),
+ GNUTLS_E_SHORT_MEMORY_BUFFER, 1),
+ ERROR_ENTRY (N_("The request is invalid."), GNUTLS_E_INVALID_REQUEST, 1),
+ ERROR_ENTRY (N_("An illegal parameter has been received."),
+ GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER, 1),
+ ERROR_ENTRY (N_("Error while reading file."), GNUTLS_E_FILE_ERROR, 1),
+
+ ERROR_ENTRY (N_("ASN1 parser: Element was not found."),
+ GNUTLS_E_ASN1_ELEMENT_NOT_FOUND, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Identifier was not found"),
+ GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Error in DER parsing."),
+ GNUTLS_E_ASN1_DER_ERROR, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Value was not found."),
+ GNUTLS_E_ASN1_VALUE_NOT_FOUND, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Generic parsing error."),
+ GNUTLS_E_ASN1_GENERIC_ERROR, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Value is not valid."),
+ GNUTLS_E_ASN1_VALUE_NOT_VALID, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Error in TAG."), GNUTLS_E_ASN1_TAG_ERROR, 1),
+ ERROR_ENTRY (N_("ASN1 parser: error in implicit tag"),
+ GNUTLS_E_ASN1_TAG_IMPLICIT, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Error in type 'ANY'."),
+ GNUTLS_E_ASN1_TYPE_ANY_ERROR, 1),
+ ERROR_ENTRY (N_("ASN1 parser: Syntax error."), GNUTLS_E_ASN1_SYNTAX_ERROR,
+ 1),
+ ERROR_ENTRY (N_("ASN1 parser: Overflow in DER parsing."),
+ GNUTLS_E_ASN1_DER_OVERFLOW, 1),
+
+ ERROR_ENTRY (N_("Too many empty record packets have been received."),
+ GNUTLS_E_TOO_MANY_EMPTY_PACKETS, 1),
+ ERROR_ENTRY (N_("The initialization of GnuTLS-extra has failed."),
+ GNUTLS_E_INIT_LIBEXTRA, 1),
+ ERROR_ENTRY (N_
+ ("The GnuTLS library version does not match the GnuTLS-extra library version."),
+ GNUTLS_E_LIBRARY_VERSION_MISMATCH, 1),
+ ERROR_ENTRY (N_("The gcrypt library version is too old."),
+ GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY, 1),
+
+ ERROR_ENTRY (N_("The tasn1 library version is too old."),
+ GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY, 1),
+ ERROR_ENTRY (N_("The OpenPGP User ID is revoked."),
+ GNUTLS_E_OPENPGP_UID_REVOKED, 1),
+ ERROR_ENTRY (N_("The OpenPGP key has not a preferred key set."),
+ GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR, 1),
+ ERROR_ENTRY (N_("Error loading the keyring."),
+ GNUTLS_E_OPENPGP_KEYRING_ERROR, 1),
+ ERROR_ENTRY (N_("The initialization of crypto backend has failed."),
+ GNUTLS_E_CRYPTO_INIT_FAILED, 1),
+ ERROR_ENTRY (N_("The initialization of LZO has failed."),
+ GNUTLS_E_LZO_INIT_FAILED, 1),
+ ERROR_ENTRY (N_("No supported compression algorithms have been found."),
+ GNUTLS_E_NO_COMPRESSION_ALGORITHMS, 1),
+ ERROR_ENTRY (N_("No supported cipher suites have been found."),
+ GNUTLS_E_NO_CIPHER_SUITES, 1),
+ ERROR_ENTRY (N_("Could not get OpenPGP key."),
+ GNUTLS_E_OPENPGP_GETKEY_FAILED, 1),
+ ERROR_ENTRY (N_("Could not find OpenPGP subkey."),
+ GNUTLS_E_OPENPGP_SUBKEY_ERROR, 1),
+ ERROR_ENTRY (N_("Safe renegotiation failed."),
+ GNUTLS_E_SAFE_RENEGOTIATION_FAILED, 1),
+ ERROR_ENTRY (N_("Unsafe renegotiation denied."),
+ GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED, 1),
+
+ ERROR_ENTRY (N_("The SRP username supplied is illegal."),
+ GNUTLS_E_ILLEGAL_SRP_USERNAME, 1),
+ ERROR_ENTRY (N_("The SRP username supplied is unknown."),
+ GNUTLS_E_UNKNOWN_SRP_USERNAME, 1),
+
+ ERROR_ENTRY (N_("The OpenPGP fingerprint is not supported."),
+ GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED, 1),
+ ERROR_ENTRY (N_("The signature algorithm is not supported."),
+ GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM, 1),
+ ERROR_ENTRY (N_("The certificate has unsupported attributes."),
+ GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE, 1),
+ ERROR_ENTRY (N_("The OID is not supported."), GNUTLS_E_X509_UNSUPPORTED_OID,
+ 1),
+ ERROR_ENTRY (N_("The hash algorithm is unknown."),
+ GNUTLS_E_UNKNOWN_HASH_ALGORITHM, 1),
+ ERROR_ENTRY (N_("The PKCS structure's content type is unknown."),
+ GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE, 1),
+ ERROR_ENTRY (N_("The PKCS structure's bag type is unknown."),
+ GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE, 1),
+ ERROR_ENTRY (N_("The given password contains invalid characters."),
+ GNUTLS_E_INVALID_PASSWORD, 1),
+ ERROR_ENTRY (N_("The Message Authentication Code verification failed."),
+ GNUTLS_E_MAC_VERIFY_FAILED, 1),
+ ERROR_ENTRY (N_("Some constraint limits were reached."),
+ GNUTLS_E_CONSTRAINT_ERROR, 1),
+ ERROR_ENTRY (N_("Failed to acquire random data."), GNUTLS_E_RANDOM_FAILED,
+ 1),
+
+ ERROR_ENTRY (N_("Received a TLS/IA Intermediate Phase Finished message"),
+ GNUTLS_E_WARNING_IA_IPHF_RECEIVED, 0),
+ ERROR_ENTRY (N_("Received a TLS/IA Final Phase Finished message"),
+ GNUTLS_E_WARNING_IA_FPHF_RECEIVED, 0),
+ ERROR_ENTRY (N_("Verifying TLS/IA phase checksum failed"),
+ GNUTLS_E_IA_VERIFY_FAILED, 1),
+
+ ERROR_ENTRY (N_("The specified algorithm or protocol is unknown."),
+ GNUTLS_E_UNKNOWN_ALGORITHM, 1),
+
+ ERROR_ENTRY (N_("The handshake data size is too large (DoS?), "
+ "check gnutls_handshake_set_max_packet_length()."),
+ GNUTLS_E_HANDSHAKE_TOO_LARGE, 1),
+
+ ERROR_ENTRY (N_("Error opening /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_DEVICE_ERROR, 1),
+
+ ERROR_ENTRY (N_("Error interfacing with /dev/crypto"),
+ GNUTLS_E_CRYPTODEV_IOCTL_ERROR, 1),
+
+ ERROR_ENTRY (N_("Channel binding data not available"),
+ GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE, 1),
+
+ ERROR_ENTRY (N_("PKCS #11 error."),
+ GNUTLS_E_PKCS11_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 initialization error."),
+ GNUTLS_E_PKCS11_LOAD_ERROR, 1),
+ ERROR_ENTRY (N_("Error in parsing."),
+ GNUTLS_E_PARSING_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in PIN."),
+ GNUTLS_E_PKCS11_PIN_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 PIN should be saved."),
+ GNUTLS_E_PKCS11_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in slot"),
+ GNUTLS_E_PKCS11_SLOT_ERROR, 1),
+ ERROR_ENTRY (N_("Thread locking error"),
+ GNUTLS_E_LOCKING_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in attribute"),
+ GNUTLS_E_PKCS11_ATTRIBUTE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in device"),
+ GNUTLS_E_PKCS11_DEVICE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in data"),
+ GNUTLS_E_PKCS11_DATA_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 unsupported feature"),
+ GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in key"),
+ GNUTLS_E_PKCS11_KEY_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 PIN expired"),
+ GNUTLS_E_PKCS11_PIN_EXPIRED, 1),
+ ERROR_ENTRY (N_("PKCS #11 PIN locked"),
+ GNUTLS_E_PKCS11_PIN_LOCKED, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in session"),
+ GNUTLS_E_PKCS11_SESSION_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in signature"),
+ GNUTLS_E_PKCS11_SIGNATURE_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 error in token"),
+ GNUTLS_E_PKCS11_TOKEN_ERROR, 1),
+ ERROR_ENTRY (N_("PKCS #11 user error"),
+ GNUTLS_E_PKCS11_USER_ERROR, 1),
+ {NULL, NULL, 0, 0}
+};
+
+/**
+ * gnutls_error_is_fatal:
+ * @error: is a GnuTLS error code, a negative value
+ *
+ * If a GnuTLS function returns a negative value you may feed that
+ * value to this function to see if the error condition is fatal.
+ *
+ * Note that you may want to check the error code manually, since some
+ * non-fatal errors to the protocol may be fatal for you program.
+ *
+ * This function is only useful if you are dealing with errors from
+ * the record layer or the handshake layer.
+ *
+ * Returns: 1 if the error code is fatal, for positive @error values,
+ * 0 is returned. For unknown @error values, -1 is returned.
+ **/
+int
+gnutls_error_is_fatal (int error)
+{
+ int ret = 1;
+ const gnutls_error_entry *p;
+
+ /* Input sanitzation. Positive values are not errors at all, and
+ definitely not fatal. */
+ if (error > 0)
+ return 0;
+
+ for (p = error_algorithms; p->desc != NULL; p++)
+ {
+ if (p->number == error)
+ {
+ ret = p->fatal;
+ break;
+ }
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_perror:
+ * @error: is a GnuTLS error code, a negative value
+ *
+ * This function is like perror(). The only difference is that it
+ * accepts an error number returned by a gnutls function.
+ **/
+void
+gnutls_perror (int error)
+{
+ fprintf (stderr, "GnuTLS error: %s\n", gnutls_strerror (error));
+}
+
+
+/**
+ * gnutls_strerror:
+ * @error: is a GnuTLS error code, a negative value
+ *
+ * This function is similar to strerror. The difference is that it
+ * accepts an error number returned by a gnutls function; In case of
+ * an unknown error a descriptive string is sent instead of %NULL.
+ *
+ * Error codes are always a negative value.
+ *
+ * Returns: A string explaining the GnuTLS error message.
+ **/
+const char *
+gnutls_strerror (int error)
+{
+ const char *ret = NULL;
+ const gnutls_error_entry *p;
+
+ for (p = error_algorithms; p->desc != NULL; p++)
+ {
+ if (p->number == error)
+ {
+ ret = p->desc;
+ break;
+ }
+ }
+
+ /* avoid prefix */
+ if (ret == NULL)
+ return _("(unknown error code)");
+
+ return _(ret);
+}
+
+/**
+ * gnutls_strerror_name:
+ * @error: is an error returned by a gnutls function.
+ *
+ * Return the GnuTLS error code define as a string. For example,
+ * gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return
+ * the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".
+ *
+ * Returns: A string corresponding to the symbol name of the error
+ * code.
+ *
+ * Since: 2.6.0
+ **/
+const char *
+gnutls_strerror_name (int error)
+{
+ const char *ret = NULL;
+ const gnutls_error_entry *p;
+
+ for (p = error_algorithms; p->desc != NULL; p++)
+ {
+ if (p->number == error)
+ {
+ ret = p->_name;
+ break;
+ }
+ }
+
+ return ret;
+}
+
+int
+_gnutls_asn2err (int asn_err)
+{
+ switch (asn_err)
+ {
+ case ASN1_FILE_NOT_FOUND:
+ return GNUTLS_E_FILE_ERROR;
+ case ASN1_ELEMENT_NOT_FOUND:
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ case ASN1_IDENTIFIER_NOT_FOUND:
+ return GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND;
+ case ASN1_DER_ERROR:
+ return GNUTLS_E_ASN1_DER_ERROR;
+ case ASN1_VALUE_NOT_FOUND:
+ return GNUTLS_E_ASN1_VALUE_NOT_FOUND;
+ case ASN1_GENERIC_ERROR:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ case ASN1_VALUE_NOT_VALID:
+ return GNUTLS_E_ASN1_VALUE_NOT_VALID;
+ case ASN1_TAG_ERROR:
+ return GNUTLS_E_ASN1_TAG_ERROR;
+ case ASN1_TAG_IMPLICIT:
+ return GNUTLS_E_ASN1_TAG_IMPLICIT;
+ case ASN1_ERROR_TYPE_ANY:
+ return GNUTLS_E_ASN1_TYPE_ANY_ERROR;
+ case ASN1_SYNTAX_ERROR:
+ return GNUTLS_E_ASN1_SYNTAX_ERROR;
+ case ASN1_MEM_ERROR:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ case ASN1_MEM_ALLOC_ERROR:
+ return GNUTLS_E_MEMORY_ERROR;
+ case ASN1_DER_OVERFLOW:
+ return GNUTLS_E_ASN1_DER_OVERFLOW;
+ default:
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+}
+
+void
+_gnutls_mpi_log (const char *prefix, bigint_t a)
+{
+ size_t binlen = 0;
+ void *binbuf;
+ size_t hexlen;
+ char *hexbuf;
+ int res;
+
+ res = _gnutls_mpi_print (a, NULL, &binlen);
+ if (res != 0)
+ {
+ gnutls_assert ();
+ _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res,
+ (int) binlen);
+ return;
+ }
+
+ if (binlen > 1024 * 1024)
+ {
+ gnutls_assert ();
+ _gnutls_hard_log ("MPI: too large mpi (%d)\n", (int) binlen);
+ return;
+ }
+
+ binbuf = gnutls_malloc (binlen);
+ if (!binbuf)
+ {
+ gnutls_assert ();
+ _gnutls_hard_log ("MPI: out of memory (%d)\n", (int) binlen);
+ return;
+ }
+
+ res = _gnutls_mpi_print (a, binbuf, &binlen);
+ if (res != 0)
+ {
+ gnutls_assert ();
+ _gnutls_hard_log ("MPI: can't print value (%d/%d)\n", res,
+ (int) binlen);
+ gnutls_free (binbuf);
+ return;
+ }
+
+ hexlen = 2 * binlen + 1;
+ hexbuf = gnutls_malloc (hexlen);
+
+ if (!hexbuf)
+ {
+ gnutls_assert ();
+ _gnutls_hard_log ("MPI: out of memory (hex %d)\n", (int) hexlen);
+ gnutls_free (binbuf);
+ return;
+ }
+
+ _gnutls_bin2hex (binbuf, binlen, hexbuf, hexlen, NULL);
+
+ _gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (int) binlen, prefix,
+ hexbuf);
+
+ gnutls_free (hexbuf);
+ gnutls_free (binbuf);
+}
+
+/* this function will output a message using the
+ * caller provided function
+ */
+void
+_gnutls_log (int level, const char *fmt, ...)
+{
+ va_list args;
+ char *str;
+ int ret;
+
+ if (_gnutls_log_func == NULL)
+ return;
+
+ va_start (args, fmt);
+ ret = vasprintf (&str, fmt, args);
+ va_end (args);
+
+ if (ret >= 0)
+ {
+ _gnutls_log_func (level, str);
+ free (str);
+ }
+}
+
+#ifndef DEBUG
+#ifndef C99_MACROS
+
+/* Without C99 macros these functions have to
+ * be called. This may affect performance.
+ */
+void
+_gnutls_null_log (void *x, ...)
+{
+ return;
+}
+
+#endif /* C99_MACROS */
+#endif /* DEBUG */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_ERRORS_H
+#define GNUTLS_ERRORS_H
+
+#include <gnutls_int.h>
+#include <gnutls_global.h>
+
+#define GNUTLS_E_INT_RET_0 -1251
+
+#ifdef __FILE__
+#ifdef __LINE__
+#define gnutls_assert() _gnutls_debug_log( "ASSERT: %s:%d\n", __FILE__,__LINE__);
+#else
+#define gnutls_assert()
+#endif
+#else /* __FILE__ not defined */
+#define gnutls_assert()
+#endif
+
+int _gnutls_asn2err (int asn_err);
+void
+_gnutls_log (int, const char *fmt, ...)
+#ifdef __GNUC__
+ __attribute__ ((format (printf, 2, 3)));
+#else
+ ;
+#endif
+
+ void _gnutls_mpi_log (const char *prefix, bigint_t a);
+
+#ifdef C99_MACROS
+#define LEVEL(l, ...) do { if (_gnutls_log_level >= l || _gnutls_log_level > 9) \
+ _gnutls_log( l, __VA_ARGS__); } while(0)
+
+#define LEVEL_EQ(l, ...) do { if (_gnutls_log_level == l || _gnutls_log_level > 9) \
+ _gnutls_log( l, __VA_ARGS__); } while(0)
+
+#define _gnutls_debug_log(...) LEVEL(2, __VA_ARGS__)
+#define _gnutls_handshake_log(...) LEVEL(3, __VA_ARGS__)
+#define _gnutls_io_log(...) LEVEL_EQ(5, __VA_ARGS__)
+#define _gnutls_buffers_log(...) LEVEL_EQ(6, __VA_ARGS__)
+#define _gnutls_hard_log(...) LEVEL(9, __VA_ARGS__)
+#define _gnutls_record_log(...) LEVEL(4, __VA_ARGS__)
+#define _gnutls_read_log(...) LEVEL_EQ(7, __VA_ARGS__)
+#define _gnutls_write_log(...) LEVEL_EQ(7, __VA_ARGS__)
+#define _gnutls_x509_log(...) LEVEL(1, __VA_ARGS__)
+#else
+#define _gnutls_debug_log _gnutls_null_log
+#define _gnutls_handshake_log _gnutls_null_log
+#define _gnutls_io_log _gnutls_null_log
+#define _gnutls_buffers_log _gnutls_null_log
+#define _gnutls_hard_log _gnutls_null_log
+#define _gnutls_record_log _gnutls_null_log
+#define _gnutls_read_log _gnutls_null_log
+#define _gnutls_write_log _gnutls_null_log
+#define _gnutls_x509_log _gnutls_null_log
+
+ void _gnutls_null_log (void *, ...);
+
+#endif /* C99_MACROS */
+
+/* GCC won't inline this by itself and results in a "fatal warning"
+ otherwise. Making this a macro has been tried, but it interacts
+ badly with the do..while in the expansion. Welcome to the dark
+ side. */
+ static inline
+#ifdef __GNUC__
+ __attribute__ ((always_inline))
+#endif
+ int gnutls_assert_val_int (int val, const char *file, int line)
+{
+ _gnutls_debug_log ("ASSERT: %s:%d\n", file, line);
+ return val;
+}
+
+#define gnutls_assert_val(x) gnutls_assert_val_int(x, __FILE__, __LINE__)
+
+#endif /* GNUTLS_ERRORS_H */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that relate to the TLS hello extension parsing.
+ * Hello extensions are packets appended in the TLS hello packet, and
+ * allow for extra functionality.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_extensions.h"
+#include "gnutls_errors.h"
+#include "ext_max_record.h"
+#include <ext_cert_type.h>
+#include <ext_server_name.h>
+#include <ext_srp.h>
+#include <ext_session_ticket.h>
+#include <ext_safe_renegotiation.h>
+#include <ext_signature.h>
+#include <ext_safe_renegotiation.h>
+#include <gnutls_num.h>
+
+
+static void _gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
+ uint16_t type);
+
+
+static size_t extfunc_size = 0;
+static extension_entry_st *extfunc = NULL;
+
+static gnutls_ext_parse_type_t
+_gnutls_ext_parse_type (uint16_t type)
+{
+ size_t i;
+
+ for (i = 0; i < extfunc_size; i++)
+ {
+ if (extfunc[i].type == type)
+ return extfunc[i].parse_type;
+ }
+
+ return GNUTLS_EXT_NONE;
+}
+
+static gnutls_ext_recv_func
+_gnutls_ext_func_recv (uint16_t type, gnutls_ext_parse_type_t parse_type)
+{
+ size_t i;
+
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ if (parse_type == GNUTLS_EXT_ANY || extfunc[i].parse_type == parse_type)
+ return extfunc[i].recv_func;
+
+ return NULL;
+}
+
+static gnutls_ext_deinit_data_func
+_gnutls_ext_func_deinit (uint16_t type)
+{
+ size_t i;
+
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].deinit_func;
+
+ return NULL;
+}
+
+static gnutls_ext_unpack_func
+_gnutls_ext_func_unpack (uint16_t type)
+{
+ size_t i;
+
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].unpack_func;
+
+ return NULL;
+}
+
+
+static const char *
+_gnutls_extension_get_name (uint16_t type)
+{
+ size_t i;
+
+ for (i = 0; i < extfunc_size; i++)
+ if (extfunc[i].type == type)
+ return extfunc[i].name;
+
+ return NULL;
+}
+
+/* Checks if the extension we just received is one of the
+ * requested ones. Otherwise it's a fatal error.
+ */
+static int
+_gnutls_extension_list_check (gnutls_session_t session, uint16_t type)
+{
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ int i;
+
+ for (i = 0; i < session->internals.extensions_sent_size; i++)
+ {
+ if (type == session->internals.extensions_sent[i])
+ return 0; /* ok found */
+ }
+
+ return GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_parse_extensions (gnutls_session_t session,
+ gnutls_ext_parse_type_t parse_type,
+ const opaque * data, int data_size)
+{
+ int next, ret;
+ int pos = 0;
+ uint16_t type;
+ const opaque *sdata;
+ gnutls_ext_recv_func ext_recv;
+ uint16_t size;
+
+#ifdef DEBUG
+ int i;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ for (i = 0; i < session->internals.extensions_sent_size; i++)
+ {
+ _gnutls_debug_log ("EXT[%d]: expecting extension '%s'\n",
+ session,
+ _gnutls_extension_get_name
+ (session->internals.extensions_sent[i]));
+ }
+#endif
+
+ DECR_LENGTH_RET (data_size, 2, 0);
+ next = _gnutls_read_uint16 (data);
+ pos += 2;
+
+ DECR_LENGTH_RET (data_size, next, 0);
+
+ do
+ {
+ DECR_LENGTH_RET (next, 2, 0);
+ type = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+#if 0
+ _gnutls_debug_log ("EXT[%p]: Found extension '%s/%d'\n", session,
+ _gnutls_extension_get_name (type), type);
+#endif
+
+ if ((ret = _gnutls_extension_list_check (session, type)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ DECR_LENGTH_RET (next, 2, 0);
+ size = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ DECR_LENGTH_RET (next, size, 0);
+ sdata = &data[pos];
+ pos += size;
+
+ ext_recv = _gnutls_ext_func_recv (type, parse_type);
+ if (ext_recv == NULL)
+ continue;
+
+ _gnutls_debug_log ("EXT[%p]: Parsing extension '%s/%d' (%d bytes)\n",
+ session, _gnutls_extension_get_name (type), type,
+ size);
+
+ if ((ret = ext_recv (session, sdata, size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ }
+ while (next > 2);
+
+ return 0;
+
+}
+
+/* Adds the extension we want to send in the extensions list.
+ * This list is used to check whether the (later) received
+ * extensions are the ones we requested.
+ */
+void
+_gnutls_extension_list_add (gnutls_session_t session, uint16_t type)
+{
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ if (session->internals.extensions_sent_size < MAX_EXT_TYPES)
+ {
+ session->internals.extensions_sent[session->internals.
+ extensions_sent_size] = type;
+ session->internals.extensions_sent_size++;
+ }
+ else
+ {
+ _gnutls_debug_log ("extensions: Increase MAX_EXT_TYPES\n");
+ }
+ }
+}
+
+int
+_gnutls_gen_extensions (gnutls_session_t session, opaque * data,
+ size_t data_size, gnutls_ext_parse_type_t parse_type)
+{
+ int size;
+ uint16_t pos = 0;
+ opaque *sdata;
+ size_t sdata_size;
+ size_t i;
+
+ if (data_size < 2)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* allocate enough data for each extension.
+ */
+ sdata_size = data_size;
+ sdata = gnutls_malloc (sdata_size);
+ if (sdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ pos += 2;
+ for (i = 0; i < extfunc_size; i++)
+ {
+ extension_entry_st *p = &extfunc[i];
+
+ if (p->send_func == NULL)
+ continue;
+
+ if (parse_type != GNUTLS_EXT_ANY && p->parse_type != parse_type)
+ continue;
+
+ size = p->send_func (session, sdata, sdata_size);
+ if (size > 0 || size == GNUTLS_E_INT_RET_0)
+ {
+ if (size == GNUTLS_E_INT_RET_0)
+ size = 0;
+
+ if (data_size < pos + (size_t) size + 4)
+ {
+ gnutls_assert ();
+ gnutls_free (sdata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* write extension type */
+ _gnutls_write_uint16 (p->type, &data[pos]);
+ pos += 2;
+
+ /* write size */
+ _gnutls_write_uint16 (size, &data[pos]);
+ pos += 2;
+
+ memcpy (&data[pos], sdata, size);
+ pos += size;
+
+ /* add this extension to the extension list
+ */
+ _gnutls_extension_list_add (session, p->type);
+
+ _gnutls_debug_log ("EXT[%p]: Sending extension %s (%d bytes)\n",
+ session, p->name, size);
+ }
+ else if (size < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (sdata);
+ return size;
+ }
+ }
+
+ size = pos;
+ pos -= 2; /* remove the size of the size header! */
+
+ _gnutls_write_uint16 (pos, data);
+
+ if (size == 2)
+ { /* empty */
+ size = 0;
+ }
+
+ gnutls_free (sdata);
+ return size;
+
+}
+
+int
+_gnutls_ext_init (void)
+{
+ int ret;
+
+ ret = _gnutls_ext_register (&ext_mod_max_record_size);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
+
+ ret = _gnutls_ext_register (&ext_mod_cert_type);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
+
+
+ ret = _gnutls_ext_register (&ext_mod_server_name);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
+
+ ret = _gnutls_ext_register (&ext_mod_sr);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
+
+#ifdef ENABLE_SRP
+ ret = _gnutls_ext_register (&ext_mod_srp);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
+#endif
+
+#ifdef ENABLE_SESSION_TICKET
+ ret = _gnutls_ext_register (&ext_mod_session_ticket);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
+#endif
+
+ ret = _gnutls_ext_register (&ext_mod_sig);
+ if (ret != GNUTLS_E_SUCCESS)
+ return ret;
+
+ return GNUTLS_E_SUCCESS;
+}
+
+void
+_gnutls_ext_deinit (void)
+{
+ gnutls_free (extfunc);
+ extfunc = NULL;
+ extfunc_size = 0;
+}
+
+int
+_gnutls_ext_register (extension_entry_st * mod)
+{
+ extension_entry_st *p;
+
+ p = gnutls_realloc (extfunc, sizeof (*extfunc) * (extfunc_size + 1));
+ if (!p)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ extfunc = p;
+
+ memcpy (&extfunc[extfunc_size], mod, sizeof (*mod));
+
+ extfunc_size++;
+
+ return GNUTLS_E_SUCCESS;
+}
+
+/**
+ * gnutls_ext_register:
+ * @type: the 16-bit integer referring to the extension type
+ * @name: human printable name of the extension used for debugging
+ * @parse_type: either #GNUTLS_EXT_TLS or %GNUTLS_EXT_APPLICATION.
+ * @recv_func: a function to receive extension data
+ * @send_func: a function to send extension data
+ *
+ * This function is used to register a new TLS extension handler.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Deprecated in: 2.12.0
+ */
+int
+gnutls_ext_register (int type,
+ const char *name,
+ gnutls_ext_parse_type_t parse_type,
+ gnutls_ext_recv_func recv_func,
+ gnutls_ext_send_func send_func)
+{
+ extension_entry_st ee;
+
+ memset (&ee, 0, sizeof (ee));
+
+ ee.type = type;
+ ee.name = name;
+ ee.parse_type = parse_type;
+ ee.recv_func = recv_func;
+ ee.send_func = send_func;
+ /* FIXME: Why is this exported? Should it be removed? */
+ return _gnutls_ext_register (&ee);
+}
+
+int
+_gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed)
+{
+ int i, ret;
+ extension_priv_data_t data;
+ int cur_size;
+ int size_offset;
+ int total_exts_pos;
+ int exts = 0;
+
+ total_exts_pos = packed->length;
+ BUFFER_APPEND_NUM (packed, 0);
+
+ for (i = 0; i < extfunc_size; i++)
+ {
+ ret = _gnutls_ext_get_session_data (session, extfunc[i].type, &data);
+ if (ret >= 0 && extfunc[i].pack_func != NULL)
+ {
+ BUFFER_APPEND_NUM (packed, extfunc[i].type);
+
+ size_offset = packed->length;
+ BUFFER_APPEND_NUM (packed, 0);
+
+ cur_size = packed->length;
+
+ ret = extfunc[i].pack_func (data, packed);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ exts++;
+ /* write the actual size */
+ _gnutls_write_uint32 (packed->length - cur_size,
+ packed->data + size_offset);
+ }
+ }
+
+ _gnutls_write_uint32 (exts, packed->data + total_exts_pos);
+
+ return 0;
+
+}
+
+void
+_gnutls_ext_restore_resumed_session (gnutls_session_t session)
+{
+ int i;
+
+
+ /* clear everything except MANDATORY extensions */
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.extension_int_data[i].set != 0 &&
+ _gnutls_ext_parse_type (session->internals.
+ extension_int_data[i].type) !=
+ GNUTLS_EXT_MANDATORY)
+ {
+ _gnutls_ext_unset_session_data (session,
+ session->
+ internals.extension_int_data[i].
+ type);
+ }
+ }
+
+ /* copy resumed to main */
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.resumed_extension_int_data[i].set != 0 &&
+ _gnutls_ext_parse_type (session->
+ internals.resumed_extension_int_data[i].
+ type) != GNUTLS_EXT_MANDATORY)
+ {
+ _gnutls_ext_set_session_data (session,
+ session->
+ internals.resumed_extension_int_data
+ [i].type,
+ session->
+ internals.resumed_extension_int_data
+ [i].priv);
+ session->internals.resumed_extension_int_data[i].set = 0;
+ }
+ }
+
+}
+
+
+static void
+_gnutls_ext_set_resumed_session_data (gnutls_session_t session, uint16_t type,
+ extension_priv_data_t data)
+{
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.resumed_extension_int_data[i].type == type
+ || session->internals.resumed_extension_int_data[i].set == 0)
+ {
+
+ if (session->internals.resumed_extension_int_data[i].set != 0)
+ _gnutls_ext_unset_resumed_session_data (session, type);
+
+ session->internals.resumed_extension_int_data[i].type = type;
+ session->internals.resumed_extension_int_data[i].priv = data;
+ session->internals.resumed_extension_int_data[i].set = 1;
+ return;
+ }
+ }
+}
+
+int
+_gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed)
+{
+ int i, ret;
+ extension_priv_data_t data;
+ gnutls_ext_unpack_func unpack;
+ int max_exts = 0;
+ uint16_t type;
+ int size_for_type, cur_pos;
+
+
+ BUFFER_POP_NUM (packed, max_exts);
+ for (i = 0; i < max_exts; i++)
+ {
+ BUFFER_POP_NUM (packed, type);
+ BUFFER_POP_NUM (packed, size_for_type);
+
+ cur_pos = packed->length;
+
+ unpack = _gnutls_ext_func_unpack (type);
+ if (unpack == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ ret = unpack (packed, &data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* verify that unpack read the correct bytes */
+ cur_pos = cur_pos - packed->length;
+ if (cur_pos /* read length */ != size_for_type)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ _gnutls_ext_set_resumed_session_data (session, type, data);
+ }
+
+ return 0;
+
+error:
+ return ret;
+}
+
+void
+_gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type)
+{
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
+
+ deinit = _gnutls_ext_func_deinit (type);
+ ret = _gnutls_ext_get_session_data (session, type, &data);
+
+ if (ret >= 0 && deinit != NULL)
+ {
+ deinit (data);
+ }
+
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.extension_int_data[i].type == type)
+ {
+ session->internals.extension_int_data[i].set = 0;
+ return;
+ }
+ }
+
+}
+
+static void
+_gnutls_ext_unset_resumed_session_data (gnutls_session_t session,
+ uint16_t type)
+{
+ gnutls_ext_deinit_data_func deinit;
+ extension_priv_data_t data;
+ int ret, i;
+
+ deinit = _gnutls_ext_func_deinit (type);
+ ret = _gnutls_ext_get_resumed_session_data (session, type, &data);
+
+ if (ret >= 0 && deinit != NULL)
+ {
+ deinit (data);
+ }
+
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.resumed_extension_int_data[i].type == type)
+ {
+ session->internals.resumed_extension_int_data[i].set = 0;
+ return;
+ }
+ }
+
+}
+
+/* Deinitializes all data that are associated with TLS extensions.
+ */
+void
+_gnutls_ext_free_session_data (gnutls_session_t session)
+{
+ int i;
+
+ for (i = 0; i < extfunc_size; i++)
+ {
+ _gnutls_ext_unset_session_data (session, extfunc[i].type);
+ }
+
+ for (i = 0; i < extfunc_size; i++)
+ {
+ _gnutls_ext_unset_resumed_session_data (session, extfunc[i].type);
+ }
+
+}
+
+/* This function allows and extension to store data in the current session
+ * and retrieve them later on. We use functions instead of a pointer to a
+ * private pointer, to allow API additions by individual extensions.
+ */
+void
+_gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
+ extension_priv_data_t data)
+{
+ int i;
+ gnutls_ext_deinit_data_func deinit;
+
+ deinit = _gnutls_ext_func_deinit (type);
+
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.extension_int_data[i].type == type
+ || session->internals.extension_int_data[i].set == 0)
+ {
+ if (session->internals.extension_int_data[i].set != 0)
+ {
+ if (deinit)
+ deinit (session->internals.extension_int_data[i].priv);
+ }
+ session->internals.extension_int_data[i].type = type;
+ session->internals.extension_int_data[i].priv = data;
+ session->internals.extension_int_data[i].set = 1;
+ return;
+ }
+ }
+}
+
+int
+_gnutls_ext_get_session_data (gnutls_session_t session,
+ uint16_t type, extension_priv_data_t * data)
+{
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.extension_int_data[i].set != 0 &&
+ session->internals.extension_int_data[i].type == type)
+ {
+ *data = session->internals.extension_int_data[i].priv;
+ return 0;
+ }
+ }
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+}
+
+int
+_gnutls_ext_get_resumed_session_data (gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data)
+{
+ int i;
+
+ for (i = 0; i < MAX_EXT_TYPES; i++)
+ {
+ if (session->internals.resumed_extension_int_data[i].set != 0 &&
+ session->internals.resumed_extension_int_data[i].type == type)
+ {
+ *data = session->internals.resumed_extension_int_data[i].priv;
+ return 0;
+ }
+ }
+ return GNUTLS_E_INVALID_REQUEST;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_EXTENSIONS_H
+#define GNUTLS_EXTENSIONS_H
+
+int _gnutls_parse_extensions (gnutls_session_t session,
+ gnutls_ext_parse_type_t parse_type,
+ const opaque * data, int data_size);
+int _gnutls_gen_extensions (gnutls_session_t session, opaque * data,
+ size_t data_size, gnutls_ext_parse_type_t);
+int _gnutls_ext_init (void);
+void _gnutls_ext_deinit (void);
+
+void _gnutls_extension_list_add (gnutls_session_t session, uint16_t type);
+
+typedef void (*gnutls_ext_deinit_data_func) (extension_priv_data_t data);
+typedef int (*gnutls_ext_pack_func) (extension_priv_data_t data,
+ gnutls_buffer_st * packed_data);
+typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_st * packed_data,
+ extension_priv_data_t * data);
+
+void _gnutls_ext_free_session_data (gnutls_session_t session);
+
+/* functions to be used by extensions internally
+ */
+void _gnutls_ext_unset_session_data (gnutls_session_t session, uint16_t type);
+void _gnutls_ext_set_session_data (gnutls_session_t session, uint16_t type,
+ extension_priv_data_t);
+int _gnutls_ext_get_session_data (gnutls_session_t session,
+ uint16_t type, extension_priv_data_t *);
+int _gnutls_ext_get_resumed_session_data (gnutls_session_t session,
+ uint16_t type,
+ extension_priv_data_t * data);
+
+void _gnutls_ext_restore_resumed_session (gnutls_session_t session);
+
+/* for session packing */
+int _gnutls_ext_pack (gnutls_session_t session, gnutls_buffer_st * packed);
+int _gnutls_ext_unpack (gnutls_session_t session, gnutls_buffer_st * packed);
+
+typedef struct
+{
+ const char *name;
+ uint16_t type;
+ gnutls_ext_parse_type_t parse_type;
+
+ /* this function must return 0 when Not Applicable
+ * size of extension data if ok
+ * < 0 on other error.
+ */
+ gnutls_ext_recv_func recv_func;
+
+ /* this function must return 0 when Not Applicable
+ * size of extension data if ok
+ * GNUTLS_E_INT_RET_0 if extension data size is zero
+ * < 0 on other error.
+ */
+ gnutls_ext_send_func send_func;
+
+ gnutls_ext_deinit_data_func deinit_func; /* this will be called to deinitialize
+ * internal data
+ */
+ gnutls_ext_pack_func pack_func; /* packs internal data to machine independent format */
+ gnutls_ext_unpack_func unpack_func; /* unpacks internal data */
+
+} extension_entry_st;
+
+int _gnutls_ext_register (extension_entry_st *);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <libtasn1.h>
+#include <gnutls_dh.h>
+#include <random.h>
+#include <gnutls/pkcs11.h>
+
+#include <gnutls_extensions.h> /* for _gnutls_ext_init */
+#include <gnutls_cryptodev.h>
+#include <locks.h>
+
+#include "sockets.h"
+#include "gettext.h"
+
+/* Minimum library versions we accept. */
+#define GNUTLS_MIN_LIBTASN1_VERSION "0.3.4"
+
+/* created by asn1c */
+extern const ASN1_ARRAY_TYPE gnutls_asn1_tab[];
+extern const ASN1_ARRAY_TYPE pkix_asn1_tab[];
+
+ASN1_TYPE _gnutls_pkix1_asn;
+ASN1_TYPE _gnutls_gnutls_asn;
+
+gnutls_log_func _gnutls_log_func;
+int _gnutls_log_level = 0; /* default log level */
+
+/**
+ * gnutls_global_set_log_function:
+ * @log_func: it's a log function
+ *
+ * This is the function where you set the logging function gnutls is
+ * going to use. This function only accepts a character array.
+ * Normally you may not use this function since it is only used for
+ * debugging purposes.
+ *
+ * gnutls_log_func is of the form,
+ * void (*gnutls_log_func)( int level, const char*);
+ **/
+void
+gnutls_global_set_log_function (gnutls_log_func log_func)
+{
+ _gnutls_log_func = log_func;
+}
+
+/**
+ * gnutls_global_set_log_level:
+ * @level: it's an integer from 0 to 9.
+ *
+ * This is the function that allows you to set the log level. The
+ * level is an integer between 0 and 9. Higher values mean more
+ * verbosity. The default value is 0. Larger values should only be
+ * used with care, since they may reveal sensitive information.
+ *
+ * Use a log level over 10 to enable all debugging options.
+ **/
+void
+gnutls_global_set_log_level (int level)
+{
+ _gnutls_log_level = level;
+}
+
+/**
+ * gnutls_global_set_mem_functions:
+ * @alloc_func: it's the default memory allocation function. Like malloc().
+ * @secure_alloc_func: This is the memory allocation function that will be used for sensitive data.
+ * @is_secure_func: a function that returns 0 if the memory given is not secure. May be NULL.
+ * @realloc_func: A realloc function
+ * @free_func: The function that frees allocated data. Must accept a NULL pointer.
+ *
+ * This is the function were you set the memory allocation functions
+ * gnutls is going to use. By default the libc's allocation functions
+ * (malloc(), free()), are used by gnutls, to allocate both sensitive
+ * and not sensitive data. This function is provided to set the
+ * memory allocation functions to something other than the defaults
+ *
+ * This function must be called before gnutls_global_init() is called.
+ * This function is not thread safe.
+ **/
+void
+gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
+ gnutls_alloc_function secure_alloc_func,
+ gnutls_is_secure_function is_secure_func,
+ gnutls_realloc_function realloc_func,
+ gnutls_free_function free_func)
+{
+ gnutls_secure_malloc = secure_alloc_func;
+ gnutls_malloc = alloc_func;
+ gnutls_realloc = realloc_func;
+ gnutls_free = free_func;
+
+ if (is_secure_func != NULL)
+ _gnutls_is_secure_memory = is_secure_func;
+ else
+ _gnutls_is_secure_memory = _gnutls_is_secure_mem_null;
+
+ /* if using the libc's default malloc
+ * use libc's calloc as well.
+ */
+ if (gnutls_malloc == malloc)
+ {
+ gnutls_calloc = calloc;
+ }
+ else
+ { /* use the included ones */
+ gnutls_calloc = _gnutls_calloc;
+ }
+ gnutls_strdup = _gnutls_strdup;
+
+}
+
+static int _gnutls_init = 0;
+
+
+/**
+ * gnutls_global_init:
+ *
+ * This function initializes the global data to defaults. Every
+ * gnutls application has a global data which holds common parameters
+ * shared by gnutls session structures. You should call
+ * gnutls_global_deinit() when gnutls usage is no longer needed
+ *
+ * Note that this function will also initialize the underlying crypto
+ * backend, if it has not been initialized before.
+ *
+ * This function increment a global counter, so that
+ * gnutls_global_deinit() only releases resources when it has been
+ * called as many times as gnutls_global_init(). This is useful when
+ * GnuTLS is used by more than one library in an application. This
+ * function can be called many times, but will only do something the
+ * first time.
+ *
+ * Note! This function is not thread safe. If two threads call this
+ * function simultaneously, they can cause a race between checking
+ * the global counter and incrementing it, causing both threads to
+ * execute the library initialization code. That would lead to a
+ * memory leak. To handle this, your application could invoke this
+ * function after aquiring a thread mutex. To ignore the potential
+ * memory leak is also an option.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_global_init (void)
+{
+ int result = 0;
+ int res;
+
+ if (_gnutls_init++)
+ goto out;
+
+ if (gl_sockets_startup (SOCKETS_1_1))
+ return GNUTLS_E_LIBRARY_VERSION_MISMATCH;
+
+ bindtextdomain (PACKAGE, LOCALEDIR);
+
+ res = gnutls_crypto_init ();
+ if (res != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CRYPTO_INIT_FAILED;
+ }
+
+ /* initialize ASN.1 parser
+ * This should not deal with files in the final
+ * version.
+ */
+ if (asn1_check_version (GNUTLS_MIN_LIBTASN1_VERSION) == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Checking for libtasn1 failed: %s < %s\n",
+ asn1_check_version (NULL),
+ GNUTLS_MIN_LIBTASN1_VERSION);
+ return GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY;
+ }
+
+ res = asn1_array2tree (pkix_asn1_tab, &_gnutls_pkix1_asn, NULL);
+ if (res != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (res);
+ goto out;
+ }
+
+ res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
+ if (res != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (&_gnutls_pkix1_asn);
+ result = _gnutls_asn2err (res);
+ goto out;
+ }
+
+ /* Initialize the random generator */
+ result = _gnutls_rnd_init ();
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto out;
+ }
+
+ /* Initialize the default TLS extensions */
+ result = _gnutls_ext_init ();
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto out;
+ }
+
+ gnutls_pkcs11_init (GNUTLS_PKCS11_FLAG_AUTO, NULL);
+
+ _gnutls_cryptodev_init ();
+
+out:
+ return result;
+}
+
+/**
+ * gnutls_global_deinit:
+ *
+ * This function deinitializes the global data, that were initialized
+ * using gnutls_global_init().
+ *
+ * Note! This function is not thread safe. See the discussion for
+ * gnutls_global_init() for more information.
+ **/
+void
+gnutls_global_deinit (void)
+{
+ if (_gnutls_init == 1)
+ {
+ gl_sockets_cleanup ();
+ _gnutls_rnd_deinit ();
+ _gnutls_ext_deinit ();
+ asn1_delete_structure (&_gnutls_gnutls_asn);
+ asn1_delete_structure (&_gnutls_pkix1_asn);
+ _gnutls_crypto_deregister ();
+ _gnutls_cryptodev_deinit ();
+ gnutls_pkcs11_deinit ();
+ }
+ _gnutls_init--;
+}
+
+/* These functions should be elsewere. Kept here for
+ * historical reasons.
+ */
+
+
+/**
+ * gnutls_check_version:
+ * @req_version: version string to compare with, or %NULL.
+ *
+ * Check GnuTLS Library version.
+ *
+ * See %GNUTLS_VERSION for a suitable @req_version string.
+ *
+ * Return value: Check that the version of the library is at
+ * minimum the one given as a string in @req_version and return the
+ * actual version string of the library; return %NULL if the
+ * condition is not met. If %NULL is passed to this function no
+ * check is done and only the version string is returned.
+ **/
+const char *
+gnutls_check_version (const char *req_version)
+{
+ if (!req_version || strverscmp (req_version, VERSION) <= 0)
+ return VERSION;
+
+ return NULL;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_GLOBAL_H
+#define GNUTLS_GLOBAL_H
+
+#include <libtasn1.h>
+#include <gnutls/gnutls.h>
+
+int gnutls_is_secure_memory (const void *mem);
+
+extern ASN1_TYPE _gnutls_pkix1_asn;
+extern ASN1_TYPE _gnutls_gnutls_asn;
+
+/* removed const from node_asn* to
+ * prevent warnings, since libtasn1 doesn't
+ * use the const keywork in its functions.
+ */
+#define _gnutls_get_gnutls_asn() ((ASN1_TYPE) _gnutls_gnutls_asn)
+#define _gnutls_get_pkix() ((ASN1_TYPE) _gnutls_pkix1_asn)
+
+extern gnutls_log_func _gnutls_log_func;
+extern int _gnutls_log_level;
+extern int gnutls_crypto_init (void);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that relate to the TLS handshake procedure.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "debug.h"
+#include "gnutls_algorithms.h"
+#include "gnutls_compress.h"
+#include "gnutls_cipher.h"
+#include "gnutls_buffers.h"
+#include "gnutls_mbuffers.h"
+#include "gnutls_kx.h"
+#include "gnutls_handshake.h"
+#include "gnutls_num.h"
+#include "gnutls_hash_int.h"
+#include "gnutls_db.h"
+#include "gnutls_extensions.h"
+#include "gnutls_supplemental.h"
+#include "gnutls_auth.h"
+#include "gnutls_v2_compat.h"
+#include "auth_cert.h"
+#include "gnutls_cert.h"
+#include "gnutls_constate.h"
+#include <gnutls_record.h>
+#include <gnutls_state.h>
+#include <ext_srp.h>
+#include <ext_session_ticket.h>
+#include <ext_safe_renegotiation.h>
+#include <gnutls_rsa_export.h> /* for gnutls_get_rsa_params() */
+#include <auth_anon.h> /* for gnutls_anon_server_credentials_t */
+#include <auth_psk.h> /* for gnutls_psk_server_credentials_t */
+#include <random.h>
+
+#ifdef HANDSHAKE_DEBUG
+#define ERR(x, y) _gnutls_handshake_log("HSK[%p]: %s (%d)\n", session, x,y)
+#else
+#define ERR(x, y)
+#endif
+
+#define TRUE 1
+#define FALSE 0
+
+static int _gnutls_handshake_hash_init (gnutls_session_t session);
+static int _gnutls_server_select_comp_method (gnutls_session_t session,
+ opaque * data, int datalen);
+static int
+_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
+ gnutls_handshake_description_t recv_type,
+ opaque * header, uint16_t header_size,
+ opaque * dataptr, uint32_t datalen);
+
+
+
+/* Clears the handshake hash buffers and handles.
+ */
+void
+_gnutls_handshake_hash_buffers_clear (gnutls_session_t session)
+{
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.md5,
+ NULL);
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls10.sha,
+ NULL);
+ }
+ else if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls12.
+ sha256, NULL);
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.tls12.
+ sha1, NULL);
+ }
+ session->security_parameters.handshake_mac_handle_type = 0;
+ session->internals.handshake_mac_handle_init = 0;
+ _gnutls_handshake_buffer_clear (session);
+}
+
+/* this will copy the required values for resuming to
+ * internals, and to security_parameters.
+ * this will keep as less data to security_parameters.
+ */
+static void
+resume_copy_required_values (gnutls_session_t session)
+{
+ /* get the new random values */
+ memcpy (session->internals.resumed_security_parameters.server_random,
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ memcpy (session->internals.resumed_security_parameters.client_random,
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+
+ /* keep the ciphersuite and compression
+ * That is because the client must see these in our
+ * hello message.
+ */
+ memcpy (session->security_parameters.current_cipher_suite.suite,
+ session->internals.resumed_security_parameters.current_cipher_suite.
+ suite, 2);
+
+ _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
+ &session->
+ internals.resumed_security_parameters.current_cipher_suite);
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT,
+ session->
+ internals.resumed_compression_method);
+
+ /* or write_compression_algorithm
+ * they are the same
+ */
+
+ session->security_parameters.entity =
+ session->internals.resumed_security_parameters.entity;
+
+ _gnutls_set_current_version (session,
+ session->internals.resumed_security_parameters.
+ version);
+
+ session->security_parameters.cert_type =
+ session->internals.resumed_security_parameters.cert_type;
+
+ memcpy (session->security_parameters.session_id,
+ session->internals.resumed_security_parameters.session_id,
+ sizeof (session->security_parameters.session_id));
+ session->security_parameters.session_id_size =
+ session->internals.resumed_security_parameters.session_id_size;
+
+}
+
+void
+_gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd)
+{
+ memcpy (session->security_parameters.server_random, rnd,
+ GNUTLS_RANDOM_SIZE);
+}
+
+void
+_gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd)
+{
+ memcpy (session->security_parameters.client_random, rnd,
+ GNUTLS_RANDOM_SIZE);
+}
+
+/* Calculate The SSL3 Finished message
+ */
+#define SSL3_CLIENT_MSG "CLNT"
+#define SSL3_SERVER_MSG "SRVR"
+#define SSL_MSG_LEN 4
+static int
+_gnutls_ssl3_finished (gnutls_session_t session, int type, opaque * ret)
+{
+ const int siz = SSL_MSG_LEN;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ const char *mesg;
+ int rc;
+
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ rc =
+ _gnutls_hash_copy (&td_md5,
+ &session->internals.handshake_mac_handle.tls10.
+ md5);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc =
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls10.
+ sha);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return rc;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (type == GNUTLS_SERVER)
+ {
+ mesg = SSL3_SERVER_MSG;
+ }
+ else
+ {
+ mesg = SSL3_CLIENT_MSG;
+ }
+
+ _gnutls_hash (&td_md5, mesg, siz);
+ _gnutls_hash (&td_sha, mesg, siz);
+
+ _gnutls_mac_deinit_ssl3_handshake (&td_md5, ret,
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ _gnutls_mac_deinit_ssl3_handshake (&td_sha, &ret[16],
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+
+ return 0;
+}
+
+/* Hash the handshake messages as required by TLS 1.0
+ */
+#define SERVER_MSG "server finished"
+#define CLIENT_MSG "client finished"
+#define TLS_MSG_LEN 15
+static int
+_gnutls_finished (gnutls_session_t session, int type, void *ret)
+{
+ const int siz = TLS_MSG_LEN;
+ opaque concat[MAX_HASH_SIZE + 16 /*MD5 */ ];
+ size_t len = 20 + 16;
+ const char *mesg;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ int rc;
+
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ rc =
+ _gnutls_hash_copy (&td_md5,
+ &session->internals.handshake_mac_handle.tls10.
+ md5);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc =
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls10.
+ sha);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return rc;
+ }
+
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
+ }
+ else if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ rc =
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls12.
+ sha256);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ _gnutls_hash_deinit (&td_sha, concat);
+ len = _gnutls_hash_get_algo_len (td_sha.algorithm);
+ }
+
+ if (type == GNUTLS_SERVER)
+ {
+ mesg = SERVER_MSG;
+ }
+ else
+ {
+ mesg = CLIENT_MSG;
+ }
+
+ return _gnutls_PRF (session, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, mesg, siz, concat, len, 12, ret);
+}
+
+/* this function will produce GNUTLS_RANDOM_SIZE==32 bytes of random data
+ * and put it to dst.
+ */
+int
+_gnutls_tls_create_random (opaque * dst)
+{
+ uint32_t tim;
+ int ret;
+
+ /* Use weak random numbers for the most of the
+ * buffer except for the first 4 that are the
+ * system's time.
+ */
+
+ tim = time (NULL);
+ /* generate server random value */
+ _gnutls_write_uint32 (tim, dst);
+
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, &dst[4], GNUTLS_RANDOM_SIZE - 4);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/* returns the 0 on success or a negative value.
+ */
+int
+_gnutls_negotiate_version (gnutls_session_t session,
+ gnutls_protocol_t adv_version)
+{
+ int ret;
+
+ /* if we do not support that version */
+ if (_gnutls_version_is_supported (session, adv_version) == 0)
+ {
+ /* If he requested something we do not support
+ * then we send him the highest we support.
+ */
+ ret = _gnutls_version_max (session);
+ if (ret == GNUTLS_VERSION_UNKNOWN)
+ {
+ /* this check is not really needed.
+ */
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+ }
+ else
+ {
+ ret = adv_version;
+ }
+
+ _gnutls_set_current_version (session, ret);
+
+ return ret;
+}
+
+int
+_gnutls_user_hello_func (gnutls_session_t session,
+ gnutls_protocol_t adv_version)
+{
+ int ret;
+
+ if (session->internals.user_hello_func != NULL)
+ {
+ ret = session->internals.user_hello_func (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ /* Here we need to renegotiate the version since the callee might
+ * have disabled some TLS versions.
+ */
+ ret = _gnutls_negotiate_version (session, adv_version);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ return 0;
+}
+
+/* Read a client hello packet.
+ * A client hello must be a known version client hello
+ * or version 2.0 client hello (only for compatibility
+ * since SSL version 2.0 is not supported).
+ */
+static int
+_gnutls_read_client_hello (gnutls_session_t session, opaque * data,
+ int datalen)
+{
+ uint8_t session_id_len;
+ int pos = 0, ret;
+ uint16_t suite_size, comp_size;
+ gnutls_protocol_t adv_version;
+ int neg_version;
+ int len = datalen;
+ opaque rnd[GNUTLS_RANDOM_SIZE], *suite_ptr, *comp_ptr, *session_id;
+
+ if (session->internals.v2_hello != 0)
+ { /* version 2.0 */
+ return _gnutls_read_client_hello_v2 (session, data, datalen);
+ }
+ DECR_LEN (len, 2);
+
+ _gnutls_handshake_log ("HSK[%p]: Client's version: %d.%d\n", session,
+ data[pos], data[pos + 1]);
+
+ adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
+ set_adv_version (session, data[pos], data[pos + 1]);
+ pos += 2;
+
+ neg_version = _gnutls_negotiate_version (session, adv_version);
+ if (neg_version < 0)
+ {
+ gnutls_assert ();
+ return neg_version;
+ }
+
+ /* Read client random value.
+ */
+ DECR_LEN (len, GNUTLS_RANDOM_SIZE);
+ _gnutls_set_client_random (session, &data[pos]);
+ pos += GNUTLS_RANDOM_SIZE;
+
+ _gnutls_tls_create_random (rnd);
+ _gnutls_set_server_random (session, rnd);
+
+ session->security_parameters.timestamp = time (NULL);
+
+ DECR_LEN (len, 1);
+ session_id_len = data[pos++];
+
+ /* RESUME SESSION
+ */
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ DECR_LEN (len, session_id_len);
+
+ session_id = &data[pos];
+ ret = _gnutls_server_restore_session (session, session_id, session_id_len);
+ pos += session_id_len;
+
+ if (ret == 0)
+ { /* resumed using default TLS resumption! */
+ /* Parse only the safe renegotiation extension
+ * We don't want to parse any other extensions since
+ * we don't want new extension values to overwrite the
+ * resumed ones.
+ */
+
+ /* move forward to extensions */
+ DECR_LEN (len, 2);
+ suite_size = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ DECR_LEN (len, suite_size);
+ pos += suite_size;
+
+ DECR_LEN (len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+ DECR_LEN (len, comp_size);
+ pos += comp_size;
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ resume_copy_required_values (session);
+ session->internals.resumed = RESUME_TRUE;
+
+ return _gnutls_user_hello_func (session, adv_version);
+ }
+ else
+ {
+ _gnutls_generate_session_id (session->security_parameters.session_id,
+ &session->
+ security_parameters.session_id_size);
+
+ session->internals.resumed = RESUME_FALSE;
+ }
+
+ /* Remember ciphersuites for later
+ */
+ DECR_LEN (len, 2);
+ suite_size = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ DECR_LEN (len, suite_size);
+ suite_ptr = &data[pos];
+ pos += suite_size;
+
+ /* Point to the compression methods
+ */
+ DECR_LEN (len, 1);
+ comp_size = data[pos++]; /* z is the number of compression methods */
+
+ DECR_LEN (len, comp_size);
+ comp_ptr = &data[pos];
+ pos += comp_size;
+
+ /* Parse the extensions (if any)
+ *
+ * Unconditionally try to parse extensions; safe renegotiation uses them in
+ * sslv3 and higher, even though sslv3 doesn't officially support them.
+ */
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_APPLICATION,
+ &data[pos], len);
+ /* len is the rest of the parsed length */
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_user_hello_func (session, adv_version);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_TLS, &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* resumed by session_ticket extension */
+ if (session->internals.resumed == RESUME_TRUE)
+ {
+ /* to indicate the client that the current session is resumed */
+ memcpy (session->internals.resumed_security_parameters.session_id,
+ session_id, session_id_len);
+ session->internals.resumed_security_parameters.session_id_size =
+ session_id_len;
+
+ session->internals.resumed_security_parameters.max_record_recv_size =
+ session->security_parameters.max_record_recv_size;
+ session->internals.resumed_security_parameters.max_record_send_size =
+ session->security_parameters.max_record_send_size;
+
+ resume_copy_required_values (session);
+
+ return _gnutls_user_hello_func (session, adv_version);
+ }
+
+ /* select an appropriate cipher suite
+ */
+ ret = _gnutls_server_select_suite (session, suite_ptr, suite_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* select appropriate compression method */
+ ret = _gnutls_server_select_comp_method (session, comp_ptr, comp_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/* here we hash all pending data.
+ */
+inline static int
+_gnutls_handshake_hash_pending (gnutls_session_t session)
+{
+ size_t siz;
+ int ret;
+ opaque *data;
+
+ if (session->internals.handshake_mac_handle_init == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ /* We check if there are pending data to hash.
+ */
+ if ((ret = _gnutls_handshake_buffer_get_ptr (session, &data, &siz)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (siz > 0)
+ {
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha,
+ data, siz);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5,
+ data, siz);
+ }
+ else if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256,
+ data, siz);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1,
+ data, siz);
+ }
+ }
+
+ _gnutls_handshake_buffer_empty (session);
+
+ return 0;
+}
+
+
+/* This is to be called after sending CHANGE CIPHER SPEC packet
+ * and initializing encryption. This is the first encrypted message
+ * we send.
+ */
+static int
+_gnutls_send_finished (gnutls_session_t session, int again)
+{
+ mbuffer_st *bufel;
+ opaque *data;
+ int ret;
+ size_t vdata_size = 0;
+
+ if (again == 0)
+ {
+ bufel =
+ _gnutls_handshake_alloc (MAX_VERIFY_DATA_SIZE, MAX_VERIFY_DATA_SIZE);
+ if (bufel == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ data = _mbuffer_get_udata_ptr (bufel);
+
+ /* This is needed in order to hash all the required
+ * messages.
+ */
+ if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ ret =
+ _gnutls_ssl3_finished (session,
+ session->security_parameters.entity, data);
+ _mbuffer_set_udata_size (bufel, 36);
+ }
+ else
+ { /* TLS 1.0+ */
+ ret = _gnutls_finished (session,
+ session->security_parameters.entity, data);
+ _mbuffer_set_udata_size (bufel, 12);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ vdata_size = _mbuffer_get_udata_size (bufel);
+
+ if (session->internals.finished_func)
+ session->internals.finished_func (session, data, vdata_size);
+
+ ret = _gnutls_ext_sr_finished (session, data, vdata_size, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if ((session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_TRUE
+ && session->security_parameters.entity == GNUTLS_SERVER))
+ {
+ /* if we are a client not resuming - or we are a server resuming */
+ _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (send)\n",
+ session);
+ memcpy (session->internals.cb_tls_unique, data, vdata_size);
+ session->internals.cb_tls_unique_len = vdata_size;
+ }
+
+ ret =
+ _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_FINISHED);
+ }
+ else
+ {
+ ret = _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_FINISHED);
+ }
+
+ return ret;
+}
+
+/* This is to be called after sending our finished message. If everything
+ * went fine we have negotiated a secure connection
+ */
+static int
+_gnutls_recv_finished (gnutls_session_t session)
+{
+ uint8_t data[MAX_VERIFY_DATA_SIZE], *vrfy;
+ int data_size;
+ int ret;
+ int vrfysize;
+
+ ret =
+ _gnutls_recv_handshake (session, &vrfy, &vrfysize,
+ GNUTLS_HANDSHAKE_FINISHED, MANDATORY_PACKET);
+ if (ret < 0)
+ {
+ ERR ("recv finished int", ret);
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ data_size = 36;
+ }
+ else
+ {
+ data_size = 12;
+ }
+
+ if (vrfysize != data_size)
+ {
+ gnutls_assert ();
+ gnutls_free (vrfy);
+ return GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ }
+
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ ret =
+ _gnutls_ssl3_finished (session,
+ (session->security_parameters.entity + 1) % 2,
+ data);
+ }
+ else
+ { /* TLS 1.0 */
+ ret =
+ _gnutls_finished (session,
+ (session->security_parameters.entity +
+ 1) % 2, data);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (vrfy);
+ return ret;
+ }
+
+ ret = memcmp (vrfy, data, data_size);
+ gnutls_free (vrfy);
+
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ERROR_IN_FINISHED_PACKET;
+ }
+
+ ret = _gnutls_ext_sr_finished (session, data, data_size, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if ((session->internals.resumed == RESUME_TRUE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_SERVER))
+ {
+ /* if we are a client resuming - or we are a server not resuming */
+ _gnutls_handshake_log ("HSK[%p]: recording tls-unique CB (recv)\n",
+ session);
+ memcpy (session->internals.cb_tls_unique, data, data_size);
+ session->internals.cb_tls_unique_len = data_size;
+ }
+
+ session->internals.initial_negotiation_completed = 1;
+
+ return 0;
+}
+
+/* returns PK_RSA if the given cipher suite list only supports,
+ * RSA algorithms, PK_DSA if DSS, and PK_ANY for both or PK_NONE for none.
+ */
+static int
+_gnutls_server_find_pk_algos_in_ciphersuites (const opaque *
+ data, unsigned int datalen)
+{
+ unsigned int j;
+ gnutls_pk_algorithm_t algo = GNUTLS_PK_NONE, prev_algo = 0;
+ gnutls_kx_algorithm_t kx;
+ cipher_suite_st cs;
+
+ if (datalen % 2 != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ for (j = 0; j < datalen; j += 2)
+ {
+ memcpy (&cs.suite, &data[j], 2);
+ kx = _gnutls_cipher_suite_get_kx_algo (&cs);
+
+ if (_gnutls_map_kx_get_cred (kx, 1) == GNUTLS_CRD_CERTIFICATE)
+ {
+ algo = _gnutls_map_pk_get_pk (kx);
+
+ if (algo != prev_algo && prev_algo != 0)
+ return GNUTLS_PK_ANY;
+ prev_algo = algo;
+ }
+ }
+
+ return algo;
+}
+
+/* This selects the best supported ciphersuite from the given ones. Then
+ * it adds the suite to the session and performs some checks.
+ */
+int
+_gnutls_server_select_suite (gnutls_session_t session, opaque * data,
+ int datalen)
+{
+ int x, i, j;
+ cipher_suite_st *ciphers, cs;
+ int retval, err;
+ gnutls_pk_algorithm_t pk_algo; /* will hold the pk algorithms
+ * supported by the peer.
+ */
+
+ /* First, check for safe renegotiation SCSV.
+ */
+ if (session->internals.priorities.sr != SR_DISABLED)
+ {
+ int offset;
+
+ for (offset = 0; offset < datalen; offset += 2)
+ {
+ /* TLS_RENEGO_PROTECTION_REQUEST = { 0x00, 0xff } */
+ if (data[offset] == GNUTLS_RENEGO_PROTECTION_REQUEST_MAJOR &&
+ data[offset + 1] == GNUTLS_RENEGO_PROTECTION_REQUEST_MINOR)
+ {
+ _gnutls_handshake_log
+ ("HSK[%p]: Received safe renegotiation CS\n", session);
+ retval = _gnutls_ext_sr_recv_cs (session);
+ if (retval < 0)
+ {
+ gnutls_assert ();
+ return retval;
+ }
+ break;
+ }
+ }
+ }
+
+ pk_algo = _gnutls_server_find_pk_algos_in_ciphersuites (data, datalen);
+
+ x = _gnutls_supported_ciphersuites (session, &ciphers);
+ if (x < 0)
+ { /* the case x==0 is handled within the function. */
+ gnutls_assert ();
+ return x;
+ }
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (e.g. SRP).
+ */
+ x = _gnutls_remove_unwanted_ciphersuites (session, &ciphers, x, pk_algo);
+ if (x <= 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ciphers);
+ if (x < 0)
+ return x;
+ else
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ /* Data length should be zero mod 2 since
+ * every ciphersuite is 2 bytes. (this check is needed
+ * see below).
+ */
+ if (datalen % 2 != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+#ifdef HANDSHAKE_DEBUG
+
+ _gnutls_handshake_log ("HSK[%p]: Requested cipher suites: \n", session);
+ for (j = 0; j < datalen; j += 2)
+ {
+ memcpy (&cs.suite, &data[j], 2);
+ _gnutls_handshake_log ("\t%s\n", _gnutls_cipher_suite_get_name (&cs));
+ }
+ _gnutls_handshake_log ("HSK[%p]: Supported cipher suites: \n", session);
+ for (j = 0; j < x; j++)
+ _gnutls_handshake_log ("\t%s\n",
+ _gnutls_cipher_suite_get_name (&ciphers[j]));
+#endif
+ memset (session->security_parameters.current_cipher_suite.suite, '\0', 2);
+
+ retval = GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+
+ for (j = 0; j < datalen; j += 2)
+ {
+ for (i = 0; i < x; i++)
+ {
+ if (memcmp (ciphers[i].suite, &data[j], 2) == 0)
+ {
+ memcpy (&cs.suite, &data[j], 2);
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected cipher suite: %s\n", session,
+ _gnutls_cipher_suite_get_name (&cs));
+ memcpy (session->security_parameters.current_cipher_suite.suite,
+ ciphers[i].suite, 2);
+ _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
+ &session->
+ security_parameters.current_cipher_suite);
+
+
+ retval = 0;
+ goto finish;
+ }
+ }
+ }
+
+finish:
+ gnutls_free (ciphers);
+
+ if (retval != 0)
+ {
+ gnutls_assert ();
+ return retval;
+ }
+
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo (&session->
+ security_parameters.current_cipher_suite),
+ &err) == NULL && err != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
+ if (session->internals.auth_struct == NULL)
+ {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return 0;
+
+}
+
+
+/* This selects the best supported compression method from the ones provided
+ */
+static int
+_gnutls_server_select_comp_method (gnutls_session_t session,
+ opaque * data, int datalen)
+{
+ int x, i, j;
+ uint8_t *comps;
+
+ x = _gnutls_supported_compression_methods (session, &comps);
+ if (x < 0)
+ {
+ gnutls_assert ();
+ return x;
+ }
+
+ memset (&session->internals.compression_method, 0,
+ sizeof (gnutls_compression_method_t));
+
+ for (j = 0; j < datalen; j++)
+ {
+ for (i = 0; i < x; i++)
+ {
+ if (comps[i] == data[j])
+ {
+ gnutls_compression_method_t method =
+ _gnutls_compression_get_id (comps[i]);
+
+ session->internals.compression_method = method;
+ gnutls_free (comps);
+
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT, method);
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Selected Compression Method: %s\n", session,
+ gnutls_compression_get_name (session->
+ internals.compression_method));
+
+
+ return 0;
+ }
+ }
+ }
+
+ /* we were not able to find a compatible compression
+ * algorithm
+ */
+ gnutls_free (comps);
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+
+}
+
+/* This function sends an empty handshake packet. (like hello request).
+ * If the previous _gnutls_send_empty_handshake() returned
+ * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
+ * (until it returns ok), with NULL parameters.
+ */
+static int
+_gnutls_send_empty_handshake (gnutls_session_t session,
+ gnutls_handshake_description_t type, int again)
+{
+ mbuffer_st *bufel;
+
+ if (again == 0)
+ {
+ bufel = _gnutls_handshake_alloc (0, 0);
+ if (bufel == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else
+ bufel = NULL;
+
+ return _gnutls_send_handshake (session, bufel, type);
+}
+
+
+/* This function will hash the handshake message we sent.
+ */
+static int
+_gnutls_handshake_hash_add_sent (gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ opaque * dataptr, uint32_t datalen)
+{
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT
+ && type == GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ {
+ /* do not hash immediatelly since the hash has not yet been initialized */
+ if ((ret =
+ _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
+
+ if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ {
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.sha,
+ dataptr, datalen);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls10.md5,
+ dataptr, datalen);
+ }
+ else if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha256,
+ dataptr, datalen);
+ _gnutls_hash (&session->internals.handshake_mac_handle.tls12.sha1,
+ dataptr, datalen);
+ }
+ }
+
+ return 0;
+}
+
+
+/* This function sends a handshake message of type 'type' containing the
+ * data specified here. If the previous _gnutls_send_handshake() returned
+ * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
+ * (until it returns ok), with NULL parameters.
+ */
+int
+_gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
+ gnutls_handshake_description_t type)
+{
+ int ret;
+ uint8_t *data;
+ uint32_t datasize;
+ int pos = 0;
+
+ if (bufel == NULL)
+ {
+ /* we are resuming a previously interrupted
+ * send.
+ */
+ ret = _gnutls_handshake_io_write_flush (session);
+ return ret;
+
+ }
+
+ /* first run */
+ data = _mbuffer_get_uhead_ptr (bufel);
+ datasize =
+ _mbuffer_get_udata_size (bufel) + _mbuffer_get_uhead_size (bufel);
+
+ data[pos++] = (uint8_t) type;
+ _gnutls_write_uint24 (_mbuffer_get_udata_size (bufel), &data[pos]);
+ pos += 3;
+
+ _gnutls_handshake_log ("HSK[%p]: %s was sent [%ld bytes]\n",
+ session, _gnutls_handshake2str (type),
+ (long) datasize);
+
+
+ /* Here we keep the handshake messages in order to hash them...
+ */
+ if (type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ if ((ret =
+ _gnutls_handshake_hash_add_sent (session, type, data, datasize)) < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (bufel);
+ return ret;
+ }
+
+ session->internals.last_handshake_out = type;
+
+ _gnutls_handshake_io_cache_int (session, type, bufel);
+
+ switch (type)
+ {
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT: /* this one is followed by ServerHelloDone
+ * or ClientKeyExchange always.
+ */
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: /* as above */
+ case GNUTLS_HANDSHAKE_SERVER_HELLO: /* as above */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: /* as above */
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: /* followed by ChangeCipherSpec */
+
+ /* now for client Certificate, ClientKeyExchange and
+ * CertificateVerify are always followed by ChangeCipherSpec
+ */
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ ret = 0;
+ break;
+ default:
+ /* send cached messages */
+ ret = _gnutls_handshake_io_write_flush (session);
+ break;
+ }
+
+ return ret;
+}
+
+/* This function will read the handshake header and return it to the caller. If the
+ * received handshake packet is not the one expected then it buffers the header, and
+ * returns UNEXPECTED_HANDSHAKE_PACKET.
+ *
+ * FIXME: This function is complex.
+ */
+#define SSL2_HEADERS 1
+static int
+_gnutls_recv_handshake_header (gnutls_session_t session,
+ gnutls_handshake_description_t type,
+ gnutls_handshake_description_t * recv_type)
+{
+ int ret;
+ uint32_t length32 = 0;
+ uint8_t *dataptr = NULL; /* for realloc */
+ size_t handshake_header_size = HANDSHAKE_HEADER_SIZE;
+
+ /* if we have data into the buffer then return them, do not read the next packet.
+ * In order to return we need a full TLS handshake header, or in case of a version 2
+ * packet, then we return the first byte.
+ */
+ if (session->internals.handshake_header_buffer.header_size ==
+ handshake_header_size || (session->internals.v2_hello != 0
+ && type == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && session->internals.handshake_header_buffer.
+ packet_length > 0))
+ {
+
+ *recv_type = session->internals.handshake_header_buffer.recv_type;
+
+ if (*recv_type != type)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_log
+ ("HSK[%p]: Handshake type mismatch (under attack?)\n", session);
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
+
+ return session->internals.handshake_header_buffer.packet_length;
+ }
+
+ /* Note: SSL2_HEADERS == 1 */
+
+ dataptr = session->internals.handshake_header_buffer.header;
+
+ /* If we haven't already read the handshake headers.
+ */
+ if (session->internals.handshake_header_buffer.header_size < SSL2_HEADERS)
+ {
+ ret =
+ _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
+ type, dataptr, SSL2_HEADERS);
+
+ if (ret < 0)
+ {
+ return ret;
+ }
+
+ /* The case ret==0 is caught here.
+ */
+ if (ret != SSL2_HEADERS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ session->internals.handshake_header_buffer.header_size = SSL2_HEADERS;
+ }
+
+ if (session->internals.v2_hello == 0
+ || type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ {
+ ret =
+ _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
+ type,
+ &dataptr
+ [session->
+ internals.handshake_header_buffer.
+ header_size],
+ HANDSHAKE_HEADER_SIZE -
+ session->
+ internals.handshake_header_buffer.
+ header_size);
+ if (ret <= 0)
+ {
+ gnutls_assert ();
+ return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ if ((size_t) ret !=
+ HANDSHAKE_HEADER_SIZE -
+ session->internals.handshake_header_buffer.header_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ *recv_type = dataptr[0];
+
+ /* we do not use DECR_LEN because we know
+ * that the packet has enough data.
+ */
+ length32 = _gnutls_read_uint24 (&dataptr[1]);
+ handshake_header_size = HANDSHAKE_HEADER_SIZE;
+
+ _gnutls_handshake_log ("HSK[%p]: %s was received [%ld bytes]\n",
+ session, _gnutls_handshake2str (dataptr[0]),
+ (long int) (length32 + HANDSHAKE_HEADER_SIZE));
+
+ }
+ else
+ { /* v2 hello */
+ length32 = session->internals.v2_hello - SSL2_HEADERS; /* we've read the first byte */
+
+ handshake_header_size = SSL2_HEADERS; /* we've already read one byte */
+
+ *recv_type = dataptr[0];
+
+ _gnutls_handshake_log ("HSK[%p]: %s(v2) was received [%ld bytes]\n",
+ session, _gnutls_handshake2str (*recv_type),
+ (long int) (length32 + handshake_header_size));
+
+ if (*recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ { /* it should be one or nothing */
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
+ }
+
+ /* put the packet into the buffer */
+ session->internals.handshake_header_buffer.header_size =
+ handshake_header_size;
+ session->internals.handshake_header_buffer.packet_length = length32;
+ session->internals.handshake_header_buffer.recv_type = *recv_type;
+
+ if (*recv_type != type)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
+
+ return length32;
+}
+
+#define _gnutls_handshake_header_buffer_clear( session) session->internals.handshake_header_buffer.header_size = 0
+
+
+
+/* This function will hash the handshake headers and the
+ * handshake data.
+ */
+static int
+_gnutls_handshake_hash_add_recvd (gnutls_session_t session,
+ gnutls_handshake_description_t recv_type,
+ opaque * header, uint16_t header_size,
+ opaque * dataptr, uint32_t datalen)
+{
+ int ret;
+
+ /* The idea here is to hash the previous message we received,
+ * and add the one we just received into the handshake_hash_buffer.
+ */
+ if ((session->security_parameters.entity == GNUTLS_SERVER
+ || recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO)
+ && (session->security_parameters.entity == GNUTLS_CLIENT
+ || recv_type != GNUTLS_HANDSHAKE_CLIENT_HELLO))
+ {
+ if ((ret = _gnutls_handshake_hash_pending (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ /* here we buffer the handshake messages - needed at Finished message */
+ if (recv_type != GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ {
+
+ if ((ret =
+ _gnutls_handshake_buffer_put (session, header, header_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (datalen > 0)
+ {
+ if ((ret =
+ _gnutls_handshake_buffer_put (session, dataptr, datalen)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/* This function will receive handshake messages of the given types,
+ * and will pass the message to the right place in order to be processed.
+ * E.g. for the SERVER_HELLO message (if it is expected), it will be
+ * passed to _gnutls_recv_hello().
+ */
+int
+_gnutls_recv_handshake (gnutls_session_t session, uint8_t ** data,
+ int *datalen, gnutls_handshake_description_t type,
+ Optional optional)
+{
+ int ret;
+ uint32_t length32 = 0;
+ opaque *dataptr = NULL;
+ gnutls_handshake_description_t recv_type;
+
+ ret = _gnutls_recv_handshake_header (session, type, &recv_type);
+ if (ret < 0)
+ {
+
+ if (ret == GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET
+ && optional == OPTIONAL_PACKET)
+ {
+ if (datalen != NULL)
+ *datalen = 0;
+ if (data != NULL)
+ *data = NULL;
+ return 0; /* ok just ignore the packet */
+ }
+
+ return ret;
+ }
+
+ session->internals.last_handshake_in = recv_type;
+
+ length32 = ret;
+
+ if (length32 > 0)
+ dataptr = gnutls_malloc (length32);
+ else if (recv_type != GNUTLS_HANDSHAKE_SERVER_HELLO_DONE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ if (dataptr == NULL && length32 > 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (datalen != NULL)
+ *datalen = length32;
+
+ if (length32 > 0)
+ {
+ ret =
+ _gnutls_handshake_io_recv_int (session, GNUTLS_HANDSHAKE,
+ type, dataptr, length32);
+ if (ret <= 0)
+ {
+ gnutls_assert ();
+ gnutls_free (dataptr);
+ return (ret == 0) ? GNUTLS_E_UNEXPECTED_PACKET_LENGTH : ret;
+ }
+ }
+
+ if (data != NULL && length32 > 0)
+ *data = dataptr;
+
+
+ ret = _gnutls_handshake_hash_add_recvd (session, recv_type,
+ session->
+ internals.handshake_header_buffer.
+ header,
+ session->
+ internals.handshake_header_buffer.
+ header_size, dataptr, length32);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_handshake_header_buffer_clear (session);
+ return ret;
+ }
+
+ /* If we fail before this then we will reuse the handshake header
+ * have have received above. if we get here the we clear the handshake
+ * header we received.
+ */
+ _gnutls_handshake_header_buffer_clear (session);
+
+ switch (recv_type)
+ {
+ case GNUTLS_HANDSHAKE_CLIENT_HELLO:
+ case GNUTLS_HANDSHAKE_SERVER_HELLO:
+ ret = _gnutls_recv_hello (session, dataptr, length32);
+
+ /* dataptr is freed because the caller does not
+ * need it */
+ gnutls_free (dataptr);
+ if (data != NULL)
+ *data = NULL;
+
+ if (ret < 0)
+ break;
+
+ /* initialize the hashes for both - (client will know server's version
+ * and server as well at this point) */
+ if ((ret = _gnutls_handshake_hash_init (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ break;
+ case GNUTLS_HANDSHAKE_SERVER_HELLO_DONE:
+ if (length32 == 0)
+ ret = 0;
+ else
+ ret = GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ break;
+ case GNUTLS_HANDSHAKE_CERTIFICATE_PKT:
+ case GNUTLS_HANDSHAKE_FINISHED:
+ case GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE:
+ case GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST:
+ case GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY:
+ case GNUTLS_HANDSHAKE_SUPPLEMENTAL:
+ case GNUTLS_HANDSHAKE_NEW_SESSION_TICKET:
+ ret = length32;
+ break;
+ default:
+ gnutls_assert ();
+ gnutls_free (dataptr);
+ if (data != NULL)
+ *data = NULL;
+ ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
+ }
+
+ return ret;
+}
+
+/* This function checks if the given cipher suite is supported, and sets it
+ * to the session;
+ */
+static int
+_gnutls_client_set_ciphersuite (gnutls_session_t session, opaque suite[2])
+{
+ uint8_t z;
+ cipher_suite_st *cipher_suites;
+ int cipher_suite_num;
+ int i, err;
+
+ z = 1;
+ cipher_suite_num = _gnutls_supported_ciphersuites (session, &cipher_suites);
+ if (cipher_suite_num < 0)
+ {
+ gnutls_assert ();
+ return cipher_suite_num;
+ }
+
+ for (i = 0; i < cipher_suite_num; i++)
+ {
+ if (memcmp (&cipher_suites[i], suite, 2) == 0)
+ {
+ z = 0;
+ break;
+ }
+ }
+
+ gnutls_free (cipher_suites);
+
+ if (z != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_CIPHER_SUITE;
+ }
+
+ memcpy (session->security_parameters.current_cipher_suite.suite, suite, 2);
+ _gnutls_epoch_set_cipher_suite (session, EPOCH_NEXT,
+ &session->
+ security_parameters.current_cipher_suite);
+
+ _gnutls_handshake_log ("HSK[%p]: Selected cipher suite: %s\n", session,
+ _gnutls_cipher_suite_get_name
+ (&session->
+ security_parameters.current_cipher_suite));
+
+
+ /* check if the credentials (username, public key etc.) are ok.
+ * Actually checks if they exist.
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo
+ (&session->security_parameters.current_cipher_suite), &err) == NULL
+ && err != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
+
+ if (session->internals.auth_struct == NULL)
+ {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+ return 0;
+}
+
+/* This function sets the given comp method to the session.
+ */
+static int
+_gnutls_client_set_comp_method (gnutls_session_t session, opaque comp_method)
+{
+ int comp_methods_num;
+ uint8_t *compression_methods;
+ int i;
+
+ comp_methods_num = _gnutls_supported_compression_methods (session,
+ &compression_methods);
+ if (comp_methods_num < 0)
+ {
+ gnutls_assert ();
+ return comp_methods_num;
+ }
+
+ for (i = 0; i < comp_methods_num; i++)
+ {
+ if (compression_methods[i] == comp_method)
+ {
+ comp_methods_num = 0;
+ break;
+ }
+ }
+
+ gnutls_free (compression_methods);
+
+ if (comp_methods_num != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ session->internals.compression_method =
+ _gnutls_compression_get_id (comp_method);
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT,
+ session->internals.compression_method);
+
+ return 0;
+}
+
+/* This function returns 0 if we are resuming a session or -1 otherwise.
+ * This also sets the variables in the session. Used only while reading a server
+ * hello.
+ */
+static int
+_gnutls_client_check_if_resuming (gnutls_session_t session,
+ opaque * session_id, int session_id_len)
+{
+ opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+
+ _gnutls_handshake_log ("HSK[%p]: SessionID length: %d\n", session,
+ session_id_len);
+ _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
+ _gnutls_bin2hex (session_id, session_id_len, buf,
+ sizeof (buf), NULL));
+
+ if (session_id_len > 0 &&
+ session->internals.resumed_security_parameters.session_id_size ==
+ session_id_len
+ && memcmp (session_id,
+ session->internals.resumed_security_parameters.session_id,
+ session_id_len) == 0)
+ {
+ /* resume session */
+ memcpy (session->internals.resumed_security_parameters.server_random,
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ memcpy (session->internals.resumed_security_parameters.client_random,
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+
+ _gnutls_epoch_set_cipher_suite
+ (session, EPOCH_NEXT,
+ &session->internals.
+ resumed_security_parameters.current_cipher_suite);
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT,
+ session->
+ internals.resumed_compression_method);
+
+ session->internals.resumed = RESUME_TRUE; /* we are resuming */
+
+ return 0;
+ }
+ else
+ {
+ /* keep the new session id */
+ session->internals.resumed = RESUME_FALSE; /* we are not resuming */
+ session->security_parameters.session_id_size = session_id_len;
+ memcpy (session->security_parameters.session_id,
+ session_id, session_id_len);
+
+ return -1;
+ }
+}
+
+
+/* This function reads and parses the server hello handshake message.
+ * This function also restores resumed parameters if we are resuming a
+ * session.
+ */
+static int
+_gnutls_read_server_hello (gnutls_session_t session,
+ opaque * data, int datalen)
+{
+ uint8_t session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ gnutls_protocol_t version;
+ int len = datalen;
+
+ if (datalen < 38)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ _gnutls_handshake_log ("HSK[%p]: Server's version: %d.%d\n",
+ session, data[pos], data[pos + 1]);
+
+ DECR_LEN (len, 2);
+ version = _gnutls_version_get (data[pos], data[pos + 1]);
+ if (_gnutls_version_is_supported (session, version) == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ else
+ {
+ _gnutls_set_current_version (session, version);
+ }
+
+ pos += 2;
+
+ DECR_LEN (len, GNUTLS_RANDOM_SIZE);
+ _gnutls_set_server_random (session, &data[pos]);
+ pos += GNUTLS_RANDOM_SIZE;
+
+
+ /* Read session ID
+ */
+ DECR_LEN (len, 1);
+ session_id_len = data[pos++];
+
+ if (len < session_id_len)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ DECR_LEN (len, session_id_len);
+
+ /* check if we are resuming and set the appropriate
+ * values;
+ */
+ if (_gnutls_client_check_if_resuming
+ (session, &data[pos], session_id_len) == 0)
+ {
+ pos += session_id_len + 2 + 1;
+ DECR_LEN (len, 2 + 1);
+
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_MANDATORY,
+ &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
+
+ pos += session_id_len;
+
+ /* Check if the given cipher suite is supported and copy
+ * it to the session.
+ */
+
+ DECR_LEN (len, 2);
+ ret = _gnutls_client_set_ciphersuite (session, &data[pos]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ pos += 2;
+
+ /* move to compression
+ */
+ DECR_LEN (len, 1);
+
+ ret = _gnutls_client_set_comp_method (session, data[pos++]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM;
+ }
+
+ /* Parse extensions.
+ */
+ ret = _gnutls_parse_extensions (session, GNUTLS_EXT_ANY, &data[pos], len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+}
+
+
+/* This function copies the appropriate ciphersuites to a locally allocated buffer
+ * Needed in client hello messages. Returns the new data length. If add_scsv is
+ * true, add the special safe renegotiation CS.
+ */
+static int
+_gnutls_copy_ciphersuites (gnutls_session_t session,
+ opaque * ret_data, size_t ret_data_size,
+ int add_scsv)
+{
+ int ret, i;
+ cipher_suite_st *cipher_suites;
+ uint16_t cipher_num;
+ int datalen, pos;
+ uint16_t loop_max;
+
+ ret = _gnutls_supported_ciphersuites_sorted (session, &cipher_suites);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Here we remove any ciphersuite that does not conform
+ * the certificate requested, or to the
+ * authentication requested (eg SRP).
+ */
+ ret =
+ _gnutls_remove_unwanted_ciphersuites (session, &cipher_suites, ret, -1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (cipher_suites);
+ return ret;
+ }
+
+ /* If no cipher suites were enabled.
+ */
+ if (ret == 0)
+ {
+ gnutls_assert ();
+ gnutls_free (cipher_suites);
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (add_scsv)
+ ++ret;
+
+ cipher_num = ret;
+
+ cipher_num *= sizeof (uint16_t); /* in order to get bytes */
+
+ datalen = pos = 0;
+
+ datalen += sizeof (uint16_t) + cipher_num;
+
+ if ((size_t) datalen > ret_data_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ _gnutls_write_uint16 (cipher_num, ret_data);
+ pos += 2;
+
+ loop_max = add_scsv ? cipher_num - 2 : cipher_num;
+
+ for (i = 0; i < (loop_max / 2); i++)
+ {
+ memcpy (&ret_data[pos], cipher_suites[i].suite, 2);
+ pos += 2;
+ }
+
+ if (add_scsv)
+ {
+ /* Safe renegotiation signalling CS value is { 0x00, 0xff } */
+ ret_data[pos++] = 0x00;
+ ret_data[pos++] = 0xff;
+ ret = _gnutls_ext_sr_send_cs (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (cipher_suites);
+ return ret;
+ }
+ }
+
+ gnutls_free (cipher_suites);
+
+ return datalen;
+}
+
+
+/* This function copies the appropriate compression methods, to a locally allocated buffer
+ * Needed in hello messages. Returns the new data length.
+ */
+static int
+_gnutls_copy_comp_methods (gnutls_session_t session,
+ opaque * ret_data, size_t ret_data_size)
+{
+ int ret, i;
+ uint8_t *compression_methods, comp_num;
+ int datalen, pos;
+
+ ret = _gnutls_supported_compression_methods (session, &compression_methods);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ comp_num = ret;
+
+ datalen = pos = 0;
+ datalen += comp_num + 1;
+
+ if ((size_t) datalen > ret_data_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret_data[pos++] = comp_num; /* put the number of compression methods */
+
+ for (i = 0; i < comp_num; i++)
+ {
+ ret_data[pos++] = compression_methods[i];
+ }
+
+ gnutls_free (compression_methods);
+
+ return datalen;
+}
+
+/* This should be sufficient by now. It should hold all the extensions
+ * plus the headers in a hello message.
+ */
+#define MAX_EXT_DATA_LENGTH 32*1024
+
+/* This function sends the client hello handshake message.
+ */
+static int
+_gnutls_send_client_hello (gnutls_session_t session, int again)
+{
+ mbuffer_st *bufel = NULL;
+ opaque *data = NULL;
+ int extdatalen;
+ int pos = 0, type;
+ int datalen = 0, ret = 0;
+ opaque rnd[GNUTLS_RANDOM_SIZE];
+ gnutls_protocol_t hver;
+ opaque *extdata = NULL;
+ int rehandshake = 0;
+ uint8_t session_id_len =
+ session->internals.resumed_security_parameters.session_id_size;
+
+ /* note that rehandshake is different than resuming
+ */
+ if (session->security_parameters.session_id_size)
+ rehandshake = 1;
+
+ if (again == 0)
+ {
+
+ datalen = 2 + (session_id_len + 1) + GNUTLS_RANDOM_SIZE;
+ /* 2 for version, (4 for unix time + 28 for random bytes==GNUTLS_RANDOM_SIZE)
+ */
+
+ bufel =
+ _gnutls_handshake_alloc (datalen, datalen + MAX_EXT_DATA_LENGTH);
+ if (bufel == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ data = _mbuffer_get_udata_ptr (bufel);
+ extdatalen = MAX_EXT_DATA_LENGTH;
+
+ extdata = gnutls_malloc (extdatalen);
+ if (extdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* if we are resuming a session then we set the
+ * version number to the previously established.
+ */
+ if (session_id_len == 0)
+ {
+ if (rehandshake) /* already negotiated version thus version_max == negotiated version */
+ hver = session->security_parameters.version;
+ else /* new handshake. just get the max */
+ hver = _gnutls_version_max (session);
+ }
+ else
+ {
+ /* we are resuming a session */
+ hver = session->internals.resumed_security_parameters.version;
+ }
+
+ if (hver == GNUTLS_VERSION_UNKNOWN || hver == 0)
+ {
+ gnutls_assert ();
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ data[pos++] = _gnutls_version_get_major (hver);
+ data[pos++] = _gnutls_version_get_minor (hver);
+
+ /* Set the version we advertized as maximum
+ * (RSA uses it).
+ */
+ _gnutls_set_adv_version (session, hver);
+ _gnutls_set_current_version (session, hver);
+
+ if (session->internals.priorities.ssl3_record_version != 0)
+ {
+ /* Advertize the SSL 3.0 record packet version in
+ * record packets during the handshake.
+ * That is to avoid confusing implementations
+ * that do not support TLS 1.2 and don't know
+ * how 3,3 version of record packets look like.
+ */
+ _gnutls_record_set_default_version (session, 3, 0);
+ }
+
+ /* In order to know when this session was initiated.
+ */
+ session->security_parameters.timestamp = time (NULL);
+
+ /* Generate random data
+ */
+ _gnutls_tls_create_random (rnd);
+ _gnutls_set_client_random (session, rnd);
+
+ memcpy (&data[pos], rnd, GNUTLS_RANDOM_SIZE);
+ pos += GNUTLS_RANDOM_SIZE;
+
+ /* Copy the Session ID
+ */
+ data[pos++] = session_id_len;
+
+ if (session_id_len > 0)
+ {
+ memcpy (&data[pos],
+ session->internals.resumed_security_parameters.session_id,
+ session_id_len);
+ pos += session_id_len;
+ }
+
+
+ /* Copy the ciphersuites.
+ *
+ * If using SSLv3 Send TLS_RENEGO_PROTECTION_REQUEST SCSV for MITM
+ * prevention on initial negotiation (but not renegotiation; that's
+ * handled with the RI extension below).
+ */
+ if (!session->internals.initial_negotiation_completed &&
+ session->security_parameters.entity == GNUTLS_CLIENT &&
+ gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ ret =
+ _gnutls_copy_ciphersuites (session, extdata, extdatalen, TRUE);
+ _gnutls_extension_list_add (session,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION);
+ }
+ else
+ ret = _gnutls_copy_ciphersuites (session, extdata, extdatalen, FALSE);
+
+ if (ret > 0)
+ {
+ ret = _mbuffer_append_data (bufel, extdata, ret);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (extdata);
+ return ret;
+ }
+ }
+ else
+ {
+ if (extdatalen == 0)
+ extdatalen = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ /* Copy the compression methods.
+ */
+ ret = _gnutls_copy_comp_methods (session, extdata, extdatalen);
+ if (ret > 0)
+ {
+ ret = _mbuffer_append_data (bufel, extdata, ret);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (extdata);
+ return ret;
+ }
+ }
+ else
+ {
+ if (extdatalen == 0)
+ extdatalen = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Generate and copy TLS extensions.
+ */
+ if (_gnutls_version_has_extensions (hver))
+ type = GNUTLS_EXT_ANY;
+ else
+ {
+ if (session->internals.initial_negotiation_completed != 0)
+ type = GNUTLS_EXT_MANDATORY;
+ else
+ type = GNUTLS_EXT_NONE;
+ }
+
+ ret = _gnutls_gen_extensions (session, extdata, extdatalen, type);
+
+ if (ret > 0)
+ {
+ ret = _mbuffer_append_data (bufel, extdata, ret);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (extdata);
+ return ret;
+ }
+ }
+ else if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (bufel);
+ gnutls_free (extdata);
+ return ret;
+ }
+ }
+
+ gnutls_free (extdata);
+
+ ret =
+ _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_CLIENT_HELLO);
+
+ return ret;
+}
+
+static int
+_gnutls_send_server_hello (gnutls_session_t session, int again)
+{
+ mbuffer_st *bufel = NULL;
+ opaque *data = NULL;
+ opaque *extdata = NULL;
+ int extdatalen;
+ int pos = 0;
+ int datalen, ret = 0;
+ uint8_t comp;
+ uint8_t session_id_len = session->security_parameters.session_id_size;
+ opaque buf[2 * TLS_MAX_SESSION_ID_SIZE + 1];
+
+ datalen = 0;
+
+ if (again == 0)
+ {
+
+ extdata = gnutls_malloc (MAX_EXT_DATA_LENGTH);
+ if (extdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ datalen = 2 + session_id_len + 1 + GNUTLS_RANDOM_SIZE + 3;
+ ret =
+ _gnutls_gen_extensions (session, extdata, MAX_EXT_DATA_LENGTH,
+ GNUTLS_EXT_ANY);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+ extdatalen = ret;
+
+ bufel =
+ _gnutls_handshake_alloc (datalen + extdatalen, datalen + extdatalen);
+ if (bufel == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto fail;
+ }
+ data = _mbuffer_get_udata_ptr (bufel);
+
+ data[pos++] =
+ _gnutls_version_get_major (session->security_parameters.version);
+ data[pos++] =
+ _gnutls_version_get_minor (session->security_parameters.version);
+
+ memcpy (&data[pos],
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ pos += GNUTLS_RANDOM_SIZE;
+
+ data[pos++] = session_id_len;
+ if (session_id_len > 0)
+ {
+ memcpy (&data[pos], session->security_parameters.session_id,
+ session_id_len);
+ }
+ pos += session_id_len;
+
+ _gnutls_handshake_log ("HSK[%p]: SessionID: %s\n", session,
+ _gnutls_bin2hex (session->security_parameters.
+ session_id, session_id_len, buf,
+ sizeof (buf), NULL));
+
+ memcpy (&data[pos],
+ session->security_parameters.current_cipher_suite.suite, 2);
+ pos += 2;
+
+ comp =
+ (uint8_t) _gnutls_compression_get_num (session->internals.
+ compression_method);
+ data[pos++] = comp;
+
+
+ if (extdatalen > 0)
+ {
+ datalen += extdatalen;
+
+ memcpy (&data[pos], extdata, extdatalen);
+ }
+ }
+
+ ret =
+ _gnutls_send_handshake (session, bufel, GNUTLS_HANDSHAKE_SERVER_HELLO);
+
+fail:
+ gnutls_free (extdata);
+ return ret;
+}
+
+int
+_gnutls_send_hello (gnutls_session_t session, int again)
+{
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ ret = _gnutls_send_client_hello (session, again);
+
+ }
+ else
+ { /* SERVER */
+ ret = _gnutls_send_server_hello (session, again);
+ }
+
+ return ret;
+}
+
+/* RECEIVE A HELLO MESSAGE. This should be called from gnutls_recv_handshake_int only if a
+ * hello message is expected. It uses the security_parameters.current_cipher_suite
+ * and internals.compression_method.
+ */
+int
+_gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen)
+{
+ int ret;
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ ret = _gnutls_read_server_hello (session, data, datalen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ else
+ { /* Server side reading a client hello */
+
+ ret = _gnutls_read_client_hello (session, data, datalen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_ext_sr_verify (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/* The packets in gnutls_handshake (it's more broad than original TLS handshake)
+ *
+ * Client Server
+ *
+ * ClientHello -------->
+ * <-------- ServerHello
+ *
+ * Certificate*
+ * ServerKeyExchange*
+ * <-------- CertificateRequest*
+ *
+ * <-------- ServerHelloDone
+ * Certificate*
+ * ClientKeyExchange
+ * CertificateVerify*
+ * [ChangeCipherSpec]
+ * Finished -------->
+ * NewSessionTicket
+ * [ChangeCipherSpec]
+ * <-------- Finished
+ *
+ * (*): means optional packet.
+ */
+
+/* Handshake when resumming session:
+ * Client Server
+ *
+ * ClientHello -------->
+ * ServerHello
+ * [ChangeCipherSpec]
+ * <-------- Finished
+ * [ChangeCipherSpec]
+ * Finished -------->
+ *
+ */
+
+/**
+ * gnutls_rehandshake:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function will renegotiate security parameters with the
+ * client. This should only be called in case of a server.
+ *
+ * This message informs the peer that we want to renegotiate
+ * parameters (perform a handshake).
+ *
+ * If this function succeeds (returns 0), you must call the
+ * gnutls_handshake() function in order to negotiate the new
+ * parameters.
+ *
+ * Since TLS is full duplex some application data might have been
+ * sent during peer's processing of this message. In that case
+ * one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE
+ * is returned to clear any pending data. Care must be taken if
+ * rehandshake is mandatory to terminate if it does not start after
+ * some threshold.
+ *
+ * If the client does not wish to renegotiate parameters he will
+ * should with an alert message, thus the return code will be
+ * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be
+ * %GNUTLS_A_NO_RENEGOTIATION. A client may also choose to ignore
+ * this message.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_rehandshake (gnutls_session_t session)
+{
+ int ret;
+
+ /* only server sends that handshake packet */
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ ret =
+ _gnutls_send_empty_handshake (session, GNUTLS_HANDSHAKE_HELLO_REQUEST,
+ AGAIN (STATE50));
+ STATE = STATE50;
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ STATE = STATE0;
+
+ return 0;
+}
+
+inline static int
+_gnutls_abort_handshake (gnutls_session_t session, int ret)
+{
+ if (((ret == GNUTLS_E_WARNING_ALERT_RECEIVED) &&
+ (gnutls_alert_get (session) == GNUTLS_A_NO_RENEGOTIATION))
+ || ret == GNUTLS_E_GOT_APPLICATION_DATA)
+ return 0;
+
+ /* this doesn't matter */
+ return GNUTLS_E_INTERNAL_ERROR;
+}
+
+
+/* This function initialized the handshake hash session.
+ * required for finished messages.
+ */
+static int
+_gnutls_handshake_hash_init (gnutls_session_t session)
+{
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ if (session->internals.handshake_mac_handle_init == 0)
+ {
+ int ret;
+
+ /* set the hash type for handshake message hashing */
+ if (_gnutls_version_has_selectable_prf (ver))
+ session->security_parameters.handshake_mac_handle_type =
+ HANDSHAKE_MAC_TYPE_12;
+ else
+ session->security_parameters.handshake_mac_handle_type =
+ HANDSHAKE_MAC_TYPE_10;
+
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.
+ md5, GNUTLS_MAC_MD5);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls10.
+ sha, GNUTLS_MAC_SHA1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.
+ tls10.md5, NULL);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ /* The algorithm to compute hash over handshake messages must be
+ same as the one used as the basis for PRF. By now we use
+ SHA256. */
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.
+ sha256, GNUTLS_DIG_SHA256);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ _gnutls_hash_init (&session->internals.handshake_mac_handle.tls12.
+ sha1, GNUTLS_DIG_SHA1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&session->internals.handshake_mac_handle.
+ tls12.sha256, NULL);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+
+ session->internals.handshake_mac_handle_init = 1;
+ }
+
+ return 0;
+}
+
+static int
+_gnutls_send_supplemental (gnutls_session_t session, int again)
+{
+ mbuffer_st *bufel;
+ int ret = 0;
+
+ _gnutls_debug_log ("EXT[%p]: Sending supplemental data\n", session);
+
+ if (again)
+ ret =
+ _gnutls_send_handshake (session, NULL, GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ else
+ {
+ gnutls_buffer_st buf;
+ _gnutls_buffer_init (&buf);
+
+ ret = _gnutls_gen_supplemental (session, &buf);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ bufel = _gnutls_handshake_alloc (buf.length, buf.length);
+ if (bufel == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _mbuffer_set_udata (bufel, buf.data, buf.length);
+ _gnutls_buffer_clear (&buf);
+
+ ret = _gnutls_send_handshake (session, bufel,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL);
+ }
+
+ return ret;
+}
+
+static int
+_gnutls_recv_supplemental (gnutls_session_t session)
+{
+ uint8_t *data = NULL;
+ int datalen = 0;
+ int ret;
+
+ _gnutls_debug_log ("EXT[%p]: Expecting supplemental data\n", session);
+
+ ret = _gnutls_recv_handshake (session, &data, &datalen,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL,
+ OPTIONAL_PACKET);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_parse_supplemental (session, data, datalen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ gnutls_free (data);
+
+ return ret;
+}
+
+/**
+ * gnutls_handshake:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function does the handshake of the TLS/SSL protocol, and
+ * initializes the TLS connection.
+ *
+ * This function will fail if any problem is encountered, and will
+ * return a negative error code. In case of a client, if the client
+ * has asked to resume a session, but the server couldn't, then a
+ * full handshake will be performed.
+ *
+ * The non-fatal errors such as %GNUTLS_E_AGAIN and
+ * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which
+ * should be later be resumed. Call this function again, until it
+ * returns 0; cf. gnutls_record_get_direction() and
+ * gnutls_error_is_fatal().
+ *
+ * If this function is called by a server after a rehandshake request
+ * then %GNUTLS_E_GOT_APPLICATION_DATA or
+ * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these
+ * are non fatal errors, only in the specific case of a rehandshake.
+ * Their meaning is that the client rejected the rehandshake request or
+ * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that
+ * some data were pending.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_handshake (gnutls_session_t session)
+{
+ int ret;
+ record_parameters_st *params;
+
+ ret = _gnutls_epoch_get (session, session->security_parameters.epoch_next,
+ ¶ms);
+ if (ret < 0)
+ {
+ /* We assume the epoch is not allocated if _gnutls_epoch_get fails. */
+ ret =
+ _gnutls_epoch_alloc (session, session->security_parameters.epoch_next,
+ NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ ret = _gnutls_handshake_client (session);
+ }
+ else
+ {
+ ret = _gnutls_handshake_server (session);
+ }
+ if (ret < 0)
+ {
+ /* In the case of a rehandshake abort
+ * we should reset the handshake's internal state.
+ */
+ if (_gnutls_abort_handshake (session, ret) == 0)
+ STATE = STATE0;
+
+ return ret;
+ }
+
+ ret = _gnutls_handshake_common (session);
+
+ if (ret < 0)
+ {
+ if (_gnutls_abort_handshake (session, ret) == 0)
+ STATE = STATE0;
+
+ return ret;
+ }
+
+ STATE = STATE0;
+
+ _gnutls_handshake_io_buffer_clear (session);
+ _gnutls_handshake_internal_state_clear (session);
+
+ session->security_parameters.epoch_next++;
+
+ return 0;
+}
+
+
+#define IMED_RET( str, ret, allow_alert) do { \
+ if (ret < 0) { \
+ /* EAGAIN and INTERRUPTED are always non-fatal */ \
+ if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED) \
+ return ret; \
+ /* a warning alert might interrupt handshake */ \
+ if (allow_alert != 0 && ret==GNUTLS_E_WARNING_ALERT_RECEIVED) return ret; \
+ gnutls_assert(); \
+ ERR( str, ret); \
+ _gnutls_handshake_hash_buffers_clear(session); \
+ return ret; \
+ } } while (0)
+
+
+
+/*
+ * _gnutls_handshake_client
+ * This function performs the client side of the handshake of the TLS/SSL protocol.
+ */
+int
+_gnutls_handshake_client (gnutls_session_t session)
+{
+ int ret = 0;
+
+#ifdef HANDSHAKE_DEBUG
+ char buf[64];
+
+ if (session->internals.resumed_security_parameters.session_id_size > 0)
+ _gnutls_handshake_log ("HSK[%p]: Ask to resume: %s\n", session,
+ _gnutls_bin2hex (session->
+ internals.resumed_security_parameters.session_id,
+ session->
+ internals.resumed_security_parameters.session_id_size,
+ buf, sizeof (buf), NULL));
+#endif
+
+ switch (STATE)
+ {
+ case STATE0:
+ case STATE1:
+ ret = _gnutls_send_hello (session, AGAIN (STATE1));
+ STATE = STATE1;
+ IMED_RET ("send hello", ret, 1);
+
+ case STATE2:
+ /* receive the server hello */
+ ret =
+ _gnutls_recv_handshake (session, NULL, NULL,
+ GNUTLS_HANDSHAKE_SERVER_HELLO,
+ MANDATORY_PACKET);
+ STATE = STATE2;
+ IMED_RET ("recv hello", ret, 1);
+
+ case STATE70:
+ if (session->security_parameters.do_recv_supplemental)
+ {
+ ret = _gnutls_recv_supplemental (session);
+ STATE = STATE70;
+ IMED_RET ("recv supplemental", ret, 1);
+ }
+
+ case STATE3:
+ /* RECV CERTIFICATE */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate (session);
+ STATE = STATE3;
+ IMED_RET ("recv server certificate", ret, 1);
+
+ case STATE4:
+ /* receive the server key exchange */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_kx_message (session);
+ STATE = STATE4;
+ IMED_RET ("recv server kx message", ret, 1);
+
+ case STATE5:
+ /* receive the server certificate request - if any
+ */
+
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_server_certificate_request (session);
+ STATE = STATE5;
+ IMED_RET ("recv server certificate request message", ret, 1);
+
+ case STATE6:
+ /* receive the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_recv_handshake (session, NULL, NULL,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ MANDATORY_PACKET);
+ STATE = STATE6;
+ IMED_RET ("recv server hello done", ret, 1);
+
+ case STATE71:
+ if (session->security_parameters.do_send_supplemental)
+ {
+ ret = _gnutls_send_supplemental (session, AGAIN (STATE71));
+ STATE = STATE71;
+ IMED_RET ("send supplemental", ret, 0);
+ }
+
+ case STATE7:
+ /* send our certificate - if any and if requested
+ */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_send_client_certificate (session, AGAIN (STATE7));
+ STATE = STATE7;
+ IMED_RET ("send client certificate", ret, 0);
+
+ case STATE8:
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_send_client_kx_message (session, AGAIN (STATE8));
+ STATE = STATE8;
+ IMED_RET ("send client kx", ret, 0);
+
+ case STATE9:
+ /* send client certificate verify */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_client_certificate_verify (session, AGAIN (STATE9));
+ STATE = STATE9;
+ IMED_RET ("send client certificate verify", ret, 1);
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+
+ return 0;
+}
+
+/* This function sends the final handshake packets and initializes connection
+ */
+static int
+_gnutls_send_handshake_final (gnutls_session_t session, int init)
+{
+ int ret = 0;
+
+ /* Send the CHANGE CIPHER SPEC PACKET */
+
+ switch (STATE)
+ {
+ case STATE0:
+ case STATE20:
+
+ STATE = STATE20;
+
+ ret = _gnutls_handshake_io_write_flush (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ case STATE21:
+ ret = _gnutls_send_change_cipher_spec (session, AGAIN (STATE21));
+ STATE = STATE21;
+
+ if (ret < 0)
+ {
+ ERR ("send ChangeCipherSpec", ret);
+ gnutls_assert ();
+ return ret;
+ }
+ /* Initialize the connection session (start encryption) - in case of client
+ */
+ if (init == TRUE)
+ {
+ ret = _gnutls_connection_state_init (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_write_connection_state_init (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ case STATE22:
+ /* send the finished message */
+ ret = _gnutls_send_finished (session, AGAIN (STATE22));
+ STATE = STATE22;
+ if (ret < 0)
+ {
+ ERR ("send Finished", ret);
+ gnutls_assert ();
+ return ret;
+ }
+
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+ return 0;
+}
+
+/* This function receives the final handshake packets
+ * And executes the appropriate function to initialize the
+ * read session.
+ */
+static int
+_gnutls_recv_handshake_final (gnutls_session_t session, int init)
+{
+ int ret = 0;
+ uint8_t ch;
+
+ switch (STATE)
+ {
+ case STATE0:
+ case STATE30:
+ ret = _gnutls_recv_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1, &ch, 1);
+ STATE = STATE30;
+ if (ret <= 0)
+ {
+ ERR ("recv ChangeCipherSpec", ret);
+ gnutls_assert ();
+ return (ret < 0) ? ret : GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* Initialize the connection session (start encryption) - in case of server */
+ if (init == TRUE)
+ {
+ ret = _gnutls_connection_state_init (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ ret = _gnutls_read_connection_state_init (session);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ case STATE31:
+ ret = _gnutls_recv_finished (session);
+ STATE = STATE31;
+ if (ret < 0)
+ {
+ ERR ("recv finished", ret);
+ gnutls_assert ();
+ return ret;
+ }
+ STATE = STATE0;
+ default:
+ break;
+ }
+
+
+ return 0;
+}
+
+/*
+ * _gnutls_handshake_server
+ * This function does the server stuff of the handshake protocol.
+ */
+int
+_gnutls_handshake_server (gnutls_session_t session)
+{
+ int ret = 0;
+
+ switch (STATE)
+ {
+ case STATE0:
+ case STATE1:
+ ret =
+ _gnutls_recv_handshake (session, NULL, NULL,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO,
+ MANDATORY_PACKET);
+ STATE = STATE1;
+ IMED_RET ("recv hello", ret, 1);
+
+ case STATE2:
+ ret = _gnutls_send_hello (session, AGAIN (STATE2));
+ STATE = STATE2;
+ IMED_RET ("send hello", ret, 1);
+
+ case STATE70:
+ if (session->security_parameters.do_send_supplemental)
+ {
+ ret = _gnutls_send_supplemental (session, AGAIN (STATE70));
+ STATE = STATE70;
+ IMED_RET ("send supplemental data", ret, 0);
+ }
+
+ /* SEND CERTIFICATE + KEYEXCHANGE + CERTIFICATE_REQUEST */
+ case STATE3:
+ /* NOTE: these should not be send if we are resuming */
+
+ if (session->internals.resumed == RESUME_FALSE)
+ ret = _gnutls_send_server_certificate (session, AGAIN (STATE3));
+ STATE = STATE3;
+ IMED_RET ("send server certificate", ret, 0);
+
+ case STATE4:
+ /* send server key exchange (A) */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret = _gnutls_send_server_kx_message (session, AGAIN (STATE4));
+ STATE = STATE4;
+ IMED_RET ("send server kx", ret, 0);
+
+ case STATE5:
+ /* Send certificate request - if requested to */
+ if (session->internals.resumed == RESUME_FALSE)
+ ret =
+ _gnutls_send_server_certificate_request (session, AGAIN (STATE5));
+ STATE = STATE5;
+ IMED_RET ("send server cert request", ret, 0);
+
+ case STATE6:
+ /* send the server hello done */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret =
+ _gnutls_send_empty_handshake (session,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE,
+ AGAIN (STATE6));
+ STATE = STATE6;
+ IMED_RET ("send server hello done", ret, 1);
+
+ case STATE71:
+ if (session->security_parameters.do_recv_supplemental)
+ {
+ ret = _gnutls_recv_supplemental (session);
+ STATE = STATE71;
+ IMED_RET ("recv client supplemental", ret, 1);
+ }
+
+ /* RECV CERTIFICATE + KEYEXCHANGE + CERTIFICATE_VERIFY */
+ case STATE7:
+ /* receive the client certificate message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate (session);
+ STATE = STATE7;
+ IMED_RET ("recv client certificate", ret, 1);
+
+ case STATE8:
+ /* receive the client key exchange message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_kx_message (session);
+ STATE = STATE8;
+ IMED_RET ("recv client kx", ret, 1);
+
+ case STATE9:
+ /* receive the client certificate verify message */
+ if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
+ ret = _gnutls_recv_client_certificate_verify_message (session);
+ STATE = STATE9;
+ IMED_RET ("recv client certificate verify", ret, 1);
+
+ STATE = STATE0; /* finished thus clear session */
+ default:
+ break;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_handshake_common (gnutls_session_t session)
+{
+ int ret = 0;
+
+ /* send and recv the change cipher spec and finished messages */
+ if ((session->internals.resumed == RESUME_TRUE
+ && session->security_parameters.entity == GNUTLS_CLIENT)
+ || (session->internals.resumed == RESUME_FALSE
+ && session->security_parameters.entity == GNUTLS_SERVER))
+ {
+ /* if we are a client resuming - or we are a server not resuming */
+
+ ret = _gnutls_recv_handshake_final (session, TRUE);
+ IMED_RET ("recv handshake final", ret, 1);
+
+#ifdef ENABLE_SESSION_TICKET
+ switch (STATE)
+ {
+ case STATE0:
+ case STATE40:
+ ret = _gnutls_send_new_session_ticket (session, AGAIN (STATE40));
+ STATE = STATE40;
+ IMED_RET ("send handshake new session ticket", ret, 0);
+ STATE = STATE0;
+ default:
+ break;
+ }
+#endif
+
+ ret = _gnutls_send_handshake_final (session, FALSE);
+ IMED_RET ("send handshake final", ret, 1);
+
+ /* only store if we are not resuming */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ /* in order to support session resuming */
+ _gnutls_server_register_current_session (session);
+ }
+ }
+ else
+ { /* if we are a client not resuming - or we are a server resuming */
+
+ ret = _gnutls_send_handshake_final (session, TRUE);
+ IMED_RET ("send handshake final 2", ret, 1);
+
+#ifdef ENABLE_SESSION_TICKET
+ switch (STATE)
+ {
+ case STATE0:
+ case STATE41:
+ ret = _gnutls_recv_new_session_ticket (session);
+ STATE = STATE41;
+ IMED_RET ("recv handshake new session ticket", ret, 1);
+ STATE = STATE0;
+ default:
+ break;
+ }
+#endif
+
+ ret = _gnutls_recv_handshake_final (session, FALSE);
+ IMED_RET ("recv handshake final 2", ret, 1);
+
+ }
+
+
+ /* clear handshake buffer */
+ _gnutls_handshake_hash_buffers_clear (session);
+ return ret;
+
+}
+
+int
+_gnutls_generate_session_id (opaque * session_id, uint8_t * len)
+{
+ int ret;
+
+ *len = TLS_MAX_SESSION_ID_SIZE;
+
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, session_id, *len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_recv_hello_request (gnutls_session_t session, void *data,
+ uint32_t data_size)
+{
+ uint8_t type;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+ if (data_size < 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ type = ((uint8_t *) data)[0];
+ if (type == GNUTLS_HANDSHAKE_HELLO_REQUEST)
+ return GNUTLS_E_REHANDSHAKE;
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+}
+
+/* Returns 1 if the given KX has not the corresponding parameters
+ * (DH or RSA) set up. Otherwise returns 0.
+ */
+inline static int
+check_server_params (gnutls_session_t session,
+ gnutls_kx_algorithm_t kx,
+ gnutls_kx_algorithm_t * alg, int alg_size)
+{
+ int cred_type;
+ gnutls_dh_params_t dh_params = NULL;
+ gnutls_rsa_params_t rsa_params = NULL;
+ int j;
+
+ cred_type = _gnutls_map_kx_get_cred (kx, 1);
+
+ /* Read the Diffie-Hellman parameters, if any.
+ */
+ if (cred_type == GNUTLS_CRD_CERTIFICATE)
+ {
+ int delete;
+ gnutls_certificate_credentials_t x509_cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ cred_type, NULL);
+
+ if (x509_cred != NULL)
+ {
+ dh_params =
+ _gnutls_get_dh_params (x509_cred->dh_params,
+ x509_cred->params_func, session);
+ rsa_params =
+ _gnutls_certificate_get_rsa_params (x509_cred->rsa_params,
+ x509_cred->params_func,
+ session);
+ }
+
+ /* Check also if the certificate supports the
+ * KX method.
+ */
+ delete = 1;
+ for (j = 0; j < alg_size; j++)
+ {
+ if (alg[j] == kx)
+ {
+ delete = 0;
+ break;
+ }
+ }
+
+ if (delete == 1)
+ return 1;
+
+#ifdef ENABLE_ANON
+ }
+ else if (cred_type == GNUTLS_CRD_ANON)
+ {
+ gnutls_anon_server_credentials_t anon_cred =
+ (gnutls_anon_server_credentials_t) _gnutls_get_cred (session->key,
+ cred_type, NULL);
+
+ if (anon_cred != NULL)
+ {
+ dh_params =
+ _gnutls_get_dh_params (anon_cred->dh_params,
+ anon_cred->params_func, session);
+ }
+#endif
+#ifdef ENABLE_PSK
+ }
+ else if (cred_type == GNUTLS_CRD_PSK)
+ {
+ gnutls_psk_server_credentials_t psk_cred =
+ (gnutls_psk_server_credentials_t) _gnutls_get_cred (session->key,
+ cred_type, NULL);
+
+ if (psk_cred != NULL)
+ {
+ dh_params =
+ _gnutls_get_dh_params (psk_cred->dh_params, psk_cred->params_func,
+ session);
+ }
+#endif
+ }
+ else
+ return 0; /* no need for params */
+
+
+ /* If the key exchange method needs RSA or DH params,
+ * but they are not set then remove it.
+ */
+ if (_gnutls_kx_needs_rsa_params (kx) != 0)
+ {
+ /* needs rsa params. */
+ if (_gnutls_rsa_params_to_mpi (rsa_params) == NULL)
+ {
+ gnutls_assert ();
+ return 1;
+ }
+ }
+
+ if (_gnutls_kx_needs_dh_params (kx) != 0)
+ {
+ /* needs DH params. */
+ if (_gnutls_dh_params_to_mpi (dh_params) == NULL)
+ {
+ gnutls_assert ();
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+/* This function will remove algorithms that are not supported by
+ * the requested authentication method. We remove an algorithm if
+ * we have a certificate with keyUsage bits set.
+ *
+ * This does a more high level check than gnutls_supported_ciphersuites(),
+ * by checking certificates etc.
+ */
+int
+_gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
+ cipher_suite_st ** cipherSuites,
+ int numCipherSuites,
+ gnutls_pk_algorithm_t requested_pk_algo)
+{
+
+ int ret = 0;
+ cipher_suite_st *newSuite, cs;
+ int newSuiteSize = 0, i;
+ gnutls_certificate_credentials_t cert_cred;
+ gnutls_kx_algorithm_t kx;
+ int server = session->security_parameters.entity == GNUTLS_SERVER ? 1 : 0;
+ gnutls_kx_algorithm_t *alg = NULL;
+ int alg_size = 0;
+
+ /* if we should use a specific certificate,
+ * we should remove all algorithms that are not supported
+ * by that certificate and are on the same authentication
+ * method (CERTIFICATE).
+ */
+
+ cert_cred =
+ (gnutls_certificate_credentials_t) _gnutls_get_cred (session->key,
+ GNUTLS_CRD_CERTIFICATE,
+ NULL);
+
+ /* If there are certificate credentials, find an appropriate certificate
+ * or disable them;
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER
+ && cert_cred != NULL)
+ {
+ ret = _gnutls_server_select_cert (session, requested_pk_algo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("Could not find an appropriate certificate: %s\n",
+ gnutls_strerror (ret));
+ cert_cred = NULL;
+ }
+ }
+
+ /* get all the key exchange algorithms that are
+ * supported by the X509 certificate parameters.
+ */
+ if ((ret =
+ _gnutls_selected_cert_supported_kx (session, &alg, &alg_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ newSuite = gnutls_malloc (numCipherSuites * sizeof (cipher_suite_st));
+ if (newSuite == NULL)
+ {
+ gnutls_assert ();
+ gnutls_free (alg);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* now removes ciphersuites based on the KX algorithm
+ */
+ for (i = 0; i < numCipherSuites; i++)
+ {
+ int delete = 0;
+
+ /* finds the key exchange algorithm in
+ * the ciphersuite
+ */
+ kx = _gnutls_cipher_suite_get_kx_algo (&(*cipherSuites)[i]);
+
+ /* if it is defined but had no credentials
+ */
+ if (_gnutls_get_kx_cred (session, kx, NULL) == NULL)
+ {
+ delete = 1;
+ }
+ else
+ {
+ delete = 0;
+
+ if (server)
+ delete = check_server_params (session, kx, alg, alg_size);
+ }
+
+ /* These two SRP kx's are marked to require a CRD_CERTIFICATE,
+ (see cred_mappings in gnutls_algorithms.c), but it also
+ requires a SRP credential. Don't use SRP kx unless we have a
+ SRP credential too. */
+ if (kx == GNUTLS_KX_SRP_RSA || kx == GNUTLS_KX_SRP_DSS)
+ {
+ if (!_gnutls_get_cred (session->key, GNUTLS_CRD_SRP, NULL))
+ delete = 1;
+ }
+
+ memcpy (&cs.suite, &(*cipherSuites)[i].suite, 2);
+
+ if (delete == 0)
+ {
+
+ _gnutls_handshake_log ("HSK[%p]: Keeping ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name (&cs));
+
+ memcpy (newSuite[newSuiteSize].suite, (*cipherSuites)[i].suite, 2);
+ newSuiteSize++;
+ }
+ else
+ {
+ _gnutls_handshake_log ("HSK[%p]: Removing ciphersuite: %s\n",
+ session,
+ _gnutls_cipher_suite_get_name (&cs));
+
+ }
+ }
+
+ gnutls_free (alg);
+ gnutls_free (*cipherSuites);
+ *cipherSuites = newSuite;
+
+ ret = newSuiteSize;
+
+ return ret;
+
+}
+
+/**
+ * gnutls_handshake_set_max_packet_length:
+ * @session: is a #gnutls_session_t structure.
+ * @max: is the maximum number.
+ *
+ * This function will set the maximum size of all handshake messages.
+ * Handshakes over this size are rejected with
+ * %GNUTLS_E_HANDSHAKE_TOO_LARGE error code. The default value is
+ * 48kb which is typically large enough. Set this to 0 if you do not
+ * want to set an upper limit.
+ *
+ * The reason for restricting the handshake message sizes are to
+ * limit Denial of Service attacks.
+ **/
+void
+gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max)
+{
+ session->internals.max_handshake_data_buffer_size = max;
+}
+
+void
+_gnutls_set_adv_version (gnutls_session_t session, gnutls_protocol_t ver)
+{
+ set_adv_version (session, _gnutls_version_get_major (ver),
+ _gnutls_version_get_minor (ver));
+}
+
+gnutls_protocol_t
+_gnutls_get_adv_version (gnutls_session_t session)
+{
+ return _gnutls_version_get (_gnutls_get_adv_version_major (session),
+ _gnutls_get_adv_version_minor (session));
+}
+
+/**
+ * gnutls_handshake_get_last_in:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function is only useful to check where the last performed
+ * handshake failed. If the previous handshake succeed or was not
+ * performed at all then no meaningful value will be returned.
+ *
+ * Check %gnutls_handshake_description_t in gnutls.h for the
+ * available handshake descriptions.
+ *
+ * Returns: the last handshake message type received, a
+ * %gnutls_handshake_description_t.
+ **/
+gnutls_handshake_description_t
+gnutls_handshake_get_last_in (gnutls_session_t session)
+{
+ return session->internals.last_handshake_in;
+}
+
+/**
+ * gnutls_handshake_get_last_out:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function is only useful to check where the last performed
+ * handshake failed. If the previous handshake succeed or was not
+ * performed at all then no meaningful value will be returned.
+ *
+ * Check %gnutls_handshake_description_t in gnutls.h for the
+ * available handshake descriptions.
+ *
+ * Returns: the last handshake message type sent, a
+ * %gnutls_handshake_description_t.
+ **/
+gnutls_handshake_description_t
+gnutls_handshake_get_last_out (gnutls_session_t session)
+{
+ return session->internals.last_handshake_out;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+typedef enum Optional
+{ OPTIONAL_PACKET, MANDATORY_PACKET } Optional;
+
+int _gnutls_send_handshake (gnutls_session_t session, mbuffer_st * bufel,
+ gnutls_handshake_description_t type);
+int _gnutls_recv_hello_request (gnutls_session_t session, void *data,
+ uint32_t data_size);
+int _gnutls_send_hello (gnutls_session_t session, int again);
+int _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen);
+int _gnutls_recv_handshake (gnutls_session_t session, uint8_t **, int *,
+ gnutls_handshake_description_t,
+ Optional optional);
+int _gnutls_generate_session_id (opaque * session_id, uint8_t * len);
+int _gnutls_handshake_common (gnutls_session_t session);
+int _gnutls_handshake_client (gnutls_session_t session);
+int _gnutls_handshake_server (gnutls_session_t session);
+void _gnutls_set_server_random (gnutls_session_t session, uint8_t * rnd);
+void _gnutls_set_client_random (gnutls_session_t session, uint8_t * rnd);
+int _gnutls_tls_create_random (opaque * dst);
+int _gnutls_remove_unwanted_ciphersuites (gnutls_session_t session,
+ cipher_suite_st ** cipherSuites,
+ int numCipherSuites,
+ gnutls_pk_algorithm_t);
+int _gnutls_find_pk_algos_in_ciphersuites (opaque * data, int datalen);
+int _gnutls_server_select_suite (gnutls_session_t session, opaque * data,
+ int datalen);
+
+int _gnutls_negotiate_version (gnutls_session_t session,
+ gnutls_protocol_t adv_version);
+int _gnutls_user_hello_func (gnutls_session_t session,
+ gnutls_protocol_t adv_version);
+
+void _gnutls_handshake_hash_buffers_clear (gnutls_session_t session);
+
+#define STATE session->internals.handshake_state
+/* This returns true if we have got there
+ * before (and not finished due to an interrupt).
+ */
+#define AGAIN(target) (STATE==target?1:0)
+#define AGAIN2(state, target) (state==target?1:0)
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2004, 2005, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file handles all the internal functions that cope with hashes
+ * and HMACs.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_hash_int.h>
+#include <gnutls_errors.h>
+
+static int
+digest_length (gnutls_digest_algorithm_t algo)
+{
+ switch (algo)
+ {
+ case GNUTLS_DIG_NULL:
+ return 0;
+ case GNUTLS_DIG_MD5:
+ case GNUTLS_DIG_MD2:
+ return 16;
+ case GNUTLS_DIG_SHA1:
+ case GNUTLS_DIG_RMD160:
+ return 20;
+ case GNUTLS_DIG_SHA256:
+ return 32;
+ case GNUTLS_DIG_SHA384:
+ return 48;
+ case GNUTLS_DIG_SHA512:
+ return 64;
+ case GNUTLS_DIG_SHA224:
+ return 28;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+}
+
+int
+_gnutls_hash_init (digest_hd_st * dig, gnutls_digest_algorithm_t algorithm)
+{
+ int result;
+ const gnutls_crypto_digest_st *cc = NULL;
+
+ dig->algorithm = algorithm;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_digest (algorithm);
+ if (cc != NULL)
+ {
+ if (cc->init (algorithm, &dig->handle) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ dig->hash = cc->hash;
+ dig->copy = cc->copy;
+ dig->output = cc->output;
+ dig->deinit = cc->deinit;
+
+ return 0;
+ }
+
+ result = _gnutls_digest_ops.init (algorithm, &dig->handle);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ dig->hash = _gnutls_digest_ops.hash;
+ dig->copy = _gnutls_digest_ops.copy;
+ dig->output = _gnutls_digest_ops.output;
+ dig->deinit = _gnutls_digest_ops.deinit;
+
+ return 0;
+}
+
+/* returns the output size of the given hash/mac algorithm
+ */
+int
+_gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm)
+{
+ return digest_length (algorithm);
+}
+
+int
+_gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen)
+{
+ if (textlen > 0)
+ {
+ handle->hash (handle->handle, text, textlen);
+ }
+ return 0;
+}
+
+int
+_gnutls_hash_copy (digest_hd_st * dst, digest_hd_st * src)
+{
+
+ memset (dst, 0, sizeof (*dst));
+ dst->algorithm = src->algorithm;
+
+ dst->hash = src->hash;
+ dst->copy = src->copy;
+ dst->output = src->output;
+ dst->deinit = src->deinit;
+
+ return src->copy (&dst->handle, src->handle);
+}
+
+/* when the current output is needed without calling deinit
+ */
+void
+_gnutls_hash_output (digest_hd_st * handle, void *digest)
+{
+ size_t maclen;
+
+ maclen = _gnutls_hash_get_algo_len (handle->algorithm);
+
+ if (digest != NULL)
+ {
+ handle->output (handle->handle, digest, maclen);
+ }
+}
+
+void
+_gnutls_hash_deinit (digest_hd_st * handle, void *digest)
+{
+ if (handle->handle == NULL)
+ {
+ return;
+ }
+
+ if (digest != NULL)
+ _gnutls_hash_output (handle, digest);
+
+ handle->deinit (handle->handle);
+ handle->handle = NULL;
+}
+
+int
+_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest)
+{
+ digest_hd_st dig;
+ int ret;
+
+ ret = _gnutls_hash_init (&dig, algorithm);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_hash (&dig, text, textlen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&dig, NULL);
+ return ret;
+ }
+
+ _gnutls_hash_deinit (&dig, digest);
+ return 0;
+}
+
+
+/* HMAC interface */
+
+int
+_gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm)
+{
+ return digest_length (algorithm);
+}
+
+int
+_gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen, void *digest)
+{
+ digest_hd_st dig;
+ int ret;
+
+ ret = _gnutls_hmac_init (&dig, algorithm, key, keylen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_hmac (&dig, text, textlen);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hmac_deinit (&dig, NULL);
+ return ret;
+ }
+
+ _gnutls_hmac_deinit (&dig, digest);
+ return 0;
+}
+
+int
+_gnutls_hmac_init (digest_hd_st * dig, gnutls_mac_algorithm_t algorithm,
+ const void *key, int keylen)
+{
+ int result;
+ const gnutls_crypto_mac_st *cc = NULL;
+
+ dig->algorithm = algorithm;
+ dig->key = key;
+ dig->keysize = keylen;
+
+ /* check if a digest has been registered
+ */
+ cc = _gnutls_get_crypto_mac (algorithm);
+ if (cc != NULL)
+ {
+ if (cc->init (algorithm, &dig->handle) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (cc->setkey (dig->handle, key, keylen) < 0)
+ {
+ gnutls_assert ();
+ cc->deinit (dig->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ dig->hash = cc->hash;
+ dig->output = cc->output;
+ dig->deinit = cc->deinit;
+
+ return 0;
+ }
+
+ result = _gnutls_mac_ops.init (algorithm, &dig->handle);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ dig->hash = _gnutls_mac_ops.hash;
+ dig->output = _gnutls_mac_ops.output;
+ dig->deinit = _gnutls_mac_ops.deinit;
+
+ if (_gnutls_mac_ops.setkey (dig->handle, key, keylen) < 0)
+ {
+ gnutls_assert();
+ dig->deinit(dig->handle);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen)
+{
+ if (textlen > 0)
+ {
+ return handle->hash (handle->handle, text, textlen);
+ }
+ return 0;
+}
+
+void
+_gnutls_hmac_output (digest_hd_st * handle, void *digest)
+{
+ int maclen;
+
+ maclen = _gnutls_hmac_get_algo_len (handle->algorithm);
+
+ if (digest != NULL)
+ {
+ handle->output (handle->handle, digest, maclen);
+ }
+}
+
+void
+_gnutls_hmac_deinit (digest_hd_st * handle, void *digest)
+{
+ if (handle->handle == NULL)
+ {
+ return;
+ }
+
+ if (digest)
+ _gnutls_hmac_output (handle, digest);
+
+ handle->deinit (handle->handle);
+ handle->handle = NULL;
+}
+
+inline static int
+get_padsize (gnutls_mac_algorithm_t algorithm)
+{
+ switch (algorithm)
+ {
+ case GNUTLS_MAC_MD5:
+ return 48;
+ case GNUTLS_MAC_SHA1:
+ return 40;
+ default:
+ return 0;
+ }
+}
+
+
+/* Special functions for SSL3 MAC
+ */
+
+int
+_gnutls_mac_init_ssl3 (digest_hd_st * ret, gnutls_mac_algorithm_t algorithm,
+ void *key, int keylen)
+{
+ opaque ipad[48];
+ int padsize, result;
+
+ padsize = get_padsize (algorithm);
+ if (padsize == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ memset (ipad, 0x36, padsize);
+
+ result = _gnutls_hash_init (ret, algorithm);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ ret->key = key;
+ ret->keysize = keylen;
+
+ if (keylen > 0)
+ _gnutls_hash (ret, key, keylen);
+ _gnutls_hash (ret, ipad, padsize);
+
+ return 0;
+}
+
+void
+_gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest)
+{
+ opaque ret[MAX_HASH_SIZE];
+ digest_hd_st td;
+ opaque opad[48];
+ int padsize;
+ int block, rc;
+
+ padsize = get_padsize (handle->algorithm);
+ if (padsize == 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (handle, NULL);
+ return;
+ }
+
+ memset (opad, 0x5C, padsize);
+
+ rc = _gnutls_hash_init (&td, handle->algorithm);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (handle, NULL);
+ return;
+ }
+
+ if (handle->keysize > 0)
+ _gnutls_hash (&td, handle->key, handle->keysize);
+
+ _gnutls_hash (&td, opad, padsize);
+ block = _gnutls_hmac_get_algo_len (handle->algorithm);
+ _gnutls_hash_deinit (handle, ret); /* get the previous hash */
+ _gnutls_hash (&td, ret, block);
+
+ _gnutls_hash_deinit (&td, digest);
+
+ return;
+}
+
+void
+_gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle,
+ void *digest, opaque * key,
+ uint32_t key_size)
+{
+ opaque ret[MAX_HASH_SIZE];
+ digest_hd_st td;
+ opaque opad[48];
+ opaque ipad[48];
+ int padsize;
+ int block, rc;
+
+ padsize = get_padsize (handle->algorithm);
+ if (padsize == 0)
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ memset (opad, 0x5C, padsize);
+ memset (ipad, 0x36, padsize);
+
+ rc = _gnutls_hash_init (&td, handle->algorithm);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ if (key_size > 0)
+ _gnutls_hash (&td, key, key_size);
+
+ _gnutls_hash (&td, opad, padsize);
+ block = _gnutls_hmac_get_algo_len (handle->algorithm);
+
+ if (key_size > 0)
+ _gnutls_hash (handle, key, key_size);
+ _gnutls_hash (handle, ipad, padsize);
+ _gnutls_hash_deinit (handle, ret); /* get the previous hash */
+
+ _gnutls_hash (&td, ret, block);
+
+ _gnutls_hash_deinit (&td, digest);
+
+ return;
+}
+
+static int
+ssl3_sha (int i, opaque * secret, int secret_len,
+ opaque * rnd, int rnd_len, void *digest)
+{
+ int j, ret;
+ opaque text1[26];
+
+ digest_hd_st td;
+
+ for (j = 0; j < i + 1; j++)
+ {
+ text1[j] = 65 + i; /* A==65 */
+ }
+
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&td, text1, i + 1);
+ _gnutls_hash (&td, secret, secret_len);
+ _gnutls_hash (&td, rnd, rnd_len);
+
+ _gnutls_hash_deinit (&td, digest);
+ return 0;
+}
+
+static int
+ssl3_md5 (int i, opaque * secret, int secret_len,
+ opaque * rnd, int rnd_len, void *digest)
+{
+ opaque tmp[MAX_HASH_SIZE];
+ digest_hd_st td;
+ int ret;
+
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&td, secret, secret_len);
+
+ ret = ssl3_sha (i, secret, secret_len, rnd, rnd_len, tmp);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&td, digest);
+ return ret;
+ }
+
+ _gnutls_hash (&td, tmp, _gnutls_hash_get_algo_len (GNUTLS_MAC_SHA1));
+
+ _gnutls_hash_deinit (&td, digest);
+ return 0;
+}
+
+int
+_gnutls_ssl3_hash_md5 (const void *first, int first_len,
+ const void *second, int second_len,
+ int ret_len, opaque * ret)
+{
+ opaque digest[MAX_HASH_SIZE];
+ digest_hd_st td;
+ int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5);
+ int rc;
+
+ rc = _gnutls_hash_init (&td, GNUTLS_MAC_MD5);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ _gnutls_hash (&td, first, first_len);
+ _gnutls_hash (&td, second, second_len);
+
+ _gnutls_hash_deinit (&td, digest);
+
+ if (ret_len > block)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ memcpy (ret, digest, ret_len);
+
+ return 0;
+
+}
+
+int
+_gnutls_ssl3_generate_random (void *secret, int secret_len,
+ void *rnd, int rnd_len,
+ int ret_bytes, opaque * ret)
+{
+ int i = 0, copy, output_bytes;
+ opaque digest[MAX_HASH_SIZE];
+ int block = _gnutls_hash_get_algo_len (GNUTLS_MAC_MD5);
+ int result, times;
+
+ output_bytes = 0;
+ do
+ {
+ output_bytes += block;
+ }
+ while (output_bytes < ret_bytes);
+
+ times = output_bytes / block;
+
+ for (i = 0; i < times; i++)
+ {
+
+ result = ssl3_md5 (i, secret, secret_len, rnd, rnd_len, digest);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if ((1 + i) * block < ret_bytes)
+ {
+ copy = block;
+ }
+ else
+ {
+ copy = ret_bytes - (i) * block;
+ }
+
+ memcpy (&ret[i * block], digest, copy);
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_HASH_INT_H
+#define GNUTLS_HASH_INT_H
+
+#include <gnutls_int.h>
+#include <gnutls/crypto.h>
+#include <crypto.h>
+
+/* for message digests */
+
+extern int crypto_mac_prio;
+extern gnutls_crypto_mac_st _gnutls_mac_ops;
+
+extern int crypto_digest_prio;
+extern gnutls_crypto_digest_st _gnutls_digest_ops;
+
+typedef int (*hash_func) (void *handle, const void *text, size_t size);
+typedef int (*copy_func) (void **dst_ctx, void *src_ctx);
+typedef int (*output_func) (void *src_ctx, void *digest, size_t digestsize);
+typedef void (*deinit_func) (void *handle);
+
+typedef struct
+{
+ gnutls_mac_algorithm_t algorithm;
+ const void *key;
+ int keysize;
+
+ hash_func hash;
+ copy_func copy;
+ output_func output;
+ deinit_func deinit;
+
+ void *handle;
+} digest_hd_st;
+
+/* basic functions */
+int _gnutls_hmac_init (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
+ const void *key, int keylen);
+int _gnutls_hmac_get_algo_len (gnutls_mac_algorithm_t algorithm);
+int _gnutls_hmac (digest_hd_st * handle, const void *text, size_t textlen);
+
+int _gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
+ int keylen, const void *text, size_t textlen,
+ void *digest);
+
+void _gnutls_hmac_deinit (digest_hd_st * handle, void *digest);
+void _gnutls_hmac_output (digest_hd_st * handle, void *digest);
+
+int _gnutls_hash_init (digest_hd_st *, gnutls_digest_algorithm_t algorithm);
+int _gnutls_hash_get_algo_len (gnutls_digest_algorithm_t algorithm);
+int _gnutls_hash (digest_hd_st * handle, const void *text, size_t textlen);
+void _gnutls_hash_deinit (digest_hd_st * handle, void *digest);
+void _gnutls_hash_output (digest_hd_st * handle, void *digest);
+
+int
+_gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest);
+
+/* help functions */
+int _gnutls_mac_init_ssl3 (digest_hd_st *, gnutls_mac_algorithm_t algorithm,
+ void *key, int keylen);
+void _gnutls_mac_deinit_ssl3 (digest_hd_st * handle, void *digest);
+
+int _gnutls_ssl3_generate_random (void *secret, int secret_len,
+ void *rnd, int random_len, int bytes,
+ opaque * ret);
+int _gnutls_ssl3_hash_md5 (const void *first, int first_len,
+ const void *second, int second_len,
+ int ret_len, opaque * ret);
+
+void _gnutls_mac_deinit_ssl3_handshake (digest_hd_st * handle, void *digest,
+ opaque * key, uint32_t key_size);
+
+int _gnutls_hash_copy (digest_hd_st * dst_handle, digest_hd_st * src_handle);
+
+#endif /* GNUTLS_HASH_INT_H */
--- /dev/null
+/*
+ * Copyright (C) 2005, 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_helper.h>
+
+int
+_gnutls_file_exists (const char *file)
+{
+ FILE *fd;
+
+ fd = fopen (file, "r");
+ if (fd == NULL)
+ return -1;
+
+ fclose (fd);
+ return 0;
+}
--- /dev/null
+int _gnutls_file_exists (const char *file);
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_INT_H
+#define GNUTLS_INT_H
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stddef.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <limits.h>
+#include <stdint.h>
+
+#ifdef NO_SSIZE_T
+#define HAVE_SSIZE_T
+typedef int ssize_t;
+#endif
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <sys/socket.h>
+#include <time.h>
+
+/* some systems had problems with long long int, thus,
+ * it is not used.
+ */
+typedef struct
+{
+ unsigned char i[8];
+} uint64;
+
+#include <gnutls/gnutls.h>
+
+/*
+ * They are not needed any more. You can simply enable
+ * the gnutls_log callback to get error descriptions.
+
+#define BUFFERS_DEBUG
+#define WRITE_DEBUG
+#define READ_DEBUG
+#define HANDSHAKE_DEBUG // Prints some information on handshake
+#define COMPRESSION_DEBUG
+#define DEBUG
+*/
+
+/* The size of a handshake message should not
+ * be larger than this value.
+ */
+#define MAX_HANDSHAKE_PACKET_SIZE 48*1024
+
+#define TLS_MAX_SESSION_ID_SIZE 32
+
+/* The maximum digest size of hash algorithms.
+ */
+#define MAX_HASH_SIZE 64
+#define MAX_CIPHER_BLOCK_SIZE 16
+#define MAX_CIPHER_KEY_SIZE 32
+
+#define MAX_USERNAME_SIZE 128
+#define MAX_SERVER_NAME_SIZE 128
+
+#define SESSION_TICKET_KEY_NAME_SIZE 16
+#define SESSION_TICKET_KEY_SIZE 16
+#define SESSION_TICKET_IV_SIZE 16
+#define SESSION_TICKET_MAC_SECRET_SIZE 32
+
+/* we can receive up to MAX_EXT_TYPES extensions.
+ */
+#define MAX_EXT_TYPES 32
+
+/* The initial size of the receive
+ * buffer size. This will grow if larger
+ * packets are received.
+ */
+#define INITIAL_RECV_BUFFER_SIZE 256
+
+/* the default for TCP */
+#define DEFAULT_LOWAT 0
+
+/* expire time for resuming sessions */
+#define DEFAULT_EXPIRE_TIME 3600
+
+/* the maximum size of encrypted packets */
+#define DEFAULT_MAX_RECORD_SIZE 16384
+#define RECORD_HEADER_SIZE 5
+#define MAX_RECORD_SEND_SIZE (size_t)session->security_parameters.max_record_send_size
+#define MAX_RECORD_RECV_SIZE (size_t)session->security_parameters.max_record_recv_size
+#define MAX_PAD_SIZE 255
+#define EXTRA_COMP_SIZE 2048
+#define MAX_RECORD_OVERHEAD (MAX_CIPHER_BLOCK_SIZE/*iv*/+MAX_PAD_SIZE+EXTRA_COMP_SIZE)
+#define MAX_RECV_SIZE (MAX_RECORD_OVERHEAD+MAX_RECORD_RECV_SIZE+RECORD_HEADER_SIZE)
+
+#define HANDSHAKE_HEADER_SIZE 4
+
+/* defaults for verification functions
+ */
+#define DEFAULT_VERIFY_DEPTH 32
+#define DEFAULT_VERIFY_BITS 16*1024
+
+#include <gnutls_mem.h>
+
+#define MEMSUB(x,y) ((ssize_t)((ptrdiff_t)x-(ptrdiff_t)y))
+
+#define DECR_LEN(len, x) do { len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} } while (0)
+#define DECR_LENGTH_RET(len, x, RET) do { len-=x; if (len<0) {gnutls_assert(); return RET;} } while (0)
+#define DECR_LENGTH_COM(len, x, COM) do { len-=x; if (len<0) {gnutls_assert(); COM;} } while (0)
+
+#define HASH2MAC(x) ((gnutls_mac_algorithm_t)x)
+
+#define GNUTLS_POINTER_TO_INT(_) ((int) GNUTLS_POINTER_TO_INT_CAST (_))
+#define GNUTLS_INT_TO_POINTER(_) ((void*) GNUTLS_POINTER_TO_INT_CAST (_))
+
+typedef unsigned char opaque;
+typedef struct
+{
+ opaque pint[3];
+} uint24;
+
+#include <gnutls_mpi.h>
+
+typedef enum change_cipher_spec_t
+{ GNUTLS_TYPE_CHANGE_CIPHER_SPEC = 1
+} change_cipher_spec_t;
+
+typedef enum handshake_state_t
+{ STATE0 = 0, STATE1, STATE2,
+ STATE3, STATE4, STATE5,
+ STATE6, STATE7, STATE8, STATE9, STATE20 = 20, STATE21, STATE22,
+ STATE30 = 30, STATE31, STATE40 = 40, STATE41, STATE50 = 50,
+ STATE60 = 60, STATE61, STATE62, STATE70, STATE71
+} handshake_state_t;
+
+#include <gnutls_str.h>
+
+/* This is the maximum number of algorithms (ciphers or macs etc).
+ * keep it synced with GNUTLS_MAX_ALGORITHM_NUM in gnutls.h
+ */
+#define MAX_ALGOS 16
+
+#define MAX_CIPHERSUITES 256
+
+typedef enum extensions_t
+{
+ GNUTLS_EXTENSION_SERVER_NAME = 0,
+ GNUTLS_EXTENSION_MAX_RECORD_SIZE = 1,
+ GNUTLS_EXTENSION_CERT_TYPE = 9,
+ GNUTLS_EXTENSION_SRP = 12,
+ GNUTLS_EXTENSION_SIGNATURE_ALGORITHMS = 13,
+ GNUTLS_EXTENSION_SESSION_TICKET = 35,
+ GNUTLS_EXTENSION_INNER_APPLICATION = 37703,
+ GNUTLS_EXTENSION_SAFE_RENEGOTIATION = 65281 /* aka: 0xff01 */
+} extensions_t;
+
+typedef enum
+{ CIPHER_STREAM, CIPHER_BLOCK } cipher_type_t;
+
+#define RESUME_TRUE 0
+#define RESUME_FALSE -1
+
+/* Record Protocol */
+typedef enum content_type_t
+{
+ GNUTLS_CHANGE_CIPHER_SPEC = 20, GNUTLS_ALERT,
+ GNUTLS_HANDSHAKE, GNUTLS_APPLICATION_DATA,
+ GNUTLS_INNER_APPLICATION = 24
+} content_type_t;
+
+#define GNUTLS_PK_ANY (gnutls_pk_algorithm_t)-1
+#define GNUTLS_PK_NONE (gnutls_pk_algorithm_t)-2
+
+/* Message buffers (mbuffers) structures */
+
+typedef struct mbuffer_st
+{
+ struct mbuffer_st *next;
+
+ gnutls_datum_t msg;
+ /* msg->size - mark = number of bytes left to process in this
+ message. Mark should only be non-zero when this buffer is the
+ head of the queue. */
+ size_t mark;
+ unsigned int user_mark; /* only used during fill in */
+ size_t maximum_size;
+} mbuffer_st;
+
+typedef struct mbuffer_head_st
+{
+ mbuffer_st *head;
+ mbuffer_st **tail;
+
+ unsigned int length;
+ size_t byte_length;
+} mbuffer_head_st;
+
+typedef enum
+{
+ HANDSHAKE_MAC_TYPE_10 = 1, /* TLS 1.0 style */
+ HANDSHAKE_MAC_TYPE_12 /* TLS 1.2 style */
+} handshake_mac_type_t;
+
+/* Store & Retrieve functions defines:
+ */
+
+typedef struct auth_cred_st
+{
+ gnutls_credentials_type_t algorithm;
+
+ /* the type of credentials depends on algorithm
+ */
+ void *credentials;
+ struct auth_cred_st *next;
+} auth_cred_st;
+
+struct gnutls_key_st
+{
+ /* For DH KX */
+ gnutls_datum_t key;
+ bigint_t KEY;
+ bigint_t client_Y;
+ bigint_t client_g;
+ bigint_t client_p;
+ bigint_t dh_secret;
+ /* for SRP */
+ bigint_t A;
+ bigint_t B;
+ bigint_t u;
+ bigint_t b;
+ bigint_t a;
+ bigint_t x;
+ /* RSA: e, m
+ */
+ bigint_t rsa[2];
+
+ /* this is used to hold the peers authentication data
+ */
+ /* auth_info_t structures SHOULD NOT contain malloced
+ * elements. Check gnutls_session_pack.c, and gnutls_auth.c.
+ * Rememember that this should be calloced!
+ */
+ void *auth_info;
+ gnutls_credentials_type_t auth_info_type;
+ int auth_info_size; /* needed in order to store to db for restoring
+ */
+ uint8_t crypt_algo;
+
+ auth_cred_st *cred; /* used to specify keys/certificates etc */
+
+ int certificate_requested;
+ /* some ciphersuites use this
+ * to provide client authentication.
+ * 1 if client auth was requested
+ * by the peer, 0 otherwise
+ *** In case of a server this
+ * holds 1 if we should wait
+ * for a client certificate verify
+ */
+};
+typedef struct gnutls_key_st *gnutls_key_st;
+
+
+struct record_state_st;
+typedef struct record_state_st record_state_st;
+
+struct record_parameters_st;
+typedef struct record_parameters_st record_parameters_st;
+
+/* STATE (cont) */
+
+#include <gnutls_hash_int.h>
+#include <gnutls_cipher_int.h>
+#include <gnutls_compress.h>
+#include <gnutls_cert.h>
+
+typedef struct
+{
+ uint8_t suite[2];
+} cipher_suite_st;
+
+typedef struct
+{
+ uint8_t hash_algorithm;
+ uint8_t sign_algorithm; /* pk algorithm actually */
+} sign_algorithm_st;
+
+/* This structure holds parameters got from TLS extension
+ * mechanism. (some extensions may hold parameters in auth_info_t
+ * structures also - see SRP).
+ */
+
+#define MAX_SIGNATURE_ALGORITHMS 16
+
+#define MAX_VERIFY_DATA_SIZE 36 /* in SSL 3.0, 12 in TLS 1.0 */
+
+/* auth_info_t structures now MAY contain malloced
+ * elements.
+ */
+
+/* This structure and auth_info_t, are stored in the resume database,
+ * and are restored, in case of resume.
+ * Holds all the required parameters to resume the current
+ * session.
+ */
+
+/* if you add anything in Security_Parameters struct, then
+ * also modify CPY_COMMON in gnutls_constate.c.
+ */
+
+/* Note that the security parameters structure is set up after the
+ * handshake has finished. The only value you may depend on while
+ * the handshake is in progress is the cipher suite value.
+ */
+typedef struct
+{
+ gnutls_connection_end_t entity;
+ gnutls_kx_algorithm_t kx_algorithm;
+ handshake_mac_type_t handshake_mac_handle_type; /* one of HANDSHAKE_TYPE_10 and HANDSHAKE_TYPE_12 */
+
+ /* The epoch used to read and write */
+ uint16_t epoch_read;
+ uint16_t epoch_write;
+
+ /* The epoch that the next handshake will initialize. */
+ uint16_t epoch_next;
+
+ /* The epoch at index 0 of record_parameters. */
+ uint16_t epoch_min;
+
+ /* this is the ciphersuite we are going to use
+ * moved here from internals in order to be restored
+ * on resume;
+ */
+ cipher_suite_st current_cipher_suite;
+ opaque master_secret[GNUTLS_MASTER_SIZE];
+ opaque client_random[GNUTLS_RANDOM_SIZE];
+ opaque server_random[GNUTLS_RANDOM_SIZE];
+ opaque session_id[TLS_MAX_SESSION_ID_SIZE];
+ uint8_t session_id_size;
+ time_t timestamp;
+
+ /* The send size is the one requested by the programmer.
+ * The recv size is the one negotiated with the peer.
+ */
+ uint16_t max_record_send_size;
+ uint16_t max_record_recv_size;
+ /* holds the negotiated certificate type */
+ gnutls_certificate_type_t cert_type;
+ gnutls_protocol_t version; /* moved here */
+
+ /* FIXME: The following are not saved in the session storage
+ * for session resumption.
+ */
+
+ /* Used by extensions that enable supplemental data: Which ones
+ * do that? Do they belong in security parameters?
+ */
+ int do_recv_supplemental, do_send_supplemental;
+} security_parameters_st;
+
+struct record_state_st
+{
+ gnutls_datum_t mac_secret;
+ gnutls_datum_t IV;
+ gnutls_datum_t key;
+ cipher_hd_st cipher_state;
+ comp_hd_t compression_state;
+ uint64 sequence_number;
+};
+
+/* These are used to resolve relative epochs. These values are just
+ outside the 16 bit range to prevent off-by-one errors. An absolute
+ epoch may be referred to by its numeric id in the range
+ 0x0000-0xffff. */
+#define EPOCH_READ_CURRENT 70000
+#define EPOCH_WRITE_CURRENT 70001
+#define EPOCH_NEXT 70002
+
+struct record_parameters_st
+{
+ uint16_t epoch;
+ int initialized;
+
+ gnutls_cipher_algorithm_t cipher_algorithm;
+ gnutls_mac_algorithm_t mac_algorithm;
+ gnutls_compression_method_t compression_algorithm;
+
+ record_state_st read;
+ record_state_st write;
+};
+
+typedef struct
+{
+ unsigned int priority[MAX_ALGOS];
+ unsigned int algorithms;
+} priority_st;
+
+typedef enum
+{
+ SR_DISABLED,
+ SR_UNSAFE,
+ SR_PARTIAL,
+ SR_SAFE
+} safe_renegotiation_t;
+
+/* For the external api */
+struct gnutls_priority_st
+{
+ priority_st cipher;
+ priority_st mac;
+ priority_st kx;
+ priority_st compression;
+ priority_st protocol;
+ priority_st cert_type;
+ priority_st sign_algo;
+
+ /* to disable record padding */
+ int no_padding:1;
+ int allow_large_records:1;
+ safe_renegotiation_t sr;
+ int ssl3_record_version:1;
+ int additional_verify_flags;
+};
+
+
+/* DH and RSA parameters types.
+ */
+typedef struct gnutls_dh_params_int
+{
+ /* [0] is the prime, [1] is the generator.
+ */
+ bigint_t params[2];
+} dh_params_st;
+
+typedef struct
+{
+ gnutls_dh_params_t dh_params;
+ int free_dh_params;
+ gnutls_rsa_params_t rsa_params;
+ int free_rsa_params;
+} internal_params_st;
+
+
+
+typedef struct
+{
+ opaque header[HANDSHAKE_HEADER_SIZE];
+ /* this holds the number of bytes in the handshake_header[] */
+ size_t header_size;
+ /* this holds the length of the handshake packet */
+ size_t packet_length;
+ gnutls_handshake_description_t recv_type;
+} handshake_header_buffer_st;
+
+typedef union
+{
+ void *ptr;
+ uint32_t num;
+} extension_priv_data_t;
+
+typedef struct
+{
+ gnutls_buffer_st application_data_buffer; /* holds data to be delivered to application layer */
+ gnutls_buffer_st handshake_hash_buffer; /* used to keep the last received handshake
+ * message */
+ union
+ {
+ struct
+ {
+ digest_hd_st sha; /* hash of the handshake messages */
+ digest_hd_st md5; /* hash of the handshake messages */
+ } tls10;
+ struct
+ {
+ digest_hd_st sha1; /* hash of the handshake messages for TLS 1.2+ */
+ digest_hd_st sha256; /* hash of the handshake messages for TLS 1.2+ */
+ } tls12;
+ } handshake_mac_handle;
+ int handshake_mac_handle_init; /* 1 when the previous union and type were initialized */
+
+ gnutls_buffer_st handshake_data_buffer; /* this is a buffer that holds the current handshake message */
+ gnutls_buffer_st ia_data_buffer; /* holds inner application data (TLS/IA) */
+ int resumable:1; /* TRUE or FALSE - if we can resume that session */
+ handshake_state_t handshake_state; /* holds
+ * a number which indicates where
+ * the handshake procedure has been
+ * interrupted. If it is 0 then
+ * no interruption has happened.
+ */
+
+ int invalid_connection:1; /* true or FALSE - if this session is valid */
+
+ int may_not_read:1; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
+ */
+ int may_not_write:1;
+ int read_eof:1; /* non-zero if we have received a closure alert. */
+
+ int last_alert; /* last alert received */
+
+ /* The last handshake messages sent or received.
+ */
+ int last_handshake_in;
+ int last_handshake_out;
+
+ /* this is the compression method we are going to use */
+ gnutls_compression_method_t compression_method;
+
+ /* priorities */
+ struct gnutls_priority_st priorities;
+
+ /* resumed session */
+ int resumed:1; /* RESUME_TRUE or FALSE - if we are resuming a session */
+ security_parameters_st resumed_security_parameters;
+ gnutls_compression_method_t resumed_compression_method;
+
+ /* sockets internals */
+ int lowat;
+
+ /* These buffers are used in the handshake
+ * protocol only. freed using _gnutls_handshake_io_buffer_clear();
+ */
+ mbuffer_head_st handshake_send_buffer;
+ gnutls_handshake_description_t handshake_send_buffer_htype;
+ content_type_t handshake_recv_buffer_type;
+ gnutls_handshake_description_t handshake_recv_buffer_htype;
+ gnutls_buffer_st handshake_recv_buffer;
+
+ /* this buffer holds a record packet -mostly used for
+ * non blocking IO.
+ */
+ mbuffer_head_st record_recv_buffer;
+ mbuffer_head_st record_send_buffer; /* holds cached data
+ * for the gnutls_io_write_buffered()
+ * function.
+ */
+ size_t record_send_buffer_user_size; /* holds the
+ * size of the user specified data to
+ * send.
+ */
+
+
+ /* 0 if no peeked data was kept, 1 otherwise.
+ */
+ int have_peeked_data:1;
+
+ int expire_time; /* after expire_time seconds this session will expire */
+ struct mod_auth_st_int *auth_struct; /* used in handshake packets and KX algorithms */
+ int v2_hello; /* 0 if the client hello is v3+.
+ * non-zero if we got a v2 hello.
+ */
+ /* keeps the headers of the handshake packet
+ */
+ handshake_header_buffer_st handshake_header_buffer;
+
+ /* this is the highest version available
+ * to the peer. (advertized version).
+ * This is obtained by the Handshake Client Hello
+ * message. (some implementations read the Record version)
+ */
+ uint8_t adv_version_major;
+ uint8_t adv_version_minor;
+
+ /* if this is non zero a certificate request message
+ * will be sent to the client. - only if the ciphersuite
+ * supports it.
+ */
+ int send_cert_req;
+
+ /* bits to use for DHE and DHA
+ * use _gnutls_dh_get_prime_bits() and gnutls_dh_set_prime_bits()
+ * to access it.
+ */
+ uint16_t dh_prime_bits;
+
+ size_t max_handshake_data_buffer_size;
+
+ /* PUSH & PULL functions.
+ */
+ gnutls_pull_func pull_func;
+ gnutls_push_func push_func;
+ gnutls_vec_push_func vec_push_func;
+ gnutls_errno_func errno_func;
+ /* Holds the first argument of PUSH and PULL
+ * functions;
+ */
+ gnutls_transport_ptr_t transport_recv_ptr;
+ gnutls_transport_ptr_t transport_send_ptr;
+
+ /* STORE & RETRIEVE functions. Only used if other
+ * backend than gdbm is used.
+ */
+ gnutls_db_store_func db_store_func;
+ gnutls_db_retr_func db_retrieve_func;
+ gnutls_db_remove_func db_remove_func;
+ void *db_ptr;
+
+ /* post client hello callback (server side only)
+ */
+ gnutls_handshake_post_client_hello_func user_hello_func;
+
+ /* holds the selected certificate and key.
+ * use _gnutls_selected_certs_deinit() and _gnutls_selected_certs_set()
+ * to change them.
+ */
+ gnutls_cert *selected_cert_list;
+ int selected_cert_list_length;
+ struct gnutls_privkey_st *selected_key;
+ int selected_need_free:1;
+
+ /* holds the extensions we sent to the peer
+ * (in case of a client)
+ */
+ uint16_t extensions_sent[MAX_EXT_TYPES];
+ uint16_t extensions_sent_size;
+
+ /* is 0 if we are to send the whole PGP key, or non zero
+ * if the fingerprint is to be sent.
+ */
+ int pgp_fingerprint;
+
+ /* This holds the default version that our first
+ * record packet will have. */
+ opaque default_record_version[2];
+
+ void *user_ptr;
+
+ int enable_private; /* non zero to
+ * enable cipher suites
+ * which have 0xFF status.
+ */
+
+ /* Holds 0 if the last called function was interrupted while
+ * receiving, and non zero otherwise.
+ */
+ int direction;
+
+ /* This callback will be used (if set) to receive an
+ * openpgp key. (if the peer sends a fingerprint)
+ */
+ gnutls_openpgp_recv_key_func openpgp_recv_key_func;
+
+ /* If non zero the server will not advertize the CA's he
+ * trusts (do not send an RDN sequence).
+ */
+ int ignore_rdn_sequence;
+
+ /* This is used to set an arbitary version in the RSA
+ * PMS secret. Can be used by clients to test whether the
+ * server checks that version. (** only used in gnutls-cli-debug)
+ */
+ opaque rsa_pms_version[2];
+
+ /* Here we cache the DH or RSA parameters got from the
+ * credentials structure, or from a callback. That is to
+ * minimize external calls.
+ */
+ internal_params_st params;
+
+ /* This buffer is used by the record recv functions,
+ * as a temporary store buffer.
+ */
+ gnutls_datum_t recv_buffer;
+
+ /* To avoid using global variables, and especially on Windows where
+ * the application may use a different errno variable than GnuTLS,
+ * it is possible to use gnutls_transport_set_errno to set a
+ * session-specific errno variable in the user-replaceable push/pull
+ * functions. This value is used by the send/recv functions. (The
+ * strange name of this variable is because 'errno' is typically
+ * #define'd.)
+ */
+ int errnum;
+
+ /* Function used to perform public-key signing operation during
+ handshake. Used by gnutls_sig.c:_gnutls_tls_sign(), see also
+ gnutls_sign_callback_set(). */
+ gnutls_sign_func sign_func;
+ void *sign_func_userdata;
+
+ /* Callback to extract TLS Finished message. */
+ gnutls_finished_callback_func finished_func;
+
+ /* minimum bits to allow for SRP
+ * use gnutls_srp_set_prime_bits() to adjust it.
+ */
+ uint16_t srp_prime_bits;
+
+ int initial_negotiation_completed:1;
+
+ struct
+ {
+ uint16_t type;
+ extension_priv_data_t priv;
+ int set:1;
+ } extension_int_data[MAX_EXT_TYPES];
+
+ struct
+ {
+ uint16_t type;
+ extension_priv_data_t priv;
+ int set:1;
+ } resumed_extension_int_data[MAX_EXT_TYPES];
+
+ unsigned int cb_tls_unique_len;
+ unsigned char cb_tls_unique[MAX_VERIFY_DATA_SIZE];
+
+ /* If you add anything here, check _gnutls_handshake_internal_state_clear().
+ */
+} internals_st;
+
+/* Maximum number of epochs we keep around. */
+#define MAX_EPOCH_INDEX 16
+
+struct gnutls_session_int
+{
+ security_parameters_st security_parameters;
+ record_parameters_st *record_parameters[MAX_EPOCH_INDEX];
+ internals_st internals;
+ gnutls_key_st key;
+};
+
+
+
+/* functions
+ */
+void _gnutls_set_current_version (gnutls_session_t session,
+ gnutls_protocol_t version);
+void _gnutls_free_auth_info (gnutls_session_t session);
+
+/* These two macros return the advertized TLS version of
+ * the peer.
+ */
+#define _gnutls_get_adv_version_major( session) \
+ session->internals.adv_version_major
+
+#define _gnutls_get_adv_version_minor( session) \
+ session->internals.adv_version_minor
+
+#define set_adv_version( session, major, minor) \
+ session->internals.adv_version_major = major; \
+ session->internals.adv_version_minor = minor
+
+void _gnutls_set_adv_version (gnutls_session_t, gnutls_protocol_t);
+gnutls_protocol_t _gnutls_get_adv_version (gnutls_session_t);
+
+int _gnutls_is_secure_mem_null (const void *);
+
+#endif /* GNUTLS_INT_H */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2004, 2005, 2006, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains functions which are wrappers for the key exchange
+ * part of TLS. They are called by the handshake functions (gnutls_handshake)
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_handshake.h"
+#include "gnutls_kx.h"
+#include "gnutls_dh.h"
+#include "gnutls_errors.h"
+#include "gnutls_algorithms.h"
+#include "debug.h"
+#include "gnutls_mpi.h"
+#include <gnutls_state.h>
+#include <gnutls_datum.h>
+#include <gnutls_rsa_export.h>
+#include <gnutls_mbuffers.h>
+
+#if 0 // Remove GPL code
+#include "../libextra/ext_inner_application.h" /* isn't this too much? */
+#else
+#include <gnutls_extensions.h>
+
+typedef struct
+{
+ unsigned int flag;
+ opaque opaque_inner_secret[GNUTLS_MASTER_SIZE];
+} ia_extension_st;
+#endif
+
+/* This is a temporary function to be used before the generate_*
+ internal API is changed to use mbuffers. For now we don't avoid the
+ extra alloc + memcpy. */
+static inline int
+send_handshake (gnutls_session_t session, opaque * data, size_t size,
+ gnutls_handshake_description_t type)
+{
+ mbuffer_st *bufel;
+
+ if (data == NULL && size == 0)
+ return _gnutls_send_handshake (session, NULL, type);
+
+ if (data == NULL && size > 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bufel = _gnutls_handshake_alloc (size, size);
+ if (bufel == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _mbuffer_set_udata (bufel, data, size);
+
+ return _gnutls_send_handshake (session, bufel, type);
+}
+
+
+/* This file contains important thing for the TLS handshake procedure.
+ */
+
+#define MASTER_SECRET "master secret"
+static int generate_normal_master (gnutls_session_t session, int);
+
+int
+_gnutls_generate_master (gnutls_session_t session, int keep_premaster)
+{
+ if (session->internals.resumed == RESUME_FALSE)
+ return generate_normal_master (session, keep_premaster);
+ return 0;
+}
+
+/* here we generate the TLS Master secret.
+ */
+#define PREMASTER session->key->key
+static int
+generate_normal_master (gnutls_session_t session, int keep_premaster)
+{
+ int ret = 0;
+ char buf[512];
+
+ _gnutls_hard_log ("INT: PREMASTER SECRET[%d]: %s\n", PREMASTER.size,
+ _gnutls_bin2hex (PREMASTER.data, PREMASTER.size, buf,
+ sizeof (buf), NULL));
+ _gnutls_hard_log ("INT: CLIENT RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex (session->
+ security_parameters.client_random, 32,
+ buf, sizeof (buf), NULL));
+ _gnutls_hard_log ("INT: SERVER RANDOM[%d]: %s\n", 32,
+ _gnutls_bin2hex (session->
+ security_parameters.server_random, 32,
+ buf, sizeof (buf), NULL));
+
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3)
+ {
+ opaque rnd[2 * GNUTLS_RANDOM_SIZE + 1];
+
+ memcpy (rnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy (&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+
+ ret =
+ _gnutls_ssl3_generate_random (PREMASTER.data, PREMASTER.size,
+ rnd, 2 * GNUTLS_RANDOM_SIZE,
+ GNUTLS_MASTER_SIZE,
+ session->
+ security_parameters.master_secret);
+
+ }
+ else
+ {
+ opaque rnd[2 * GNUTLS_RANDOM_SIZE + 1];
+
+ memcpy (rnd, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ memcpy (&rnd[GNUTLS_RANDOM_SIZE],
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+
+ ret =
+ _gnutls_PRF (session, PREMASTER.data, PREMASTER.size,
+ MASTER_SECRET, strlen (MASTER_SECRET),
+ rnd, 2 * GNUTLS_RANDOM_SIZE, GNUTLS_MASTER_SIZE,
+ session->security_parameters.master_secret);
+ }
+
+ /* TLS/IA inner secret is derived from the master secret. */
+#if 0 // Remove GPL code
+ _gnutls_ia_derive_inner_secret (session);
+#else
+ {
+ extension_priv_data_t ext_private;
+
+ if (_gnutls_ext_get_session_data (session, GNUTLS_EXTENSION_INNER_APPLICATION, &ext_private) >= 0)
+ {
+ ia_extension_st *private;
+ private = ext_private.ptr;
+ memcpy (private->opaque_inner_secret, session->security_parameters.master_secret, GNUTLS_MASTER_SIZE);
+ }
+ }
+#endif
+
+ if (!keep_premaster)
+ _gnutls_free_datum (&PREMASTER);
+
+ if (ret < 0)
+ return ret;
+
+ _gnutls_hard_log ("INT: MASTER SECRET: %s\n",
+ _gnutls_bin2hex (session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE, buf, sizeof (buf),
+ NULL));
+
+ return ret;
+}
+
+
+/* This is called when we want to receive the key exchange message of the
+ * server. It does nothing if this type of message is not required
+ * by the selected ciphersuite.
+ */
+int
+_gnutls_send_server_kx_message (gnutls_session_t session, int again)
+{
+ uint8_t *data = NULL;
+ int data_size = 0;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_generate_server_kx == NULL)
+ return 0;
+
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0)
+ {
+ data_size =
+ session->internals.auth_struct->gnutls_generate_server_kx (session,
+ &data);
+
+ if (data_size == GNUTLS_E_INT_RET_0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ if (data_size < 0)
+ {
+ gnutls_assert ();
+ return data_size;
+ }
+ }
+
+ ret = send_handshake (session, data, data_size,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE);
+ gnutls_free (data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return data_size;
+}
+
+/* This function sends a certificate request message to the
+ * client.
+ */
+int
+_gnutls_send_server_certificate_request (gnutls_session_t session, int again)
+{
+ uint8_t *data = NULL;
+ int data_size = 0;
+ int ret = 0;
+
+ if (session->internals.
+ auth_struct->gnutls_generate_server_certificate_request == NULL)
+ return 0;
+
+ if (session->internals.send_cert_req <= 0)
+ return 0;
+
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0)
+ {
+ data_size =
+ session->internals.
+ auth_struct->gnutls_generate_server_certificate_request (session,
+ &data);
+
+ if (data_size < 0)
+ {
+ gnutls_assert ();
+ return data_size;
+ }
+ }
+ ret = send_handshake (session, data, data_size,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST);
+ gnutls_free (data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return data_size;
+}
+
+
+/* This is the function for the client to send the key
+ * exchange message
+ */
+int
+_gnutls_send_client_kx_message (gnutls_session_t session, int again)
+{
+ uint8_t *data;
+ int data_size;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_generate_client_kx == NULL)
+ return 0;
+
+
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0)
+ {
+ data_size =
+ session->internals.auth_struct->gnutls_generate_client_kx (session,
+ &data);
+ if (data_size < 0)
+ {
+ gnutls_assert ();
+ return data_size;
+ }
+ }
+ ret = send_handshake (session, data, data_size,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE);
+ gnutls_free (data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+}
+
+
+/* This is the function for the client to send the certificate
+ * verify message
+ */
+int
+_gnutls_send_client_certificate_verify (gnutls_session_t session, int again)
+{
+ uint8_t *data;
+ int ret = 0;
+ int data_size;
+
+ /* This is a packet that is only sent by the client
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ return 0;
+
+ /* if certificate verify is not needed just exit
+ */
+ if (session->key->certificate_requested == 0)
+ return 0;
+
+ if (session->internals.auth_struct->gnutls_generate_client_cert_vrfy ==
+ NULL)
+ {
+ gnutls_assert ();
+ return 0; /* this algorithm does not support cli_cert_vrfy
+ */
+ }
+
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0)
+ {
+ data_size =
+ session->internals.
+ auth_struct->gnutls_generate_client_cert_vrfy (session, &data);
+ if (data_size < 0)
+ {
+ gnutls_assert ();
+ return data_size;
+ }
+ if (data_size == 0)
+ return 0;
+
+ }
+ ret = send_handshake (session, data, data_size,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY);
+ gnutls_free (data);
+
+ return ret;
+}
+
+
+int
+_gnutls_recv_server_kx_message (gnutls_session_t session)
+{
+ uint8_t *data = NULL;
+ int datasize;
+ int ret = 0;
+ Optional optflag = MANDATORY_PACKET;
+
+ if (session->internals.auth_struct->gnutls_process_server_kx != NULL)
+ {
+
+ /* EXCEPTION FOR RSA_EXPORT cipher suite
+ */
+ if (_gnutls_session_is_export (session) != 0 &&
+ _gnutls_peers_cert_less_512 (session) != 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ /* Server key exchange packet is optional for PSK. */
+ if (_gnutls_session_is_psk (session))
+ optflag = OPTIONAL_PACKET;
+
+ ret =
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE,
+ optflag);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ session->internals.auth_struct->gnutls_process_server_kx (session,
+ data,
+ datasize);
+ gnutls_free (data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ }
+ return ret;
+}
+
+int
+_gnutls_recv_server_certificate_request (gnutls_session_t session)
+{
+ uint8_t *data;
+ int datasize;
+ int ret = 0;
+
+ if (session->internals.
+ auth_struct->gnutls_process_server_certificate_request != NULL)
+ {
+
+ ret =
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST,
+ OPTIONAL_PACKET);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && datasize == 0)
+ return 0; /* ignored */
+
+ ret =
+ session->internals.
+ auth_struct->gnutls_process_server_certificate_request (session, data,
+ datasize);
+ gnutls_free (data);
+ if (ret < 0)
+ return ret;
+
+ }
+ return ret;
+}
+
+int
+_gnutls_recv_client_kx_message (gnutls_session_t session)
+{
+ uint8_t *data;
+ int datasize;
+ int ret = 0;
+
+
+ /* Do key exchange only if the algorithm permits it */
+ if (session->internals.auth_struct->gnutls_process_client_kx != NULL)
+ {
+
+ ret =
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE,
+ MANDATORY_PACKET);
+ if (ret < 0)
+ return ret;
+
+ ret =
+ session->internals.auth_struct->gnutls_process_client_kx (session,
+ data,
+ datasize);
+ gnutls_free (data);
+ if (ret < 0)
+ return ret;
+
+ }
+
+ return ret;
+}
+
+
+/* This is called when we want send our certificate
+ */
+int
+_gnutls_send_client_certificate (gnutls_session_t session, int again)
+{
+ uint8_t *data = NULL;
+ int data_size = 0;
+ int ret = 0;
+
+
+ if (session->key->certificate_requested == 0)
+ return 0;
+
+ if (session->internals.auth_struct->gnutls_generate_client_certificate ==
+ NULL)
+ return 0;
+
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0)
+ {
+ if (gnutls_protocol_get_version (session) != GNUTLS_SSL3 ||
+ session->internals.selected_cert_list_length > 0)
+ {
+ /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ data_size =
+ session->internals.
+ auth_struct->gnutls_generate_client_certificate (session, &data);
+
+ if (data_size < 0)
+ {
+ gnutls_assert ();
+ return data_size;
+ }
+ }
+ }
+
+ /* In the SSL 3.0 protocol we need to send a
+ * no certificate alert instead of an
+ * empty certificate.
+ */
+ if (gnutls_protocol_get_version (session) == GNUTLS_SSL3 &&
+ session->internals.selected_cert_list_length == 0)
+ {
+ ret =
+ gnutls_alert_send (session, GNUTLS_AL_WARNING,
+ GNUTLS_A_SSL3_NO_CERTIFICATE);
+
+ }
+ else
+ { /* TLS 1.0 or SSL 3.0 with a valid certificate
+ */
+ ret = send_handshake (session, data, data_size,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ gnutls_free (data);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return data_size;
+}
+
+
+/* This is called when we want send our certificate
+ */
+int
+_gnutls_send_server_certificate (gnutls_session_t session, int again)
+{
+ uint8_t *data = NULL;
+ int data_size = 0;
+ int ret = 0;
+
+
+ if (session->internals.auth_struct->gnutls_generate_server_certificate ==
+ NULL)
+ return 0;
+
+ data = NULL;
+ data_size = 0;
+
+ if (again == 0)
+ {
+ data_size =
+ session->internals.
+ auth_struct->gnutls_generate_server_certificate (session, &data);
+
+ if (data_size < 0)
+ {
+ gnutls_assert ();
+ return data_size;
+ }
+ }
+ ret = send_handshake (session, data, data_size,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT);
+ gnutls_free (data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return data_size;
+}
+
+
+int
+_gnutls_recv_client_certificate (gnutls_session_t session)
+{
+ int datasize;
+ opaque *data;
+ int ret = 0;
+ int optional;
+
+ if (session->internals.auth_struct->gnutls_process_client_certificate !=
+ NULL)
+ {
+
+ /* if we have not requested a certificate then just return
+ */
+ if (session->internals.send_cert_req == 0)
+ {
+ return 0;
+ }
+
+ if (session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
+ optional = MANDATORY_PACKET;
+ else
+ optional = OPTIONAL_PACKET;
+
+ ret =
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT, optional);
+
+ if (ret < 0)
+ {
+ /* Handle the case of old SSL3 clients who send
+ * a warning alert instead of an empty certificate to indicate
+ * no certificate.
+ */
+ if (optional == OPTIONAL_PACKET &&
+ ret == GNUTLS_E_WARNING_ALERT_RECEIVED &&
+ gnutls_protocol_get_version (session) == GNUTLS_SSL3 &&
+ gnutls_alert_get (session) == GNUTLS_A_SSL3_NO_CERTIFICATE)
+ {
+
+ /* SSL3 does not send an empty certificate,
+ * but this alert. So we just ignore it.
+ */
+ gnutls_assert ();
+ return 0;
+ }
+
+ /* certificate was required
+ */
+ if ((ret == GNUTLS_E_WARNING_ALERT_RECEIVED
+ || ret == GNUTLS_E_FATAL_ALERT_RECEIVED)
+ && optional == MANDATORY_PACKET)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ return ret;
+ }
+
+ if (ret == 0 && datasize == 0 && optional == OPTIONAL_PACKET)
+ {
+ /* Client has not sent the certificate message.
+ * well I'm not sure we should accept this
+ * behaviour.
+ */
+ gnutls_assert ();
+ return 0;
+ }
+ ret =
+ session->internals.
+ auth_struct->gnutls_process_client_certificate (session, data,
+ datasize);
+
+ gnutls_free (data);
+ if (ret < 0 && ret != GNUTLS_E_NO_CERTIFICATE_FOUND)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* ok we should expect a certificate verify message now
+ */
+ if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND && optional == OPTIONAL_PACKET)
+ ret = 0;
+ else
+ session->key->certificate_requested = 1;
+
+ }
+
+ return ret;
+}
+
+int
+_gnutls_recv_server_certificate (gnutls_session_t session)
+{
+ int datasize;
+ opaque *data;
+ int ret = 0;
+
+ if (session->internals.auth_struct->gnutls_process_server_certificate !=
+ NULL)
+ {
+
+ ret =
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT,
+ MANDATORY_PACKET);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ session->internals.
+ auth_struct->gnutls_process_server_certificate (session, data,
+ datasize);
+ gnutls_free (data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ return ret;
+}
+
+
+/* Recv the client certificate verify. This packet may not
+ * arrive if the peer did not send us a certificate.
+ */
+int
+_gnutls_recv_client_certificate_verify_message (gnutls_session_t session)
+{
+ uint8_t *data;
+ int datasize;
+ int ret = 0;
+
+
+ if (session->internals.auth_struct->gnutls_process_client_cert_vrfy != NULL)
+ {
+
+ if (session->internals.send_cert_req == 0 ||
+ session->key->certificate_requested == 0)
+ {
+ return 0;
+ }
+
+ ret =
+ _gnutls_recv_handshake (session, &data,
+ &datasize,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY,
+ OPTIONAL_PACKET);
+ if (ret < 0)
+ return ret;
+
+ if (ret == 0 && datasize == 0
+ && session->internals.send_cert_req == GNUTLS_CERT_REQUIRE)
+ {
+ /* certificate was required */
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ ret =
+ session->internals.
+ auth_struct->gnutls_process_client_cert_vrfy (session, data,
+ datasize);
+ gnutls_free (data);
+ if (ret < 0)
+ return ret;
+
+ }
+
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+int _gnutls_send_server_kx_message (gnutls_session_t session, int again);
+int _gnutls_send_client_kx_message (gnutls_session_t session, int again);
+int _gnutls_recv_server_kx_message (gnutls_session_t session);
+int _gnutls_recv_client_kx_message (gnutls_session_t session);
+int _gnutls_send_client_certificate_verify (gnutls_session_t session,
+ int again);
+int _gnutls_send_server_certificate (gnutls_session_t session, int again);
+int _gnutls_generate_master (gnutls_session_t session, int keep_premaster);
+int _gnutls_recv_client_certificate (gnutls_session_t session);
+int _gnutls_recv_server_certificate (gnutls_session_t session);
+int _gnutls_send_client_certificate (gnutls_session_t session, int again);
+int _gnutls_recv_server_certificate_request (gnutls_session_t session);
+int _gnutls_send_server_certificate_request (gnutls_session_t session,
+ int again);
+int _gnutls_recv_client_certificate_verify_message (gnutls_session_t session);
--- /dev/null
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * Author: Jonathan Bastien-Filiatrault
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "gnutls_mbuffers.h"
+#include "gnutls_errors.h"
+
+/* Here be mbuffers */
+
+/* A note on terminology:
+ *
+ * Variables named bufel designate a single buffer segment (mbuffer_st
+ * type). This type is textually referred to as a "segment" or a
+ * "buffer element".
+ *
+ * Variables named buf desigate a chain of buffer segments
+ * (mbuffer_head_st type). This type is textually referred to as a
+ * "buffer head" or simply as "buffer".
+ *
+ * Design objectives:
+ *
+ * - Make existing code easier to understand.
+ * - Make common operations more efficient by avoiding unnecessary
+ * copying.
+ * - Provide a common datatype with a well-known interface to move
+ * data around and through the multiple protocol layers.
+ * - Enable a future implementation of DTLS, which needs the concept
+ * of record boundaries.
+ */
+
+
+/* Initialize a buffer head.
+ *
+ * Cost: O(1)
+ */
+void
+_mbuffer_init (mbuffer_head_st * buf)
+{
+ buf->head = NULL;
+ buf->tail = &buf->head;
+
+ buf->length = 0;
+ buf->byte_length = 0;
+}
+
+/* Deallocate all buffer segments and reset the buffer head.
+ *
+ * Cost: O(n)
+ * n: Number of segments currently in the buffer.
+ */
+void
+_mbuffer_clear (mbuffer_head_st * buf)
+{
+ mbuffer_st *bufel, *next;
+
+ for (bufel = buf->head; bufel != NULL; bufel = next)
+ {
+ next = bufel->next;
+ gnutls_free (bufel);
+ }
+
+ _mbuffer_init (buf);
+}
+
+/* Append a segment to the end of this buffer.
+ *
+ * Cost: O(1)
+ */
+void
+_mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel)
+{
+ bufel->next = NULL;
+
+ buf->length++;
+ buf->byte_length += bufel->msg.size - bufel->mark;
+
+ *(buf->tail) = bufel;
+ buf->tail = &bufel->next;
+}
+
+/* Get a reference to the first segment of the buffer and its data.
+ *
+ * Used to start iteration or to peek at the data.
+ *
+ * Cost: O(1)
+ */
+mbuffer_st *
+_mbuffer_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg)
+{
+ mbuffer_st *bufel = buf->head;
+
+ if (bufel)
+ {
+ msg->data = bufel->msg.data + bufel->mark;
+ msg->size = bufel->msg.size - bufel->mark;
+ }
+ else
+ {
+ msg->data = NULL;
+ msg->size = 0;
+ }
+ return bufel;
+}
+
+/* Get a reference to the next segment of the buffer and its data.
+ *
+ * Used to iterate over the buffer segments.
+ *
+ * Cost: O(1)
+ */
+mbuffer_st *
+_mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t * msg)
+{
+ mbuffer_st *bufel = cur->next;
+
+ if (bufel)
+ {
+ msg->data = bufel->msg.data + bufel->mark;
+ msg->size = bufel->msg.size - bufel->mark;
+ }
+ else
+ {
+ msg->data = NULL;
+ msg->size = 0;
+ }
+ return bufel;
+}
+
+/* Remove the first segment from the buffer.
+ *
+ * Used to dequeue data from the buffer. Not yet exposed in the
+ * internal interface since it is not yet needed outside of this unit.
+ *
+ * Cost: O(1)
+ */
+static inline void
+remove_front (mbuffer_head_st * buf)
+{
+ mbuffer_st *bufel;
+
+ if (!buf->head)
+ return;
+
+ bufel = buf->head;
+ buf->head = bufel->next;
+
+ buf->byte_length -= (bufel->msg.size - bufel->mark);
+ buf->length -= 1;
+ gnutls_free (bufel);
+
+ if (!buf->head)
+ buf->tail = &buf->head;
+}
+
+/* Remove a specified number of bytes from the start of the buffer.
+ *
+ * Useful for uses that treat the buffer as a simple array of bytes.
+ *
+ * Returns 0 on success or an error code otherwise.
+ *
+ * Cost: O(n)
+ * n: Number of segments needed to remove the specified amount of data.
+ */
+int
+_mbuffer_remove_bytes (mbuffer_head_st * buf, size_t bytes)
+{
+ size_t left = bytes;
+ mbuffer_st *bufel, *next;
+
+ if (bytes > buf->byte_length)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (bufel = buf->head; bufel != NULL && left > 0; bufel = next)
+ {
+ next = bufel->next;
+
+ if (left >= (bufel->msg.size - bufel->mark))
+ {
+ left -= (bufel->msg.size - bufel->mark);
+ remove_front (buf);
+ }
+ else
+ {
+ bufel->mark += left;
+ buf->byte_length -= left;
+ left = 0;
+ }
+ }
+
+ return 0;
+}
+
+/* Allocate a buffer segment. The segment is not initially "owned" by
+ * any buffer.
+ *
+ * maximum_size: Amount of data that this segment can contain.
+ * size: Amount of useful data that is contained in this
+ * buffer. Generally 0, but this is a shortcut when a fixed amount of
+ * data will immediately be added to this segment.
+ *
+ * Returns the segment or NULL on error.
+ *
+ * Cost: O(1)
+ */
+mbuffer_st *
+_mbuffer_alloc (size_t payload_size, size_t maximum_size)
+{
+ mbuffer_st *st;
+
+ st = gnutls_malloc (maximum_size + sizeof (mbuffer_st));
+ if (st == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ //payload points after the mbuffer_st structure
+ st->msg.data = (opaque *) st + sizeof (mbuffer_st);
+ st->msg.size = payload_size;
+ st->mark = 0;
+ st->user_mark = 0;
+ st->next = NULL;
+ st->maximum_size = maximum_size;
+
+ return st;
+}
+
+/* Copy data into a segment. The segment must not be part of a buffer
+ * head when using this function.
+ *
+ * Bounds checking is performed by this function.
+ *
+ * Returns 0 on success or an error code otherwise.
+ *
+ * Cost: O(n)
+ * n: number of bytes to copy
+ */
+int
+_mbuffer_append_data (mbuffer_st * bufel, void *newdata, size_t newdata_size)
+{
+ if (bufel->msg.size + newdata_size <= bufel->maximum_size)
+ {
+ memcpy (&bufel->msg.data[bufel->msg.size], newdata, newdata_size);
+ bufel->msg.size += newdata_size;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+/* Takes a buffer in multiple chunks and puts all the data in a single
+ * contiguous segment.
+ *
+ * Returns 0 on success or an error code otherwise.
+ *
+ * Cost: O(n)
+ * n: number of segments initially in the buffer
+ */
+int
+_mbuffer_linearize (mbuffer_head_st * buf)
+{
+ mbuffer_st *bufel, *cur;
+ gnutls_datum_t msg;
+ size_t pos = 0;
+
+ if (buf->length <= 1)
+ /* Nothing to do */
+ return 0;
+
+ bufel = _mbuffer_alloc (buf->byte_length, buf->byte_length);
+ if (!bufel)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (cur = _mbuffer_get_first (buf, &msg);
+ msg.data != NULL; cur = _mbuffer_get_next (cur, &msg))
+ {
+ memcpy (&bufel->msg.data[pos], msg.data, cur->msg.size);
+ pos += cur->msg.size;
+ }
+
+ _mbuffer_clear (buf);
+ _mbuffer_enqueue (buf, bufel);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2009 Free Software Foundation
+ *
+ * Author: Jonathan Bastien-Filiatrault
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_MBUFFERS_H
+#define GNUTLS_MBUFFERS_H
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+
+void _mbuffer_init (mbuffer_head_st * buf);
+void _mbuffer_clear (mbuffer_head_st * buf);
+void _mbuffer_enqueue (mbuffer_head_st * buf, mbuffer_st * bufel);
+int _mbuffer_remove_bytes (mbuffer_head_st * buf, size_t bytes);
+mbuffer_st *_mbuffer_alloc (size_t payload_size, size_t maximum_size);
+
+mbuffer_st *_mbuffer_get_first (mbuffer_head_st * buf, gnutls_datum_t * msg);
+mbuffer_st *_mbuffer_get_next (mbuffer_st * cur, gnutls_datum_t * msg);
+
+/* This is dangerous since it will replace bufel with a new
+ * one.
+ */
+int _mbuffer_append_data (mbuffer_st * bufel, void *newdata,
+ size_t newdata_size);
+int _mbuffer_linearize (mbuffer_head_st * buf);
+
+
+/* For "user" use. One can have buffer data and header.
+ */
+
+inline static void
+_mbuffer_set_udata (mbuffer_st * bufel, void *data, size_t data_size)
+{
+ memcpy (bufel->msg.data + bufel->user_mark, data, data_size);
+}
+
+inline static void *
+_mbuffer_get_uhead_ptr (mbuffer_st * bufel)
+{
+ return bufel->msg.data;
+}
+
+inline static void *
+_mbuffer_get_udata_ptr (mbuffer_st * bufel)
+{
+ return bufel->msg.data + bufel->user_mark;
+}
+
+inline static void
+_mbuffer_set_udata_size (mbuffer_st * bufel, size_t size)
+{
+ bufel->msg.size = size + bufel->user_mark;
+}
+
+inline static size_t
+_mbuffer_get_udata_size (mbuffer_st * bufel)
+{
+ return bufel->msg.size - bufel->user_mark;
+}
+
+inline static size_t
+_mbuffer_get_uhead_size (mbuffer_st * bufel)
+{
+ return bufel->user_mark;
+}
+
+inline static void
+_mbuffer_set_uhead_size (mbuffer_st * bufel, size_t size)
+{
+ bufel->user_mark = size;
+}
+
+
+
+inline static mbuffer_st *
+_gnutls_handshake_alloc (size_t size, size_t maximum)
+{
+ mbuffer_st *ret = _mbuffer_alloc (HANDSHAKE_HEADER_SIZE + size,
+ HANDSHAKE_HEADER_SIZE + maximum);
+
+ if (!ret)
+ return NULL;
+
+ _mbuffer_set_uhead_size (ret, HANDSHAKE_HEADER_SIZE);
+
+ return ret;
+}
+
+/* Free a segment, if the pointer is not NULL
+ *
+ * We take a ** to detect and fix double free bugs (the dangling
+ * pointer case). It also makes sure the pointer has a known value
+ * after freeing.
+ */
+inline static void
+_mbuffer_xfree (mbuffer_st ** bufel)
+{
+ if (*bufel)
+ gnutls_free (*bufel);
+
+ *bufel = NULL;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <xsize.h>
+
+gnutls_alloc_function gnutls_secure_malloc = malloc;
+gnutls_alloc_function gnutls_malloc = malloc;
+gnutls_free_function gnutls_free = free;
+gnutls_realloc_function gnutls_realloc = realloc;
+
+void *(*gnutls_calloc) (size_t, size_t) = calloc;
+char *(*gnutls_strdup) (const char *) = _gnutls_strdup;
+
+int
+_gnutls_is_secure_mem_null (const void *ign)
+{
+ return 0;
+}
+
+int (*_gnutls_is_secure_memory) (const void *) = _gnutls_is_secure_mem_null;
+
+
+void *
+_gnutls_calloc (size_t nmemb, size_t size)
+{
+ void *ret;
+ size_t n = xtimes (nmemb, size);
+ ret = (size_in_bounds_p (n) ? gnutls_malloc (n) : NULL);
+ if (ret != NULL)
+ memset (ret, 0, size);
+ return ret;
+}
+
+svoid *
+gnutls_secure_calloc (size_t nmemb, size_t size)
+{
+ svoid *ret;
+ size_t n = xtimes (nmemb, size);
+ ret = (size_in_bounds_p (n) ? gnutls_secure_malloc (n) : NULL);
+ if (ret != NULL)
+ memset (ret, 0, size);
+ return ret;
+}
+
+/* This realloc will free ptr in case realloc
+ * fails.
+ */
+void *
+gnutls_realloc_fast (void *ptr, size_t size)
+{
+ void *ret;
+
+ if (size == 0)
+ return ptr;
+
+ ret = gnutls_realloc (ptr, size);
+ if (ret == NULL)
+ {
+ gnutls_free (ptr);
+ }
+
+ return ret;
+}
+
+char *
+_gnutls_strdup (const char *str)
+{
+ size_t siz = strlen (str) + 1;
+ char *ret;
+
+ ret = gnutls_malloc (siz);
+ if (ret != NULL)
+ memcpy (ret, str, siz);
+ return ret;
+}
+
+
+#if 0
+/* don't use them. They are included for documentation.
+ */
+
+/**
+ * gnutls_malloc:
+ *
+ * This function will allocate 's' bytes data, and
+ * return a pointer to memory. This function is supposed
+ * to be used by callbacks.
+ *
+ * The allocation function used is the one set by
+ * gnutls_global_set_mem_functions().
+ **/
+void *
+gnutls_malloc (size_t s)
+{
+}
+
+/**
+ * gnutls_free:
+ * @d: pointer to memory
+ *
+ * This function will free data pointed by ptr.
+ *
+ * The deallocation function used is the one set by
+ * gnutls_global_set_mem_functions().
+ *
+ **/
+void
+gnutls_free (void *ptr)
+{
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_MEM_H
+#define GNUTLS_MEM_H
+
+typedef void svoid; /* for functions that allocate using gnutls_secure_malloc */
+
+extern int (*_gnutls_is_secure_memory) (const void *);
+
+/* this realloc function will return ptr if size==0, and
+ * will free the ptr if the new allocation failed.
+ */
+void *gnutls_realloc_fast (void *ptr, size_t size);
+
+svoid *gnutls_secure_calloc (size_t nmemb, size_t size);
+
+void *_gnutls_calloc (size_t nmemb, size_t size);
+char *_gnutls_strdup (const char *);
+
+#endif /* GNUTLS_MEM_H */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here lie everything that has to do with large numbers, libgcrypt and
+ * other stuff that didn't fit anywhere else.
+ */
+
+#include <gnutls_int.h>
+#include <libtasn1.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <gnutls_mpi.h>
+#include <random.h>
+
+/* Functions that refer to the mpi library.
+ */
+
+#define clearbit(v,n) ((unsigned char)(v) & ~( (unsigned char)(1) << (unsigned)(n)))
+
+bigint_t
+_gnutls_mpi_randomize (bigint_t r, unsigned int bits,
+ gnutls_rnd_level_t level)
+{
+ size_t size = 1 + (bits / 8);
+ int ret;
+ int rem, i;
+ bigint_t tmp;
+ char tmpbuf[512];
+ opaque *buf;
+ int buf_release = 0;
+
+ if (size < sizeof (tmpbuf))
+ {
+ buf = tmpbuf;
+ }
+ else
+ {
+ buf = gnutls_malloc (size);
+ if (buf == NULL)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ buf_release = 1;
+ }
+
+
+ ret = _gnutls_rnd (level, buf, size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* mask the bits that weren't requested */
+ rem = bits % 8;
+
+ if (rem == 0)
+ {
+ buf[0] = 0;
+ }
+ else
+ {
+ for (i = 8; i >= rem; i--)
+ buf[0] = clearbit (buf[0], i);
+ }
+
+ ret = _gnutls_mpi_scan (&tmp, buf, size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if (buf_release != 0)
+ {
+ gnutls_free (buf);
+ buf = NULL;
+ }
+
+ if (r != NULL)
+ {
+ _gnutls_mpi_set (r, tmp);
+ _gnutls_mpi_release (&tmp);
+ return r;
+ }
+
+ return tmp;
+
+cleanup:
+ if (buf_release != 0)
+ gnutls_free (buf);
+ return NULL;
+}
+
+void
+_gnutls_mpi_release (bigint_t * x)
+{
+ if (*x == NULL)
+ return;
+
+ _gnutls_mpi_ops.bigint_release (*x);
+ *x = NULL;
+}
+
+/* returns zero on success
+ */
+int
+_gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+{
+ *ret_mpi =
+ _gnutls_mpi_ops.bigint_scan (buffer, nbytes, GNUTLS_MPI_FORMAT_USG);
+ if (*ret_mpi == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
+}
+
+/* returns zero on success. Fails if the number is zero.
+ */
+int
+_gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+{
+ int ret;
+
+ ret = _gnutls_mpi_scan (ret_mpi, buffer, nbytes);
+ if (ret < 0)
+ return ret;
+
+ /* MPIs with 0 bits are illegal
+ */
+ if (_gnutls_mpi_get_nbits (*ret_mpi) == 0)
+ {
+ _gnutls_mpi_release (ret_mpi);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer, size_t nbytes)
+{
+ *ret_mpi =
+ _gnutls_mpi_ops.bigint_scan (buffer, nbytes, GNUTLS_MPI_FORMAT_PGP);
+ if (*ret_mpi == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ return 0;
+}
+
+/* Always has the first bit zero */
+int
+_gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest)
+{
+ int ret;
+ opaque *buf = NULL;
+ size_t bytes = 0;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print_lz (a, NULL, &bytes);
+
+ if (bytes != 0)
+ buf = gnutls_malloc (bytes);
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = _gnutls_mpi_print_lz (a, buf, &bytes);
+ if (ret < 0)
+ {
+ gnutls_free (buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = bytes;
+ return 0;
+}
+
+int
+_gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest)
+{
+ int ret;
+ opaque *buf = NULL;
+ size_t bytes = 0;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print (a, NULL, &bytes);
+ if (bytes != 0)
+ buf = gnutls_malloc (bytes);
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = _gnutls_mpi_print (a, buf, &bytes);
+ if (ret < 0)
+ {
+ gnutls_free (buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = bytes;
+ return 0;
+}
+
+/* This function will copy the mpi data into a datum,
+ * but will set minimum size to 'size'. That means that
+ * the output value is left padded with zeros.
+ */
+int
+_gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest, size_t size)
+{
+ int ret;
+ opaque *buf = NULL;
+ size_t bytes = 0;
+ unsigned int i;
+
+ if (dest == NULL || a == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _gnutls_mpi_print (a, NULL, &bytes);
+ if (bytes != 0)
+ buf = gnutls_malloc (MAX (size, bytes));
+ if (buf == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ if (bytes <= size)
+ {
+ size_t diff = size - bytes;
+ for (i = 0; i < diff; i++)
+ buf[i] = 0;
+ ret = _gnutls_mpi_print (a, &buf[diff], &bytes);
+ }
+ else
+ {
+ ret = _gnutls_mpi_print (a, buf, &bytes);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_free (buf);
+ return ret;
+ }
+
+ dest->data = buf;
+ dest->size = MAX (size, bytes);
+ return 0;
+}
+
+/* this function reads an integer
+ * from asn1 structs. Combines the read and mpi_scan
+ * steps.
+ */
+int
+_gnutls_x509_read_int (ASN1_TYPE node, const char *value, bigint_t * ret_mpi)
+{
+ int result;
+ opaque *tmpstr = NULL;
+ int tmpstr_size;
+
+ tmpstr_size = 0;
+ result = asn1_read_value (node, value, NULL, &tmpstr_size);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ tmpstr = gnutls_malloc (tmpstr_size);
+ if (tmpstr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value (node, value, tmpstr, &tmpstr_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (tmpstr);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_mpi_scan (ret_mpi, tmpstr, tmpstr_size);
+ gnutls_free (tmpstr);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* Writes the specified integer into the specified node.
+ */
+int
+_gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
+ int lz)
+{
+ opaque *tmpstr;
+ size_t s_len;
+ int result;
+
+ s_len = 0;
+ if (lz)
+ result = _gnutls_mpi_print_lz (mpi, NULL, &s_len);
+ else
+ result = _gnutls_mpi_print (mpi, NULL, &s_len);
+
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ tmpstr = gnutls_malloc (s_len);
+ if (tmpstr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (lz)
+ result = _gnutls_mpi_print_lz (mpi, tmpstr, &s_len);
+ else
+ result = _gnutls_mpi_print (mpi, tmpstr, &s_len);
+
+ if (result != 0)
+ {
+ gnutls_assert ();
+ gnutls_free (tmpstr);
+ return GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ result = asn1_write_value (node, value, tmpstr, s_len);
+
+ gnutls_free (tmpstr);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_MPI_H
+#define GNUTLS_MPI_H
+
+#include <gnutls_int.h>
+
+#include <gnutls/crypto.h>
+
+extern int crypto_bigint_prio;
+extern gnutls_crypto_bigint_st _gnutls_mpi_ops;
+
+bigint_t _gnutls_mpi_randomize (bigint_t, unsigned int bits,
+ gnutls_rnd_level_t level);
+
+#define _gnutls_mpi_new(x) _gnutls_mpi_ops.bigint_new(x)
+#define _gnutls_mpi_cmp(x,y) _gnutls_mpi_ops.bigint_cmp(x,y)
+#define _gnutls_mpi_cmp_ui(x,y) _gnutls_mpi_ops.bigint_cmp_ui(x,y)
+#define _gnutls_mpi_mod(x,y) _gnutls_mpi_ops.bigint_mod(x,y)
+#define _gnutls_mpi_set(x,y) _gnutls_mpi_ops.bigint_set(x,y)
+#define _gnutls_mpi_set_ui(x,y) _gnutls_mpi_ops.bigint_set_ui(x,y)
+#define _gnutls_mpi_get_nbits(x) _gnutls_mpi_ops.bigint_get_nbits(x)
+#define _gnutls_mpi_alloc_like(x) _gnutls_mpi_new(_gnutls_mpi_get_nbits(x))
+#define _gnutls_mpi_powm(x,y,z,w) _gnutls_mpi_ops.bigint_powm(x,y,z,w)
+#define _gnutls_mpi_addm(x,y,z,w) _gnutls_mpi_ops.bigint_addm(x,y,z,w)
+#define _gnutls_mpi_subm(x,y,z,w) _gnutls_mpi_ops.bigint_subm(x,y,z,w)
+#define _gnutls_mpi_mulm(x,y,z,w) _gnutls_mpi_ops.bigint_mulm(x,y,z,w)
+#define _gnutls_mpi_add(x,y,z) _gnutls_mpi_ops.bigint_add(x,y,z)
+#define _gnutls_mpi_sub(x,y,z) _gnutls_mpi_ops.bigint_sub(x,y,z)
+#define _gnutls_mpi_mul(x,y,z) _gnutls_mpi_ops.bigint_mul(x,y,z)
+#define _gnutls_mpi_div(x,y,z) _gnutls_mpi_ops.bigint_div(x,y,z)
+#define _gnutls_mpi_add_ui(x,y,z) _gnutls_mpi_ops.bigint_add_ui(x,y,z)
+#define _gnutls_mpi_sub_ui(x,y,z) _gnutls_mpi_ops.bigint_sub_ui(x,y,z)
+#define _gnutls_mpi_mul_ui(x,y,z) _gnutls_mpi_ops.bigint_mul_ui(x,y,z)
+#define _gnutls_prime_check(z) _gnutls_mpi_ops.bigint_prime_check(z)
+#define _gnutls_mpi_print(x,y,z) _gnutls_mpi_ops.bigint_print(x,y,z,GNUTLS_MPI_FORMAT_USG)
+#define _gnutls_mpi_print_lz(x,y,z) _gnutls_mpi_ops.bigint_print(x,y,z,GNUTLS_MPI_FORMAT_STD)
+#define _gnutls_mpi_print_pgp(x,y,z) _gnutls_mpi_ops.bigint_print(x,y,z,GNUTLS_MPI_FORMAT_PGP)
+#define _gnutls_mpi_copy( a) _gnutls_mpi_set( NULL, a)
+
+void _gnutls_mpi_release (bigint_t * x);
+
+int _gnutls_mpi_scan (bigint_t * ret_mpi, const void *buffer, size_t nbytes);
+int _gnutls_mpi_scan_nz (bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
+int _gnutls_mpi_scan_pgp (bigint_t * ret_mpi, const void *buffer,
+ size_t nbytes);
+
+int _gnutls_mpi_dprint_lz (const bigint_t a, gnutls_datum_t * dest);
+int _gnutls_mpi_dprint (const bigint_t a, gnutls_datum_t * dest);
+int _gnutls_mpi_dprint_size (const bigint_t a, gnutls_datum_t * dest,
+ size_t size);
+
+#define _gnutls_mpi_generate_group( gg, bits) _gnutls_mpi_ops.bigint_generate_group( gg, bits)
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the functions needed for 64 bit integer support in
+ * TLS, and functions which ease the access to TLS vectors (data of given size).
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_num.h>
+#include <gnutls_errors.h>
+
+#include <byteswap.h>
+
+/* This function will add one to uint64 x.
+ * Returns 0 on success, or -1 if the uint64 max limit
+ * has been reached.
+ */
+int
+_gnutls_uint64pp (uint64 * x)
+{
+ register int i, y = 0;
+
+ for (i = 7; i >= 0; i--)
+ {
+ y = 0;
+ if (x->i[i] == 0xff)
+ {
+ x->i[i] = 0;
+ y = 1;
+ }
+ else
+ x->i[i]++;
+
+ if (y == 0)
+ break;
+ }
+ if (y != 0)
+ return -1; /* over 64 bits! WOW */
+
+ return 0;
+}
+
+uint32_t
+_gnutls_uint24touint32 (uint24 num)
+{
+ uint32_t ret = 0;
+
+ ((uint8_t *) & ret)[1] = num.pint[0];
+ ((uint8_t *) & ret)[2] = num.pint[1];
+ ((uint8_t *) & ret)[3] = num.pint[2];
+ return ret;
+}
+
+uint24
+_gnutls_uint32touint24 (uint32_t num)
+{
+ uint24 ret;
+
+ ret.pint[0] = ((uint8_t *) & num)[1];
+ ret.pint[1] = ((uint8_t *) & num)[2];
+ ret.pint[2] = ((uint8_t *) & num)[3];
+ return ret;
+
+}
+
+/* data should be at least 3 bytes */
+uint32_t
+_gnutls_read_uint24 (const opaque * data)
+{
+ uint32_t res;
+ uint24 num;
+
+ num.pint[0] = data[0];
+ num.pint[1] = data[1];
+ num.pint[2] = data[2];
+
+ res = _gnutls_uint24touint32 (num);
+#ifndef WORDS_BIGENDIAN
+ res = bswap_32 (res);
+#endif
+ return res;
+}
+
+void
+_gnutls_write_uint24 (uint32_t num, opaque * data)
+{
+ uint24 tmp;
+
+#ifndef WORDS_BIGENDIAN
+ num = bswap_32 (num);
+#endif
+ tmp = _gnutls_uint32touint24 (num);
+
+ data[0] = tmp.pint[0];
+ data[1] = tmp.pint[1];
+ data[2] = tmp.pint[2];
+}
+
+uint32_t
+_gnutls_read_uint32 (const opaque * data)
+{
+ uint32_t res;
+
+ memcpy (&res, data, sizeof (uint32_t));
+#ifndef WORDS_BIGENDIAN
+ res = bswap_32 (res);
+#endif
+ return res;
+}
+
+void
+_gnutls_write_uint32 (uint32_t num, opaque * data)
+{
+
+#ifndef WORDS_BIGENDIAN
+ num = bswap_32 (num);
+#endif
+ memcpy (data, &num, sizeof (uint32_t));
+}
+
+uint16_t
+_gnutls_read_uint16 (const opaque * data)
+{
+ uint16_t res;
+ memcpy (&res, data, sizeof (uint16_t));
+#ifndef WORDS_BIGENDIAN
+ res = bswap_16 (res);
+#endif
+ return res;
+}
+
+void
+_gnutls_write_uint16 (uint16_t num, opaque * data)
+{
+
+#ifndef WORDS_BIGENDIAN
+ num = bswap_16 (num);
+#endif
+ memcpy (data, &num, sizeof (uint16_t));
+}
+
+uint32_t
+_gnutls_conv_uint32 (uint32_t data)
+{
+#ifndef WORDS_BIGENDIAN
+ return bswap_32 (data);
+#else
+ return data;
+#endif
+}
+
+uint16_t
+_gnutls_conv_uint16 (uint16_t data)
+{
+#ifndef WORDS_BIGENDIAN
+ return bswap_16 (data);
+#else
+ return data;
+#endif
+}
+
+uint32_t
+_gnutls_uint64touint32 (const uint64 * num)
+{
+ uint32_t ret;
+
+ memcpy (&ret, &num->i[4], 4);
+#ifndef WORDS_BIGENDIAN
+ ret = bswap_32 (ret);
+#endif
+
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_NUM_H
+#define GNUTLS_NUM_H
+
+#include <gnutls_int.h>
+
+#include <minmax.h>
+
+uint32_t _gnutls_uint24touint32 (uint24 num);
+uint24 _gnutls_uint32touint24 (uint32_t num);
+uint32_t _gnutls_read_uint32 (const opaque * data);
+uint16_t _gnutls_read_uint16 (const opaque * data);
+uint32_t _gnutls_conv_uint32 (uint32_t data);
+uint16_t _gnutls_conv_uint16 (uint16_t data);
+uint32_t _gnutls_read_uint24 (const opaque * data);
+void _gnutls_write_uint24 (uint32_t num, opaque * data);
+void _gnutls_write_uint32 (uint32_t num, opaque * data);
+void _gnutls_write_uint16 (uint16_t num, opaque * data);
+uint32_t _gnutls_uint64touint32 (const uint64 *);
+
+int _gnutls_uint64pp (uint64 *);
+#define _gnutls_uint64zero(x) x.i[0] = x.i[1] = x.i[2] = x.i[3] = x.i[4] = x.i[5] = x.i[6] = x.i[7] = 0
+#define UINT64DATA(x) (x.i)
+
+#endif /* GNUTLS_NUM_H */
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the functions needed for RSA/DSA public key
+ * encryption and signatures.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_mpi.h>
+#include <gnutls_pk.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_num.h>
+#include "debug.h"
+#include <x509/x509_int.h>
+#include <x509/common.h>
+#include <random.h>
+
+/* Do PKCS-1 RSA encryption.
+ * params is modulus, public exp.
+ */
+int
+_gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype)
+{
+ unsigned int i, pad;
+ int ret;
+ opaque *edata, *ps;
+ size_t k, psize;
+ size_t mod_bits;
+ gnutls_pk_params_st pk_params;
+ gnutls_datum_t to_encrypt, encrypted;
+
+ for (i = 0; i < params_len; i++)
+ pk_params.params[i] = params[i];
+ pk_params.params_nr = params_len;
+
+ mod_bits = _gnutls_mpi_get_nbits (params[0]);
+ k = mod_bits / 8;
+ if (mod_bits % 8 != 0)
+ k++;
+
+ if (plaintext->size > k - 11)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_ENCRYPTION_FAILED;
+ }
+
+ edata = gnutls_malloc (k);
+ if (edata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* EB = 00||BT||PS||00||D
+ * (use block type 'btype')
+ */
+
+ edata[0] = 0;
+ edata[1] = btype;
+ psize = k - 3 - plaintext->size;
+
+ ps = &edata[2];
+ switch (btype)
+ {
+ case 2:
+ /* using public key */
+ if (params_len < RSA_PUBLIC_PARAMS)
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, ps, psize);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return ret;
+ }
+ for (i = 0; i < psize; i++)
+ while (ps[i] == 0)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, &ps[i], 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return ret;
+ }
+ }
+ break;
+ case 1:
+ /* using private key */
+
+ if (params_len < RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ gnutls_free (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ for (i = 0; i < psize; i++)
+ ps[i] = 0xff;
+ break;
+ default:
+ gnutls_assert ();
+ gnutls_free (edata);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ps[psize] = 0;
+ memcpy (&ps[psize + 1], plaintext->data, plaintext->size);
+
+ to_encrypt.data = edata;
+ to_encrypt.size = k;
+
+ if (btype == 2) /* encrypt */
+ ret =
+ _gnutls_pk_encrypt (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params);
+ else /* sign */
+ ret =
+ _gnutls_pk_sign (GNUTLS_PK_RSA, &encrypted, &to_encrypt, &pk_params);
+
+ gnutls_free (edata);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ psize = encrypted.size;
+ if (psize < k)
+ {
+ /* padding psize */
+ pad = k - psize;
+ psize = k;
+ }
+ else if (psize == k)
+ {
+ /* pad = 0;
+ * no need to do anything else
+ */
+ ciphertext->data = encrypted.data;
+ ciphertext->size = encrypted.size;
+ return 0;
+ }
+ else
+ { /* psize > k !!! */
+ /* This is an impossible situation */
+ gnutls_assert ();
+ _gnutls_free_datum (&encrypted);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ciphertext->data = gnutls_malloc (psize);
+ if (ciphertext->data == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&encrypted);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy (&ciphertext->data[pad], encrypted.data, encrypted.size);
+ for (i = 0; i < pad; i++)
+ ciphertext->data[i] = 0;
+
+ ciphertext->size = k;
+
+ _gnutls_free_datum (&encrypted);
+
+ return 0;
+}
+
+
+/* Do PKCS-1 RSA decryption.
+ * params is modulus, public exp., private key
+ * Can decrypt block type 1 and type 2 packets.
+ */
+int
+_gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype)
+{
+ unsigned int k, i;
+ int ret;
+ size_t esize, mod_bits;
+ gnutls_pk_params_st pk_params;
+
+ for (i = 0; i < params_len; i++)
+ pk_params.params[i] = params[i];
+ pk_params.params_nr = params_len;
+
+ mod_bits = _gnutls_mpi_get_nbits (params[0]);
+ k = mod_bits / 8;
+ if (mod_bits % 8 != 0)
+ k++;
+
+ esize = ciphertext->size;
+
+ if (esize != k)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_DECRYPTION_FAILED;
+ }
+
+ /* we can use btype to see if the private key is
+ * available.
+ */
+ if (btype == 2)
+ {
+ ret =
+ _gnutls_pk_decrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
+ }
+ else
+ {
+ ret =
+ _gnutls_pk_encrypt (GNUTLS_PK_RSA, plaintext, ciphertext, &pk_params);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* EB = 00||BT||PS||00||D
+ * (use block type 'btype')
+ *
+ * From now on, return GNUTLS_E_DECRYPTION_FAILED on errors, to
+ * avoid attacks similar to the one described by Bleichenbacher in:
+ * "Chosen Ciphertext Attacks against Protocols Based on RSA
+ * Encryption Standard PKCS #1".
+ */
+ if (plaintext->data[0] != 0 || plaintext->data[1] != btype)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ ret = GNUTLS_E_DECRYPTION_FAILED;
+ switch (btype)
+ {
+ case 2:
+ for (i = 2; i < plaintext->size; i++)
+ {
+ if (plaintext->data[i] == 0)
+ {
+ ret = 0;
+ break;
+ }
+ }
+ break;
+ case 1:
+ for (i = 2; i < plaintext->size; i++)
+ {
+ if (plaintext->data[i] == 0 && i > 2)
+ {
+ ret = 0;
+ break;
+ }
+ if (plaintext->data[i] != 0xff)
+ {
+ _gnutls_handshake_log ("PKCS #1 padding error");
+ _gnutls_free_datum (plaintext);
+ /* PKCS #1 padding error. Don't use
+ GNUTLS_E_PKCS1_WRONG_PAD here. */
+ break;
+ }
+ }
+ break;
+ default:
+ gnutls_assert ();
+ _gnutls_free_datum (plaintext);
+ break;
+ }
+ i++;
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (plaintext);
+ return GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ memmove (plaintext->data, &plaintext->data[i], esize - i);
+ plaintext->size = esize - i;
+
+ return 0;
+}
+
+
+int
+_gnutls_rsa_verify (const gnutls_datum_t * vdata,
+ const gnutls_datum_t * ciphertext, bigint_t * params,
+ int params_len, int btype)
+{
+
+ gnutls_datum_t plain;
+ int ret;
+
+ /* decrypt signature */
+ if ((ret =
+ _gnutls_pkcs1_rsa_decrypt (&plain, ciphertext, params, params_len,
+ btype)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (plain.size != vdata->size)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&plain);
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ if (memcmp (plain.data, vdata->data, plain.size) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&plain);
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ _gnutls_free_datum (&plain);
+
+ return 0; /* ok */
+}
+
+/* encodes the Dss-Sig-Value structure
+ */
+int
+_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s)
+{
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_write_int (sig, "r", r, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_write_int (sig, "s", s, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode (sig, "", sig_value, 0);
+
+ asn1_delete_structure (&sig);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+
+/* Do DSA signature calculation. params is p, q, g, y, x in that order.
+ */
+int
+_gnutls_dsa_sign (gnutls_datum_t * signature,
+ const gnutls_datum_t * hash, bigint_t * params,
+ unsigned int params_len)
+{
+ int ret;
+ size_t i;
+ size_t k;
+ gnutls_pk_params_st pk_params;
+
+ for (i = 0; i < params_len; i++)
+ pk_params.params[i] = params[i];
+ pk_params.params_nr = params_len;
+
+ k = hash->size;
+ if (k < 20)
+ { /* SHA1 or better only */
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIGN_FAILED;
+ }
+
+ ret = _gnutls_pk_sign (GNUTLS_PK_DSA, signature, hash, &pk_params);
+ /* rs[0], rs[1] now hold r,s */
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/* decodes the Dss-Sig-Value structure
+ */
+int
+_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
+ bigint_t * s)
+{
+ ASN1_TYPE sig;
+ int result;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DSASignatureValue",
+ &sig)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&sig, sig_value->data, sig_value->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_read_int (sig, "r", r);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&sig);
+ return result;
+ }
+
+ result = _gnutls_x509_read_int (sig, "s", s);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (s);
+ asn1_delete_structure (&sig);
+ return result;
+ }
+
+ asn1_delete_structure (&sig);
+
+ return 0;
+}
+
+/* params is p, q, g, y in that order
+ */
+int
+_gnutls_dsa_verify (const gnutls_datum_t * vdata,
+ const gnutls_datum_t * sig_value, bigint_t * params,
+ int params_len)
+{
+
+ int ret, i;
+ gnutls_pk_params_st pk_params;
+
+ for (i = 0; i < params_len; i++)
+ pk_params.params[i] = params[i];
+ pk_params.params_nr = params_len;
+
+ if (vdata->size < 20)
+ { /* SHA1 or better only */
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ /* decrypt signature */
+ ret = _gnutls_pk_verify (GNUTLS_PK_DSA, vdata, sig_value, &pk_params);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0; /* ok */
+}
+
+/* some generic pk functions */
+static int
+_generate_params (int algo, bigint_t * resarr, unsigned int *resarr_len,
+ int bits)
+{
+ gnutls_pk_params_st params;
+ int ret;
+ unsigned int i;
+
+ ret = _gnutls_pk_ops.generate (algo, bits, ¶ms);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (resarr && resarr_len && *resarr_len >= params.params_nr)
+ {
+ *resarr_len = params.params_nr;
+ for (i = 0; i < params.params_nr; i++)
+ resarr[i] = params.params[i];
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return 0;
+}
+
+
+
+int
+_gnutls_rsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
+ int bits)
+{
+ return _generate_params (GNUTLS_PK_RSA, resarr, resarr_len, bits);
+}
+
+int
+_gnutls_dsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
+ int bits)
+{
+ return _generate_params (GNUTLS_PK_DSA, resarr, resarr_len, bits);
+}
+
+int
+_gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params,
+ int params_len)
+{
+ int i, j;
+ dst->params_nr = 0;
+
+ if (params_len == 0 || params == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (i = 0; i < params_len; i++)
+ {
+ dst->params[i] = _gnutls_mpi_set (NULL, params[i]);
+ if (dst->params[i] == NULL)
+ {
+ for (j = 0; j < i; j++)
+ _gnutls_mpi_release (&dst->params[j]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dst->params_nr++;
+ }
+
+ return 0;
+}
+
+void
+gnutls_pk_params_init (gnutls_pk_params_st * p)
+{
+ memset (p, 0, sizeof (gnutls_pk_params_st));
+}
+
+void
+gnutls_pk_params_release (gnutls_pk_params_st * p)
+{
+ unsigned int i;
+ for (i = 0; i < p->params_nr; i++)
+ {
+ _gnutls_mpi_release (&p->params[i]);
+ }
+}
+
+int
+_gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size)
+{
+ bigint_t tmp = _gnutls_mpi_alloc_like (params[0]);
+
+ if (params_size < RSA_PRIVATE_PARAMS - 2)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (tmp == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* [6] = d % p-1, [7] = d % q-1 */
+ _gnutls_mpi_sub_ui (tmp, params[3], 1);
+ params[6] = _gnutls_mpi_mod (params[2] /*d */ , tmp);
+
+ _gnutls_mpi_sub_ui (tmp, params[4], 1);
+ params[7] = _gnutls_mpi_mod (params[2] /*d */ , tmp);
+
+ _gnutls_mpi_release (&tmp);
+
+ if (params[7] == NULL || params[6] == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk, bigint_t * params,
+ int params_size,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand)
+{
+ if (mand)
+ {
+ if (pk == GNUTLS_PK_DSA)
+ *mand = 1;
+ else
+ *mand = 0;
+ }
+
+ return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) dig,
+ NULL, pk, params, params_size);
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_PK_H
+#define GNUTLS_PK_H
+
+extern int crypto_pk_prio;
+extern gnutls_crypto_pk_st _gnutls_pk_ops;
+
+#define _gnutls_pk_encrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.encrypt( algo, ciphertext, plaintext, params)
+#define _gnutls_pk_decrypt( algo, ciphertext, plaintext, params) _gnutls_pk_ops.decrypt( algo, ciphertext, plaintext, params)
+#define _gnutls_pk_sign( algo, sig, data, params) _gnutls_pk_ops.sign( algo, sig, data, params)
+#define _gnutls_pk_verify( algo, data, sig, params) _gnutls_pk_ops.verify( algo, data, sig, params)
+
+inline static int
+_gnutls_pk_fixup (gnutls_pk_algorithm_t algo, gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
+{
+ if (_gnutls_pk_ops.pk_fixup_private_params)
+ return _gnutls_pk_ops.pk_fixup_private_params (algo, direction, params);
+ return 0;
+}
+
+int _gnutls_pk_params_copy (gnutls_pk_params_st * dst, bigint_t * params,
+ int params_len);
+
+int _gnutls_rsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
+ int bits);
+int _gnutls_dsa_generate_params (bigint_t * resarr, unsigned int *resarr_len,
+ int bits);
+
+/* The internal PK interface */
+int _gnutls_pkcs1_rsa_encrypt (gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype);
+int _gnutls_dsa_sign (gnutls_datum_t * signature,
+ const gnutls_datum_t * plaintext, bigint_t * params,
+ unsigned params_len);
+int _gnutls_pkcs1_rsa_decrypt (gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ bigint_t * params, unsigned params_len,
+ unsigned btype);
+int _gnutls_rsa_verify (const gnutls_datum_t * vdata,
+ const gnutls_datum_t * ciphertext, bigint_t * params,
+ int params_len, int btype);
+int _gnutls_dsa_verify (const gnutls_datum_t * vdata,
+ const gnutls_datum_t * sig_value, bigint_t * params,
+ int params_len);
+
+int
+_gnutls_encode_ber_rs (gnutls_datum_t * sig_value, bigint_t r, bigint_t s);
+
+int
+_gnutls_decode_ber_rs (const gnutls_datum_t * sig_value, bigint_t * r,
+ bigint_t * s);
+
+int _gnutls_calc_rsa_exp (bigint_t * params, unsigned int params_size);
+
+int _gnutls_pk_get_hash_algorithm (gnutls_pk_algorithm_t pk,
+ bigint_t * params, int params_size,
+ gnutls_digest_algorithm_t * dig,
+ unsigned int *mand);
+
+#endif /* GNUTLS_PK_H */
--- /dev/null
+/*
+ * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here lies the code of the gnutls_*_set_priority() functions.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_algorithms.h"
+#include "gnutls_errors.h"
+#include <gnutls_num.h>
+
+static void
+break_comma_list (char *etag,
+ char **broken_etag, int *elements, int max_elements,
+ char sep);
+
+/**
+ * gnutls_cipher_set_priority:
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements.
+ *
+ * Sets the priority on the ciphers supported by gnutls. Priority is
+ * higher for elements specified before others. After specifying the
+ * ciphers you want, you must append a 0. Note that the priority is
+ * set on the client. The server does not use the algorithm's
+ * priority except for disabling algorithms that were not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
+{
+ int num = 0, i;
+
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ session->internals.priorities.cipher.algorithms = num;
+
+ for (i = 0; i < num; i++)
+ {
+ session->internals.priorities.cipher.priority[i] = list[i];
+ }
+
+ return 0;
+}
+
+typedef void (bulk_rmadd_func) (priority_st * priority_list, const int *);
+
+inline static void
+_set_priority (priority_st * st, const int *list)
+{
+ int num = 0, i;
+
+ while (list[num] != 0)
+ num++;
+ if (num > MAX_ALGOS)
+ num = MAX_ALGOS;
+ st->algorithms = num;
+
+ for (i = 0; i < num; i++)
+ {
+ st->priority[i] = list[i];
+ }
+
+ return;
+}
+
+static void
+_clear_priorities (priority_st * st, const int *list)
+{
+ memset(st, 0, sizeof(*st));
+}
+
+/**
+ * gnutls_kx_set_priority:
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements.
+ *
+ * Sets the priority on the key exchange algorithms supported by
+ * gnutls. Priority is higher for elements specified before others.
+ * After specifying the algorithms you want, you must append a 0.
+ * Note that the priority is set on the client. The server does not
+ * use the algorithm's priority except for disabling algorithms that
+ * were not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_kx_set_priority (gnutls_session_t session, const int *list)
+{
+ _set_priority (&session->internals.priorities.kx, list);
+ return 0;
+}
+
+/**
+ * gnutls_mac_set_priority:
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
+ *
+ * Sets the priority on the mac algorithms supported by gnutls.
+ * Priority is higher for elements specified before others. After
+ * specifying the algorithms you want, you must append a 0. Note
+ * that the priority is set on the client. The server does not use
+ * the algorithm's priority except for disabling algorithms that were
+ * not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_mac_set_priority (gnutls_session_t session, const int *list)
+{
+ _set_priority (&session->internals.priorities.mac, list);
+ return 0;
+}
+
+/**
+ * gnutls_compression_set_priority:
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_compression_method_t elements.
+ *
+ * Sets the priority on the compression algorithms supported by
+ * gnutls. Priority is higher for elements specified before others.
+ * After specifying the algorithms you want, you must append a 0.
+ * Note that the priority is set on the client. The server does not
+ * use the algorithm's priority except for disabling algorithms that
+ * were not specified.
+ *
+ * TLS 1.0 does not define any compression algorithms except
+ * NULL. Other compression algorithms are to be considered as gnutls
+ * extensions.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_compression_set_priority (gnutls_session_t session, const int *list)
+{
+ _set_priority (&session->internals.priorities.compression, list);
+ return 0;
+}
+
+/**
+ * gnutls_protocol_set_priority:
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_protocol_t elements.
+ *
+ * Sets the priority on the protocol versions supported by gnutls.
+ * This function actually enables or disables protocols. Newer protocol
+ * versions always have highest priority.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_protocol_set_priority (gnutls_session_t session, const int *list)
+{
+ _set_priority (&session->internals.priorities.protocol, list);
+
+ /* set the current version to the first in the chain.
+ * This will be overridden later.
+ */
+ if (list)
+ _gnutls_set_current_version (session, list[0]);
+
+ return 0;
+}
+
+/**
+ * gnutls_certificate_type_set_priority:
+ * @session: is a #gnutls_session_t structure.
+ * @list: is a 0 terminated list of gnutls_certificate_type_t elements.
+ *
+ * Sets the priority on the certificate types supported by gnutls.
+ * Priority is higher for elements specified before others.
+ * After specifying the types you want, you must append a 0.
+ * Note that the certificate type priority is set on the client.
+ * The server does not use the cert type priority except for disabling
+ * types that were not specified.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_certificate_type_set_priority (gnutls_session_t session,
+ const int *list)
+{
+#ifdef ENABLE_OPENPGP
+ _set_priority (&session->internals.priorities.cert_type, list);
+ return 0;
+#else
+
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+
+#endif
+}
+
+static const int protocol_priority[] = {
+ GNUTLS_TLS1_2,
+ GNUTLS_TLS1_1,
+ GNUTLS_TLS1_0,
+ GNUTLS_SSL3,
+ 0
+};
+
+static const int kx_priority_performance[] = {
+ GNUTLS_KX_RSA,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
+ /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
+ * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
+ */
+ 0
+};
+
+static const int kx_priority_export[] = {
+ GNUTLS_KX_RSA,
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_RSA_EXPORT,
+ 0
+};
+
+static const int kx_priority_secure[] = {
+ /* The ciphersuites that offer forward secrecy take
+ * precendance
+ */
+ GNUTLS_KX_DHE_RSA,
+ GNUTLS_KX_DHE_DSS,
+ GNUTLS_KX_RSA,
+ /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
+ * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
+ */
+ 0
+};
+
+static const int cipher_priority_performance[] = {
+ GNUTLS_CIPHER_ARCFOUR_128,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+#endif
+ /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */
+ 0
+};
+
+static const int cipher_priority_normal[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
+ GNUTLS_CIPHER_AES_256_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+#endif
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */
+ 0
+};
+
+static const int cipher_priority_secure128[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */
+ 0
+};
+
+
+static const int cipher_priority_secure256[] = {
+ GNUTLS_CIPHER_AES_256_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+#endif
+ GNUTLS_CIPHER_AES_128_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+#endif
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */
+ 0
+};
+
+/* The same as cipher_priority_security_normal + arcfour-40. */
+static const int cipher_priority_export[] = {
+ GNUTLS_CIPHER_AES_128_CBC,
+ GNUTLS_CIPHER_AES_256_CBC,
+#ifdef ENABLE_CAMELLIA
+ GNUTLS_CIPHER_CAMELLIA_128_CBC,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC,
+#endif
+ GNUTLS_CIPHER_3DES_CBC,
+ GNUTLS_CIPHER_ARCFOUR_128,
+ GNUTLS_CIPHER_ARCFOUR_40,
+ 0
+};
+
+static const int comp_priority[] = {
+ /* compression should be explicitely requested to be enabled */
+ GNUTLS_COMP_NULL,
+ 0
+};
+
+static const int sign_priority_default[] = {
+ GNUTLS_SIGN_DSA_SHA224,
+ GNUTLS_SIGN_DSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_SIGN_DSA_SHA1,
+ 0
+};
+
+static const int sign_priority_secure128[] = {
+ GNUTLS_SIGN_RSA_SHA256,
+ GNUTLS_SIGN_RSA_SHA384,
+ GNUTLS_SIGN_RSA_SHA512,
+ GNUTLS_SIGN_DSA_SHA1,
+ 0
+};
+
+static const int sign_priority_secure256[] = {
+ GNUTLS_SIGN_RSA_SHA512,
+ 0
+};
+
+static const int mac_priority_performance[] = {
+ GNUTLS_MAC_SHA1,
+ GNUTLS_MAC_SHA256,
+ 0
+};
+
+
+static const int mac_priority_secure[] = {
+ GNUTLS_MAC_SHA256,
+ GNUTLS_MAC_SHA1,
+ 0
+};
+
+static int cert_type_priority[] = {
+ GNUTLS_CRT_X509,
+ GNUTLS_CRT_OPENPGP,
+ 0
+};
+
+typedef void (rmadd_func) (priority_st * priority_list, unsigned int alg);
+
+static void
+prio_remove (priority_st * priority_list, unsigned int algo)
+{
+ int i = 0;
+ int pos = -1; /* the position of the cipher to remove */
+
+ while (priority_list->priority[i] != 0)
+ {
+ if (priority_list->priority[i] == algo)
+ pos = i;
+ i++;
+ }
+
+ if (pos >= 0)
+ {
+ priority_list->priority[pos] = priority_list->priority[i - 1];
+ priority_list->priority[i - 1] = 0;
+ priority_list->algorithms--;
+ }
+
+ return;
+}
+
+static void
+prio_add (priority_st * priority_list, unsigned int algo)
+{
+ register int i = 0;
+ while (priority_list->priority[i] != 0)
+ {
+ if (algo == priority_list->priority[i])
+ return; /* if it exists */
+ i++;
+ }
+
+ if (i < MAX_ALGOS)
+ {
+ priority_list->priority[i] = algo;
+ priority_list->algorithms++;
+ }
+
+ return;
+}
+
+
+/**
+ * gnutls_priority_set:
+ * @session: is a #gnutls_session_t structure.
+ * @priority: is a #gnutls_priority_t structure.
+ *
+ * Sets the priorities to use on the ciphers, key exchange methods,
+ * macs and compression methods.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority)
+{
+ if (priority == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CIPHER_SUITES;
+ }
+
+ memcpy (&session->internals.priorities, priority,
+ sizeof (struct gnutls_priority_st));
+
+ /* set the current version to the first in the chain.
+ * This will be overridden later.
+ */
+ if (session->internals.priorities.protocol.algorithms > 0)
+ _gnutls_set_current_version (session,
+ session->internals.priorities.protocol.
+ priority[0]);
+
+ return 0;
+}
+
+
+#define MAX_ELEMENTS 48
+
+/**
+ * gnutls_priority_init:
+ * @priority_cache: is a #gnutls_prioritity_t structure.
+ * @priorities: is a string describing priorities
+ * @err_pos: In case of an error this will have the position in the string the error occured
+ *
+ * Sets priorities for the ciphers, key exchange methods, macs and
+ * compression methods.
+ *
+ * The #priorities option allows you to specify a colon
+ * separated list of the cipher priorities to enable.
+ *
+ * Common keywords: Some keywords are defined to provide quick access
+ * to common preferences.
+ *
+ * "PERFORMANCE" means all the "secure" ciphersuites are enabled,
+ * limited to 128 bit ciphers and sorted by terms of speed
+ * performance.
+ *
+ * "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
+ * included as a fallback only. The ciphers are sorted by security
+ * margin.
+ *
+ * "SECURE128" means all "secure" ciphersuites with ciphers up to 128
+ * bits, sorted by security margin.
+ *
+ * "SECURE256" means all "secure" ciphersuites including the 256 bit
+ * ciphers, sorted by security margin.
+ *
+ * "EXPORT" means all ciphersuites are enabled, including the
+ * low-security 40 bit ciphers.
+ *
+ * "NONE" means nothing is enabled. This disables even protocols and
+ * compression methods.
+ *
+ * Special keywords:
+ * "!" or "-" appended with an algorithm will remove this algorithm.
+ *
+ * "+" appended with an algorithm will add this algorithm.
+ *
+ * Check the GnuTLS manual section "Priority strings" for detailed
+ * information.
+ *
+ * Examples:
+ *
+ * "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
+ *
+ * "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
+ *
+ * "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
+ * enabled, SSL3.0 is disabled, and libz compression enabled.
+ *
+ * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
+ *
+ * "NORMAL:%COMPAT" is the most compatible mode.
+ *
+ * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
+ * %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_priority_init (gnutls_priority_t * priority_cache,
+ const char *priorities, const char **err_pos)
+{
+ char *broken_list[MAX_ELEMENTS];
+ int broken_list_size = 0, i = 0, j;
+ char *darg = NULL;
+ int algo;
+ rmadd_func *fn;
+ bulk_rmadd_func *bulk_fn;
+
+ *priority_cache = gnutls_calloc (1, sizeof (struct gnutls_priority_st));
+ if (*priority_cache == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* for now unsafe renegotiation is default on everyone. To be removed
+ * when we make it the default.
+ */
+ (*priority_cache)->sr = SR_PARTIAL;
+ (*priority_cache)->ssl3_record_version = 1;
+
+ if (priorities == NULL)
+ priorities = "NORMAL";
+
+ darg = gnutls_strdup (priorities);
+ if (darg == NULL)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ break_comma_list (darg, broken_list, &broken_list_size, MAX_ELEMENTS, ':');
+ /* This is our default set of protocol version, certificate types and
+ * compression methods.
+ */
+ if (strcasecmp (broken_list[0], "NONE") != 0)
+ {
+ _set_priority (&(*priority_cache)->protocol, protocol_priority);
+ _set_priority (&(*priority_cache)->compression, comp_priority);
+ _set_priority (&(*priority_cache)->cert_type, cert_type_priority);
+ _set_priority (&(*priority_cache)->sign_algo, sign_priority_default);
+ i = 0;
+ }
+ else
+ {
+ i = 1;
+ }
+
+ for (; i < broken_list_size; i++)
+ {
+ if (strcasecmp (broken_list[i], "PERFORMANCE") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+ cipher_priority_performance);
+ _set_priority (&(*priority_cache)->kx, kx_priority_performance);
+ _set_priority (&(*priority_cache)->mac, mac_priority_performance);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+ else if (strcasecmp (broken_list[i], "NORMAL") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher, cipher_priority_normal);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+ else if (strcasecmp (broken_list[i], "SECURE256") == 0
+ || strcasecmp (broken_list[i], "SECURE") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+ cipher_priority_secure256);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_secure256);
+ }
+ else if (strcasecmp (broken_list[i], "SECURE128") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher,
+ cipher_priority_secure128);
+ _set_priority (&(*priority_cache)->kx, kx_priority_secure);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_secure128);
+ }
+ else if (strcasecmp (broken_list[i], "EXPORT") == 0)
+ {
+ _set_priority (&(*priority_cache)->cipher, cipher_priority_export);
+ _set_priority (&(*priority_cache)->kx, kx_priority_export);
+ _set_priority (&(*priority_cache)->mac, mac_priority_secure);
+ _set_priority (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ } /* now check if the element is something like -ALGO */
+ else if (broken_list[i][0] == '!' || broken_list[i][0] == '+'
+ || broken_list[i][0] == '-')
+ {
+ if (broken_list[i][0] == '+')
+ {
+ fn = prio_add;
+ bulk_fn = _set_priority;
+ }
+ else
+ {
+ fn = prio_remove;
+ bulk_fn = _clear_priorities;
+ }
+
+ if ((algo =
+ gnutls_mac_get_id (&broken_list[i][1])) != GNUTLS_MAC_UNKNOWN)
+ fn (&(*priority_cache)->mac, algo);
+ else if ((algo = gnutls_cipher_get_id (&broken_list[i][1])) !=
+ GNUTLS_CIPHER_UNKNOWN)
+ fn (&(*priority_cache)->cipher, algo);
+ else if ((algo = gnutls_kx_get_id (&broken_list[i][1])) !=
+ GNUTLS_KX_UNKNOWN)
+ fn (&(*priority_cache)->kx, algo);
+ else if (strncasecmp (&broken_list[i][1], "VERS-", 5) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "VERS-TLS-ALL", 12) == 0)
+ {
+ bulk_fn (&(*priority_cache)->protocol,
+ protocol_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_protocol_get_id (&broken_list[i][6])) !=
+ GNUTLS_VERSION_UNKNOWN)
+ fn (&(*priority_cache)->protocol, algo);
+ else
+ goto error;
+
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp (&broken_list[i][1], "COMP-", 5) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "COMP-ALL", 8) == 0)
+ {
+ bulk_fn (&(*priority_cache)->compression,
+ comp_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_compression_get_id (&broken_list[i][6])) !=
+ GNUTLS_COMP_UNKNOWN)
+ fn (&(*priority_cache)->compression, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp (&broken_list[i][1], "CTYPE-", 6) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "CTYPE-ALL", 9) == 0)
+ {
+ bulk_fn (&(*priority_cache)->cert_type,
+ cert_type_priority);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_certificate_type_get_id (&broken_list[i][7])) !=
+ GNUTLS_CRT_UNKNOWN)
+ fn (&(*priority_cache)->cert_type, algo);
+ else
+ goto error;
+ }
+ } /* now check if the element is something like -ALGO */
+ else if (strncasecmp (&broken_list[i][1], "SIGN-", 5) == 0)
+ {
+ if (strncasecmp (&broken_list[i][1], "SIGN-ALL", 8) == 0)
+ {
+ bulk_fn (&(*priority_cache)->sign_algo,
+ sign_priority_default);
+ }
+ else
+ {
+ if ((algo =
+ gnutls_sign_get_id (&broken_list[i][6])) !=
+ GNUTLS_SIGN_UNKNOWN)
+ fn (&(*priority_cache)->sign_algo, algo);
+ else
+ goto error;
+ }
+ }
+ else if (strncasecmp (&broken_list[i][1], "MAC-ALL", 7) == 0)
+ {
+ bulk_fn (&(*priority_cache)->mac,
+ mac_priority_secure);
+ }
+ else if (strncasecmp (&broken_list[i][1], "CIPHER-ALL", 7) == 0)
+ {
+ bulk_fn (&(*priority_cache)->cipher,
+ cipher_priority_normal);
+ }
+ else
+ goto error;
+ }
+ else if (broken_list[i][0] == '%')
+ {
+ if (strcasecmp (&broken_list[i][1], "COMPAT") == 0)
+ {
+ (*priority_cache)->no_padding = 1;
+ (*priority_cache)->allow_large_records = 1;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "VERIFY_ALLOW_SIGN_RSA_MD5") == 0)
+ {
+ prio_add (&(*priority_cache)->sign_algo, GNUTLS_SIGN_RSA_MD5);
+ (*priority_cache)->additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "SSL3_RECORD_VERSION") == 0)
+ (*priority_cache)->ssl3_record_version = 1;
+ else if (strcasecmp (&broken_list[i][1],
+ "LATEST_RECORD_VERSION") == 0)
+ (*priority_cache)->ssl3_record_version = 0;
+ else if (strcasecmp (&broken_list[i][1],
+ "VERIFY_ALLOW_X509_V1_CA_CRT") == 0)
+ (*priority_cache)->additional_verify_flags |=
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
+ else if (strcasecmp (&broken_list[i][1],
+ "UNSAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_UNSAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1], "SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_SAFE;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "PARTIAL_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_PARTIAL;
+ }
+ else if (strcasecmp (&broken_list[i][1],
+ "DISABLE_SAFE_RENEGOTIATION") == 0)
+ {
+ (*priority_cache)->sr = SR_DISABLED;
+ }
+ else
+ goto error;
+ }
+ else
+ goto error;
+ }
+
+ gnutls_free (darg);
+ return 0;
+
+error:
+ if (err_pos != NULL && i < broken_list_size)
+ {
+ *err_pos = priorities;
+ for (j = 0; j < i; j++)
+ {
+ (*err_pos) += strlen (broken_list[j]) + 1;
+ }
+ }
+ gnutls_free (darg);
+ gnutls_free (*priority_cache);
+
+ return GNUTLS_E_INVALID_REQUEST;
+
+}
+
+/**
+ * gnutls_priority_deinit:
+ * @priority_cache: is a #gnutls_prioritity_t structure.
+ *
+ * Deinitializes the priority cache.
+ **/
+void
+gnutls_priority_deinit (gnutls_priority_t priority_cache)
+{
+ gnutls_free (priority_cache);
+}
+
+
+/**
+ * gnutls_priority_set_direct:
+ * @session: is a #gnutls_session_t structure.
+ * @priorities: is a string describing priorities
+ * @err_pos: In case of an error this will have the position in the string the error occured
+ *
+ * Sets the priorities to use on the ciphers, key exchange methods,
+ * macs and compression methods. This function avoids keeping a
+ * priority cache and is used to directly set string priorities to a
+ * TLS session. For documentation check the gnutls_priority_init().
+ *
+ * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
+ * %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_priority_set_direct (gnutls_session_t session,
+ const char *priorities, const char **err_pos)
+{
+ gnutls_priority_t prio;
+ int ret;
+
+ ret = gnutls_priority_init (&prio, priorities, err_pos);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_priority_set (session, prio);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ gnutls_priority_deinit (prio);
+
+ return 0;
+}
+
+/* Breaks a list of "xxx", "yyy", to a character array, of
+ * MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
+ */
+static void
+break_comma_list (char *etag,
+ char **broken_etag, int *elements, int max_elements,
+ char sep)
+{
+ char *p = etag;
+ if (sep == 0)
+ sep = ',';
+
+ *elements = 0;
+
+ do
+ {
+ broken_etag[*elements] = p;
+
+ (*elements)++;
+
+ p = strchr (p, sep);
+ if (p)
+ {
+ *p = 0;
+ p++; /* move to next entry and skip white
+ * space.
+ */
+ while (*p == ' ')
+ p++;
+ }
+ }
+ while (p != NULL && *elements < max_elements);
+}
+
+/**
+ * gnutls_set_default_priority:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Sets some default priority on the ciphers, key exchange methods,
+ * macs and compression methods.
+ *
+ * This is the same as calling:
+ *
+ * gnutls_priority_set_direct (session, "NORMAL", NULL);
+ *
+ * This function is kept around for backwards compatibility, but
+ * because of its wide use it is still fully supported. If you wish
+ * to allow users to provide a string that specify which ciphers to
+ * use (which is recommended), you should use
+ * gnutls_priority_set_direct() or gnutls_priority_set() instead.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_set_default_priority (gnutls_session_t session)
+{
+ return gnutls_priority_set_direct (session, "NORMAL", NULL);
+}
+
+/**
+ * gnutls_set_default_export_priority:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Sets some default priority on the ciphers, key exchange methods, macs
+ * and compression methods. This function also includes weak algorithms.
+ *
+ * This is the same as calling:
+ *
+ * gnutls_priority_set_direct (session, "EXPORT", NULL);
+ *
+ * This function is kept around for backwards compatibility, but
+ * because of its wide use it is still fully supported. If you wish
+ * to allow users to provide a string that specify which ciphers to
+ * use (which is recommended), you should use
+ * gnutls_priority_set_direct() or gnutls_priority_set() instead.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_set_default_export_priority (gnutls_session_t session)
+{
+ return gnutls_priority_set_direct (session, "EXPORT", NULL);
+}
--- /dev/null
+/*
+ * GnuTLS PKCS#11 support
+ * Copyright (C) 2010 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA
+*/
+
+#include <gnutls_int.h>
+#include <pakchois/pakchois.h>
+#include <gnutls/pkcs11.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <pkcs11_int.h>
+#include <gnutls/abstract.h>
+#include <gnutls_pk.h>
+#include <x509_int.h>
+#include <openpgp/openpgp_int.h>
+#include <openpgp/gnutls_openpgp.h>
+#include <gnutls_sig.h>
+#include <abstract_int.h>
+
+struct gnutls_privkey_st
+{
+ gnutls_privkey_type_t type;
+ gnutls_pk_algorithm_t pk_algorithm;
+
+ union
+ {
+ gnutls_x509_privkey_t x509;
+ gnutls_pkcs11_privkey_t pkcs11;
+#ifdef ENABLE_OPENPGP
+ gnutls_openpgp_privkey_t openpgp;
+#endif
+ } key;
+
+ unsigned int flags;
+};
+
+/**
+ * gnutls_privkey_get_type:
+ * @key: should contain a #gnutls_privkey_t structure
+ *
+ * This function will return the type of the private key. This is
+ * actually the type of the subsystem used to set this private key.
+ *
+ * Returns: a member of the #gnutls_privkey_type_t enumeration on
+ * success, or a negative value on error.
+ **/
+gnutls_privkey_type_t
+gnutls_privkey_get_type (gnutls_privkey_t key)
+{
+ return key->type;
+}
+
+/**
+ * gnutls_privkey_get_pk_algorithm:
+ * @key: should contain a #gnutls_privkey_t structure
+ * @bits: If set will return the number of bits of the parameters (may be NULL)
+ *
+ * This function will return the public key algorithm of a private
+ * key and if possible will return a number of bits that indicates
+ * the security parameter of the key.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ **/
+int
+gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key, unsigned int *bits)
+{
+ switch (key->type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_get_pk_algorithm (key->key.openpgp, bits);
+#endif
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_get_pk_algorithm (key->key.pkcs11, bits);
+ case GNUTLS_PRIVKEY_X509:
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits (key->key.x509->params[0]);
+ return gnutls_x509_privkey_get_pk_algorithm (key->key.x509);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+}
+
+static int
+privkey_to_pubkey (gnutls_pk_algorithm_t pk,
+ const bigint_t * params, int params_size,
+ bigint_t * new_params, int *new_params_size)
+{
+ int ret, i;
+
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ if (*new_params_size < RSA_PUBLIC_PARAMS
+ || params_size < RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ new_params[0] = _gnutls_mpi_copy (params[0]);
+ new_params[1] = _gnutls_mpi_copy (params[1]);
+
+ *new_params_size = RSA_PUBLIC_PARAMS;
+
+ if (new_params[0] == NULL || new_params[1] == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ case GNUTLS_PK_DSA:
+ if (*new_params_size < DSA_PUBLIC_PARAMS
+ || params_size < DSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ new_params[0] = _gnutls_mpi_copy (params[0]);
+ new_params[1] = _gnutls_mpi_copy (params[1]);
+ new_params[2] = _gnutls_mpi_copy (params[2]);
+ new_params[3] = _gnutls_mpi_copy (params[3]);
+
+ *new_params_size = DSA_PUBLIC_PARAMS;
+
+ if (new_params[0] == NULL || new_params[1] == NULL ||
+ new_params[2] == NULL || new_params[3] == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+cleanup:
+ for (i = 0; i < *new_params_size; i++)
+ _gnutls_mpi_release (new_params[i]);
+ return ret;
+}
+
+
+/* Returns the public key of the private key (if possible)
+ */
+int
+_gnutls_privkey_get_public_mpis (gnutls_privkey_t key,
+ bigint_t * params, int *params_size)
+{
+ int ret;
+ gnutls_pk_algorithm_t pk = gnutls_privkey_get_pk_algorithm (key, NULL);
+
+ switch (key->type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_PRIVKEY_OPENPGP:
+ {
+ bigint_t tmp_params[MAX_PRIV_PARAMS_SIZE];
+ int tmp_params_size = MAX_PRIV_PARAMS_SIZE;
+ uint32_t kid[2], i;
+ gnutls_openpgp_keyid_t keyid;
+
+ ret =
+ gnutls_openpgp_privkey_get_preferred_key_id (key->key.openpgp,
+ keyid);
+ if (ret == 0)
+ {
+ KEYID_IMPORT (kid, keyid);
+ ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, kid,
+ tmp_params,
+ &tmp_params_size);
+ }
+ else
+ ret = _gnutls_openpgp_privkey_get_mpis (key->key.openpgp, NULL,
+ tmp_params,
+ &tmp_params_size);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = privkey_to_pubkey (pk,
+ tmp_params, tmp_params_size,
+ params, params_size);
+
+ for (i = 0; i < tmp_params_size; i++)
+ _gnutls_mpi_release (&tmp_params[i]);
+
+ }
+
+ break;
+#endif
+ case GNUTLS_PRIVKEY_X509:
+ ret = privkey_to_pubkey (pk,
+ key->key.x509->params,
+ key->key.x509->params_size, params,
+ params_size);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_privkey_init:
+ * @key: The structure to be initialized
+ *
+ * This function will initialize an private key structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_privkey_init (gnutls_privkey_t * key)
+{
+ *key = gnutls_calloc (1, sizeof (struct gnutls_privkey_st));
+ if (*key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_privkey_deinit:
+ * @key: The structure to be deinitialized
+ *
+ * This function will deinitialize a private key structure.
+ **/
+void
+gnutls_privkey_deinit (gnutls_privkey_t key)
+{
+ if (key->flags & GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE)
+ switch (key->type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_deinit (key->key.openpgp);
+#endif
+ case GNUTLS_PRIVKEY_PKCS11:
+ return gnutls_pkcs11_privkey_deinit (key->key.pkcs11);
+ case GNUTLS_PRIVKEY_X509:
+ return gnutls_x509_privkey_deinit (key->key.x509);
+ }
+ gnutls_free (key);
+}
+
+/* will fail if the private key contains an actual key.
+ */
+static int check_if_clean(gnutls_privkey_t key)
+{
+ if (key->type != 0)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ return 0;
+}
+
+/**
+ * gnutls_privkey_import_pkcs11:
+ * @pkey: The private key
+ * @key: The private key to be imported
+ * @flags: should be zero
+ *
+ * This function will import the given private key to the abstract
+ * #gnutls_privkey_t structure.
+ *
+ * The #gnutls_pkcs11_privkey_t object must not be deallocated
+ * during the lifetime of this structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key, unsigned int flags)
+{
+int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
+ pkey->key.pkcs11 = key;
+ pkey->type = GNUTLS_PRIVKEY_PKCS11;
+ pkey->pk_algorithm = gnutls_pkcs11_privkey_get_pk_algorithm (key, NULL);
+ pkey->flags = flags;
+
+ return 0;
+}
+
+/**
+ * gnutls_privkey_import_x509:
+ * @pkey: The private key
+ * @key: The private key to be imported
+ * @flags: should be zero
+ *
+ * This function will import the given private key to the abstract
+ * #gnutls_privkey_t structure.
+ *
+ * The #gnutls_x509_privkey_t object must not be deallocated
+ * during the lifetime of this structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key, unsigned int flags)
+{
+int ret;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
+ pkey->key.x509 = key;
+ pkey->type = GNUTLS_PRIVKEY_X509;
+ pkey->pk_algorithm = gnutls_x509_privkey_get_pk_algorithm (key);
+ pkey->flags = flags;
+
+ return 0;
+}
+
+#ifdef ENABLE_OPENPGP
+/**
+ * gnutls_privkey_import_openpgp:
+ * @pkey: The private key
+ * @key: The private key to be imported
+ * @flags: should be zero
+ *
+ * This function will import the given private key to the abstract
+ * #gnutls_privkey_t structure.
+ *
+ * The #gnutls_openpgp_privkey_t object must not be deallocated
+ * during the lifetime of this structure. The subkey set as
+ * preferred will be used, or the master key otherwise.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags)
+{
+int ret, idx;
+gnutls_openpgp_keyid_t keyid;
+
+ ret = check_if_clean(pkey);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ return ret;
+ }
+
+ pkey->key.openpgp = key;
+ pkey->type = GNUTLS_PRIVKEY_OPENPGP;
+
+ ret = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
+ {
+ pkey->pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm(key, NULL);
+ }
+ else
+ {
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+
+ pkey->pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
+ }
+
+ pkey->flags = flags;
+
+ return 0;
+}
+#endif
+
+/**
+ * gnutls_privkey_sign_data:
+ * @signer: Holds the key
+ * @hash: should be a digest algorithm
+ * @flags: should be 0 for now
+ * @data: holds the data to be signed
+ * @signature: will contain the signature allocate with gnutls_malloc()
+ *
+ * This function will sign the given data using a signature algorithm
+ * supported by the private key. Signature algorithms are always used
+ * together with a hash functions. Different hash functions may be
+ * used for the RSA algorithm, but only SHA-1 for the DSA keys.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.12.0
+ **/
+int
+gnutls_privkey_sign_data (gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
+{
+ int ret;
+ gnutls_datum_t digest;
+
+ ret = pk_hash_data (signer->pk_algorithm, hash, NULL, data, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = pk_prepare_hash (signer->pk_algorithm, hash, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_privkey_sign_hash (signer, &digest, signature);
+ _gnutls_free_datum (&digest);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+
+cleanup:
+ _gnutls_free_datum (&digest);
+ return ret;
+}
+
+/**
+ * gnutls_privkey_sign_hash:
+ * @signer: Holds the signer's key
+ * @hash_algo: The hash algorithm used
+ * @flags: zero for now
+ * @hash_data: holds the data to be signed
+ * @signature: will contain newly allocated signature
+ *
+ * This function will sign the given hashed data using a signature algorithm
+ * supported by the private key. Signature algorithms are always used
+ * together with a hash functions. Different hash functions may be
+ * used for the RSA algorithm, but only SHA-XXX for the DSA keys.
+ *
+ * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
+ * the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.12.0
+ **/
+int
+gnutls_privkey_sign_hash (gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
+{
+ int ret;
+ gnutls_datum_t digest;
+
+ digest.data = gnutls_malloc (hash_data->size);
+ if (digest.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ digest.size = hash_data->size;
+ memcpy (digest.data, hash_data->data, digest.size);
+
+ ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_privkey_sign_hash (signer, &digest, signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_free_datum (&digest);
+ return ret;
+}
+
+/*-
+ * _gnutls_privkey_sign_hash:
+ * @key: Holds the key
+ * @data: holds the data to be signed
+ * @signature: will contain the signature allocate with gnutls_malloc()
+ *
+ * This function will sign the given data using a signature algorithm
+ * supported by the private key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_privkey_sign_hash (gnutls_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+{
+ switch (key->type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return gnutls_openpgp_privkey_sign_hash (key->key.openpgp,
+ hash, signature);
+#endif
+ case GNUTLS_PRIVKEY_PKCS11:
+ return _gnutls_pkcs11_privkey_sign_hash (key->key.pkcs11,
+ hash, signature);
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_soft_sign (key->key.x509->pk_algorithm,
+ key->key.x509->params,
+ key->key.x509->params_size, hash, signature);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+}
+
+/**
+ * gnutls_privkey_decrypt_data:
+ * @key: Holds the key
+ * @flags: zero for now
+ * @ciphertext: holds the data to be decrypted
+ * @plaintext: will contain the decrypted data, allocated with gnutls_malloc()
+ *
+ * This function will decrypt the given data using the algorithm
+ * supported by the private key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_privkey_decrypt_data (gnutls_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
+{
+ if (key->pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ switch (key->type)
+ {
+#ifdef ENABLE_OPENPGP
+ case GNUTLS_PRIVKEY_OPENPGP:
+ return _gnutls_openpgp_privkey_decrypt_data (key->key.openpgp, flags,
+ ciphertext, plaintext);
+#endif
+ case GNUTLS_PRIVKEY_X509:
+ return _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext,
+ key->key.x509->params,
+ key->key.x509->params_size, 2);
+ case GNUTLS_PRIVKEY_PKCS11:
+ return _gnutls_pkcs11_privkey_decrypt_data (key->key.pkcs11,
+ flags,
+ ciphertext, plaintext);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+}
--- /dev/null
+/*
+ * Copyright (C) 2005, 2007, 2008, 2009, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions for manipulating the PSK credentials. */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <auth_psk.h>
+#include <gnutls_state.h>
+
+#ifdef ENABLE_PSK
+
+#include <auth_psk_passwd.h>
+#include <gnutls_num.h>
+#include <gnutls_helper.h>
+#include <gnutls_datum.h>
+#include "debug.h"
+
+/**
+ * gnutls_psk_free_client_credentials:
+ * @sc: is a #gnutls_psk_client_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ **/
+void
+gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc)
+{
+ _gnutls_free_datum (&sc->username);
+ _gnutls_free_datum (&sc->key);
+ gnutls_free (sc);
+}
+
+/**
+ * gnutls_psk_allocate_client_credentials:
+ * @sc: is a pointer to a #gnutls_psk_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc)
+{
+ *sc = gnutls_calloc (1, sizeof (psk_client_credentials_st));
+
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ return 0;
+}
+
+/**
+ * gnutls_psk_set_client_credentials:
+ * @res: is a #gnutls_psk_client_credentials_t structure.
+ * @username: is the user's zero-terminated userid
+ * @key: is the user's key
+ * @format: indicate the format of the key, either
+ * %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX.
+ *
+ * This function sets the username and password, in a
+ * gnutls_psk_client_credentials_t structure. Those will be used in
+ * PSK authentication. @username should be an ASCII string or UTF-8
+ * strings prepared using the "SASLprep" profile of "stringprep". The
+ * key can be either in raw byte format or in Hex format (without the
+ * 0x prefix).
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
+ const char *username,
+ const gnutls_datum_t * key,
+ gnutls_psk_key_flags flags)
+{
+ int ret;
+
+ if (username == NULL || key == NULL || key->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_set_datum (&res->username, username, strlen (username));
+ if (ret < 0)
+ return ret;
+
+ if (flags == GNUTLS_PSK_KEY_RAW)
+ {
+ if (_gnutls_set_datum (&res->key, key->data, key->size) < 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ }
+ else
+ { /* HEX key */
+ size_t size;
+ size = res->key.size = key->size / 2;
+ res->key.data = gnutls_malloc (size);
+ if (res->key.data == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ ret = gnutls_hex_decode (key, (char *) res->key.data, &size);
+ res->key.size = (unsigned int) size;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ }
+
+ return 0;
+
+error:
+ _gnutls_free_datum (&res->username);
+
+ return ret;
+}
+
+/**
+ * gnutls_psk_free_server_credentials:
+ * @sc: is a #gnutls_psk_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to free (deallocate) it.
+ **/
+void
+gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc)
+{
+ gnutls_free (sc->password_file);
+ gnutls_free (sc);
+}
+
+/**
+ * gnutls_psk_allocate_server_credentials:
+ * @sc: is a pointer to a #gnutls_psk_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc)
+{
+ *sc = gnutls_calloc (1, sizeof (psk_server_cred_st));
+
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ return 0;
+}
+
+
+/**
+ * gnutls_psk_set_server_credentials_file:
+ * @res: is a #gnutls_psk_server_credentials_t structure.
+ * @password_file: is the PSK password file (passwd.psk)
+ *
+ * This function sets the password file, in a
+ * %gnutls_psk_server_credentials_t structure. This password file
+ * holds usernames and keys and will be used for PSK authentication.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
+ res, const char *password_file)
+{
+
+ if (password_file == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the files can be opened */
+ if (_gnutls_file_exists (password_file) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ res->password_file = gnutls_strdup (password_file);
+ if (res->password_file == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_psk_set_server_credentials_hint:
+ * @res: is a #gnutls_psk_server_credentials_t structure.
+ * @hint: is the PSK identity hint string
+ *
+ * This function sets the identity hint, in a
+ * %gnutls_psk_server_credentials_t structure. This hint is sent to
+ * the client to help it chose a good PSK credential (i.e., username
+ * and password).
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res,
+ const char *hint)
+{
+ res->hint = gnutls_strdup (hint);
+ if (res->hint == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_psk_set_server_credentials_function:
+ * @cred: is a #gnutls_psk_server_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function can be used to set a callback to retrieve the user's PSK credentials.
+ * The callback's function form is:
+ * int (*callback)(gnutls_session_t, const char* username,
+ * gnutls_datum_t* key);
+ *
+ * @username contains the actual username.
+ * The @key must be filled in using the gnutls_malloc().
+ *
+ * In case the callback returned a negative number then gnutls will
+ * assume that the username does not exist.
+ *
+ * The callback function will only be called once per handshake. The
+ * callback function should return 0 on success, while -1 indicates
+ * an error.
+ **/
+void
+gnutls_psk_set_server_credentials_function (gnutls_psk_server_credentials_t
+ cred,
+ gnutls_psk_server_credentials_function
+ * func)
+{
+ cred->pwd_callback = func;
+}
+
+/**
+ * gnutls_psk_set_client_credentials_function:
+ * @cred: is a #gnutls_psk_server_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function can be used to set a callback to retrieve the username and
+ * password for client PSK authentication.
+ * The callback's function form is:
+ * int (*callback)(gnutls_session_t, char** username,
+ * gnutls_datum_t* key);
+ *
+ * The @username and @key->data must be allocated using gnutls_malloc().
+ * @username should be ASCII strings or UTF-8 strings prepared using
+ * the "SASLprep" profile of "stringprep".
+ *
+ * The callback function will be called once per handshake.
+ *
+ * The callback function should return 0 on success.
+ * -1 indicates an error.
+ **/
+void
+gnutls_psk_set_client_credentials_function (gnutls_psk_client_credentials_t
+ cred,
+ gnutls_psk_client_credentials_function
+ * func)
+{
+ cred->get_function = func;
+}
+
+
+/**
+ * gnutls_psk_server_get_username:
+ * @session: is a gnutls session
+ *
+ * This should only be called in case of PSK authentication and in
+ * case of a server.
+ *
+ * Returns: the username of the peer, or %NULL in case of an error.
+ **/
+const char *
+gnutls_psk_server_get_username (gnutls_session_t session)
+{
+ psk_auth_info_t info;
+
+ CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return NULL;
+
+ if (info->username[0] != 0)
+ return info->username;
+
+ return NULL;
+}
+
+/**
+ * gnutls_psk_client_get_hint:
+ * @session: is a gnutls session
+ *
+ * The PSK identity hint may give the client help in deciding which
+ * username to use. This should only be called in case of PSK
+ * authentication and in case of a client.
+ *
+ * Returns: the identity hint of the peer, or %NULL in case of an error.
+ *
+ * Since: 2.4.0
+ **/
+const char *
+gnutls_psk_client_get_hint (gnutls_session_t session)
+{
+ psk_auth_info_t info;
+
+ CHECK_AUTH (GNUTLS_CRD_PSK, NULL);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return NULL;
+
+ if (info->hint[0] != 0)
+ return info->hint;
+
+ return NULL;
+}
+
+/**
+ * gnutls_hex_decode:
+ * @hex_data: contain the encoded data
+ * @result: the place where decoded data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will decode the given encoded data, using the hex
+ * encoding used by PSK password files.
+ *
+ * Note that hex_data should be null terminated.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * long enough, or 0 on success.
+ **/
+int
+gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
+ size_t * result_size)
+{
+ int ret;
+
+ ret =
+ _gnutls_hex2bin (hex_data->data, hex_data->size, (opaque *) result,
+ result_size);
+ if (ret < 0)
+ return ret;
+
+ return 0;
+}
+
+/**
+ * gnutls_hex_encode:
+ * @data: contain the raw data
+ * @result: the place where hex data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will convert the given data to printable data, using
+ * the hex encoding, as used in the PSK password files.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not
+ * long enough, or 0 on success.
+ **/
+int
+gnutls_hex_encode (const gnutls_datum_t * data, char *result,
+ size_t * result_size)
+{
+ size_t res = data->size + data->size + 1;
+
+ if (*result_size < res)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ _gnutls_bin2hex (data->data, data->size, result, *result_size, NULL);
+ *result_size = res;
+
+ return 0;
+}
+
+/**
+ * gnutls_psk_set_server_dh_params:
+ * @res: is a gnutls_psk_server_credentials_t structure
+ * @dh_params: is a structure that holds Diffie-Hellman parameters.
+ *
+ * This function will set the Diffie-Hellman parameters for an
+ * anonymous server to use. These parameters will be used in
+ * Diffie-Hellman exchange with PSK cipher suites.
+ **/
+void
+gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
+ gnutls_dh_params_t dh_params)
+{
+ res->dh_params = dh_params;
+}
+
+/**
+ * gnutls_psk_set_server_params_function:
+ * @res: is a #gnutls_certificate_credentials_t structure
+ * @func: is the function to be called
+ *
+ * This function will set a callback in order for the server to get
+ * the Diffie-Hellman parameters for PSK authentication. The callback
+ * should return zero on success.
+ **/
+void
+gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func)
+{
+ res->params_func = func;
+}
+
+#endif /* ENABLE_PSK */
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions to support draft-ietf-netconf-tls-01.txt. */
+
+#include <gnutls_int.h>
+#include <gnutls_hash_int.h>
+#include <gnutls_errors.h>
+
+#ifdef ENABLE_PSK
+
+
+/**
+ * gnutls_psk_netconf_derive_key:
+ * @password: zero terminated string containing password.
+ * @psk_identity: zero terminated string with PSK identity.
+ * @psk_identity_hint: zero terminated string with PSK identity hint.
+ * @output_key: output variable, contains newly allocated *data pointer.
+ *
+ * This function will derive a PSK key from a password, for use with
+ * the Netconf protocol.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ *
+ * Deprecated: The need for this interface was dropped from the
+ * standard on publication as a RFC. The function works now but will
+ * return a hard failure in a future release.
+ */
+int
+gnutls_psk_netconf_derive_key (const char *password,
+ const char *psk_identity,
+ const char *psk_identity_hint,
+ gnutls_datum_t * output_key)
+{
+ const char netconf_key_pad[] = "Key Pad for Netconf";
+ size_t sha1len = _gnutls_hash_get_algo_len (GNUTLS_DIG_SHA1);
+ size_t hintlen = strlen (psk_identity_hint);
+ digest_hd_st dig;
+ char *inner;
+ size_t innerlen;
+ int rc;
+
+ /*
+ * PSK = SHA-1(SHA-1(psk_identity + "Key Pad for Netconf" + password) +
+ * psk_identity_hint)
+ *
+ */
+
+ rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = _gnutls_hash (&dig, psk_identity, strlen (psk_identity));
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&dig, NULL);
+ return rc;
+ }
+
+ rc = _gnutls_hash (&dig, netconf_key_pad, strlen (netconf_key_pad));
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&dig, NULL);
+ return rc;
+ }
+
+ rc = _gnutls_hash (&dig, password, strlen (password));
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&dig, NULL);
+ return rc;
+ }
+
+ innerlen = sha1len + hintlen;
+ inner = gnutls_malloc (innerlen);
+ _gnutls_hash_deinit (&dig, inner);
+ if (inner == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy (inner + sha1len, psk_identity_hint, hintlen);
+
+ rc = _gnutls_hash_init (&dig, GNUTLS_DIG_SHA1);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (inner);
+ return rc;
+ }
+
+ rc = _gnutls_hash (&dig, inner, innerlen);
+ gnutls_free (inner);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&dig, NULL);
+ return rc;
+ }
+
+ output_key->data = gnutls_malloc (sha1len);
+ _gnutls_hash_deinit (&dig, output_key->data);
+ if (output_key->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ output_key->size = sha1len;
+
+ return 0;
+}
+
+#endif /* ENABLE_PSK */
--- /dev/null
+/*
+ * GnuTLS PKCS#11 support
+ * Copyright (C) 2010 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA
+*/
+
+#include <gnutls_int.h>
+#include <pakchois/pakchois.h>
+#include <gnutls/pkcs11.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <pkcs11_int.h>
+#include <gnutls/abstract.h>
+#include <gnutls_pk.h>
+#include <x509_int.h>
+#include <openpgp/openpgp_int.h>
+#include <pkcs11_int.h>
+#include <gnutls_num.h>
+#include <x509/common.h>
+#include <x509_b64.h>
+#include <abstract_int.h>
+
+#define PK_PEM_HEADER "PUBLIC KEY"
+
+
+struct gnutls_pubkey_st
+{
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int bits; /* an indication of the security parameter */
+
+ /* the size of params depends on the public
+ * key algorithm
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is public key
+ */
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size; /* holds the size of MPI params */
+
+ unsigned int key_usage; /* bits from GNUTLS_KEY_* */
+};
+
+static int pubkey_to_bits(gnutls_pk_algorithm_t pk, bigint_t* params, int params_size)
+{
+ switch(pk)
+ {
+ case GNUTLS_PK_RSA:
+ return _gnutls_mpi_get_nbits(params[0]);
+ case GNUTLS_PK_DSA:
+ if (params_size < 3) return 0;
+ return _gnutls_mpi_get_nbits(params[3]);
+ default:
+ return 0;
+ }
+}
+
+/**
+ * gnutls_pubkey_get_pk_algorithm:
+ * @key: should contain a #gnutls_pubkey_t structure
+ * @bits: If set will return the number of bits of the parameters (may be NULL)
+ *
+ * This function will return the public key algorithm of a public
+ * key and if possible will return a number of bits that indicates
+ * the security parameter of the key.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ **/
+int
+gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits)
+{
+ if (bits)
+ *bits = key->bits;
+
+ return key->pk_algorithm;
+}
+
+/**
+ * gnutls_pubkey_get_key_usage:
+ * @key: should contain a #gnutls_pubkey_t structure
+ * @usage: If set will return the number of bits of the parameters (may be NULL)
+ *
+ * This function will return the key usage of the public key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage)
+{
+ if (usage)
+ *usage = key->key_usage;
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_init:
+ * @key: The structure to be initialized
+ *
+ * This function will initialize an public key structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_init (gnutls_pubkey_t * key)
+{
+ *key = gnutls_calloc (1, sizeof (struct gnutls_pubkey_st));
+ if (*key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_deinit:
+ * @key: The structure to be deinitialized
+ *
+ * This function will deinitialize a public key structure.
+ **/
+void
+gnutls_pubkey_deinit (gnutls_pubkey_t key)
+{
+ gnutls_free (key);
+}
+
+/**
+ * gnutls_pubkey_import_x509:
+ * @key: The public key
+ * @crt: The certificate to be imported
+ * @flags: should be zero
+ *
+ * This function will import the given public key to the abstract
+ * #gnutls_pubkey_t structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
+ unsigned int flags)
+{
+ int ret;
+
+ key->pk_algorithm = gnutls_x509_crt_get_pk_algorithm (crt, &key->bits);
+
+ ret = gnutls_x509_crt_get_key_usage (crt, &key->key_usage, NULL);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ key->params_size = sizeof (key->params) / sizeof (key->params[0]);
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_x509_crt_get_mpis (crt, key->params, &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_import_privkey: Imports the public key from a private
+ * @key: The public key
+ * @pkey: The private key
+ * @usage: GNUTLS_KEY_* key usage flags.
+ * @flags: should be zero
+ *
+ * This function will import the given public key to the abstract
+ * #gnutls_pubkey_t structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.12.0
+ **/
+int
+gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
+ unsigned int usage, unsigned int flags)
+{
+ key->pk_algorithm = gnutls_privkey_get_pk_algorithm (pkey, &key->bits);
+
+ key->key_usage = usage;
+
+ key->params_size = sizeof (key->params) / sizeof (key->params[0]);
+
+ return _gnutls_privkey_get_public_mpis (pkey, key->params,
+ &key->params_size);
+}
+
+/**
+ * gnutls_pubkey_get_preferred_hash_algorithm:
+ * @key: Holds the certificate
+ * @hash: The result of the call with the hash algorithm used for signature
+ * @mand: If non zero it means that the algorithm MUST use this hash. May be NULL.
+ *
+ * This function will read the certifcate and return the appropriate digest
+ * algorithm to use for signing with this certificate. Some certificates (i.e.
+ * DSA might not be able to sign without the preferred algorithm).
+ *
+ * Returns: the 0 if the hash algorithm is found. A negative value is
+ * returned on error.
+ *
+ * Since: 2.11.0
+ **/
+int
+gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
+{
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_pk_get_hash_algorithm (key->pk_algorithm,
+ key->params, key->params_size,
+ hash, mand);
+
+ return ret;
+}
+
+
+/**
+ * gnutls_pubkey_import_pkcs11: Imports a public key from a pkcs11 key
+ * @key: The public key
+ * @obj: The parameters to be imported
+ * @flags: should be zero
+ *
+ * This function will import the given public key to the abstract
+ * #gnutls_pubkey_t structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t key,
+ gnutls_pkcs11_obj_t obj, unsigned int flags)
+{
+ int ret;
+
+ ret = gnutls_pkcs11_obj_get_type (obj);
+ if (ret != GNUTLS_PKCS11_OBJ_PUBKEY)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->key_usage = obj->key_usage;
+
+ switch (obj->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret = gnutls_pubkey_import_rsa_raw (key, &obj->pubkey[0],
+ &obj->pubkey[1]);
+ break;
+ case GNUTLS_PK_DSA:
+ ret = gnutls_pubkey_import_dsa_raw (key, &obj->pubkey[0],
+ &obj->pubkey[1],
+ &obj->pubkey[2], &obj->pubkey[3]);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+#ifdef ENABLE_OPENPGP
+/**
+ * gnutls_pubkey_import_openpgp: Imports a public key from an openpgp key
+ * @key: The public key
+ * @crt: The certificate to be imported
+ * @flags: should be zero
+ *
+ * This function will import the given public key to the abstract
+ * #gnutls_pubkey_t structure. The subkey set as preferred will be
+ * imported or the master key otherwise.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_import_openpgp (gnutls_pubkey_t key,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags)
+{
+ int ret, idx;
+ uint32_t kid32[2];
+ uint32_t *k;
+ gnutls_openpgp_keyid_t keyid;
+
+ ret = gnutls_openpgp_crt_get_preferred_key_id (crt, keyid);
+ if (ret == GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR)
+ {
+ key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm(crt, NULL);
+ key->pk_algorithm = gnutls_openpgp_crt_get_pk_algorithm (crt, &key->bits);
+
+ ret = gnutls_openpgp_crt_get_key_usage (crt, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ k = NULL;
+ }
+ else
+ {
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ KEYID_IMPORT (kid32, keyid);
+ k = kid32;
+
+ idx = gnutls_openpgp_crt_get_subkey_idx (crt, keyid);
+
+ ret = gnutls_openpgp_crt_get_subkey_usage (crt, idx, &key->key_usage);
+ if (ret < 0)
+ key->key_usage = 0;
+
+ key->pk_algorithm = gnutls_openpgp_crt_get_subkey_pk_algorithm (crt, idx, NULL);
+ }
+
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret =
+ _gnutls_openpgp_crt_get_mpis (crt, k, key->params,
+ &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ ret =
+ _gnutls_openpgp_crt_get_mpis (crt, k, key->params,
+ &key->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+#endif
+
+/**
+ * gnutls_pubkey_export:
+ * @key: Holds the certificate
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a certificate PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the certificate to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN CERTIFICATE".
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_pubkey_export (gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ _gnutls_x509_encode_and_copy_PKI_params (spk, "",
+ key->pk_algorithm,
+ key->params, key->params_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_export_int_named (spk, "",
+ format, PK_PEM_HEADER,
+ output_data, output_data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&spk);
+
+ return result;
+
+}
+
+/**
+ * gnutls_pubkey_get_key_id:
+ * @key: Holds the public key
+ * @flags: should be 0 for now
+ * @output_data: will contain the key ID
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will return a unique ID the depends on the public
+ * key parameters. This ID can be used in checking whether a
+ * certificate corresponds to the given public key.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned. The output will normally be a SHA-1 hash output,
+ * which is 20 bytes.
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
+{
+ int ret = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_get_key_id (key->pk_algorithm, key->params,
+ key->params_size, output_data, output_data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_get_pk_rsa_raw:
+ * @key: Holds the certificate
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ *
+ * This function will export the RSA public key's parameters found in
+ * the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e)
+{
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_mpi_dprint (key->params[0], m);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint (key->params[1], e);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_get_pk_dsa_raw:
+ * @key: Holds the public key
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ *
+ * This function will export the DSA public key's parameters found in
+ * the given certificate. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
+{
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm != GNUTLS_PK_DSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint (key->params[0], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint (key->params[1], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint (key->params[2], g);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint (key->params[3], y);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_import:
+ * @key: The structure to store the parsed public key.
+ * @data: The DER or PEM encoded certificate.
+ * @format: One of DER or PEM
+ *
+ * This function will convert the given DER or PEM encoded Public key
+ * to the native gnutls_pubkey_t format.The output will be stored * in @ key.
+ * If the Certificate is PEM encoded it should have a header of "PUBLIC KEY".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_import (gnutls_pubkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+ ASN1_TYPE spk;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode (PK_PEM_HEADER, data->data, data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.SubjectPublicKeyInfo", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding (&spk, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ key->params_size = sizeof (key->params) / sizeof (key->params[0]);
+ result = _gnutls_get_asn_mpis (spk, "", key->params, &key->params_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* this has already been called by get_asn_mpis() thus it cannot
+ * fail.
+ */
+ key->pk_algorithm = _gnutls_x509_get_pk_algorithm (spk, "", NULL);
+ key->bits = pubkey_to_bits(key->pk_algorithm, key->params, key->params_size);
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&spk);
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_set_pubkey:
+ * @crt: should contain a #gnutls_x509_crt_t structure
+ * @key: holds a public key
+ *
+ * This function will set the public parameters from the given public
+ * key to the request.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key)
+{
+ int result;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (key->key_usage)
+ gnutls_x509_crt_set_key_usage (crt, key->key_usage);
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_set_pubkey:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @key: holds a public key
+ *
+ * This function will set the public parameters from the given public
+ * key to the request.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key)
+{
+ int result;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm, key->params, key->params_size);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (key->key_usage)
+ gnutls_x509_crq_set_key_usage (crq, key->key_usage);
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_set_key_usage:
+ * @key: a certificate of type #gnutls_x509_crt_t
+ * @usage: an ORed sequence of the GNUTLS_KEY_* elements.
+ *
+ * This function will set the key usage flags of the public key. This
+ * is only useful if the key is to be exported to a certificate or
+ * certificate request.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage)
+{
+ key->key_usage = usage;
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_import_pkcs11_url:
+ * @key: A key of type #gnutls_pubkey_t
+ * @url: A PKCS 11 url
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will import a PKCS 11 certificate to a #gnutls_pubkey_t
+ * structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+
+int
+gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
+ unsigned int flags)
+{
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init (&pcrt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_pubkey_import_pkcs11 (key, pcrt, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
+
+ gnutls_pkcs11_obj_deinit (pcrt);
+
+ return ret;
+}
+
+/**
+ * gnutls_pubkey_import_rsa_raw:
+ * @key: Is a structure will hold the parameters
+ * @m: holds the modulus
+ * @e: holds the public exponent
+ *
+ * This function will replace the parameters in the given structure.
+ * The new parameters should be stored in the appropriate
+ * gnutls_datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
+{
+ size_t siz = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], m->data, siz))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], e->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params_size = RSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->bits = pubkey_to_bits(GNUTLS_PK_RSA, key->params, key->params_size);
+
+ return 0;
+}
+
+/**
+ * gnutls_pubkey_import_dsa_raw:
+ * @key: The structure to store the parsed key
+ * @p: holds the p
+ * @q: holds the q
+ * @g: holds the g
+ * @y: holds the y
+ *
+ * This function will convert the given DSA raw parameters to the
+ * native #gnutls_pubkey_t format. The output will be stored
+ * in @key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y)
+{
+ size_t siz = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], p->data, siz))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], q->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz (&key->params[2], g->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[1]);
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz (&key->params[3], y->data, siz))
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&key->params[2]);
+ _gnutls_mpi_release (&key->params[1]);
+ _gnutls_mpi_release (&key->params[0]);
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ key->params_size = DSA_PUBLIC_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->bits = pubkey_to_bits(GNUTLS_PK_DSA, key->params, key->params_size);
+
+ return 0;
+
+}
+
+/**
+ * gnutls_pubkey_verify_data:
+ * @pubkey: Holds the public key
+ * @flags: should be 0 for now
+ * @data: holds the data to be signed
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed data, using the
+ * parameters from the certificate.
+ *
+ * Returns: In case of a verification failure
+ * %GNUTLS_E_PK_SIG_VERIFY_FAILED is returned, and a positive code
+ * on success.
+ *
+ * Since: 2.12.0
+ **/
+int
+gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey, unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+{
+ int ret;
+
+ if (pubkey == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = pubkey_verify_sig( data, NULL, signature, pubkey->pk_algorithm,
+ pubkey->params, pubkey->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert();
+ }
+
+ return ret;
+}
+
+
+/**
+ * gnutls_pubkey_verify_hash:
+ * @key: Holds the certificate
+ * @flags: should be 0 for now
+ * @hash: holds the hash digest to be verified
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed digest, using the
+ * parameters from the certificate.
+ *
+ * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
+ * is returned, and a positive code on success.
+ **/
+int
+gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
+{
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ pubkey_verify_sig (NULL, hash, signature, key->pk_algorithm,
+ key->params, key->params_size);
+
+ return ret;
+}
+
+/**
+ * gnutls_pubkey_get_verify_algorithm:
+ * @key: Holds the certificate
+ * @signature: contains the signature
+ * @hash: The result of the call with the hash algorithm used for signature
+ *
+ * This function will read the certifcate and the signed data to
+ * determine the hash algorithm used to generate the signature.
+ *
+ * Returns: the 0 if the hash algorithm is found. A negative value is
+ * returned on error.
+ **/
+int
+gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
+{
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *)
+ hash, signature,
+ key->pk_algorithm,
+ key->params, key->params_size);
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that are record layer specific, are included in this file.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "debug.h"
+#include "gnutls_compress.h"
+#include "gnutls_cipher.h"
+#include "gnutls_buffers.h"
+#include "gnutls_mbuffers.h"
+#include "gnutls_handshake.h"
+#include "gnutls_hash_int.h"
+#include "gnutls_cipher_int.h"
+#include "gnutls_algorithms.h"
+#include "gnutls_db.h"
+#include "gnutls_auth.h"
+#include "gnutls_num.h"
+#include "gnutls_record.h"
+#include "gnutls_datum.h"
+#include "gnutls_constate.h"
+#include "ext_max_record.h"
+#include <gnutls_state.h>
+#include <gnutls_dh.h>
+
+void
+_gnutls_transport_set_lowat (gnutls_session_t session, int num);
+
+/**
+ * gnutls_protocol_get_version:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get TLS version, a #gnutls_protocol_t value.
+ *
+ * Returns: the version of the currently used protocol.
+ **/
+gnutls_protocol_t
+gnutls_protocol_get_version (gnutls_session_t session)
+{
+ return session->security_parameters.version;
+}
+
+void
+_gnutls_set_current_version (gnutls_session_t session,
+ gnutls_protocol_t version)
+{
+ session->security_parameters.version = version;
+}
+
+/* Added to avoid issue in C++ interface not being able to
+ * call deprecated functions.
+ */
+void
+_gnutls_transport_set_lowat (gnutls_session_t session, int num)
+{
+ session->internals.lowat = num;
+}
+
+/**
+ * gnutls_transport_set_lowat:
+ * @session: is a #gnutls_session_t structure.
+ * @num: is the low water value.
+ *
+ * Used to set the lowat value in order for select to check if there
+ * are pending data to socket buffer. Used only if you have changed
+ * the default low water value (default is 1). Normally you will not
+ * need that function. This function is only useful if using
+ * berkeley style sockets. Otherwise it must be called and set lowat
+ * to zero.
+ **/
+void
+gnutls_transport_set_lowat (gnutls_session_t session, int num)
+{
+ _gnutls_transport_set_lowat(session, num);
+}
+
+/**
+ * gnutls_record_disable_padding:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Used to disabled padding in TLS 1.0 and above. Normally you do not
+ * need to use this function, but there are buggy clients that
+ * complain if a server pads the encrypted data. This of course will
+ * disable protection against statistical attacks on the data.
+ *
+ * Normally only servers that require maximum compatibility with everything
+ * out there, need to call this function.
+ **/
+void
+gnutls_record_disable_padding (gnutls_session_t session)
+{
+ session->internals.priorities.no_padding = 1;
+}
+
+/**
+ * gnutls_transport_set_ptr:
+ * @session: is a #gnutls_session_t structure.
+ * @ptr: is the value.
+ *
+ * Used to set the first argument of the transport function (like PUSH
+ * and PULL). In berkeley style sockets this function will set the
+ * connection handle.
+ **/
+void
+gnutls_transport_set_ptr (gnutls_session_t session,
+ gnutls_transport_ptr_t ptr)
+{
+ session->internals.transport_recv_ptr = ptr;
+ session->internals.transport_send_ptr = ptr;
+}
+
+/**
+ * gnutls_transport_set_ptr2:
+ * @session: is a #gnutls_session_t structure.
+ * @recv_ptr: is the value for the pull function
+ * @send_ptr: is the value for the push function
+ *
+ * Used to set the first argument of the transport function (like PUSH
+ * and PULL). In berkeley style sockets this function will set the
+ * connection handle. With this function you can use two different
+ * pointers for receiving and sending.
+ **/
+void
+gnutls_transport_set_ptr2 (gnutls_session_t session,
+ gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr)
+{
+ session->internals.transport_send_ptr = send_ptr;
+ session->internals.transport_recv_ptr = recv_ptr;
+}
+
+/**
+ * gnutls_transport_get_ptr:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Used to get the first argument of the transport function (like
+ * PUSH and PULL). This must have been set using
+ * gnutls_transport_set_ptr().
+ *
+ * Returns: first argument of the transport function.
+ **/
+gnutls_transport_ptr_t
+gnutls_transport_get_ptr (gnutls_session_t session)
+{
+ return session->internals.transport_recv_ptr;
+}
+
+/**
+ * gnutls_transport_get_ptr2:
+ * @session: is a #gnutls_session_t structure.
+ * @recv_ptr: will hold the value for the pull function
+ * @send_ptr: will hold the value for the push function
+ *
+ * Used to get the arguments of the transport functions (like PUSH
+ * and PULL). These should have been set using
+ * gnutls_transport_set_ptr2().
+ **/
+void
+gnutls_transport_get_ptr2 (gnutls_session_t session,
+ gnutls_transport_ptr_t * recv_ptr,
+ gnutls_transport_ptr_t * send_ptr)
+{
+
+ *recv_ptr = session->internals.transport_recv_ptr;
+ *send_ptr = session->internals.transport_send_ptr;
+}
+
+/**
+ * gnutls_bye:
+ * @session: is a #gnutls_session_t structure.
+ * @how: is an integer
+ *
+ * Terminates the current TLS/SSL connection. The connection should
+ * have been initiated using gnutls_handshake(). @how should be one
+ * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR.
+ *
+ * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets
+ * terminated and further receives and sends will be disallowed. If
+ * the return value is zero you may continue using the connection.
+ * %GNUTLS_SHUT_RDWR actually sends an alert containing a close
+ * request and waits for the peer to reply with the same message.
+ *
+ * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated
+ * and further sends will be disallowed. In order to reuse the
+ * connection you should wait for an EOF from the peer.
+ * %GNUTLS_SHUT_WR sends an alert containing a close request.
+ *
+ * Note that not all implementations will properly terminate a TLS
+ * connection. Some of them, usually for performance reasons, will
+ * terminate only the underlying transport layer, thus causing a
+ * transmission error to the peer. This error cannot be
+ * distinguished from a malicious party prematurely terminating the
+ * session, thus this behavior is not recommended.
+ *
+ * This function may also return %GNUTLS_E_AGAIN or
+ * %GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see
+ * function documentation for entire semantics.
+ **/
+int
+gnutls_bye (gnutls_session_t session, gnutls_close_request_t how)
+{
+ int ret = 0;
+
+ switch (STATE)
+ {
+ case STATE0:
+ case STATE60:
+ ret = _gnutls_io_write_flush (session);
+ STATE = STATE60;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ case STATE61:
+ ret =
+ gnutls_alert_send (session, GNUTLS_AL_WARNING, GNUTLS_A_CLOSE_NOTIFY);
+ STATE = STATE61;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ case STATE62:
+ STATE = STATE62;
+ if (how == GNUTLS_SHUT_RDWR)
+ {
+ do
+ {
+ _gnutls_io_clear_peeked_data (session);
+ ret = _gnutls_recv_int (session, GNUTLS_ALERT, -1, NULL, 0);
+ }
+ while (ret == GNUTLS_E_GOT_APPLICATION_DATA);
+
+ if (ret >= 0)
+ session->internals.may_not_read = 1;
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ STATE = STATE62;
+
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ STATE = STATE0;
+
+ session->internals.may_not_write = 1;
+ return 0;
+}
+
+inline static void
+session_invalidate (gnutls_session_t session)
+{
+ session->internals.invalid_connection = 1;
+}
+
+
+inline static void
+session_unresumable (gnutls_session_t session)
+{
+ session->internals.resumable = RESUME_FALSE;
+}
+
+/* returns 0 if session is valid
+ */
+inline static int
+session_is_valid (gnutls_session_t session)
+{
+ if (session->internals.invalid_connection != 0)
+ return GNUTLS_E_INVALID_SESSION;
+
+ return 0;
+}
+
+/* Copies the record version into the headers. The
+ * version must have 2 bytes at least.
+ */
+inline static void
+copy_record_version (gnutls_session_t session,
+ gnutls_handshake_description_t htype, opaque version[2])
+{
+ gnutls_protocol_t lver;
+
+ if (session->internals.initial_negotiation_completed || htype != GNUTLS_HANDSHAKE_CLIENT_HELLO
+ || session->internals.default_record_version[0] == 0)
+ {
+ lver = gnutls_protocol_get_version (session);
+
+ version[0] = _gnutls_version_get_major (lver);
+ version[1] = _gnutls_version_get_minor (lver);
+ }
+ else
+ {
+ version[0] = session->internals.default_record_version[0];
+ version[1] = session->internals.default_record_version[1];
+ }
+}
+
+/* This function behaves exactly like write(). The only difference is
+ * that it accepts, the gnutls_session_t and the content_type_t of data to
+ * send (if called by the user the Content is specific)
+ * It is intended to transfer data, under the current session.
+ *
+ * Oct 30 2001: Removed capability to send data more than MAX_RECORD_SIZE.
+ * This makes the function much easier to read, and more error resistant
+ * (there were cases were the old function could mess everything up).
+ * --nmav
+ *
+ * This function may accept a NULL pointer for data, and 0 for size, if
+ * and only if the previous send was interrupted for some reason.
+ *
+ */
+ssize_t
+_gnutls_send_int (gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *_data,
+ size_t sizeofdata, unsigned int mflags)
+{
+ mbuffer_st *bufel;
+ size_t cipher_size;
+ int retval, ret;
+ int data2send_size;
+ uint8_t headers[5];
+ const uint8_t *data = _data;
+ record_parameters_st *record_params;
+ record_state_st *record_state;
+
+ ret = _gnutls_epoch_get (session, epoch_rel, &record_params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Safeguard against processing data with an incomplete cipher state. */
+ if (!record_params->initialized)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ record_state = &record_params->write;
+
+ /* Do not allow null pointer if the send buffer is empty.
+ * If the previous send was interrupted then a null pointer is
+ * ok, and means to resume.
+ */
+ if (session->internals.record_send_buffer.byte_length == 0 &&
+ (sizeofdata == 0 && _data == NULL))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (type != GNUTLS_ALERT) /* alert messages are sent anyway */
+ if (session_is_valid (session) || session->internals.may_not_write != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+ headers[0] = type;
+
+ /* Use the default record version, if it is
+ * set.
+ */
+ copy_record_version (session, htype, &headers[1]);
+
+
+ _gnutls_record_log
+ ("REC[%p]: Sending Packet[%d] %s(%d) with length: %d\n", session,
+ (int) _gnutls_uint64touint32 (&record_state->sequence_number),
+ _gnutls_packet2str (type), type, (int) sizeofdata);
+
+ if (sizeofdata > MAX_RECORD_SEND_SIZE)
+ data2send_size = MAX_RECORD_SEND_SIZE;
+ else
+ data2send_size = sizeofdata;
+
+ /* Only encrypt if we don't have data to send
+ * from the previous run. - probably interrupted.
+ */
+ if (mflags != 0 && session->internals.record_send_buffer.byte_length > 0)
+ {
+ ret = _gnutls_io_write_flush (session);
+ if (ret > 0)
+ cipher_size = ret;
+ else
+ cipher_size = 0;
+
+ retval = session->internals.record_send_buffer_user_size;
+ }
+ else
+ {
+
+ /* now proceed to packet encryption
+ */
+ cipher_size = data2send_size + MAX_RECORD_OVERHEAD;
+ bufel = _mbuffer_alloc (cipher_size, cipher_size);
+ if (bufel == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ cipher_size =
+ _gnutls_encrypt (session, headers, RECORD_HEADER_SIZE, data,
+ data2send_size, _mbuffer_get_udata_ptr (bufel),
+ cipher_size, type,
+ (session->internals.priorities.no_padding ==
+ 0) ? 1 : 0, record_params);
+ if (cipher_size <= 0)
+ {
+ gnutls_assert ();
+ if (cipher_size == 0)
+ cipher_size = GNUTLS_E_ENCRYPTION_FAILED;
+ gnutls_free (bufel);
+ return cipher_size; /* error */
+ }
+
+ retval = data2send_size;
+ session->internals.record_send_buffer_user_size = data2send_size;
+
+ /* increase sequence number
+ */
+ if (_gnutls_uint64pp (&record_state->sequence_number) != 0)
+ {
+ session_invalidate (session);
+ gnutls_assert ();
+ gnutls_free (bufel);
+ return GNUTLS_E_RECORD_LIMIT_REACHED;
+ }
+
+ _mbuffer_set_udata_size (bufel, cipher_size);
+ ret = _gnutls_io_write_buffered (session, bufel, mflags);
+ }
+
+ if (ret != cipher_size)
+ {
+ if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
+ {
+ /* If we have sent any data then just return
+ * the error value. Do not invalidate the session.
+ */
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (ret > 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
+ session_unresumable (session);
+ session->internals.may_not_write = 1;
+ gnutls_assert ();
+ return ret;
+ }
+
+ session->internals.record_send_buffer_user_size = 0;
+
+ _gnutls_record_log ("REC[%p]: Sent Packet[%d] %s(%d) with length: %d\n",
+ session,
+ (int)
+ _gnutls_uint64touint32
+ (&record_state->sequence_number),
+ _gnutls_packet2str (type), type, (int) cipher_size);
+
+ return retval;
+}
+
+/* This function is to be called if the handshake was successfully
+ * completed. This sends a Change Cipher Spec packet to the peer.
+ */
+ssize_t
+_gnutls_send_change_cipher_spec (gnutls_session_t session, int again)
+{
+ static const opaque data[1] = { GNUTLS_TYPE_CHANGE_CIPHER_SPEC };
+
+ _gnutls_handshake_log ("REC[%p]: Sent ChangeCipherSpec\n", session);
+
+ if (again == 0)
+ return _gnutls_send_int (session, GNUTLS_CHANGE_CIPHER_SPEC, -1,
+ EPOCH_WRITE_CURRENT, data, 1, MBUFFER_FLUSH);
+ else
+ {
+ return _gnutls_io_write_flush (session);
+ }
+}
+
+inline static int
+check_recv_type (content_type_t recv_type)
+{
+ switch (recv_type)
+ {
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ case GNUTLS_ALERT:
+ case GNUTLS_HANDSHAKE:
+ case GNUTLS_APPLICATION_DATA:
+ case GNUTLS_INNER_APPLICATION:
+ return 0;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+}
+
+
+/* Checks if there are pending data in the record buffers. If there are
+ * then it copies the data.
+ */
+static int
+check_buffers (gnutls_session_t session, content_type_t type,
+ opaque * data, int sizeofdata)
+{
+ if ((type == GNUTLS_APPLICATION_DATA ||
+ type == GNUTLS_HANDSHAKE ||
+ type == GNUTLS_INNER_APPLICATION)
+ && _gnutls_record_buffer_get_size (type, session) > 0)
+ {
+ int ret, ret2;
+ ret = _gnutls_record_buffer_get (type, session, data, sizeofdata);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* if the buffer just got empty */
+ if (_gnutls_record_buffer_get_size (type, session) == 0)
+ {
+ if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret2;
+ }
+ }
+
+ return ret;
+ }
+
+ return 0;
+}
+
+
+/* Checks the record headers and returns the length, version and
+ * content type.
+ */
+static int
+record_check_headers (gnutls_session_t session,
+ uint8_t headers[RECORD_HEADER_SIZE],
+ content_type_t type,
+ gnutls_handshake_description_t htype,
+ /*output */ content_type_t * recv_type,
+ opaque version[2], uint16_t * length,
+ uint16_t * header_size)
+{
+
+ /* Read the first two bytes to determine if this is a
+ * version 2 message
+ */
+
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO && type == GNUTLS_HANDSHAKE
+ && headers[0] > 127)
+ {
+
+ /* if msb set and expecting handshake message
+ * it should be SSL 2 hello
+ */
+ version[0] = 3; /* assume SSL 3.0 */
+ version[1] = 0;
+
+ *length = (((headers[0] & 0x7f) << 8)) | headers[1];
+
+ /* SSL 2.0 headers */
+ *header_size = 2;
+ *recv_type = GNUTLS_HANDSHAKE; /* we accept only v2 client hello
+ */
+
+ /* in order to assist the handshake protocol.
+ * V2 compatibility is a mess.
+ */
+ session->internals.v2_hello = *length;
+
+ _gnutls_record_log ("REC[%p]: V2 packet received. Length: %d\n",
+ session, *length);
+
+ }
+ else
+ {
+ /* version 3.x
+ */
+ *recv_type = headers[0];
+ version[0] = headers[1];
+ version[1] = headers[2];
+
+ /* No DECR_LEN, since headers has enough size.
+ */
+ *length = _gnutls_read_uint16 (&headers[3]);
+ }
+
+ return 0;
+}
+
+/* Here we check if the advertized version is the one we
+ * negotiated in the handshake.
+ */
+inline static int
+record_check_version (gnutls_session_t session,
+ gnutls_handshake_description_t htype, opaque version[2])
+{
+ if (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO)
+ {
+ /* Reject hello packets with major version higher than 3.
+ */
+ if (version[0] > 3)
+ {
+ gnutls_assert ();
+ _gnutls_record_log
+ ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n", session,
+ htype, version[0], version[1]);
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+ }
+ else if (htype != GNUTLS_HANDSHAKE_SERVER_HELLO &&
+ gnutls_protocol_get_version (session) !=
+ _gnutls_version_get (version[0], version[1]))
+ {
+ /* Reject record packets that have a different version than the
+ * one negotiated. Note that this version is not protected by any
+ * mac. I don't really think that this check serves any purpose.
+ */
+ gnutls_assert ();
+ _gnutls_record_log ("REC[%p]: INVALID VERSION PACKET: (%d) %d.%d\n",
+ session, htype, version[0], version[1]);
+
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+
+ return 0;
+}
+
+/* This function will check if the received record type is
+ * the one we actually expect.
+ */
+static int
+record_check_type (gnutls_session_t session,
+ content_type_t recv_type, content_type_t type,
+ gnutls_handshake_description_t htype, opaque * data,
+ int data_size)
+{
+
+ int ret;
+
+ if ((recv_type == type)
+ && (type == GNUTLS_APPLICATION_DATA ||
+ type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION))
+ {
+ _gnutls_record_buffer_put (type, session, (void *) data, data_size);
+ }
+ else
+ {
+ switch (recv_type)
+ {
+ case GNUTLS_ALERT:
+
+ _gnutls_record_log
+ ("REC[%p]: Alert[%d|%d] - %s - was received\n", session,
+ data[0], data[1], gnutls_alert_get_name ((int) data[1]));
+
+ session->internals.last_alert = data[1];
+
+ /* if close notify is received and
+ * the alert is not fatal
+ */
+ if (data[1] == GNUTLS_A_CLOSE_NOTIFY && data[0] != GNUTLS_AL_FATAL)
+ {
+ /* If we have been expecting for an alert do
+ */
+ session->internals.read_eof = 1;
+ return GNUTLS_E_INT_RET_0; /* EOF */
+ }
+ else
+ {
+
+ /* if the alert is FATAL or WARNING
+ * return the apropriate message
+ */
+
+ gnutls_assert ();
+ ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
+ if (data[0] == GNUTLS_AL_FATAL)
+ {
+ session_unresumable (session);
+ session_invalidate (session);
+ ret = GNUTLS_E_FATAL_ALERT_RECEIVED;
+ }
+
+ return ret;
+ }
+ break;
+
+ case GNUTLS_CHANGE_CIPHER_SPEC:
+ /* this packet is now handled in the recv_int()
+ * function
+ */
+ gnutls_assert ();
+
+ return GNUTLS_E_UNEXPECTED_PACKET;
+
+ case GNUTLS_APPLICATION_DATA:
+ if (session->internals.initial_negotiation_completed == 0)
+ {
+ return gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET);
+ }
+
+ /* even if data is unexpected put it into the buffer */
+ if ((ret =
+ _gnutls_record_buffer_put (recv_type, session,
+ (void *) data, data_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* the got_application data is only returned
+ * if expecting client hello (for rehandshake
+ * reasons). Otherwise it is an unexpected packet
+ */
+ if (type == GNUTLS_ALERT || (htype == GNUTLS_HANDSHAKE_CLIENT_HELLO
+ && type == GNUTLS_HANDSHAKE))
+ return GNUTLS_E_GOT_APPLICATION_DATA;
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ }
+
+ break;
+ case GNUTLS_HANDSHAKE:
+ /* This is legal if HELLO_REQUEST is received - and we are a client.
+ * If we are a server, a client may initiate a renegotiation at any time.
+ */
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ gnutls_assert ();
+ ret =
+ _gnutls_record_buffer_put (recv_type, session, (void *) data,
+ data_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return GNUTLS_E_REHANDSHAKE;
+ }
+
+ /* If we are already in a handshake then a Hello
+ * Request is illegal. But here we don't really care
+ * since this message will never make it up here.
+ */
+
+ /* So we accept it */
+ return _gnutls_recv_hello_request (session, data, data_size);
+
+ break;
+ case GNUTLS_INNER_APPLICATION:
+ /* even if data is unexpected put it into the buffer */
+ if ((ret = _gnutls_record_buffer_put (recv_type, session,
+ (void *) data,
+ data_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ break;
+ default:
+
+ _gnutls_record_log
+ ("REC[%p]: Received Unknown packet %d expecting %d\n",
+ session, recv_type, type);
+
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ return 0;
+
+}
+
+
+/* This function will return the internal (per session) temporary
+ * recv buffer. If the buffer was not initialized before it will
+ * also initialize it.
+ */
+inline static int
+get_temp_recv_buffer (gnutls_session_t session, gnutls_datum_t * tmp)
+{
+ size_t max_record_size;
+
+ if (gnutls_compression_get (session) != GNUTLS_COMP_NULL ||
+ session->internals.priorities.allow_large_records != 0)
+ max_record_size = MAX_RECORD_RECV_SIZE + EXTRA_COMP_SIZE;
+ else
+ max_record_size = MAX_RECORD_RECV_SIZE;
+
+ /* We allocate MAX_RECORD_RECV_SIZE length
+ * because we cannot predict the output data by the record
+ * packet length (due to compression).
+ */
+
+ if (max_record_size > session->internals.recv_buffer.size ||
+ session->internals.recv_buffer.data == NULL)
+ {
+
+ /* Initialize the internal buffer.
+ */
+ session->internals.recv_buffer.data =
+ gnutls_realloc (session->internals.recv_buffer.data, max_record_size);
+
+ if (session->internals.recv_buffer.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ session->internals.recv_buffer.size = max_record_size;
+ }
+
+ tmp->data = session->internals.recv_buffer.data;
+ tmp->size = session->internals.recv_buffer.size;
+
+ return 0;
+}
+
+
+#define MAX_EMPTY_PACKETS_SEQUENCE 4
+
+/* This function behaves exactly like read(). The only difference is
+ * that it accepts the gnutls_session_t and the content_type_t of data to
+ * receive (if called by the user the Content is Userdata only)
+ * It is intended to receive data, under the current session.
+ *
+ * The gnutls_handshake_description_t was introduced to support SSL V2.0 client hellos.
+ */
+ssize_t
+_gnutls_recv_int (gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ opaque * data, size_t sizeofdata)
+{
+ int decrypted_length;
+ opaque version[2];
+ content_type_t recv_type;
+ uint16_t length;
+ uint8_t *ciphertext;
+ int ret, ret2;
+ uint16_t header_size;
+ int empty_packet = 0;
+ gnutls_datum_t data_enc, tmp;
+ record_parameters_st *record_params;
+ record_state_st *record_state;
+
+ ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Safeguard against processing data with an incomplete cipher state. */
+ if (!record_params->initialized)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ record_state = &record_params->read;
+
+ if (type != GNUTLS_ALERT && (sizeofdata == 0 || data == NULL))
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+begin:
+
+ if (empty_packet > MAX_EMPTY_PACKETS_SEQUENCE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_TOO_MANY_EMPTY_PACKETS;
+ }
+
+ if (session->internals.read_eof != 0)
+ {
+ /* if we have already read an EOF
+ */
+ return 0;
+ }
+ else if (session_is_valid (session) != 0
+ || session->internals.may_not_read != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_SESSION;
+ }
+
+/* If we have enough data in the cache do not bother receiving
+ * a new packet. (in order to flush the cache)
+ */
+ ret = check_buffers (session, type, data, sizeofdata);
+ if (ret != 0)
+ return ret;
+
+
+/* default headers for TLS 1.0
+ */
+ header_size = RECORD_HEADER_SIZE;
+
+ if ((ret =
+ _gnutls_io_read_buffered (session, header_size, -1)) != header_size)
+ {
+ if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
+ return ret;
+
+ session_invalidate (session);
+ if (type == GNUTLS_ALERT)
+ {
+ gnutls_assert ();
+ return 0; /* we were expecting close notify */
+ }
+ session_unresumable (session);
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _mbuffer_get_first (&session->internals.record_recv_buffer, &data_enc);
+
+ if ((ret =
+ record_check_headers (session, data_enc.data, type, htype, &recv_type,
+ version, &length, &header_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+/* Here we check if the Type of the received packet is
+ * ok.
+ */
+ if ((ret = check_recv_type (recv_type)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+/* Here we check if the advertized version is the one we
+ * negotiated in the handshake.
+ */
+ if ((ret = record_check_version (session, htype, version)) < 0)
+ {
+ gnutls_assert ();
+ session_invalidate (session);
+ return ret;
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: Expected Packet[%d] %s(%d) with length: %d\n", session,
+ (int) _gnutls_uint64touint32 (&record_state->sequence_number),
+ _gnutls_packet2str (type), type, (int) sizeofdata);
+ _gnutls_record_log ("REC[%p]: Received Packet[%d] %s(%d) with length: %d\n",
+ session,
+ (int)
+ _gnutls_uint64touint32 (&record_state->sequence_number),
+ _gnutls_packet2str (recv_type), recv_type, length);
+
+ if (length > MAX_RECV_SIZE)
+ {
+ _gnutls_record_log
+ ("REC[%p]: FATAL ERROR: Received packet with length: %d\n",
+ session, length);
+
+ session_unresumable (session);
+ session_invalidate (session);
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+/* check if we have that data into buffer.
+ */
+ if ((ret =
+ _gnutls_io_read_buffered (session, header_size + length,
+ recv_type)) != header_size + length)
+ {
+ if (ret < 0 && gnutls_error_is_fatal (ret) == 0)
+ return ret;
+
+ session_unresumable (session);
+ session_invalidate (session);
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+/* ok now we are sure that we can read all the data - so
+ * move on !
+ */
+
+ ret = _mbuffer_linearize (&session->internals.record_recv_buffer);
+ if (ret != 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ _mbuffer_get_first (&session->internals.record_recv_buffer, &data_enc);
+ ciphertext = &data_enc.data[header_size];
+
+ ret = get_temp_recv_buffer (session, &tmp);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+/* decrypt the data we got.
+ */
+ ret =
+ _gnutls_decrypt (session, ciphertext, length, tmp.data, tmp.size,
+ recv_type, record_params);
+ if (ret < 0)
+ {
+ session_unresumable (session);
+ session_invalidate (session);
+ gnutls_assert ();
+ return ret;
+ }
+ _mbuffer_remove_bytes (&session->internals.record_recv_buffer,
+ header_size + length);
+ decrypted_length = ret;
+
+/* Check if this is a CHANGE_CIPHER_SPEC
+ */
+ if (type == GNUTLS_CHANGE_CIPHER_SPEC &&
+ recv_type == GNUTLS_CHANGE_CIPHER_SPEC)
+ {
+
+ _gnutls_record_log
+ ("REC[%p]: ChangeCipherSpec Packet was received\n", session);
+
+ if ((size_t) ret != sizeofdata)
+ { /* sizeofdata should be 1 */
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+ memcpy (data, tmp.data, sizeofdata);
+
+ return ret;
+ }
+
+ _gnutls_record_log
+ ("REC[%p]: Decrypted Packet[%d] %s(%d) with length: %d\n", session,
+ (int) _gnutls_uint64touint32 (&record_state->sequence_number),
+ _gnutls_packet2str (recv_type), recv_type, decrypted_length);
+
+/* increase sequence number
+ */
+ if (_gnutls_uint64pp (&record_state->sequence_number) != 0)
+ {
+ session_invalidate (session);
+ gnutls_assert ();
+ return GNUTLS_E_RECORD_LIMIT_REACHED;
+ }
+
+ ret =
+ record_check_type (session, recv_type, type, htype, tmp.data,
+ decrypted_length);
+ if (ret < 0)
+ {
+ if (ret == GNUTLS_E_INT_RET_0)
+ return 0;
+ gnutls_assert ();
+ return ret;
+ }
+
+/* Get Application data from buffer
+ */
+ if ((recv_type == type) &&
+ (type == GNUTLS_APPLICATION_DATA ||
+ type == GNUTLS_HANDSHAKE || type == GNUTLS_INNER_APPLICATION))
+ {
+
+ ret = _gnutls_record_buffer_get (type, session, data, sizeofdata);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* if the buffer just got empty
+ */
+ if (_gnutls_record_buffer_get_size (type, session) == 0)
+ {
+ if ((ret2 = _gnutls_io_clear_peeked_data (session)) < 0)
+ {
+ gnutls_assert ();
+ return ret2;
+ }
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET;
+ /* we didn't get what we wanted to
+ */
+ }
+
+/* (originally for) TLS 1.0 CBC protection.
+ * Actually this code is called if we just received
+ * an empty packet. An empty TLS packet is usually
+ * sent to protect some vulnerabilities in the CBC mode.
+ * In that case we go to the beginning and start reading
+ * the next packet.
+ */
+ if (ret == 0)
+ {
+ empty_packet++;
+ goto begin;
+ }
+
+ return ret;
+}
+
+
+/**
+ * gnutls_record_send:
+ * @session: is a #gnutls_session_t structure.
+ * @data: contains the data to send
+ * @sizeofdata: is the length of the data
+ *
+ * This function has the similar semantics with send(). The only
+ * difference is that it accepts a GnuTLS session, and uses different
+ * error codes.
+ *
+ * Note that if the send buffer is full, send() will block this
+ * function. See the send() documentation for full information. You
+ * can replace the default push function by using
+ * gnutls_transport_set_ptr2() with a call to send() with a
+ * MSG_DONTWAIT flag if blocking is a problem.
+ *
+ * If the EINTR is returned by the internal push function (the
+ * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If
+ * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
+ * call this function again, with the same parameters; alternatively
+ * you could provide a %NULL pointer for data, and 0 for
+ * size. cf. gnutls_record_get_direction().
+ *
+ * Returns: the number of bytes sent, or a negative error code. The
+ * number of bytes sent might be less than @sizeofdata. The maximum
+ * number of bytes this function can send in a single call depends
+ * on the negotiated maximum record size.
+ **/
+ssize_t
+gnutls_record_send (gnutls_session_t session, const void *data,
+ size_t sizeofdata)
+{
+ return _gnutls_send_int (session, GNUTLS_APPLICATION_DATA, -1,
+ EPOCH_WRITE_CURRENT, data, sizeofdata,
+ MBUFFER_FLUSH);
+}
+
+/**
+ * gnutls_record_recv:
+ * @session: is a #gnutls_session_t structure.
+ * @data: the buffer that the data will be read into
+ * @sizeofdata: the number of requested bytes
+ *
+ * This function has the similar semantics with recv(). The only
+ * difference is that it accepts a GnuTLS session, and uses different
+ * error codes.
+ *
+ * In the special case that a server requests a renegotiation, the
+ * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This
+ * message may be simply ignored, replied with an alert
+ * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake,
+ * depending on the client's will.
+ *
+ * If %EINTR is returned by the internal push function (the default
+ * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If
+ * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
+ * call this function again to get the data. See also
+ * gnutls_record_get_direction().
+ *
+ * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has
+ * initiated a handshake. In that case the server can only initiate a
+ * handshake or terminate the connection.
+ *
+ * Returns: the number of bytes received and zero on EOF. A negative
+ * error code is returned in case of an error. The number of bytes
+ * received might be less than @sizeofdata.
+ **/
+ssize_t
+gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata)
+{
+ return _gnutls_recv_int (session, GNUTLS_APPLICATION_DATA, -1, data,
+ sizeofdata);
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_RECORD_H
+#define GNUTLS_RECORD_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls_buffers.h>
+
+ssize_t _gnutls_send_int (gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t htype,
+ unsigned int epoch_rel, const void *data,
+ size_t sizeofdata, unsigned int mflags);
+ssize_t _gnutls_recv_int (gnutls_session_t session, content_type_t type,
+ gnutls_handshake_description_t, opaque * data,
+ size_t sizeofdata);
+ssize_t _gnutls_send_change_cipher_spec (gnutls_session_t session, int again);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains code for RSA temporary keys. These keys are
+ * only used in export cipher suites.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <gnutls_rsa_export.h>
+#include "x509/x509_int.h"
+#include "debug.h"
+
+/* returns e and m, depends on the requested bits.
+ * We only support limited key sizes.
+ */
+const bigint_t *
+_gnutls_rsa_params_to_mpi (gnutls_rsa_params_t rsa_params)
+{
+ if (rsa_params == NULL)
+ {
+ return NULL;
+ }
+
+ return rsa_params->params;
+}
+
+/**
+ * gnutls_rsa_params_import_raw:
+ * @rsa_params: Is a structure will hold the parameters
+ * @m: holds the modulus
+ * @e: holds the public exponent
+ * @d: holds the private exponent
+ * @p: holds the first prime (p)
+ * @q: holds the second prime (q)
+ * @u: holds the coefficient
+ *
+ * This function will replace the parameters in the given structure.
+ * The new parameters should be stored in the appropriate
+ * gnutls_datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
+{
+ return gnutls_x509_privkey_import_rsa_raw (rsa_params, m, e, d, p, q, u);
+}
+
+/**
+ * gnutls_rsa_params_init:
+ * @rsa_params: Is a structure that will hold the parameters
+ *
+ * This function will initialize the temporary RSA parameters structure.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params)
+{
+ int ret;
+
+ ret = gnutls_x509_privkey_init (rsa_params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ (*rsa_params)->crippled = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_rsa_params_deinit:
+ * @rsa_params: Is a structure that holds the parameters
+ *
+ * This function will deinitialize the RSA parameters structure.
+ **/
+void
+gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params)
+{
+ gnutls_x509_privkey_deinit (rsa_params);
+}
+
+/**
+ * gnutls_rsa_params_cpy:
+ * @dst: Is the destination structure, which should be initialized.
+ * @src: Is the source structure
+ *
+ * This function will copy the RSA parameters structure from source
+ * to destination.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_rsa_params_cpy (gnutls_rsa_params_t dst, gnutls_rsa_params_t src)
+{
+ return gnutls_x509_privkey_cpy (dst, src);
+}
+
+/**
+ * gnutls_rsa_params_generate2:
+ * @params: The structure where the parameters will be stored
+ * @bits: is the prime's number of bits
+ *
+ * This function will generate new temporary RSA parameters for use in
+ * RSA-EXPORT ciphersuites. This function is normally slow.
+ *
+ * Note that if the parameters are to be used in export cipher suites the
+ * bits value should be 512 or less.
+ * Also note that the generation of new RSA parameters is only useful
+ * to servers. Clients use the parameters sent by the server, thus it's
+ * no use calling this in client side.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_rsa_params_generate2 (gnutls_rsa_params_t params, unsigned int bits)
+{
+ return gnutls_x509_privkey_generate (params, GNUTLS_PK_RSA, bits, 0);
+}
+
+/**
+ * gnutls_rsa_params_import_pkcs1:
+ * @params: A structure where the parameters will be copied to
+ * @pkcs1_params: should contain a PKCS1 RSAPublicKey structure PEM or DER encoded
+ * @format: the format of params. PEM or DER.
+ *
+ * This function will extract the RSAPublicKey found in a PKCS1 formatted
+ * structure.
+ *
+ * If the structure is PEM encoded, it should have a header
+ * of "BEGIN RSA PRIVATE KEY".
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
+ const gnutls_datum_t * pkcs1_params,
+ gnutls_x509_crt_fmt_t format)
+{
+ return gnutls_x509_privkey_import (params, pkcs1_params, format);
+}
+
+/**
+ * gnutls_rsa_params_export_pkcs1:
+ * @params: Holds the RSA parameters
+ * @format: the format of output params. One of PEM or DER.
+ * @params_data: will contain a PKCS1 RSAPublicKey structure PEM or DER encoded
+ * @params_data_size: holds the size of params_data (and will be replaced by the actual size of parameters)
+ *
+ * This function will export the given RSA parameters to a PKCS1
+ * RSAPublicKey structure. If the buffer provided is not long enough to
+ * hold the output, then GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN RSA PRIVATE KEY".
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
+{
+ return gnutls_x509_privkey_export (params, format,
+ params_data, params_data_size);
+}
+
+/**
+ * gnutls_rsa_params_export_raw:
+ * @params: a structure that holds the rsa parameters
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ * @d: will hold the private exponent
+ * @p: will hold the first prime (p)
+ * @q: will hold the second prime (q)
+ * @u: will hold the coefficient
+ * @bits: if non null will hold the prime's number of bits
+ *
+ * This function will export the RSA parameters found in the given
+ * structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an negative error code.
+ **/
+int
+gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ unsigned int *bits)
+{
+ int ret;
+
+ ret = gnutls_x509_privkey_export_rsa_raw (params, m, e, d, p, q, u);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (bits)
+ *bits = _gnutls_mpi_get_nbits (params->params[3]);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+const bigint_t *_gnutls_rsa_params_to_mpi (gnutls_rsa_params_t);
+int _gnutls_peers_cert_less_512 (gnutls_session_t session);
--- /dev/null
+/*
+ * Copyright (C) 2000, 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "debug.h"
+#include <gnutls_session_pack.h>
+#include <gnutls_datum.h>
+
+/**
+ * gnutls_session_get_data:
+ * @session: is a #gnutls_session_t structure.
+ * @session_data: is a pointer to space to hold the session.
+ * @session_data_size: is the session_data's size, or it will be set by the function.
+ *
+ * Returns all session parameters, in order to support resuming. The
+ * client should call this, and keep the returned session, if he
+ * wants to resume that current version later by calling
+ * gnutls_session_set_data() This function must be called after a
+ * successful handshake.
+ *
+ * Resuming sessions is really useful and speedups connections after
+ * a successful one.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_session_get_data (gnutls_session_t session,
+ void *session_data, size_t * session_data_size)
+{
+
+ gnutls_datum_t psession;
+ int ret;
+
+ if (session->internals.resumable == RESUME_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
+
+ psession.data = session_data;
+
+ ret = _gnutls_session_pack (session, &psession);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ *session_data_size = psession.size;
+
+ if (psession.size > *session_data_size)
+ {
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto error;
+ }
+
+ if (session_data != NULL)
+ memcpy (session_data, psession.data, psession.size);
+
+ ret = 0;
+
+error:
+ _gnutls_free_datum (&psession);
+ return ret;
+}
+
+/**
+ * gnutls_session_get_data2:
+ * @session: is a #gnutls_session_t structure.
+ * @data: is a pointer to a datum that will hold the session.
+ *
+ * Returns all session parameters, in order to support resuming. The
+ * client should call this, and keep the returned session, if he wants
+ * to resume that current version later by calling
+ * gnutls_session_set_data(). This function must be called after a
+ * successful handshake. The returned datum must be freed with
+ * gnutls_free().
+ *
+ * Resuming sessions is really useful and speedups connections after
+ * a successful one.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data)
+{
+
+ int ret;
+
+ if (data == NULL)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (session->internals.resumable == RESUME_FALSE)
+ return GNUTLS_E_INVALID_SESSION;
+
+ ret = _gnutls_session_pack (session, data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+
+/**
+ * gnutls_session_get_id:
+ * @session: is a #gnutls_session_t structure.
+ * @session_id: is a pointer to space to hold the session id.
+ * @session_id_size: is the session id's size, or it will be set by the function.
+ *
+ * Returns the current session id. This can be used if you want to
+ * check if the next session you tried to resume was actually
+ * resumed. This is because resumed sessions have the same sessionID
+ * with the original session.
+ *
+ * Session id is some data set by the server, that identify the
+ * current session. In TLS 1.0 and SSL 3.0 session id is always less
+ * than 32 bytes.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_session_get_id (gnutls_session_t session,
+ void *session_id, size_t * session_id_size)
+{
+ size_t given_session_id_size = *session_id_size;
+
+ *session_id_size = session->security_parameters.session_id_size;
+
+ /* just return the session size */
+ if (session_id == NULL)
+ {
+ return 0;
+ }
+
+ if (given_session_id_size < session->security_parameters.session_id_size)
+ {
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy (session_id, &session->security_parameters.session_id,
+ *session_id_size);
+
+ return 0;
+}
+
+/**
+ * gnutls_session_set_data:
+ * @session: is a #gnutls_session_t structure.
+ * @session_data: is a pointer to space to hold the session.
+ * @session_data_size: is the session's size
+ *
+ * Sets all session parameters, in order to resume a previously
+ * established session. The session data given must be the one
+ * returned by gnutls_session_get_data(). This function should be
+ * called before gnutls_handshake().
+ *
+ * Keep in mind that session resuming is advisory. The server may
+ * choose not to resume the session, thus a full handshake will be
+ * performed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_session_set_data (gnutls_session_t session,
+ const void *session_data, size_t session_data_size)
+{
+ int ret;
+ gnutls_datum_t psession;
+
+ psession.data = (opaque *) session_data;
+ psession.size = session_data_size;
+
+ if (session_data == NULL || session_data_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ ret = _gnutls_session_unpack (session, &psession);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Contains functions that are supposed to pack and unpack session data,
+ * before and after they are sent to the database backend.
+ */
+
+#include <gnutls_int.h>
+#ifdef ENABLE_SRP
+#include <auth_srp.h>
+#endif
+#ifdef ENABLE_PSK
+#include <auth_psk.h>
+#endif
+#include <auth_anon.h>
+#include <auth_cert.h>
+#include <gnutls_errors.h>
+#include <gnutls_auth.h>
+#include <gnutls_session_pack.h>
+#include <gnutls_datum.h>
+#include <gnutls_num.h>
+#include <gnutls_extensions.h>
+#include <gnutls_constate.h>
+
+static int pack_certificate_auth_info (gnutls_session_t,
+ gnutls_buffer_st * packed_session);
+static int unpack_certificate_auth_info (gnutls_session_t,
+ gnutls_buffer_st * packed_session);
+
+static int unpack_srp_auth_info (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_srp_auth_info (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+
+static int unpack_psk_auth_info (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_psk_auth_info (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+
+static int unpack_anon_auth_info (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_anon_auth_info (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+
+static int unpack_security_parameters (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+static int pack_security_parameters (gnutls_session_t session,
+ gnutls_buffer_st * packed_session);
+
+
+/* Since auth_info structures contain malloced data, this function
+ * is required in order to pack these structures in a vector in
+ * order to store them to the DB.
+ *
+ * packed_session will contain the session data.
+ *
+ * The data will be in a platform independent format.
+ */
+int
+_gnutls_session_pack (gnutls_session_t session,
+ gnutls_datum_t * packed_session)
+{
+ int ret;
+ gnutls_buffer_st sb;
+ opaque id;
+
+ if (packed_session == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ _gnutls_buffer_init (&sb);
+
+ id = gnutls_auth_get_type (session);
+ BUFFER_APPEND (&sb, &id, 1);
+
+ switch (id)
+ {
+#ifdef ENABLE_SRP
+ case GNUTLS_CRD_SRP:
+ ret = pack_srp_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+#endif
+#ifdef ENABLE_PSK
+ case GNUTLS_CRD_PSK:
+ ret = pack_psk_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+#endif
+#ifdef ENABLE_ANON
+ case GNUTLS_CRD_ANON:
+ ret = pack_anon_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+#endif
+ case GNUTLS_CRD_CERTIFICATE:
+ ret = pack_certificate_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ * packed_session must have allocated space for the security parameters.
+ */
+ ret = pack_security_parameters (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_buffer_clear (&sb);
+ return ret;
+ }
+
+ ret = _gnutls_ext_pack (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_buffer_clear (&sb);
+ return ret;
+ }
+
+ ret = _gnutls_buffer_to_datum (&sb, packed_session);
+
+ return ret;
+}
+
+
+/* Load session data from a buffer.
+ */
+int
+_gnutls_session_unpack (gnutls_session_t session,
+ const gnutls_datum_t * packed_session)
+{
+ int ret;
+ gnutls_buffer_st sb;
+ opaque id;
+
+ _gnutls_buffer_init (&sb);
+
+ if (packed_session == NULL || packed_session->size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_buffer_append_data (&sb, packed_session->data,
+ packed_session->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (_gnutls_get_auth_info (session) != NULL)
+ {
+ _gnutls_free_auth_info (session);
+ }
+
+ BUFFER_POP (&sb, &id, 1);
+
+ switch (id)
+ {
+#ifdef ENABLE_SRP
+ case GNUTLS_CRD_SRP:
+ ret = unpack_srp_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ break;
+#endif
+#ifdef ENABLE_PSK
+ case GNUTLS_CRD_PSK:
+ ret = unpack_psk_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ break;
+#endif
+#ifdef ENABLE_ANON
+ case GNUTLS_CRD_ANON:
+ ret = unpack_anon_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+#endif
+ case GNUTLS_CRD_CERTIFICATE:
+ ret = unpack_certificate_auth_info (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+
+ }
+
+ /* Auth_info structures copied. Now copy security_parameters_st.
+ * packed_session must have allocated space for the security parameters.
+ */
+ ret = unpack_security_parameters (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = _gnutls_ext_unpack (session, &sb);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = 0;
+
+error:
+ _gnutls_buffer_clear (&sb);
+
+ return ret;
+}
+
+
+
+/* Format:
+ * 1 byte the credentials type
+ * 4 bytes the size of the whole structure
+ * DH stuff
+ * 2 bytes the size of secret key in bits
+ * 4 bytes the size of the prime
+ * x bytes the prime
+ * 4 bytes the size of the generator
+ * x bytes the generator
+ * 4 bytes the size of the public key
+ * x bytes the public key
+ * RSA stuff
+ * 4 bytes the size of the modulus
+ * x bytes the modulus
+ * 4 bytes the size of the exponent
+ * x bytes the exponent
+ * CERTIFICATES
+ * 4 bytes the length of the certificate list
+ * 4 bytes the size of first certificate
+ * x bytes the certificate
+ * and so on...
+ */
+static int
+pack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ unsigned int i;
+ int cur_size, ret;
+ cert_auth_info_t info = _gnutls_get_auth_info (session);
+ int size_offset;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM (ps, 0);
+ cur_size = ps->length;
+
+ if (info)
+ {
+
+ BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX (ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+ BUFFER_APPEND_PFX (ps, info->rsa_export.modulus.data,
+ info->rsa_export.modulus.size);
+ BUFFER_APPEND_PFX (ps, info->rsa_export.exponent.data,
+ info->rsa_export.exponent.size);
+
+ BUFFER_APPEND_NUM (ps, info->ncerts);
+
+ for (i = 0; i < info->ncerts; i++)
+ BUFFER_APPEND_PFX (ps, info->raw_certificate_list[i].data,
+ info->raw_certificate_list[i].size);
+ }
+
+ /* write the real size */
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
+
+ return 0;
+}
+
+
+/* Upack certificate info.
+ */
+static int
+unpack_certificate_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ int ret;
+ unsigned int i = 0, j = 0;
+ size_t pack_size;
+ cert_auth_info_t info = NULL;
+
+ BUFFER_POP_NUM (ps, pack_size);
+
+ if (pack_size == 0)
+ return 0; /* nothing to be done */
+
+ /* client and server have the same auth_info here
+ */
+ ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_CERTIFICATE,
+ sizeof (cert_auth_info_st), 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ BUFFER_POP_NUM (ps, info->dh.secret_bits);
+
+ BUFFER_POP_DATUM (ps, &info->dh.prime);
+ BUFFER_POP_DATUM (ps, &info->dh.generator);
+ BUFFER_POP_DATUM (ps, &info->dh.public_key);
+ BUFFER_POP_DATUM (ps, &info->rsa_export.modulus);
+ BUFFER_POP_DATUM (ps, &info->rsa_export.exponent);
+
+ BUFFER_POP_NUM (ps, info->ncerts);
+
+ if (info->ncerts > 0)
+ {
+ info->raw_certificate_list =
+ gnutls_calloc (info->ncerts, sizeof (gnutls_datum_t));
+ if (info->raw_certificate_list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+ }
+
+ for (i = 0; i < info->ncerts; i++)
+ {
+ BUFFER_POP_DATUM (ps, &info->raw_certificate_list[i]);
+ }
+
+ return 0;
+
+error:
+ if (info)
+ {
+ _gnutls_free_datum (&info->dh.prime);
+ _gnutls_free_datum (&info->dh.generator);
+ _gnutls_free_datum (&info->dh.public_key);
+
+ _gnutls_free_datum (&info->rsa_export.modulus);
+ _gnutls_free_datum (&info->rsa_export.exponent);
+
+ for (j = 0; j < i; j++)
+ _gnutls_free_datum (&info->raw_certificate_list[j]);
+
+ gnutls_free (info->raw_certificate_list);
+ }
+
+ return ret;
+
+}
+
+#ifdef ENABLE_SRP
+/* Packs the SRP session authentication data.
+ */
+
+/* Format:
+ * 1 byte the credentials type
+ * 4 bytes the size of the SRP username (x)
+ * x bytes the SRP username
+ */
+static int
+pack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ srp_server_auth_info_t info = _gnutls_get_auth_info (session);
+ int len, ret;
+ int size_offset;
+ size_t cur_size;
+
+ if (info && info->username)
+ len = strlen (info->username) + 1; /* include the terminating null */
+ else
+ len = 0;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM (ps, 0);
+ cur_size = ps->length;
+
+ BUFFER_APPEND_PFX (ps, info->username, len);
+
+ /* write the real size */
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
+
+ return 0;
+}
+
+
+static int
+unpack_srp_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ size_t username_size;
+ int ret;
+ srp_server_auth_info_t info;
+
+ BUFFER_POP_NUM (ps, username_size);
+ if (username_size > sizeof (info->username))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+ ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_SRP,
+ sizeof (srp_server_auth_info_st), 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ BUFFER_POP (ps, info->username, username_size);
+
+ ret = 0;
+
+error:
+ return ret;
+}
+#endif
+
+
+#ifdef ENABLE_ANON
+/* Packs the ANON session authentication data.
+ */
+
+/* Format:
+ * 1 byte the credentials type
+ * 4 bytes the size of the whole structure
+ * 2 bytes the size of secret key in bits
+ * 4 bytes the size of the prime
+ * x bytes the prime
+ * 4 bytes the size of the generator
+ * x bytes the generator
+ * 4 bytes the size of the public key
+ * x bytes the public key
+ */
+static int
+pack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ int cur_size, ret;
+ anon_auth_info_t info = _gnutls_get_auth_info (session);
+ int size_offset;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM (ps, 0);
+ cur_size = ps->length;
+
+ if (info)
+ {
+ BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX (ps, info->dh.generator.data,
+ info->dh.generator.size);
+ BUFFER_APPEND_PFX (ps, info->dh.public_key.data,
+ info->dh.public_key.size);
+ }
+
+ /* write the real size */
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
+
+ return 0;
+}
+
+
+static int
+unpack_anon_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ int ret;
+ size_t pack_size;
+ anon_auth_info_t info = NULL;
+
+ BUFFER_POP_NUM (ps, pack_size);
+
+ if (pack_size == 0)
+ return 0; /* nothing to be done */
+
+ /* client and server have the same auth_info here
+ */
+ ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_ANON,
+ sizeof (anon_auth_info_st), 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ BUFFER_POP_NUM (ps, info->dh.secret_bits);
+
+ BUFFER_POP_DATUM (ps, &info->dh.prime);
+ BUFFER_POP_DATUM (ps, &info->dh.generator);
+ BUFFER_POP_DATUM (ps, &info->dh.public_key);
+
+ return 0;
+
+error:
+ if (info)
+ {
+ _gnutls_free_datum (&info->dh.prime);
+ _gnutls_free_datum (&info->dh.generator);
+ _gnutls_free_datum (&info->dh.public_key);
+ }
+
+ return ret;
+}
+#endif /* ANON */
+
+#ifdef ENABLE_PSK
+/* Packs the PSK session authentication data.
+ */
+
+/* Format:
+ * 1 byte the credentials type
+ * 4 bytes the size of the whole structure
+ *
+ * 4 bytes the size of the PSK username (x)
+ * x bytes the PSK username
+ * 2 bytes the size of secret key in bits
+ * 4 bytes the size of the prime
+ * x bytes the prime
+ * 4 bytes the size of the generator
+ * x bytes the generator
+ * 4 bytes the size of the public key
+ * x bytes the public key
+ */
+static int
+pack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ psk_auth_info_t info;
+ int username_len;
+ int hint_len, ret;
+ int size_offset;
+ size_t cur_size;
+
+ info = _gnutls_get_auth_info (session);
+
+ if (info && info->username)
+ username_len = strlen (info->username) + 1; /* include the terminating null */
+ else
+ username_len = 0;
+
+ if (info && info->hint)
+ hint_len = strlen (info->hint) + 1; /* include the terminating null */
+ else
+ hint_len = 0;
+
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM (ps, 0);
+ cur_size = ps->length;
+
+ BUFFER_APPEND_PFX (ps, info->username, username_len);
+ BUFFER_APPEND_PFX (ps, info->hint, hint_len);
+
+ BUFFER_APPEND_NUM (ps, info->dh.secret_bits);
+ BUFFER_APPEND_PFX (ps, info->dh.prime.data, info->dh.prime.size);
+ BUFFER_APPEND_PFX (ps, info->dh.generator.data, info->dh.generator.size);
+ BUFFER_APPEND_PFX (ps, info->dh.public_key.data, info->dh.public_key.size);
+
+ /* write the real size */
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
+
+ return 0;
+}
+
+static int
+unpack_psk_auth_info (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ size_t username_size, hint_size;
+ int ret;
+ psk_auth_info_t info;
+
+ ret =
+ _gnutls_auth_info_set (session, GNUTLS_CRD_PSK,
+ sizeof (psk_auth_info_st), 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ BUFFER_POP_NUM (ps, username_size);
+ if (username_size > sizeof (info->username))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ BUFFER_POP (ps, info->username, username_size);
+
+ BUFFER_POP_NUM (ps, hint_size);
+ if (hint_size > sizeof (info->hint))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ BUFFER_POP (ps, info->hint, hint_size);
+
+ BUFFER_POP_NUM (ps, info->dh.secret_bits);
+
+ BUFFER_POP_DATUM (ps, &info->dh.prime);
+ BUFFER_POP_DATUM (ps, &info->dh.generator);
+ BUFFER_POP_DATUM (ps, &info->dh.public_key);
+
+ ret = 0;
+
+error:
+ _gnutls_free_datum (&info->dh.prime);
+ _gnutls_free_datum (&info->dh.generator);
+ _gnutls_free_datum (&info->dh.public_key);
+
+ return ret;
+}
+#endif
+
+
+/* Packs the security parameters.
+ */
+
+/* Format:
+ * 4 bytes the total security data size
+ * 1 byte the entity type (client/server)
+ * 1 byte the key exchange algorithm used
+ * 1 byte the read cipher algorithm
+ * 1 byte the read mac algorithm
+ * 1 byte the read compression algorithm
+ *
+ * 1 byte the write cipher algorithm
+ * 1 byte the write mac algorithm
+ * 1 byte the write compression algorithm
+ *
+ * 1 byte the certificate type
+ * 1 byte the protocol version
+ *
+ * 2 bytes the cipher suite
+ *
+ * 48 bytes the master secret
+ *
+ * 32 bytes the client random
+ * 32 bytes the server random
+ *
+ * 1 byte the session ID size
+ * x bytes the session ID (32 bytes max)
+ *
+ * 4 bytes a timestamp
+ * -------------------
+ * MAX: 165 bytes
+ *
+ */
+static int
+pack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+
+ int ret;
+ int size_offset;
+ size_t cur_size;
+ record_parameters_st *params;
+
+ if (session->security_parameters.epoch_read
+ != session->security_parameters.epoch_write)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_epoch_get (session, EPOCH_READ_CURRENT, ¶ms);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* move after the auth info stuff.
+ */
+ size_offset = ps->length;
+ BUFFER_APPEND_NUM (ps, 0);
+ cur_size = ps->length;
+
+
+ BUFFER_APPEND_NUM (ps, session->security_parameters.entity);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.kx_algorithm);
+ BUFFER_APPEND (ps,
+ &session->security_parameters.current_cipher_suite.suite[0],
+ 1);
+ BUFFER_APPEND (ps,
+ &session->security_parameters.current_cipher_suite.suite[1],
+ 1);
+ BUFFER_APPEND_NUM (ps, params->compression_algorithm);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.cert_type);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.version);
+
+ BUFFER_APPEND (ps, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ BUFFER_APPEND (ps, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_APPEND (ps, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+
+ BUFFER_APPEND_NUM (ps, session->security_parameters.session_id_size);
+ BUFFER_APPEND (ps, session->security_parameters.session_id,
+ session->security_parameters.session_id_size);
+
+ BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_send_size);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.max_record_recv_size);
+ BUFFER_APPEND_NUM (ps, session->security_parameters.timestamp);
+
+ _gnutls_write_uint32 (ps->length - cur_size, ps->data + size_offset);
+
+ return 0;
+}
+
+static int
+unpack_security_parameters (gnutls_session_t session, gnutls_buffer_st * ps)
+{
+ size_t pack_size;
+ int ret;
+ time_t timestamp = time (0);
+
+ BUFFER_POP_NUM (ps, pack_size);
+
+ if (pack_size == 0)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ memset (&session->internals.resumed_security_parameters, 0,
+ sizeof (session->internals.resumed_security_parameters));
+
+ BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.entity);
+ BUFFER_POP_NUM (ps,
+ session->internals.resumed_security_parameters.kx_algorithm);
+ BUFFER_POP (ps,
+ &session->internals.
+ resumed_security_parameters.current_cipher_suite.suite[0], 1);
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.
+ current_cipher_suite.suite[1], 1);
+ BUFFER_POP_NUM (ps, session->internals.resumed_compression_method);
+ BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.cert_type);
+ BUFFER_POP_NUM (ps, session->internals.resumed_security_parameters.version);
+
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_POP (ps,
+ &session->internals.resumed_security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ BUFFER_POP_NUM (ps,
+ session->internals.
+ resumed_security_parameters.session_id_size);
+
+ BUFFER_POP (ps, &session->internals.resumed_security_parameters.session_id,
+ session->internals.resumed_security_parameters.session_id_size);
+
+ BUFFER_POP_NUM (ps,
+ session->internals.
+ resumed_security_parameters.max_record_send_size);
+ BUFFER_POP_NUM (ps,
+ session->internals.
+ resumed_security_parameters.max_record_recv_size);
+ BUFFER_POP_NUM (ps,
+ session->internals.resumed_security_parameters.timestamp);
+
+ if (timestamp - session->internals.resumed_security_parameters.timestamp >
+ session->internals.expire_time
+ || session->internals.resumed_security_parameters.timestamp > timestamp)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_EXPIRED;
+ }
+
+ ret = 0;
+
+error:
+ return ret;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+int _gnutls_session_pack (gnutls_session_t session,
+ gnutls_datum_t * packed_session);
+int _gnutls_session_unpack (gnutls_session_t session,
+ const gnutls_datum_t * packed_session);
--- /dev/null
+/*
+ * Copyright (C) 2001, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <x509_b64.h>
+#include <auth_cert.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_cert.h>
+#include <gnutls_datum.h>
+#include <gnutls_mpi.h>
+#include <gnutls_global.h>
+#include <gnutls_pk.h>
+#include <debug.h>
+#include <gnutls_buffers.h>
+#include <gnutls_sig.h>
+#include <gnutls_kx.h>
+#include <libtasn1.h>
+#include <ext_signature.h>
+#include <gnutls_state.h>
+#include <x509/common.h>
+
+static int
+sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature);
+
+/* While this is currently equal to the length of RSA/SHA512
+ * signature, it should also be sufficient for DSS signature and any
+ * other RSA signatures including one with the old MD5/SHA1-combined
+ * format.
+ */
+#define MAX_SIG_SIZE 19 + MAX_HASH_SIZE
+
+/* Generates a signature of all the random data and the parameters.
+ * Used in DHE_* ciphersuites.
+ */
+int
+_gnutls_handshake_sign_data (gnutls_session_t session, gnutls_cert * cert,
+ gnutls_privkey_t pkey, gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * sign_algo)
+{
+ gnutls_datum_t dconcat;
+ int ret;
+ digest_hd_st td_sha;
+ opaque concat[MAX_SIG_SIZE];
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ gnutls_digest_algorithm_t hash_algo;
+
+ *sign_algo =
+ _gnutls_session_get_sign_algo (session, cert);
+ if (*sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ hash_algo = _gnutls_sign_get_hash_algorithm (*sign_algo);
+
+ _gnutls_handshake_log ("HSK[%p]: signing handshake data: using %s\n",
+ session, gnutls_sign_algorithm_get_name (*sign_algo));
+
+ ret = _gnutls_hash_init (&td_sha, hash_algo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&td_sha, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_sha, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_sha, params->data, params->size);
+
+ switch (cert->subject_pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ if (!_gnutls_version_has_selectable_sighash (ver))
+ {
+ digest_hd_st td_md5;
+
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&td_md5, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_md5, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_md5, params->data, params->size);
+
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ }
+ else
+ { /* TLS 1.2 way */
+
+ _gnutls_hash_deinit (&td_sha, concat);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ _gnutls_hash_deinit (&td_sha, concat);
+
+ if ((hash_algo != GNUTLS_DIG_SHA1) && (hash_algo != GNUTLS_DIG_SHA224)
+ && (hash_algo != GNUTLS_DIG_SHA256))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ break;
+
+ default:
+ gnutls_assert ();
+ _gnutls_hash_deinit (&td_sha, NULL);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+
+}
+
+
+/* This will create a PKCS1 or DSA signature, using the given parameters, and the
+ * given data. The output will be allocated and be put in signature.
+ */
+int
+_gnutls_soft_sign (gnutls_pk_algorithm_t algo, bigint_t * params,
+ int params_size, const gnutls_datum_t * data,
+ gnutls_datum_t * signature)
+{
+ int ret;
+
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ /* encrypt */
+ if ((ret = _gnutls_pkcs1_rsa_encrypt (signature, data, params,
+ params_size, 1)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ break;
+ case GNUTLS_PK_DSA:
+ /* sign */
+ if ((ret = _gnutls_dsa_sign (signature, data, params, params_size)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ break;
+ }
+
+ return 0;
+}
+
+/* This will create a PKCS1 or DSA signature, as defined in the TLS protocol.
+ * Cert is the certificate of the corresponding private key. It is only checked if
+ * it supports signing.
+ */
+static int
+sign_tls_hash (gnutls_session_t session, gnutls_digest_algorithm_t hash_algo,
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature)
+{
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ /* If our certificate supports signing
+ */
+
+ if (cert != NULL)
+ {
+ if (cert->key_usage != 0)
+ if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+
+ /* External signing. */
+ if (!pkey)
+ {
+ if (!session->internals.sign_func)
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+
+ return (*session->internals.sign_func)
+ (session, session->internals.sign_func_userdata,
+ cert->cert_type, &cert->raw, hash_concat, signature);
+ }
+ }
+
+ if (!_gnutls_version_has_selectable_sighash (ver))
+ return _gnutls_privkey_sign_hash (pkey, hash_concat, signature);
+ else
+ return gnutls_privkey_sign_hash (pkey, hash_algo, 0, hash_concat, signature);
+}
+
+static int
+verify_tls_hash (gnutls_protocol_t ver, gnutls_cert * cert,
+ const gnutls_datum_t * hash_concat,
+ gnutls_datum_t * signature, size_t sha1pos,
+ gnutls_pk_algorithm_t pk_algo)
+{
+ int ret;
+ gnutls_datum_t vdata;
+
+ if (cert == NULL || cert->version == 0)
+ { /* this is the only way to check
+ * if it is initialized
+ */
+ gnutls_assert ();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ /* If the certificate supports signing continue.
+ */
+ if (cert->key_usage != 0)
+ if (!(cert->key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+
+ if (pk_algo == GNUTLS_PK_UNKNOWN)
+ pk_algo = cert->subject_pk_algorithm;
+ switch (pk_algo)
+ {
+ case GNUTLS_PK_RSA:
+
+ vdata.data = hash_concat->data;
+ vdata.size = hash_concat->size;
+
+ /* verify signature */
+ if (!_gnutls_version_has_selectable_sighash (ver))
+ ret = _gnutls_rsa_verify (&vdata, signature, cert->params,
+ cert->params_size, 1);
+ else
+ ret = pubkey_verify_sig( NULL, &vdata, signature, pk_algo,
+ cert->params, cert->params_size);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ break;
+ case GNUTLS_PK_DSA:
+
+ vdata.data = &hash_concat->data[sha1pos];
+ vdata.size = hash_concat->size - sha1pos;
+
+ ret = pubkey_verify_sig( NULL, &vdata, signature, pk_algo,
+ cert->params, cert->params_size);
+ /* verify signature */
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+
+ return 0;
+}
+
+
+/* Generates a signature of all the random data and the parameters.
+ * Used in DHE_* ciphersuites.
+ */
+int
+_gnutls_handshake_verify_data (gnutls_session_t session, gnutls_cert * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo)
+{
+ gnutls_datum_t dconcat;
+ int ret;
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ opaque concat[MAX_SIG_SIZE];
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+ gnutls_digest_algorithm_t hash_algo;
+
+ if (_gnutls_version_has_selectable_sighash (ver))
+ {
+ _gnutls_handshake_log ("HSK[%p]: verify handshake data: using %s\n",
+ session, gnutls_sign_algorithm_get_name (algo));
+
+ ret = cert_compatible_with_sig(cert, ver, algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ ret = _gnutls_session_sign_algo_enabled (session, algo);
+ if (ret < 0)
+ return gnutls_assert_val(ret);
+
+ hash_algo = _gnutls_sign_get_hash_algorithm (algo);
+ }
+ else
+ {
+ ret = _gnutls_hash_init (&td_md5, GNUTLS_MAC_MD5);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&td_md5, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_md5, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_md5, params->data, params->size);
+
+ hash_algo = GNUTLS_DIG_SHA1;
+ }
+
+ ret = _gnutls_hash_init (&td_sha, hash_algo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ if (!_gnutls_version_has_selectable_sighash (ver))
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return ret;
+ }
+
+ _gnutls_hash (&td_sha, session->security_parameters.client_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_sha, session->security_parameters.server_random,
+ GNUTLS_RANDOM_SIZE);
+ _gnutls_hash (&td_sha, params->data, params->size);
+
+ if (!_gnutls_version_has_selectable_sighash (ver))
+ {
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
+ dconcat.data = concat;
+ dconcat.size = 36;
+ }
+ else
+ {
+ _gnutls_hash_deinit (&td_sha, concat);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+ }
+
+ ret = verify_tls_hash (ver, cert, &dconcat, signature,
+ dconcat.size -
+ _gnutls_hash_get_algo_len (hash_algo),
+ _gnutls_sign_get_pk_algorithm (algo));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+
+}
+
+/* Client certificate verify calculations
+ */
+
+/* this is _gnutls_handshake_verify_cert_vrfy for TLS 1.2
+ */
+static int
+_gnutls_handshake_verify_cert_vrfy12 (gnutls_session_t session,
+ gnutls_cert * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
+{
+ int ret;
+ opaque concat[MAX_SIG_SIZE];
+ digest_hd_st td;
+ gnutls_datum_t dconcat;
+ gnutls_sign_algorithm_t _sign_algo;
+ gnutls_digest_algorithm_t hash_algo;
+ digest_hd_st *handshake_td;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
+ hash_algo = handshake_td->algorithm;
+ _sign_algo =
+ _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
+
+ if (_sign_algo != sign_algo)
+ {
+ handshake_td = &session->internals.handshake_mac_handle.tls12.sha256;
+ hash_algo = handshake_td->algorithm;
+ _sign_algo =
+ _gnutls_x509_pk_to_sign (cert->subject_pk_algorithm, hash_algo);
+ if (sign_algo != _sign_algo)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM;
+ }
+ }
+
+ ret = _gnutls_hash_copy (&td, handshake_td);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ _gnutls_hash_deinit (&td, concat);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+
+ ret =
+ verify_tls_hash (ver, cert, &dconcat, signature, 0,
+ cert->subject_pk_algorithm);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+
+}
+
+/* Verifies a TLS signature (like the one in the client certificate
+ * verify message).
+ */
+int
+_gnutls_handshake_verify_cert_vrfy (gnutls_session_t session,
+ gnutls_cert * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t sign_algo)
+{
+ int ret;
+ opaque concat[MAX_SIG_SIZE];
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ gnutls_datum_t dconcat;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ _gnutls_handshake_log ("HSK[%p]: verify cert vrfy: using %s\n",
+ session, gnutls_sign_algorithm_get_name (sign_algo));
+
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ return _gnutls_handshake_verify_cert_vrfy12 (session, cert, signature,
+ sign_algo);
+ }
+ else if (session->security_parameters.handshake_mac_handle_type !=
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_hash_copy (&td_md5,
+ &session->internals.handshake_mac_handle.tls10.md5);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls10.sha);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hash_deinit (&td_md5, NULL);
+ return GNUTLS_E_HASH_FAILED;
+ }
+
+ if (ver == GNUTLS_SSL3)
+ {
+ ret = _gnutls_generate_master (session, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ }
+ else
+ {
+ _gnutls_hash_deinit (&td_md5, concat);
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
+ }
+
+ dconcat.data = concat;
+ dconcat.size = 20 + 16; /* md5+ sha */
+
+ ret =
+ verify_tls_hash (ver, cert, &dconcat, signature, 16,
+ cert->subject_pk_algorithm);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+
+}
+
+/* the same as _gnutls_handshake_sign_cert_vrfy except that it is made for TLS 1.2
+ */
+static int
+_gnutls_handshake_sign_cert_vrfy12 (gnutls_session_t session,
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
+{
+ gnutls_datum_t dconcat;
+ int ret;
+ opaque concat[MAX_SIG_SIZE];
+ digest_hd_st td;
+ gnutls_sign_algorithm_t sign_algo;
+ gnutls_digest_algorithm_t hash_algo;
+ digest_hd_st *handshake_td;
+
+ sign_algo =
+ _gnutls_session_get_sign_algo (session, cert);
+ if (sign_algo == GNUTLS_SIGN_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ hash_algo = _gnutls_sign_get_hash_algorithm (sign_algo);
+
+ _gnutls_debug_log ("sign handshake cert vrfy: picked %s with %s\n",
+ gnutls_sign_algorithm_get_name (sign_algo),
+ gnutls_mac_get_name (hash_algo));
+
+ if (hash_algo == session->internals.handshake_mac_handle.tls12.sha1.algorithm)
+ handshake_td = &session->internals.handshake_mac_handle.tls12.sha1;
+ else if (hash_algo == session->internals.handshake_mac_handle.tls12.sha256.algorithm)
+ handshake_td = &session->internals.handshake_mac_handle.tls12.sha256;
+ else
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* too bad we only support SHA1 and SHA256 */
+
+ ret = _gnutls_hash_copy (&td, handshake_td);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash_deinit (&td, concat);
+
+ dconcat.data = concat;
+ dconcat.size = _gnutls_hash_get_algo_len (hash_algo);
+
+ ret = sign_tls_hash (session, hash_algo, cert, pkey, &dconcat, signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return sign_algo;
+}
+
+
+/* Generates a signature of all the previous sent packets in the
+ * handshake procedure.
+ * 20040227: now it works for SSL 3.0 as well
+ * 20091031: works for TLS 1.2 too!
+ *
+ * For TLS1.x, x<2 returns negative for failure and zero or unspecified for success.
+ * For TLS1.2 returns the signature algorithm used on success, or a negative value;
+ */
+int
+_gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
+ gnutls_cert * cert, gnutls_privkey_t pkey,
+ gnutls_datum_t * signature)
+{
+ gnutls_datum_t dconcat;
+ int ret, hash_algo;
+ opaque concat[MAX_SIG_SIZE];
+ digest_hd_st td_md5;
+ digest_hd_st td_sha;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ if (session->security_parameters.handshake_mac_handle_type ==
+ HANDSHAKE_MAC_TYPE_12)
+ {
+ return _gnutls_handshake_sign_cert_vrfy12 (session, cert, pkey,
+ signature);
+ }
+ else if (session->security_parameters.handshake_mac_handle_type !=
+ HANDSHAKE_MAC_TYPE_10)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret =
+ _gnutls_hash_copy (&td_sha,
+ &session->internals.handshake_mac_handle.tls10.sha);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (ver == GNUTLS_SSL3)
+ {
+ ret = _gnutls_generate_master (session, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_mac_deinit_ssl3_handshake (&td_sha, &concat[16],
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ }
+ else
+ _gnutls_hash_deinit (&td_sha, &concat[16]);
+
+ switch (cert->subject_pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret =
+ _gnutls_hash_copy (&td_md5,
+ &session->internals.handshake_mac_handle.tls10.
+ md5);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (ver == GNUTLS_SSL3)
+ _gnutls_mac_deinit_ssl3_handshake (&td_md5, concat,
+ session->
+ security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE);
+ else
+ _gnutls_hash_deinit (&td_md5, concat);
+
+ dconcat.data = concat;
+ dconcat.size = 36;
+ break;
+ case GNUTLS_PK_DSA:
+ /* ensure 1024 bit DSA keys are used */
+ hash_algo = _gnutls_dsa_q_to_hash (cert->params[1]);
+ if (!_gnutls_version_has_selectable_sighash (ver) && hash_algo != GNUTLS_DIG_SHA1)
+ return gnutls_assert_val(GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL);
+
+ dconcat.data = &concat[16];
+ dconcat.size = 20;
+ break;
+
+ default:
+ return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
+ }
+ ret = sign_tls_hash (session, GNUTLS_DIG_NULL, cert, pkey, &dconcat, signature);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+}
+
+int
+pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+ bigint_t * params,
+ const gnutls_datum_t * data, gnutls_datum_t * digest)
+{
+ int ret;
+
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ break;
+ case GNUTLS_PK_DSA:
+ if (params && hash != _gnutls_dsa_q_to_hash (params[1]))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ digest->size = _gnutls_hash_get_algo_len (hash);
+ digest->data = gnutls_malloc (digest->size);
+ if (digest->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_hash_fast (hash, data->data, data->size, digest->data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ gnutls_free (digest->data);
+ return ret;
+}
+
+/* Writes the digest information and the digest in a DER encoded
+ * structure. The digest info is allocated and stored into the info structure.
+ */
+static int
+encode_ber_digest_info (gnutls_digest_algorithm_t hash,
+ const gnutls_datum_t * digest,
+ gnutls_datum_t * output)
+{
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ const char *algo;
+ opaque *tmp_output;
+ int tmp_output_size;
+
+ algo = _gnutls_x509_mac_to_oid ((gnutls_mac_algorithm_t) hash);
+ if (algo == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("Hash algorithm: %d\n", hash);
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (dinfo, "digestAlgorithm.algorithm", algo, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
+ /* Write an ASN.1 NULL in the parameters field. This matches RFC
+ 3279 and RFC 4055, although is arguable incorrect from a historic
+ perspective (see those documents for more information).
+ Regardless of what is correct, this appears to be what most
+ implementations do. */
+ result = asn1_write_value (dinfo, "digestAlgorithm.parameters",
+ ASN1_NULL, ASN1_NULL_SIZE);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (dinfo, "digest", digest->data, digest->size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
+ tmp_output_size = 0;
+ asn1_der_coding (dinfo, "", NULL, &tmp_output_size, NULL);
+
+ tmp_output = gnutls_malloc (tmp_output_size);
+ if (output->data == NULL)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding (dinfo, "", tmp_output, &tmp_output_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
+ asn1_delete_structure (&dinfo);
+
+ output->size = tmp_output_size;
+ output->data = tmp_output;
+
+ return 0;
+}
+
+/*
+ * This function will do RSA PKCS #1 1.5 encoding
+ * on the given digest. The given digest must be allocated
+ * and will be freed if replacement is required.
+ */
+int
+pk_prepare_hash (gnutls_pk_algorithm_t pk,
+ gnutls_digest_algorithm_t hash, gnutls_datum_t * digest)
+{
+ int ret;
+ gnutls_datum old_digest = { digest->data, digest->size };
+
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ /* Encode the digest as a DigestInfo
+ */
+ if ((ret = encode_ber_digest_info (hash, &old_digest, digest)) != 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_free_datum (&old_digest);
+ break;
+ case GNUTLS_PK_DSA:
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_SIG_H
+#define GNUTLS_SIG_H
+
+#include <gnutls/abstract.h>
+
+int _gnutls_handshake_sign_cert_vrfy (gnutls_session_t session,
+ gnutls_cert * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * signature);
+
+int _gnutls_handshake_sign_data (gnutls_session_t session,
+ gnutls_cert * cert,
+ gnutls_privkey_t pkey,
+ gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t * algo);
+
+int _gnutls_handshake_verify_cert_vrfy (gnutls_session_t session,
+ gnutls_cert * cert,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t);
+
+int _gnutls_handshake_verify_data (gnutls_session_t session,
+ gnutls_cert * cert,
+ const gnutls_datum_t * params,
+ gnutls_datum_t * signature,
+ gnutls_sign_algorithm_t algo);
+
+int _gnutls_soft_sign (gnutls_pk_algorithm_t algo,
+ bigint_t * params, int params_size,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
+
+int pk_prepare_hash (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+ gnutls_datum_t * output);
+int pk_hash_data (gnutls_pk_algorithm_t pk, gnutls_digest_algorithm_t hash,
+ bigint_t * params, const gnutls_datum_t * data,
+ gnutls_datum_t * digest);
+
+int
+_gnutls_privkey_sign_hash (gnutls_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <auth_srp.h>
+#include <gnutls_state.h>
+
+#ifdef ENABLE_SRP
+
+#include <gnutls_srp.h>
+#include <auth_srp_passwd.h>
+#include <gnutls_mpi.h>
+#include <gnutls_num.h>
+#include <gnutls_helper.h>
+
+#include "debug.h"
+
+
+/* Here functions for SRP (like g^x mod n) are defined
+ */
+
+int
+_gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result,
+ bigint_t g, bigint_t prime, gnutls_alloc_function galloc_func)
+{
+ bigint_t x, e;
+ size_t result_size;
+ int ret;
+
+ if (_gnutls_mpi_scan_nz (&x, text, textsize))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ e = _gnutls_mpi_alloc_like (prime);
+ if (e == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&x);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* e = g^x mod prime (n) */
+ _gnutls_mpi_powm (e, g, x, prime);
+ _gnutls_mpi_release (&x);
+
+ ret = _gnutls_mpi_print (e, NULL, &result_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ *result = galloc_func (result_size);
+ if ((*result) == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ _gnutls_mpi_print (e, *result, &result_size);
+ ret = result_size;
+ }
+ else
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MPI_PRINT_FAILED;
+ }
+
+ _gnutls_mpi_release (&e);
+
+ return ret;
+
+}
+
+
+/****************
+ * Choose a random value b and calculate B = (k* v + g^b) % N.
+ * where k == SHA1(N|g)
+ * Return: B and if ret_b is not NULL b.
+ */
+bigint_t
+_gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n, bigint_t v)
+{
+ bigint_t tmpB = NULL, tmpV = NULL;
+ bigint_t b = NULL, B = NULL, k = NULL;
+ int bits;
+
+
+ /* calculate: B = (k*v + g^b) % N
+ */
+ bits = _gnutls_mpi_get_nbits (n);
+
+ tmpV = _gnutls_mpi_alloc_like (n);
+
+ if (tmpV == NULL)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ b = _gnutls_mpi_randomize (NULL, bits, GNUTLS_RND_RANDOM);
+
+ tmpB = _gnutls_mpi_new (bits);
+ if (tmpB == NULL)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ B = _gnutls_mpi_new (bits);
+ if (B == NULL)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ k = _gnutls_calc_srp_u (n, g, n);
+ if (k == NULL)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ _gnutls_mpi_mulm (tmpV, k, v, n);
+ _gnutls_mpi_powm (tmpB, g, b, n);
+
+ _gnutls_mpi_addm (B, tmpV, tmpB, n);
+
+ _gnutls_mpi_release (&k);
+ _gnutls_mpi_release (&tmpB);
+ _gnutls_mpi_release (&tmpV);
+
+ if (ret_b)
+ *ret_b = b;
+ else
+ _gnutls_mpi_release (&b);
+
+ return B;
+
+error:
+ _gnutls_mpi_release (&b);
+ _gnutls_mpi_release (&B);
+ _gnutls_mpi_release (&k);
+ _gnutls_mpi_release (&tmpB);
+ _gnutls_mpi_release (&tmpV);
+ return NULL;
+
+}
+
+/* This calculates the SHA1(A | B)
+ * A and B will be left-padded with zeros to fill n_size.
+ */
+bigint_t
+_gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t n)
+{
+ size_t b_size, a_size;
+ opaque *holder, hd[MAX_HASH_SIZE];
+ size_t holder_size, hash_size, n_size;
+ digest_hd_st td;
+ int ret;
+ bigint_t res;
+
+ /* get the size of n in bytes */
+ _gnutls_mpi_print (n, NULL, &n_size);
+
+ _gnutls_mpi_print (A, NULL, &a_size);
+ _gnutls_mpi_print (B, NULL, &b_size);
+
+ if (a_size > n_size || b_size > n_size)
+ {
+ gnutls_assert ();
+ return NULL; /* internal error */
+ }
+
+ holder_size = n_size + n_size;
+
+ holder = gnutls_calloc (1, holder_size);
+ if (holder == NULL)
+ return NULL;
+
+ _gnutls_mpi_print (A, &holder[n_size - a_size], &a_size);
+ _gnutls_mpi_print (B, &holder[n_size + n_size - b_size], &b_size);
+
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
+ {
+ gnutls_free (holder);
+ gnutls_assert ();
+ return NULL;
+ }
+ _gnutls_hash (&td, holder, holder_size);
+ _gnutls_hash_deinit (&td, hd);
+
+ /* convert the bytes of hd to integer
+ */
+ hash_size = 20; /* SHA */
+ ret = _gnutls_mpi_scan_nz (&res, hd, hash_size);
+ gnutls_free (holder);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ return res;
+}
+
+/* S = (A * v^u) ^ b % N
+ * this is our shared key (server premaster secret)
+ */
+bigint_t
+_gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
+ bigint_t n)
+{
+ bigint_t tmp1 = NULL, tmp2 = NULL;
+ bigint_t S = NULL;
+
+ S = _gnutls_mpi_alloc_like (n);
+ if (S == NULL)
+ return NULL;
+
+ tmp1 = _gnutls_mpi_alloc_like (n);
+ tmp2 = _gnutls_mpi_alloc_like (n);
+
+ if (tmp1 == NULL || tmp2 == NULL)
+ goto freeall;
+
+ _gnutls_mpi_powm (tmp1, v, u, n);
+ _gnutls_mpi_mulm (tmp2, A, tmp1, n);
+ _gnutls_mpi_powm (S, tmp2, b, n);
+
+ _gnutls_mpi_release (&tmp1);
+ _gnutls_mpi_release (&tmp2);
+
+ return S;
+
+freeall:
+ _gnutls_mpi_release (&tmp1);
+ _gnutls_mpi_release (&tmp2);
+ return NULL;
+}
+
+/* A = g^a % N
+ * returns A and a (which is random)
+ */
+bigint_t
+_gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n)
+{
+ bigint_t tmpa;
+ bigint_t A;
+ int bits;
+
+ bits = _gnutls_mpi_get_nbits (n);
+ tmpa = _gnutls_mpi_randomize (NULL, bits, GNUTLS_RND_RANDOM);
+
+ A = _gnutls_mpi_new (bits);
+ if (A == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&tmpa);
+ return NULL;
+ }
+ _gnutls_mpi_powm (A, g, tmpa, n);
+
+ if (a != NULL)
+ *a = tmpa;
+ else
+ _gnutls_mpi_release (&tmpa);
+
+ return A;
+}
+
+/* generate x = SHA(s | SHA(U | ":" | p))
+ * The output is exactly 20 bytes
+ */
+static int
+_gnutls_calc_srp_sha (const char *username, const char *password,
+ opaque * salt, int salt_size, size_t * size,
+ void *digest)
+{
+ digest_hd_st td;
+ opaque res[MAX_HASH_SIZE];
+ int ret;
+
+ *size = 20;
+
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
+ {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ _gnutls_hash (&td, username, strlen (username));
+ _gnutls_hash (&td, ":", 1);
+ _gnutls_hash (&td, password, strlen (password));
+
+ _gnutls_hash_deinit (&td, res);
+
+ ret = _gnutls_hash_init (&td, GNUTLS_MAC_SHA1);
+ if (ret < 0)
+ {
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_hash (&td, salt, salt_size);
+ _gnutls_hash (&td, res, 20); /* 20 bytes is the output of sha1 */
+
+ _gnutls_hash_deinit (&td, digest);
+
+ return 0;
+}
+
+int
+_gnutls_calc_srp_x (char *username, char *password, opaque * salt,
+ size_t salt_size, size_t * size, void *digest)
+{
+
+ return _gnutls_calc_srp_sha (username, password, salt,
+ salt_size, size, digest);
+}
+
+
+/* S = (B - k*g^x) ^ (a + u * x) % N
+ * this is our shared key (client premaster secret)
+ */
+bigint_t
+_gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
+ bigint_t u, bigint_t n)
+{
+ bigint_t S = NULL, tmp1 = NULL, tmp2 = NULL;
+ bigint_t tmp4 = NULL, tmp3 = NULL, k = NULL;
+
+ S = _gnutls_mpi_alloc_like (n);
+ if (S == NULL)
+ return NULL;
+
+ tmp1 = _gnutls_mpi_alloc_like (n);
+ tmp2 = _gnutls_mpi_alloc_like (n);
+ tmp3 = _gnutls_mpi_alloc_like (n);
+ if (tmp1 == NULL || tmp2 == NULL || tmp3 == NULL)
+ {
+ goto freeall;
+ }
+
+ k = _gnutls_calc_srp_u (n, g, n);
+ if (k == NULL)
+ {
+ gnutls_assert ();
+ goto freeall;
+ }
+
+ _gnutls_mpi_powm (tmp1, g, x, n); /* g^x */
+ _gnutls_mpi_mulm (tmp3, tmp1, k, n); /* k*g^x mod n */
+ _gnutls_mpi_subm (tmp2, B, tmp3, n);
+
+ tmp4 = _gnutls_mpi_alloc_like (n);
+ if (tmp4 == NULL)
+ goto freeall;
+
+ _gnutls_mpi_mul (tmp1, u, x);
+ _gnutls_mpi_add (tmp4, a, tmp1);
+ _gnutls_mpi_powm (S, tmp2, tmp4, n);
+
+ _gnutls_mpi_release (&tmp1);
+ _gnutls_mpi_release (&tmp2);
+ _gnutls_mpi_release (&tmp3);
+ _gnutls_mpi_release (&tmp4);
+ _gnutls_mpi_release (&k);
+
+ return S;
+
+freeall:
+ _gnutls_mpi_release (&k);
+ _gnutls_mpi_release (&tmp1);
+ _gnutls_mpi_release (&tmp2);
+ _gnutls_mpi_release (&tmp3);
+ _gnutls_mpi_release (&tmp4);
+ _gnutls_mpi_release (&S);
+ return NULL;
+}
+
+/**
+ * gnutls_srp_free_client_credentials:
+ * @sc: is a #gnutls_srp_client_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus
+ * this helper function is provided in order to free (deallocate) it.
+ **/
+void
+gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc)
+{
+ gnutls_free (sc->username);
+ gnutls_free (sc->password);
+ gnutls_free (sc);
+}
+
+/**
+ * gnutls_srp_allocate_client_credentials:
+ * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus
+ * this helper function is provided in order to allocate it.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ **/
+int
+gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc)
+{
+ *sc = gnutls_calloc (1, sizeof (srp_client_credentials_st));
+
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ return 0;
+}
+
+/**
+ * gnutls_srp_set_client_credentials:
+ * @res: is a #gnutls_srp_client_credentials_t structure.
+ * @username: is the user's userid
+ * @password: is the user's password
+ *
+ * This function sets the username and password, in a
+ * #gnutls_srp_client_credentials_t structure. Those will be used in
+ * SRP authentication. @username and @password should be ASCII
+ * strings or UTF-8 strings prepared using the "SASLprep" profile of
+ * "stringprep".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ **/
+int
+gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
+ const char *username, const char *password)
+{
+
+ if (username == NULL || password == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ res->username = gnutls_strdup (username);
+ if (res->username == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ res->password = gnutls_strdup (password);
+ if (res->password == NULL)
+ {
+ gnutls_free (res->username);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_srp_free_server_credentials:
+ * @sc: is a #gnutls_srp_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus
+ * this helper function is provided in order to free (deallocate) it.
+ **/
+void
+gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc)
+{
+ gnutls_free (sc->password_file);
+ gnutls_free (sc->password_conf_file);
+
+ gnutls_free (sc);
+}
+
+/**
+ * gnutls_srp_allocate_server_credentials:
+ * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure.
+ *
+ * This structure is complex enough to manipulate directly thus this
+ * helper function is provided in order to allocate it.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ **/
+int
+gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc)
+{
+ *sc = gnutls_calloc (1, sizeof (srp_server_cred_st));
+
+ if (*sc == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ return 0;
+}
+
+/**
+ * gnutls_srp_set_server_credentials_file:
+ * @res: is a #gnutls_srp_server_credentials_t structure.
+ * @password_file: is the SRP password file (tpasswd)
+ * @password_conf_file: is the SRP password conf file (tpasswd.conf)
+ *
+ * This function sets the password files, in a
+ * #gnutls_srp_server_credentials_t structure. Those password files
+ * hold usernames and verifiers and will be used for SRP
+ * authentication.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ **/
+int
+gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res,
+ const char *password_file,
+ const char *password_conf_file)
+{
+
+ if (password_file == NULL || password_conf_file == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the files can be opened */
+ if (_gnutls_file_exists (password_file) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (_gnutls_file_exists (password_conf_file) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ res->password_file = gnutls_strdup (password_file);
+ if (res->password_file == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->password_conf_file = gnutls_strdup (password_conf_file);
+ if (res->password_conf_file == NULL)
+ {
+ gnutls_assert ();
+ gnutls_free (res->password_file);
+ res->password_file = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+
+/**
+ * gnutls_srp_set_server_credentials_function:
+ * @cred: is a #gnutls_srp_server_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function can be used to set a callback to retrieve the user's
+ * SRP credentials. The callback's function form is:
+ *
+ * int (*callback)(gnutls_session_t, const char* username,
+ * gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* g,
+ * gnutls_datum_t* n);
+ *
+ * @username contains the actual username.
+ * The @salt, @verifier, @generator and @prime must be filled
+ * in using the gnutls_malloc(). For convenience @prime and @generator
+ * may also be one of the static parameters defined in extra.h.
+ *
+ * In case the callback returned a negative number then gnutls will
+ * assume that the username does not exist.
+ *
+ * In order to prevent attackers from guessing valid usernames,
+ * if a user does not exist, g and n values should be filled in
+ * using a random user's parameters. In that case the callback must
+ * return the special value (1).
+ *
+ * The callback function will only be called once per handshake.
+ * The callback function should return 0 on success, while
+ * -1 indicates an error.
+ **/
+void
+gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t
+ cred,
+ gnutls_srp_server_credentials_function
+ * func)
+{
+ cred->pwd_callback = func;
+}
+
+/**
+ * gnutls_srp_set_client_credentials_function:
+ * @cred: is a #gnutls_srp_server_credentials_t structure.
+ * @func: is the callback function
+ *
+ * This function can be used to set a callback to retrieve the
+ * username and password for client SRP authentication. The
+ * callback's function form is:
+ *
+ * int (*callback)(gnutls_session_t, char** username, char**password);
+ *
+ * The @username and @password must be allocated using
+ * gnutls_malloc(). @username and @password should be ASCII strings
+ * or UTF-8 strings prepared using the "SASLprep" profile of
+ * "stringprep".
+ *
+ * The callback function will be called once per handshake before the
+ * initial hello message is sent.
+ *
+ * The callback should not return a negative error code the second
+ * time called, since the handshake procedure will be aborted.
+ *
+ * The callback function should return 0 on success.
+ * -1 indicates an error.
+ **/
+void
+gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t
+ cred,
+ gnutls_srp_client_credentials_function
+ * func)
+{
+ cred->get_function = func;
+}
+
+
+/**
+ * gnutls_srp_server_get_username:
+ * @session: is a gnutls session
+ *
+ * This function will return the username of the peer. This should
+ * only be called in case of SRP authentication and in case of a
+ * server. Returns NULL in case of an error.
+ *
+ * Returns: SRP username of the peer, or NULL in case of error.
+ **/
+const char *
+gnutls_srp_server_get_username (gnutls_session_t session)
+{
+ srp_server_auth_info_t info;
+
+ CHECK_AUTH (GNUTLS_CRD_SRP, NULL);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return NULL;
+ return info->username;
+}
+
+/**
+ * gnutls_srp_verifier:
+ * @username: is the user's name
+ * @password: is the user's password
+ * @salt: should be some randomly generated bytes
+ * @generator: is the generator of the group
+ * @prime: is the group's prime
+ * @res: where the verifier will be stored.
+ *
+ * This function will create an SRP verifier, as specified in
+ * RFC2945. The @prime and @generator should be one of the static
+ * parameters defined in gnutls/extra.h or may be generated using the
+ * libgcrypt functions gcry_prime_generate() and
+ * gcry_prime_group_generator().
+ *
+ * The verifier will be allocated with @malloc and will be stored in
+ * @res using binary format.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an
+ * error code.
+ **/
+int
+gnutls_srp_verifier (const char *username, const char *password,
+ const gnutls_datum_t * salt,
+ const gnutls_datum_t * generator,
+ const gnutls_datum_t * prime, gnutls_datum_t * res)
+{
+ bigint_t _n, _g;
+ int ret;
+ size_t digest_size = 20, size;
+ opaque digest[20];
+
+ ret = _gnutls_calc_srp_sha (username, password, salt->data,
+ salt->size, &digest_size, digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ size = prime->size;
+ if (_gnutls_mpi_scan_nz (&_n, prime->data, size))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ size = generator->size;
+ if (_gnutls_mpi_scan_nz (&_g, generator->data, size))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret = _gnutls_srp_gx (digest, 20, &res->data, _g, _n, malloc);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ res->size = ret;
+
+ return 0;
+}
+
+/**
+ * gnutls_srp_set_prime_bits:
+ * @session: is a #gnutls_session_t structure.
+ * @bits: is the number of bits
+ *
+ * This function sets the minimum accepted number of bits, for use in
+ * an SRP key exchange. If zero, the default 2048 bits will be used.
+ *
+ * In the client side it sets the minimum accepted number of bits. If
+ * a server sends a prime with less bits than that
+ * %GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER will be returned by the
+ * handshake.
+ *
+ * This function has no effect in server side.
+ *
+ * Since: 2.6.0
+ **/
+void
+gnutls_srp_set_prime_bits (gnutls_session_t session, unsigned int bits)
+{
+ session->internals.srp_prime_bits = bits;
+}
+
+#endif /* ENABLE_SRP */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifdef ENABLE_SRP
+
+int _gnutls_srp_gx (opaque * text, size_t textsize, opaque ** result,
+ bigint_t g, bigint_t prime, gnutls_alloc_function);
+bigint_t _gnutls_calc_srp_B (bigint_t * ret_b, bigint_t g, bigint_t n,
+ bigint_t v);
+bigint_t _gnutls_calc_srp_u (bigint_t A, bigint_t B, bigint_t N);
+bigint_t _gnutls_calc_srp_S1 (bigint_t A, bigint_t b, bigint_t u, bigint_t v,
+ bigint_t n);
+bigint_t _gnutls_calc_srp_A (bigint_t * a, bigint_t g, bigint_t n);
+bigint_t _gnutls_calc_srp_S2 (bigint_t B, bigint_t g, bigint_t x, bigint_t a,
+ bigint_t u, bigint_t n);
+int _gnutls_calc_srp_x (char *username, char *password, opaque * salt,
+ size_t salt_size, size_t * size, void *digest);
+int _gnutls_srp_gn (opaque ** ret_g, opaque ** ret_n, int bits);
+
+/* g is defined to be 2 */
+#define SRP_MAX_HASH_SIZE 24
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions to manipulate the session (gnutls_int.h), and some other stuff
+ * are included here. The file's name is traditionally gnutls_state even if the
+ * state has been renamed to session.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_auth.h>
+#include <gnutls_num.h>
+#include <gnutls_datum.h>
+#include <gnutls_db.h>
+#include <gnutls_record.h>
+#include <gnutls_handshake.h>
+#include <gnutls_dh.h>
+#include <gnutls_buffers.h>
+#include <gnutls_mbuffers.h>
+#include <gnutls_state.h>
+#include <gnutls_constate.h>
+#include <auth_cert.h>
+#include <auth_anon.h>
+#include <auth_psk.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_rsa_export.h>
+#include <gnutls_extensions.h>
+#include <system.h>
+
+/* These should really be static, but src/tests.c calls them. Make
+ them public functions? */
+void
+_gnutls_rsa_pms_set_version (gnutls_session_t session,
+ unsigned char major, unsigned char minor);
+
+void
+_gnutls_session_cert_type_set (gnutls_session_t session,
+ gnutls_certificate_type_t ct)
+{
+ session->security_parameters.cert_type = ct;
+}
+
+/**
+ * gnutls_cipher_get:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get currently used cipher.
+ *
+ * Returns: the currently used cipher, a #gnutls_cipher_algorithm_t
+ * type.
+ **/
+gnutls_cipher_algorithm_t
+gnutls_cipher_get (gnutls_session_t session)
+{
+ record_parameters_st *record_params;
+ _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+
+ return record_params->cipher_algorithm;
+}
+
+/**
+ * gnutls_certificate_type_get:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * The certificate type is by default X.509, unless it is negotiated
+ * as a TLS extension.
+ *
+ * Returns: the currently used #gnutls_certificate_type_t certificate
+ * type.
+ **/
+gnutls_certificate_type_t
+gnutls_certificate_type_get (gnutls_session_t session)
+{
+ return session->security_parameters.cert_type;
+}
+
+/**
+ * gnutls_kx_get:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get currently used key exchange algorithm.
+ *
+ * Returns: the key exchange algorithm used in the last handshake, a
+ * #gnutls_kx_algorithm_t value.
+ **/
+gnutls_kx_algorithm_t
+gnutls_kx_get (gnutls_session_t session)
+{
+ return session->security_parameters.kx_algorithm;
+}
+
+/**
+ * gnutls_mac_get:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get currently used MAC algorithm.
+ *
+ * Returns: the currently used mac algorithm, a
+ * #gnutls_mac_algorithm_t value.
+ **/
+gnutls_mac_algorithm_t
+gnutls_mac_get (gnutls_session_t session)
+{
+ record_parameters_st *record_params;
+ _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+
+ return record_params->mac_algorithm;
+}
+
+/**
+ * gnutls_compression_get:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get currently used compression algorithm.
+ *
+ * Returns: the currently used compression method, a
+ * #gnutls_compression_method_t value.
+ **/
+gnutls_compression_method_t
+gnutls_compression_get (gnutls_session_t session)
+{
+ record_parameters_st *record_params;
+ _gnutls_epoch_get (session, EPOCH_READ_CURRENT, &record_params);
+
+ return record_params->compression_algorithm;
+}
+
+/* Check if the given certificate type is supported.
+ * This means that it is enabled by the priority functions,
+ * and a matching certificate exists.
+ */
+int
+_gnutls_session_cert_type_supported (gnutls_session_t session,
+ gnutls_certificate_type_t cert_type)
+{
+ unsigned i;
+ unsigned cert_found = 0;
+ gnutls_certificate_credentials_t cred;
+
+ if (session->security_parameters.entity == GNUTLS_SERVER)
+ {
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+
+ if (cred == NULL)
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+
+ if (cred->server_get_cert_callback == NULL
+ && cred->get_cert_callback == NULL)
+ {
+ for (i = 0; i < cred->ncerts; i++)
+ {
+ if (cred->cert_list[i][0].cert_type == cert_type)
+ {
+ cert_found = 1;
+ break;
+ }
+ }
+
+ if (cert_found == 0)
+ /* no certificate is of that type.
+ */
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+ }
+
+ if (session->internals.priorities.cert_type.algorithms == 0
+ && cert_type == DEFAULT_CERT_TYPE)
+ return 0;
+
+ for (i = 0; i < session->internals.priorities.cert_type.algorithms; i++)
+ {
+ if (session->internals.priorities.cert_type.priority[i] == cert_type)
+ {
+ return 0; /* ok */
+ }
+ }
+
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+}
+
+
+/* this function deinitializes all the internal parameters stored
+ * in a session struct.
+ */
+inline static void
+deinit_internal_params (gnutls_session_t session)
+{
+ if (session->internals.params.free_dh_params)
+ gnutls_dh_params_deinit (session->internals.params.dh_params);
+
+ if (session->internals.params.free_rsa_params)
+ gnutls_rsa_params_deinit (session->internals.params.rsa_params);
+
+ _gnutls_handshake_hash_buffers_clear (session);
+
+ memset (&session->internals.params, 0, sizeof (session->internals.params));
+}
+
+/* This function will clear all the variables in internals
+ * structure within the session, which depend on the current handshake.
+ * This is used to allow further handshakes.
+ */
+static void
+_gnutls_handshake_internal_state_init (gnutls_session_t session)
+{
+ session->internals.extensions_sent_size = 0;
+
+ /* by default no selected certificate */
+ session->internals.adv_version_major = 0;
+ session->internals.adv_version_minor = 0;
+ session->internals.v2_hello = 0;
+ memset (&session->internals.handshake_header_buffer, 0,
+ sizeof (handshake_header_buffer_st));
+ session->internals.direction = 0;
+
+ /* use out of band data for the last
+ * handshake messages received.
+ */
+ session->internals.last_handshake_in = -1;
+ session->internals.last_handshake_out = -1;
+
+ session->internals.resumable = RESUME_TRUE;
+}
+
+void
+_gnutls_handshake_internal_state_clear (gnutls_session_t session)
+{
+ _gnutls_handshake_internal_state_init (session);
+
+ _gnutls_free_datum (&session->internals.recv_buffer);
+
+ deinit_internal_params (session);
+
+}
+
+#define MIN_DH_BITS 727
+/**
+ * gnutls_init:
+ * @con_end: indicate if this session is to be used for server or client.
+ * @session: is a pointer to a #gnutls_session_t structure.
+ *
+ * This function initializes the current session to null. Every
+ * session must be initialized before use, so internal structures can
+ * be allocated. This function allocates structures which can only
+ * be free'd by calling gnutls_deinit(). Returns zero on success.
+ *
+ * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end)
+{
+ int ret;
+ record_parameters_st *epoch;
+
+ *session = gnutls_calloc (1, sizeof (struct gnutls_session_int));
+ if (*session == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = _gnutls_epoch_alloc (*session, 0, &epoch);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Set all NULL algos on epoch 0 */
+ _gnutls_epoch_set_null_algos (*session, epoch);
+
+ (*session)->security_parameters.epoch_next = 1;
+
+ (*session)->security_parameters.entity = con_end;
+
+ /* the default certificate type for TLS */
+ (*session)->security_parameters.cert_type = DEFAULT_CERT_TYPE;
+
+ /* Initialize buffers */
+ _gnutls_buffer_init (&(*session)->internals.application_data_buffer);
+ _gnutls_buffer_init (&(*session)->internals.handshake_data_buffer);
+ _gnutls_buffer_init (&(*session)->internals.handshake_hash_buffer);
+ _gnutls_buffer_init (&(*session)->internals.ia_data_buffer);
+
+ _mbuffer_init (&(*session)->internals.record_send_buffer);
+ _mbuffer_init (&(*session)->internals.record_recv_buffer);
+
+ _mbuffer_init (&(*session)->internals.handshake_send_buffer);
+ _gnutls_buffer_init (&(*session)->internals.handshake_recv_buffer);
+
+ (*session)->key = gnutls_calloc (1, sizeof (struct gnutls_key_st));
+ if ((*session)->key == NULL)
+ {
+ gnutls_free (*session);
+ *session = NULL;
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ (*session)->internals.expire_time = DEFAULT_EXPIRE_TIME; /* one hour default */
+
+ gnutls_dh_set_prime_bits ((*session), MIN_DH_BITS);
+
+ gnutls_transport_set_lowat ((*session), DEFAULT_LOWAT); /* the default for tcp */
+
+ gnutls_handshake_set_max_packet_length ((*session),
+ MAX_HANDSHAKE_PACKET_SIZE);
+
+ /* set the socket pointers to -1;
+ */
+ (*session)->internals.transport_recv_ptr = (gnutls_transport_ptr_t) - 1;
+ (*session)->internals.transport_send_ptr = (gnutls_transport_ptr_t) - 1;
+
+ /* set the default maximum record size for TLS
+ */
+ (*session)->security_parameters.max_record_recv_size =
+ DEFAULT_MAX_RECORD_SIZE;
+ (*session)->security_parameters.max_record_send_size =
+ DEFAULT_MAX_RECORD_SIZE;
+
+ /* everything else not initialized here is initialized
+ * as NULL or 0. This is why calloc is used.
+ */
+
+ _gnutls_handshake_internal_state_init (*session);
+
+ /* emulate old gnutls behavior for old applications that do not use the priority_*
+ * functions.
+ */
+ (*session)->internals.priorities.sr = SR_PARTIAL;
+
+#ifdef HAVE_WRITEV
+ gnutls_transport_set_vec_push_function (*session, system_writev);
+#else
+ gnutls_transport_set_push_function (*session, system_write);
+#endif
+ gnutls_transport_set_pull_function (*session, system_read);
+ gnutls_transport_set_errno_function (*session, system_errno);
+
+ return 0;
+}
+
+/* returns RESUME_FALSE or RESUME_TRUE.
+ */
+int
+_gnutls_session_is_resumable (gnutls_session_t session)
+{
+ return session->internals.resumable;
+}
+
+
+/**
+ * gnutls_deinit:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function clears all buffers associated with the @session.
+ * This function will also remove session data from the session
+ * database if the session was terminated abnormally.
+ **/
+void
+gnutls_deinit (gnutls_session_t session)
+{
+ unsigned int i;
+
+ if (session == NULL)
+ return;
+
+ /* remove auth info firstly */
+ _gnutls_free_auth_info (session);
+
+ _gnutls_handshake_internal_state_clear (session);
+ _gnutls_handshake_io_buffer_clear (session);
+ _gnutls_ext_free_session_data (session);
+
+ for (i = 0; i < MAX_EPOCH_INDEX; i++)
+ if (session->record_parameters[i] != NULL)
+ {
+ _gnutls_epoch_free (session, session->record_parameters[i]);
+ session->record_parameters[i] = NULL;
+ }
+
+ _gnutls_buffer_clear (&session->internals.ia_data_buffer);
+ _gnutls_buffer_clear (&session->internals.handshake_hash_buffer);
+ _gnutls_buffer_clear (&session->internals.handshake_data_buffer);
+ _gnutls_buffer_clear (&session->internals.application_data_buffer);
+ _mbuffer_clear (&session->internals.record_recv_buffer);
+ _mbuffer_clear (&session->internals.record_send_buffer);
+
+ gnutls_credentials_clear (session);
+ _gnutls_selected_certs_deinit (session);
+
+ if (session->key != NULL)
+ {
+ _gnutls_mpi_release (&session->key->KEY);
+ _gnutls_mpi_release (&session->key->client_Y);
+ _gnutls_mpi_release (&session->key->client_p);
+ _gnutls_mpi_release (&session->key->client_g);
+
+ _gnutls_mpi_release (&session->key->u);
+ _gnutls_mpi_release (&session->key->a);
+ _gnutls_mpi_release (&session->key->x);
+ _gnutls_mpi_release (&session->key->A);
+ _gnutls_mpi_release (&session->key->B);
+ _gnutls_mpi_release (&session->key->b);
+
+ /* RSA */
+ _gnutls_mpi_release (&session->key->rsa[0]);
+ _gnutls_mpi_release (&session->key->rsa[1]);
+
+ _gnutls_mpi_release (&session->key->dh_secret);
+ gnutls_free (session->key);
+
+ session->key = NULL;
+ }
+
+ memset (session, 0, sizeof (struct gnutls_session_int));
+ gnutls_free (session);
+}
+
+/* Returns the minimum prime bits that are acceptable.
+ */
+int
+_gnutls_dh_get_allowed_prime_bits (gnutls_session_t session)
+{
+ return session->internals.dh_prime_bits;
+}
+
+int
+_gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public)
+{
+ dh_info_st *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (dh->public_key.data)
+ _gnutls_free_datum (&dh->public_key);
+
+ ret = _gnutls_mpi_dprint_lz (public, &dh->public_key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits)
+{
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ info->dh.secret_bits = bits;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ info->dh.secret_bits = bits;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ }
+
+ return 0;
+}
+
+/* This function will set in the auth info structure the
+ * RSA exponent and the modulus.
+ */
+int
+_gnutls_rsa_export_set_pubkey (gnutls_session_t session,
+ bigint_t exponent, bigint_t modulus)
+{
+ cert_auth_info_t info;
+ int ret;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ if (info->rsa_export.modulus.data)
+ _gnutls_free_datum (&info->rsa_export.modulus);
+
+ if (info->rsa_export.exponent.data)
+ _gnutls_free_datum (&info->rsa_export.exponent);
+
+ ret = _gnutls_mpi_dprint_lz (modulus, &info->rsa_export.modulus);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint_lz (exponent, &info->rsa_export.exponent);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&info->rsa_export.modulus);
+ return ret;
+ }
+
+ return 0;
+}
+
+
+/* Sets the prime and the generator in the auth info structure.
+ */
+int
+_gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime)
+{
+ dh_info_st *dh;
+ int ret;
+
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (dh->prime.data)
+ _gnutls_free_datum (&dh->prime);
+
+ if (dh->generator.data)
+ _gnutls_free_datum (&dh->generator);
+
+ /* prime
+ */
+ ret = _gnutls_mpi_dprint_lz (prime, &dh->prime);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* generator
+ */
+ ret = _gnutls_mpi_dprint_lz (gen, &dh->generator);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&dh->prime);
+ return ret;
+ }
+
+ return 0;
+}
+
+#ifdef ENABLE_OPENPGP
+/**
+ * gnutls_openpgp_send_cert:
+ * @session: is a pointer to a #gnutls_session_t structure.
+ * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT
+ *
+ * This function will order gnutls to send the key fingerprint
+ * instead of the key in the initial handshake procedure. This should
+ * be used with care and only when there is indication or knowledge
+ * that the server can obtain the client's key.
+ **/
+void
+gnutls_openpgp_send_cert (gnutls_session_t session,
+ gnutls_openpgp_crt_status_t status)
+{
+ session->internals.pgp_fingerprint = status;
+}
+#endif
+
+/**
+ * gnutls_certificate_send_x509_rdn_sequence:
+ * @session: is a pointer to a #gnutls_session_t structure.
+ * @status: is 0 or 1
+ *
+ * If status is non zero, this function will order gnutls not to send
+ * the rdnSequence in the certificate request message. That is the
+ * server will not advertize it's trusted CAs to the peer. If status
+ * is zero then the default behaviour will take effect, which is to
+ * advertize the server's trusted CAs.
+ *
+ * This function has no effect in clients, and in authentication
+ * methods other than certificate with X.509 certificates.
+ **/
+void
+gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
+ int status)
+{
+ session->internals.ignore_rdn_sequence = status;
+}
+
+#ifdef ENABLE_OPENPGP
+int
+_gnutls_openpgp_send_fingerprint (gnutls_session_t session)
+{
+ return session->internals.pgp_fingerprint;
+}
+#endif
+
+/*-
+ * _gnutls_record_set_default_version - Used to set the default version for the first record packet
+ * @session: is a #gnutls_session_t structure.
+ * @major: is a tls major version
+ * @minor: is a tls minor version
+ *
+ * This function sets the default version that we will use in the first
+ * record packet (client hello). This function is only useful to people
+ * that know TLS internals and want to debug other implementations.
+ -*/
+void
+_gnutls_record_set_default_version (gnutls_session_t session,
+ unsigned char major, unsigned char minor)
+{
+ session->internals.default_record_version[0] = major;
+ session->internals.default_record_version[1] = minor;
+}
+
+/**
+ * gnutls_handshake_set_private_extensions:
+ * @session: is a #gnutls_session_t structure.
+ * @allow: is an integer (0 or 1)
+ *
+ * This function will enable or disable the use of private cipher
+ * suites (the ones that start with 0xFF). By default or if @allow
+ * is 0 then these cipher suites will not be advertized nor used.
+ *
+ * Unless this function is called with the option to allow (1), then
+ * no compression algorithms, like LZO. That is because these
+ * algorithms are not yet defined in any RFC or even internet draft.
+ *
+ * Enabling the private ciphersuites when talking to other than
+ * gnutls servers and clients may cause interoperability problems.
+ **/
+void
+gnutls_handshake_set_private_extensions (gnutls_session_t session, int allow)
+{
+ session->internals.enable_private = allow;
+}
+
+inline static int
+_gnutls_cal_PRF_A (gnutls_mac_algorithm_t algorithm,
+ const void *secret, int secret_size,
+ const void *seed, int seed_size, void *result)
+{
+ digest_hd_st td1;
+ int ret;
+
+ ret = _gnutls_hmac_init (&td1, algorithm, secret, secret_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hmac (&td1, seed, seed_size);
+ _gnutls_hmac_deinit (&td1, result);
+
+ return 0;
+}
+
+#define MAX_SEED_SIZE 200
+
+/* Produces "total_bytes" bytes using the hash algorithm specified.
+ * (used in the PRF function)
+ */
+static int
+_gnutls_P_hash (gnutls_mac_algorithm_t algorithm,
+ const opaque * secret, int secret_size,
+ const opaque * seed, int seed_size,
+ int total_bytes, opaque * ret)
+{
+
+ digest_hd_st td2;
+ int i, times, how, blocksize, A_size;
+ opaque final[MAX_HASH_SIZE], Atmp[MAX_SEED_SIZE];
+ int output_bytes, result;
+
+ if (seed_size > MAX_SEED_SIZE || total_bytes <= 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ blocksize = _gnutls_hmac_get_algo_len (algorithm);
+
+ output_bytes = 0;
+ do
+ {
+ output_bytes += blocksize;
+ }
+ while (output_bytes < total_bytes);
+
+ /* calculate A(0) */
+
+ memcpy (Atmp, seed, seed_size);
+ A_size = seed_size;
+
+ times = output_bytes / blocksize;
+
+ for (i = 0; i < times; i++)
+ {
+ result = _gnutls_hmac_init (&td2, algorithm, secret, secret_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* here we calculate A(i+1) */
+ if ((result =
+ _gnutls_cal_PRF_A (algorithm, secret, secret_size, Atmp,
+ A_size, Atmp)) < 0)
+ {
+ gnutls_assert ();
+ _gnutls_hmac_deinit (&td2, final);
+ return result;
+ }
+
+ A_size = blocksize;
+
+ _gnutls_hmac (&td2, Atmp, A_size);
+ _gnutls_hmac (&td2, seed, seed_size);
+ _gnutls_hmac_deinit (&td2, final);
+
+ if ((1 + i) * blocksize < total_bytes)
+ {
+ how = blocksize;
+ }
+ else
+ {
+ how = total_bytes - (i) * blocksize;
+ }
+
+ if (how > 0)
+ {
+ memcpy (&ret[i * blocksize], final, how);
+ }
+ }
+
+ return 0;
+}
+
+/* Xor's two buffers and puts the output in the first one.
+ */
+inline static void
+_gnutls_xor (opaque * o1, opaque * o2, int length)
+{
+ int i;
+ for (i = 0; i < length; i++)
+ {
+ o1[i] ^= o2[i];
+ }
+}
+
+
+
+#define MAX_PRF_BYTES 200
+
+/* The PRF function expands a given secret
+ * needed by the TLS specification. ret must have a least total_bytes
+ * available.
+ */
+int
+_gnutls_PRF (gnutls_session_t session,
+ const opaque * secret, int secret_size, const char *label,
+ int label_size, const opaque * seed, int seed_size,
+ int total_bytes, void *ret)
+{
+ int l_s, s_seed_size;
+ const opaque *s1, *s2;
+ opaque s_seed[MAX_SEED_SIZE];
+ opaque o1[MAX_PRF_BYTES], o2[MAX_PRF_BYTES];
+ int result;
+ gnutls_protocol_t ver = gnutls_protocol_get_version (session);
+
+ if (total_bytes > MAX_PRF_BYTES)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ /* label+seed = s_seed */
+ s_seed_size = seed_size + label_size;
+
+ if (s_seed_size > MAX_SEED_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ memcpy (s_seed, label, label_size);
+ memcpy (&s_seed[label_size], seed, seed_size);
+
+ if (_gnutls_version_has_selectable_prf (ver))
+ {
+ result =
+ _gnutls_P_hash (GNUTLS_MAC_SHA256, secret, secret_size,
+ s_seed, s_seed_size, total_bytes, ret);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+ else
+ {
+ l_s = secret_size / 2;
+
+ s1 = &secret[0];
+ s2 = &secret[l_s];
+
+ if (secret_size % 2 != 0)
+ {
+ l_s++;
+ }
+
+ result =
+ _gnutls_P_hash (GNUTLS_MAC_MD5, s1, l_s, s_seed, s_seed_size,
+ total_bytes, o1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result =
+ _gnutls_P_hash (GNUTLS_MAC_SHA1, s2, l_s, s_seed, s_seed_size,
+ total_bytes, o2);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ _gnutls_xor (o1, o2, total_bytes);
+
+ memcpy (ret, o1, total_bytes);
+ }
+
+ return 0; /* ok */
+
+}
+
+/**
+ * gnutls_prf_raw:
+ * @session: is a #gnutls_session_t structure.
+ * @label_size: length of the @label variable.
+ * @label: label used in PRF computation, typically a short string.
+ * @seed_size: length of the @seed variable.
+ * @seed: optional extra data to seed the PRF with.
+ * @outsize: size of pre-allocated output buffer to hold the output.
+ * @out: pre-allocate buffer to hold the generated data.
+ *
+ * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
+ * on some data.
+ *
+ * The @label variable usually contain a string denoting the purpose
+ * for the generated data. The @seed usually contain data such as the
+ * client and server random, perhaps together with some additional
+ * data that is added to guarantee uniqueness of the output for a
+ * particular purpose.
+ *
+ * Because the output is not guaranteed to be unique for a particular
+ * session unless @seed include the client random and server random
+ * fields (the PRF would output the same data on another connection
+ * resumed from the first one), it is not recommended to use this
+ * function directly. The gnutls_prf() function seed the PRF with the
+ * client and server random fields directly, and is recommended if you
+ * want to generate pseudo random data unique for each session.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_prf_raw (gnutls_session_t session,
+ size_t label_size,
+ const char *label,
+ size_t seed_size, const char *seed, size_t outsize, char *out)
+{
+ int ret;
+
+ ret = _gnutls_PRF (session,
+ session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE,
+ label,
+ label_size, (opaque *) seed, seed_size, outsize, out);
+
+ return ret;
+}
+
+/**
+ * gnutls_prf:
+ * @session: is a #gnutls_session_t structure.
+ * @label_size: length of the @label variable.
+ * @label: label used in PRF computation, typically a short string.
+ * @server_random_first: non-0 if server random field should be first in seed
+ * @extra_size: length of the @extra variable.
+ * @extra: optional extra data to seed the PRF with.
+ * @outsize: size of pre-allocated output buffer to hold the output.
+ * @out: pre-allocate buffer to hold the generated data.
+ *
+ * Apply the TLS Pseudo-Random-Function (PRF) using the master secret
+ * on some data, seeded with the client and server random fields.
+ *
+ * The @label variable usually contain a string denoting the purpose
+ * for the generated data. The @server_random_first indicate whether
+ * the client random field or the server random field should be first
+ * in the seed. Non-0 indicate that the server random field is first,
+ * 0 that the client random field is first.
+ *
+ * The @extra variable can be used to add more data to the seed, after
+ * the random variables. It can be used to tie make sure the
+ * generated output is strongly connected to some additional data
+ * (e.g., a string used in user authentication).
+ *
+ * The output is placed in *@OUT, which must be pre-allocated.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_prf (gnutls_session_t session,
+ size_t label_size,
+ const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra, size_t outsize, char *out)
+{
+ int ret;
+ opaque *seed;
+ size_t seedsize = 2 * GNUTLS_RANDOM_SIZE + extra_size;
+
+ seed = gnutls_malloc (seedsize);
+ if (!seed)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy (seed, server_random_first ?
+ session->security_parameters.server_random :
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+ memcpy (seed + GNUTLS_RANDOM_SIZE, server_random_first ?
+ session->security_parameters.client_random :
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+
+ memcpy (seed + 2 * GNUTLS_RANDOM_SIZE, extra, extra_size);
+
+ ret = _gnutls_PRF (session, session->security_parameters.master_secret,
+ GNUTLS_MASTER_SIZE,
+ label, label_size, seed, seedsize, outsize, out);
+
+ gnutls_free (seed);
+
+ return ret;
+}
+
+/*-
+ * gnutls_session_get_client_random:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Return a pointer to the 32-byte client random field used in the
+ * session. The pointer must not be modified or deallocated.
+ *
+ * If a client random value has not yet been established, the output
+ * will be garbage; in particular, a %NULL return value should not be
+ * expected.
+ *
+ * Returns: pointer to client random data.
+ *
+ * Deprecated in: 2.11.0
+ -*/
+const void *
+gnutls_session_get_client_random (gnutls_session_t session)
+{
+ return (char *) session->security_parameters.client_random;
+}
+
+/*-
+ * gnutls_session_get_server_random:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Return a pointer to the 32-byte server random field used in the
+ * session. The pointer must not be modified or deallocated.
+ *
+ * If a server random value has not yet been established, the output
+ * will be garbage; in particular, a %NULL return value should not be
+ * expected.
+ *
+ * Returns: pointer to server random data.
+ *
+ * Deprecated in: 2.11.0
+ -*/
+const void *
+gnutls_session_get_server_random (gnutls_session_t session)
+{
+ return (char *) session->security_parameters.server_random;
+}
+
+/*-
+ * gnutls_session_get_master_secret:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Return a pointer to the 48-byte master secret in the session. The
+ * pointer must not be modified or deallocated.
+ *
+ * If a master secret value has not yet been established, the output
+ * will be garbage; in particular, a %NULL return value should not be
+ * expected.
+ *
+ * Consider using gnutls_prf() rather than extracting the master
+ * secret and use it to derive further data.
+ *
+ * Returns: pointer to master secret data.
+ *
+ * Deprecated in: 2.11.0
+ -*/
+const void *
+gnutls_session_get_master_secret (gnutls_session_t session)
+{
+ return (char *) session->security_parameters.master_secret;
+}
+
+/*-
+ * gnutls_session_set_finished_function:
+ * @session: is a #gnutls_session_t structure.
+ * @func: a #gnutls_finished_callback_func callback.
+ *
+ * Register a callback function for the session that will be called
+ * when a TLS Finished message has been generated. The function is
+ * typically used to copy away the TLS finished message for later use
+ * as a channel binding or similar purpose.
+ *
+ * The callback should follow this prototype:
+ *
+ * void callback (gnutls_session_t @session, const void *@finished, size_t @len);
+ *
+ * The @finished parameter will contain the binary TLS finished
+ * message, and @len will contains its length. For SSLv3 connections,
+ * the @len parameter will be 36 and for TLS connections it will be
+ * 12.
+ *
+ * It is recommended that the function returns quickly in order to not
+ * delay the handshake. Use the function to store a copy of the TLS
+ * finished message for later use.
+ *
+ * Since: 2.6.0
+ * Deprecated in: 2.11.0
+ -*/
+void
+gnutls_session_set_finished_function (gnutls_session_t session,
+ gnutls_finished_callback_func func)
+{
+ session->internals.finished_func = func;
+}
+
+/**
+ * gnutls_session_is_resumed:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Check whether session is resumed or not.
+ *
+ * Returns: non zero if this session is resumed, or a zero if this is
+ * a new session.
+ **/
+int
+gnutls_session_is_resumed (gnutls_session_t session)
+{
+ if (session->security_parameters.entity == GNUTLS_CLIENT)
+ {
+ if (session->security_parameters.session_id_size > 0 &&
+ session->security_parameters.session_id_size ==
+ session->internals.resumed_security_parameters.session_id_size
+ && memcmp (session->security_parameters.session_id,
+ session->internals.
+ resumed_security_parameters.session_id,
+ session->security_parameters.session_id_size) == 0)
+ return 1;
+ }
+ else
+ {
+ if (session->internals.resumed == RESUME_TRUE)
+ return 1;
+ }
+
+ return 0;
+}
+
+/*-
+ * _gnutls_session_is_export - Used to check whether this session is of export grade
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function will return non zero if this session is of export grade.
+ -*/
+int
+_gnutls_session_is_export (gnutls_session_t session)
+{
+ gnutls_cipher_algorithm_t cipher;
+
+ cipher =
+ _gnutls_cipher_suite_get_cipher_algo (&session->
+ security_parameters.current_cipher_suite);
+
+ if (_gnutls_cipher_get_export_flag (cipher) != 0)
+ return 1;
+
+ return 0;
+}
+
+/*-
+ * _gnutls_session_is_psk - Used to check whether this session uses PSK kx
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function will return non zero if this session uses a PSK key
+ * exchange algorithm.
+ -*/
+int
+_gnutls_session_is_psk (gnutls_session_t session)
+{
+ gnutls_kx_algorithm_t kx;
+
+ kx =
+ _gnutls_cipher_suite_get_kx_algo (&session->
+ security_parameters.current_cipher_suite);
+ if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK)
+ return 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_session_get_ptr:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * Get user pointer for session. Useful in callbacks. This is the
+ * pointer set with gnutls_session_set_ptr().
+ *
+ * Returns: the user given pointer from the session structure, or
+ * %NULL if it was never set.
+ **/
+void *
+gnutls_session_get_ptr (gnutls_session_t session)
+{
+ return session->internals.user_ptr;
+}
+
+/**
+ * gnutls_session_set_ptr:
+ * @session: is a #gnutls_session_t structure.
+ * @ptr: is the user pointer
+ *
+ * This function will set (associate) the user given pointer @ptr to
+ * the session structure. This is pointer can be accessed with
+ * gnutls_session_get_ptr().
+ **/
+void
+gnutls_session_set_ptr (gnutls_session_t session, void *ptr)
+{
+ session->internals.user_ptr = ptr;
+}
+
+
+/**
+ * gnutls_record_get_direction:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function provides information about the internals of the
+ * record protocol and is only useful if a prior gnutls function call
+ * (e.g. gnutls_handshake()) was interrupted for some reason, that
+ * is, if a function returned %GNUTLS_E_INTERRUPTED or
+ * %GNUTLS_E_AGAIN. In such a case, you might want to call select()
+ * or poll() before calling the interrupted gnutls function again. To
+ * tell you whether a file descriptor should be selected for either
+ * reading or writing, gnutls_record_get_direction() returns 0 if the
+ * interrupted function was trying to read data, and 1 if it was
+ * trying to write data.
+ *
+ * Returns: 0 if trying to read data, 1 if trying to write data.
+ **/
+int
+gnutls_record_get_direction (gnutls_session_t session)
+{
+ return session->internals.direction;
+}
+
+/*-
+ * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS
+ * @session: is a #gnutls_session_t structure.
+ * @major: is the major version to use
+ * @minor: is the minor version to use
+ *
+ * This function will set the given version number to be used at the
+ * RSA PMS secret. This is only useful to clients, which want to
+ * test server's capabilities.
+ -*/
+void
+_gnutls_rsa_pms_set_version (gnutls_session_t session,
+ unsigned char major, unsigned char minor)
+{
+ session->internals.rsa_pms_version[0] = major;
+ session->internals.rsa_pms_version[1] = minor;
+}
+
+/**
+ * gnutls_handshake_set_post_client_hello_function:
+ * @session: is a #gnutls_session_t structure.
+ * @func: is the function to be called
+ *
+ * This function will set a callback to be called after the client
+ * hello has been received (callback valid in server side only). This
+ * allows the server to adjust settings based on received extensions.
+ *
+ * Those settings could be ciphersuites, requesting certificate, or
+ * anything else except for version negotiation (this is done before
+ * the hello message is parsed).
+ *
+ * This callback must return 0 on success or a gnutls error code to
+ * terminate the handshake.
+ *
+ * Warning: You should not use this function to terminate the
+ * handshake based on client input unless you know what you are
+ * doing. Before the handshake is finished there is no way to know if
+ * there is a man-in-the-middle attack being performed.
+ **/
+void
+gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
+ gnutls_handshake_post_client_hello_func
+ func)
+{
+ session->internals.user_hello_func = func;
+}
+
+/**
+ * gnutls_session_enable_compatibility_mode:
+ * @session: is a #gnutls_session_t structure.
+ *
+ * This function can be used to disable certain (security) features in
+ * TLS in order to maintain maximum compatibility with buggy
+ * clients. It is equivalent to calling:
+ * gnutls_record_disable_padding()
+ *
+ * Normally only servers that require maximum compatibility with
+ * everything out there, need to call this function.
+ **/
+void
+gnutls_session_enable_compatibility_mode (gnutls_session_t session)
+{
+ gnutls_record_disable_padding (session);
+}
+
+/**
+ * gnutls_session_channel_binding:
+ * @session: is a #gnutls_session_t structure.
+ * @cbtype: an #gnutls_channel_binding_t enumeration type
+ * @cb: output buffer array with data
+ *
+ * Extract given channel binding data of the @cbtype (e.g.,
+ * %GNUTLS_CB_TLS_UNIQUE) type.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success,
+ * %GNUTLS_E_UNIMPLEMENTED_FEATURE if the @cbtype is unsupported,
+ * %GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE if the data is not
+ * currently available, or an error code.
+ *
+ * Since: 2.12.0
+ **/
+int
+gnutls_session_channel_binding (gnutls_session_t session,
+ gnutls_channel_binding_t cbtype,
+ gnutls_datum_t * cb)
+{
+ if (cbtype != GNUTLS_CB_TLS_UNIQUE)
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+
+ if (!session->internals.initial_negotiation_completed)
+ return GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE;
+
+ cb->size = session->internals.cb_tls_unique_len;
+ cb->data = gnutls_malloc (cb->size);
+ if (cb->data == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ memcpy (cb->data, session->internals.cb_tls_unique, cb->size);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2008, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_STATE_H
+#define GNUTLS_STATE_H
+
+#include <gnutls_int.h>
+
+void _gnutls_session_cert_type_set (gnutls_session_t session,
+ gnutls_certificate_type_t);
+void
+_gnutls_record_set_default_version (gnutls_session_t session,
+ unsigned char major, unsigned char minor);
+
+#include <gnutls_auth.h>
+
+#define CHECK_AUTH(auth, ret) if (gnutls_auth_get_type(session) != auth) { \
+ gnutls_assert(); \
+ return ret; \
+ }
+
+#endif
+
+int _gnutls_session_cert_type_supported (gnutls_session_t,
+ gnutls_certificate_type_t);
+int _gnutls_dh_set_secret_bits (gnutls_session_t session, unsigned bits);
+
+int _gnutls_dh_set_peer_public (gnutls_session_t session, bigint_t public);
+int _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen,
+ bigint_t prime);
+
+int _gnutls_dh_get_allowed_prime_bits (gnutls_session_t session);
+void _gnutls_handshake_internal_state_clear (gnutls_session_t);
+
+int _gnutls_rsa_export_set_pubkey (gnutls_session_t session,
+ bigint_t exponent, bigint_t modulus);
+
+int _gnutls_session_is_resumable (gnutls_session_t session);
+int _gnutls_session_is_export (gnutls_session_t session);
+
+int _gnutls_session_is_psk (gnutls_session_t session);
+
+int _gnutls_openpgp_send_fingerprint (gnutls_session_t session);
+
+int _gnutls_PRF (gnutls_session_t session,
+ const opaque * secret, int secret_size,
+ const char *label, int label_size,
+ const opaque * seed, int seed_size,
+ int total_bytes, void *ret);
+
+#define DEFAULT_CERT_TYPE GNUTLS_CRT_X509
--- /dev/null
+/*
+ * Copyright (C) 2002, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <gnutls_str.h>
+#include <stdarg.h>
+
+/* These function are like strcat, strcpy. They only
+ * do bound checking (they shouldn't cause buffer overruns),
+ * and they always produce null terminated strings.
+ *
+ * They should be used only with null terminated strings.
+ */
+void
+_gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen (src);
+ size_t dest_size = strlen (dest);
+
+ if (dest_tot_size - dest_size > str_size)
+ {
+ strcat (dest, src);
+ }
+ else
+ {
+ if (dest_tot_size - dest_size > 0)
+ {
+ strncat (dest, src, (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
+}
+
+void
+_gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen (src);
+
+ if (dest_tot_size > str_size)
+ {
+ strcpy (dest, src);
+ }
+ else
+ {
+ if (dest_tot_size > 0)
+ {
+ strncpy (dest, src, (dest_tot_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
+}
+
+void
+_gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size)
+{
+
+ if (dest_tot_size >= src_size)
+ {
+ memcpy (dest, src, src_size);
+ }
+ else
+ {
+ if (dest_tot_size > 0)
+ {
+ memcpy (dest, src, dest_tot_size);
+ }
+ }
+}
+
+void
+_gnutls_buffer_init (gnutls_buffer_st * str)
+{
+ str->data = str->allocd = NULL;
+ str->max_length = 0;
+ str->length = 0;
+}
+
+void
+_gnutls_buffer_clear (gnutls_buffer_st * str)
+{
+ if (str == NULL || str->allocd == NULL)
+ return;
+ gnutls_free (str->allocd);
+
+ str->data = str->allocd = NULL;
+ str->max_length = 0;
+ str->length = 0;
+}
+
+#define MIN_CHUNK 1024
+
+int
+_gnutls_buffer_append_data (gnutls_buffer_st * dest, const void *data,
+ size_t data_size)
+{
+ size_t tot_len = data_size + dest->length;
+
+ if (dest->max_length >= tot_len)
+ {
+ size_t unused = MEMSUB (dest->data, dest->allocd);
+
+ if (dest->max_length - unused <= tot_len)
+ {
+ if (dest->length && dest->data)
+ memmove (dest->allocd, dest->data, dest->length);
+
+ dest->data = dest->allocd;
+ }
+ memmove (&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ }
+ else
+ {
+ size_t unused = MEMSUB (dest->data, dest->allocd);
+ size_t new_len =
+ MAX (data_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
+
+ dest->allocd = gnutls_realloc (dest->allocd, new_len);
+ if (dest->allocd == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dest->max_length = new_len;
+ dest->data = dest->allocd + unused;
+
+ if (dest->length && dest->data)
+ memmove (dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+
+ memcpy (&dest->data[dest->length], data, data_size);
+ dest->length = tot_len;
+
+ return tot_len;
+ }
+}
+
+int
+_gnutls_buffer_resize (gnutls_buffer_st * dest, size_t new_size)
+{
+ if (dest->max_length >= new_size)
+ {
+ size_t unused = MEMSUB (dest->data, dest->allocd);
+ if (dest->max_length - unused <= new_size)
+ {
+ if (dest->length && dest->data)
+ memmove (dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+ }
+
+ return 0;
+ }
+ else
+ {
+ size_t unused = MEMSUB (dest->data, dest->allocd);
+ size_t alloc_len =
+ MAX (new_size, MIN_CHUNK) + MAX (dest->max_length, MIN_CHUNK);
+
+ dest->allocd = gnutls_realloc (dest->allocd, alloc_len);
+ if (dest->allocd == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ dest->max_length = alloc_len;
+ dest->data = dest->allocd + unused;
+
+ if (dest->length && dest->data)
+ memmove (dest->allocd, dest->data, dest->length);
+ dest->data = dest->allocd;
+
+ return 0;
+ }
+}
+
+int
+_gnutls_buffer_append_str (gnutls_buffer_st * dest, const char *src)
+{
+ return _gnutls_buffer_append_data (dest, src, strlen (src));
+}
+
+/* returns data from a string in a constant buffer.
+ * The data will NOT be valid if buffer is released or
+ * data are appended in the buffer.
+ */
+void
+_gnutls_buffer_pop_datum (gnutls_buffer_st * str, gnutls_datum_t * data,
+ size_t req_size)
+{
+
+ if (str->length == 0)
+ {
+ data->data = NULL;
+ data->size = 0;
+ return;
+ }
+
+ if (req_size > str->length)
+ req_size = str->length;
+
+ data->data = str->data;
+ data->size = req_size;
+
+ str->data += req_size;
+ str->length -= req_size;
+
+ /* if string becomes empty start from begining */
+ if (str->length == 0)
+ {
+ str->data = str->allocd;
+ }
+
+ return;
+}
+
+/* converts the buffer to a datum if possible. After this call the buffer
+ * is at an usable state and might not be used or deinitialized */
+int
+_gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data)
+{
+
+ if (str->length == 0)
+ {
+ data->data = NULL;
+ data->size = 0;
+ return 0;
+ }
+
+ if (str->allocd != str->data)
+ {
+ data->data = gnutls_malloc (str->length);
+ if (data->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy (data->data, str->data, str->length);
+ data->size = str->length;
+ _gnutls_buffer_clear (str);
+ }
+ else
+ {
+ data->data = str->data;
+ data->size = str->length;
+ }
+
+ return 0;
+}
+
+/* returns data from a string in a constant buffer.
+ */
+void
+_gnutls_buffer_pop_data (gnutls_buffer_st * str, void *data,
+ size_t * req_size)
+{
+ gnutls_datum_t tdata;
+
+ _gnutls_buffer_pop_datum (str, &tdata, *req_size);
+
+ *req_size = tdata.size;
+ memcpy (data, tdata.data, tdata.size);
+
+ return;
+}
+
+int
+_gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt, ...)
+{
+ va_list args;
+ int len;
+ char *str;
+
+ va_start (args, fmt);
+ len = vasprintf (&str, fmt, args);
+ va_end (args);
+
+ if (len < 0 || !str)
+ return -1;
+
+ len = _gnutls_buffer_append_str (dest, str);
+
+ free (str);
+
+ return len;
+}
+
+static int
+_gnutls_buffer_insert_data (gnutls_buffer_st * dest, int pos, const void *str,
+ size_t str_size)
+{
+ size_t orig_length = dest->length;
+ int ret;
+
+ ret = _gnutls_buffer_resize (dest, dest->length + str_size); /* resize to make space */
+ if (ret < 0)
+ return ret;
+
+ memmove (&dest->data[pos + str_size], &dest->data[pos], orig_length - pos);
+
+ memcpy (&dest->data[pos], str, str_size);
+ dest->length += str_size;
+
+ return 0;
+}
+
+static void
+_gnutls_buffer_delete_data (gnutls_buffer_st * dest, int pos, size_t str_size)
+{
+ memmove (&dest->data[pos], &dest->data[pos + str_size],
+ dest->length - pos - str_size);
+
+ dest->length -= str_size;
+
+ return;
+}
+
+
+int
+_gnutls_buffer_escape (gnutls_buffer_st * dest,
+ const char *const invalid_chars)
+{
+ int rv = -1;
+ char t[5];
+ int pos = 0;
+
+ while (pos < dest->length)
+ {
+
+ if (dest->data[pos] == '\\' || strchr (invalid_chars, dest->data[pos])
+ || !isgraph (dest->data[pos]))
+ {
+
+ snprintf (t, sizeof (t), "%%%.2X", (unsigned int) dest->data[pos]);
+
+ _gnutls_buffer_delete_data (dest, pos, 1);
+
+ if (_gnutls_buffer_insert_data (dest, pos, t, 3) < 0)
+ {
+ rv = -1;
+ goto cleanup;
+ }
+
+ }
+ pos++;
+ }
+
+ rv = 0;
+
+cleanup:
+
+ return rv;
+}
+
+int
+_gnutls_buffer_unescape (gnutls_buffer_st * dest)
+{
+ int rv = -1;
+ int pos = 0;
+
+ while (pos < dest->length)
+ {
+ if (dest->data[pos] == '%')
+ {
+ char b[3];
+ unsigned int u;
+ unsigned char x;
+
+ b[0] = dest->data[pos + 1];
+ b[1] = dest->data[pos + 2];
+ b[2] = 0;
+
+ sscanf (b, "%02x", &u);
+
+ x = u;
+
+ _gnutls_buffer_delete_data (dest, pos, 3);
+ _gnutls_buffer_insert_data (dest, pos, &x, 1);
+ }
+ pos++;
+ }
+
+ rv = 0;
+
+ return rv;
+}
+
+
+/* Converts the given string (old) to hex. A buffer must be provided
+ * to hold the new hex string. The new string will be null terminated.
+ * If the buffer does not have enough space to hold the string, a
+ * truncated hex string is returned (always null terminated).
+ */
+char *
+_gnutls_bin2hex (const void *_old, size_t oldlen,
+ char *buffer, size_t buffer_size, const char *separator)
+{
+ unsigned int i, j;
+ const opaque *old = _old;
+ int step = 2;
+ const char empty[] = "";
+
+ if (separator != NULL && separator[0] != 0)
+ step = 3;
+ else
+ separator = empty;
+
+ if (buffer_size < 3)
+ {
+ gnutls_assert();
+ return NULL;
+ }
+
+ i = j = 0;
+ sprintf (&buffer[j], "%.2x", old[i]);
+ j += 2;
+ i++;
+
+ for (; i < oldlen && j + step < buffer_size; j += step)
+ {
+ sprintf (&buffer[j], "%s%.2x", separator, old[i]);
+ i++;
+ }
+ buffer[j] = '\0';
+
+ return buffer;
+}
+
+/**
+ * gnutls_hex2bin:
+ * @hex_data: string with data in hex format
+ * @hex_size: size of hex data
+ * @bin_data: output array with binary data
+ * @bin_size: when calling *@bin_size should hold size of @bin_data,
+ * on return will hold actual size of @bin_data.
+ *
+ * Convert a buffer with hex data to binary data.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_hex2bin (const char *hex_data,
+ size_t hex_size, char *bin_data, size_t * bin_size)
+{
+ return _gnutls_hex2bin (hex_data, (int) hex_size, bin_data, bin_size);
+}
+
+int
+_gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data,
+ size_t * bin_size)
+{
+ int i, j;
+ opaque hex2_data[3];
+ unsigned long val;
+
+ hex2_data[2] = 0;
+
+ for (i = j = 0; i < hex_size;)
+ {
+ if (!isxdigit (hex_data[i])) /* skip non-hex such as the ':' in 00:FF */
+ {
+ i++;
+ continue;
+ }
+
+ if (j > *bin_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ hex2_data[0] = hex_data[i];
+ hex2_data[1] = hex_data[i + 1];
+ i += 2;
+
+ val = strtoul ((char *) hex2_data, NULL, 16);
+ if (val == ULONG_MAX)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ bin_data[j] = val;
+ j++;
+ }
+ *bin_size = j;
+
+ return 0;
+}
+
+
+/* compare hostname against certificate, taking account of wildcards
+ * return 1 on success or 0 on error
+ *
+ * note: certnamesize is required as X509 certs can contain embedded NULs in
+ * the strings such as CN or subjectAltName
+ */
+int
+_gnutls_hostname_compare (const char *certname,
+ size_t certnamesize, const char *hostname)
+{
+ /* find the first different character */
+ for (; *certname && *hostname && toupper (*certname) == toupper (*hostname);
+ certname++, hostname++, certnamesize--)
+ ;
+
+ /* the strings are the same */
+ if (certnamesize == 0 && *hostname == '\0')
+ return 1;
+
+ if (*certname == '*')
+ {
+ /* a wildcard certificate */
+
+ certname++;
+ certnamesize--;
+
+ while (1)
+ {
+ /* Use a recursive call to allow multiple wildcards */
+ if (_gnutls_hostname_compare (certname, certnamesize, hostname))
+ return 1;
+
+ /* wildcards are only allowed to match a single domain
+ component or component fragment */
+ if (*hostname == '\0' || *hostname == '.')
+ break;
+ hostname++;
+ }
+
+ return 0;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size)
+{
+ opaque ss[4];
+ _gnutls_write_uint32 (data_size, ss);
+ return _gnutls_buffer_append_data (buf, ss, 4);
+}
+
+/* Reads an uint32 number from the buffer. If check is non zero it will also check whether
+ * the number read, is less than the data in the buffer
+ */
+int
+_gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
+ int check)
+{
+ size_t size;
+
+ if (buf->length < 4)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ size = _gnutls_read_uint32 (buf->data);
+ if (check && size > buf->length - 4)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+
+ buf->data += 4;
+ buf->length -= 4;
+
+ *data_size = size;
+
+ return 0;
+}
+
+int
+_gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
+ gnutls_datum_t * data)
+{
+ size_t size;
+ int ret;
+
+ ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (size > 0)
+ {
+ size_t osize = size;
+ _gnutls_buffer_pop_datum (buf, data, size);
+ if (osize != data->size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PARSING_ERROR;
+ }
+ }
+ else
+ {
+ data->size = 0;
+ data->data = NULL;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf, const void *data,
+ size_t data_size)
+{
+ _gnutls_buffer_append_prefix (buf, data_size);
+ if (data_size > 0)
+ return _gnutls_buffer_append_data (buf, data, data_size);
+
+ return 0;
+}
+
+int
+_gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
+ size_t * data_size)
+{
+ size_t size;
+ int ret;
+
+ ret = _gnutls_buffer_pop_prefix (buf, &size, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (size > 0)
+ _gnutls_buffer_pop_data (buf, data, data_size);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2007, 2008, 2009,
+ * 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_STR_H
+#define GNUTLS_STR_H
+
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+
+void _gnutls_str_cpy (char *dest, size_t dest_tot_size, const char *src);
+void _gnutls_mem_cpy (char *dest, size_t dest_tot_size, const char *src,
+ size_t src_size);
+void _gnutls_str_cat (char *dest, size_t dest_tot_size, const char *src);
+
+typedef struct
+{
+ opaque *allocd; /* pointer to allocated data */
+ opaque *data; /* API: pointer to data to copy from */
+ size_t max_length;
+ size_t length; /* API: current length */
+} gnutls_buffer_st;
+
+void _gnutls_buffer_init (gnutls_buffer_st *);
+void _gnutls_buffer_clear (gnutls_buffer_st *);
+int _gnutls_buffer_resize (gnutls_buffer_st *, size_t new_size);
+
+int _gnutls_buffer_append_str (gnutls_buffer_st *, const char *str);
+int _gnutls_buffer_append_data (gnutls_buffer_st *, const void *data,
+ size_t data_size);
+
+#include <gnutls_num.h>
+
+int _gnutls_buffer_append_prefix (gnutls_buffer_st * buf, size_t data_size);
+
+int _gnutls_buffer_append_data_prefix (gnutls_buffer_st * buf,
+ const void *data, size_t data_size);
+void _gnutls_buffer_pop_data (gnutls_buffer_st *, void *, size_t * size);
+void _gnutls_buffer_pop_datum (gnutls_buffer_st *, gnutls_datum_t *,
+ size_t max_size);
+
+int _gnutls_buffer_pop_prefix (gnutls_buffer_st * buf, size_t * data_size,
+ int check);
+
+int _gnutls_buffer_pop_data_prefix (gnutls_buffer_st * buf, void *data,
+ size_t * data_size);
+
+int _gnutls_buffer_pop_datum_prefix (gnutls_buffer_st * buf,
+ gnutls_datum_t * data);
+int _gnutls_buffer_to_datum (gnutls_buffer_st * str, gnutls_datum_t * data);
+
+int _gnutls_buffer_escape (gnutls_buffer_st * dest,
+ const char *const invalid_chars);
+int _gnutls_buffer_unescape (gnutls_buffer_st * dest);
+
+#ifndef __attribute__
+/* This feature is available in gcc versions 2.5 and later. */
+#if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
+#define __attribute__(Spec) /* empty */
+#endif
+#endif
+
+int _gnutls_buffer_append_printf (gnutls_buffer_st * dest, const char *fmt,
+ ...)
+ __attribute__ ((format (printf, 2, 3)));
+
+char *_gnutls_bin2hex (const void *old, size_t oldlen, char *buffer,
+ size_t buffer_size, const char *separator);
+int _gnutls_hex2bin (const opaque * hex_data, int hex_size, opaque * bin_data,
+ size_t * bin_size);
+
+int _gnutls_hostname_compare (const char *certname, size_t certnamesize,
+ const char *hostname);
+#define MAX_CN 256
+
+#define BUFFER_APPEND(b, x, s) { \
+ ret = _gnutls_buffer_append_data(b, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
+ }
+
+#define BUFFER_APPEND_PFX(b, x, s) { \
+ ret = _gnutls_buffer_append_data_prefix(b, x, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
+ }
+
+#define BUFFER_APPEND_NUM(b, s) { \
+ ret = _gnutls_buffer_append_prefix(b, s); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ return ret; \
+ } \
+ }
+
+
+#define BUFFER_POP(b, x, s) { \
+ size_t is = s; \
+ _gnutls_buffer_pop_data(b, x, &is); \
+ if (is != s) { \
+ ret = GNUTLS_E_PARSING_ERROR; \
+ gnutls_assert(); \
+ goto error; \
+ } \
+ }
+
+#define BUFFER_POP_DATUM(b, o) { \
+ gnutls_datum_t d; \
+ ret = _gnutls_buffer_pop_datum_prefix(b, &d); \
+ if (ret >= 0) \
+ ret = _gnutls_set_datum (o, d.data, d.size); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
+ }
+
+#define BUFFER_POP_NUM(b, o) { \
+ size_t s; \
+ ret = _gnutls_buffer_pop_prefix(b, &s, 0); \
+ if (ret < 0) { \
+ gnutls_assert(); \
+ goto error; \
+ } \
+ o = s; \
+ }
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2007, 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains support functions for 'TLS Handshake Message for
+ * Supplemental Data' (RFC 4680).
+ *
+ * The idea here is simple. gnutls_handshake() in gnuts_handshake.c
+ * will call _gnutls_gen_supplemental and _gnutls_parse_supplemental
+ * when some extension requested that supplemental data be sent or
+ * received. Extension request this by setting the flags
+ * do_recv_supplemental or do_send_supplemental in the session.
+ *
+ * The functions in this file iterate through the _gnutls_supplemental
+ * array, and calls the send/recv functions for each respective data
+ * type.
+ *
+ * The receive function of each data type is responsible for decoding
+ * its own data. If the extension did not expect to receive
+ * supplemental data, it should return GNUTLS_E_UNEXPECTED_PACKET.
+ * Otherwise, it just parse the data as normal.
+ *
+ * The send function needs to append the 2-byte data format type, and
+ * append the 2-byte length of its data, and the data. If it doesn't
+ * want to send any data, it is fine to return without doing anything.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_supplemental.h"
+#include "gnutls_errors.h"
+#include "gnutls_num.h"
+
+typedef int (*supp_recv_func) (gnutls_session_t session,
+ const opaque * data, size_t data_size);
+typedef int (*supp_send_func) (gnutls_session_t session,
+ gnutls_buffer_st * buf);
+
+typedef struct
+{
+ const char *name;
+ gnutls_supplemental_data_format_type_t type;
+ supp_recv_func supp_recv_func;
+ supp_send_func supp_send_func;
+} gnutls_supplemental_entry;
+
+gnutls_supplemental_entry _gnutls_supplemental[] = {
+ {0, 0, 0, 0}
+};
+
+/**
+ * gnutls_supplemental_get_name:
+ * @type: is a supplemental data format type
+ *
+ * Convert a #gnutls_supplemental_data_format_type_t value to a
+ * string.
+ *
+ * Returns: a string that contains the name of the specified
+ * supplemental data format type, or %NULL for unknown types.
+ **/
+const char *
+gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t type)
+{
+ gnutls_supplemental_entry *p;
+
+ for (p = _gnutls_supplemental; p->name != NULL; p++)
+ if (p->type == type)
+ return p->name;
+
+ return NULL;
+}
+
+static supp_recv_func
+get_supp_func_recv (gnutls_supplemental_data_format_type_t type)
+{
+ gnutls_supplemental_entry *p;
+
+ for (p = _gnutls_supplemental; p->name != NULL; p++)
+ if (p->type == type)
+ return p->supp_recv_func;
+
+ return NULL;
+}
+
+int
+_gnutls_gen_supplemental (gnutls_session_t session, gnutls_buffer_st * buf)
+{
+ gnutls_supplemental_entry *p;
+ int ret;
+
+ /* Make room for 3 byte length field. */
+ ret = _gnutls_buffer_append_data (buf, "\0\0\0", 3);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ for (p = _gnutls_supplemental; p->name; p++)
+ {
+ supp_send_func supp_send = p->supp_send_func;
+ size_t sizepos = buf->length;
+
+ /* Make room for supplement type and length byte length field. */
+ ret = _gnutls_buffer_append_data (buf, "\0\0\0\0", 4);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = supp_send (session, buf);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* If data were added, store type+length, otherwise reset. */
+ if (buf->length > sizepos + 4)
+ {
+ buf->data[sizepos] = 0;
+ buf->data[sizepos + 1] = p->type;
+ buf->data[sizepos + 2] = ((buf->length - sizepos - 4) >> 8) & 0xFF;
+ buf->data[sizepos + 3] = (buf->length - sizepos - 4) & 0xFF;
+ }
+ else
+ buf->length -= 4;
+ }
+
+ buf->data[0] = ((buf->length - 3) >> 16) & 0xFF;
+ buf->data[1] = ((buf->length - 3) >> 8) & 0xFF;
+ buf->data[2] = (buf->length - 3) & 0xFF;
+
+ _gnutls_debug_log ("EXT[%p]: Sending %d bytes of supplemental data\n",
+ session, (int) buf->length);
+
+ return buf->length;
+}
+
+int
+_gnutls_parse_supplemental (gnutls_session_t session,
+ const uint8_t * data, int datalen)
+{
+ const opaque *p = data;
+ ssize_t dsize = datalen;
+ size_t total_size;
+
+ DECR_LEN (dsize, 3);
+ total_size = _gnutls_read_uint24 (p);
+ p += 3;
+
+ if (dsize != (ssize_t) total_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ do
+ {
+ uint16_t supp_data_type;
+ uint16_t supp_data_length;
+ supp_recv_func recv_func;
+
+ DECR_LEN (dsize, 2);
+ supp_data_type = _gnutls_read_uint16 (p);
+ p += 2;
+
+ DECR_LEN (dsize, 2);
+ supp_data_length = _gnutls_read_uint16 (p);
+ p += 2;
+
+ _gnutls_debug_log ("EXT[%p]: Got supplemental type=%02x length=%d\n",
+ session, supp_data_type, supp_data_length);
+
+ recv_func = get_supp_func_recv (supp_data_type);
+ if (recv_func)
+ {
+ int ret = recv_func (session, p, supp_data_length);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER;
+ }
+
+ DECR_LEN (dsize, supp_data_length);
+ p += supp_data_length;
+ }
+ while (dsize > 0);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2007, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+
+int _gnutls_parse_supplemental (gnutls_session_t session,
+ const uint8_t * data, int data_size);
+int _gnutls_gen_supplemental (gnutls_session_t session,
+ gnutls_buffer_st * buf);
--- /dev/null
+/*
+ * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains certificate authentication functions to be exported in the
+ * API and did not fit elsewhere.
+ */
+
+#include <gnutls_int.h>
+#include <auth_srp.h>
+#include <auth_anon.h>
+#include <auth_cert.h>
+#include <auth_psk.h>
+#include <gnutls_errors.h>
+#include <gnutls_auth.h>
+#include <gnutls_state.h>
+#include <gnutls_datum.h>
+
+/* ANON & DHE */
+
+/**
+ * gnutls_dh_set_prime_bits:
+ * @session: is a #gnutls_session_t structure.
+ * @bits: is the number of bits
+ *
+ * This function sets the number of bits, for use in an Diffie-Hellman
+ * key exchange. This is used both in DH ephemeral and DH anonymous
+ * cipher suites. This will set the minimum size of the prime that
+ * will be used for the handshake.
+ *
+ * In the client side it sets the minimum accepted number of bits. If
+ * a server sends a prime with less bits than that
+ * %GNUTLS_E_DH_PRIME_UNACCEPTABLE will be returned by the handshake.
+ *
+ * This function has no effect in server side.
+ *
+ **/
+void
+gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits)
+{
+ session->internals.dh_prime_bits = bits;
+}
+
+
+/**
+ * gnutls_dh_get_group:
+ * @session: is a gnutls session
+ * @raw_gen: will hold the generator.
+ * @raw_prime: will hold the prime.
+ *
+ * This function will return the group parameters used in the last
+ * Diffie-Hellman key exchange with the peer. These are the prime and
+ * the generator used. This function should be used for both
+ * anonymous and ephemeral Diffie-Hellman. The output parameters must
+ * be freed with gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_dh_get_group (gnutls_session_t session,
+ gnutls_datum_t * raw_gen, gnutls_datum_t * raw_prime)
+{
+ dh_info_st *dh;
+ int ret;
+ anon_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+ psk_auth_info_t psk_info;
+
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ anon_info = _gnutls_get_auth_info (session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ case GNUTLS_CRD_PSK:
+ psk_info = _gnutls_get_auth_info (session);
+ if (psk_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &psk_info->dh;
+ break;
+ case GNUTLS_CRD_CERTIFICATE:
+ cert_info = _gnutls_get_auth_info (session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_set_datum (raw_prime, dh->prime.data, dh->prime.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_set_datum (raw_gen, dh->generator.data, dh->generator.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (raw_prime);
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_dh_get_pubkey:
+ * @session: is a gnutls session
+ * @raw_key: will hold the public key.
+ *
+ * This function will return the peer's public key used in the last
+ * Diffie-Hellman key exchange. This function should be used for both
+ * anonymous and ephemeral Diffie-Hellman. The output parameters must
+ * be freed with gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_dh_get_pubkey (gnutls_session_t session, gnutls_datum_t * raw_key)
+{
+ dh_info_st *dh;
+ anon_auth_info_t anon_info;
+ cert_auth_info_t cert_info;
+ cert_auth_info_t psk_info;
+
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_info = _gnutls_get_auth_info (session);
+ if (anon_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &anon_info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_info = _gnutls_get_auth_info (session);
+ if (psk_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &psk_info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+
+ cert_info = _gnutls_get_auth_info (session);
+ if (cert_info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &cert_info->dh;
+ break;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_set_datum (raw_key, dh->public_key.data,
+ dh->public_key.size);
+}
+
+/**
+ * gnutls_rsa_export_get_pubkey:
+ * @session: is a gnutls session
+ * @exponent: will hold the exponent.
+ * @modulus: will hold the modulus.
+ *
+ * This function will return the peer's public key exponent and
+ * modulus used in the last RSA-EXPORT authentication. The output
+ * parameters must be freed with gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_rsa_export_get_pubkey (gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus)
+{
+ cert_auth_info_t info;
+ int ret;
+
+ if (gnutls_auth_get_type (session) == GNUTLS_CRD_CERTIFICATE)
+ {
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ ret = _gnutls_set_datum (modulus, info->rsa_export.modulus.data,
+ info->rsa_export.modulus.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_set_datum (exponent, info->rsa_export.exponent.data,
+ info->rsa_export.exponent.size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (modulus);
+ return ret;
+ }
+
+ return 0;
+ }
+
+ return GNUTLS_E_INVALID_REQUEST;
+}
+
+
+/**
+ * gnutls_dh_get_secret_bits:
+ * @session: is a gnutls session
+ *
+ * This function will return the bits used in the last Diffie-Hellman
+ * key exchange with the peer. Should be used for both anonymous and
+ * ephemeral Diffie-Hellman.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_dh_get_secret_bits (gnutls_session_t session)
+{
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return info->dh.secret_bits;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ return info->dh.secret_bits;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+}
+
+static int
+mpi_buf2bits (gnutls_datum_t * mpi_buf)
+{
+ bigint_t mpi;
+ int rc;
+
+ rc = _gnutls_mpi_scan_nz (&mpi, mpi_buf->data, mpi_buf->size);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = _gnutls_mpi_get_nbits (mpi);
+ _gnutls_mpi_release (&mpi);
+
+ return rc;
+}
+
+/**
+ * gnutls_dh_get_prime_bits:
+ * @session: is a gnutls session
+ *
+ * This function will return the bits of the prime used in the last
+ * Diffie-Hellman key exchange with the peer. Should be used for both
+ * anonymous and ephemeral Diffie-Hellman. Note that some ciphers,
+ * like RSA and DSA without DHE, does not use a Diffie-Hellman key
+ * exchange, and then this function will return 0.
+ *
+ * Returns: The Diffie-Hellman bit strength is returned, or 0 if no
+ * Diffie-Hellman key exchange was done, or a negative error code on
+ * failure.
+ **/
+int
+gnutls_dh_get_prime_bits (gnutls_session_t session)
+{
+ dh_info_st *dh;
+
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return mpi_buf2bits (&dh->prime);
+}
+
+/**
+ * gnutls_rsa_export_get_modulus_bits:
+ * @session: is a gnutls session
+ *
+ * Get the export RSA parameter's modulus size.
+ *
+ * Returns: the bits used in the last RSA-EXPORT key exchange with the
+ * peer, or a negative value in case of error.
+ **/
+int
+gnutls_rsa_export_get_modulus_bits (gnutls_session_t session)
+{
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ return mpi_buf2bits (&info->rsa_export.modulus);
+}
+
+/**
+ * gnutls_dh_get_peers_public_bits:
+ * @session: is a gnutls session
+ *
+ * Get the Diffie-Hellman public key bit size. Can be used for both
+ * anonymous and ephemeral Diffie-Hellman.
+ *
+ * Returns: the public key bit size used in the last Diffie-Hellman
+ * key exchange with the peer, or a negative value in case of error.
+ **/
+int
+gnutls_dh_get_peers_public_bits (gnutls_session_t session)
+{
+ dh_info_st *dh;
+
+ switch (gnutls_auth_get_type (session))
+ {
+ case GNUTLS_CRD_ANON:
+ {
+ anon_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_PSK:
+ {
+ psk_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ case GNUTLS_CRD_CERTIFICATE:
+ {
+ cert_auth_info_t info;
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ dh = &info->dh;
+ break;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return mpi_buf2bits (&dh->public_key);
+}
+
+/* CERTIFICATE STUFF */
+
+/**
+ * gnutls_certificate_get_ours:
+ * @session: is a gnutls session
+ *
+ * Get the certificate as sent to the peer, in the last handshake.
+ * These certificates are in raw format. In X.509 this is a
+ * certificate list. In OpenPGP this is a single certificate.
+ *
+ * Returns: return a pointer to a #gnutls_datum_t containing our
+ * certificates, or %NULL in case of an error or if no certificate
+ * was used.
+ **/
+const gnutls_datum_t *
+gnutls_certificate_get_ours (gnutls_session_t session)
+{
+ gnutls_certificate_credentials_t cred;
+
+ CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL);
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL || cred->cert_list == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ if (session->internals.selected_cert_list == NULL)
+ return NULL;
+
+ return &session->internals.selected_cert_list[0].raw;
+}
+
+/**
+ * gnutls_certificate_get_peers:
+ * @session: is a gnutls session
+ * @list_size: is the length of the certificate list
+ *
+ * Get the peer's raw certificate (chain) as sent by the peer. These
+ * certificates are in raw format (DER encoded for X.509). In case of
+ * a X.509 then a certificate list may be present. The first
+ * certificate in the list is the peer's certificate, following the
+ * issuer's certificate, then the issuer's issuer etc.
+ *
+ * In case of OpenPGP keys a single key will be returned in raw
+ * format.
+ *
+ * Returns: return a pointer to a #gnutls_datum_t containing our
+ * certificates, or %NULL in case of an error or if no certificate
+ * was used.
+ **/
+const gnutls_datum_t *
+gnutls_certificate_get_peers (gnutls_session_t
+ session, unsigned int *list_size)
+{
+ cert_auth_info_t info;
+
+ CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, NULL);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ return NULL;
+
+ *list_size = info->ncerts;
+ return info->raw_certificate_list;
+}
+
+
+/**
+ * gnutls_certificate_client_get_request_status:
+ * @session: is a gnutls session
+ *
+ * Get whether client certificate is requested or not.
+ *
+ * Returns: 0 if the peer (server) did not request client
+ * authentication or 1 otherwise, or a negative value in case of
+ * error.
+ **/
+int
+gnutls_certificate_client_get_request_status (gnutls_session_t session)
+{
+ return session->key->certificate_requested;
+}
+
+/**
+ * gnutls_fingerprint:
+ * @algo: is a digest algorithm
+ * @data: is the data
+ * @result: is the place where the result will be copied (may be null).
+ * @result_size: should hold the size of the result. The actual size
+ * of the returned result will also be copied there.
+ *
+ * This function will calculate a fingerprint (actually a hash), of
+ * the given data. The result is not printable data. You should
+ * convert it to hex, or to something else printable.
+ *
+ * This is the usual way to calculate a fingerprint of an X.509 DER
+ * encoded certificate. Note however that the fingerprint of an
+ * OpenPGP is not just a hash and cannot be calculated with this
+ * function.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_fingerprint (gnutls_digest_algorithm_t algo,
+ const gnutls_datum_t * data, void *result,
+ size_t * result_size)
+{
+ digest_hd_st td;
+ int hash_len = _gnutls_hash_get_algo_len (HASH2MAC (algo));
+
+ if (hash_len < 0 || (unsigned) hash_len > *result_size || result == NULL)
+ {
+ *result_size = hash_len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *result_size = hash_len;
+
+ if (result)
+ {
+ int ret = _gnutls_hash_init (&td, HASH2MAC (algo));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&td, data->data, data->size);
+
+ _gnutls_hash_deinit (&td, result);
+ }
+
+ return 0;
+}
+
+
+/**
+ * gnutls_certificate_set_dh_params:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @dh_params: is a structure that holds Diffie-Hellman parameters.
+ *
+ * This function will set the Diffie-Hellman parameters for a
+ * certificate server to use. These parameters will be used in
+ * Ephemeral Diffie-Hellman cipher suites. Note that only a pointer
+ * to the parameters are stored in the certificate handle, so if you
+ * deallocate the parameters before the certificate is deallocated,
+ * you must change the parameters stored in the certificate first.
+ *
+ **/
+void
+gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
+ gnutls_dh_params_t dh_params)
+{
+ res->dh_params = dh_params;
+}
+
+/**
+ * gnutls_certificate_set_params_function:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @func: is the function to be called
+ *
+ * This function will set a callback in order for the server to get
+ * the Diffie-Hellman or RSA parameters for certificate
+ * authentication. The callback should return zero on success.
+ **/
+void
+gnutls_certificate_set_params_function (gnutls_certificate_credentials_t res,
+ gnutls_params_function * func)
+{
+ res->params_func = func;
+}
+
+
+/**
+ * gnutls_certificate_set_verify_flags:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @flags: are the flags
+ *
+ * This function will set the flags to be used at verification of the
+ * certificates. Flags must be OR of the
+ * #gnutls_certificate_verify_flags enumerations.
+ *
+ **/
+void
+gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
+ res, unsigned int flags)
+{
+ res->verify_flags = flags;
+}
+
+/**
+ * gnutls_certificate_set_verify_limits:
+ * @res: is a gnutls_certificate_credentials structure
+ * @max_bits: is the number of bits of an acceptable certificate (default 8200)
+ * @max_depth: is maximum depth of the verification of a certificate chain (default 5)
+ *
+ * This function will set some upper limits for the default
+ * verification function, gnutls_certificate_verify_peers2(), to avoid
+ * denial of service attacks. You can set them to zero to disable
+ * limits.
+ **/
+void
+gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res,
+ unsigned int max_bits,
+ unsigned int max_depth)
+{
+ res->verify_depth = max_depth;
+ res->verify_bits = max_bits;
+}
+
+/**
+ * gnutls_certificate_set_rsa_export_params:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @rsa_params: is a structure that holds temporary RSA parameters.
+ *
+ * This function will set the temporary RSA parameters for a
+ * certificate server to use. These parameters will be used in
+ * RSA-EXPORT cipher suites.
+ **/
+void
+gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
+ res, gnutls_rsa_params_t rsa_params)
+{
+ res->rsa_params = rsa_params;
+}
+
+/**
+ * gnutls_psk_set_params_function:
+ * @res: is a gnutls_psk_server_credentials_t structure
+ * @func: is the function to be called
+ *
+ * This function will set a callback in order for the server to get
+ * the Diffie-Hellman or RSA parameters for PSK authentication. The
+ * callback should return zero on success.
+ **/
+void
+gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func)
+{
+ res->params_func = func;
+}
+
+/**
+ * gnutls_anon_set_params_function:
+ * @res: is a gnutls_anon_server_credentials_t structure
+ * @func: is the function to be called
+ *
+ * This function will set a callback in order for the server to get
+ * the Diffie-Hellman or RSA parameters for anonymous authentication.
+ * The callback should return zero on success.
+ **/
+void
+gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
+ gnutls_params_function * func)
+{
+ res->params_func = func;
+}
--- /dev/null
+/*
+ * Copyright (C) 2001, 2004, 2005, 2006, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions to parse the SSLv2.0 hello message.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_dh.h"
+#include "debug.h"
+#include "gnutls_algorithms.h"
+#include "gnutls_compress.h"
+#include "gnutls_cipher.h"
+#include "gnutls_buffers.h"
+#include "gnutls_kx.h"
+#include "gnutls_handshake.h"
+#include "gnutls_num.h"
+#include "gnutls_hash_int.h"
+#include "gnutls_db.h"
+#include "gnutls_extensions.h"
+#include "gnutls_auth.h"
+#include "gnutls_v2_compat.h"
+#include "gnutls_constate.h"
+
+/* This selects the best supported ciphersuite from the ones provided */
+static int
+_gnutls_handshake_select_v2_suite (gnutls_session_t session,
+ opaque * data, int datalen)
+{
+ int i, j, ret;
+ opaque *_data;
+ int _datalen;
+
+ _gnutls_handshake_log ("HSK[%p]: Parsing a version 2.0 client hello.\n",
+ session);
+
+ _data = gnutls_malloc (datalen);
+ if (_data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (datalen % 3 != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ i = _datalen = 0;
+ for (j = 0; j < datalen; j += 3)
+ {
+ if (data[j] == 0)
+ {
+ memcpy (&_data[i], &data[j + 1], 2);
+ i += 2;
+ _datalen += 2;
+ }
+ }
+
+ ret = _gnutls_server_select_suite (session, _data, _datalen);
+ gnutls_free (_data);
+
+ return ret;
+
+}
+
+
+/* Read a v2 client hello. Some browsers still use that beast!
+ * However they set their version to 3.0 or 3.1.
+ */
+int
+_gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
+ int datalen)
+{
+ uint16_t session_id_len = 0;
+ int pos = 0;
+ int ret = 0;
+ uint16_t sizeOfSuites;
+ gnutls_protocol_t adv_version;
+ opaque rnd[GNUTLS_RANDOM_SIZE];
+ int len = datalen;
+ int err;
+ uint16_t challenge;
+ opaque session_id[TLS_MAX_SESSION_ID_SIZE];
+
+ /* we only want to get here once - only in client hello */
+ session->internals.v2_hello = 0;
+
+ DECR_LEN (len, 2);
+
+ _gnutls_handshake_log
+ ("HSK[%p]: SSL 2.0 Hello: Client's version: %d.%d\n", session,
+ data[pos], data[pos + 1]);
+
+ set_adv_version (session, data[pos], data[pos + 1]);
+
+ adv_version = _gnutls_version_get (data[pos], data[pos + 1]);
+
+ ret = _gnutls_negotiate_version (session, adv_version);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ pos += 2;
+
+ /* Read uint16_t cipher_spec_length */
+ DECR_LEN (len, 2);
+ sizeOfSuites = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ /* read session id length */
+ DECR_LEN (len, 2);
+ session_id_len = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ if (session_id_len > TLS_MAX_SESSION_ID_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;
+ }
+
+ /* read challenge length */
+ DECR_LEN (len, 2);
+ challenge = _gnutls_read_uint16 (&data[pos]);
+ pos += 2;
+
+ if (challenge < 16 || challenge > GNUTLS_RANDOM_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_VERSION_PACKET;
+ }
+
+ /* call the user hello callback
+ */
+ ret = _gnutls_user_hello_func (session, adv_version);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* find an appropriate cipher suite */
+
+ DECR_LEN (len, sizeOfSuites);
+ ret = _gnutls_handshake_select_v2_suite (session, &data[pos], sizeOfSuites);
+
+ pos += sizeOfSuites;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* check if the credentials (username, public key etc.) are ok
+ */
+ if (_gnutls_get_kx_cred
+ (session,
+ _gnutls_cipher_suite_get_kx_algo (&session->
+ security_parameters.current_cipher_suite),
+ &err) == NULL && err != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ /* set the mod_auth_st to the appropriate struct
+ * according to the KX algorithm. This is needed since all the
+ * handshake functions are read from there;
+ */
+ session->internals.auth_struct =
+ _gnutls_kx_auth_struct (_gnutls_cipher_suite_get_kx_algo
+ (&session->
+ security_parameters.current_cipher_suite));
+ if (session->internals.auth_struct == NULL)
+ {
+
+ _gnutls_handshake_log
+ ("HSK[%p]: SSL 2.0 Hello: Cannot find the appropriate handler for the KX algorithm\n",
+ session);
+
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+
+
+ /* read random new values -skip session id for now */
+ DECR_LEN (len, session_id_len); /* skip session id for now */
+ memcpy (session_id, &data[pos], session_id_len);
+ pos += session_id_len;
+
+ DECR_LEN (len, challenge);
+ memset (rnd, 0, GNUTLS_RANDOM_SIZE);
+
+ memcpy (&rnd[GNUTLS_RANDOM_SIZE - challenge], &data[pos], challenge);
+
+ _gnutls_set_client_random (session, rnd);
+
+ /* generate server random value */
+
+ _gnutls_tls_create_random (rnd);
+ _gnutls_set_server_random (session, rnd);
+
+ session->security_parameters.timestamp = time (NULL);
+
+
+ /* RESUME SESSION */
+
+ DECR_LEN (len, session_id_len);
+ ret = _gnutls_server_restore_session (session, session_id, session_id_len);
+
+ if (ret == 0)
+ { /* resumed! */
+ /* get the new random values */
+ memcpy (session->internals.resumed_security_parameters.server_random,
+ session->security_parameters.server_random, GNUTLS_RANDOM_SIZE);
+ memcpy (session->internals.resumed_security_parameters.client_random,
+ session->security_parameters.client_random, GNUTLS_RANDOM_SIZE);
+
+ session->internals.resumed = RESUME_TRUE;
+ return 0;
+ }
+ else
+ {
+ _gnutls_generate_session_id (session->security_parameters.session_id,
+ &session->
+ security_parameters.session_id_size);
+ session->internals.resumed = RESUME_FALSE;
+ }
+
+ session->internals.compression_method = GNUTLS_COMP_NULL;
+ _gnutls_epoch_set_compression (session, EPOCH_NEXT, session->internals.compression_method);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+int _gnutls_read_client_hello_v2 (gnutls_session_t session, opaque * data,
+ int datalen);
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include "gnutls_auth.h"
+#include "gnutls_errors.h"
+#include <gnutls_cert.h>
+#include <auth_cert.h>
+#include "gnutls_dh.h"
+#include "gnutls_num.h"
+#include "gnutls_datum.h"
+#include <gnutls_pk.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_global.h>
+#include <gnutls_record.h>
+#include <gnutls_sig.h>
+#include <gnutls_state.h>
+#include <gnutls_pk.h>
+#include <gnutls_str.h>
+#include <debug.h>
+#include <x509_b64.h>
+#include <gnutls_x509.h>
+#include "x509/common.h"
+#include "x509/x509_int.h"
+#include "read-file.h"
+
+
+/*
+ * some x509 certificate parsing functions.
+ */
+
+/* Check if the number of bits of the key in the certificate
+ * is unacceptable.
+ */
+inline static int
+check_bits (gnutls_x509_crt_t crt, unsigned int max_bits)
+{
+ int ret;
+ unsigned int bits;
+
+ ret = gnutls_x509_crt_get_pk_algorithm (crt, &bits);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (bits > max_bits && max_bits > 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ return 0;
+}
+
+
+#define CLEAR_CERTS for(x=0;x<peer_certificate_list_size;x++) { \
+ if (peer_certificate_list[x]) \
+ gnutls_x509_crt_deinit(peer_certificate_list[x]); \
+ } \
+ gnutls_free( peer_certificate_list)
+
+/*-
+ * _gnutls_x509_cert_verify_peers - return the peer's certificate status
+ * @session: is a gnutls session
+ *
+ * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.).
+ * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements.
+ * However you must also check the peer's name in order to check if the verified certificate belongs to the
+ * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent.
+ -*/
+int
+_gnutls_x509_cert_verify_peers (gnutls_session_t session,
+ unsigned int *status)
+{
+ cert_auth_info_t info;
+ gnutls_certificate_credentials_t cred;
+ gnutls_x509_crt_t *peer_certificate_list;
+ int peer_certificate_list_size, i, x, ret;
+
+ CHECK_AUTH (GNUTLS_CRD_CERTIFICATE, GNUTLS_E_INVALID_REQUEST);
+
+ info = _gnutls_get_auth_info (session);
+ if (info == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ cred = (gnutls_certificate_credentials_t)
+ _gnutls_get_cred (session->key, GNUTLS_CRD_CERTIFICATE, NULL);
+ if (cred == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
+ }
+
+ if (info->raw_certificate_list == NULL || info->ncerts == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ if (info->ncerts > cred->verify_depth && cred->verify_depth > 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ /* generate a list of gnutls_certs based on the auth info
+ * raw certs.
+ */
+ peer_certificate_list_size = info->ncerts;
+ peer_certificate_list =
+ gnutls_calloc (peer_certificate_list_size, sizeof (gnutls_x509_crt_t));
+ if (peer_certificate_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < peer_certificate_list_size; i++)
+ {
+ ret = gnutls_x509_crt_init (&peer_certificate_list[i]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crt_import (peer_certificate_list[i],
+ &info->raw_certificate_list[i],
+ GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ ret = check_bits (peer_certificate_list[i], cred->verify_bits);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ CLEAR_CERTS;
+ return ret;
+ }
+
+ }
+
+ /* Verify certificate
+ */
+
+ ret = gnutls_x509_crt_list_verify (peer_certificate_list,
+ peer_certificate_list_size,
+ cred->x509_ca_list, cred->x509_ncas,
+ cred->x509_crl_list, cred->x509_ncrls,
+ cred->verify_flags | session->internals.
+ priorities.additional_verify_flags,
+ status);
+
+ CLEAR_CERTS;
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/*
+ * Read certificates and private keys, from files, memory etc.
+ */
+
+/* returns error if the certificate has different algorithm than
+ * the given key parameters.
+ */
+static int
+_gnutls_check_key_cert_match (gnutls_certificate_credentials_t res)
+{
+ unsigned int pk = res->cert_list[res->ncerts - 1][0].subject_pk_algorithm;
+
+ if (gnutls_privkey_get_pk_algorithm (res->pkey[res->ncerts - 1], NULL) !=
+ pk)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CERTIFICATE_KEY_MISMATCH;
+ }
+
+ return 0;
+}
+
+/* Reads a DER encoded certificate list from memory and stores it to a
+ * gnutls_cert structure. Returns the number of certificates parsed.
+ */
+static int
+parse_der_cert_mem (gnutls_certificate_credentials_t res,
+ const void *input_cert, int input_cert_size)
+{
+ gnutls_datum_t tmp;
+ gnutls_x509_crt_t crt;
+ gnutls_cert *ccert;
+ int ret;
+
+ ccert = gnutls_malloc (sizeof (*ccert));
+ if (ccert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init (&crt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ tmp.data = (opaque *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret = gnutls_x509_crt_import (crt, &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (crt);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0);
+ gnutls_x509_crt_deinit (crt);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = certificate_credential_append_crt_list (res, ccert, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return ret;
+
+cleanup:
+ gnutls_free (ccert);
+ return ret;
+}
+
+/* Reads a base64 encoded certificate list from memory and stores it to
+ * a gnutls_cert structure. Returns the number of certificate parsed.
+ */
+static int
+parse_pem_cert_mem (gnutls_certificate_credentials_t res,
+ const char *input_cert, int input_cert_size)
+{
+ int size, siz2;
+ const char *ptr;
+ opaque *ptr2;
+ gnutls_datum_t tmp;
+ int ret, count, i;
+ gnutls_cert *certs = NULL;
+
+ /* move to the certificate
+ */
+ ptr = memmem (input_cert, input_cert_size,
+ PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr == NULL)
+ ptr = memmem (input_cert, input_cert_size,
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+
+ if (ptr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ size = input_cert_size - (ptr - input_cert);
+
+ count = 0;
+
+ do
+ {
+
+ siz2 = _gnutls_fbase64_decode (NULL, ptr, size, &ptr2);
+ if (siz2 < 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_BASE64_DECODING_ERROR;
+ goto cleanup;
+ }
+
+ certs = gnutls_realloc_fast (certs, (count + 1) * sizeof (gnutls_cert));
+
+ if (certs == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ tmp.data = ptr2;
+ tmp.size = siz2;
+
+ ret = _gnutls_x509_raw_cert_to_gcert (&certs[count], &tmp, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum (&tmp); /* free ptr2 */
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = input_cert_size - (ptr - input_cert);
+
+ if (size > 0)
+ {
+ char *ptr3;
+
+ ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr3 == NULL)
+ ptr3 = memmem (ptr, size, PEM_CERT_SEP2,
+ sizeof (PEM_CERT_SEP2) - 1);
+
+ ptr = ptr3;
+ }
+ else
+ ptr = NULL;
+
+ count++;
+
+ }
+ while (ptr != NULL);
+
+ ret = certificate_credential_append_crt_list (res, certs, count);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return count;
+
+cleanup:
+ for (i=0;i<count;i++)
+ _gnutls_gcert_deinit(&certs[i]);
+ gnutls_free(certs);
+ return ret;
+}
+
+
+
+/* Reads a DER or PEM certificate from memory
+ */
+static int
+read_cert_mem (gnutls_certificate_credentials_t res, const void *cert,
+ int cert_size, gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_cert_mem (res, cert, cert_size);
+ else
+ ret = parse_pem_cert_mem (res, cert, cert_size);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+}
+
+static int
+_gnutls_x509_raw_privkey_to_privkey (gnutls_privkey_t * privkey,
+ const gnutls_datum_t * raw_key,
+ gnutls_x509_crt_fmt_t type)
+{
+ gnutls_x509_privkey_t tmpkey;
+ int ret;
+
+ ret = gnutls_x509_privkey_init (&tmpkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_x509_privkey_import (tmpkey, raw_key, type);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_privkey_deinit (tmpkey);
+ return ret;
+ }
+
+ ret = gnutls_privkey_init (privkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_privkey_deinit (tmpkey);
+ return ret;
+ }
+
+ ret =
+ gnutls_privkey_import_x509 (*privkey, tmpkey,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_privkey_deinit (tmpkey);
+ gnutls_privkey_deinit (*privkey);
+ return ret;
+ }
+
+ return 0;
+}
+
+/* Reads a PEM encoded PKCS-1 RSA/DSA private key from memory. Type
+ * indicates the certificate format. KEY can be NULL, to indicate
+ * that GnuTLS doesn't know the private key.
+ */
+static int
+read_key_mem (gnutls_certificate_credentials_t res,
+ const void *key, int key_size, gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+ gnutls_datum_t tmp;
+ gnutls_privkey_t privkey;
+
+ if (key)
+ {
+ tmp.data = (opaque *) key;
+ tmp.size = key_size;
+
+ ret = _gnutls_x509_raw_privkey_to_privkey (&privkey, &tmp, type);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = certificate_credentials_append_pkey (res, privkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_privkey_deinit (privkey);
+ return ret;
+ }
+
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ return 0;
+}
+
+/* Reads a private key from a token.
+ */
+static int
+read_key_url (gnutls_certificate_credentials_t res, const char *url)
+{
+ int ret;
+ gnutls_pkcs11_privkey_t key1 = NULL;
+ gnutls_privkey_t pkey = NULL;
+
+ /* allocate space for the pkey list
+ */
+
+ ret = gnutls_pkcs11_privkey_init (&key1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs11_privkey_import_url (key1, url, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_privkey_init (&pkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_privkey_import_pkcs11 (pkey, key1,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = certificate_credentials_append_pkey (res, pkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ if (pkey)
+ gnutls_privkey_deinit (pkey);
+
+ if (key1)
+ gnutls_pkcs11_privkey_deinit (key1);
+
+ return ret;
+}
+
+/* Reads a private key from a token.
+ */
+static int
+read_cas_url (gnutls_certificate_credentials_t res, const char *url)
+{
+ int ret;
+ gnutls_x509_crt_t *xcrt_list = NULL;
+ gnutls_pkcs11_obj_t *pcrt_list = NULL;
+ unsigned int pcrt_list_size = 0;
+
+ /* FIXME: should we use login? */
+ ret =
+ gnutls_pkcs11_obj_list_import_url (NULL, &pcrt_list_size, url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (pcrt_list_size == 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ pcrt_list = gnutls_malloc (sizeof (*pcrt_list) * pcrt_list_size);
+ if (pcrt_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_pkcs11_obj_list_import_url (pcrt_list, &pcrt_list_size, url,
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ xcrt_list = gnutls_malloc (sizeof (*xcrt_list) * pcrt_list_size);
+ if (xcrt_list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret =
+ gnutls_x509_crt_list_import_pkcs11 (xcrt_list, pcrt_list_size, pcrt_list,
+ 0);
+ if (xcrt_list == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ res->x509_ca_list = xcrt_list;
+ res->x509_ncas = pcrt_list_size;
+
+ gnutls_free (pcrt_list);
+
+ return pcrt_list_size;
+
+cleanup:
+ gnutls_free (xcrt_list);
+ gnutls_free (pcrt_list);
+
+ return ret;
+
+}
+
+
+/* Reads a private key from a token.
+ */
+static int
+read_cert_url (gnutls_certificate_credentials_t res, const char *url)
+{
+ int ret;
+ gnutls_x509_crt_t crt;
+ gnutls_cert *ccert;
+
+ ccert = gnutls_malloc (sizeof (*ccert));
+ if (ccert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init (&crt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ccert);
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_import_pkcs11_url (crt, url, 0);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ ret =
+ gnutls_x509_crt_import_pkcs11_url (crt, url,
+ GNUTLS_PKCS11_OBJ_FLAG_LOGIN);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ccert);
+ gnutls_x509_crt_deinit (crt);
+ return ret;
+ }
+
+ ret = _gnutls_x509_crt_to_gcert (ccert, crt, 0);
+ gnutls_x509_crt_deinit (crt);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ccert);
+ return ret;
+ }
+
+ ret = certificate_credential_append_crt_list (res, ccert, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ccert);
+ return ret;
+ }
+
+ return 0;
+
+}
+
+/* Reads a certificate file
+ */
+static int
+read_cert_file (gnutls_certificate_credentials_t res,
+ const char *certfile, gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+ size_t size;
+ char *data;
+
+ if (strncmp (certfile, "pkcs11:", 7) == 0)
+ {
+ return read_cert_url (res, certfile);
+ }
+
+ data = read_binary_file (certfile, &size);
+
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ret = read_cert_mem (res, data, size, type);
+ free (data);
+
+ return ret;
+
+}
+
+
+
+/* Reads PKCS-1 RSA private key file or a DSA file (in the format openssl
+ * stores it).
+ */
+static int
+read_key_file (gnutls_certificate_credentials_t res,
+ const char *keyfile, gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+ size_t size;
+ char *data;
+
+ if (strncmp (keyfile, "pkcs11:", 7) == 0)
+ {
+ return read_key_url (res, keyfile);
+ }
+
+ data = read_binary_file (keyfile, &size);
+
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ret = read_key_mem (res, data, size, type);
+ free (data);
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_x509_key_mem:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @cert: contains a certificate list (path) for the specified private key
+ * @key: is the private key, or %NULL
+ * @type: is PEM or DER
+ *
+ * This function sets a certificate/private key pair in the
+ * gnutls_certificate_credentials_t structure. This function may be called
+ * more than once (in case multiple keys/certificates exist for the
+ * server).
+ *
+ * Currently are supported: RSA PKCS-1 encoded private keys,
+ * DSA private keys.
+ *
+ * DSA private keys are encoded the OpenSSL way, which is an ASN.1
+ * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv.
+ *
+ * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates
+ * is supported. This means that certificates intended for signing cannot
+ * be used for ciphersuites that require encryption.
+ *
+ * If the certificate and the private key are given in PEM encoding
+ * then the strings that hold their values must be null terminated.
+ *
+ * The @key may be %NULL if you are using a sign callback, see
+ * gnutls_sign_callback_set().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+
+ /* this should be first
+ */
+ if ((ret = read_key_mem (res, key ? key->data : NULL,
+ key ? key->size : 0, type)) < 0)
+ return ret;
+
+ if ((ret = read_cert_mem (res, cert->data, cert->size, type)) < 0)
+ return ret;
+
+ res->ncerts++;
+
+ if (key && (ret = _gnutls_check_key_cert_match (res)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+int
+certificate_credential_append_crt_list (gnutls_certificate_credentials_t res,
+ gnutls_cert * crt, int nr)
+{
+ res->cert_list = gnutls_realloc_fast (res->cert_list,
+ (1 +
+ res->ncerts) *
+ sizeof (gnutls_cert *));
+ if (res->cert_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->cert_list_length = gnutls_realloc_fast (res->cert_list_length,
+ (1 +
+ res->ncerts) * sizeof (int));
+ if (res->cert_list_length == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->cert_list[res->ncerts] = crt;
+ res->cert_list_length[res->ncerts] = nr;
+
+ return 0;
+
+}
+
+int
+certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
+ gnutls_privkey_t pkey)
+{
+ res->pkey = gnutls_realloc_fast (res->pkey,
+ (1 + res->ncerts) *
+ sizeof (gnutls_privkey_t));
+ if (res->pkey == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ res->pkey[res->ncerts] = pkey;
+ return 0;
+
+}
+
+/**
+ * gnutls_certificate_set_x509_key:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @cert_list: contains a certificate list (path) for the specified private key
+ * @cert_list_size: holds the size of the certificate list
+ * @key: is a gnutls_x509_privkey_t key
+ *
+ * This function sets a certificate/private key pair in the
+ * gnutls_certificate_credentials_t structure. This function may be
+ * called more than once (in case multiple keys/certificates exist for
+ * the server). For clients that wants to send more than its own end
+ * entity certificate (e.g., also an intermediate CA cert) then put
+ * the certificate chain in @cert_list.
+ *
+ *
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key)
+{
+ int ret, i;
+ gnutls_privkey_t pkey;
+ gnutls_cert *pcerts = NULL;
+
+ /* this should be first
+ */
+ ret = gnutls_privkey_init (&pkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_privkey_import_x509 (pkey, key, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = certificate_credentials_append_pkey (res, pkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* load certificates */
+ pcerts = gnutls_malloc (sizeof (gnutls_cert) * cert_list_size);
+ if (pcerts == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < cert_list_size; i++)
+ {
+ ret = _gnutls_x509_crt_to_gcert (&pcerts[i], cert_list[i], 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ ret = certificate_credential_append_crt_list (res, pcerts, cert_list_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ res->ncerts++;
+
+ if ((ret = _gnutls_check_key_cert_match (res)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_certificate_set_x509_key_file:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @certfile: is a file that containing the certificate list (path) for
+ * the specified private key, in PKCS7 format, or a list of certificates
+ * @keyfile: is a file that contains the private key
+ * @type: is PEM or DER
+ *
+ * This function sets a certificate/private key pair in the
+ * gnutls_certificate_credentials_t structure. This function may be
+ * called more than once (in case multiple keys/certificates exist for
+ * the server). For clients that wants to send more than its own end
+ * entity certificate (e.g., also an intermediate CA cert) then put
+ * the certificate chain in @certfile.
+ *
+ * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by
+ * this function.
+ *
+ * This function can also accept PKCS #11 URLs. In that case it
+ * will import the private key and certificate indicated by the urls.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res,
+ const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+
+ /* this should be first
+ */
+ if ((ret = read_key_file (res, keyfile, type)) < 0)
+ return ret;
+
+ if ((ret = read_cert_file (res, certfile, type)) < 0)
+ return ret;
+
+ res->ncerts++;
+
+ if ((ret = _gnutls_check_key_cert_match (res)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+static int
+add_new_crt_to_rdn_seq (gnutls_certificate_credentials_t res, int new)
+{
+ gnutls_datum_t tmp;
+ int ret;
+ size_t newsize;
+ unsigned char *newdata;
+ unsigned i;
+
+ /* Add DN of the last added CAs to the RDN sequence
+ * This will be sent to clients when a certificate
+ * request message is sent.
+ */
+
+ /* FIXME: in case of a client it is not needed
+ * to do that. This would save time and memory.
+ * However we don't have that information available
+ * here.
+ * Further, this function is now much more efficient,
+ * so optimizing that is less important.
+ */
+
+ for (i = res->x509_ncas - new; i < res->x509_ncas; i++)
+ {
+ if ((ret = gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ newsize = res->x509_rdn_sequence.size + 2 + tmp.size;
+ if (newsize < res->x509_rdn_sequence.size)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&tmp);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ newdata = gnutls_realloc (res->x509_rdn_sequence.data, newsize);
+ if (newdata == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&tmp);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _gnutls_write_datum16 (newdata + res->x509_rdn_sequence.size, tmp);
+ _gnutls_free_datum (&tmp);
+
+ res->x509_rdn_sequence.size = newsize;
+ res->x509_rdn_sequence.data = newdata;
+ }
+
+ return 0;
+}
+
+/* Returns 0 if it's ok to use the gnutls_kx_algorithm_t with this
+ * certificate (uses the KeyUsage field).
+ */
+int
+_gnutls_check_key_usage (const gnutls_cert * cert, gnutls_kx_algorithm_t alg)
+{
+ unsigned int key_usage = 0;
+ int encipher_type;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (_gnutls_map_kx_get_cred (alg, 1) == GNUTLS_CRD_CERTIFICATE ||
+ _gnutls_map_kx_get_cred (alg, 0) == GNUTLS_CRD_CERTIFICATE)
+ {
+
+ key_usage = cert->key_usage;
+
+ encipher_type = _gnutls_kx_encipher_type (alg);
+
+ if (key_usage != 0 && encipher_type != CIPHER_IGN)
+ {
+ /* If key_usage has been set in the certificate
+ */
+
+ if (encipher_type == CIPHER_ENCRYPT)
+ {
+ /* If the key exchange method requires an encipher
+ * type algorithm, and key's usage does not permit
+ * encipherment, then fail.
+ */
+ if (!(key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+
+ if (encipher_type == CIPHER_SIGN)
+ {
+ /* The same as above, but for sign only keys
+ */
+ if (!(key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_KEY_USAGE_VIOLATION;
+ }
+ }
+ }
+ }
+ return 0;
+}
+
+
+
+static int
+parse_pem_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
+ const opaque * input_cert, int input_cert_size)
+{
+ int i, size;
+ const opaque *ptr;
+ gnutls_datum_t tmp;
+ int ret, count;
+
+ /* move to the certificate
+ */
+ ptr = memmem (input_cert, input_cert_size,
+ PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr == NULL)
+ ptr = memmem (input_cert, input_cert_size,
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+
+ if (ptr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ size = input_cert_size - (ptr - input_cert);
+
+ i = *ncerts + 1;
+ count = 0;
+
+ do
+ {
+
+ *cert_list =
+ (gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list,
+ i *
+ sizeof
+ (gnutls_x509_crt_t));
+
+ if (*cert_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_init (&cert_list[0][i - 1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ tmp.data = (opaque *) ptr;
+ tmp.size = size;
+
+ ret =
+ gnutls_x509_crt_import (cert_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ size--;
+ /* find the next certificate (if any)
+ */
+
+ if (size > 0)
+ {
+ char *ptr3;
+
+ ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr3 == NULL)
+ ptr3 = memmem (ptr, size,
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+
+ ptr = ptr3;
+ size = input_cert_size - (ptr - input_cert);
+ }
+ else
+ ptr = NULL;
+
+ i++;
+ count++;
+
+ }
+ while (ptr != NULL);
+
+ *ncerts = i - 1;
+
+ return count;
+}
+
+/* Reads a DER encoded certificate list from memory and stores it to a
+ * gnutls_cert structure. Returns the number of certificates parsed.
+ */
+static int
+parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts,
+ const void *input_cert, int input_cert_size)
+{
+ int i;
+ gnutls_datum_t tmp;
+ int ret;
+
+ i = *ncerts + 1;
+
+ *cert_list =
+ (gnutls_x509_crt_t *) gnutls_realloc_fast (*cert_list,
+ i *
+ sizeof (gnutls_x509_crt_t));
+
+ if (*cert_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tmp.data = (opaque *) input_cert;
+ tmp.size = input_cert_size;
+
+ ret = gnutls_x509_crt_init (&cert_list[0][i - 1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crt_import (cert_list[0][i - 1], &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ *ncerts = i;
+
+ return 1; /* one certificate parsed */
+}
+
+/**
+ * gnutls_certificate_set_x509_trust_mem:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @ca: is a list of trusted CAs or a DER certificate
+ * @type: is DER or PEM
+ *
+ * This function adds the trusted CAs in order to verify client or
+ * server certificates. In case of a client this is not required to be
+ * called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2(). This function may be called
+ * multiple times.
+ *
+ * In case of a server the CAs set here will be sent to the client if
+ * a certificate request is sent. This can be disabled using
+ * gnutls_certificate_send_x509_rdn_sequence().
+ *
+ * Returns: the number of certificates processed or a negative value
+ * on error.
+ **/
+int
+gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * ca,
+ gnutls_x509_crt_fmt_t type)
+{
+ int ret, ret2;
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas,
+ ca->data, ca->size);
+ else
+ ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas,
+ ca->data, ca->size);
+
+ if ((ret2 = add_new_crt_to_rdn_seq (res, ret)) < 0)
+ return ret2;
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_x509_trust:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @ca_list: is a list of trusted CAs
+ * @ca_list_size: holds the size of the CA list
+ *
+ * This function adds the trusted CAs in order to verify client
+ * or server certificates. In case of a client this is not required
+ * to be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().
+ * This function may be called multiple times.
+ *
+ * In case of a server the CAs set here will be sent to the client if
+ * a certificate request is sent. This can be disabled using
+ * gnutls_certificate_send_x509_rdn_sequence().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * ca_list,
+ int ca_list_size)
+{
+ int ret, i, ret2;
+
+ res->x509_ca_list = gnutls_realloc_fast (res->x509_ca_list,
+ (ca_list_size +
+ res->x509_ncas) *
+ sizeof (gnutls_x509_crt_t));
+ if (res->x509_ca_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < ca_list_size; i++)
+ {
+ ret = gnutls_x509_crt_init (&res->x509_ca_list[res->x509_ncas]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_x509_crt_cpy (res->x509_ca_list[res->x509_ncas],
+ ca_list[i]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (res->x509_ca_list[res->x509_ncas]);
+ return ret;
+ }
+ res->x509_ncas++;
+ }
+
+ if ((ret2 = add_new_crt_to_rdn_seq (res, ca_list_size)) < 0)
+ return ret2;
+
+ return 0;
+}
+
+/**
+ * gnutls_certificate_set_x509_trust_file:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @cafile: is a file containing the list of trusted CAs (DER or PEM list)
+ * @type: is PEM or DER
+ *
+ * This function adds the trusted CAs in order to verify client or
+ * server certificates. In case of a client this is not required to
+ * be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2(). This function may be called
+ * multiple times.
+ *
+ * In case of a server the names of the CAs set here will be sent to
+ * the client if a certificate request is sent. This can be disabled
+ * using gnutls_certificate_send_x509_rdn_sequence().
+ *
+ * This function can also accept PKCS #11 URLs. In that case it
+ * will import all certificates that are marked as trusted.
+ *
+ * Returns: number of certificates processed, or a negative value on
+ * error.
+ **/
+int
+gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res,
+ const char *cafile,
+ gnutls_x509_crt_fmt_t type)
+{
+ int ret, ret2;
+ size_t size;
+ char *data;
+
+ if (strncmp (cafile, "pkcs11:", 7) == 0)
+ {
+ return read_cas_url (res, cafile);
+ }
+
+ data = read_binary_file (cafile, &size);
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
+ else
+ ret = parse_pem_ca_mem (&res->x509_ca_list, &res->x509_ncas, data, size);
+
+ free (data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if ((ret2 = add_new_crt_to_rdn_seq (res, ret)) < 0)
+ return ret2;
+
+ return ret;
+}
+
+#ifdef ENABLE_PKI
+
+static int
+parse_pem_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
+ const opaque * input_crl, int input_crl_size)
+{
+ int size, i;
+ const opaque *ptr;
+ gnutls_datum_t tmp;
+ int ret, count;
+
+ /* move to the certificate
+ */
+ ptr = memmem (input_crl, input_crl_size,
+ PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
+ if (ptr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ size = input_crl_size - (ptr - input_crl);
+
+ i = *ncrls + 1;
+ count = 0;
+
+ do
+ {
+
+ *crl_list =
+ (gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list,
+ i *
+ sizeof
+ (gnutls_x509_crl_t));
+
+ if (*crl_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crl_init (&crl_list[0][i - 1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ tmp.data = (char *) ptr;
+ tmp.size = size;
+
+ ret =
+ gnutls_x509_crl_import (crl_list[0][i - 1],
+ &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+
+ size = input_crl_size - (ptr - input_crl);
+
+ if (size > 0)
+ ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1);
+ else
+ ptr = NULL;
+ i++;
+ count++;
+
+ }
+ while (ptr != NULL);
+
+ *ncrls = i - 1;
+
+ return count;
+}
+
+/* Reads a DER encoded certificate list from memory and stores it to a
+ * gnutls_cert structure. Returns the number of certificates parsed.
+ */
+static int
+parse_der_crl_mem (gnutls_x509_crl_t ** crl_list, unsigned *ncrls,
+ const void *input_crl, int input_crl_size)
+{
+ int i;
+ gnutls_datum_t tmp;
+ int ret;
+
+ i = *ncrls + 1;
+
+ *crl_list =
+ (gnutls_x509_crl_t *) gnutls_realloc_fast (*crl_list,
+ i *
+ sizeof (gnutls_x509_crl_t));
+
+ if (*crl_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ tmp.data = (opaque *) input_crl;
+ tmp.size = input_crl_size;
+
+ ret = gnutls_x509_crl_init (&crl_list[0][i - 1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crl_import (crl_list[0][i - 1], &tmp, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ *ncrls = i;
+
+ return 1; /* one certificate parsed */
+}
+
+
+/* Reads a DER or PEM CRL from memory
+ */
+static int
+read_crl_mem (gnutls_certificate_credentials_t res, const void *crl,
+ int crl_size, gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+
+ /* allocate space for the certificate to add
+ */
+ res->x509_crl_list = gnutls_realloc_fast (res->x509_crl_list,
+ (1 +
+ res->x509_ncrls) *
+ sizeof (gnutls_x509_crl_t));
+ if (res->x509_crl_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem (&res->x509_crl_list,
+ &res->x509_ncrls, crl, crl_size);
+ else
+ ret = parse_pem_crl_mem (&res->x509_crl_list,
+ &res->x509_ncrls, crl, crl_size);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_x509_crl_mem:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @CRL: is a list of trusted CRLs. They should have been verified before.
+ * @type: is DER or PEM
+ *
+ * This function adds the trusted CRLs in order to verify client or
+ * server certificates. In case of a client this is not required to
+ * be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2(). This function may be called
+ * multiple times.
+ *
+ * Returns: number of CRLs processed, or a negative value on error.
+ **/
+int
+gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * CRL,
+ gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+
+ if ((ret = read_crl_mem (res, CRL->data, CRL->size, type)) < 0)
+ return ret;
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_x509_crl:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @crl_list: is a list of trusted CRLs. They should have been verified before.
+ * @crl_list_size: holds the size of the crl_list
+ *
+ * This function adds the trusted CRLs in order to verify client or
+ * server certificates. In case of a client this is not required to
+ * be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2(). This function may be called
+ * multiple times.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size)
+{
+ int ret, i;
+
+ res->x509_crl_list = gnutls_realloc_fast (res->x509_crl_list,
+ (crl_list_size +
+ res->x509_ncrls) *
+ sizeof (gnutls_x509_crl_t));
+ if (res->x509_crl_list == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ for (i = 0; i < crl_list_size; i++)
+ {
+ ret = gnutls_x509_crl_init (&res->x509_crl_list[res->x509_ncrls]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_x509_crl_cpy (res->x509_crl_list[res->x509_ncrls],
+ crl_list[i]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ res->x509_ncrls++;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_certificate_set_x509_crl_file:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @crlfile: is a file containing the list of verified CRLs (DER or PEM list)
+ * @type: is PEM or DER
+ *
+ * This function adds the trusted CRLs in order to verify client or server
+ * certificates. In case of a client this is not required
+ * to be called if the certificates are not verified using
+ * gnutls_certificate_verify_peers2().
+ * This function may be called multiple times.
+ *
+ * Returns: number of CRLs processed or a negative value on error.
+ **/
+int
+gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res,
+ const char *crlfile,
+ gnutls_x509_crt_fmt_t type)
+{
+ int ret;
+ size_t size;
+ char *data = read_binary_file (crlfile, &size);
+
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ if (type == GNUTLS_X509_FMT_DER)
+ ret = parse_der_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
+ data, size);
+ else
+ ret = parse_pem_crl_mem (&res->x509_crl_list, &res->x509_ncrls,
+ data, size);
+
+ free (data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+}
+
+#include <gnutls/pkcs12.h>
+
+static int
+parse_pkcs12 (gnutls_certificate_credentials_t res,
+ gnutls_pkcs12_t p12,
+ const char *password,
+ gnutls_x509_privkey_t * key,
+ gnutls_x509_crt_t * cert, gnutls_x509_crl_t * crl)
+{
+ gnutls_pkcs12_bag_t bag = NULL;
+ int idx = 0;
+ int ret;
+ size_t cert_id_size = 0;
+ size_t key_id_size = 0;
+ opaque cert_id[20];
+ opaque key_id[20];
+ int privkey_ok = 0;
+
+ *cert = NULL;
+ *key = NULL;
+ *crl = NULL;
+
+ /* find the first private key */
+ for (;;)
+ {
+ int elements_in_bag;
+ int i;
+
+ ret = gnutls_pkcs12_bag_init (&bag);
+ if (ret < 0)
+ {
+ bag = NULL;
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_get_bag (p12, idx, bag);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_type (bag, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ if (ret == GNUTLS_BAG_ENCRYPTED)
+ {
+ ret = gnutls_pkcs12_bag_decrypt (bag, password);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+ }
+
+ elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
+ if (elements_in_bag < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ for (i = 0; i < elements_in_bag; i++)
+ {
+ int type;
+ gnutls_datum_t data;
+
+ type = gnutls_pkcs12_bag_get_type (bag, i);
+ if (type < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ switch (type)
+ {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ case GNUTLS_BAG_PKCS8_KEY:
+ if (*key != NULL) /* too simple to continue */
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ ret = gnutls_x509_privkey_init (key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_x509_privkey_import_pkcs8
+ (*key, &data, GNUTLS_X509_FMT_DER, password,
+ type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_privkey_deinit (*key);
+ goto done;
+ }
+
+ key_id_size = sizeof (key_id);
+ ret =
+ gnutls_x509_privkey_get_key_id (*key, 0, key_id,
+ &key_id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_privkey_deinit (*key);
+ goto done;
+ }
+
+ privkey_ok = 1; /* break */
+ break;
+ default:
+ break;
+ }
+ }
+
+ idx++;
+ gnutls_pkcs12_bag_deinit (bag);
+
+ if (privkey_ok != 0) /* private key was found */
+ break;
+ }
+
+ if (privkey_ok == 0) /* no private key */
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* now find the corresponding certificate
+ */
+ idx = 0;
+ bag = NULL;
+ for (;;)
+ {
+ int elements_in_bag;
+ int i;
+
+ ret = gnutls_pkcs12_bag_init (&bag);
+ if (ret < 0)
+ {
+ bag = NULL;
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_get_bag (p12, idx, bag);
+ if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_type (bag, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ if (ret == GNUTLS_BAG_ENCRYPTED)
+ {
+ ret = gnutls_pkcs12_bag_decrypt (bag, password);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+ }
+
+ elements_in_bag = gnutls_pkcs12_bag_get_count (bag);
+ if (elements_in_bag < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ for (i = 0; i < elements_in_bag; i++)
+ {
+ int type;
+ gnutls_datum_t data;
+
+ type = gnutls_pkcs12_bag_get_type (bag, i);
+ if (type < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_pkcs12_bag_get_data (bag, i, &data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ switch (type)
+ {
+ case GNUTLS_BAG_CERTIFICATE:
+ if (*cert != NULL) /* no need to set it again */
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ ret = gnutls_x509_crt_init (cert);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret =
+ gnutls_x509_crt_import (*cert, &data, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (*cert);
+ goto done;
+ }
+
+ /* check if the key id match */
+ cert_id_size = sizeof (cert_id);
+ ret =
+ gnutls_x509_crt_get_key_id (*cert, 0, cert_id, &cert_id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crt_deinit (*cert);
+ goto done;
+ }
+
+ if (memcmp (cert_id, key_id, cert_id_size) != 0)
+ { /* they don't match - skip the certificate */
+ gnutls_x509_crt_deinit (*cert);
+ *cert = NULL;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if (*crl != NULL)
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ ret = gnutls_x509_crl_init (crl);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+
+ ret = gnutls_x509_crl_import (*crl, &data, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_x509_crl_deinit (*crl);
+ goto done;
+ }
+ break;
+
+ case GNUTLS_BAG_ENCRYPTED:
+ /* XXX Bother to recurse one level down? Unlikely to
+ use the same password anyway. */
+ case GNUTLS_BAG_EMPTY:
+ default:
+ break;
+ }
+ }
+
+ idx++;
+ gnutls_pkcs12_bag_deinit (bag);
+ }
+
+ ret = 0;
+
+done:
+ if (bag)
+ gnutls_pkcs12_bag_deinit (bag);
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_x509_simple_pkcs12_file:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @pkcs12file: filename of file containing PKCS#12 blob.
+ * @type: is PEM or DER of the @pkcs12file.
+ * @password: optional password used to decrypt PKCS#12 file, bags and keys.
+ *
+ * This function sets a certificate/private key pair and/or a CRL in
+ * the gnutls_certificate_credentials_t structure. This function may
+ * be called more than once (in case multiple keys/certificates exist
+ * for the server).
+ *
+ * MAC:ed PKCS#12 files are supported. Encrypted PKCS#12 bags are
+ * supported. Encrypted PKCS#8 private keys are supported. However,
+ * only password based security, and the same password for all
+ * operations, are supported.
+ *
+ * The private keys may be RSA PKCS#1 or DSA private keys encoded in
+ * the OpenSSL way.
+ *
+ * PKCS#12 file may contain many keys and/or certificates, and there
+ * is no way to identify which key/certificate pair you want. You
+ * should make sure the PKCS#12 file only contain one key/certificate
+ * pair and/or one CRL.
+ *
+ * It is believed that the limitations of this function is acceptable
+ * for most usage, and that any more flexibility would introduce
+ * complexity that would make it harder to use this functionality at
+ * all.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+ gnutls_certificate_set_x509_simple_pkcs12_file
+ (gnutls_certificate_credentials_t res, const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type, const char *password)
+{
+ gnutls_datum_t p12blob;
+ size_t size;
+ int ret;
+
+ p12blob.data = read_binary_file (pkcs12file, &size);
+ p12blob.size = (unsigned int) size;
+ if (p12blob.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ ret =
+ gnutls_certificate_set_x509_simple_pkcs12_mem (res, &p12blob, type,
+ password);
+ free (p12blob.data);
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_x509_simple_pkcs12_mem:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @p12blob: the PKCS#12 blob.
+ * @type: is PEM or DER of the @pkcs12file.
+ * @password: optional password used to decrypt PKCS#12 file, bags and keys.
+ *
+ * This function sets a certificate/private key pair and/or a CRL in
+ * the gnutls_certificate_credentials_t structure. This function may
+ * be called more than once (in case multiple keys/certificates exist
+ * for the server).
+ *
+ * MAC:ed PKCS#12 files are supported. Encrypted PKCS#12 bags are
+ * supported. Encrypted PKCS#8 private keys are supported. However,
+ * only password based security, and the same password for all
+ * operations, are supported.
+ *
+ * The private keys may be RSA PKCS#1 or DSA private keys encoded in
+ * the OpenSSL way.
+ *
+ * PKCS#12 file may contain many keys and/or certificates, and there
+ * is no way to identify which key/certificate pair you want. You
+ * should make sure the PKCS#12 file only contain one key/certificate
+ * pair and/or one CRL.
+ *
+ * It is believed that the limitations of this function is acceptable
+ * for most usage, and that any more flexibility would introduce
+ * complexity that would make it harder to use this functionality at
+ * all.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.8.0
+ **/
+int
+ gnutls_certificate_set_x509_simple_pkcs12_mem
+ (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
+ gnutls_x509_crt_fmt_t type, const char *password)
+{
+ gnutls_pkcs12_t p12;
+ gnutls_x509_privkey_t key = NULL;
+ gnutls_x509_crt_t cert = NULL;
+ gnutls_x509_crl_t crl = NULL;
+ int ret;
+
+ ret = gnutls_pkcs12_init (&p12);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs12_import (p12, p12blob, type, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_pkcs12_deinit (p12);
+ return ret;
+ }
+
+ if (password)
+ {
+ ret = gnutls_pkcs12_verify_mac (p12, password);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_pkcs12_deinit (p12);
+ return ret;
+ }
+ }
+
+ ret = parse_pkcs12 (res, p12, password, &key, &cert, &crl);
+ gnutls_pkcs12_deinit (p12);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (key && cert)
+ {
+ ret = gnutls_certificate_set_x509_key (res, &cert, 1, key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+ }
+
+ if (crl)
+ {
+ ret = gnutls_certificate_set_x509_crl (res, &crl, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto done;
+ }
+ }
+
+ ret = 0;
+
+done:
+ if (cert)
+ gnutls_x509_crt_deinit (cert);
+ if (key)
+ gnutls_x509_privkey_deinit (key);
+ if (crl)
+ gnutls_x509_crl_deinit (crl);
+
+ return ret;
+}
+
+
+
+/**
+ * gnutls_certificate_free_crls:
+ * @sc: is a #gnutls_certificate_credentials_t structure.
+ *
+ * This function will delete all the CRLs associated
+ * with the given credentials.
+ **/
+void
+gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc)
+{
+ unsigned j;
+
+ for (j = 0; j < sc->x509_ncrls; j++)
+ {
+ gnutls_x509_crl_deinit (sc->x509_crl_list[j]);
+ }
+
+ sc->x509_ncrls = 0;
+
+ gnutls_free (sc->x509_crl_list);
+ sc->x509_crl_list = NULL;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <libtasn1.h>
+#include <gnutls/abstract.h>
+
+int _gnutls_x509_cert_verify_peers (gnutls_session_t session,
+ unsigned int *status);
+
+#define PEM_CERT_SEP2 "-----BEGIN X509 CERTIFICATE"
+#define PEM_CERT_SEP "-----BEGIN CERTIFICATE"
+
+#define PEM_CRL_SEP "-----BEGIN X509 CRL"
+
+#define PEM_KEY_RSA_SEP "-----BEGIN RSA"
+#define PEM_KEY_DSA_SEP "-----BEGIN DSA"
+
+int _gnutls_check_key_usage (const gnutls_cert * cert,
+ gnutls_kx_algorithm_t alg);
+
+int _gnutls_x509_raw_privkey_to_gkey (gnutls_privkey_t * privkey,
+ const gnutls_datum_t * raw_key,
+ gnutls_x509_crt_fmt_t type);
--- /dev/null
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <gnutls/gnutlsxx.h>
+
+extern "C" {
+void
+_gnutls_transport_set_lowat (gnutls_session_t session, int num);
+}
+
+namespace gnutls
+{
+
+ inline static int RETWRAP_NET (int ret)
+ {
+ if (gnutls_error_is_fatal (ret))
+ throw (exception (ret));
+ else
+ return ret;
+ }
+
+ inline static int RETWRAP (int ret)
+ {
+ if (ret < 0)
+ throw (exception (ret));
+ return ret;
+ }
+
+ session::session (gnutls_connection_end_t end)
+ {
+ RETWRAP (gnutls_init (&s, end));
+ }
+
+ session::~session ()
+ {
+ gnutls_deinit (s);
+ }
+
+ int session::bye (gnutls_close_request_t how)
+ {
+ return RETWRAP_NET (gnutls_bye (s, how));
+ }
+
+ int session::handshake ()
+ {
+ return RETWRAP_NET (gnutls_handshake (s));
+ }
+
+ server_session::server_session ():session (GNUTLS_SERVER)
+ {
+ }
+
+ server_session::~server_session ()
+ {
+ }
+
+ int server_session::rehandshake ()
+ {
+ return RETWRAP_NET (gnutls_rehandshake (s));
+ }
+
+ gnutls_alert_description_t session::get_alert () const
+ {
+ return gnutls_alert_get (s);
+ }
+
+ int session::send_alert (gnutls_alert_level_t level,
+ gnutls_alert_description_t desc)
+ {
+ return RETWRAP_NET (gnutls_alert_send (s, level, desc));
+ }
+
+ int session::send_appropriate_alert (int err)
+ {
+ return RETWRAP_NET (gnutls_alert_send_appropriate (s, err));
+ }
+
+ gnutls_cipher_algorithm_t session::get_cipher () const
+ {
+ return gnutls_cipher_get (s);
+ }
+
+ gnutls_kx_algorithm_t session::get_kx () const
+ {
+ return gnutls_kx_get (s);
+ }
+
+ gnutls_mac_algorithm_t session::get_mac () const
+ {
+ return gnutls_mac_get (s);
+ }
+
+ gnutls_compression_method_t session::get_compression () const
+ {
+ return gnutls_compression_get (s);
+ }
+
+ gnutls_certificate_type_t session::get_certificate_type () const
+ {
+ return gnutls_certificate_type_get (s);
+ }
+
+ void session::set_private_extensions (bool allow)
+ {
+ gnutls_handshake_set_private_extensions (s, (int) allow);
+ }
+
+ gnutls_handshake_description_t session::get_handshake_last_out () const
+ {
+ return gnutls_handshake_get_last_out (s);
+ }
+
+ gnutls_handshake_description_t session::get_handshake_last_in () const
+ {
+ return gnutls_handshake_get_last_in (s);
+ }
+
+ ssize_t session::send (const void *data, size_t sizeofdata)
+ {
+ return RETWRAP_NET (gnutls_record_send (s, data, sizeofdata));
+ }
+
+ ssize_t session::recv (void *data, size_t sizeofdata)
+ {
+ return RETWRAP_NET (gnutls_record_recv (s, data, sizeofdata));
+ }
+
+ bool session::get_record_direction () const
+ {
+ return gnutls_record_get_direction (s);
+ }
+
+ // maximum packet size
+ size_t session::get_max_size () const
+ {
+ return gnutls_record_get_max_size (s);
+ }
+
+ void session::set_max_size (size_t size)
+ {
+ RETWRAP (gnutls_record_set_max_size (s, size));
+ }
+
+ size_t session::check_pending () const
+ {
+ return gnutls_record_check_pending (s);
+ }
+
+
+ void session::prf (size_t label_size, const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out)
+ {
+ RETWRAP (gnutls_prf (s, label_size, label, server_random_first,
+ extra_size, extra, outsize, out));
+ }
+
+ void session::prf_raw (size_t label_size, const char *label,
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out)
+ {
+ RETWRAP (gnutls_prf_raw
+ (s, label_size, label, seed_size, seed, outsize, out));
+ }
+
+
+ void session::set_cipher_priority (const int *list)
+ {
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ void session::set_mac_priority (const int *list)
+ {
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ void session::set_compression_priority (const int *list)
+ {
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ void session::set_kx_priority (const int *list)
+ {
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ void session::set_protocol_priority (const int *list)
+ {
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+ void session::set_certificate_type_priority (const int *list)
+ {
+ RETWRAP (GNUTLS_E_UNIMPLEMENTED_FEATURE);
+ }
+
+
+/* if you just want some defaults, use the following.
+ */
+ void session::set_priority (const char *prio, const char **err_pos)
+ {
+ RETWRAP (gnutls_priority_set_direct (s, prio, err_pos));
+ }
+
+ void session::set_priority (gnutls_priority_t p)
+ {
+ RETWRAP (gnutls_priority_set (s, p));
+ }
+
+ gnutls_protocol_t session::get_protocol_version () const
+ {
+ return gnutls_protocol_get_version (s);
+ }
+
+ void session::set_data (const void *session_data, size_t session_data_size)
+ {
+ RETWRAP (gnutls_session_set_data (s, session_data, session_data_size));
+ }
+
+ void session::get_data (void *session_data, size_t * session_data_size) const
+ {
+ RETWRAP (gnutls_session_get_data (s, session_data, session_data_size));
+ }
+
+ void session::get_data (gnutls_session_t session, gnutls_datum_t & data) const
+ {
+ RETWRAP (gnutls_session_get_data2 (s, &data));
+
+ }
+
+ void session::get_id (void *session_id, size_t * session_id_size) const
+ {
+ RETWRAP (gnutls_session_get_id (s, session_id, session_id_size));
+ }
+
+ bool session::is_resumed () const
+ {
+ int ret = gnutls_session_is_resumed (s);
+
+ return (ret != 0);
+ }
+
+ bool session::get_peers_certificate (std::vector < gnutls_datum_t >
+ &out_certs) const
+ {
+ const gnutls_datum_t *certs;
+ unsigned int certs_size;
+
+ certs = gnutls_certificate_get_peers (s, &certs_size);
+
+ if (certs == NULL)
+ return false;
+
+ for (unsigned int i = 0; i < certs_size; i++)
+ out_certs.push_back (certs[i]);
+
+ return true;
+ }
+
+ bool session::get_peers_certificate (const gnutls_datum_t ** certs,
+ unsigned int *certs_size) const
+ {
+ *certs = gnutls_certificate_get_peers (s, certs_size);
+
+ if (*certs == NULL)
+ return false;
+ return true;
+ }
+
+ void session::get_our_certificate (gnutls_datum_t & cert) const
+ {
+ const gnutls_datum_t *d;
+
+ d = gnutls_certificate_get_ours (s);
+ if (d == NULL)
+ throw (exception (GNUTLS_E_INVALID_REQUEST));
+ cert = *d;
+ }
+
+ time_t session::get_peers_certificate_activation_time () const
+ {
+ return gnutls_certificate_activation_time_peers (s);
+ }
+
+ time_t session::get_peers_certificate_expiration_time () const
+ {
+ return gnutls_certificate_expiration_time_peers (s);
+ }
+ void session::verify_peers_certificate (unsigned int &status) const
+ {
+ RETWRAP (gnutls_certificate_verify_peers2 (s, &status));
+ }
+
+
+ client_session::client_session ():session (GNUTLS_CLIENT)
+ {
+ }
+
+ client_session::~client_session ()
+ {
+ }
+
+// client session
+ void client_session::set_server_name (gnutls_server_name_type_t type,
+ const void *name, size_t name_length)
+ {
+ RETWRAP (gnutls_server_name_set (s, type, name, name_length));
+ }
+
+ bool client_session::get_request_status ()
+ {
+ return RETWRAP (gnutls_certificate_client_get_request_status (s));
+ }
+
+// server_session
+ void server_session::get_server_name (void *data, size_t * data_length,
+ unsigned int *type,
+ unsigned int indx) const
+ {
+ RETWRAP (gnutls_server_name_get (s, data, data_length, type, indx));
+ }
+
+// internal DB stuff
+ static int store_function (void *_db, gnutls_datum_t key,
+ gnutls_datum_t data)
+ {
+ try
+ {
+ DB *db = static_cast < DB * >(_db);
+
+ if (db->store (key, data) == false)
+ return -1;
+ }
+ catch (...)
+ {
+ return -1;
+ }
+
+ return 0;
+ }
+
+ const static gnutls_datum_t null_datum = { NULL, 0 };
+
+ static gnutls_datum_t retrieve_function (void *_db, gnutls_datum_t key)
+ {
+ gnutls_datum_t data;
+
+ try
+ {
+ DB *db = static_cast < DB * >(_db);
+
+ if (db->retrieve (key, data) == false)
+ return null_datum;
+
+ }
+ catch (...)
+ {
+ return null_datum;
+ }
+
+ return data;
+ }
+
+ static int remove_function (void *_db, gnutls_datum_t key)
+ {
+ try
+ {
+ DB *db = static_cast < DB * >(_db);
+
+ if (db->remove (key) == false)
+ return -1;
+ }
+ catch (...)
+ {
+ return -1;
+ }
+
+ return 0;
+ }
+
+ void server_session::set_db (const DB & db)
+ {
+ gnutls_db_set_ptr (s, const_cast < DB * >(&db));
+ gnutls_db_set_store_function (s, store_function);
+ gnutls_db_set_retrieve_function (s, retrieve_function);
+ gnutls_db_set_remove_function (s, remove_function);
+ }
+
+ void server_session::set_db_cache_expiration (unsigned int seconds)
+ {
+ gnutls_db_set_cache_expiration (s, seconds);
+ }
+
+ void server_session::db_remove () const
+ {
+ gnutls_db_remove_session (s);
+ }
+
+ bool server_session::db_check_entry (gnutls_datum_t & session_data) const
+ {
+ int ret = gnutls_db_check_entry (s, session_data);
+
+ if (ret != 0)
+ return true;
+ return false;
+ }
+
+ void session::set_max_handshake_packet_length (size_t max)
+ {
+ gnutls_handshake_set_max_packet_length (s, max);
+ }
+
+ void session::clear_credentials ()
+ {
+ gnutls_credentials_clear (s);
+ }
+
+ void session::set_credentials (credentials & cred)
+ {
+ RETWRAP (gnutls_credentials_set (s, cred.get_type (), cred.ptr ()));
+ }
+
+ const char *server_session::get_srp_username () const
+ {
+#ifdef ENABLE_SRP
+ return gnutls_srp_server_get_username (s);
+#else
+ return NULL;
+#endif
+ }
+
+ const char *server_session::get_psk_username () const
+ {
+ return gnutls_psk_server_get_username (s);
+ }
+
+
+ void session::set_transport_ptr (gnutls_transport_ptr_t ptr)
+ {
+ gnutls_transport_set_ptr (s, ptr);
+ }
+
+ void session::set_transport_ptr (gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr)
+ {
+ gnutls_transport_set_ptr2 (s, recv_ptr, send_ptr);
+ }
+
+
+ gnutls_transport_ptr_t session::get_transport_ptr () const
+ {
+ return gnutls_transport_get_ptr (s);
+ }
+
+ void session::get_transport_ptr (gnutls_transport_ptr_t & recv_ptr,
+ gnutls_transport_ptr_t & send_ptr) const
+ {
+ gnutls_transport_get_ptr2 (s, &recv_ptr, &send_ptr);
+ }
+
+ void session::set_transport_lowat (size_t num)
+ {
+ _gnutls_transport_set_lowat(s, num);
+ }
+
+ void session::set_transport_push_function (gnutls_push_func push_func)
+ {
+ gnutls_transport_set_push_function (s, push_func);
+ }
+
+ void session::set_transport_pull_function (gnutls_pull_func pull_func)
+ {
+ gnutls_transport_set_pull_function (s, pull_func);
+ }
+
+ void session::set_user_ptr (void *ptr)
+ {
+ gnutls_session_set_ptr (s, ptr);
+ }
+
+ void *session::get_user_ptr () const
+ {
+ return gnutls_session_get_ptr (s);
+ }
+
+ void session::send_openpgp_cert (gnutls_openpgp_crt_status_t status)
+ {
+#ifdef ENABLE_OPENPGP
+ gnutls_openpgp_send_cert (s, status);
+#endif
+ }
+
+ void session::set_dh_prime_bits (unsigned int bits)
+ {
+ gnutls_dh_set_prime_bits (s, bits);
+ }
+
+ unsigned int session::get_dh_secret_bits () const
+ {
+ return RETWRAP (gnutls_dh_get_secret_bits (s));
+ }
+
+ unsigned int session::get_dh_peers_public_bits () const
+ {
+ return RETWRAP (gnutls_dh_get_peers_public_bits (s));
+ }
+
+ unsigned int session::get_dh_prime_bits () const
+ {
+ return RETWRAP (gnutls_dh_get_prime_bits (s));
+ }
+
+ void session::get_dh_group (gnutls_datum_t & gen,
+ gnutls_datum_t & prime) const
+ {
+ RETWRAP (gnutls_dh_get_group (s, &gen, &prime));
+ }
+
+ void session::get_dh_pubkey (gnutls_datum_t & raw_key) const
+ {
+ RETWRAP (gnutls_dh_get_pubkey (s, &raw_key));
+ }
+
+ void session::get_rsa_export_pubkey (gnutls_datum_t & exponent,
+ gnutls_datum_t & modulus) const
+ {
+ RETWRAP (gnutls_rsa_export_get_pubkey (s, &exponent, &modulus));
+ }
+
+ unsigned int session::get_rsa_export_modulus_bits () const
+ {
+ return RETWRAP (gnutls_rsa_export_get_modulus_bits (s));
+ }
+
+ void server_session::
+ set_certificate_request (gnutls_certificate_request_t req)
+ {
+ gnutls_certificate_server_set_request (s, req);
+ }
+
+ gnutls_credentials_type_t session::get_auth_type () const
+ {
+ return gnutls_auth_get_type (s);
+ }
+
+ gnutls_credentials_type_t session::get_server_auth_type () const
+ {
+ return gnutls_auth_server_get_type (s);
+ }
+
+ gnutls_credentials_type_t session::get_client_auth_type () const
+ {
+ return gnutls_auth_client_get_type (s);
+ }
+
+
+ certificate_credentials::~certificate_credentials ()
+ {
+ gnutls_certificate_free_credentials (cred);
+ }
+
+ certificate_credentials::certificate_credentials ():credentials
+ (GNUTLS_CRD_CERTIFICATE)
+ {
+ RETWRAP (gnutls_certificate_allocate_credentials (&cred));
+ set_ptr (cred);
+ }
+
+ void certificate_server_credentials::
+ set_params_function (gnutls_params_function * func)
+ {
+ gnutls_certificate_set_params_function (cred, func);
+ }
+
+ anon_server_credentials::anon_server_credentials ():credentials
+ (GNUTLS_CRD_ANON)
+ {
+ RETWRAP (gnutls_anon_allocate_server_credentials (&cred));
+ set_ptr (cred);
+ }
+
+ anon_server_credentials::~anon_server_credentials ()
+ {
+ gnutls_anon_free_server_credentials (cred);
+ }
+
+ void anon_server_credentials::set_dh_params (const dh_params & params)
+ {
+ gnutls_anon_set_server_dh_params (cred, params.get_params_t ());
+ }
+
+ void anon_server_credentials::set_params_function (gnutls_params_function *
+ func)
+ {
+ gnutls_anon_set_server_params_function (cred, func);
+ }
+
+ anon_client_credentials::anon_client_credentials ():credentials
+ (GNUTLS_CRD_ANON)
+ {
+ RETWRAP (gnutls_anon_allocate_client_credentials (&cred));
+ set_ptr (cred);
+ }
+
+ anon_client_credentials::~anon_client_credentials ()
+ {
+ gnutls_anon_free_client_credentials (cred);
+ }
+
+ void certificate_credentials::free_keys ()
+ {
+ gnutls_certificate_free_keys (cred);
+ }
+
+ void certificate_credentials::free_cas ()
+ {
+ gnutls_certificate_free_cas (cred);
+ }
+
+ void certificate_credentials::free_ca_names ()
+ {
+ gnutls_certificate_free_ca_names (cred);
+ }
+
+ void certificate_credentials::free_crls ()
+ {
+ gnutls_certificate_free_crls (cred);
+ }
+
+
+ void certificate_credentials::set_dh_params (const dh_params & params)
+ {
+ gnutls_certificate_set_dh_params (cred, params.get_params_t ());
+ }
+
+ void certificate_credentials::
+ set_rsa_export_params (const rsa_params & params)
+ {
+ gnutls_certificate_set_rsa_export_params (cred, params.get_params_t ());
+ }
+
+ void certificate_credentials::set_verify_flags (unsigned int flags)
+ {
+ gnutls_certificate_set_verify_flags (cred, flags);
+ }
+
+ void certificate_credentials::set_verify_limits (unsigned int max_bits,
+ unsigned int max_depth)
+ {
+ gnutls_certificate_set_verify_limits (cred, max_bits, max_depth);
+ }
+
+ void certificate_credentials::set_x509_trust_file (const char *cafile,
+ gnutls_x509_crt_fmt_t
+ type)
+ {
+ RETWRAP (gnutls_certificate_set_x509_trust_file (cred, cafile, type));
+ }
+
+ void certificate_credentials::set_x509_trust (const gnutls_datum_t & CA,
+ gnutls_x509_crt_fmt_t type)
+ {
+ RETWRAP (gnutls_certificate_set_x509_trust_mem (cred, &CA, type));
+ }
+
+
+ void certificate_credentials::set_x509_crl_file (const char *crlfile,
+ gnutls_x509_crt_fmt_t type)
+ {
+ RETWRAP (gnutls_certificate_set_x509_crl_file (cred, crlfile, type));
+ }
+
+ void certificate_credentials::set_x509_crl (const gnutls_datum_t & CRL,
+ gnutls_x509_crt_fmt_t type)
+ {
+ RETWRAP (gnutls_certificate_set_x509_crl_mem (cred, &CRL, type));
+ }
+
+ void certificate_credentials::set_x509_key_file (const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type)
+ {
+ RETWRAP (gnutls_certificate_set_x509_key_file
+ (cred, certfile, keyfile, type));
+ }
+
+ void certificate_credentials::set_x509_key (const gnutls_datum_t & CERT,
+ const gnutls_datum_t & KEY,
+ gnutls_x509_crt_fmt_t type)
+ {
+ RETWRAP (gnutls_certificate_set_x509_key_mem (cred, &CERT, &KEY, type));
+ }
+
+ void certificate_credentials::
+ set_simple_pkcs12_file (const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type, const char *password)
+ {
+ RETWRAP (gnutls_certificate_set_x509_simple_pkcs12_file
+ (cred, pkcs12file, type, password));
+ }
+
+ void certificate_credentials::set_x509_key (gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key)
+ {
+ RETWRAP (gnutls_certificate_set_x509_key
+ (cred, cert_list, cert_list_size, key));
+ }
+
+ void certificate_credentials::set_x509_trust (gnutls_x509_crt_t * ca_list,
+ int ca_list_size)
+ {
+ RETWRAP (gnutls_certificate_set_x509_trust (cred, ca_list, ca_list_size));
+ }
+
+ void certificate_credentials::set_x509_crl (gnutls_x509_crl_t * crl_list,
+ int crl_list_size)
+ {
+ RETWRAP (gnutls_certificate_set_x509_crl (cred, crl_list, crl_list_size));
+ }
+
+ void certificate_credentials::
+ set_retrieve_function (gnutls_certificate_retrieve_function * func)
+ {
+ gnutls_certificate_set_retrieve_function (cred, func);
+ }
+
+// SRP
+
+#ifdef ENABLE_SRP
+
+ srp_server_credentials::srp_server_credentials ():credentials
+ (GNUTLS_CRD_SRP)
+ {
+ RETWRAP (gnutls_srp_allocate_server_credentials (&cred));
+ set_ptr (cred);
+ }
+
+ srp_server_credentials::~srp_server_credentials ()
+ {
+ gnutls_srp_free_server_credentials (cred);
+ }
+
+ srp_client_credentials::srp_client_credentials ():credentials
+ (GNUTLS_CRD_SRP)
+ {
+ RETWRAP (gnutls_srp_allocate_client_credentials (&cred));
+ set_ptr (cred);
+ }
+
+ srp_client_credentials::~srp_client_credentials ()
+ {
+ gnutls_srp_free_client_credentials (cred);
+ }
+
+ void srp_client_credentials::set_credentials (const char *username,
+ const char *password)
+ {
+ RETWRAP (gnutls_srp_set_client_credentials (cred, username, password));
+ }
+
+ void srp_server_credentials::
+ set_credentials_file (const char *password_file,
+ const char *password_conf_file)
+ {
+ RETWRAP (gnutls_srp_set_server_credentials_file
+ (cred, password_file, password_conf_file));
+ }
+
+ void srp_server_credentials::
+ set_credentials_function (gnutls_srp_server_credentials_function * func)
+ {
+ gnutls_srp_set_server_credentials_function (cred, func);
+ }
+
+ void srp_client_credentials::
+ set_credentials_function (gnutls_srp_client_credentials_function * func)
+ {
+ gnutls_srp_set_client_credentials_function (cred, func);
+ }
+
+#endif /* ENABLE_SRP */
+
+// PSK
+
+psk_server_credentials::psk_server_credentials ():credentials
+ (GNUTLS_CRD_PSK)
+ {
+ RETWRAP (gnutls_psk_allocate_server_credentials (&cred));
+ set_ptr (cred);
+ }
+
+ psk_server_credentials::~psk_server_credentials ()
+ {
+ gnutls_psk_free_server_credentials (cred);
+ }
+
+ void psk_server_credentials::
+ set_credentials_file (const char *password_file)
+ {
+ RETWRAP (gnutls_psk_set_server_credentials_file (cred, password_file));
+ }
+
+ void psk_server_credentials::
+ set_credentials_function (gnutls_psk_server_credentials_function * func)
+ {
+ gnutls_psk_set_server_credentials_function (cred, func);
+ }
+
+ void psk_server_credentials::set_dh_params (const dh_params & params)
+ {
+ gnutls_psk_set_server_dh_params (cred, params.get_params_t ());
+ }
+
+ void psk_server_credentials::set_params_function (gnutls_params_function *
+ func)
+ {
+ gnutls_psk_set_server_params_function (cred, func);
+ }
+
+ psk_client_credentials::psk_client_credentials ():credentials
+ (GNUTLS_CRD_PSK)
+ {
+ RETWRAP (gnutls_psk_allocate_client_credentials (&cred));
+ set_ptr (cred);
+ }
+
+ psk_client_credentials::~psk_client_credentials ()
+ {
+ gnutls_psk_free_client_credentials (cred);
+ }
+
+ void psk_client_credentials::set_credentials (const char *username,
+ const gnutls_datum_t & key,
+ gnutls_psk_key_flags flags)
+ {
+ RETWRAP (gnutls_psk_set_client_credentials (cred, username, &key, flags));
+ }
+
+ void psk_client_credentials::
+ set_credentials_function (gnutls_psk_client_credentials_function * func)
+ {
+ gnutls_psk_set_client_credentials_function (cred, func);
+ }
+
+ credentials::credentials (gnutls_credentials_type_t t):type (t),
+ cred (NULL)
+ {
+ }
+
+ gnutls_credentials_type_t credentials::get_type () const
+ {
+ return type;
+ }
+
+ void *credentials::ptr () const
+ {
+ return cred;
+ }
+
+ void credentials::set_ptr (void *ptr)
+ {
+ cred = ptr;
+ }
+
+ exception::exception (int x)
+ {
+ retcode = x;
+ }
+
+ int exception::get_code ()
+ {
+ return retcode;
+ }
+
+ const char *exception::what () const throw ()
+ {
+ return gnutls_strerror (retcode);
+ }
+
+ dh_params::dh_params ()
+ {
+ RETWRAP (gnutls_dh_params_init (¶ms));
+ }
+
+ dh_params::~dh_params ()
+ {
+ gnutls_dh_params_deinit (params);
+ }
+
+ void dh_params::import_raw (const gnutls_datum_t & prime,
+ const gnutls_datum_t & generator)
+ {
+ RETWRAP (gnutls_dh_params_import_raw (params, &prime, &generator));
+ }
+
+ void dh_params::import_pkcs3 (const gnutls_datum_t & pkcs3_params,
+ gnutls_x509_crt_fmt_t format)
+ {
+ RETWRAP (gnutls_dh_params_import_pkcs3 (params, &pkcs3_params, format));
+ }
+
+ void dh_params::generate (unsigned int bits)
+ {
+ RETWRAP (gnutls_dh_params_generate2 (params, bits));
+ }
+
+ void dh_params::export_pkcs3 (gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
+ {
+ RETWRAP (gnutls_dh_params_export_pkcs3
+ (params, format, params_data, params_data_size));
+ }
+
+ void dh_params::export_raw (gnutls_datum_t & prime,
+ gnutls_datum_t & generator)
+ {
+ RETWRAP (gnutls_dh_params_export_raw (params, &prime, &generator, NULL));
+ }
+
+ gnutls_dh_params_t dh_params::get_params_t () const
+ {
+ return params;
+ }
+
+ dh_params & dh_params::operator= (const dh_params & src)
+ {
+ dh_params *dst = new dh_params;
+ int ret;
+
+ ret = gnutls_dh_params_cpy (dst->params, src.params);
+
+ if (ret < 0)
+ {
+ delete dst;
+ throw (ret);
+ }
+
+ return *dst;
+ }
+
+// RSA
+
+ rsa_params::rsa_params ()
+ {
+ RETWRAP (gnutls_rsa_params_init (¶ms));
+ }
+
+ rsa_params::~rsa_params ()
+ {
+ gnutls_rsa_params_deinit (params);
+ }
+
+ void rsa_params::import_pkcs1 (const gnutls_datum_t & pkcs1_params,
+ gnutls_x509_crt_fmt_t format)
+ {
+ RETWRAP (gnutls_rsa_params_import_pkcs1 (params, &pkcs1_params, format));
+ }
+
+ void rsa_params::generate (unsigned int bits)
+ {
+ RETWRAP (gnutls_rsa_params_generate2 (params, bits));
+ }
+
+ void rsa_params::export_pkcs1 (gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size)
+ {
+ RETWRAP (gnutls_rsa_params_export_pkcs1
+ (params, format, params_data, params_data_size));
+ }
+
+ gnutls_rsa_params_t rsa_params::get_params_t () const
+ {
+ return params;
+ }
+
+ rsa_params & rsa_params::operator= (const rsa_params & src)
+ {
+ rsa_params *dst = new rsa_params;
+ int ret;
+
+ ret = gnutls_rsa_params_cpy (dst->params, src.params);
+
+ if (ret < 0)
+ {
+ delete dst;
+ throw (ret);
+ }
+
+ return *dst;
+ }
+
+ void rsa_params::import_raw (const gnutls_datum_t & m,
+ const gnutls_datum_t & e,
+ const gnutls_datum_t & d,
+ const gnutls_datum_t & p,
+ const gnutls_datum_t & q,
+ const gnutls_datum_t & u)
+ {
+
+ RETWRAP (gnutls_rsa_params_import_raw (params, &m, &e, &d, &p, &q, &u));
+ }
+
+
+ void rsa_params::export_raw (gnutls_datum_t & m, gnutls_datum_t & e,
+ gnutls_datum_t & d, gnutls_datum_t & p,
+ gnutls_datum_t & q, gnutls_datum_t & u)
+ {
+ RETWRAP (gnutls_rsa_params_export_raw
+ (params, &m, &e, &d, &p, &q, &u, NULL));
+ }
+
+} // namespace gnutls
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+nobase_include_HEADERS = gnutls/x509.h gnutls/pkcs12.h gnutls/compat.h \
+ gnutls/openpgp.h gnutls/crypto.h gnutls/pkcs11.h gnutls/abstract.h
+
+if ENABLE_CXX
+nobase_include_HEADERS += gnutls/gnutlsxx.h
+endif
+
+nobase_nodist_include_HEADERS = gnutls/gnutls.h
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2010 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@ENABLE_CXX_TRUE@am__append_1 = gnutls/gnutlsxx.h
+subdir = includes
+DIST_COMMON = $(am__nobase_include_HEADERS_DIST) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+SOURCES =
+DIST_SOURCES =
+am__nobase_include_HEADERS_DIST = gnutls/x509.h gnutls/pkcs12.h \
+ gnutls/compat.h gnutls/openpgp.h gnutls/crypto.h \
+ gnutls/pkcs11.h gnutls/abstract.h gnutls/gnutlsxx.h
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"
+HEADERS = $(nobase_include_HEADERS) $(nobase_nodist_include_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+nobase_include_HEADERS = gnutls/x509.h gnutls/pkcs12.h gnutls/compat.h \
+ gnutls/openpgp.h gnutls/crypto.h gnutls/pkcs11.h \
+ gnutls/abstract.h $(am__append_1)
+nobase_nodist_include_HEADERS = gnutls/gnutls.h
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign includes/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign includes/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-nobase_includeHEADERS: $(nobase_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ $(am__nobase_list) | while read dir files; do \
+ xfiles=; for file in $$files; do \
+ if test -f "$$file"; then xfiles="$$xfiles $$file"; \
+ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \
+ test -z "$$xfiles" || { \
+ test "x$$dir" = x. || { \
+ echo "$(MKDIR_P) '$(DESTDIR)$(includedir)/$$dir'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)/$$dir"; }; \
+ echo " $(INSTALL_HEADER) $$xfiles '$(DESTDIR)$(includedir)/$$dir'"; \
+ $(INSTALL_HEADER) $$xfiles "$(DESTDIR)$(includedir)/$$dir" || exit $$?; }; \
+ done
+
+uninstall-nobase_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nobase_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(includedir)" && rm -f $$files
+install-nobase_nodist_includeHEADERS: $(nobase_nodist_include_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(includedir)" || $(MKDIR_P) "$(DESTDIR)$(includedir)"
+ @list='$(nobase_nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ $(am__nobase_list) | while read dir files; do \
+ xfiles=; for file in $$files; do \
+ if test -f "$$file"; then xfiles="$$xfiles $$file"; \
+ else xfiles="$$xfiles $(srcdir)/$$file"; fi; done; \
+ test -z "$$xfiles" || { \
+ test "x$$dir" = x. || { \
+ echo "$(MKDIR_P) '$(DESTDIR)$(includedir)/$$dir'"; \
+ $(MKDIR_P) "$(DESTDIR)$(includedir)/$$dir"; }; \
+ echo " $(INSTALL_HEADER) $$xfiles '$(DESTDIR)$(includedir)/$$dir'"; \
+ $(INSTALL_HEADER) $$xfiles "$(DESTDIR)$(includedir)/$$dir" || exit $$?; }; \
+ done
+
+uninstall-nobase_nodist_includeHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(nobase_nodist_include_HEADERS)'; test -n "$(includedir)" || list=; \
+ $(am__nobase_strip_setup); files=`$(am__nobase_strip)`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(includedir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(includedir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(includedir)" "$(DESTDIR)$(includedir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-nobase_includeHEADERS \
+ install-nobase_nodist_includeHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-nobase_includeHEADERS \
+ uninstall-nobase_nodist_includeHEADERS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool ctags distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-nobase_includeHEADERS \
+ install-nobase_nodist_includeHEADERS install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags uninstall \
+ uninstall-am uninstall-nobase_includeHEADERS \
+ uninstall-nobase_nodist_includeHEADERS
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+#ifndef __GNUTLS_ABSTRACT_H
+#define __GNUTLS_ABSTRACT_H
+
+#include <stdarg.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/pkcs11.h>
+#include <gnutls/openpgp.h>
+
+/* Public key operations */
+
+struct gnutls_pubkey_st;
+typedef struct gnutls_pubkey_st *gnutls_pubkey_t;
+
+struct gnutls_privkey_st;
+typedef struct gnutls_privkey_st *gnutls_privkey_t;
+
+int gnutls_pubkey_init (gnutls_pubkey_t * key);
+void gnutls_pubkey_deinit (gnutls_pubkey_t key);
+int gnutls_pubkey_get_pk_algorithm (gnutls_pubkey_t key, unsigned int *bits);
+
+int gnutls_pubkey_import_x509 (gnutls_pubkey_t key, gnutls_x509_crt_t crt,
+ unsigned int flags);
+int gnutls_pubkey_import_pkcs11 (gnutls_pubkey_t pkey,
+ gnutls_pkcs11_obj_t crt, unsigned int flags);
+int gnutls_pubkey_import_openpgp (gnutls_pubkey_t pkey,
+ gnutls_openpgp_crt_t crt,
+ unsigned int flags);
+int
+gnutls_pubkey_import_privkey (gnutls_pubkey_t key, gnutls_privkey_t pkey,
+ unsigned int usage, unsigned int flags);
+
+
+int gnutls_pubkey_get_preferred_hash_algorithm (gnutls_pubkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand);
+
+int gnutls_pubkey_get_pk_rsa_raw (gnutls_pubkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e);
+int gnutls_pubkey_get_pk_dsa_raw (gnutls_pubkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y);
+
+int gnutls_pubkey_export (gnutls_pubkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
+
+int gnutls_pubkey_get_key_id (gnutls_pubkey_t key, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+int gnutls_pubkey_get_key_usage (gnutls_pubkey_t key, unsigned int *usage);
+int gnutls_pubkey_set_key_usage (gnutls_pubkey_t key, unsigned int usage);
+
+int gnutls_pubkey_import (gnutls_pubkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+
+
+int gnutls_pubkey_import_pkcs11_url (gnutls_pubkey_t key, const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pubkey_import_dsa_raw (gnutls_pubkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y);
+int gnutls_pubkey_import_rsa_raw (gnutls_pubkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
+
+int gnutls_x509_crt_set_pubkey (gnutls_x509_crt_t crt, gnutls_pubkey_t key);
+
+int gnutls_x509_crq_set_pubkey (gnutls_x509_crq_t crq, gnutls_pubkey_t key);
+
+int
+gnutls_pubkey_verify_hash (gnutls_pubkey_t key, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature);
+int
+gnutls_pubkey_get_verify_algorithm (gnutls_pubkey_t key,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash);
+
+int gnutls_pubkey_verify_data (gnutls_pubkey_t pubkey,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature);
+
+/* Private key operations */
+
+int gnutls_privkey_init (gnutls_privkey_t * key);
+void gnutls_privkey_deinit (gnutls_privkey_t key);
+int gnutls_privkey_get_pk_algorithm (gnutls_privkey_t key,
+ unsigned int *bits);
+
+int
+gnutls_privkey_get_preferred_hash_algorithm (gnutls_privkey_t key,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand);
+gnutls_privkey_type_t gnutls_privkey_get_type (gnutls_privkey_t key);
+
+
+#define GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE 1
+int gnutls_privkey_import_pkcs11 (gnutls_privkey_t pkey,
+ gnutls_pkcs11_privkey_t key,
+ unsigned int flags);
+int gnutls_privkey_import_x509 (gnutls_privkey_t pkey,
+ gnutls_x509_privkey_t key,
+ unsigned int flags);
+int gnutls_privkey_import_openpgp (gnutls_privkey_t pkey,
+ gnutls_openpgp_privkey_t key,
+ unsigned int flags);
+
+int gnutls_privkey_sign_data (gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * signature);
+
+int gnutls_privkey_sign_hash (gnutls_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature);
+
+int gnutls_privkey_decrypt_data (gnutls_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
+
+int gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+int gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+int gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq,
+ gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+
+#endif
--- /dev/null
+/* Typedefs for more compatibility with older GnuTLS. */
+
+#ifndef _GNUTLS_COMPAT_H
+#define _GNUTLS_COMPAT_H
+
+#ifdef __GNUC__
+
+#define _GNUTLS_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+
+#if !defined GNUTLS_INTERNAL_BUILD
+#if _GNUTLS_GCC_VERSION >= 30100
+#define _GNUTLS_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__))
+#endif
+#endif
+
+#endif /* __GNUC__ */
+
+#ifndef _GNUTLS_GCC_ATTR_DEPRECATED
+#define _GNUTLS_GCC_ATTR_DEPRECATED
+#endif
+
+#define gnutls_cipher_algorithm gnutls_cipher_algorithm_t
+#define gnutls_kx_algorithm gnutls_kx_algorithm_t
+#define gnutls_paramsype gnutls_paramsype_t
+#define gnutls_mac_algorithm gnutls_mac_algorithm_t
+#define gnutls_digest_algorithm gnutls_digest_algorithm_t
+#define gnutls_compression_method gnutls_compression_method_t
+#define gnutls_connection_end gnutls_connection_end_t
+#define gnutls_credentialsype gnutls_credentialsype_t
+#define gnutls_certificateype gnutls_certificateype_t
+#define gnutls_x509_crt_fmt gnutls_x509_crt_fmt_t
+#define gnutls_openpgp_key_fmt gnutls_openpgp_key_fmt_t
+#define gnutls_pk_algorithm gnutls_pk_algorithm_t
+#define gnutls_sign_algorithm gnutls_sign_algorithm_t
+#define gnutls_server_name gnutls_server_nameype_t
+#define gnutls_protocol gnutls_protocol_version_t
+#define gnutls_close_request gnutls_close_request_t
+#define gnutls_openpgp_key_status gnutls_openpgp_key_status_t
+#define gnutls_certificate_request gnutls_certificate_request_t
+#define gnutls_certificate_status gnutls_certificate_status_t
+#define gnutls_session gnutls_session_t
+#define gnutls_alert_level gnutls_alert_level_t
+#define gnutls_alert_description gnutls_alert_description_t
+#define gnutls_x509_subject_alt_name gnutls_x509_subject_alt_name_t
+#define gnutls_openpgp_key gnutls_openpgp_key_t
+#define gnutls_openpgp_privkey gnutls_openpgp_privkey_t
+#define gnutls_openpgp_keyring gnutls_openpgp_keyring_t
+#define gnutls_x509_crt gnutls_x509_crt_t
+#define gnutls_x509_privkey gnutls_x509_privkey_t
+#define gnutls_x509_crl gnutls_x509_crl_t
+#define gnutls_pkcs7 gnutls_pkcs7_t
+#define gnutls_x509_crq gnutls_x509_crq_t
+#define gnutls_pkcs_encrypt_flags gnutls_pkcs_encrypt_flags_t
+#define gnutls_pkcs12_bag_type gnutls_pkcs12_bag_type_t
+#define gnutls_pkcs12_bag gnutls_pkcs12_bag_t
+#define gnutls_pkcs12 gnutls_pkcs12_t
+#define gnutls_certificate_credentials gnutls_certificate_credentials_t
+#define gnutls_anon_server_credentials gnutls_anon_server_credentials_t
+#define gnutls_anon_client_credentials gnutls_anon_client_credentials_t
+#define gnutls_srp_client_credentials gnutls_srp_client_credentials_t
+#define gnutls_srp_server_credentials gnutls_srp_server_credentials_t
+#define gnutls_dh_params gnutls_dh_params_t
+#define gnutls_rsa_params gnutls_rsa_params_t
+#define gnutls_params_type gnutls_params_type_t
+#define gnutls_credentials_type gnutls_credentials_type_t
+#define gnutls_certificate_type gnutls_certificate_type_t
+#define gnutls_datum gnutls_datum_t
+#define gnutls_transport_ptr gnutls_transport_ptr_t
+
+/* Old SRP alerts removed in 2.1.x because the TLS-SRP RFC was
+ modified to use the PSK alert. */
+#define GNUTLS_A_MISSING_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
+#define GNUTLS_A_UNKNOWN_SRP_USERNAME GNUTLS_A_UNKNOWN_PSK_IDENTITY
+
+/* OpenPGP stuff renamed in 2.1.x. */
+#define gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t
+#define GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT
+#define GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT
+#define gnutls_openpgp_send_key gnutls_openpgp_send_cert
+#define gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t
+#define gnutls_openpgp_key_t gnutls_openpgp_crt_t
+#define gnutls_openpgp_key_init gnutls_openpgp_crt_init
+#define gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit
+#define gnutls_openpgp_key_import gnutls_openpgp_crt_import
+#define gnutls_openpgp_key_export gnutls_openpgp_crt_export
+#define gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage
+#define gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint
+#define gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm
+#define gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name
+#define gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version
+#define gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time
+#define gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time
+#define gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id
+#define gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname
+
+/* OpenPGP stuff renamed in 2.3.x. */
+#define gnutls_openpgp_crt_get_id gnutls_openpgp_crt_get_key_id
+
+/* New better names renamed in 2.3.x, add these for backwards
+ compatibility with old poor names.*/
+#define GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL
+#define GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE
+#define GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL
+
+/* These old #define's violate the gnutls_* namespace. */
+#define TLS_MASTER_SIZE GNUTLS_MASTER_SIZE
+#define TLS_RANDOM_SIZE GNUTLS_RANDOM_SIZE
+
+/* Namespace problems. */
+#define LIBGNUTLS_VERSION GNUTLS_VERSION
+#define LIBGNUTLS_VERSION_MAJOR GNUTLS_VERSION_MAJOR
+#define LIBGNUTLS_VERSION_MINOR GNUTLS_VERSION_MINOR
+#define LIBGNUTLS_VERSION_PATCH GNUTLS_VERSION_PATCH
+#define LIBGNUTLS_VERSION_NUMBER GNUTLS_VERSION_NUMBER
+#define LIBGNUTLS_EXTRA_VERSION GNUTLS_VERSION
+
+/* The gnutls_retr_st was deprecated by gnutls_certificate_retrieve_function()
+ * and gnutls_retr2_st.
+ */
+typedef struct gnutls_retr_st
+{
+ gnutls_certificate_type_t type;
+ union
+ {
+ gnutls_x509_crt_t *x509;
+ gnutls_openpgp_crt_t pgp;
+ } cert;
+ unsigned int ncerts; /* one for pgp keys */
+
+ union
+ {
+ gnutls_x509_privkey_t x509;
+ gnutls_openpgp_privkey_t pgp;
+ } key;
+
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
+} gnutls_retr_st;
+
+typedef int gnutls_certificate_client_retrieve_function (gnutls_session_t,
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr_st *);
+typedef int gnutls_certificate_server_retrieve_function (gnutls_session_t,
+ gnutls_retr_st *);
+
+void gnutls_certificate_client_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_client_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
+void
+ gnutls_certificate_server_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_server_retrieve_function *
+ func) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* External signing callback. No longer supported because it
+ * was deprecated by the PKCS #11 API. */
+typedef int (*gnutls_sign_func) (gnutls_session_t session,
+ void *userdata,
+ gnutls_certificate_type_t cert_type,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+void
+gnutls_sign_callback_set (gnutls_session_t session,
+ gnutls_sign_func sign_func, void *userdata)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+gnutls_sign_func
+gnutls_sign_callback_get (gnutls_session_t session, void **userdata)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* Extension API is no longer exported because a lot of internal
+ * structures are used. Currently it works due to a compatibility
+ * layer, but will be removed in later versions.
+ */
+ int gnutls_ext_register (int type,
+ const char *name,
+ gnutls_ext_parse_type_t parse_type,
+ gnutls_ext_recv_func recv_func,
+ gnutls_ext_send_func send_func)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* We no longer support the finished callback. Use
+ * gnutls_session_channel_binding for similar functionality.
+ */
+ typedef void (*gnutls_finished_callback_func) (gnutls_session_t session,
+ const void *finished,
+ size_t len);
+ void gnutls_session_set_finished_function (gnutls_session_t session,
+ gnutls_finished_callback_func
+ func)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* returns security values.
+ * Do not use them unless you know what you're doing. Those are dangerous since
+ * they depend on a particular TLS version number
+ */
+#define GNUTLS_MASTER_SIZE 48
+#define GNUTLS_RANDOM_SIZE 32
+ const void *gnutls_session_get_server_random (gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ const void *gnutls_session_get_client_random (gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ const void *gnutls_session_get_master_secret (gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_psk_netconf_derive_key (const char *password,
+ const char *psk_identity,
+ const char *psk_identity_hint,
+ gnutls_datum_t *
+ output_key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* This is a very dangerous and error-prone function.
+ * Use gnutls_privkey_sign_hash() instead.
+ */
+ int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ int gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+/* Deprecated because verify_* functions are moved to public
+ * keys. Check abstract.h for similar functionality.
+ */
+ int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+/* we support the gnutls_privkey_sign_data() instead.
+ */
+ int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature,
+ size_t * signature_size)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_verify_data() */
+ int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+ /* gnutls_pubkey_verify_hash() */
+ int gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt,
+ unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_get_verify_algorithm() */
+ int gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_pubkey_get_preferred_hash_algorithm() */
+ int gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
+ gnutls_digest_algorithm_t
+ * hash,
+ unsigned int *mand)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* gnutls_x509_crq_privkey_sign() */
+ int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+
+ /* gnutls_x509_crl_privkey_sign */
+ int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+
+ void gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc,
+ gnutls_x509_crt_t ** x509_ca_list,
+ unsigned int *ncas)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ void gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc,
+ gnutls_x509_crl_t ** x509_crl_list,
+ unsigned int *ncrls)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ void
+ gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t
+ sc,
+ gnutls_openpgp_keyring_t *
+ keyring)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* this is obsolete (?). */
+ int gnutls_certificate_verify_peers (gnutls_session_t session)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ /* functions to set priority of cipher suites
+ */
+ int gnutls_cipher_set_priority (gnutls_session_t session, const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_mac_set_priority (gnutls_session_t session, const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_compression_set_priority (gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_kx_set_priority (gnutls_session_t session, const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_protocol_set_priority (gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+ int gnutls_certificate_type_set_priority (gnutls_session_t session,
+ const int *list)
+ _GNUTLS_GCC_ATTR_DEPRECATED;
+
+ void gnutls_transport_set_lowat (gnutls_session_t session, int num) _GNUTLS_GCC_ATTR_DEPRECATED;
+
+#endif /* _GNUTLS_COMPAT_H */
--- /dev/null
+/*
+ * Copyright (C) 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_CRYPTO_H
+#define GNUTLS_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ typedef struct cipher_hd_st *gnutls_cipher_hd_t;
+
+ int gnutls_cipher_init (gnutls_cipher_hd_t * handle,
+ gnutls_cipher_algorithm_t cipher,
+ const gnutls_datum_t * key,
+ const gnutls_datum_t * iv);
+ int gnutls_cipher_encrypt (const gnutls_cipher_hd_t handle,
+ void *text, size_t textlen);
+ int gnutls_cipher_decrypt (const gnutls_cipher_hd_t handle,
+ void *ciphertext, size_t ciphertextlen);
+ int gnutls_cipher_decrypt2 (gnutls_cipher_hd_t handle,
+ const void *ciphertext, size_t ciphertextlen,
+ void *text, size_t textlen);
+ int gnutls_cipher_encrypt2 (gnutls_cipher_hd_t handle, void *text,
+ size_t textlen, void *ciphertext,
+ size_t ciphertextlen);
+
+ void gnutls_cipher_deinit (gnutls_cipher_hd_t handle);
+ int gnutls_cipher_get_block_size (gnutls_cipher_algorithm_t algorithm);
+
+
+ typedef struct hash_hd_st *gnutls_hash_hd_t;
+ typedef struct hmac_hd_st *gnutls_hmac_hd_t;
+
+ int gnutls_hmac_init (gnutls_hmac_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm, const void *key,
+ size_t keylen);
+ int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen);
+ void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest);
+ void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest);
+ int gnutls_hmac_get_len (gnutls_mac_algorithm_t algorithm);
+ int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, const void *key,
+ size_t keylen, const void *text, size_t textlen,
+ void *digest);
+
+ int gnutls_hash_init (gnutls_hash_hd_t * dig,
+ gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen);
+ void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest);
+ void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest);
+ int gnutls_hash_get_len (gnutls_digest_algorithm_t algorithm);
+ int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm,
+ const void *text, size_t textlen, void *digest);
+
+/* register ciphers */
+
+#define GNUTLS_CRYPTO_API_VERSION 0x03
+
+#define gnutls_crypto_single_cipher_st gnutls_crypto_cipher_st
+#define gnutls_crypto_single_mac_st gnutls_crypto_mac_st
+#define gnutls_crypto_single_digest_st gnutls_crypto_digest_st
+
+ typedef struct
+ {
+ int (*init) (gnutls_cipher_algorithm_t, void **ctx);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*setiv) (void *ctx, const void *iv, size_t ivsize);
+ int (*encrypt) (void *ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize);
+ int (*decrypt) (void *ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_cipher_st;
+
+ typedef struct
+ {
+ int (*init) (gnutls_mac_algorithm_t, void **ctx);
+ int (*setkey) (void *ctx, const void *key, size_t keysize);
+ int (*hash) (void *ctx, const void *text, size_t textsize);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_mac_st;
+
+ typedef struct
+ {
+ int (*init) (gnutls_mac_algorithm_t, void **ctx);
+ int (*hash) (void *ctx, const void *text, size_t textsize);
+ int (*copy) (void **dst_ctx, void *src_ctx);
+ int (*output) (void *src_ctx, void *digest, size_t digestsize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_digest_st;
+
+/**
+ * gnutls_rnd_level_t:
+ * @GNUTLS_RND_NONCE: Non-predictable random number. Fatal in parts
+ * of session if broken, i.e., vulnerable to statistical analysis.
+ * @GNUTLS_RND_RANDOM: Pseudo-random cryptographic random number.
+ * Fatal in session if broken.
+ * @GNUTLS_RND_KEY: Fatal in many sessions if broken.
+ *
+ * Enumeration of random quality levels.
+ */
+ typedef enum gnutls_rnd_level
+ {
+ GNUTLS_RND_NONCE = 0,
+ GNUTLS_RND_RANDOM = 1,
+ GNUTLS_RND_KEY = 2
+ } gnutls_rnd_level_t;
+
+ int gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
+
+
+/**
+ * gnutls_pk_flag_t:
+ * @GNUTLS_PK_FLAG_NONE: No flag.
+ *
+ * Enumeration of public-key flag.
+ */
+ typedef enum
+ {
+ GNUTLS_PK_FLAG_NONE = 0
+ } gnutls_pk_flag_t;
+
+ typedef struct gnutls_crypto_rnd
+ {
+ int (*init) (void **ctx);
+ int (*rnd) (void *ctx, int level, void *data, size_t datasize);
+ void (*deinit) (void *ctx);
+ } gnutls_crypto_rnd_st;
+
+ typedef void *bigint_t;
+
+/**
+ * gnutls_bigint_format_t:
+ * @GNUTLS_MPI_FORMAT_USG: Raw unsigned integer format.
+ * @GNUTLS_MPI_FORMAT_STD: Raw signed integer format, always a leading
+ * zero when positive.
+ * @GNUTLS_MPI_FORMAT_PGP: The pgp integer format.
+ *
+ * Enumeration of different bignum integer encoding formats.
+ */
+ typedef enum
+ {
+ /* raw unsigned integer format */
+ GNUTLS_MPI_FORMAT_USG = 0,
+ /* raw signed integer format - always a leading zero when positive */
+ GNUTLS_MPI_FORMAT_STD = 1,
+ /* the pgp integer format */
+ GNUTLS_MPI_FORMAT_PGP = 2
+ } gnutls_bigint_format_t;
+
+ typedef struct
+ {
+ bigint_t g; /* group generator */
+ bigint_t p; /* prime */
+ } gnutls_group_st;
+
+/* Multi precision integer arithmetic */
+ typedef struct gnutls_crypto_bigint
+ {
+ bigint_t (*bigint_new) (int nbits);
+ void (*bigint_release) (bigint_t n);
+ /* 0 for equality, > 0 for m1>m2, < 0 for m1<m2 */
+ int (*bigint_cmp) (const bigint_t m1, const bigint_t m2);
+ /* as bigint_cmp */
+ int (*bigint_cmp_ui) (const bigint_t m1, unsigned long m2);
+ /* ret = a % b */
+ bigint_t (*bigint_mod) (const bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t (*bigint_set) (bigint_t a, const bigint_t b);
+ /* a = b -> ret == a */
+ bigint_t (*bigint_set_ui) (bigint_t a, unsigned long b);
+ unsigned int (*bigint_get_nbits) (const bigint_t a);
+ /* w = b ^ e mod m */
+ bigint_t (*bigint_powm) (bigint_t w, const bigint_t b,
+ const bigint_t e, const bigint_t m);
+ /* w = a + b mod m */
+ bigint_t (*bigint_addm) (bigint_t w, const bigint_t a,
+ const bigint_t b, const bigint_t m);
+ /* w = a - b mod m */
+ bigint_t (*bigint_subm) (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m);
+ /* w = a * b mod m */
+ bigint_t (*bigint_mulm) (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m);
+ /* w = a + b */ bigint_t (*bigint_add) (bigint_t w, const bigint_t a,
+ const bigint_t b);
+ /* w = a - b */ bigint_t (*bigint_sub) (bigint_t w, const bigint_t a,
+ const bigint_t b);
+ /* w = a * b */
+ bigint_t (*bigint_mul) (bigint_t w, const bigint_t a, const bigint_t b);
+ /* w = a + b */
+ bigint_t (*bigint_add_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a - b */
+ bigint_t (*bigint_sub_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* w = a * b */
+ bigint_t (*bigint_mul_ui) (bigint_t w, const bigint_t a,
+ unsigned long b);
+ /* q = a / b */
+ bigint_t (*bigint_div) (bigint_t q, const bigint_t a, const bigint_t b);
+ /* 0 if prime */
+ int (*bigint_prime_check) (const bigint_t pp);
+ int (*bigint_generate_group) (gnutls_group_st * gg, unsigned int bits);
+
+ /* reads an bigint from a buffer */
+ /* stores an bigint into the buffer. returns
+ * GNUTLS_E_SHORT_MEMORY_BUFFER if buf_size is not sufficient to
+ * store this integer, and updates the buf_size;
+ */
+ bigint_t (*bigint_scan) (const void *buf, size_t buf_size,
+ gnutls_bigint_format_t format);
+ int (*bigint_print) (const bigint_t a, void *buf, size_t * buf_size,
+ gnutls_bigint_format_t format);
+ } gnutls_crypto_bigint_st;
+
+#define GNUTLS_MAX_PK_PARAMS 16
+
+ typedef struct
+ {
+ bigint_t params[GNUTLS_MAX_PK_PARAMS];
+ unsigned int params_nr; /* the number of parameters */
+ unsigned int flags;
+ } gnutls_pk_params_st;
+
+ void gnutls_pk_params_release (gnutls_pk_params_st * p);
+ void gnutls_pk_params_init (gnutls_pk_params_st * p);
+
+/* params are:
+ * RSA:
+ * [0] is modulus
+ * [1] is public exponent
+ * [2] is private exponent (private key only)
+ * [3] is prime1 (p) (private key only)
+ * [4] is prime2 (q) (private key only)
+ * [5] is coefficient (u == inverse of p mod q) (private key only)
+ * [6] e1 == d mod (p-1)
+ * [7] e2 == d mod (q-1)
+ *
+ * note that for libgcrypt that does not use the inverse of q mod p,
+ * we need to perform conversions using fixup_params().
+ *
+ * DSA:
+ * [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is y (public key)
+ * [4] is x (private key only)
+ */
+
+/**
+ * gnutls_direction_t:
+ * @GNUTLS_IMPORT: Import direction.
+ * @GNUTLS_EXPORT: Export direction.
+ *
+ * Enumeration of different directions.
+ */
+ typedef enum
+ {
+ GNUTLS_IMPORT = 0,
+ GNUTLS_EXPORT = 1
+ } gnutls_direction_t;
+
+/* Public key algorithms */
+ typedef struct gnutls_crypto_pk
+ {
+ /* The params structure should contain the private or public key
+ * parameters, depending on the operation */
+ int (*encrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pub);
+ int (*decrypt) (gnutls_pk_algorithm_t, gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * priv);
+
+ int (*sign) (gnutls_pk_algorithm_t, gnutls_datum_t * signature,
+ const gnutls_datum_t * data,
+ const gnutls_pk_params_st * priv);
+ int (*verify) (gnutls_pk_algorithm_t, const gnutls_datum_t * data,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pub);
+
+ int (*generate) (gnutls_pk_algorithm_t, unsigned int nbits,
+ gnutls_pk_params_st *);
+ /* this function should convert params to ones suitable
+ * for the above functions
+ */
+ int (*pk_fixup_private_params) (gnutls_pk_algorithm_t, gnutls_direction_t,
+ gnutls_pk_params_st *);
+
+ } gnutls_crypto_pk_st;
+
+/* priority: infinity for backend algorithms, 90 for kernel
+ algorithms, lowest wins
+ */
+#define gnutls_crypto_single_cipher_register(algo, prio, st) \
+ gnutls_crypto_single_cipher_register2 (algo, prio, \
+ GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_single_mac_register(algo, prio, st) \
+ gnutls_crypto_single_mac_register2 (algo, prio, \
+ GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_single_digest_register(algo, prio, st) \
+ gnutls_crypto_single_digest_register2(algo, prio, \
+ GNUTLS_CRYPTO_API_VERSION, st)
+
+ int gnutls_crypto_single_cipher_register2 (gnutls_cipher_algorithm_t
+ algorithm, int priority,
+ int version,
+ const
+ gnutls_crypto_single_cipher_st *
+ s);
+ int gnutls_crypto_single_mac_register2 (gnutls_mac_algorithm_t algorithm,
+ int priority, int version,
+ const gnutls_crypto_single_mac_st *
+ s);
+ int gnutls_crypto_single_digest_register2 (gnutls_digest_algorithm_t
+ algorithm, int priority,
+ int version,
+ const
+ gnutls_crypto_single_digest_st *
+ s);
+
+#define gnutls_crypto_cipher_register(prio, st) \
+ gnutls_crypto_cipher_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_mac_register(prio, st) \
+ gnutls_crypto_mac_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_digest_register(prio, st) \
+ gnutls_crypto_digest_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+
+ int gnutls_crypto_cipher_register2 (int priority, int version,
+ const gnutls_crypto_cipher_st * s);
+ int gnutls_crypto_mac_register2 (int priority, int version,
+ const gnutls_crypto_mac_st * s);
+ int gnutls_crypto_digest_register2 (int priority, int version,
+ const gnutls_crypto_digest_st * s);
+
+#define gnutls_crypto_rnd_register(prio, st) \
+ gnutls_crypto_rnd_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_pk_register(prio, st) \
+ gnutls_crypto_pk_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+#define gnutls_crypto_bigint_register(prio, st) \
+ gnutls_crypto_bigint_register2 (prio, GNUTLS_CRYPTO_API_VERSION, st)
+
+ int gnutls_crypto_rnd_register2 (int priority, int version,
+ const gnutls_crypto_rnd_st * s);
+ int gnutls_crypto_pk_register2 (int priority, int version,
+ const gnutls_crypto_pk_st * s);
+ int gnutls_crypto_bigint_register2 (int priority, int version,
+ const gnutls_crypto_bigint_st * s);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
--- /dev/null
+/* -*- c -*-
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+ * 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavroyanopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
+ * USA
+ *
+ */
+
+/* This file contains the types and prototypes for all the
+ * high level functionality of gnutls main library. For the
+ * extra functionality (which is under the GNU GPL license) check
+ * the gnutls/extra.h header. The openssl compatibility layer is
+ * in gnutls/openssl.h.
+ *
+ * The low level cipher functionality is in libgcrypt. Check
+ * gcrypt.h
+ */
+
+
+#ifndef GNUTLS_H
+#define GNUTLS_H
+
+/* Get size_t. */
+#include <stddef.h>
+/* Get ssize_t. */
+#ifndef HAVE_SSIZE_T
+#define HAVE_SSIZE_T
+/* *INDENT-OFF* */
+@DEFINE_SSIZE_T@
+/* *INDENT-ON* */
+#endif
+/* Get time_t. */
+#include <time.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#define GNUTLS_VERSION "@VERSION@"
+
+#define GNUTLS_VERSION_MAJOR @MAJOR_VERSION@
+#define GNUTLS_VERSION_MINOR @MINOR_VERSION@
+#define GNUTLS_VERSION_PATCH @PATCH_VERSION@
+
+#define GNUTLS_VERSION_NUMBER @NUMBER_VERSION@
+
+#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
+#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
+#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
+#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
+
+ /**
+ * gnutls_cipher_algorithm_t:
+ * @GNUTLS_CIPHER_UNKNOWN: Unknown algorithm.
+ * @GNUTLS_CIPHER_NULL: NULL algorithm.
+ * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
+ * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
+ * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
+ * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
+ * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
+ * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
+ * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
+ * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
+ * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
+ * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode.
+ * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode.
+ * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode.
+ * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode.
+ * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys.
+ * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys.
+ * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode.
+ *
+ * Enumeration of different symmetric encryption algorithms.
+ */
+ typedef enum gnutls_cipher_algorithm
+ {
+ GNUTLS_CIPHER_UNKNOWN = 0,
+ GNUTLS_CIPHER_NULL = 1,
+ GNUTLS_CIPHER_ARCFOUR_128 = 2,
+ GNUTLS_CIPHER_3DES_CBC = 3,
+ GNUTLS_CIPHER_AES_128_CBC = 4,
+ GNUTLS_CIPHER_AES_256_CBC = 5,
+ GNUTLS_CIPHER_ARCFOUR_40 = 6,
+ GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
+ GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
+ GNUTLS_CIPHER_RC2_40_CBC = 90,
+ GNUTLS_CIPHER_DES_CBC = 91,
+ GNUTLS_CIPHER_AES_192_CBC = 92,
+
+ /* used only for PGP internals. Ignored in TLS/SSL
+ */
+ GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
+ GNUTLS_CIPHER_3DES_PGP_CFB = 201,
+ GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
+ GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
+ GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
+ GNUTLS_CIPHER_AES128_PGP_CFB = 205,
+ GNUTLS_CIPHER_AES192_PGP_CFB = 206,
+ GNUTLS_CIPHER_AES256_PGP_CFB = 207,
+ GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
+ } gnutls_cipher_algorithm_t;
+
+ /**
+ * gnutls_kx_algorithm_t:
+ * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
+ * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
+ * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
+ * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
+ * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
+ * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
+ * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm.
+ * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
+ * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
+ * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
+ * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
+ *
+ * Enumeration of different key exchange algorithms.
+ */
+ typedef enum
+ {
+ GNUTLS_KX_UNKNOWN = 0,
+ GNUTLS_KX_RSA = 1,
+ GNUTLS_KX_DHE_DSS = 2,
+ GNUTLS_KX_DHE_RSA = 3,
+ GNUTLS_KX_ANON_DH = 4,
+ GNUTLS_KX_SRP = 5,
+ GNUTLS_KX_RSA_EXPORT = 6,
+ GNUTLS_KX_SRP_RSA = 7,
+ GNUTLS_KX_SRP_DSS = 8,
+ GNUTLS_KX_PSK = 9,
+ GNUTLS_KX_DHE_PSK = 10
+ } gnutls_kx_algorithm_t;
+
+ /**
+ * gnutls_params_type_t:
+ * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters.
+ * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
+ *
+ * Enumeration of different TLS session parameter types.
+ */
+ typedef enum
+ {
+ GNUTLS_PARAMS_RSA_EXPORT = 1,
+ GNUTLS_PARAMS_DH = 2
+ } gnutls_params_type_t;
+
+ /**
+ * gnutls_credentials_type_t:
+ * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
+ * @GNUTLS_CRD_ANON: Anonymous credential.
+ * @GNUTLS_CRD_SRP: SRP credential.
+ * @GNUTLS_CRD_PSK: PSK credential.
+ * @GNUTLS_CRD_IA: IA credential.
+ *
+ * Enumeration of different credential types.
+ */
+ typedef enum
+ {
+ GNUTLS_CRD_CERTIFICATE = 1,
+ GNUTLS_CRD_ANON,
+ GNUTLS_CRD_SRP,
+ GNUTLS_CRD_PSK,
+ GNUTLS_CRD_IA
+ } gnutls_credentials_type_t;
+
+#define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
+#define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
+
+ /**
+ * gnutls_mac_algorithm_t:
+ * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
+ * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
+ * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
+ * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
+ * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
+ * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
+ * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
+ * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
+ * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
+ * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
+ *
+ * Enumeration of different Message Authentication Code (MAC)
+ * algorithms.
+ */
+ typedef enum
+ {
+ GNUTLS_MAC_UNKNOWN = 0,
+ GNUTLS_MAC_NULL = 1,
+ GNUTLS_MAC_MD5 = 2,
+ GNUTLS_MAC_SHA1 = 3,
+ GNUTLS_MAC_RMD160 = 4,
+ GNUTLS_MAC_MD2 = 5,
+ GNUTLS_MAC_SHA256 = 6,
+ GNUTLS_MAC_SHA384 = 7,
+ GNUTLS_MAC_SHA512 = 8,
+ GNUTLS_MAC_SHA224 = 9
+ /* If you add anything here, make sure you align with
+ gnutls_digest_algorithm_t. */
+ } gnutls_mac_algorithm_t;
+
+ /**
+ * gnutls_digest_algorithm_t:
+ * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
+ * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
+ * @GNUTLS_DIG_MD5: MD5 algorithm.
+ * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
+ * @GNUTLS_DIG_RMD160: RMD160 algorithm.
+ * @GNUTLS_DIG_MD2: MD2 algorithm.
+ * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
+ * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
+ * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
+ * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
+ *
+ * Enumeration of different digest (hash) algorithms.
+ */
+ typedef enum
+ {
+ GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
+ GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
+ GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
+ GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
+ GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
+ GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
+ GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
+ GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
+ GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
+ GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
+ /* If you add anything here, make sure you align with
+ gnutls_mac_algorithm_t. */
+ } gnutls_digest_algorithm_t;
+
+ /* exported for other gnutls headers. This is the maximum number of
+ * algorithms (ciphers, kx or macs).
+ */
+#define GNUTLS_MAX_ALGORITHM_NUM 16
+
+ /**
+ * gnutls_compression_method_t:
+ * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
+ * @GNUTLS_COMP_NULL: The NULL compression method (uncompressed).
+ * @GNUTLS_COMP_DEFLATE: The deflate/zlib compression method.
+ * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
+ * @GNUTLS_COMP_LZO: The non-standard LZO compression method.
+ *
+ * Enumeration of different TLS compression methods.
+ */
+ typedef enum
+ {
+ GNUTLS_COMP_UNKNOWN = 0,
+ GNUTLS_COMP_NULL = 1,
+ GNUTLS_COMP_DEFLATE = 2,
+ GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
+ GNUTLS_COMP_LZO = 3 /* only available if gnutls-extra has
+ been initialized
+ */
+ } gnutls_compression_method_t;
+
+ /**
+ * gnutls_connection_end_t:
+ * @GNUTLS_SERVER: Connection end is a server.
+ * @GNUTLS_CLIENT: Connection end is a client.
+ *
+ * Enumeration of different TLS connection end types.
+ */
+ typedef enum
+ {
+ GNUTLS_SERVER = 1,
+ GNUTLS_CLIENT
+ } gnutls_connection_end_t;
+
+ /**
+ * gnutls_alert_level_t:
+ * @GNUTLS_AL_WARNING: Alert of warning severity.
+ * @GNUTLS_AL_FATAL: Alert of fatal severity.
+ *
+ * Enumeration of different TLS alert severities.
+ */
+ typedef enum
+ {
+ GNUTLS_AL_WARNING = 1,
+ GNUTLS_AL_FATAL
+ } gnutls_alert_level_t;
+
+ /**
+ * gnutls_alert_description_t:
+ * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
+ * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
+ * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
+ * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
+ * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
+ * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
+ * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
+ * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
+ * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
+ * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
+ * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
+ * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
+ * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
+ * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
+ * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
+ * @GNUTLS_A_ACCESS_DENIED: Access was denied.
+ * @GNUTLS_A_DECODE_ERROR: Decode error.
+ * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
+ * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
+ * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
+ * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
+ * @GNUTLS_A_USER_CANCELED: User canceled.
+ * @GNUTLS_A_INTERNAL_ERROR: Internal error.
+ * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
+ * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
+ * specified certificate.
+ * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
+ * sent.
+ * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
+ * recognized.
+ * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
+ * or not known.
+ * @GNUTLS_A_INNER_APPLICATION_FAILURE: Inner application
+ * negotiation failed.
+ * @GNUTLS_A_INNER_APPLICATION_VERIFICATION: Inner application
+ * verification failed.
+ *
+ * Enumeration of different TLS alerts.
+ */
+ typedef enum
+ {
+ GNUTLS_A_CLOSE_NOTIFY,
+ GNUTLS_A_UNEXPECTED_MESSAGE = 10,
+ GNUTLS_A_BAD_RECORD_MAC = 20,
+ GNUTLS_A_DECRYPTION_FAILED,
+ GNUTLS_A_RECORD_OVERFLOW,
+ GNUTLS_A_DECOMPRESSION_FAILURE = 30,
+ GNUTLS_A_HANDSHAKE_FAILURE = 40,
+ GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
+ GNUTLS_A_BAD_CERTIFICATE = 42,
+ GNUTLS_A_UNSUPPORTED_CERTIFICATE,
+ GNUTLS_A_CERTIFICATE_REVOKED,
+ GNUTLS_A_CERTIFICATE_EXPIRED,
+ GNUTLS_A_CERTIFICATE_UNKNOWN,
+ GNUTLS_A_ILLEGAL_PARAMETER,
+ GNUTLS_A_UNKNOWN_CA,
+ GNUTLS_A_ACCESS_DENIED,
+ GNUTLS_A_DECODE_ERROR = 50,
+ GNUTLS_A_DECRYPT_ERROR,
+ GNUTLS_A_EXPORT_RESTRICTION = 60,
+ GNUTLS_A_PROTOCOL_VERSION = 70,
+ GNUTLS_A_INSUFFICIENT_SECURITY,
+ GNUTLS_A_INTERNAL_ERROR = 80,
+ GNUTLS_A_USER_CANCELED = 90,
+ GNUTLS_A_NO_RENEGOTIATION = 100,
+ GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
+ GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
+ GNUTLS_A_UNRECOGNIZED_NAME = 112,
+ GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
+ GNUTLS_A_INNER_APPLICATION_FAILURE = 208,
+ GNUTLS_A_INNER_APPLICATION_VERIFICATION = 209
+ } gnutls_alert_description_t;
+
+ /**
+ * gnutls_handshake_description_t:
+ * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
+ * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
+ * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
+ * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
+ * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
+ * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
+ * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
+ * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
+ * @GNUTLS_HANDSHAKE_FINISHED: Finished.
+ * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
+ *
+ * Enumeration of different TLS handshake packets.
+ */
+ typedef enum
+ {
+ GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
+ GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
+ GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
+ GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
+ GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
+ GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
+ GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
+ GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
+ GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
+ GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
+ GNUTLS_HANDSHAKE_FINISHED = 20,
+ GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23
+ } gnutls_handshake_description_t;
+
+ /**
+ * gnutls_certificate_status_t:
+ * @GNUTLS_CERT_INVALID: Will be set if the certificate was not
+ * verified.
+ * @GNUTLS_CERT_REVOKED: Certificate revoked. In X.509 this will be
+ * set only if CRLs are checked.
+ * @GNUTLS_CERT_SIGNER_NOT_FOUND: Certificate not verified. Signer
+ * not found.
+ * @GNUTLS_CERT_SIGNER_NOT_CA: Certificate not verified. Signer
+ * not a CA certificate.
+ * @GNUTLS_CERT_INSECURE_ALGORITHM: Certificate not verified,
+ * insecure algorithm.
+ * @GNUTLS_CERT_NOT_ACTIVATED: Certificate not yet activated.
+ * @GNUTLS_CERT_EXPIRED: Certificate expired.
+ *
+ * Enumeration of certificate status codes. Note that the status
+ * bits have different meanings in OpenPGP keys and X.509
+ * certificate verification.
+ */
+ typedef enum
+ {
+ GNUTLS_CERT_INVALID = 2,
+ GNUTLS_CERT_REVOKED = 32,
+ GNUTLS_CERT_SIGNER_NOT_FOUND = 64,
+ GNUTLS_CERT_SIGNER_NOT_CA = 128,
+ GNUTLS_CERT_INSECURE_ALGORITHM = 256,
+ GNUTLS_CERT_NOT_ACTIVATED = 512,
+ GNUTLS_CERT_EXPIRED = 1024
+ } gnutls_certificate_status_t;
+
+ /**
+ * gnutls_certificate_request_t:
+ * @GNUTLS_CERT_IGNORE: Ignore certificate.
+ * @GNUTLS_CERT_REQUEST: Request certificate.
+ * @GNUTLS_CERT_REQUIRE: Require certificate.
+ *
+ * Enumeration of certificate request types.
+ */
+ typedef enum
+ {
+ GNUTLS_CERT_IGNORE = 0,
+ GNUTLS_CERT_REQUEST = 1,
+ GNUTLS_CERT_REQUIRE = 2
+ } gnutls_certificate_request_t;
+
+ /**
+ * gnutls_openpgp_crt_status_t:
+ * @GNUTLS_OPENPGP_CERT: Send entire certificate.
+ * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
+ *
+ * Enumeration of ways to send OpenPGP certificate.
+ */
+ typedef enum
+ {
+ GNUTLS_OPENPGP_CERT = 0,
+ GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
+ } gnutls_openpgp_crt_status_t;
+
+ /**
+ * gnutls_close_request_t:
+ * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
+ * @GNUTLS_SHUT_WR: Disallow further sends.
+ *
+ * Enumeration of how TLS session should be terminated. See gnutls_bye().
+ */
+ typedef enum
+ {
+ GNUTLS_SHUT_RDWR = 0,
+ GNUTLS_SHUT_WR = 1
+ } gnutls_close_request_t;
+
+ /**
+ * gnutls_protocol_t:
+ * @GNUTLS_SSL3: SSL version 3.0.
+ * @GNUTLS_TLS1_0: TLS version 1.0.
+ * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
+ * @GNUTLS_TLS1_1: TLS version 1.1.
+ * @GNUTLS_TLS1_2: TLS version 1.2.
+ * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
+ * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
+ *
+ * Enumeration of different SSL/TLS protocol versions.
+ */
+ typedef enum
+ {
+ GNUTLS_SSL3 = 1,
+ GNUTLS_TLS1_0 = 2,
+ GNUTLS_TLS1 = GNUTLS_TLS1_0,
+ GNUTLS_TLS1_1 = 3,
+ GNUTLS_TLS1_2 = 4,
+ GNUTLS_VERSION_MAX = GNUTLS_TLS1_2,
+ GNUTLS_VERSION_UNKNOWN = 0xff
+ } gnutls_protocol_t;
+
+ /**
+ * gnutls_certificate_type_t:
+ * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
+ * @GNUTLS_CRT_X509: X.509 Certificate.
+ * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
+ *
+ * Enumeration of different certificate types.
+ */
+ typedef enum
+ {
+ GNUTLS_CRT_UNKNOWN = 0,
+ GNUTLS_CRT_X509 = 1,
+ GNUTLS_CRT_OPENPGP = 2
+ } gnutls_certificate_type_t;
+
+ /**
+ * gnutls_x509_crt_fmt_t:
+ * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
+ * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
+ *
+ * Enumeration of different certificate encoding formats.
+ */
+ typedef enum
+ {
+ GNUTLS_X509_FMT_DER = 0,
+ GNUTLS_X509_FMT_PEM = 1
+ } gnutls_x509_crt_fmt_t;
+
+ /**
+ * gnutls_certificate_print_formats_t:
+ * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
+ * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
+ * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
+ *
+ * Enumeration of different certificate printing variants.
+ */
+ typedef enum gnutls_certificate_print_formats
+ {
+ GNUTLS_CRT_PRINT_FULL = 0,
+ GNUTLS_CRT_PRINT_ONELINE = 1,
+ GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2
+ } gnutls_certificate_print_formats_t;
+
+ /**
+ * gnutls_pk_algorithm_t:
+ * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
+ * @GNUTLS_PK_RSA: RSA public-key algorithm.
+ * @GNUTLS_PK_DSA: DSA public-key algorithm.
+ * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
+ *
+ * Enumeration of different public-key algorithms.
+ */
+ typedef enum
+ {
+ GNUTLS_PK_UNKNOWN = 0,
+ GNUTLS_PK_RSA = 1,
+ GNUTLS_PK_DSA = 2,
+ GNUTLS_PK_DH = 3
+ } gnutls_pk_algorithm_t;
+
+ const char *gnutls_pk_algorithm_get_name (gnutls_pk_algorithm_t algorithm);
+
+ /**
+ * gnutls_sign_algorithm_t:
+ * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
+ * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
+ * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
+ * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
+ * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
+ * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
+ * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
+ * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
+ * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
+ * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
+ * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
+ * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
+ * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
+ * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
+ *
+ * Enumeration of different digital signature algorithms.
+ */
+ typedef enum
+ {
+ GNUTLS_SIGN_UNKNOWN = 0,
+ GNUTLS_SIGN_RSA_SHA1 = 1,
+ GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
+ GNUTLS_SIGN_DSA_SHA1 = 2,
+ GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
+ GNUTLS_SIGN_RSA_MD5 = 3,
+ GNUTLS_SIGN_RSA_MD2 = 4,
+ GNUTLS_SIGN_RSA_RMD160 = 5,
+ GNUTLS_SIGN_RSA_SHA256 = 6,
+ GNUTLS_SIGN_RSA_SHA384 = 7,
+ GNUTLS_SIGN_RSA_SHA512 = 8,
+ GNUTLS_SIGN_RSA_SHA224 = 9,
+ GNUTLS_SIGN_DSA_SHA224 = 10,
+ GNUTLS_SIGN_DSA_SHA256 = 11
+ } gnutls_sign_algorithm_t;
+
+ const char *gnutls_sign_algorithm_get_name (gnutls_sign_algorithm_t sign);
+
+ /**
+ * gnutls_sec_param_t:
+ * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
+ * @GNUTLS_SEC_PARAM_WEAK: 50 or less bits of security
+ * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
+ * @GNUTLS_SEC_PARAM_NORMAL: 112 bits of security
+ * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
+ * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
+ *
+ * Enumeration of security parameters for passive attacks
+ */
+ typedef enum
+ {
+ GNUTLS_SEC_PARAM_UNKNOWN,
+ GNUTLS_SEC_PARAM_WEAK,
+ GNUTLS_SEC_PARAM_LOW,
+ GNUTLS_SEC_PARAM_NORMAL,
+ GNUTLS_SEC_PARAM_HIGH,
+ GNUTLS_SEC_PARAM_ULTRA
+ } gnutls_sec_param_t;
+
+ /**
+ * gnutls_channel_binding_t:
+ * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
+ *
+ * Enumeration of support channel binding types.
+ */
+ typedef enum
+ {
+ GNUTLS_CB_TLS_UNIQUE
+ } gnutls_channel_binding_t;
+
+/* If you want to change this, then also change the define in
+ * gnutls_int.h, and recompile.
+ */
+ typedef void *gnutls_transport_ptr_t;
+
+ struct gnutls_session_int;
+ typedef struct gnutls_session_int *gnutls_session_t;
+
+ struct gnutls_dh_params_int;
+ typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
+
+ /* XXX ugly. */
+ struct gnutls_x509_privkey_int;
+ typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
+
+ struct gnutls_priority_st;
+ typedef struct gnutls_priority_st *gnutls_priority_t;
+
+ typedef struct
+ {
+ unsigned char *data;
+ unsigned int size;
+ } gnutls_datum_t;
+
+
+ typedef struct gnutls_params_st
+ {
+ gnutls_params_type_t type;
+ union params
+ {
+ gnutls_dh_params_t dh;
+ gnutls_rsa_params_t rsa_export;
+ } params;
+ int deinit;
+ } gnutls_params_st;
+
+ typedef int gnutls_params_function (gnutls_session_t, gnutls_params_type_t,
+ gnutls_params_st *);
+
+/* internal functions */
+
+ int gnutls_init (gnutls_session_t * session,
+ gnutls_connection_end_t con_end);
+ void gnutls_deinit (gnutls_session_t session);
+#define _gnutls_deinit(x) gnutls_deinit(x)
+
+ int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how);
+
+ int gnutls_handshake (gnutls_session_t session);
+ int gnutls_rehandshake (gnutls_session_t session);
+
+ gnutls_alert_description_t gnutls_alert_get (gnutls_session_t session);
+ int gnutls_alert_send (gnutls_session_t session,
+ gnutls_alert_level_t level,
+ gnutls_alert_description_t desc);
+ int gnutls_alert_send_appropriate (gnutls_session_t session, int err);
+ const char *gnutls_alert_get_name (gnutls_alert_description_t alert);
+
+ gnutls_sec_param_t gnutls_pk_bits_to_sec_param (gnutls_pk_algorithm_t algo,
+ unsigned int bits);
+ const char *gnutls_sec_param_get_name (gnutls_sec_param_t param);
+ unsigned int gnutls_sec_param_to_pk_bits (gnutls_pk_algorithm_t algo,
+ gnutls_sec_param_t param);
+
+/* get information on the current session */
+ gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session);
+ gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session);
+ gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session);
+ gnutls_compression_method_t
+ gnutls_compression_get (gnutls_session_t session);
+ gnutls_certificate_type_t
+ gnutls_certificate_type_get (gnutls_session_t session);
+ int gnutls_sign_algorithm_get_requested (gnutls_session_t session,
+ size_t indx,
+ gnutls_sign_algorithm_t * algo);
+
+ size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm);
+ size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm);
+
+/* the name of the specified algorithms */
+ const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm);
+ const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm);
+ const char *gnutls_compression_get_name (gnutls_compression_method_t
+ algorithm);
+ const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm);
+ const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t
+ type);
+ const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm);
+ const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm);
+
+ gnutls_mac_algorithm_t gnutls_mac_get_id (const char *name);
+ gnutls_compression_method_t gnutls_compression_get_id (const char *name);
+ gnutls_cipher_algorithm_t gnutls_cipher_get_id (const char *name);
+ gnutls_kx_algorithm_t gnutls_kx_get_id (const char *name);
+ gnutls_protocol_t gnutls_protocol_get_id (const char *name);
+ gnutls_certificate_type_t gnutls_certificate_type_get_id (const char *name);
+ gnutls_pk_algorithm_t gnutls_pk_get_id (const char *name);
+ gnutls_sign_algorithm_t gnutls_sign_get_id (const char *name);
+
+ /* list supported algorithms */
+ const gnutls_cipher_algorithm_t *gnutls_cipher_list (void);
+ const gnutls_mac_algorithm_t *gnutls_mac_list (void);
+ const gnutls_compression_method_t *gnutls_compression_list (void);
+ const gnutls_protocol_t *gnutls_protocol_list (void);
+ const gnutls_certificate_type_t *gnutls_certificate_type_list (void);
+ const gnutls_kx_algorithm_t *gnutls_kx_list (void);
+ const gnutls_pk_algorithm_t *gnutls_pk_list (void);
+ const gnutls_sign_algorithm_t *gnutls_sign_list (void);
+ const char *gnutls_cipher_suite_info (size_t idx,
+ char *cs_id,
+ gnutls_kx_algorithm_t * kx,
+ gnutls_cipher_algorithm_t * cipher,
+ gnutls_mac_algorithm_t * mac,
+ gnutls_protocol_t * version);
+
+ /* error functions */
+ int gnutls_error_is_fatal (int error);
+ int gnutls_error_to_alert (int err, int *level);
+
+ void gnutls_perror (int error);
+ const char *gnutls_strerror (int error);
+ const char *gnutls_strerror_name (int error);
+
+/* Semi-internal functions.
+ */
+ void gnutls_handshake_set_private_extensions (gnutls_session_t session,
+ int allow);
+ gnutls_handshake_description_t
+ gnutls_handshake_get_last_out (gnutls_session_t session);
+ gnutls_handshake_description_t
+ gnutls_handshake_get_last_in (gnutls_session_t session);
+
+/* Record layer functions.
+ */
+ ssize_t gnutls_record_send (gnutls_session_t session, const void *data,
+ size_t sizeofdata);
+ ssize_t gnutls_record_recv (gnutls_session_t session, void *data,
+ size_t sizeofdata);
+#define gnutls_read gnutls_record_recv
+#define gnutls_write gnutls_record_send
+
+ void gnutls_session_enable_compatibility_mode (gnutls_session_t session);
+
+ void gnutls_record_disable_padding (gnutls_session_t session);
+
+ int gnutls_record_get_direction (gnutls_session_t session);
+
+ size_t gnutls_record_get_max_size (gnutls_session_t session);
+ ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size);
+
+ size_t gnutls_record_check_pending (gnutls_session_t session);
+
+ int gnutls_prf (gnutls_session_t session,
+ size_t label_size, const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out);
+
+ int gnutls_prf_raw (gnutls_session_t session,
+ size_t label_size, const char *label,
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out);
+
+/* TLS Extensions */
+
+ typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
+ const unsigned char *data, size_t len);
+ typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
+ unsigned char *data, size_t len);
+
+ /**
+ * gnutls_ext_parse_type_t:
+ * @GNUTLS_EXT_NONE: Never parsed
+ * @GNUTLS_EXT_ANY: Any extension type.
+ * @GNUTLS_EXT_APPLICATION: Application extension.
+ * @GNUTLS_EXT_TLS: TLS-internal extension.
+ * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
+ *
+ * Enumeration of different TLS extension types. This flag
+ * indicates for an extension whether it is useful to application
+ * level or TLS level only. This is (only) used to parse the
+ * application level extensions before the "client_hello" callback
+ * is called.
+ */
+ typedef enum
+ {
+ GNUTLS_EXT_ANY = 0,
+ GNUTLS_EXT_APPLICATION = 1,
+ GNUTLS_EXT_TLS = 2,
+ GNUTLS_EXT_MANDATORY = 3,
+ GNUTLS_EXT_NONE = 4
+ } gnutls_ext_parse_type_t;
+
+
+ /**
+ * gnutls_server_name_type_t:
+ * @GNUTLS_NAME_DNS: Domain Name System name type.
+ *
+ * Enumeration of different server name types.
+ */
+ typedef enum
+ {
+ GNUTLS_NAME_DNS = 1
+ } gnutls_server_name_type_t;
+
+ int gnutls_server_name_set (gnutls_session_t session,
+ gnutls_server_name_type_t type,
+ const void *name, size_t name_length);
+
+ int gnutls_server_name_get (gnutls_session_t session,
+ void *data, size_t * data_length,
+ unsigned int *type, unsigned int indx);
+
+ /* Safe renegotiation */
+ int gnutls_safe_renegotiation_status (gnutls_session_t session);
+
+ /**
+ * gnutls_supplemental_data_format_type_t:
+ * @GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: Supplemental user mapping data.
+ *
+ * Enumeration of different supplemental data types (RFC 4680).
+ */
+ typedef enum
+ {
+ GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
+ } gnutls_supplemental_data_format_type_t;
+
+ const char
+ *gnutls_supplemental_get_name (gnutls_supplemental_data_format_type_t
+ type);
+
+ /* SessionTicket, RFC 5077. */
+ int gnutls_session_ticket_key_generate (gnutls_datum_t * key);
+ int gnutls_session_ticket_enable_client (gnutls_session_t session);
+ int gnutls_session_ticket_enable_server (gnutls_session_t session,
+ const gnutls_datum_t * key);
+
+/* if you just want some defaults, use the following.
+ */
+ int gnutls_priority_init (gnutls_priority_t * priority_cache,
+ const char *priorities, const char **err_pos);
+ void gnutls_priority_deinit (gnutls_priority_t priority_cache);
+
+ int gnutls_priority_set (gnutls_session_t session,
+ gnutls_priority_t priority);
+ int gnutls_priority_set_direct (gnutls_session_t session,
+ const char *priorities,
+ const char **err_pos);
+
+ /* for compatibility
+ */
+ int gnutls_set_default_priority (gnutls_session_t session);
+ int gnutls_set_default_export_priority (gnutls_session_t session);
+
+/* Returns the name of a cipher suite */
+ const char *gnutls_cipher_suite_get_name (gnutls_kx_algorithm_t
+ kx_algorithm,
+ gnutls_cipher_algorithm_t
+ cipher_algorithm,
+ gnutls_mac_algorithm_t
+ mac_algorithm);
+
+/* get the currently used protocol version */
+ gnutls_protocol_t gnutls_protocol_get_version (gnutls_session_t session);
+
+ const char *gnutls_protocol_get_name (gnutls_protocol_t version);
+
+
+/* get/set session
+ */
+ int gnutls_session_set_data (gnutls_session_t session,
+ const void *session_data,
+ size_t session_data_size);
+ int gnutls_session_get_data (gnutls_session_t session, void *session_data,
+ size_t * session_data_size);
+ int gnutls_session_get_data2 (gnutls_session_t session,
+ gnutls_datum_t * data);
+
+/* returns the session ID */
+#define GNUTLS_MAX_SESSION_ID 32
+ int gnutls_session_get_id (gnutls_session_t session, void *session_id,
+ size_t * session_id_size);
+
+
+ int gnutls_session_channel_binding (gnutls_session_t session,
+ gnutls_channel_binding_t cbtype,
+ gnutls_datum_t * cb);
+
+/* checks if this session is a resumed one
+ */
+ int gnutls_session_is_resumed (gnutls_session_t session);
+
+ typedef int (*gnutls_db_store_func) (void *, gnutls_datum_t key,
+ gnutls_datum_t data);
+ typedef int (*gnutls_db_remove_func) (void *, gnutls_datum_t key);
+ typedef gnutls_datum_t (*gnutls_db_retr_func) (void *, gnutls_datum_t key);
+
+ void gnutls_db_set_cache_expiration (gnutls_session_t session, int seconds);
+
+ void gnutls_db_remove_session (gnutls_session_t session);
+ void gnutls_db_set_retrieve_function (gnutls_session_t session,
+ gnutls_db_retr_func retr_func);
+ void gnutls_db_set_remove_function (gnutls_session_t session,
+ gnutls_db_remove_func rem_func);
+ void gnutls_db_set_store_function (gnutls_session_t session,
+ gnutls_db_store_func store_func);
+ void gnutls_db_set_ptr (gnutls_session_t session, void *ptr);
+ void *gnutls_db_get_ptr (gnutls_session_t session);
+ int gnutls_db_check_entry (gnutls_session_t session,
+ gnutls_datum_t session_entry);
+
+ typedef int (*gnutls_handshake_post_client_hello_func) (gnutls_session_t);
+ void
+ gnutls_handshake_set_post_client_hello_function (gnutls_session_t session,
+ gnutls_handshake_post_client_hello_func
+ func);
+
+ void gnutls_handshake_set_max_packet_length (gnutls_session_t session,
+ size_t max);
+
+/* returns libgnutls version (call it with a NULL argument)
+ */
+ const char *gnutls_check_version (const char *req_version);
+
+/* Functions for setting/clearing credentials
+ */
+ void gnutls_credentials_clear (gnutls_session_t session);
+
+/* cred is a structure defined by the kx algorithm
+ */
+ int gnutls_credentials_set (gnutls_session_t session,
+ gnutls_credentials_type_t type, void *cred);
+#define gnutls_cred_set gnutls_credentials_set
+
+/* Credential structures - used in gnutls_credentials_set(); */
+
+ struct gnutls_certificate_credentials_st;
+ typedef struct gnutls_certificate_credentials_st
+ *gnutls_certificate_credentials_t;
+ typedef gnutls_certificate_credentials_t
+ gnutls_certificate_server_credentials;
+ typedef gnutls_certificate_credentials_t
+ gnutls_certificate_client_credentials;
+
+ typedef struct gnutls_anon_server_credentials_st
+ *gnutls_anon_server_credentials_t;
+ typedef struct gnutls_anon_client_credentials_st
+ *gnutls_anon_client_credentials_t;
+
+ void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t
+ sc);
+ int
+ gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t
+ * sc);
+
+ void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res,
+ gnutls_dh_params_t dh_params);
+
+ void
+ gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t
+ res,
+ gnutls_params_function * func);
+
+ void
+ gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc);
+ int
+ gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t
+ * sc);
+
+/* CERTFILE is an x509 certificate in PEM form.
+ * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
+ */
+ void
+ gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc);
+ int
+ gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t
+ * res);
+
+ void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc);
+ void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc);
+ void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc);
+ void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc);
+
+ void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res,
+ gnutls_dh_params_t dh_params);
+ void
+ gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t
+ res,
+ gnutls_rsa_params_t rsa_params);
+ void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
+ res, unsigned int flags);
+ void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
+ res, unsigned int max_bits,
+ unsigned int max_depth);
+
+ int
+ gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t
+ res, const char *cafile,
+ gnutls_x509_crt_fmt_t type);
+ int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * ca,
+ gnutls_x509_crt_fmt_t type);
+
+ int
+ gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t
+ res, const char *crlfile,
+ gnutls_x509_crt_fmt_t type);
+ int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * CRL,
+ gnutls_x509_crt_fmt_t type);
+
+ int
+ gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ gnutls_x509_crt_fmt_t type);
+ int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_x509_crt_fmt_t type);
+
+ void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session,
+ int status);
+
+ int gnutls_certificate_set_x509_simple_pkcs12_file
+ (gnutls_certificate_credentials_t res, const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type, const char *password);
+ int gnutls_certificate_set_x509_simple_pkcs12_mem
+ (gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
+ gnutls_x509_crt_fmt_t type, const char *password);
+
+/* New functions to allow setting already parsed X.509 stuff.
+ */
+ struct gnutls_x509_privkey_int;
+ typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
+
+ struct gnutls_x509_crl_int;
+ typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
+
+ struct gnutls_x509_crt_int;
+ typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
+
+ struct gnutls_x509_crq_int;
+ typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
+
+ struct gnutls_openpgp_keyring_int;
+ typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
+
+ int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * cert_list,
+ int cert_list_size,
+ gnutls_x509_privkey_t key);
+ int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res,
+ gnutls_x509_crt_t * ca_list,
+ int ca_list_size);
+ int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res,
+ gnutls_x509_crl_t * crl_list,
+ int crl_list_size);
+
+
+
+/* global state functions
+ */
+ int gnutls_global_init (void);
+ void gnutls_global_deinit (void);
+
+ typedef int (*mutex_init_func) (void **mutex);
+ typedef int (*mutex_lock_func) (void **mutex);
+ typedef int (*mutex_unlock_func) (void **mutex);
+ typedef int (*mutex_deinit_func) (void **mutex);
+
+ void gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
+ mutex_lock_func lock, mutex_unlock_func unlock);
+
+ typedef void *(*gnutls_alloc_function) (size_t);
+ typedef void *(*gnutls_calloc_function) (size_t, size_t);
+ typedef int (*gnutls_is_secure_function) (const void *);
+ typedef void (*gnutls_free_function) (void *);
+ typedef void *(*gnutls_realloc_function) (void *, size_t);
+
+ void
+ gnutls_global_set_mem_functions (gnutls_alloc_function alloc_func,
+ gnutls_alloc_function secure_alloc_func,
+ gnutls_is_secure_function is_secure_func,
+ gnutls_realloc_function realloc_func,
+ gnutls_free_function free_func);
+
+/* For use in callbacks */
+ extern gnutls_alloc_function gnutls_malloc;
+ extern gnutls_alloc_function gnutls_secure_malloc;
+ extern gnutls_realloc_function gnutls_realloc;
+ extern gnutls_calloc_function gnutls_calloc;
+ extern gnutls_free_function gnutls_free;
+
+ extern char *(*gnutls_strdup) (const char *);
+
+ typedef void (*gnutls_log_func) (int, const char *);
+ void gnutls_global_set_log_function (gnutls_log_func log_func);
+ void gnutls_global_set_log_level (int level);
+
+/* Diffie-Hellman parameter handling.
+ */
+ int gnutls_dh_params_init (gnutls_dh_params_t * dh_params);
+ void gnutls_dh_params_deinit (gnutls_dh_params_t dh_params);
+ int gnutls_dh_params_import_raw (gnutls_dh_params_t dh_params,
+ const gnutls_datum_t * prime,
+ const gnutls_datum_t * generator);
+ int gnutls_dh_params_import_pkcs3 (gnutls_dh_params_t params,
+ const gnutls_datum_t * pkcs3_params,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_dh_params_generate2 (gnutls_dh_params_t params,
+ unsigned int bits);
+ int gnutls_dh_params_export_pkcs3 (gnutls_dh_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ int gnutls_dh_params_export_raw (gnutls_dh_params_t params,
+ gnutls_datum_t * prime,
+ gnutls_datum_t * generator,
+ unsigned int *bits);
+ int gnutls_dh_params_cpy (gnutls_dh_params_t dst, gnutls_dh_params_t src);
+
+
+/* RSA params
+ */
+ int gnutls_rsa_params_init (gnutls_rsa_params_t * rsa_params);
+ void gnutls_rsa_params_deinit (gnutls_rsa_params_t rsa_params);
+ int gnutls_rsa_params_cpy (gnutls_rsa_params_t dst,
+ gnutls_rsa_params_t src);
+ int gnutls_rsa_params_import_raw (gnutls_rsa_params_t rsa_params,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
+ int gnutls_rsa_params_generate2 (gnutls_rsa_params_t params,
+ unsigned int bits);
+ int gnutls_rsa_params_export_raw (gnutls_rsa_params_t params,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ unsigned int *bits);
+ int gnutls_rsa_params_export_pkcs1 (gnutls_rsa_params_t params,
+ gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data,
+ size_t * params_data_size);
+ int gnutls_rsa_params_import_pkcs1 (gnutls_rsa_params_t params,
+ const gnutls_datum_t * pkcs1_params,
+ gnutls_x509_crt_fmt_t format);
+
+/* Session stuff
+ */
+ typedef struct
+ {
+ void *iov_base; /* Starting address */
+ size_t iov_len; /* Number of bytes to transfer */
+ } giovec_t;
+
+ typedef ssize_t (*gnutls_pull_func) (gnutls_transport_ptr_t, void *,
+ size_t);
+ typedef ssize_t (*gnutls_push_func) (gnutls_transport_ptr_t, const void *,
+ size_t);
+
+ typedef ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t,
+ const giovec_t * iov, int iovcnt);
+
+ typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
+
+ void gnutls_transport_set_ptr (gnutls_session_t session,
+ gnutls_transport_ptr_t ptr);
+ void gnutls_transport_set_ptr2 (gnutls_session_t session,
+ gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr);
+
+ gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session);
+ void gnutls_transport_get_ptr2 (gnutls_session_t session,
+ gnutls_transport_ptr_t * recv_ptr,
+ gnutls_transport_ptr_t * send_ptr);
+
+
+
+ void gnutls_transport_set_vec_push_function (gnutls_session_t session,
+ gnutls_vec_push_func vec_func);
+ void gnutls_transport_set_push_function (gnutls_session_t session,
+ gnutls_push_func push_func);
+ void gnutls_transport_set_pull_function (gnutls_session_t session,
+ gnutls_pull_func pull_func);
+
+ void gnutls_transport_set_errno_function (gnutls_session_t session,
+ gnutls_errno_func errno_func);
+
+ void gnutls_transport_set_errno (gnutls_session_t session, int err);
+ void gnutls_transport_set_global_errno (int err);
+
+/* session specific
+ */
+ void gnutls_session_set_ptr (gnutls_session_t session, void *ptr);
+ void *gnutls_session_get_ptr (gnutls_session_t session);
+
+ void gnutls_openpgp_send_cert (gnutls_session_t session,
+ gnutls_openpgp_crt_status_t status);
+
+/* fingerprint
+ * Actually this function returns the hash of the given data.
+ */
+ int gnutls_fingerprint (gnutls_digest_algorithm_t algo,
+ const gnutls_datum_t * data, void *result,
+ size_t * result_size);
+
+
+/* SRP
+ */
+
+ typedef struct gnutls_srp_server_credentials_st
+ *gnutls_srp_server_credentials_t;
+ typedef struct gnutls_srp_client_credentials_st
+ *gnutls_srp_client_credentials_t;
+
+ void
+ gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc);
+ int
+ gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t *
+ sc);
+ int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res,
+ const char *username,
+ const char *password);
+
+ void
+ gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc);
+ int
+ gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t *
+ sc);
+ int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t
+ res, const char *password_file,
+ const char *password_conf_file);
+
+ const char *gnutls_srp_server_get_username (gnutls_session_t session);
+
+ extern void gnutls_srp_set_prime_bits (gnutls_session_t session,
+ unsigned int bits);
+
+ int gnutls_srp_verifier (const char *username,
+ const char *password,
+ const gnutls_datum_t * salt,
+ const gnutls_datum_t * generator,
+ const gnutls_datum_t * prime,
+ gnutls_datum_t * res);
+
+/* The static parameters defined in draft-ietf-tls-srp-05
+ * Those should be used as input to gnutls_srp_verifier().
+ */
+ extern const gnutls_datum_t gnutls_srp_2048_group_prime;
+ extern const gnutls_datum_t gnutls_srp_2048_group_generator;
+
+ extern const gnutls_datum_t gnutls_srp_1536_group_prime;
+ extern const gnutls_datum_t gnutls_srp_1536_group_generator;
+
+ extern const gnutls_datum_t gnutls_srp_1024_group_prime;
+ extern const gnutls_datum_t gnutls_srp_1024_group_generator;
+
+ typedef int gnutls_srp_server_credentials_function (gnutls_session_t,
+ const char *username,
+ gnutls_datum_t * salt,
+ gnutls_datum_t *
+ verifier,
+ gnutls_datum_t *
+ generator,
+ gnutls_datum_t * prime);
+ void
+ gnutls_srp_set_server_credentials_function
+ (gnutls_srp_server_credentials_t cred,
+ gnutls_srp_server_credentials_function * func);
+
+ typedef int gnutls_srp_client_credentials_function (gnutls_session_t,
+ char **, char **);
+ void
+ gnutls_srp_set_client_credentials_function
+ (gnutls_srp_client_credentials_t cred,
+ gnutls_srp_client_credentials_function * func);
+
+ int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result,
+ size_t * result_size);
+ int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data,
+ gnutls_datum_t * result);
+
+ int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result,
+ size_t * result_size);
+ int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result);
+
+/* PSK stuff */
+ typedef struct gnutls_psk_server_credentials_st
+ *gnutls_psk_server_credentials_t;
+ typedef struct gnutls_psk_client_credentials_st
+ *gnutls_psk_client_credentials_t;
+
+ /**
+ * gnutls_psk_key_flags:
+ * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
+ * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
+ *
+ * Enumeration of different PSK key flags.
+ */
+ typedef enum gnutls_psk_key_flags
+ {
+ GNUTLS_PSK_KEY_RAW = 0,
+ GNUTLS_PSK_KEY_HEX
+ } gnutls_psk_key_flags;
+
+ void
+ gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc);
+ int
+ gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t *
+ sc);
+ int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res,
+ const char *username,
+ const gnutls_datum_t * key,
+ gnutls_psk_key_flags format);
+
+ void
+ gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc);
+ int
+ gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t *
+ sc);
+ int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t
+ res, const char *password_file);
+
+ int
+ gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t
+ res, const char *hint);
+
+ const char *gnutls_psk_server_get_username (gnutls_session_t session);
+ const char *gnutls_psk_client_get_hint (gnutls_session_t session);
+
+ typedef int gnutls_psk_server_credentials_function (gnutls_session_t,
+ const char *username,
+ gnutls_datum_t * key);
+ void
+ gnutls_psk_set_server_credentials_function
+ (gnutls_psk_server_credentials_t cred,
+ gnutls_psk_server_credentials_function * func);
+
+ typedef int gnutls_psk_client_credentials_function (gnutls_session_t,
+ char **username,
+ gnutls_datum_t * key);
+ void
+ gnutls_psk_set_client_credentials_function
+ (gnutls_psk_client_credentials_t cred,
+ gnutls_psk_client_credentials_function * func);
+
+ int gnutls_hex_encode (const gnutls_datum_t * data, char *result,
+ size_t * result_size);
+ int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result,
+ size_t * result_size);
+
+ void
+ gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res,
+ gnutls_dh_params_t dh_params);
+
+ void
+ gnutls_psk_set_server_params_function (gnutls_psk_server_credentials_t
+ res,
+ gnutls_params_function * func);
+
+ /**
+ * gnutls_x509_subject_alt_name_t:
+ * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
+ * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
+ * @GNUTLS_SAN_URI: URI SAN.
+ * @GNUTLS_SAN_IPADDRESS: IP address SAN.
+ * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
+ * @GNUTLS_SAN_DN: DN SAN.
+ * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
+ * gnutls_x509_crt_get_subject_alt_othername_oid().
+ *
+ * Enumeration of different subject alternative names types.
+ */
+ typedef enum gnutls_x509_subject_alt_name_t
+ {
+ GNUTLS_SAN_DNSNAME = 1,
+ GNUTLS_SAN_RFC822NAME = 2,
+ GNUTLS_SAN_URI = 3,
+ GNUTLS_SAN_IPADDRESS = 4,
+ GNUTLS_SAN_OTHERNAME = 5,
+ GNUTLS_SAN_DN = 6,
+ /* The following are "virtual" subject alternative name types, in
+ that they are represented by an otherName value and an OID.
+ Used by gnutls_x509_crt_get_subject_alt_othername_oid(). */
+ GNUTLS_SAN_OTHERNAME_XMPP = 1000
+ } gnutls_x509_subject_alt_name_t;
+
+ struct gnutls_openpgp_crt_int;
+ typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
+
+ struct gnutls_openpgp_privkey_int;
+ typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
+
+ struct gnutls_pkcs11_privkey_st;
+ typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
+
+ typedef enum
+ {
+ GNUTLS_PRIVKEY_X509, /* gnutls_x509_privkey_t */
+ GNUTLS_PRIVKEY_OPENPGP, /* gnutls_openpgp_privkey_t */
+ GNUTLS_PRIVKEY_PKCS11 /* gnutls_pkcs11_privkey_t */
+ } gnutls_privkey_type_t;
+
+ typedef struct gnutls_retr2_st
+ {
+ gnutls_certificate_type_t cert_type;
+ gnutls_privkey_type_t key_type;
+
+ union
+ {
+ gnutls_x509_crt_t *x509;
+ gnutls_openpgp_crt_t pgp;
+ } cert;
+ unsigned int ncerts; /* one for pgp keys */
+
+ union
+ {
+ gnutls_x509_privkey_t x509;
+ gnutls_openpgp_privkey_t pgp;
+ gnutls_pkcs11_privkey_t pkcs11;
+ } key;
+
+ unsigned int deinit_all; /* if non zero all keys will be deinited */
+ } gnutls_retr2_st;
+
+
+ /* Functions that allow auth_info_t structures handling
+ */
+
+ gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session);
+ gnutls_credentials_type_t
+ gnutls_auth_server_get_type (gnutls_session_t session);
+ gnutls_credentials_type_t
+ gnutls_auth_client_get_type (gnutls_session_t session);
+
+ /* DH */
+
+ void gnutls_dh_set_prime_bits (gnutls_session_t session, unsigned int bits);
+ int gnutls_dh_get_secret_bits (gnutls_session_t session);
+ int gnutls_dh_get_peers_public_bits (gnutls_session_t session);
+ int gnutls_dh_get_prime_bits (gnutls_session_t session);
+
+ int gnutls_dh_get_group (gnutls_session_t session, gnutls_datum_t * raw_gen,
+ gnutls_datum_t * raw_prime);
+ int gnutls_dh_get_pubkey (gnutls_session_t session,
+ gnutls_datum_t * raw_key);
+
+ /* RSA */
+ int gnutls_rsa_export_get_pubkey (gnutls_session_t session,
+ gnutls_datum_t * exponent,
+ gnutls_datum_t * modulus);
+ int gnutls_rsa_export_get_modulus_bits (gnutls_session_t session);
+
+ /* X509PKI */
+
+
+ /* These are set on the credentials structure.
+ */
+
+ typedef int gnutls_certificate_retrieve_function (gnutls_session_t,
+ const
+ gnutls_datum_t *
+ req_ca_rdn,
+ int nreqs,
+ const
+ gnutls_pk_algorithm_t
+ * pk_algos,
+ int
+ pk_algos_length,
+ gnutls_retr2_st *);
+
+
+ void gnutls_certificate_set_retrieve_function
+ (gnutls_certificate_credentials_t cred,
+ gnutls_certificate_retrieve_function * func);
+
+ typedef int gnutls_certificate_verify_function (gnutls_session_t);
+ void
+ gnutls_certificate_set_verify_function (gnutls_certificate_credentials_t
+ cred,
+ gnutls_certificate_verify_function
+ * func);
+
+ void
+ gnutls_certificate_server_set_request (gnutls_session_t session,
+ gnutls_certificate_request_t req);
+
+ /* get data from the session
+ */
+ const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t
+ session,
+ unsigned int
+ *list_size);
+ const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t
+ session);
+
+ time_t gnutls_certificate_activation_time_peers (gnutls_session_t session);
+ time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session);
+
+ int gnutls_certificate_client_get_request_status (gnutls_session_t session);
+ int gnutls_certificate_verify_peers2 (gnutls_session_t session,
+ unsigned int *status);
+
+ int gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
+ char *result, size_t * result_size);
+ int gnutls_pem_base64_decode (const char *header,
+ const gnutls_datum_t * b64_data,
+ unsigned char *result, size_t * result_size);
+
+ int gnutls_pem_base64_encode_alloc (const char *msg,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * result);
+ int gnutls_pem_base64_decode_alloc (const char *header,
+ const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result);
+
+ /* key_usage will be an OR of the following values:
+ */
+
+ /* when the key is to be used for signing: */
+#define GNUTLS_KEY_DIGITAL_SIGNATURE 128
+#define GNUTLS_KEY_NON_REPUDIATION 64
+ /* when the key is to be used for encryption: */
+#define GNUTLS_KEY_KEY_ENCIPHERMENT 32
+#define GNUTLS_KEY_DATA_ENCIPHERMENT 16
+#define GNUTLS_KEY_KEY_AGREEMENT 8
+#define GNUTLS_KEY_KEY_CERT_SIGN 4
+#define GNUTLS_KEY_CRL_SIGN 2
+#define GNUTLS_KEY_ENCIPHER_ONLY 1
+#define GNUTLS_KEY_DECIPHER_ONLY 32768
+
+ void
+ gnutls_certificate_set_params_function (gnutls_certificate_credentials_t
+ res,
+ gnutls_params_function * func);
+ void gnutls_anon_set_params_function (gnutls_anon_server_credentials_t res,
+ gnutls_params_function * func);
+ void gnutls_psk_set_params_function (gnutls_psk_server_credentials_t res,
+ gnutls_params_function * func);
+
+ int gnutls_hex2bin (const char *hex_data, size_t hex_size,
+ char *bin_data, size_t * bin_size);
+
+ /* Gnutls error codes. The mapping to a TLS alert is also shown in
+ * comments.
+ */
+
+#define GNUTLS_E_SUCCESS 0
+#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
+#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
+#define GNUTLS_E_LARGE_PACKET -7
+#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
+#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
+#define GNUTLS_E_INVALID_SESSION -10
+#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
+#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
+#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
+#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
+#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
+#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
+#define GNUTLS_E_UNWANTED_ALGORITHM -22
+#define GNUTLS_E_MPI_SCAN_FAILED -23
+#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
+#define GNUTLS_E_MEMORY_ERROR -25
+#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
+#define GNUTLS_E_COMPRESSION_FAILED -27
+#define GNUTLS_E_AGAIN -28
+#define GNUTLS_E_EXPIRED -29
+#define GNUTLS_E_DB_ERROR -30
+#define GNUTLS_E_SRP_PWD_ERROR -31
+#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
+#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
+#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
+#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
+
+#define GNUTLS_E_HASH_FAILED -33
+#define GNUTLS_E_BASE64_DECODING_ERROR -34
+
+#define GNUTLS_E_MPI_PRINT_FAILED -35
+#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
+#define GNUTLS_E_GOT_APPLICATION_DATA -38
+#define GNUTLS_E_RECORD_LIMIT_REACHED -39
+#define GNUTLS_E_ENCRYPTION_FAILED -40
+
+#define GNUTLS_E_PK_ENCRYPTION_FAILED -44
+#define GNUTLS_E_PK_DECRYPTION_FAILED -45
+#define GNUTLS_E_PK_SIGN_FAILED -46
+#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
+#define GNUTLS_E_KEY_USAGE_VIOLATION -48
+#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
+#define GNUTLS_E_INVALID_REQUEST -50
+#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
+#define GNUTLS_E_INTERRUPTED -52
+#define GNUTLS_E_PUSH_ERROR -53
+#define GNUTLS_E_PULL_ERROR -54
+#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
+#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
+#define GNUTLS_E_PKCS1_WRONG_PAD -57
+#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
+#define GNUTLS_E_INTERNAL_ERROR -59
+#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
+#define GNUTLS_E_FILE_ERROR -64
+#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
+#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
+
+
+ /* returned if libextra functionality was requested but
+ * gnutls_global_init_extra() was not called.
+ */
+#define GNUTLS_E_INIT_LIBEXTRA -82
+#define GNUTLS_E_LIBRARY_VERSION_MISMATCH -83
+
+
+ /* returned if you need to generate temporary RSA
+ * parameters. These are needed for export cipher suites.
+ */
+#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
+
+#define GNUTLS_E_LZO_INIT_FAILED -85
+#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
+#define GNUTLS_E_NO_CIPHER_SUITES -87
+
+#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
+#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
+
+#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
+#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
+#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
+
+ /* For certificate and key stuff
+ */
+#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
+#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
+#define GNUTLS_E_ASN1_DER_ERROR -69
+#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
+#define GNUTLS_E_ASN1_GENERIC_ERROR -71
+#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
+#define GNUTLS_E_ASN1_TAG_ERROR -73
+#define GNUTLS_E_ASN1_TAG_IMPLICIT -74
+#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
+#define GNUTLS_E_ASN1_SYNTAX_ERROR -76
+#define GNUTLS_E_ASN1_DER_OVERFLOW -77
+#define GNUTLS_E_OPENPGP_UID_REVOKED -79
+#define GNUTLS_E_CERTIFICATE_ERROR -43
+#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
+#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
+#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
+#define GNUTLS_E_X509_UNKNOWN_SAN -62
+#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
+#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
+#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
+#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
+#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
+#define GNUTLS_E_INVALID_PASSWORD -99
+#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
+#define GNUTLS_E_CONSTRAINT_ERROR -101
+
+#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
+#define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
+
+#define GNUTLS_E_IA_VERIFY_FAILED -104
+#define GNUTLS_E_UNKNOWN_ALGORITHM -105
+#define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
+#define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
+#define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
+#define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
+
+#define GNUTLS_E_BASE64_ENCODING_ERROR -201
+#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
+#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
+#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
+
+#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
+#define GNUTLS_E_X509_UNSUPPORTED_OID -205
+
+#define GNUTLS_E_RANDOM_FAILED -206
+#define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
+
+#define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
+
+#define GNUTLS_E_CRYPTO_ALREADY_REGISTERED -209
+
+#define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
+
+#define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
+#define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
+
+#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
+#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
+#define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
+
+/* PKCS11 related */
+#define GNUTLS_E_PKCS11_ERROR -300
+#define GNUTLS_E_PKCS11_LOAD_ERROR -301
+#define GNUTLS_E_PARSING_ERROR -302
+#define GNUTLS_E_PKCS11_PIN_ERROR -303
+
+#define GNUTLS_E_PKCS11_SLOT_ERROR -305
+#define GNUTLS_E_LOCKING_ERROR -306
+#define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
+#define GNUTLS_E_PKCS11_DEVICE_ERROR -308
+#define GNUTLS_E_PKCS11_DATA_ERROR -309
+#define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
+#define GNUTLS_E_PKCS11_KEY_ERROR -311
+#define GNUTLS_E_PKCS11_PIN_EXPIRED -312
+#define GNUTLS_E_PKCS11_PIN_LOCKED -313
+#define GNUTLS_E_PKCS11_SESSION_ERROR -314
+#define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
+#define GNUTLS_E_PKCS11_TOKEN_ERROR -316
+#define GNUTLS_E_PKCS11_USER_ERROR -317
+
+#define GNUTLS_E_CRYPTO_INIT_FAILED -318
+
+#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
+
+
+
+#define GNUTLS_E_APPLICATION_ERROR_MAX -65000
+#define GNUTLS_E_APPLICATION_ERROR_MIN -65500
+
+#ifdef __cplusplus
+}
+#endif
+
+#include <gnutls/compat.h>
+
+#endif /* GNUTLS_H */
--- /dev/null
+#ifndef GNUTLSXX_H
+#define GNUTLSXX_H
+
+#include <exception>
+#include <vector>
+#include <gnutls/gnutls.h>
+
+namespace gnutls
+{
+
+ class noncopyable
+ {
+ protected:
+ noncopyable ()
+ {
+ }
+ ~noncopyable ()
+ {
+ }
+
+ private:
+ // These are non-implemented.
+ noncopyable (const noncopyable &);
+ noncopyable & operator= (const noncopyable &);
+ };
+
+
+ class exception:public std::exception
+ {
+ public:
+ exception (int x);
+ const char *what () const throw ();
+ int get_code ();
+ protected:
+ int retcode;
+ };
+
+
+ class dh_params:private noncopyable
+ {
+ public:
+ dh_params ();
+ ~dh_params ();
+ void import_raw (const gnutls_datum_t & prime,
+ const gnutls_datum_t & generator);
+ void import_pkcs3 (const gnutls_datum_t & pkcs3_params,
+ gnutls_x509_crt_fmt_t format);
+ void generate (unsigned int bits);
+
+ void export_pkcs3 (gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data, size_t * params_data_size);
+ void export_raw (gnutls_datum_t & prime, gnutls_datum_t & generator);
+
+ gnutls_dh_params_t get_params_t () const;
+ dh_params & operator= (const dh_params & src);
+ protected:
+ gnutls_dh_params_t params;
+ };
+
+
+ class rsa_params:private noncopyable
+ {
+ public:
+ rsa_params ();
+ ~rsa_params ();
+ void import_raw (const gnutls_datum_t & m,
+ const gnutls_datum_t & e,
+ const gnutls_datum_t & d,
+ const gnutls_datum_t & p,
+ const gnutls_datum_t & q, const gnutls_datum_t & u);
+ void import_pkcs1 (const gnutls_datum_t & pkcs1_params,
+ gnutls_x509_crt_fmt_t format);
+ void generate (unsigned int bits);
+
+ void export_pkcs1 (gnutls_x509_crt_fmt_t format,
+ unsigned char *params_data, size_t * params_data_size);
+ void export_raw (gnutls_datum_t & m, gnutls_datum_t & e,
+ gnutls_datum_t & d, gnutls_datum_t & p,
+ gnutls_datum_t & q, gnutls_datum_t & u);
+ gnutls_rsa_params_t get_params_t () const;
+ rsa_params & operator= (const rsa_params & src);
+
+ protected:
+ gnutls_rsa_params_t params;
+ };
+
+ class session:private noncopyable
+ {
+ protected:
+ gnutls_session_t s;
+ public:
+ session (gnutls_connection_end_t);
+ virtual ~ session ();
+
+ int bye (gnutls_close_request_t how);
+ int handshake ();
+
+ gnutls_alert_description_t get_alert () const;
+
+ int send_alert (gnutls_alert_level_t level,
+ gnutls_alert_description_t desc);
+ int send_appropriate_alert (int err);
+
+ gnutls_cipher_algorithm_t get_cipher () const;
+ gnutls_kx_algorithm_t get_kx () const;
+ gnutls_mac_algorithm_t get_mac () const;
+ gnutls_compression_method_t get_compression () const;
+ gnutls_certificate_type_t get_certificate_type () const;
+
+ // for the handshake
+ void set_private_extensions (bool allow);
+
+ gnutls_handshake_description_t get_handshake_last_out () const;
+ gnutls_handshake_description_t get_handshake_last_in () const;
+
+ ssize_t send (const void *data, size_t sizeofdata);
+ ssize_t recv (void *data, size_t sizeofdata);
+
+ bool get_record_direction () const;
+
+ // maximum packet size
+ size_t get_max_size () const;
+ void set_max_size (size_t size);
+
+ size_t check_pending () const;
+
+ void prf (size_t label_size, const char *label,
+ int server_random_first,
+ size_t extra_size, const char *extra,
+ size_t outsize, char *out);
+
+ void prf_raw (size_t label_size, const char *label,
+ size_t seed_size, const char *seed,
+ size_t outsize, char *out);
+
+ void set_cipher_priority (const int *list);
+ void set_mac_priority (const int *list);
+ void set_compression_priority (const int *list);
+ void set_kx_priority (const int *list);
+ void set_protocol_priority (const int *list);
+ void set_certificate_type_priority (const int *list);
+
+ /* if you just want some defaults, use the following.
+ */
+ void set_priority (const char *prio, const char **err_pos);
+ void set_priority (gnutls_priority_t p);
+
+ gnutls_protocol_t get_protocol_version () const;
+
+ // for resuming sessions
+ void set_data (const void *session_data, size_t session_data_size);
+ void get_data (void *session_data, size_t * session_data_size) const;
+ void get_data (gnutls_session_t session, gnutls_datum_t & data) const;
+ void get_id (void *session_id, size_t * session_id_size) const;
+
+ bool is_resumed () const;
+
+ void set_max_handshake_packet_length (size_t max);
+
+ void clear_credentials ();
+ void set_credentials (class credentials & cred);
+
+ void set_transport_ptr (gnutls_transport_ptr_t ptr);
+ void set_transport_ptr (gnutls_transport_ptr_t recv_ptr,
+ gnutls_transport_ptr_t send_ptr);
+ gnutls_transport_ptr_t get_transport_ptr () const;
+ void get_transport_ptr (gnutls_transport_ptr_t & recv_ptr,
+ gnutls_transport_ptr_t & send_ptr) const;
+
+ void set_transport_lowat (size_t num);
+ void set_transport_push_function (gnutls_push_func push_func);
+ void set_transport_pull_function (gnutls_pull_func pull_func);
+
+ void set_user_ptr (void *ptr);
+ void *get_user_ptr () const;
+
+ void send_openpgp_cert (gnutls_openpgp_crt_status_t status);
+
+ gnutls_credentials_type_t get_auth_type () const;
+ gnutls_credentials_type_t get_server_auth_type () const;
+ gnutls_credentials_type_t get_client_auth_type () const;
+
+ // informational stuff
+ void set_dh_prime_bits (unsigned int bits);
+ unsigned int get_dh_secret_bits () const;
+ unsigned int get_dh_peers_public_bits () const;
+ unsigned int get_dh_prime_bits () const;
+ void get_dh_group (gnutls_datum_t & gen, gnutls_datum_t & prime) const;
+ void get_dh_pubkey (gnutls_datum_t & raw_key) const;
+ void get_rsa_export_pubkey (gnutls_datum_t & exponent,
+ gnutls_datum_t & modulus) const;
+ unsigned int get_rsa_export_modulus_bits () const;
+
+ void get_our_certificate (gnutls_datum_t & cert) const;
+ bool get_peers_certificate (std::vector < gnutls_datum_t >
+ &out_certs) const;
+ bool get_peers_certificate (const gnutls_datum_t ** certs,
+ unsigned int *certs_size) const;
+
+ time_t get_peers_certificate_activation_time () const;
+ time_t get_peers_certificate_expiration_time () const;
+ void verify_peers_certificate (unsigned int &status) const;
+
+ };
+
+// interface for databases
+ class DB:private noncopyable
+ {
+ public:
+ virtual ~ DB () = 0;
+ virtual bool store (const gnutls_datum_t & key,
+ const gnutls_datum_t & data) = 0;
+ virtual bool retrieve (const gnutls_datum_t & key,
+ gnutls_datum_t & data) = 0;
+ virtual bool remove (const gnutls_datum_t & key) = 0;
+ };
+
+ class server_session:public session
+ {
+ public:
+ server_session ();
+ ~server_session ();
+ void db_remove () const;
+
+ void set_db_cache_expiration (unsigned int seconds);
+ void set_db (const DB & db);
+
+ // returns true if session is expired
+ bool db_check_entry (gnutls_datum_t & session_data) const;
+
+ // server side only
+ const char *get_srp_username () const;
+ const char *get_psk_username () const;
+
+ void get_server_name (void *data, size_t * data_length,
+ unsigned int *type, unsigned int indx) const;
+
+ int rehandshake ();
+ void set_certificate_request (gnutls_certificate_request_t);
+ };
+
+ class client_session:public session
+ {
+ public:
+ client_session ();
+ ~client_session ();
+
+ void set_server_name (gnutls_server_name_type_t type,
+ const void *name, size_t name_length);
+
+ bool get_request_status ();
+ };
+
+
+ class credentials:private noncopyable
+ {
+ public:
+ virtual ~ credentials ()
+ {
+ }
+ gnutls_credentials_type_t get_type () const;
+ protected:
+ friend class session;
+ credentials (gnutls_credentials_type_t t);
+ void *ptr () const;
+ void set_ptr (void *ptr);
+ gnutls_credentials_type_t type;
+ private:
+ void *cred;
+ };
+
+ class certificate_credentials:public credentials
+ {
+ public:
+ ~certificate_credentials ();
+ certificate_credentials ();
+
+ void free_keys ();
+ void free_cas ();
+ void free_ca_names ();
+ void free_crls ();
+
+ void set_dh_params (const dh_params & params);
+ void set_rsa_export_params (const rsa_params & params);
+ void set_verify_flags (unsigned int flags);
+ void set_verify_limits (unsigned int max_bits, unsigned int max_depth);
+
+ void set_x509_trust_file (const char *cafile, gnutls_x509_crt_fmt_t type);
+ void set_x509_trust (const gnutls_datum_t & CA,
+ gnutls_x509_crt_fmt_t type);
+ // FIXME: use classes instead of gnutls_x509_crt_t
+ void set_x509_trust (gnutls_x509_crt_t * ca_list, int ca_list_size);
+
+ void set_x509_crl_file (const char *crlfile, gnutls_x509_crt_fmt_t type);
+ void set_x509_crl (const gnutls_datum_t & CRL,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_crl (gnutls_x509_crl_t * crl_list, int crl_list_size);
+
+ void set_x509_key_file (const char *certfile, const char *KEYFILE,
+ gnutls_x509_crt_fmt_t type);
+ void set_x509_key (const gnutls_datum_t & CERT,
+ const gnutls_datum_t & KEY,
+ gnutls_x509_crt_fmt_t type);
+ // FIXME: use classes
+ void set_x509_key (gnutls_x509_crt_t * cert_list, int cert_list_size,
+ gnutls_x509_privkey_t key);
+
+
+ void set_simple_pkcs12_file (const char *pkcs12file,
+ gnutls_x509_crt_fmt_t type,
+ const char *password);
+
+ void set_retrieve_function (gnutls_certificate_retrieve_function * func);
+
+ protected:
+ gnutls_certificate_credentials_t cred;
+ };
+
+ class certificate_server_credentials:public certificate_credentials
+ {
+ public:
+ void set_params_function (gnutls_params_function * func);
+ };
+
+ class certificate_client_credentials:public certificate_credentials
+ {
+ public:
+ };
+
+
+
+
+ class anon_server_credentials:public credentials
+ {
+ public:
+ anon_server_credentials ();
+ ~anon_server_credentials ();
+ void set_dh_params (const dh_params & params);
+ void set_params_function (gnutls_params_function * func);
+ protected:
+ gnutls_anon_server_credentials_t cred;
+ };
+
+ class anon_client_credentials:public credentials
+ {
+ public:
+ anon_client_credentials ();
+ ~anon_client_credentials ();
+ protected:
+ gnutls_anon_client_credentials_t cred;
+ };
+
+
+ class srp_server_credentials:public credentials
+ {
+ public:
+ srp_server_credentials ();
+ ~srp_server_credentials ();
+ void set_credentials_file (const char *password_file,
+ const char *password_conf_file);
+ void set_credentials_function (gnutls_srp_server_credentials_function *
+ func);
+ protected:
+ gnutls_srp_server_credentials_t cred;
+ };
+
+ class srp_client_credentials:public credentials
+ {
+ public:
+ srp_client_credentials ();
+ ~srp_client_credentials ();
+ void set_credentials (const char *username, const char *password);
+ void set_credentials_function (gnutls_srp_client_credentials_function *
+ func);
+ protected:
+ gnutls_srp_client_credentials_t cred;
+ };
+
+
+ class psk_server_credentials:public credentials
+ {
+ public:
+ psk_server_credentials ();
+ ~psk_server_credentials ();
+ void set_credentials_file (const char *password_file);
+ void set_credentials_function (gnutls_psk_server_credentials_function *
+ func);
+ void set_dh_params (const dh_params & params);
+ void set_params_function (gnutls_params_function * func);
+ protected:
+ gnutls_psk_server_credentials_t cred;
+ };
+
+ class psk_client_credentials:public credentials
+ {
+ public:
+ psk_client_credentials ();
+ ~psk_client_credentials ();
+ void set_credentials (const char *username, const gnutls_datum_t & key,
+ gnutls_psk_key_flags flags);
+ void set_credentials_function (gnutls_psk_client_credentials_function *
+ func);
+ protected:
+ gnutls_psk_client_credentials_t cred;
+ };
+
+
+} /* namespace */
+
+#endif /* GNUTLSXX_H */
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
+ * USA
+ *
+ */
+
+/* This file contains the types and prototypes for the OpenPGP
+ * key and private key parsing functions.
+ */
+
+#ifndef GNUTLS_OPENPGP_H
+#define GNUTLS_OPENPGP_H
+
+#include <gnutls/gnutls.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/* Openpgp certificate stuff
+ */
+
+/**
+ * gnutls_openpgp_crt_fmt_t:
+ * @GNUTLS_OPENPGP_FMT_RAW: OpenPGP certificate in raw format.
+ * @GNUTLS_OPENPGP_FMT_BASE64: OpenPGP certificate in base64 format.
+ *
+ * Enumeration of different OpenPGP key formats.
+ */
+ typedef enum gnutls_openpgp_crt_fmt
+ {
+ GNUTLS_OPENPGP_FMT_RAW,
+ GNUTLS_OPENPGP_FMT_BASE64
+ } gnutls_openpgp_crt_fmt_t;
+
+#define GNUTLS_OPENPGP_KEYID_SIZE 8
+ typedef unsigned char gnutls_openpgp_keyid_t[GNUTLS_OPENPGP_KEYID_SIZE];
+
+/* gnutls_openpgp_cert_t should be defined in gnutls.h
+ */
+
+ /* initializes the memory for gnutls_openpgp_crt_t struct */
+ int gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key);
+ /* frees all memory */
+ void gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key);
+
+ int gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
+ int gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+
+ int gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
+
+/* The key_usage flags are defined in gnutls.h. They are
+ * the GNUTLS_KEY_* definitions.
+ */
+ int gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
+ unsigned int *key_usage);
+ int gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key, void *fpr,
+ size_t * fprlen);
+ int gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ void *fpr, size_t * fprlen);
+
+ int gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
+ int idx, char *buf, size_t * sizeof_buf);
+
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
+ unsigned int *bits);
+
+ int gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key);
+
+ time_t gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key);
+ time_t gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key);
+
+ int gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid);
+
+ int gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
+ const char *hostname);
+
+ int gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key);
+
+ int gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key);
+ int gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t keyid);
+ int gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
+ unsigned int idx);
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *bits);
+ time_t gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t
+ key, unsigned int idx);
+ time_t gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t
+ key,
+ unsigned int idx);
+ int gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid);
+ int gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *key_usage);
+
+ int gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+ int gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+ int gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+
+ int gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid);
+ int
+ gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t
+ keyid);
+
+/* privkey stuff.
+ */
+ int gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key);
+ void gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key);
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
+ unsigned int *bits);
+
+ gnutls_sec_param_t
+ gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key);
+ int gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+
+ int gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
+ void *fpr, size_t * fprlen);
+ int gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t
+ key, unsigned int idx,
+ void *fpr,
+ size_t * fprlen);
+ int gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t keyid);
+ int gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key);
+ int gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t
+ keyid);
+
+ int
+ gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
+ key, unsigned int idx);
+
+ int gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t
+ key);
+
+ gnutls_pk_algorithm_t
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t
+ key, unsigned int idx,
+ unsigned int *bits);
+
+ time_t
+ gnutls_openpgp_privkey_get_subkey_expiration_time
+ (gnutls_openpgp_privkey_t key, unsigned int idx);
+
+ int gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid);
+
+ time_t
+ gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t
+ key, unsigned int idx);
+
+ int
+ gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t
+ pkey, unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
+ int gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t
+ pkey, unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
+
+ int gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
+ int gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
+
+ int gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
+
+ int
+ gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t
+ keyid);
+ int gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t
+ key,
+ gnutls_openpgp_keyid_t
+ keyid);
+
+ int gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flag);
+
+/* Keyring stuff.
+ */
+
+ int gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring);
+ void gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring);
+
+ int gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format);
+
+ int gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags);
+
+
+ int gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyring_t keyring,
+ unsigned int flags, unsigned int *verify
+ /* the output of the verification */ );
+
+ int gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
+ unsigned int flags,
+ unsigned int *verify);
+
+ int gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
+ unsigned int idx,
+ gnutls_openpgp_crt_t * cert);
+
+ int gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring);
+
+
+
+/**
+ * gnutls_openpgp_recv_key_func:
+ * @session: a TLS session
+ * @keyfpr: key fingerprint
+ * @keyfpr_length: length of key fingerprint
+ * @key: output key.
+ *
+ * A callback of this type is used to retrieve OpenPGP keys. Only
+ * useful on the server, and will only be used if the peer send a key
+ * fingerprint instead of a full key. See also
+ * gnutls_openpgp_set_recv_key_function().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ */
+ typedef int (*gnutls_openpgp_recv_key_func) (gnutls_session_t session,
+ const unsigned char *keyfpr,
+ unsigned int keyfpr_length,
+ gnutls_datum_t * key);
+
+ void
+ gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
+ gnutls_openpgp_recv_key_func func);
+
+
+
+/* certificate authentication stuff.
+ */
+ int gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t
+ res, gnutls_openpgp_crt_t key,
+ gnutls_openpgp_privkey_t pkey);
+
+ int
+ gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ gnutls_openpgp_crt_fmt_t format);
+ int gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
+ res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t
+ format);
+
+ int
+ gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t
+ format);
+ int
+ gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t
+ res, const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format);
+
+ int
+ gnutls_certificate_set_openpgp_keyring_mem
+ (gnutls_certificate_credentials_t c, const unsigned char *data,
+ size_t dlen, gnutls_openpgp_crt_fmt_t format);
+
+ int
+ gnutls_certificate_set_openpgp_keyring_file
+ (gnutls_certificate_credentials_t c, const char *file,
+ gnutls_openpgp_crt_fmt_t format);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GNUTLS_OPENPGP_H */
--- /dev/null
+#ifndef __GNUTLS_PKCS11_H
+#define __GNUTLS_PKCS11_H
+
+
+#include <stdarg.h>
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#define GNUTLS_PKCS11_MAX_PIN_LEN 32
+
+/* Token callback function. The callback will be used to
+ * ask the user to re-enter the token with given null terminated
+ * label. Callback should return zero if token has been inserted
+ * by user and a negative error code otherwise. It might be called
+ * multiple times if the token is not detected and the retry counter
+ * will be increased.
+ */
+typedef int (*gnutls_pkcs11_token_callback_t) (void *const global_data,
+ const char *const label,
+ const unsigned retry);
+
+ /**
+ * gnutls_pkcs11_pin_flag_t:
+ * @GNUTLS_PKCS11_PIN_USER: The PIN for the user.
+ * @GNUTLS_PKCS11_PIN_SO: The PIN for the security officer.
+ * @GNUTLS_PKCS11_PIN_FINAL_TRY: This is the final try before blocking.
+ * @GNUTLS_PKCS11_PIN_COUNT_LOW: Few tries remain before token blocks.
+ *
+ * Enumeration of different PIN flags.
+ */
+typedef enum
+{
+ GNUTLS_PKCS11_PIN_USER = (1 << 0),
+ GNUTLS_PKCS11_PIN_SO = (1 << 1),
+ GNUTLS_PKCS11_PIN_FINAL_TRY = (1 << 2),
+ GNUTLS_PKCS11_PIN_COUNT_LOW = (1 << 3)
+} gnutls_pkcs11_pin_flag_t;
+
+typedef int (*gnutls_pkcs11_pin_callback_t) (void *userdata, int attempt,
+ const char *token_url,
+ const char *token_label,
+ unsigned int flags
+ /*gnutls_pkcs11_pin_flag_t */ ,
+ char *pin, size_t pin_max);
+
+struct gnutls_pkcs11_obj_st;
+typedef struct gnutls_pkcs11_obj_st *gnutls_pkcs11_obj_t;
+
+
+#define GNUTLS_PKCS11_FLAG_MANUAL 0 /* Manual loading of libraries */
+#define GNUTLS_PKCS11_FLAG_AUTO 1 /* Automatically load libraries by reading /etc/gnutls/pkcs11.conf */
+
+/* pkcs11.conf format:
+ * load = /lib/xxx-pkcs11.so
+ * load = /lib/yyy-pkcs11.so
+ */
+
+int gnutls_pkcs11_init (unsigned int flags, const char *configfile);
+void gnutls_pkcs11_deinit (void);
+void gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
+ void *userdata);
+
+void gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn,
+ void *userdata);
+int gnutls_pkcs11_add_provider (const char *name, const char *params);
+int gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj);
+
+#define GNUTLS_PKCS11_OBJ_FLAG_LOGIN (1<<0) /* force login in the token for the operation */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED (1<<1) /* object marked as trusted */
+#define GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE (1<<2) /* object marked as sensitive (unexportable) */
+
+ /**
+ * gnutls_pkcs11_url_type_t:
+ * @GNUTLS_PKCS11_URL_GENERIC: A generic-purpose URL.
+ * @GNUTLS_PKCS11_URL_LIB: A URL that specifies the library used as well.
+ * @GNUTLS_PKCS11_URL_LIB_VERSION: A URL that specifies the library and its version.
+ *
+ * Enumeration of different URL extraction flags.
+ */
+typedef enum
+{
+ GNUTLS_PKCS11_URL_GENERIC, /* URL specifies the object on token level */
+ GNUTLS_PKCS11_URL_LIB, /* URL specifies the object on module level */
+ GNUTLS_PKCS11_URL_LIB_VERSION /* URL specifies the object on module and version level */
+} gnutls_pkcs11_url_type_t;
+
+int gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t, const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+void gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj);
+
+int gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
+ void *output_data, size_t * output_data_size);
+
+
+int gnutls_pkcs11_copy_x509_crt (const char *token_url, gnutls_x509_crt_t crt,
+ const char *label, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_copy_x509_privkey (const char *token_url, gnutls_x509_privkey_t key,
+ const char *label, unsigned int key_usage /*GNUTLS_KEY_* */, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+int gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+int gnutls_pkcs11_copy_secret_key (const char *token_url,
+ gnutls_datum_t * key, const char *label,
+ unsigned int key_usage /* GNUTLS_KEY_* */ ,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+ /**
+ * gnutls_pkcs11_obj_info_t:
+ * @GNUTLS_PKCS11_OBJ_ID_HEX: The object ID in hex.
+ * @GNUTLS_PKCS11_OBJ_LABEL: The object label.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_LABEL: The token's label.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_SERIAL: The token's serial number.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER: The token's manufacturer.
+ * @GNUTLS_PKCS11_OBJ_TOKEN_MODEL: The token's model.
+ * @GNUTLS_PKCS11_OBJ_ID: The object ID.
+ * @GNUTLS_PKCS11_OBJ_LIBRARY_VERSION: The library's used to access the object version.
+ * @GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION: The library's used to access the object description (name).
+ * @GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER: The library's used to access the object manufacturer name.
+ *
+ * Enumeration of several object information types.
+ */
+typedef enum
+{
+ GNUTLS_PKCS11_OBJ_ID_HEX = 1,
+ GNUTLS_PKCS11_OBJ_LABEL,
+ GNUTLS_PKCS11_OBJ_TOKEN_LABEL,
+ GNUTLS_PKCS11_OBJ_TOKEN_SERIAL,
+ GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER,
+ GNUTLS_PKCS11_OBJ_TOKEN_MODEL,
+ GNUTLS_PKCS11_OBJ_ID,
+ /* the pkcs11 provider library info */
+ GNUTLS_PKCS11_OBJ_LIBRARY_VERSION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION,
+ GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER
+} gnutls_pkcs11_obj_info_t;
+
+int gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+
+ /**
+ * gnutls_pkcs11_obj_attr_t:
+ * @GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL: Specify all certificates.
+ * @GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED: Specify all certificates marked as trusted.
+ * @GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY: Specify all certificates with a corresponding private key.
+ * @GNUTLS_PKCS11_OBJ_ATTR_PUBKEY: Specify all public keys.
+ * @GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY: Specify all private keys.
+ * @GNUTLS_PKCS11_OBJ_ATTR_ALL: Specify all objects.
+ *
+ * Enumeration of several attributes for object enumeration.
+ */
+typedef enum
+{
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL = 1, /* all certificates */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED, /* certificates marked as trusted */
+ GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY, /* certificates with corresponding private key */
+ GNUTLS_PKCS11_OBJ_ATTR_PUBKEY, /* public keys */
+ GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY, /* private keys */
+ GNUTLS_PKCS11_OBJ_ATTR_ALL /* everything! */
+} gnutls_pkcs11_obj_attr_t;
+
+ /**
+ * gnutls_pkcs11_token_info_t:
+ * @GNUTLS_PKCS11_TOKEN_LABEL: The token's label
+ * @GNUTLS_PKCS11_TOKEN_SERIAL: The token's serial number
+ * @GNUTLS_PKCS11_TOKEN_MANUFACTURER: The token's manufacturer
+ * @GNUTLS_PKCS11_TOKEN_MODEL: The token's model
+ *
+ * Enumeration of types for retrieving token information.
+ */
+typedef enum
+{
+ GNUTLS_PKCS11_TOKEN_LABEL,
+ GNUTLS_PKCS11_TOKEN_SERIAL,
+ GNUTLS_PKCS11_TOKEN_MANUFACTURER,
+ GNUTLS_PKCS11_TOKEN_MODEL
+} gnutls_pkcs11_token_info_t;
+
+ /**
+ * gnutls_pkcs11_obj_type_t:
+ * @GNUTLS_PKCS11_OBJ_UNKNOWN: Unknown PKCS11 object.
+ * @GNUTLS_PKCS11_OBJ_X509_CRT: X.509 certificate.
+ * @GNUTLS_PKCS11_OBJ_PUBKEY: Public key.
+ * @GNUTLS_PKCS11_OBJ_PRIVKEY: Private key.
+ * @GNUTLS_PKCS11_OBJ_SECRET_KEY: Secret key.
+ * @GNUTLS_PKCS11_OBJ_DATA: Data object.
+ *
+ * Enumeration of object types.
+ */
+typedef enum
+{
+ GNUTLS_PKCS11_OBJ_UNKNOWN,
+ GNUTLS_PKCS11_OBJ_X509_CRT,
+ GNUTLS_PKCS11_OBJ_PUBKEY,
+ GNUTLS_PKCS11_OBJ_PRIVKEY,
+ GNUTLS_PKCS11_OBJ_SECRET_KEY,
+ GNUTLS_PKCS11_OBJ_DATA
+} gnutls_pkcs11_obj_type_t;
+
+int
+gnutls_pkcs11_token_init (const char *token_url,
+ const char *so_pin, const char *label);
+
+int
+gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
+ unsigned long *mechanism);
+
+int gnutls_pkcs11_token_set_pin (const char *token_url, const char *oldpin, const char *newpin, unsigned int flags /*gnutls_pkcs11_pin_flag_t */
+ );
+
+int gnutls_pkcs11_token_get_url (unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+int gnutls_pkcs11_token_get_info (const char *url, gnutls_pkcs11_token_info_t ttype,
+ void *output, size_t * output_size);
+
+#define GNUTLS_PKCS11_TOKEN_HW 1
+int gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags);
+
+int gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
+ unsigned int *const n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+int gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt);
+int gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt, const char *url,
+ unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ );
+
+gnutls_pkcs11_obj_type_t gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t
+ certificate);
+const char *gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t);
+
+int gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs, unsigned int cert_max,
+ gnutls_pkcs11_obj_t * const objs, unsigned int flags /* must be zero */);
+
+
+/* private key functions...*/
+int gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key);
+void gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key);
+int gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
+ unsigned int *bits);
+int gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size);
+
+int gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
+ const char *url, unsigned int flags);
+
+int gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url);
+
+/** @} */
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
+ * USA
+ *
+ */
+
+#ifndef GNUTLS_PKCS12_H
+#define GNUTLS_PKCS12_H
+
+#include <gnutls/x509.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ /* PKCS12 structures handling
+ */
+ struct gnutls_pkcs12_int;
+ typedef struct gnutls_pkcs12_int *gnutls_pkcs12_t;
+
+ struct gnutls_pkcs12_bag_int;
+ typedef struct gnutls_pkcs12_bag_int *gnutls_pkcs12_bag_t;
+
+ int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12);
+ void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12);
+ int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags);
+ int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
+
+ int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
+ int indx, gnutls_pkcs12_bag_t bag);
+ int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag);
+
+ int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass);
+ int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass);
+
+ int gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass);
+ int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
+ unsigned int flags);
+
+ /**
+ * gnutls_pkcs12_bag_type_t:
+ * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
+ * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
+ * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
+ * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
+ * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
+ * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
+ * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
+ * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
+ *
+ * Enumeration of different PKCS 12 bag types.
+ */
+ typedef enum gnutls_pkcs12_bag_type_t
+ {
+ GNUTLS_BAG_EMPTY = 0,
+ GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
+ GNUTLS_BAG_PKCS8_KEY = 2,
+ GNUTLS_BAG_CERTIFICATE = 3,
+ GNUTLS_BAG_CRL = 4,
+ GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
+ * gnutls extension. We use the PKCS-9
+ * random nonce ID 1.2.840.113549.1.9.25.3
+ * to store randomly generated keys.
+ */
+ GNUTLS_BAG_ENCRYPTED = 10,
+ GNUTLS_BAG_UNKNOWN = 20
+ } gnutls_pkcs12_bag_type_t;
+
+ gnutls_pkcs12_bag_type_t
+ gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx);
+ int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * data);
+ int gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data);
+ int gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag,
+ gnutls_x509_crl_t crl);
+ int gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag,
+ gnutls_x509_crt_t crt);
+
+ int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag);
+ void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag);
+ int gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag);
+
+ int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * id);
+ int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
+ const gnutls_datum_t * id);
+
+ int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
+ char **name);
+ int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
+ const char *name);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GNUTLS_PKCS12_H */
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
+ * USA
+ *
+ */
+
+/* This file contains the types and prototypes for the X.509
+ * certificate and CRL handling functions.
+ */
+
+#ifndef GNUTLS_X509_H
+#define GNUTLS_X509_H
+
+#include <gnutls/gnutls.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/* Some OIDs usually found in Distinguished names, or
+ * in Subject Directory Attribute extensions.
+ */
+#define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6"
+#define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10"
+#define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
+#define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3"
+#define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7"
+#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
+
+#define GNUTLS_OID_X520_INITIALS "2.5.4.43"
+#define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44"
+#define GNUTLS_OID_X520_SURNAME "2.5.4.4"
+#define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42"
+#define GNUTLS_OID_X520_TITLE "2.5.4.12"
+#define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46"
+#define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65"
+#define GNUTLS_OID_X520_POSTALCODE "2.5.4.17"
+#define GNUTLS_OID_X520_NAME "2.5.4.41"
+
+#define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25"
+#define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1"
+
+/* The following should not be included in DN.
+ */
+#define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
+
+#define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1"
+#define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2"
+#define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3"
+#define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4"
+#define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5"
+
+/* Key purpose Object Identifiers.
+ */
+#define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1"
+#define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2"
+#define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
+#define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"
+#define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8"
+#define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9"
+#define GNUTLS_KP_IPSEC_IKE "1.3.6.1.5.5.7.3.17"
+#define GNUTLS_KP_ANY "2.5.29.37.0"
+
+#define GNUTLS_FSAN_SET 0
+#define GNUTLS_FSAN_APPEND 1
+
+/* Certificate handling functions.
+ */
+
+/**
+ * gnutls_certificate_import_flags:
+ * @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the
+ * certificates in the buffer are more than the space allocated for
+ * certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.
+ *
+ * Enumeration of different certificate import flags.
+ */
+ typedef enum gnutls_certificate_import_flags
+ {
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
+ } gnutls_certificate_import_flags;
+
+ int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
+ void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ unsigned int flags);
+ int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
+ int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * sizeof_oid);
+ int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf);
+ int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * sizeof_oid);
+ int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
+ const char *hostname);
+
+ int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
+ char *sig, size_t * sizeof_sig);
+ int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
+ const void *id, size_t id_size);
+ int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
+ void *ret, size_t * ret_size,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
+ void *ret, size_t * ret_size,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
+ size_t * sizeof_buf);
+
+ int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
+ size_t * sizeof_buf);
+
+#define GNUTLS_CRL_REASON_UNUSED 128
+#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
+#define GNUTLS_CRL_REASON_CA_COMPROMISE 32
+#define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16
+#define GNUTLS_CRL_REASON_SUPERSEDED 8
+#define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED
+#define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4
+#define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2
+#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
+#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
+
+ int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags);
+ int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const void *data_string,
+ unsigned int reason_flags);
+ int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
+ gnutls_x509_crt_t src);
+
+ time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
+ time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
+ int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
+ size_t * result_size);
+
+ int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
+ unsigned int *bits);
+ int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
+ gnutls_datum_t * m, gnutls_datum_t * e);
+ int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y);
+
+ int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size);
+
+ int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
+
+ int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size);
+
+ int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
+ unsigned int *critical);
+ int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *ca, int *pathlen);
+
+/* The key_usage flags are defined in gnutls.h. They are the
+ * GNUTLS_KEY_* definitions.
+ */
+ int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
+ unsigned int *key_usage,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
+ unsigned int usage);
+
+ int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy, size_t * sizeof_policy);
+
+ int gnutls_x509_dn_oid_known (const char *oid);
+
+ /* Read extensions by OID. */
+ int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * sizeof_oid);
+ int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ void *buf,
+ size_t * sizeof_buf,
+ unsigned int *critical);
+
+ /* Read extensions by sequence number. */
+ int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * sizeof_oid,
+ int *critical);
+ int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
+ void *data, size_t * sizeof_data);
+
+ int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
+ const char *oid,
+ const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical);
+
+/* X.509 Certificate writing.
+ */
+ int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
+ unsigned int version);
+ int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
+ gnutls_x509_privkey_t key);
+ int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
+ int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
+ unsigned int ca,
+ int pathLenConstraint);
+ int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type,
+ const char *data_string);
+ int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int flags);
+ int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key);
+ int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags);
+ int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
+ time_t act_time);
+ int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
+ time_t exp_time);
+ int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
+ size_t serial_size);
+
+ int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
+ const void *id, size_t id_size);
+
+ int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
+ gnutls_x509_crt_t eecrt,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name);
+ int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy, size_t sizeof_policy);
+
+ int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
+ int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
+
+ /* Access to internal Certificate fields.
+ */
+ int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
+ gnutls_datum_t * start);
+ int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
+ gnutls_datum_t * start);
+
+/* RDN handling.
+ */
+ int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
+ char *buf, size_t * sizeof_buf);
+ int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
+ int indx, void *buf, size_t * sizeof_buf);
+
+ int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
+
+ typedef void *gnutls_x509_dn_t;
+
+ typedef struct gnutls_x509_ava_st
+ {
+ gnutls_datum_t oid;
+ gnutls_datum_t value;
+ unsigned long value_tag;
+ } gnutls_x509_ava_st;
+
+ int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
+ gnutls_x509_dn_t * dn);
+ int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
+ gnutls_x509_dn_t * dn);
+ int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,
+ int iava, gnutls_x509_ava_st * ava);
+
+ int gnutls_x509_dn_init (gnutls_x509_dn_t * dn);
+
+ int gnutls_x509_dn_import (gnutls_x509_dn_t dn,
+ const gnutls_datum_t * data);
+
+ int gnutls_x509_dn_export (gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size);
+
+ void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn);
+
+
+/* CRL handling functions.
+ */
+ int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
+ void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
+
+ int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
+
+ int
+ gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
+
+ int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
+ char *buf, size_t * sizeof_buf);
+ int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
+ const char *oid, int indx,
+ unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf);
+ int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid);
+
+ int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
+ int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
+ char *sig, size_t * sizeof_sig);
+ int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
+
+ time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
+ time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);
+
+ int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
+ int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
+ unsigned char *serial,
+ size_t * serial_size, time_t * t);
+#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
+#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
+
+ int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer);
+
+/* CRL writing.
+ */
+ int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
+ unsigned int version);
+ int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
+ time_t act_time);
+ int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
+ time_t exp_time);
+ int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
+ const void *serial,
+ size_t serial_size,
+ time_t revocation_time);
+ int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t crt, time_t revocation_time);
+
+ int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size,
+ unsigned int *critical);
+
+ int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size, unsigned int *critical);
+
+ int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid);
+
+ int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid,
+ int *critical);
+
+ int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
+ void *data, size_t * sizeof_data);
+
+ int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
+ const void *id, size_t id_size);
+
+ int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
+ const void *nr, size_t nr_size);
+
+
+/* PKCS7 structures handling
+ */
+ struct gnutls_pkcs7_int;
+ typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
+
+ int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
+ void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
+ int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
+
+ int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
+ int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,
+ void *certificate, size_t * certificate_size);
+
+ int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * crt);
+ int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
+ int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
+
+ int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
+ int indx, void *crl, size_t * crl_size);
+ int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
+
+ int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
+ const gnutls_datum_t * crl);
+ int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
+ int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
+
+/* X.509 Certificate verification functions.
+ */
+
+/**
+ * gnutls_certificate_verify_flags:
+ * @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be
+ * a certificate authority. This flag should normaly be disabled,
+ * unless you know what this means.
+ * @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trusted
+ * list is never checked for expiration or activation.
+ * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow only trusted CA
+ * certificates that have version 1. This is the default.
+ * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA
+ * certificates that have version 1. This option is to be used
+ * to deprecate all V1 certificates.
+ * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
+ * anyone trusted but exists in the trusted CA list do not treat it
+ * as trusted.
+ * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
+ * have version 1 (both root and intermediate). This might be
+ * dangerous since those haven't the basicConstraints
+ * extension. Must be used in combination with
+ * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
+ * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
+ * using the broken MD2 algorithm.
+ * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
+ * using the broken MD5 algorithm.
+ * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
+ * and expiration validity periods of certificate chains. Don't set
+ * this unless you understand the security implications.
+ *
+ * Enumeration of different certificate verify flags.
+ */
+ typedef enum gnutls_certificate_verify_flags
+ {
+ GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64,
+ GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256
+ } gnutls_certificate_verify_flags;
+
+ int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
+
+ int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
+ int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length,
+ unsigned int flags, unsigned int *verify);
+
+ int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
+ int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify);
+
+ int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t *
+ crl_list, int crl_list_length);
+
+ int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * sizeof_buf);
+
+ int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
+ int indx, void *oid,
+ size_t * sizeof_oid,
+ unsigned int *critical);
+ int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
+ const void *oid,
+ unsigned int critical);
+
+/* Private key handling.
+ */
+
+/* Flags for the gnutls_x509_privkey_export_pkcs8() function.
+ */
+
+/**
+ * gnutls_pkcs_encrypt_flags_t:
+ * @GNUTLS_PKCS_PLAIN: Unencrypted private key.
+ * @GNUTLS_PKCS8_PLAIN: Same as %GNUTLS_PKCS_PLAIN.
+ * @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES.
+ * @GNUTLS_PKCS8_USE_PKCS12_3DES: Same as %GNUTLS_PKCS_USE_PKCS12_3DES.
+ * @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.
+ * @GNUTLS_PKCS8_USE_PKCS12_ARCFOUR: Same as %GNUTLS_PKCS_USE_PKCS12_ARCFOUR.
+ * @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40.
+ * @GNUTLS_PKCS8_USE_PKCS12_RC2_40: Same as %GNUTLS_PKCS_USE_PKCS12_RC2_40.
+ * @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES.
+ * @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128.
+ * @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192.
+ * @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256.
+ *
+ * Enumeration of different PKCS encryption flags.
+ */
+ typedef enum gnutls_pkcs_encrypt_flags_t
+ {
+ GNUTLS_PKCS_PLAIN = 1,
+ GNUTLS_PKCS8_PLAIN = GNUTLS_PKCS_PLAIN,
+ GNUTLS_PKCS_USE_PKCS12_3DES = 2,
+ GNUTLS_PKCS8_USE_PKCS12_3DES = GNUTLS_PKCS_USE_PKCS12_3DES,
+ GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
+ GNUTLS_PKCS8_USE_PKCS12_ARCFOUR = GNUTLS_PKCS_USE_PKCS12_ARCFOUR,
+ GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
+ GNUTLS_PKCS8_USE_PKCS12_RC2_40 = GNUTLS_PKCS_USE_PKCS12_RC2_40,
+ GNUTLS_PKCS_USE_PBES2_3DES = 16,
+ GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
+ GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
+ GNUTLS_PKCS_USE_PBES2_AES_256 = 128
+ } gnutls_pkcs_encrypt_flags_t;
+
+ int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
+ void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
+ gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t
+ key);
+ int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
+ gnutls_x509_privkey_t src);
+ int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+ int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags);
+ int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u);
+ int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2);
+ int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
+
+ int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x);
+ int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x);
+
+ int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
+ int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+ int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
+ gnutls_pk_algorithm_t algo,
+ unsigned int bits, unsigned int flags);
+
+ int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u,
+ gnutls_datum_t * e1,
+ gnutls_datum_t * e2);
+ int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u);
+
+/* Certificate request stuff.
+ */
+
+ int gnutls_x509_crq_print (gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out);
+
+ int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
+ void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
+ int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format);
+
+ int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid);
+ int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
+ int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *data,
+ unsigned int sizeof_data);
+ int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
+ unsigned int version);
+ int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq);
+ int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
+ gnutls_x509_privkey_t key);
+
+ int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
+ const char *pass);
+ int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
+ char *pass,
+ size_t * sizeof_pass);
+
+ int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
+ const char *oid, void *buf,
+ size_t sizeof_buf);
+ int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf);
+
+ int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format,
+ void *output_data, size_t * output_data_size);
+
+ int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
+ int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq);
+
+ int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e);
+ int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
+ gnutls_x509_subject_alt_name_t nt,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags);
+
+ int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq,
+ unsigned int usage);
+ int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
+ unsigned int ca,
+ int pathLenConstraint);
+ int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
+ const void *oid,
+ unsigned int critical);
+ int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid,
+ unsigned int *critical);
+
+ int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data);
+ int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid,
+ int *critical);
+ int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data);
+ int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid);
+ int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
+ unsigned int *bits);
+
+ int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size);
+ int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+
+ int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
+ unsigned int *key_usage,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
+ unsigned int *critical,
+ int *ca, int *pathlen);
+ int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical);
+ int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
+ unsigned int seq,
+ void *ret,
+ size_t * ret_size);
+
+ int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf,
+ unsigned int *critical);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* GNUTLS_X509_H */
--- /dev/null
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" "" $nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+ doit_exec=exec
+else
+ doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+ test "$posix_glob" != "?" || {
+ if (set -f) 2>/dev/null; then
+ posix_glob=
+ else
+ posix_glob=:
+ fi
+ }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+ or: $0 [OPTION]... SRCFILES... DIRECTORY
+ or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+ or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+ --help display this help and exit.
+ --version display version info and exit.
+
+ -c (ignored)
+ -C install only if different (preserve the last data modification time)
+ -d create directories instead of installing files.
+ -g GROUP $chgrpprog installed files to GROUP.
+ -m MODE $chmodprog installed files to MODE.
+ -o USER $chownprog installed files to USER.
+ -s $stripprog installed files.
+ -t DIRECTORY install into DIRECTORY.
+ -T report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+ CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+ RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+ case $1 in
+ -c) ;;
+
+ -C) copy_on_change=true;;
+
+ -d) dir_arg=true;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift;;
+
+ --help) echo "$usage"; exit $?;;
+
+ -m) mode=$2
+ case $mode in
+ *' '* | *' '* | *'
+'* | *'*'* | *'?'* | *'['*)
+ echo "$0: invalid mode: $mode" >&2
+ exit 1;;
+ esac
+ shift;;
+
+ -o) chowncmd="$chownprog $2"
+ shift;;
+
+ -s) stripcmd=$stripprog;;
+
+ -t) dst_arg=$2
+ shift;;
+
+ -T) no_target_directory=true;;
+
+ --version) echo "$0 $scriptversion"; exit $?;;
+
+ --) shift
+ break;;
+
+ -*) echo "$0: invalid option: $1" >&2
+ exit 1;;
+
+ *) break;;
+ esac
+ shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+ # When -d is used, all remaining arguments are directories to create.
+ # When -t is used, the destination is already specified.
+ # Otherwise, the last argument is the destination. Remove it from $@.
+ for arg
+ do
+ if test -n "$dst_arg"; then
+ # $@ is not empty: it contains at least $arg.
+ set fnord "$@" "$dst_arg"
+ shift # fnord
+ fi
+ shift # arg
+ dst_arg=$arg
+ done
+fi
+
+if test $# -eq 0; then
+ if test -z "$dir_arg"; then
+ echo "$0: no input file specified." >&2
+ exit 1
+ fi
+ # It's OK to call `install-sh -d' without argument.
+ # This can happen when creating conditional directories.
+ exit 0
+fi
+
+if test -z "$dir_arg"; then
+ trap '(exit $?); exit' 1 2 13 15
+
+ # Set umask so as not to create temps with too-generous modes.
+ # However, 'strip' requires both read and write access to temps.
+ case $mode in
+ # Optimize common cases.
+ *644) cp_umask=133;;
+ *755) cp_umask=22;;
+
+ *[0-7])
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw='% 200'
+ fi
+ cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+ *)
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw=,u+rw
+ fi
+ cp_umask=$mode$u_plus_rw;;
+ esac
+fi
+
+for src
+do
+ # Protect names starting with `-'.
+ case $src in
+ -*) src=./$src;;
+ esac
+
+ if test -n "$dir_arg"; then
+ dst=$src
+ dstdir=$dst
+ test -d "$dstdir"
+ dstdir_status=$?
+ else
+
+ # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+ # might cause directories to be created, which would be especially bad
+ # if $src (and thus $dsttmp) contains '*'.
+ if test ! -f "$src" && test ! -d "$src"; then
+ echo "$0: $src does not exist." >&2
+ exit 1
+ fi
+
+ if test -z "$dst_arg"; then
+ echo "$0: no destination specified." >&2
+ exit 1
+ fi
+
+ dst=$dst_arg
+ # Protect names starting with `-'.
+ case $dst in
+ -*) dst=./$dst;;
+ esac
+
+ # If destination is a directory, append the input filename; won't work
+ # if double slashes aren't ignored.
+ if test -d "$dst"; then
+ if test -n "$no_target_directory"; then
+ echo "$0: $dst_arg: Is a directory" >&2
+ exit 1
+ fi
+ dstdir=$dst
+ dst=$dstdir/`basename "$src"`
+ dstdir_status=0
+ else
+ # Prefer dirname, but fall back on a substitute if dirname fails.
+ dstdir=`
+ (dirname "$dst") 2>/dev/null ||
+ expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$dst" : 'X\(//\)[^/]' \| \
+ X"$dst" : 'X\(//\)$' \| \
+ X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+ echo X"$dst" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'
+ `
+
+ test -d "$dstdir"
+ dstdir_status=$?
+ fi
+ fi
+
+ obsolete_mkdir_used=false
+
+ if test $dstdir_status != 0; then
+ case $posix_mkdir in
+ '')
+ # Create intermediate dirs using mode 755 as modified by the umask.
+ # This is like FreeBSD 'install' as of 1997-10-28.
+ umask=`umask`
+ case $stripcmd.$umask in
+ # Optimize common cases.
+ *[2367][2367]) mkdir_umask=$umask;;
+ .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+ *[0-7])
+ mkdir_umask=`expr $umask + 22 \
+ - $umask % 100 % 40 + $umask % 20 \
+ - $umask % 10 % 4 + $umask % 2
+ `;;
+ *) mkdir_umask=$umask,go-w;;
+ esac
+
+ # With -d, create the new directory with the user-specified mode.
+ # Otherwise, rely on $mkdir_umask.
+ if test -n "$dir_arg"; then
+ mkdir_mode=-m$mode
+ else
+ mkdir_mode=
+ fi
+
+ posix_mkdir=false
+ case $umask in
+ *[123567][0-7][0-7])
+ # POSIX mkdir -p sets u+wx bits regardless of umask, which
+ # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+ ;;
+ *)
+ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+ if (umask $mkdir_umask &&
+ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+ then
+ if test -z "$dir_arg" || {
+ # Check for POSIX incompatibilities with -m.
+ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+ # other-writeable bit of parent directory when it shouldn't.
+ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+ ls_ld_tmpdir=`ls -ld "$tmpdir"`
+ case $ls_ld_tmpdir in
+ d????-?r-*) different_mode=700;;
+ d????-?--*) different_mode=755;;
+ *) false;;
+ esac &&
+ $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+ ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+ }
+ }
+ then posix_mkdir=:
+ fi
+ rmdir "$tmpdir/d" "$tmpdir"
+ else
+ # Remove any dirs left behind by ancient mkdir implementations.
+ rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+ fi
+ trap '' 0;;
+ esac;;
+ esac
+
+ if
+ $posix_mkdir && (
+ umask $mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+ )
+ then :
+ else
+
+ # The umask is ridiculous, or mkdir does not conform to POSIX,
+ # or it failed possibly due to a race condition. Create the
+ # directory the slow way, step by step, checking for races as we go.
+
+ case $dstdir in
+ /*) prefix='/';;
+ -*) prefix='./';;
+ *) prefix='';;
+ esac
+
+ eval "$initialize_posix_glob"
+
+ oIFS=$IFS
+ IFS=/
+ $posix_glob set -f
+ set fnord $dstdir
+ shift
+ $posix_glob set +f
+ IFS=$oIFS
+
+ prefixes=
+
+ for d
+ do
+ test -z "$d" && continue
+
+ prefix=$prefix$d
+ if test -d "$prefix"; then
+ prefixes=
+ else
+ if $posix_mkdir; then
+ (umask=$mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+ # Don't fail if two instances are running concurrently.
+ test -d "$prefix" || exit 1
+ else
+ case $prefix in
+ *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) qprefix=$prefix;;
+ esac
+ prefixes="$prefixes '$qprefix'"
+ fi
+ fi
+ prefix=$prefix/
+ done
+
+ if test -n "$prefixes"; then
+ # Don't fail if two instances are running concurrently.
+ (umask $mkdir_umask &&
+ eval "\$doit_exec \$mkdirprog $prefixes") ||
+ test -d "$dstdir" || exit 1
+ obsolete_mkdir_used=true
+ fi
+ fi
+ fi
+
+ if test -n "$dir_arg"; then
+ { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+ { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+ else
+
+ # Make a couple of temp file names in the proper directory.
+ dsttmp=$dstdir/_inst.$$_
+ rmtmp=$dstdir/_rm.$$_
+
+ # Trap to clean up those temp files at exit.
+ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+ # Copy the file name to the temp name.
+ (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+ # and set any options; do chmod last to preserve setuid bits.
+ #
+ # If any of these fail, we abort the whole thing. If we want to
+ # ignore errors from any of these, just make sure not to ignore
+ # errors from the above "$doit $cpprog $src $dsttmp" command.
+ #
+ { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+ { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+ { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+ # If -C, don't bother to copy if it wouldn't change the file.
+ if $copy_on_change &&
+ old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
+ new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
+
+ eval "$initialize_posix_glob" &&
+ $posix_glob set -f &&
+ set X $old && old=:$2:$4:$5:$6 &&
+ set X $new && new=:$2:$4:$5:$6 &&
+ $posix_glob set +f &&
+
+ test "$old" = "$new" &&
+ $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+ then
+ rm -f "$dsttmp"
+ else
+ # Rename the file to the real destination.
+ $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+ # The rename failed, perhaps because mv can't rename something else
+ # to itself, or perhaps because mv is so ancient that it does not
+ # support -f.
+ {
+ # Now remove or move aside any old file at destination location.
+ # We try this two ways since rm can't unlink itself on some
+ # systems and the destination file might be busy for other
+ # reasons. In this case, the final cleanup might fail but the new
+ # file should still install successfully.
+ {
+ test ! -f "$dst" ||
+ $doit $rmcmd -f "$dst" 2>/dev/null ||
+ { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+ { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+ } ||
+ { echo "$0: cannot unlink or rename $dst" >&2
+ (exit 1); exit 1
+ }
+ } &&
+
+ # Now rename the file to the real destination.
+ $doit $mvcmd "$dsttmp" "$dst"
+ }
+ fi || exit 1
+
+ trap '' 0
+ fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+# libgnutls.map -- libgnutls linker version script. -*- ld-script -*-
+# Copyright (C) 2005, 2006, 2007, 2008, 2009, 2010, 2011 Free Software
+# Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+#useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+#of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+GNUTLS_1_4
+{
+ global:
+ gnutls_alert_get;
+ gnutls_alert_get_name;
+ gnutls_alert_send;
+ gnutls_alert_send_appropriate;
+ gnutls_anon_allocate_client_credentials;
+ gnutls_anon_allocate_server_credentials;
+ gnutls_anon_free_client_credentials;
+ gnutls_anon_free_server_credentials;
+ gnutls_anon_set_params_function;
+ gnutls_anon_set_server_dh_params;
+ gnutls_anon_set_server_params_function;
+ gnutls_auth_client_get_type;
+ gnutls_auth_get_type;
+ gnutls_auth_server_get_type;
+ gnutls_bye;
+ gnutls_calc_dh_key;
+ gnutls_calc_dh_secret;
+ gnutls_calloc;
+ gnutls_certificate_activation_time_peers;
+ gnutls_certificate_allocate_credentials;
+ gnutls_certificate_client_get_request_status;
+ gnutls_certificate_client_set_retrieve_function;
+ gnutls_certificate_expiration_time_peers;
+ gnutls_certificate_free_ca_names;
+ gnutls_certificate_free_cas;
+ gnutls_certificate_free_credentials;
+ gnutls_certificate_free_crls;
+ gnutls_certificate_free_keys;
+ gnutls_certificate_get_openpgp_keyring;
+ gnutls_certificate_get_ours;
+ gnutls_certificate_get_peers;
+ gnutls_certificate_get_x509_cas;
+ gnutls_certificate_get_x509_crls;
+ gnutls_certificate_send_x509_rdn_sequence;
+ gnutls_certificate_server_set_request;
+ gnutls_certificate_server_set_retrieve_function;
+ gnutls_certificate_set_dh_params;
+ gnutls_certificate_set_openpgp_key;
+ gnutls_certificate_set_openpgp_key_file2;
+ gnutls_certificate_set_openpgp_key_file;
+ gnutls_certificate_set_openpgp_key_mem2;
+ gnutls_certificate_set_openpgp_key_mem;
+ gnutls_certificate_set_openpgp_keyring_file;
+ gnutls_certificate_set_openpgp_keyring_mem;
+ gnutls_certificate_set_params_function;
+ gnutls_certificate_set_rsa_export_params;
+ gnutls_certificate_set_verify_flags;
+ gnutls_certificate_set_verify_limits;
+ gnutls_certificate_set_x509_crl;
+ gnutls_certificate_set_x509_crl_file;
+ gnutls_certificate_set_x509_crl_mem;
+ gnutls_certificate_set_x509_key;
+ gnutls_certificate_set_x509_key_file;
+ gnutls_certificate_set_x509_key_mem;
+ gnutls_certificate_set_x509_simple_pkcs12_file;
+ gnutls_certificate_set_x509_trust;
+ gnutls_certificate_set_x509_trust_file;
+ gnutls_certificate_set_x509_trust_mem;
+ gnutls_certificate_type_get;
+ gnutls_certificate_type_get_id;
+ gnutls_certificate_type_get_name;
+ gnutls_certificate_type_list;
+ gnutls_certificate_type_set_priority;
+ gnutls_certificate_verify_peers2;
+ gnutls_certificate_verify_peers;
+ gnutls_check_version;
+ gnutls_cipher_get;
+ gnutls_cipher_get_id;
+ gnutls_cipher_get_key_size;
+ gnutls_cipher_get_name;
+ gnutls_cipher_list;
+ gnutls_cipher_set_priority;
+ gnutls_cipher_suite_get_name;
+ gnutls_cipher_suite_info;
+ gnutls_compression_get;
+ gnutls_compression_get_id;
+ gnutls_compression_get_name;
+ gnutls_compression_list;
+ gnutls_compression_set_priority;
+ gnutls_credentials_clear;
+ gnutls_credentials_set;
+ gnutls_crypto_bigint_register2;
+ gnutls_crypto_cipher_register2;
+ gnutls_crypto_digest_register2;
+ gnutls_crypto_mac_register2;
+ gnutls_crypto_pk_register2;
+ gnutls_crypto_rnd_register2;
+ gnutls_crypto_single_cipher_register2;
+ gnutls_crypto_single_digest_register2;
+ gnutls_crypto_single_mac_register2;
+ gnutls_db_check_entry;
+ gnutls_db_get_ptr;
+ gnutls_db_remove_session;
+ gnutls_db_set_cache_expiration;
+ gnutls_db_set_ptr;
+ gnutls_db_set_remove_function;
+ gnutls_db_set_retrieve_function;
+ gnutls_db_set_store_function;
+ gnutls_deinit;
+ gnutls_dh_get_group;
+ gnutls_dh_get_peers_public_bits;
+ gnutls_dh_get_prime_bits;
+ gnutls_dh_get_pubkey;
+ gnutls_dh_get_secret_bits;
+ gnutls_dh_params_cpy;
+ gnutls_dh_params_deinit;
+ gnutls_dh_params_export_pkcs3;
+ gnutls_dh_params_export_raw;
+ gnutls_dh_params_generate2;
+ gnutls_dh_params_import_pkcs3;
+ gnutls_dh_params_import_raw;
+ gnutls_dh_params_init;
+ gnutls_dh_set_prime_bits;
+ gnutls_error_is_fatal;
+ gnutls_error_to_alert;
+ gnutls_ext_register;
+ gnutls_fingerprint;
+ gnutls_free;
+ gnutls_global_deinit;
+ gnutls_global_init;
+ gnutls_global_set_log_function;
+ gnutls_global_set_log_level;
+ gnutls_global_set_mem_functions;
+ gnutls_handshake;
+ gnutls_handshake_get_last_in;
+ gnutls_handshake_get_last_out;
+ gnutls_handshake_set_max_packet_length;
+ gnutls_handshake_set_post_client_hello_function;
+ gnutls_handshake_set_private_extensions;
+ gnutls_hex2bin;
+ gnutls_hex_decode;
+ gnutls_hex_encode;
+ gnutls_init;
+ gnutls_kx_get;
+ gnutls_kx_get_id;
+ gnutls_kx_get_name;
+ gnutls_kx_list;
+ gnutls_kx_set_priority;
+ gnutls_mac_get;
+ gnutls_mac_get_id;
+ gnutls_mac_get_key_size;
+ gnutls_mac_get_name;
+ gnutls_mac_list;
+ gnutls_mac_set_priority;
+ gnutls_malloc;
+ gnutls_openpgp_count_key_names;
+ gnutls_openpgp_crt_check_hostname;
+ gnutls_openpgp_crt_deinit;
+ gnutls_openpgp_crt_export;
+ gnutls_openpgp_crt_get_auth_subkey;
+ gnutls_openpgp_crt_get_creation_time;
+ gnutls_openpgp_crt_get_expiration_time;
+ gnutls_openpgp_crt_get_fingerprint;
+ gnutls_openpgp_crt_get_key_id;
+ gnutls_openpgp_crt_get_key_usage;
+ gnutls_openpgp_crt_get_name;
+ gnutls_openpgp_crt_get_pk_algorithm;
+ gnutls_openpgp_crt_get_pk_dsa_raw;
+ gnutls_openpgp_crt_get_pk_rsa_raw;
+ gnutls_openpgp_crt_get_preferred_key_id;
+ gnutls_openpgp_crt_get_revoked_status;
+ gnutls_openpgp_crt_get_subkey_count;
+ gnutls_openpgp_crt_get_subkey_creation_time;
+ gnutls_openpgp_crt_get_subkey_expiration_time;
+ gnutls_openpgp_crt_get_subkey_fingerprint;
+ gnutls_openpgp_crt_get_subkey_id;
+ gnutls_openpgp_crt_get_subkey_idx;
+ gnutls_openpgp_crt_get_subkey_pk_algorithm;
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw;
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw;
+ gnutls_openpgp_crt_get_subkey_revoked_status;
+ gnutls_openpgp_crt_get_subkey_usage;
+ gnutls_openpgp_crt_get_version;
+ gnutls_openpgp_crt_import;
+ gnutls_openpgp_crt_init;
+ gnutls_openpgp_crt_print;
+ gnutls_openpgp_crt_set_preferred_key_id;
+ gnutls_openpgp_crt_verify_ring;
+ gnutls_openpgp_crt_verify_self;
+ gnutls_openpgp_get_key;
+ gnutls_openpgp_keyring_check_id;
+ gnutls_openpgp_keyring_deinit;
+ gnutls_openpgp_keyring_get_crt;
+ gnutls_openpgp_keyring_get_crt_count;
+ gnutls_openpgp_keyring_import;
+ gnutls_openpgp_keyring_init;
+ gnutls_openpgp_privkey_deinit;
+ gnutls_openpgp_privkey_export;
+ gnutls_openpgp_privkey_export_dsa_raw;
+ gnutls_openpgp_privkey_export_rsa_raw;
+ gnutls_openpgp_privkey_export_subkey_dsa_raw;
+ gnutls_openpgp_privkey_export_subkey_rsa_raw;
+ gnutls_openpgp_privkey_get_fingerprint;
+ gnutls_openpgp_privkey_get_key_id;
+ gnutls_openpgp_privkey_get_pk_algorithm;
+ gnutls_openpgp_privkey_get_preferred_key_id;
+ gnutls_openpgp_privkey_get_revoked_status;
+ gnutls_openpgp_privkey_get_subkey_count;
+ gnutls_openpgp_privkey_get_subkey_creation_time;
+ gnutls_openpgp_privkey_get_subkey_expiration_time;
+ gnutls_openpgp_privkey_get_subkey_fingerprint;
+ gnutls_openpgp_privkey_get_subkey_id;
+ gnutls_openpgp_privkey_get_subkey_idx;
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm;
+ gnutls_openpgp_privkey_get_subkey_revoked_status;
+ gnutls_openpgp_privkey_import;
+ gnutls_openpgp_privkey_init;
+ gnutls_openpgp_privkey_set_preferred_key_id;
+ gnutls_openpgp_send_cert;
+ gnutls_openpgp_set_recv_key_function;
+ gnutls_oprfi_enable_client;
+ gnutls_oprfi_enable_server;
+ gnutls_pem_base64_decode;
+ gnutls_pem_base64_decode_alloc;
+ gnutls_pem_base64_encode;
+ gnutls_pem_base64_encode_alloc;
+ gnutls_perror;
+ gnutls_pk_algorithm_get_name;
+ gnutls_pk_get_id;
+ gnutls_pk_get_name;
+ gnutls_pk_list;
+ gnutls_pk_params_init;
+ gnutls_pk_params_release;
+ gnutls_pkcs12_bag_decrypt;
+ gnutls_pkcs12_bag_deinit;
+ gnutls_pkcs12_bag_encrypt;
+ gnutls_pkcs12_bag_get_count;
+ gnutls_pkcs12_bag_get_data;
+ gnutls_pkcs12_bag_get_friendly_name;
+ gnutls_pkcs12_bag_get_key_id;
+ gnutls_pkcs12_bag_get_type;
+ gnutls_pkcs12_bag_init;
+ gnutls_pkcs12_bag_set_crl;
+ gnutls_pkcs12_bag_set_crt;
+ gnutls_pkcs12_bag_set_data;
+ gnutls_pkcs12_bag_set_friendly_name;
+ gnutls_pkcs12_bag_set_key_id;
+ gnutls_pkcs12_deinit;
+ gnutls_pkcs12_export;
+ gnutls_pkcs12_generate_mac;
+ gnutls_pkcs12_get_bag;
+ gnutls_pkcs12_import;
+ gnutls_pkcs12_init;
+ gnutls_pkcs12_set_bag;
+ gnutls_pkcs12_verify_mac;
+ gnutls_pkcs7_deinit;
+ gnutls_pkcs7_delete_crl;
+ gnutls_pkcs7_delete_crt;
+ gnutls_pkcs7_export;
+ gnutls_pkcs7_get_crl_count;
+ gnutls_pkcs7_get_crl_raw;
+ gnutls_pkcs7_get_crt_count;
+ gnutls_pkcs7_get_crt_raw;
+ gnutls_pkcs7_import;
+ gnutls_pkcs7_init;
+ gnutls_pkcs7_set_crl;
+ gnutls_pkcs7_set_crl_raw;
+ gnutls_pkcs7_set_crt;
+ gnutls_pkcs7_set_crt_raw;
+ gnutls_prf;
+ gnutls_prf_raw;
+ gnutls_priority_deinit;
+ gnutls_priority_init;
+ gnutls_priority_set;
+ gnutls_priority_set_direct;
+ gnutls_protocol_get_id;
+ gnutls_protocol_get_name;
+ gnutls_protocol_get_version;
+ gnutls_protocol_list;
+ gnutls_protocol_set_priority;
+ gnutls_psk_allocate_client_credentials;
+ gnutls_psk_allocate_server_credentials;
+ gnutls_psk_client_get_hint;
+ gnutls_psk_free_client_credentials;
+ gnutls_psk_free_server_credentials;
+ gnutls_psk_netconf_derive_key;
+ gnutls_psk_server_get_username;
+ gnutls_psk_set_client_credentials;
+ gnutls_psk_set_client_credentials_function;
+ gnutls_psk_set_params_function;
+ gnutls_psk_set_server_credentials_file;
+ gnutls_psk_set_server_credentials_function;
+ gnutls_psk_set_server_credentials_hint;
+ gnutls_psk_set_server_dh_params;
+ gnutls_psk_set_server_params_function;
+ gnutls_realloc;
+ gnutls_realloc_fast;
+ gnutls_record_check_pending;
+ gnutls_record_disable_padding;
+ gnutls_record_get_direction;
+ gnutls_record_get_max_size;
+ gnutls_record_recv;
+ gnutls_record_send;
+ gnutls_record_set_max_size;
+ gnutls_rehandshake;
+ gnutls_rsa_export_get_modulus_bits;
+ gnutls_rsa_export_get_pubkey;
+ gnutls_rsa_params_cpy;
+ gnutls_rsa_params_deinit;
+ gnutls_rsa_params_export_pkcs1;
+ gnutls_rsa_params_export_raw;
+ gnutls_rsa_params_generate2;
+ gnutls_rsa_params_import_pkcs1;
+ gnutls_rsa_params_import_raw;
+ gnutls_rsa_params_init;
+ gnutls_secure_calloc;
+ gnutls_secure_malloc;
+ gnutls_server_name_get;
+ gnutls_server_name_set;
+ gnutls_session_enable_compatibility_mode;
+ gnutls_session_get_client_random;
+ gnutls_session_get_data2;
+ gnutls_session_get_data;
+ gnutls_session_get_id;
+ gnutls_session_get_master_secret;
+ gnutls_session_get_ptr;
+ gnutls_session_get_server_random;
+ gnutls_session_is_resumed;
+ gnutls_session_set_data;
+ gnutls_session_set_finished_function;
+ gnutls_session_set_ptr;
+ gnutls_set_default_export_priority;
+ gnutls_set_default_priority;
+ gnutls_sign_algorithm_get_name;
+ gnutls_sign_callback_get;
+ gnutls_sign_callback_set;
+ gnutls_sign_get_id;
+ gnutls_sign_get_name;
+ gnutls_sign_list;
+ gnutls_srp_1024_group_generator;
+ gnutls_srp_1024_group_prime;
+ gnutls_srp_1536_group_generator;
+ gnutls_srp_1536_group_prime;
+ gnutls_srp_2048_group_generator;
+ gnutls_srp_2048_group_prime;
+ gnutls_srp_allocate_client_credentials;
+ gnutls_srp_allocate_server_credentials;
+ gnutls_srp_base64_decode;
+ gnutls_srp_base64_decode_alloc;
+ gnutls_srp_base64_encode;
+ gnutls_srp_base64_encode_alloc;
+ gnutls_srp_free_client_credentials;
+ gnutls_srp_free_server_credentials;
+ gnutls_srp_server_get_username;
+ gnutls_srp_set_client_credentials;
+ gnutls_srp_set_client_credentials_function;
+ gnutls_srp_set_prime_bits;
+ gnutls_srp_set_server_credentials_file;
+ gnutls_srp_set_server_credentials_function;
+ gnutls_srp_verifier;
+ gnutls_strdup;
+ gnutls_strerror;
+ gnutls_strerror_name;
+ gnutls_supplemental_get_name;
+ gnutls_transport_get_ptr2;
+ gnutls_transport_get_ptr;
+ gnutls_transport_set_errno;
+ gnutls_transport_set_global_errno;
+ gnutls_transport_set_lowat;
+ gnutls_transport_set_ptr2;
+ gnutls_transport_set_ptr;
+ gnutls_transport_set_pull_function;
+ gnutls_transport_set_push_function;
+ gnutls_x509_crl_check_issuer;
+ gnutls_x509_crl_deinit;
+ gnutls_x509_crl_export;
+ gnutls_x509_crl_get_crt_count;
+ gnutls_x509_crl_get_crt_serial;
+ gnutls_x509_crl_get_dn_oid;
+ gnutls_x509_crl_get_issuer_dn;
+ gnutls_x509_crl_get_issuer_dn_by_oid;
+ gnutls_x509_crl_get_next_update;
+ gnutls_x509_crl_get_signature;
+ gnutls_x509_crl_get_signature_algorithm;
+ gnutls_x509_crl_get_this_update;
+ gnutls_x509_crl_get_version;
+ gnutls_x509_crl_import;
+ gnutls_x509_crl_init;
+ gnutls_x509_crl_print;
+ gnutls_x509_crl_set_crt;
+ gnutls_x509_crl_set_crt_serial;
+ gnutls_x509_crl_set_next_update;
+ gnutls_x509_crl_set_this_update;
+ gnutls_x509_crl_set_version;
+ gnutls_x509_crl_sign2;
+ gnutls_x509_crl_sign;
+ gnutls_x509_crl_verify;
+ gnutls_x509_crq_deinit;
+ gnutls_x509_crq_export;
+ gnutls_x509_crq_get_attribute_by_oid;
+ gnutls_x509_crq_get_challenge_password;
+ gnutls_x509_crq_get_dn;
+ gnutls_x509_crq_get_dn_by_oid;
+ gnutls_x509_crq_get_dn_oid;
+ gnutls_x509_crq_get_pk_algorithm;
+ gnutls_x509_crq_get_version;
+ gnutls_x509_crq_import;
+ gnutls_x509_crq_init;
+ gnutls_x509_crq_set_attribute_by_oid;
+ gnutls_x509_crq_set_challenge_password;
+ gnutls_x509_crq_set_dn_by_oid;
+ gnutls_x509_crq_set_key;
+ gnutls_x509_crq_set_key_rsa_raw;
+ gnutls_x509_crq_set_version;
+ gnutls_x509_crq_sign2;
+ gnutls_x509_crq_sign;
+ gnutls_x509_crt_check_hostname;
+ gnutls_x509_crt_check_issuer;
+ gnutls_x509_crt_check_revocation;
+ gnutls_x509_crt_cpy_crl_dist_points;
+ gnutls_x509_crt_deinit;
+ gnutls_x509_crt_export;
+ gnutls_x509_crt_get_activation_time;
+ gnutls_x509_crt_get_authority_key_id;
+ gnutls_x509_crt_get_basic_constraints;
+ gnutls_x509_crt_get_ca_status;
+ gnutls_x509_crt_get_crl_dist_points;
+ gnutls_x509_crt_get_dn;
+ gnutls_x509_crt_get_dn_by_oid;
+ gnutls_x509_crt_get_dn_oid;
+ gnutls_x509_crt_get_expiration_time;
+ gnutls_x509_crt_get_extension_by_oid;
+ gnutls_x509_crt_get_extension_data;
+ gnutls_x509_crt_get_extension_info;
+ gnutls_x509_crt_get_extension_oid;
+ gnutls_x509_crt_get_fingerprint;
+ gnutls_x509_crt_get_issuer;
+ gnutls_x509_crt_get_issuer_dn;
+ gnutls_x509_crt_get_issuer_dn_by_oid;
+ gnutls_x509_crt_get_issuer_dn_oid;
+ gnutls_x509_crt_get_issuer_unique_id;
+ gnutls_x509_crt_get_key_id;
+ gnutls_x509_crt_get_key_purpose_oid;
+ gnutls_x509_crt_get_key_usage;
+ gnutls_x509_crt_get_pk_algorithm;
+ gnutls_x509_crt_get_pk_dsa_raw;
+ gnutls_x509_crt_get_pk_rsa_raw;
+ gnutls_x509_crt_get_proxy;
+ gnutls_x509_crt_get_raw_dn;
+ gnutls_x509_crt_get_raw_issuer_dn;
+ gnutls_x509_crt_get_serial;
+ gnutls_x509_crt_get_signature;
+ gnutls_x509_crt_get_signature_algorithm;
+ gnutls_x509_crt_get_subject;
+ gnutls_x509_crt_get_subject_alt_name2;
+ gnutls_x509_crt_get_subject_alt_name;
+ gnutls_x509_crt_get_subject_alt_othername_oid;
+ gnutls_x509_crt_get_subject_key_id;
+ gnutls_x509_crt_get_subject_unique_id;
+ gnutls_x509_crt_get_version;
+ gnutls_x509_crt_import;
+ gnutls_x509_crt_init;
+ gnutls_x509_crt_list_import;
+ gnutls_x509_crt_list_verify;
+ gnutls_x509_crt_print;
+ gnutls_x509_crt_set_activation_time;
+ gnutls_x509_crt_set_authority_key_id;
+ gnutls_x509_crt_set_basic_constraints;
+ gnutls_x509_crt_set_ca_status;
+ gnutls_x509_crt_set_crl_dist_points2;
+ gnutls_x509_crt_set_crl_dist_points;
+ gnutls_x509_crt_set_crq;
+ gnutls_x509_crt_set_dn_by_oid;
+ gnutls_x509_crt_set_expiration_time;
+ gnutls_x509_crt_set_extension_by_oid;
+ gnutls_x509_crt_set_issuer_dn_by_oid;
+ gnutls_x509_crt_set_key;
+ gnutls_x509_crt_set_key_purpose_oid;
+ gnutls_x509_crt_set_key_usage;
+ gnutls_x509_crt_set_proxy;
+ gnutls_x509_crt_set_proxy_dn;
+ gnutls_x509_crt_set_serial;
+ gnutls_x509_crt_set_subject_alt_name;
+ gnutls_x509_crt_set_subject_alternative_name;
+ gnutls_x509_crt_set_subject_key_id;
+ gnutls_x509_crt_set_version;
+ gnutls_x509_crt_sign2;
+ gnutls_x509_crt_sign;
+ gnutls_x509_crt_verify;
+ gnutls_x509_crt_verify_data;
+ gnutls_x509_dn_deinit;
+ gnutls_x509_dn_export;
+ gnutls_x509_dn_get_rdn_ava;
+ gnutls_x509_dn_import;
+ gnutls_x509_dn_init;
+ gnutls_x509_dn_oid_known;
+ gnutls_x509_privkey_cpy;
+ gnutls_x509_privkey_deinit;
+ gnutls_x509_privkey_export;
+ gnutls_x509_privkey_export_dsa_raw;
+ gnutls_x509_privkey_export_pkcs8;
+ gnutls_x509_privkey_export_rsa_raw;
+ gnutls_x509_privkey_fix;
+ gnutls_x509_privkey_generate;
+ gnutls_x509_privkey_get_key_id;
+ gnutls_x509_privkey_get_pk_algorithm;
+ gnutls_x509_privkey_import;
+ gnutls_x509_privkey_import_dsa_raw;
+ gnutls_x509_privkey_import_pkcs8;
+ gnutls_x509_privkey_import_rsa_raw;
+ gnutls_x509_privkey_init;
+ gnutls_x509_privkey_sign_data;
+ gnutls_x509_privkey_sign_hash;
+ gnutls_x509_privkey_verify_data;
+ gnutls_x509_rdn_get;
+ gnutls_x509_rdn_get_by_oid;
+ gnutls_x509_rdn_get_oid;
+
+ local:
+ *;
+};
+
+GNUTLS_2_8
+{
+ global:
+ gnutls_certificate_set_x509_simple_pkcs12_mem;
+ gnutls_x509_crl_get_authority_key_id;
+ gnutls_x509_crl_get_extension_data;
+ gnutls_x509_crl_get_extension_info;
+ gnutls_x509_crl_get_extension_oid;
+ gnutls_x509_crl_get_number;
+ gnutls_x509_crl_set_authority_key_id;
+ gnutls_x509_crl_set_number;
+ gnutls_x509_crq_get_attribute_data;
+ gnutls_x509_crq_get_attribute_info;
+ gnutls_x509_crq_get_basic_constraints;
+ gnutls_x509_crq_get_extension_by_oid;
+ gnutls_x509_crq_get_extension_data;
+ gnutls_x509_crq_get_extension_info;
+ gnutls_x509_crq_get_key_id;
+ gnutls_x509_crq_get_key_purpose_oid;
+ gnutls_x509_crq_get_key_rsa_raw;
+ gnutls_x509_crq_get_key_usage;
+ gnutls_x509_crq_get_subject_alt_name;
+ gnutls_x509_crq_get_subject_alt_othername_oid;
+ gnutls_x509_crq_print;
+ gnutls_x509_crq_set_basic_constraints;
+ gnutls_x509_crq_set_key_purpose_oid;
+ gnutls_x509_crq_set_key_usage;
+ gnutls_x509_crq_set_subject_alt_name;
+ gnutls_x509_crt_get_verify_algorithm;
+ gnutls_x509_crt_set_crq_extensions;
+ gnutls_x509_crt_verify_hash;
+ gnutls_session_ticket_key_generate;
+ gnutls_session_ticket_enable_client;
+ gnutls_session_ticket_enable_server;
+} GNUTLS_1_4;
+
+GNUTLS_2_10
+{
+ global:
+ gnutls_x509_crt_get_issuer_alt_name2;
+ gnutls_x509_crt_get_issuer_alt_name;
+ gnutls_x509_crt_get_issuer_alt_othername_oid;
+ gnutls_sign_algorithm_get_requested;
+ gnutls_cipher_init;
+ gnutls_cipher_encrypt;
+ gnutls_cipher_decrypt;
+ gnutls_cipher_deinit;
+ gnutls_cipher_get_block_size;
+ gnutls_hash_init;
+ gnutls_hash_get_len;
+ gnutls_hash;
+ gnutls_hash_fast;
+ gnutls_hash_deinit;
+ gnutls_hash_output;
+ gnutls_hmac_init;
+ gnutls_hmac_get_len;
+ gnutls_hmac;
+ gnutls_hmac_fast;
+ gnutls_hmac_deinit;
+ gnutls_hmac_output;
+ gnutls_certificate_set_verify_function;
+ gnutls_safe_renegotiation_status;
+} GNUTLS_2_8;
+
+GNUTLS_2_12
+{
+ global:
+ gnutls_certificate_set_retrieve_function;
+ gnutls_pkcs11_init;
+ gnutls_pkcs11_deinit;
+ gnutls_pkcs11_set_pin_function;
+ gnutls_pkcs11_set_token_function;
+ gnutls_pkcs11_add_provider;
+ gnutls_pkcs11_obj_init;
+ gnutls_pkcs11_obj_import_url;
+ gnutls_pkcs11_obj_export_url;
+ gnutls_pkcs11_obj_deinit;
+ gnutls_pkcs11_obj_list_import_url;
+ gnutls_x509_crt_import_pkcs11;
+ gnutls_pkcs11_obj_get_type;
+ gnutls_x509_crt_list_import_pkcs11;
+ gnutls_x509_crt_import_pkcs11_url;
+ gnutls_pkcs11_obj_get_info;
+ gnutls_pkcs11_token_get_info;
+ gnutls_pkcs11_token_get_url;
+ gnutls_pkcs11_privkey_init;
+ gnutls_pkcs11_privkey_deinit;
+ gnutls_pkcs11_privkey_get_pk_algorithm;
+ gnutls_pkcs11_privkey_get_info;
+ gnutls_pkcs11_privkey_import_url;
+ gnutls_pkcs11_obj_export;
+ gnutls_pkcs11_type_get_name;
+
+ gnutls_privkey_init;
+ gnutls_privkey_deinit;
+ gnutls_privkey_get_pk_algorithm;
+ gnutls_privkey_get_type;
+ gnutls_privkey_import_pkcs11;
+ gnutls_privkey_import_x509;
+ gnutls_privkey_import_openpgp;
+ gnutls_privkey_decrypt_data;
+ gnutls_pkcs11_privkey_export_url;
+ gnutls_x509_crq_privkey_sign;
+ gnutls_x509_crl_privkey_sign;
+ gnutls_x509_crt_privkey_sign;
+ gnutls_pubkey_init;
+ gnutls_pubkey_deinit;
+ gnutls_pubkey_get_pk_algorithm;
+ gnutls_pubkey_import_x509;
+ gnutls_pubkey_import_openpgp;
+ gnutls_pubkey_get_pk_rsa_raw;
+ gnutls_pubkey_get_pk_dsa_raw;
+ gnutls_pubkey_export;
+ gnutls_pubkey_get_key_id;
+ gnutls_pubkey_get_key_usage;
+ gnutls_pubkey_import_pkcs11;
+ gnutls_pubkey_import_dsa_raw;
+ gnutls_pubkey_import_rsa_raw;
+ gnutls_pubkey_import_pkcs11_url;
+ gnutls_pubkey_get_verify_algorithm;
+ gnutls_pubkey_verify_hash;
+ gnutls_pkcs11_obj_export;
+ gnutls_pubkey_import;
+ gnutls_x509_crt_set_pubkey;
+ gnutls_x509_crq_set_pubkey;
+ gnutls_pkcs11_copy_x509_crt;
+ gnutls_pkcs11_copy_x509_privkey;
+ gnutls_pkcs11_delete_url;
+ gnutls_x509_privkey_export_rsa_raw2;
+ gnutls_pubkey_get_preferred_hash_algorithm;
+ gnutls_x509_crt_get_preferred_hash_algorithm;
+ gnutls_global_set_mutex;
+ gnutls_transport_set_vec_push_function;
+ gnutls_transport_set_errno_function;
+
+ gnutls_sec_param_to_pk_bits;
+ gnutls_sec_param_get_name;
+ gnutls_pk_bits_to_sec_param;
+ gnutls_rnd;
+ gnutls_cipher_encrypt2;
+ gnutls_cipher_decrypt2;
+ gnutls_openpgp_privkey_sec_param;
+ gnutls_x509_privkey_sec_param;
+ gnutls_session_channel_binding;
+ gnutls_pkcs11_copy_secret_key;
+ gnutls_pkcs11_token_init;
+ gnutls_pkcs11_token_set_pin;
+ gnutls_pkcs11_token_get_mechanism;
+ gnutls_privkey_sign_hash;
+ gnutls_privkey_sign_data;
+ gnutls_openpgp_crt_verify_hash;
+ gnutls_pubkey_import_privkey;
+ gnutls_pubkey_verify_data;
+} GNUTLS_2_10;
+
+GNUTLS_PRIVATE {
+ global:
+ # Internal symbols needed by libgnutls-extra:
+ _gnutls_log_level;
+ _gnutls_write_uint24;
+ _gnutls_log;
+ _gnutls_PRF;
+ _gnutls_send_int;
+ _gnutls_read_uint24;
+ _gnutls_get_cred;
+ _gnutls_recv_int;
+ # Internal symbols needed by libgnutls-extra for LZO:
+ _gnutls_compression_algorithms;
+ _gnutls_comp_algorithms_size;
+ _gnutls_lzo1x_decompress_safe;
+ _gnutls_lzo1x_1_compress;
+ # Internal symbols needed by libgnutls-openssl:
+ _gnutls_pkix1_asn;
+ _gnutls_x509_parse_dn_oid;
+ _gnutls_hash_fast;
+ _gnutls_asn2err;
+ _gnutls_hash_init;
+ _gnutls_hash_deinit;
+ _gnutls_hash;
+ _gnutls_ext_get_session_data;
+ _gnutls_ext_set_session_data;
+ _gnutls_ext_register;
+ _gnutls_buffer_append_prefix;
+ _gnutls_buffer_append_data_prefix;
+ _gnutls_buffer_pop_data;
+ _gnutls_buffer_pop_prefix;
+
+ # Internal symbols needed by psktool:
+
+ # Internal symbols needed by gnutls-cli-debug:
+ _gnutls_rsa_pms_set_version;
+ _gnutls_record_set_default_version;
+ _gnutls_record_set_default_version;
+ # Internal symbols needed by tests/gc:
+ _gnutls_hmac_fast;
+ _gnutls_pbkdf2_sha1;
+ # Internal symbols needed by tests/mpi:
+ _gnutls_mpi_ops;
+ _gnutls_mpi_randomize;
+ _gnutls_mpi_log;
+ _gnutls_mpi_release;
+ # Internal symbols needed by tests/pkcs12_s2k:
+ _gnutls_pkcs12_string_to_key;
+ _gnutls_bin2hex;
+ _gnutls_transport_set_lowat;
+};
--- /dev/null
+# libgnutlsxx.map -- linker script for libgnutls. -*- ld-script -*-
+# Copyright (C) 2005, 2006, 2009, 2010 Free Software Foundation, Inc.
+#
+# Author: Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+#useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+#of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+#Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+GNUTLS_2_10
+{
+ global:
+ extern "C++" {
+ # Allow all symbols for C++. It has its own way to keep
+ # symbol namespaces.
+
+ *;
+ };
+};
--- /dev/null
+/*
+ * Copyright (C) 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <libtasn1.h>
+#include <gnutls_dh.h>
+#include <random.h>
+
+#include <locks.h>
+
+
+/**
+ * gnutls_global_set_mutex:
+ * @init: mutex initialization function
+ * @deinit: mutex deinitialization function
+ * @lock: mutex locking function
+ * @unlock: mutex unlocking function
+ *
+ * With this function you are allowed to override the default mutex
+ * locks used in some parts of gnutls and dependent libraries. This function
+ * should be used if you have complete control of your program and libraries.
+ * Do not call this function from a library. Instead only initialize gnutls and
+ * the default OS mutex locks will be used.
+ *
+ * This function must be called before gnutls_global_init().
+ *
+ **/
+void
+gnutls_global_set_mutex (mutex_init_func init, mutex_deinit_func deinit,
+ mutex_lock_func lock, mutex_unlock_func unlock)
+{
+ if (init == NULL || deinit == NULL || lock == NULL || unlock == NULL)
+ return;
+
+ gnutls_mutex_init = init;
+ gnutls_mutex_deinit = deinit;
+ gnutls_mutex_lock = lock;
+ gnutls_mutex_unlock = unlock;
+}
--- /dev/null
+#ifndef GNUTLS_LOCKS_H
+#define GNUTLS_LOCKS_H
+
+#include <gnutls/gnutls.h>
+#include <gnutls_int.h>
+
+extern mutex_init_func gnutls_mutex_init;
+extern mutex_deinit_func gnutls_mutex_deinit;
+extern mutex_lock_func gnutls_mutex_lock;
+extern mutex_unlock_func gnutls_mutex_unlock;
+
+#endif
--- /dev/null
+# Generated from ltmain.m4sh.
+
+# ltmain.sh (GNU libtool) 2.2.6b
+# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html,
+# or obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Usage: $progname [OPTION]... [MODE-ARG]...
+#
+# Provide generalized library-building support services.
+#
+# --config show all configuration variables
+# --debug enable verbose shell tracing
+# -n, --dry-run display commands without modifying any files
+# --features display basic configuration information and exit
+# --mode=MODE use operation mode MODE
+# --preserve-dup-deps don't remove duplicate dependency libraries
+# --quiet, --silent don't print informational messages
+# --tag=TAG use configuration variables from tag TAG
+# -v, --verbose print informational messages (default)
+# --version print version information
+# -h, --help print short or long help message
+#
+# MODE must be one of the following:
+#
+# clean remove files from the build directory
+# compile compile a source file into a libtool object
+# execute automatically set library path, then run a program
+# finish complete the installation of libtool libraries
+# install install libraries or executables
+# link create a library or an executable
+# uninstall remove libraries from an installed directory
+#
+# MODE-ARGS vary depending on the MODE.
+# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
+#
+# When reporting a bug, please describe a test case to reproduce it and
+# include the following information:
+#
+# host-triplet: $host
+# shell: $SHELL
+# compiler: $LTCC
+# compiler flags: $LTCFLAGS
+# linker: $LD (gnu? $with_gnu_ld)
+# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2ubuntu1
+# automake: $automake_version
+# autoconf: $autoconf_version
+#
+# Report bugs to <bug-libtool@gnu.org>.
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION="2.2.6b Debian-2.2.6b-2ubuntu1"
+TIMESTAMP=""
+package_revision=1.3017
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# NLS nuisances: We save the old values to restore during execute mode.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+lt_user_locale=
+lt_safe_locale=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+ eval "if test \"\${$lt_var+set}\" = set; then
+ save_$lt_var=\$$lt_var
+ $lt_var=C
+ export $lt_var
+ lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
+ lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+ fi"
+done
+
+$lt_unset CDPATH
+
+
+
+
+
+: ${CP="cp -f"}
+: ${ECHO="echo"}
+: ${EGREP="/bin/grep -E"}
+: ${FGREP="/bin/grep -F"}
+: ${GREP="/bin/grep"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SED="/bin/sed"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+: ${Xsed="$SED -e 1s/^X//"}
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
+
+exit_status=$EXIT_SUCCESS
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" $lt_nl"
+
+dirname="s,/[^/]*$,,"
+basename="s,^.*/,,"
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+# Generated shell functions inserted here.
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+# In the unlikely event $progname began with a '-', it would play havoc with
+# func_echo (imagine progname=-n), so we prepend ./ in that case:
+func_dirname_and_basename "$progpath"
+progname=$func_basename_result
+case $progname in
+ -*) progname=./$progname ;;
+esac
+
+# Make sure we have an absolute path for reexecution:
+case $progpath in
+ [\\/]*|[A-Za-z]:\\*) ;;
+ *[\\/]*)
+ progdir=$func_dirname_result
+ progdir=`cd "$progdir" && pwd`
+ progpath="$progdir/$progname"
+ ;;
+ *)
+ save_IFS="$IFS"
+ IFS=:
+ for progdir in $PATH; do
+ IFS="$save_IFS"
+ test -x "$progdir/$progname" && break
+ done
+ IFS="$save_IFS"
+ test -n "$progdir" || progdir=`pwd`
+ progpath="$progdir/$progname"
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Re-`\' parameter expansions in output of double_quote_subst that were
+# `\'-ed in input to the same. If an odd number of `\' preceded a '$'
+# in input to double_quote_subst, that '$' was protected from expansion.
+# Since each input `\' is now two `\'s, look for any number of runs of
+# four `\'s followed by two `\'s and then a '$'. `\' that '$'.
+bs='\\'
+bs2='\\\\'
+bs4='\\\\\\\\'
+dollar='\$'
+sed_double_backslash="\
+ s/$bs4/&\\
+/g
+ s/^$bs2$dollar/$bs&/
+ s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
+ s/\n//g"
+
+# Standard options:
+opt_dry_run=false
+opt_help=false
+opt_quiet=false
+opt_verbose=false
+opt_warning=:
+
+# func_echo arg...
+# Echo program name prefixed message, along with the current mode
+# name if it has been set yet.
+func_echo ()
+{
+ $ECHO "$progname${mode+: }$mode: $*"
+}
+
+# func_verbose arg...
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+ $opt_verbose && func_echo ${1+"$@"}
+
+ # A bug in bash halts the script if the last line of a function
+ # fails when set -e is in force, so we need another command to
+ # work around that:
+ :
+}
+
+# func_error arg...
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+ $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+}
+
+# func_warning arg...
+# Echo program name prefixed warning message to standard error.
+func_warning ()
+{
+ $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+
+ # bash bug again:
+ :
+}
+
+# func_fatal_error arg...
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+ func_error ${1+"$@"}
+ exit $EXIT_FAILURE
+}
+
+# func_fatal_help arg...
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+ func_error ${1+"$@"}
+ func_fatal_error "$help"
+}
+help="Try \`$progname --help' for more information." ## default
+
+
+# func_grep expression filename
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+ $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_mkdir_p directory-path
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+ my_directory_path="$1"
+ my_dir_list=
+
+ if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+
+ # Protect directory names starting with `-'
+ case $my_directory_path in
+ -*) my_directory_path="./$my_directory_path" ;;
+ esac
+
+ # While some portion of DIR does not yet exist...
+ while test ! -d "$my_directory_path"; do
+ # ...make a list in topmost first order. Use a colon delimited
+ # list incase some portion of path contains whitespace.
+ my_dir_list="$my_directory_path:$my_dir_list"
+
+ # If the last portion added has no slash in it, the list is done
+ case $my_directory_path in */*) ;; *) break ;; esac
+
+ # ...otherwise throw away the child directory and loop
+ my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+ done
+ my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+
+ save_mkdir_p_IFS="$IFS"; IFS=':'
+ for my_dir in $my_dir_list; do
+ IFS="$save_mkdir_p_IFS"
+ # mkdir can fail with a `File exist' error if two processes
+ # try to create one of the directories concurrently. Don't
+ # stop in that case!
+ $MKDIR "$my_dir" 2>/dev/null || :
+ done
+ IFS="$save_mkdir_p_IFS"
+
+ # Bail out if we (or some other process) failed to create a directory.
+ test -d "$my_directory_path" || \
+ func_fatal_error "Failed to create \`$1'"
+ fi
+}
+
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible. If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+ my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+ if test "$opt_dry_run" = ":"; then
+ # Return a directory name, but don't create it in dry-run mode
+ my_tmpdir="${my_template}-$$"
+ else
+
+ # If mktemp works, use that first and foremost
+ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+ if test ! -d "$my_tmpdir"; then
+ # Failing that, at least try and use $RANDOM to avoid a race
+ my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+ save_mktempdir_umask=`umask`
+ umask 0077
+ $MKDIR "$my_tmpdir"
+ umask $save_mktempdir_umask
+ fi
+
+ # If we're not in dry-run mode, bomb out on failure
+ test -d "$my_tmpdir" || \
+ func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+ fi
+
+ $ECHO "X$my_tmpdir" | $Xsed
+}
+
+
+# func_quote_for_eval arg
+# Aesthetically quote ARG to be evaled later.
+# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
+# is double-quoted, suitable for a subsequent eval, whereas
+# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
+# which are still active within double quotes backslashified.
+func_quote_for_eval ()
+{
+ case $1 in
+ *[\\\`\"\$]*)
+ func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+ *)
+ func_quote_for_eval_unquoted_result="$1" ;;
+ esac
+
+ case $func_quote_for_eval_unquoted_result in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting, command substitution and and variable
+ # expansion for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
+ ;;
+ *)
+ func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
+ esac
+}
+
+
+# func_quote_for_expand arg
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+ case $1 in
+ *[\\\`\"]*)
+ my_arg=`$ECHO "X$1" | $Xsed \
+ -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
+ *)
+ my_arg="$1" ;;
+ esac
+
+ case $my_arg in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting and command substitution for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ my_arg="\"$my_arg\""
+ ;;
+ esac
+
+ func_quote_for_expand_result="$my_arg"
+}
+
+
+# func_show_eval cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$my_cmd"
+ my_status=$?
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+# func_show_eval_locale cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it. Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$lt_user_locale
+ $my_cmd"
+ my_status=$?
+ eval "$lt_safe_locale"
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+
+
+
+# func_version
+# Echo version message to standard output and exit.
+func_version ()
+{
+ $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+ s/^# //
+ s/^# *$//
+ s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_usage
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+ $SED -n '/^# Usage:/,/# -h/ {
+ s/^# //
+ s/^# *$//
+ s/\$progname/'$progname'/
+ p
+ }' < "$progpath"
+ $ECHO
+ $ECHO "run \`$progname --help | more' for full usage"
+ exit $?
+}
+
+# func_help
+# Echo long help message to standard output and exit.
+func_help ()
+{
+ $SED -n '/^# Usage:/,/# Report bugs to/ {
+ s/^# //
+ s/^# *$//
+ s*\$progname*'$progname'*
+ s*\$host*'"$host"'*
+ s*\$SHELL*'"$SHELL"'*
+ s*\$LTCC*'"$LTCC"'*
+ s*\$LTCFLAGS*'"$LTCFLAGS"'*
+ s*\$LD*'"$LD"'*
+ s/\$with_gnu_ld/'"$with_gnu_ld"'/
+ s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
+ s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_missing_arg argname
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+ func_error "missing argument for $1"
+ exit_cmd=exit
+}
+
+exit_cmd=:
+
+
+
+
+
+# Check that we have a working $ECHO.
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell, and then maybe $ECHO will work.
+ exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit $EXIT_SUCCESS
+fi
+
+magic="%%%MAGIC variable%%%"
+magic_exe="%%%MAGIC EXE variable%%%"
+
+# Global variables.
+# $mode is unset
+nonopt=
+execute_dlfiles=
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
+
+opt_dry_run=false
+opt_duplicate_deps=false
+opt_silent=false
+opt_debug=:
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+# func_fatal_configuration arg...
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+ func_error ${1+"$@"}
+ func_error "See the $PACKAGE documentation for more information."
+ func_fatal_error "Fatal configuration error."
+}
+
+
+# func_config
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+ re_begincf='^# ### BEGIN LIBTOOL'
+ re_endcf='^# ### END LIBTOOL'
+
+ # Default configuration.
+ $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+ # Now print the configurations for the tags.
+ for tagname in $taglist; do
+ $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+ done
+
+ exit $?
+}
+
+# func_features
+# Display the features supported by this script.
+func_features ()
+{
+ $ECHO "host: $host"
+ if test "$build_libtool_libs" = yes; then
+ $ECHO "enable shared libraries"
+ else
+ $ECHO "disable shared libraries"
+ fi
+ if test "$build_old_libs" = yes; then
+ $ECHO "enable static libraries"
+ else
+ $ECHO "disable static libraries"
+ fi
+
+ exit $?
+}
+
+# func_enable_tag tagname
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag. We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+ # Global variable:
+ tagname="$1"
+
+ re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+ re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+ sed_extractcf="/$re_begincf/,/$re_endcf/p"
+
+ # Validate tagname.
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ func_fatal_error "invalid tag name: $tagname"
+ ;;
+ esac
+
+ # Don't test for the "default" C tag, as we know it's
+ # there but not specially marked.
+ case $tagname in
+ CC) ;;
+ *)
+ if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+ taglist="$taglist $tagname"
+
+ # Evaluate the configuration. Be careful to quote the path
+ # and the sed script, to avoid splitting on whitespace, but
+ # also don't use non-portable quotes within backquotes within
+ # quotes we have to do it in 2 steps:
+ extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+ eval "$extractedcf"
+ else
+ func_error "ignoring unknown tag $tagname"
+ fi
+ ;;
+ esac
+}
+
+# Parse options once, thoroughly. This comes as soon as possible in
+# the script to make things like `libtool --version' happen quickly.
+{
+
+ # Shorthand for --mode=foo, only valid as the first argument
+ case $1 in
+ clean|clea|cle|cl)
+ shift; set dummy --mode clean ${1+"$@"}; shift
+ ;;
+ compile|compil|compi|comp|com|co|c)
+ shift; set dummy --mode compile ${1+"$@"}; shift
+ ;;
+ execute|execut|execu|exec|exe|ex|e)
+ shift; set dummy --mode execute ${1+"$@"}; shift
+ ;;
+ finish|finis|fini|fin|fi|f)
+ shift; set dummy --mode finish ${1+"$@"}; shift
+ ;;
+ install|instal|insta|inst|ins|in|i)
+ shift; set dummy --mode install ${1+"$@"}; shift
+ ;;
+ link|lin|li|l)
+ shift; set dummy --mode link ${1+"$@"}; shift
+ ;;
+ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+ shift; set dummy --mode uninstall ${1+"$@"}; shift
+ ;;
+ esac
+
+ # Parse non-mode specific arguments:
+ while test "$#" -gt 0; do
+ opt="$1"
+ shift
+
+ case $opt in
+ --config) func_config ;;
+
+ --debug) preserve_args="$preserve_args $opt"
+ func_echo "enabling shell trace mode"
+ opt_debug='set -x'
+ $opt_debug
+ ;;
+
+ -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ execute_dlfiles="$execute_dlfiles $1"
+ shift
+ ;;
+
+ --dry-run | -n) opt_dry_run=: ;;
+ --features) func_features ;;
+ --finish) mode="finish" ;;
+
+ --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ case $1 in
+ # Valid mode arguments:
+ clean) ;;
+ compile) ;;
+ execute) ;;
+ finish) ;;
+ install) ;;
+ link) ;;
+ relink) ;;
+ uninstall) ;;
+
+ # Catch anything else as an error
+ *) func_error "invalid argument for $opt"
+ exit_cmd=exit
+ break
+ ;;
+ esac
+
+ mode="$1"
+ shift
+ ;;
+
+ --preserve-dup-deps)
+ opt_duplicate_deps=: ;;
+
+ --quiet|--silent) preserve_args="$preserve_args $opt"
+ opt_silent=:
+ ;;
+
+ --verbose| -v) preserve_args="$preserve_args $opt"
+ opt_silent=false
+ ;;
+
+ --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ preserve_args="$preserve_args $opt $1"
+ func_enable_tag "$1" # tagname is set here
+ shift
+ ;;
+
+ # Separate optargs to long options:
+ -dlopen=*|--mode=*|--tag=*)
+ func_opt_split "$opt"
+ set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
+ shift
+ ;;
+
+ -\?|-h) func_usage ;;
+ --help) opt_help=: ;;
+ --version) func_version ;;
+
+ -*) func_fatal_help "unrecognized option \`$opt'" ;;
+
+ *) nonopt="$opt"
+ break
+ ;;
+ esac
+ done
+
+
+ case $host in
+ *cygwin* | *mingw* | *pw32* | *cegcc*)
+ # don't eliminate duplications in $postdeps and $predeps
+ opt_duplicate_compiler_generated_deps=:
+ ;;
+ *)
+ opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
+ ;;
+ esac
+
+ # Having warned about all mis-specified options, bail out if
+ # anything was wrong.
+ $exit_cmd $EXIT_FAILURE
+}
+
+# func_check_version_match
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+ if test "$package_revision" != "$macro_revision"; then
+ if test "$VERSION" != "$macro_version"; then
+ if test -z "$macro_version"; then
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ fi
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+ fi
+
+ exit $EXIT_MISMATCH
+ fi
+}
+
+
+## ----------- ##
+## Main. ##
+## ----------- ##
+
+$opt_help || {
+ # Sanity checks first:
+ func_check_version_match
+
+ if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ func_fatal_configuration "not configured to build any kind of library"
+ fi
+
+ test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+
+
+ # Darwin sucks
+ eval std_shrext=\"$shrext_cmds\"
+
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$execute_dlfiles" && test "$mode" != execute; then
+ func_error "unrecognized option \`-dlopen'"
+ $ECHO "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$progname --help --mode=$mode' for more information."
+}
+
+
+# func_lalib_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+ test -f "$1" &&
+ $SED -e 4q "$1" 2>/dev/null \
+ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs. To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway. Works if `file' does not exist.
+func_lalib_unsafe_p ()
+{
+ lalib_p=no
+ if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+ for lalib_p_l in 1 2 3 4
+ do
+ read lalib_p_line
+ case "$lalib_p_line" in
+ \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+ esac
+ done
+ exec 0<&5 5<&-
+ fi
+ test "$lalib_p" = yes
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+ func_lalib_p "$1"
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+ func_ltwrapper_exec_suffix=
+ case $1 in
+ *.exe) ;;
+ *) func_ltwrapper_exec_suffix=.exe ;;
+ esac
+ $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+ func_ltwrapper_scriptname_result=""
+ if func_ltwrapper_executable_p "$1"; then
+ func_dirname_and_basename "$1" "" "."
+ func_stripname '' '.exe' "$func_basename_result"
+ func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+ fi
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+ func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+ $opt_debug
+ save_ifs=$IFS; IFS='~'
+ for cmd in $1; do
+ IFS=$save_ifs
+ eval cmd=\"$cmd\"
+ func_show_eval "$cmd" "${2-:}"
+ done
+ IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)! Also, sourcing
+# `FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+ $opt_debug
+ case $1 in
+ */* | *\\*) . "$1" ;;
+ *) . "./$1" ;;
+ esac
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+ $opt_debug
+ if test -n "$available_tags" && test -z "$tagname"; then
+ CC_quoted=
+ for arg in $CC; do
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case $@ in
+ # Blanks in the command may have been stripped by the calling shell,
+ # but not from the CC environment variable when configure was run.
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+ # Blanks at the start of $base_compile will cause this to fail
+ # if we don't check for them as well.
+ *)
+ for z in $available_tags; do
+ if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ CC_quoted=
+ for arg in $CC; do
+ # Double-quote args containing other shell metacharacters.
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case "$@ " in
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+ # The compiler in the base compile command matches
+ # the one in the tagged configuration.
+ # Assume this is the tagged configuration we want.
+ tagname=$z
+ break
+ ;;
+ esac
+ fi
+ done
+ # If $tagname still isn't set, then no tagged configuration
+ # was found and let the user know that the "--tag" command
+ # line option must be used.
+ if test -z "$tagname"; then
+ func_echo "unable to infer tagged configuration"
+ func_fatal_error "specify a tag with \`--tag'"
+# else
+# func_verbose "using $tagname tagged configuration"
+ fi
+ ;;
+ esac
+ fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+ write_libobj=${1}
+ if test "$build_libtool_libs" = yes; then
+ write_lobj=\'${2}\'
+ else
+ write_lobj=none
+ fi
+
+ if test "$build_old_libs" = yes; then
+ write_oldobj=\'${3}\'
+ else
+ write_oldobj=none
+ fi
+
+ $opt_dry_run || {
+ cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+ $MV "${write_libobj}T" "${write_libobj}"
+ }
+}
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+ $opt_debug
+ # Get the compilation command and the source file.
+ base_compile=
+ srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ suppress_opt=yes
+ suppress_output=
+ arg_mode=normal
+ libobj=
+ later=
+ pie_flag=
+
+ for arg
+ do
+ case $arg_mode in
+ arg )
+ # do not "continue". Instead, add this to base_compile
+ lastarg="$arg"
+ arg_mode=normal
+ ;;
+
+ target )
+ libobj="$arg"
+ arg_mode=normal
+ continue
+ ;;
+
+ normal )
+ # Accept any command-line options.
+ case $arg in
+ -o)
+ test -n "$libobj" && \
+ func_fatal_error "you cannot specify \`-o' more than once"
+ arg_mode=target
+ continue
+ ;;
+
+ -pie | -fpie | -fPIE)
+ pie_flag="$pie_flag $arg"
+ continue
+ ;;
+
+ -shared | -static | -prefer-pic | -prefer-non-pic)
+ later="$later $arg"
+ continue
+ ;;
+
+ -no-suppress)
+ suppress_opt=no
+ continue
+ ;;
+
+ -Xcompiler)
+ arg_mode=arg # the next one goes into the "base_compile" arg list
+ continue # The current "srcfile" will either be retained or
+ ;; # replaced later. I would guess that would be a bug.
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ lastarg=
+ save_ifs="$IFS"; IFS=','
+ for arg in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$arg"
+ lastarg="$lastarg $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$lastarg"
+ lastarg=$func_stripname_result
+
+ # Add the arguments to base_compile.
+ base_compile="$base_compile $lastarg"
+ continue
+ ;;
+
+ *)
+ # Accept the current argument as the source file.
+ # The previous "srcfile" becomes the current argument.
+ #
+ lastarg="$srcfile"
+ srcfile="$arg"
+ ;;
+ esac # case $arg
+ ;;
+ esac # case $arg_mode
+
+ # Aesthetically quote the previous argument.
+ func_quote_for_eval "$lastarg"
+ base_compile="$base_compile $func_quote_for_eval_result"
+ done # for arg
+
+ case $arg_mode in
+ arg)
+ func_fatal_error "you must specify an argument for -Xcompile"
+ ;;
+ target)
+ func_fatal_error "you must specify a target with \`-o'"
+ ;;
+ *)
+ # Get the name of the library object.
+ test -z "$libobj" && {
+ func_basename "$srcfile"
+ libobj="$func_basename_result"
+ }
+ ;;
+ esac
+
+ # Recognize several different file suffixes.
+ # If the user specifies -o file.o, it is replaced with file.lo
+ case $libobj in
+ *.[cCFSifmso] | \
+ *.ada | *.adb | *.ads | *.asm | \
+ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+ *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+ func_xform "$libobj"
+ libobj=$func_xform_result
+ ;;
+ esac
+
+ case $libobj in
+ *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+ *)
+ func_fatal_error "cannot determine name of library object from \`$libobj'"
+ ;;
+ esac
+
+ func_infer_tag $base_compile
+
+ for arg in $later; do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ continue
+ ;;
+
+ -static)
+ build_libtool_libs=no
+ build_old_libs=yes
+ continue
+ ;;
+
+ -prefer-pic)
+ pic_mode=yes
+ continue
+ ;;
+
+ -prefer-non-pic)
+ pic_mode=no
+ continue
+ ;;
+ esac
+ done
+
+ func_quote_for_eval "$libobj"
+ test "X$libobj" != "X$func_quote_for_eval_result" \
+ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
+ && func_warning "libobj name \`$libobj' may not contain shell special characters."
+ func_dirname_and_basename "$obj" "/" ""
+ objname="$func_basename_result"
+ xdir="$func_dirname_result"
+ lobj=${xdir}$objdir/$objname
+
+ test -z "$base_compile" && \
+ func_fatal_help "you must specify a compilation command"
+
+ # Delete any leftover library objects.
+ if test "$build_old_libs" = yes; then
+ removelist="$obj $lobj $libobj ${libobj}T"
+ else
+ removelist="$lobj $libobj ${libobj}T"
+ fi
+
+ # On Cygwin there's no "real" PIC flag so we must build both object types
+ case $host_os in
+ cygwin* | mingw* | pw32* | os2* | cegcc*)
+ pic_mode=default
+ ;;
+ esac
+ if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ # non-PIC code in shared libraries is not supported
+ pic_mode=default
+ fi
+
+ # Calculate the filename of the output object if compiler does
+ # not support -o with -c
+ if test "$compiler_c_o" = no; then
+ output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ lockfile="$output_obj.lock"
+ else
+ output_obj=
+ need_locks=no
+ lockfile=
+ fi
+
+ # Lock this critical section if it is needed
+ # We use this script file to make the link, it avoids creating a new file
+ if test "$need_locks" = yes; then
+ until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+ func_echo "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ elif test "$need_locks" = warn; then
+ if test -f "$lockfile"; then
+ $ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+ removelist="$removelist $output_obj"
+ $ECHO "$srcfile" > "$lockfile"
+ fi
+
+ $opt_dry_run || $RM $removelist
+ removelist="$removelist $lockfile"
+ trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+ if test -n "$fix_srcfile_path"; then
+ eval srcfile=\"$fix_srcfile_path\"
+ fi
+ func_quote_for_eval "$srcfile"
+ qsrcfile=$func_quote_for_eval_result
+
+ # Only build a PIC object if we are building libtool libraries.
+ if test "$build_libtool_libs" = yes; then
+ # Without this assignment, base_compile gets emptied.
+ fbsd_hideous_sh_bug=$base_compile
+
+ if test "$pic_mode" != no; then
+ command="$base_compile $qsrcfile $pic_flag"
+ else
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ fi
+
+ func_mkdir_p "$xdir$objdir"
+
+ if test -z "$output_obj"; then
+ # Place PIC objects in $objdir
+ command="$command -o $lobj"
+ fi
+
+ func_show_eval_locale "$command" \
+ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed, then go on to compile the next one
+ if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+ func_show_eval '$MV "$output_obj" "$lobj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+
+ # Allow error messages only from the first compilation.
+ if test "$suppress_opt" = yes; then
+ suppress_output=' >/dev/null 2>&1'
+ fi
+ fi
+
+ # Only build a position-dependent object if we build old libraries.
+ if test "$build_old_libs" = yes; then
+ if test "$pic_mode" != yes; then
+ # Don't build PIC code
+ command="$base_compile $qsrcfile$pie_flag"
+ else
+ command="$base_compile $qsrcfile $pic_flag"
+ fi
+ if test "$compiler_c_o" = yes; then
+ command="$command -o $obj"
+ fi
+
+ # Suppress compiler output if we already did a PIC compilation.
+ command="$command$suppress_output"
+ func_show_eval_locale "$command" \
+ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed
+ if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+ func_show_eval '$MV "$output_obj" "$obj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+ fi
+
+ $opt_dry_run || {
+ func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
+
+ # Unlock the critical section if it was locked
+ if test "$need_locks" != no; then
+ removelist=$lockfile
+ $RM "$lockfile"
+ fi
+ }
+
+ exit $EXIT_SUCCESS
+}
+
+$opt_help || {
+test "$mode" = compile && func_mode_compile ${1+"$@"}
+}
+
+func_mode_help ()
+{
+ # We need to display help for each of the modes.
+ case $mode in
+ "")
+ # Generic help is extracted from the usage comments
+ # at the start of this file.
+ func_help
+ ;;
+
+ clean)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ compile)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+ -o OUTPUT-FILE set the output file name to OUTPUT-FILE
+ -no-suppress do not suppress compiler output for multiple passes
+ -prefer-pic try to building PIC objects only
+ -prefer-non-pic try to building non-PIC objects only
+ -shared do not build a \`.o' file suitable for static linking
+ -static only build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+ ;;
+
+ execute)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+ -dlopen FILE add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+ ;;
+
+ finish)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges. Use
+the \`--dry-run' option if you just want to see what would be executed."
+ ;;
+
+ install)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command. The first component should be
+either the \`install' or \`cp' program.
+
+The following components of INSTALL-COMMAND are treated specially:
+
+ -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+ ;;
+
+ link)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+ -all-static do not do any dynamic linking at all
+ -avoid-version do not add a version suffix if possible
+ -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
+ -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+ -export-symbols SYMFILE
+ try to export only the symbols listed in SYMFILE
+ -export-symbols-regex REGEX
+ try to export only the symbols matching REGEX
+ -LLIBDIR search LIBDIR for required installed libraries
+ -lNAME OUTPUT-FILE requires the installed library libNAME
+ -module build a library that can dlopened
+ -no-fast-install disable the fast-install mode
+ -no-install link a not-installable executable
+ -no-undefined declare that a library does not refer to external symbols
+ -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
+ -objectlist FILE Use a list of object files found in FILE to specify objects
+ -precious-files-regex REGEX
+ don't remove output files matching REGEX
+ -release RELEASE specify package release information
+ -rpath LIBDIR the created library will eventually be installed in LIBDIR
+ -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
+ -shared only do dynamic linking of libtool libraries
+ -shrext SUFFIX override the standard shared library file extension
+ -static do not do any dynamic linking of uninstalled libtool libraries
+ -static-libtool-libs
+ do not do any dynamic linking of libtool libraries
+ -version-info CURRENT[:REVISION[:AGE]]
+ specify library version info [each variable defaults to 0]
+ -weak LIBNAME declare that the target provides the LIBNAME interface
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename. Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+ ;;
+
+ uninstall)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ *)
+ func_fatal_help "invalid operation mode \`$mode'"
+ ;;
+ esac
+
+ $ECHO
+ $ECHO "Try \`$progname --help' for more information about other modes."
+
+ exit $?
+}
+
+ # Now that we've collected a possible --mode arg, show help if necessary
+ $opt_help && func_mode_help
+
+
+# func_mode_execute arg...
+func_mode_execute ()
+{
+ $opt_debug
+ # The first argument is the command name.
+ cmd="$nonopt"
+ test -z "$cmd" && \
+ func_fatal_help "you must specify a COMMAND"
+
+ # Handle -dlopen flags immediately.
+ for file in $execute_dlfiles; do
+ test -f "$file" \
+ || func_fatal_help "\`$file' is not a file"
+
+ dir=
+ case $file in
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$lib' is not a valid libtool archive"
+
+ # Read the libtool library.
+ dlname=
+ library_names=
+ func_source "$file"
+
+ # Skip this library if it cannot be dlopened.
+ if test -z "$dlname"; then
+ # Warn if it was a shared library.
+ test -n "$library_names" && \
+ func_warning "\`$file' was not linked with \`-export-dynamic'"
+ continue
+ fi
+
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+
+ if test -f "$dir/$objdir/$dlname"; then
+ dir="$dir/$objdir"
+ else
+ if test ! -f "$dir/$dlname"; then
+ func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
+ fi
+ fi
+ ;;
+
+ *.lo)
+ # Just add the directory containing the .lo file.
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+ ;;
+
+ *)
+ func_warning "\`-dlopen' is ignored for non-libtool libraries and objects"
+ continue
+ ;;
+ esac
+
+ # Get the absolute pathname.
+ absdir=`cd "$dir" && pwd`
+ test -n "$absdir" && dir="$absdir"
+
+ # Now add the directory to shlibpath_var.
+ if eval "test -z \"\$$shlibpath_var\""; then
+ eval "$shlibpath_var=\"\$dir\""
+ else
+ eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+ fi
+ done
+
+ # This variable tells wrapper scripts just to set shlibpath_var
+ # rather than running their programs.
+ libtool_execute_magic="$magic"
+
+ # Check if any of the arguments is a wrapper script.
+ args=
+ for file
+ do
+ case $file in
+ -*) ;;
+ *)
+ # Do a test to see if this is really a libtool program.
+ if func_ltwrapper_script_p "$file"; then
+ func_source "$file"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ elif func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ func_source "$func_ltwrapper_scriptname_result"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ fi
+ ;;
+ esac
+ # Quote arguments (to preserve shell metacharacters).
+ func_quote_for_eval "$file"
+ args="$args $func_quote_for_eval_result"
+ done
+
+ if test "X$opt_dry_run" = Xfalse; then
+ if test -n "$shlibpath_var"; then
+ # Export the shlibpath_var.
+ eval "export $shlibpath_var"
+ fi
+
+ # Restore saved environment variables
+ for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+ do
+ eval "if test \"\${save_$lt_var+set}\" = set; then
+ $lt_var=\$save_$lt_var; export $lt_var
+ else
+ $lt_unset $lt_var
+ fi"
+ done
+
+ # Now prepare to actually exec the command.
+ exec_cmd="\$cmd$args"
+ else
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+ $ECHO "export $shlibpath_var"
+ fi
+ $ECHO "$cmd$args"
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = execute && func_mode_execute ${1+"$@"}
+
+
+# func_mode_finish arg...
+func_mode_finish ()
+{
+ $opt_debug
+ libdirs="$nonopt"
+ admincmds=
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ for dir
+ do
+ libdirs="$libdirs $dir"
+ done
+
+ for libdir in $libdirs; do
+ if test -n "$finish_cmds"; then
+ # Do each command in the finish commands.
+ func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
+'"$cmd"'"'
+ fi
+ if test -n "$finish_eval"; then
+ # Do the single finish_eval.
+ eval cmds=\"$finish_eval\"
+ $opt_dry_run || eval "$cmds" || admincmds="$admincmds
+ $cmds"
+ fi
+ done
+ fi
+
+ # Exit here if they wanted silent mode.
+ $opt_silent && exit $EXIT_SUCCESS
+
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ $ECHO "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $ECHO " $libdir"
+ done
+ $ECHO
+ $ECHO "If you ever happen to want to link against installed libraries"
+ $ECHO "in a given directory, LIBDIR, you must either use libtool, and"
+ $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ $ECHO "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ $ECHO " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ $ECHO " - add LIBDIR to the \`$runpath_var' environment variable"
+ $ECHO " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
+
+ $ECHO " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $ECHO " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ $ECHO
+
+ $ECHO "See any operating system documentation about shared libraries for"
+ case $host in
+ solaris2.[6789]|solaris2.1[0-9])
+ $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+ $ECHO "pages."
+ ;;
+ *)
+ $ECHO "more information, such as the ld(1) and ld.so(8) manual pages."
+ ;;
+ esac
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ exit $EXIT_SUCCESS
+}
+
+test "$mode" = finish && func_mode_finish ${1+"$@"}
+
+
+# func_mode_install arg...
+func_mode_install ()
+{
+ $opt_debug
+ # There may be an optional sh(1) argument at the beginning of
+ # install_prog (especially on Windows NT).
+ if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ # Allow the use of GNU shtool's install command.
+ $ECHO "X$nonopt" | $GREP shtool >/dev/null; then
+ # Aesthetically quote it.
+ func_quote_for_eval "$nonopt"
+ install_prog="$func_quote_for_eval_result "
+ arg=$1
+ shift
+ else
+ install_prog=
+ arg=$nonopt
+ fi
+
+ # The real first argument should be the name of the installation program.
+ # Aesthetically quote it.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog$func_quote_for_eval_result"
+
+ # We need to accept at least all the BSD install flags.
+ dest=
+ files=
+ opts=
+ prev=
+ install_type=
+ isdir=no
+ stripme=
+ for arg
+ do
+ if test -n "$dest"; then
+ files="$files $dest"
+ dest=$arg
+ continue
+ fi
+
+ case $arg in
+ -d) isdir=yes ;;
+ -f)
+ case " $install_prog " in
+ *[\\\ /]cp\ *) ;;
+ *) prev=$arg ;;
+ esac
+ ;;
+ -g | -m | -o)
+ prev=$arg
+ ;;
+ -s)
+ stripme=" -s"
+ continue
+ ;;
+ -*)
+ ;;
+ *)
+ # If the previous option needed an argument, then skip it.
+ if test -n "$prev"; then
+ prev=
+ else
+ dest=$arg
+ continue
+ fi
+ ;;
+ esac
+
+ # Aesthetically quote the argument.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog $func_quote_for_eval_result"
+ done
+
+ test -z "$install_prog" && \
+ func_fatal_help "you must specify an install program"
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prev' option requires an argument"
+
+ if test -z "$files"; then
+ if test -z "$dest"; then
+ func_fatal_help "no file or destination specified"
+ else
+ func_fatal_help "you must specify a destination"
+ fi
+ fi
+
+ # Strip any trailing slash from the destination.
+ func_stripname '' '/' "$dest"
+ dest=$func_stripname_result
+
+ # Check to see that the destination is a directory.
+ test -d "$dest" && isdir=yes
+ if test "$isdir" = yes; then
+ destdir="$dest"
+ destname=
+ else
+ func_dirname_and_basename "$dest" "" "."
+ destdir="$func_dirname_result"
+ destname="$func_basename_result"
+
+ # Not a directory, so check to see that there is only one file specified.
+ set dummy $files; shift
+ test "$#" -gt 1 && \
+ func_fatal_help "\`$dest' is not a directory"
+ fi
+ case $destdir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ for file in $files; do
+ case $file in
+ *.lo) ;;
+ *)
+ func_fatal_help "\`$destdir' must be an absolute directory name"
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ staticlibs=
+ future_libdirs=
+ current_libdirs=
+ for file in $files; do
+
+ # Do each installation.
+ case $file in
+ *.$libext)
+ # Do the static libraries later.
+ staticlibs="$staticlibs $file"
+ ;;
+
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$file' is not a valid libtool archive"
+
+ library_names=
+ old_library=
+ relink_command=
+ func_source "$file"
+
+ # Add the libdir to current_libdirs if it is the destination.
+ if test "X$destdir" = "X$libdir"; then
+ case "$current_libdirs " in
+ *" $libdir "*) ;;
+ *) current_libdirs="$current_libdirs $libdir" ;;
+ esac
+ else
+ # Note the libdir as a future libdir.
+ case "$future_libdirs " in
+ *" $libdir "*) ;;
+ *) future_libdirs="$future_libdirs $libdir" ;;
+ esac
+ fi
+
+ func_dirname "$file" "/" ""
+ dir="$func_dirname_result"
+ dir="$dir$objdir"
+
+ if test -n "$relink_command"; then
+ # Determine the prefix the user has applied to our future dir.
+ inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
+ # are installed to the same prefix.
+ # At present, this check doesn't affect windows .dll's that
+ # are installed into $libdir/../bin (currently, that works fine)
+ # but it's something to keep an eye on.
+ test "$inst_prefix_dir" = "$destdir" && \
+ func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir"
+
+ if test -n "$inst_prefix_dir"; then
+ # Stick the inst_prefix_dir data into the link command.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ else
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"`
+ fi
+
+ func_warning "relinking \`$file'"
+ func_show_eval "$relink_command" \
+ 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"'
+ fi
+
+ # See the names of the shared library.
+ set dummy $library_names; shift
+ if test -n "$1"; then
+ realname="$1"
+ shift
+
+ srcname="$realname"
+ test -n "$relink_command" && srcname="$realname"T
+
+ # Install the shared library and build the symlinks.
+ func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \
+ 'exit $?'
+ tstripme="$stripme"
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ case $realname in
+ *.dll.a)
+ tstripme=""
+ ;;
+ esac
+ ;;
+ esac
+ if test -n "$tstripme" && test -n "$striplib"; then
+ func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ fi
+
+ if test "$#" -gt 0; then
+ # Delete the old symlinks, and create new ones.
+ # Try `ln -sf' first, because the `ln' binary might depend on
+ # the symlink we replace! Solaris /bin/ln does not understand -f,
+ # so we also need to try rm && ln -s.
+ for linkname
+ do
+ test "$linkname" != "$realname" \
+ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
+ done
+ fi
+
+ # Do each command in the postinstall commands.
+ lib="$destdir/$realname"
+ func_execute_cmds "$postinstall_cmds" 'exit $?'
+ fi
+
+ # Install the pseudo-library for information purposes.
+ func_basename "$file"
+ name="$func_basename_result"
+ instname="$dir/$name"i
+ func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
+
+ # Maybe install the static library, too.
+ test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ ;;
+
+ *.lo)
+ # Install (i.e. copy) a libtool object.
+
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # Deduce the name of the destination old-style object file.
+ case $destfile in
+ *.lo)
+ func_lo2o "$destfile"
+ staticdest=$func_lo2o_result
+ ;;
+ *.$objext)
+ staticdest="$destfile"
+ destfile=
+ ;;
+ *)
+ func_fatal_help "cannot copy a libtool object to \`$destfile'"
+ ;;
+ esac
+
+ # Install the libtool object if requested.
+ test -n "$destfile" && \
+ func_show_eval "$install_prog $file $destfile" 'exit $?'
+
+ # Install the old object if enabled.
+ if test "$build_old_libs" = yes; then
+ # Deduce the name of the old-style object file.
+ func_lo2o "$file"
+ staticobj=$func_lo2o_result
+ func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+
+ *)
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # If the file is missing, and there is a .exe on the end, strip it
+ # because it is most likely a libtool script we actually want to
+ # install
+ stripped_ext=""
+ case $file in
+ *.exe)
+ if test ! -f "$file"; then
+ func_stripname '' '.exe' "$file"
+ file=$func_stripname_result
+ stripped_ext=".exe"
+ fi
+ ;;
+ esac
+
+ # Do a test to see if this is really a libtool program.
+ case $host in
+ *cygwin* | *mingw*)
+ if func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ wrapper=$func_ltwrapper_scriptname_result
+ else
+ func_stripname '' '.exe' "$file"
+ wrapper=$func_stripname_result
+ fi
+ ;;
+ *)
+ wrapper=$file
+ ;;
+ esac
+ if func_ltwrapper_script_p "$wrapper"; then
+ notinst_deplibs=
+ relink_command=
+
+ func_source "$wrapper"
+
+ # Check the variables that should have been set.
+ test -z "$generated_by_libtool_version" && \
+ func_fatal_error "invalid libtool wrapper script \`$wrapper'"
+
+ finalize=yes
+ for lib in $notinst_deplibs; do
+ # Check to see that each library is installed.
+ libdir=
+ if test -f "$lib"; then
+ func_source "$lib"
+ fi
+ libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ if test -n "$libdir" && test ! -f "$libfile"; then
+ func_warning "\`$lib' has not been installed in \`$libdir'"
+ finalize=no
+ fi
+ done
+
+ relink_command=
+ func_source "$wrapper"
+
+ outputname=
+ if test "$fast_install" = no && test -n "$relink_command"; then
+ $opt_dry_run || {
+ if test "$finalize" = yes; then
+ tmpdir=`func_mktempdir`
+ func_basename "$file$stripped_ext"
+ file="$func_basename_result"
+ outputname="$tmpdir/$file"
+ # Replace the output file specification.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+ $opt_silent || {
+ func_quote_for_expand "$relink_command"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ if eval "$relink_command"; then :
+ else
+ func_error "error: relink \`$file' with the above command before installing it"
+ $opt_dry_run || ${RM}r "$tmpdir"
+ continue
+ fi
+ file="$outputname"
+ else
+ func_warning "cannot relink \`$file'"
+ fi
+ }
+ else
+ # Install the binary that we compiled earlier.
+ file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ fi
+ fi
+
+ # remove .exe since cygwin /usr/bin/install will append another
+ # one anyway
+ case $install_prog,$host in
+ */usr/bin/install*,*cygwin*)
+ case $file:$destfile in
+ *.exe:*.exe)
+ # this is ok
+ ;;
+ *.exe:*)
+ destfile=$destfile.exe
+ ;;
+ *:*.exe)
+ func_stripname '' '.exe' "$destfile"
+ destfile=$func_stripname_result
+ ;;
+ esac
+ ;;
+ esac
+ func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
+ $opt_dry_run || if test -n "$outputname"; then
+ ${RM}r "$tmpdir"
+ fi
+ ;;
+ esac
+ done
+
+ for file in $staticlibs; do
+ func_basename "$file"
+ name="$func_basename_result"
+
+ # Set up the ranlib parameters.
+ oldlib="$destdir/$name"
+
+ func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
+
+ if test -n "$stripme" && test -n "$old_striplib"; then
+ func_show_eval "$old_striplib $oldlib" 'exit $?'
+ fi
+
+ # Do each command in the postinstall commands.
+ func_execute_cmds "$old_postinstall_cmds" 'exit $?'
+ done
+
+ test -n "$future_libdirs" && \
+ func_warning "remember to run \`$progname --finish$future_libdirs'"
+
+ if test -n "$current_libdirs"; then
+ # Maybe just do a dry run.
+ $opt_dry_run && current_libdirs=" -n$current_libdirs"
+ exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ else
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = install && func_mode_install ${1+"$@"}
+
+
+# func_generate_dlsyms outputname originator pic_p
+# Extract symbols from dlprefiles and create ${outputname}S.o with
+# a dlpreopen symbol table.
+func_generate_dlsyms ()
+{
+ $opt_debug
+ my_outputname="$1"
+ my_originator="$2"
+ my_pic_p="${3-no}"
+ my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'`
+ my_dlsyms=
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$NM" && test -n "$global_symbol_pipe"; then
+ my_dlsyms="${my_outputname}S.c"
+ else
+ func_error "not configured to extract global symbols from dlpreopened files"
+ fi
+ fi
+
+ if test -n "$my_dlsyms"; then
+ case $my_dlsyms in
+ "") ;;
+ *.c)
+ # Discover the nlist of each of the dlfiles.
+ nlist="$output_objdir/${my_outputname}.nm"
+
+ func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
+
+ # Parse the name list into a source file.
+ func_verbose "creating $output_objdir/$my_dlsyms"
+
+ $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
+/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* External symbol declarations for the compiler. */\
+"
+
+ if test "$dlself" = yes; then
+ func_verbose "generating symbol list for \`$output'"
+
+ $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
+
+ # Add our own program objects to the symbol list.
+ progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ for progfile in $progfiles; do
+ func_verbose "extracting global C symbols from \`$progfile'"
+ $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -n "$exclude_expsyms"; then
+ $opt_dry_run || {
+ eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ if test -n "$export_symbols_regex"; then
+ $opt_dry_run || {
+ eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ export_symbols="$output_objdir/$outputname.exp"
+ $opt_dry_run || {
+ $RM $export_symbols
+ eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ else
+ $opt_dry_run || {
+ eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ case $host in
+ *cygwin | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ fi
+ fi
+
+ for dlprefile in $dlprefiles; do
+ func_verbose "extracting global C symbols from \`$dlprefile'"
+ func_basename "$dlprefile"
+ name="$func_basename_result"
+ $opt_dry_run || {
+ eval '$ECHO ": $name " >> "$nlist"'
+ eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+ }
+ done
+
+ $opt_dry_run || {
+ # Make sure we have at least an empty file.
+ test -f "$nlist" || : > "$nlist"
+
+ if test -n "$exclude_expsyms"; then
+ $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+ $MV "$nlist"T "$nlist"
+ fi
+
+ # Try sorting and uniquifying the output.
+ if $GREP -v "^: " < "$nlist" |
+ if sort -k 3 </dev/null >/dev/null 2>&1; then
+ sort -k 3
+ else
+ sort +2
+ fi |
+ uniq > "$nlist"S; then
+ :
+ else
+ $GREP -v "^: " < "$nlist" > "$nlist"S
+ fi
+
+ if test -f "$nlist"S; then
+ eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
+ else
+ $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms"
+ fi
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+
+/* The mapping between symbol names and symbols. */
+typedef struct {
+ const char *name;
+ void *address;
+} lt_dlsymlist;
+"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+/* DATA imports from DLLs on WIN32 con't be const, because
+ runtime relocations are performed -- see ld's documentation
+ on pseudo-relocs. */"
+ lt_dlsym_const= ;;
+ *osf5*)
+ echo >> "$output_objdir/$my_dlsyms" "\
+/* This system does not cope well with relocations in const data */"
+ lt_dlsym_const= ;;
+ *)
+ lt_dlsym_const=const ;;
+ esac
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+extern $lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[];
+$lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[] =
+{\
+ { \"$my_originator\", (void *) 0 },"
+
+ case $need_lib_prefix in
+ no)
+ eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ *)
+ eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ esac
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt_${my_prefix}_LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+ } # !$opt_dry_run
+
+ pic_flag_for_symtable=
+ case "$compile_command " in
+ *" -static "*) ;;
+ *)
+ case $host in
+ # compiling the symbol table file with pic_flag works around
+ # a FreeBSD bug that causes programs to crash when -lm is
+ # linked before any other PIC object. But we must not use
+ # pic_flag when linking with -static. The problem exists in
+ # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+ *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
+ *-*-hpux*)
+ pic_flag_for_symtable=" $pic_flag" ;;
+ *)
+ if test "X$my_pic_p" != Xno; then
+ pic_flag_for_symtable=" $pic_flag"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ symtab_cflags=
+ for arg in $LTCFLAGS; do
+ case $arg in
+ -pie | -fpie | -fPIE) ;;
+ *) symtab_cflags="$symtab_cflags $arg" ;;
+ esac
+ done
+
+ # Now compile the dynamic symbol file.
+ func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
+
+ # Clean up the generated files.
+ func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"'
+
+ # Transform the symbol file into the correct name.
+ symfileobj="$output_objdir/${my_outputname}S.$objext"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ if test -f "$output_objdir/$my_outputname.def"; then
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ else
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ fi
+ ;;
+ *)
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ ;;
+ esac
+ ;;
+ *)
+ func_fatal_error "unknown suffix for \`$my_dlsyms'"
+ ;;
+ esac
+ else
+ # We keep going just in case the user didn't refer to
+ # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
+ # really was required.
+
+ # Nullify the symbol file.
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ fi
+}
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+ $opt_debug
+ win32_libid_type="unknown"
+ win32_fileres=`file -L $1 2>/dev/null`
+ case $win32_fileres in
+ *ar\ archive\ import\ library*) # definitely import
+ win32_libid_type="x86 archive import"
+ ;;
+ *ar\ archive*) # could be an import, or static
+ if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
+ $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+ win32_nmres=`eval $NM -f posix -A $1 |
+ $SED -n -e '
+ 1,100{
+ / I /{
+ s,.*,import,
+ p
+ q
+ }
+ }'`
+ case $win32_nmres in
+ import*) win32_libid_type="x86 archive import";;
+ *) win32_libid_type="x86 archive static";;
+ esac
+ fi
+ ;;
+ *DLL*)
+ win32_libid_type="x86 DLL"
+ ;;
+ *executable*) # but shell scripts are "executable" too...
+ case $win32_fileres in
+ *MS\ Windows\ PE\ Intel*)
+ win32_libid_type="x86 DLL"
+ ;;
+ esac
+ ;;
+ esac
+ $ECHO "$win32_libid_type"
+}
+
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+ $opt_debug
+ f_ex_an_ar_dir="$1"; shift
+ f_ex_an_ar_oldlib="$1"
+ func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?'
+ if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
+ fi
+}
+
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+ $opt_debug
+ my_gentop="$1"; shift
+ my_oldlibs=${1+"$@"}
+ my_oldobjs=""
+ my_xlib=""
+ my_xabs=""
+ my_xdir=""
+
+ for my_xlib in $my_oldlibs; do
+ # Extract the objects.
+ case $my_xlib in
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ *) my_xabs=`pwd`"/$my_xlib" ;;
+ esac
+ func_basename "$my_xlib"
+ my_xlib="$func_basename_result"
+ my_xlib_u=$my_xlib
+ while :; do
+ case " $extracted_archives " in
+ *" $my_xlib_u "*)
+ func_arith $extracted_serial + 1
+ extracted_serial=$func_arith_result
+ my_xlib_u=lt$extracted_serial-$my_xlib ;;
+ *) break ;;
+ esac
+ done
+ extracted_archives="$extracted_archives $my_xlib_u"
+ my_xdir="$my_gentop/$my_xlib_u"
+
+ func_mkdir_p "$my_xdir"
+
+ case $host in
+ *-darwin*)
+ func_verbose "Extracting $my_xabs"
+ # Do not bother doing anything if just a dry run
+ $opt_dry_run || {
+ darwin_orig_dir=`pwd`
+ cd $my_xdir || exit $?
+ darwin_archive=$my_xabs
+ darwin_curdir=`pwd`
+ darwin_base_archive=`basename "$darwin_archive"`
+ darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
+ if test -n "$darwin_arches"; then
+ darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
+ darwin_arch=
+ func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
+ for darwin_arch in $darwin_arches ; do
+ func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+ cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ cd "$darwin_curdir"
+ $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ done # $darwin_arches
+ ## Okay now we've a bunch of thin objects, gotta fatten them up :)
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u`
+ darwin_file=
+ darwin_files=
+ for darwin_file in $darwin_filelist; do
+ darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ $LIPO -create -output "$darwin_file" $darwin_files
+ done # $darwin_filelist
+ $RM -rf unfat-$$
+ cd "$darwin_orig_dir"
+ else
+ cd $darwin_orig_dir
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ fi # $darwin_arches
+ } # !$opt_dry_run
+ ;;
+ *)
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ ;;
+ esac
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ done
+
+ func_extract_archives_result="$my_oldobjs"
+}
+
+
+
+# func_emit_wrapper_part1 [arg=no]
+#
+# Emit the first part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part1 ()
+{
+ func_emit_wrapper_part1_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part1_arg1=$1
+ fi
+
+ $ECHO "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# Be Bourne compatible
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+ # install mode needs the following variables:
+ generated_by_libtool_version='$macro_version'
+ notinst_deplibs='$notinst_deplibs'
+else
+ # When we are sourced in execute mode, \$file and \$ECHO are already set.
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ ECHO=\"$qecho\"
+ file=\"\$0\"
+ # Make sure echo works.
+ if test \"X\$1\" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+ elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then
+ # Yippee, \$ECHO works!
+ :
+ else
+ # Restart under the correct shell, and then maybe \$ECHO will work.
+ exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+ fi
+ fi\
+"
+ $ECHO "\
+
+ # Find the directory that this script lives in.
+ thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+ # Follow symbolic links until we get to the real thisdir.
+ file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ while test -n \"\$file\"; do
+ destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+ # If there was a directory component, then change thisdir.
+ if test \"x\$destdir\" != \"x\$file\"; then
+ case \"\$destdir\" in
+ [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+ *) thisdir=\"\$thisdir/\$destdir\" ;;
+ esac
+ fi
+
+ file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ done
+"
+}
+# end: func_emit_wrapper_part1
+
+# func_emit_wrapper_part2 [arg=no]
+#
+# Emit the second part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part2 ()
+{
+ func_emit_wrapper_part2_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part2_arg1=$1
+ fi
+
+ $ECHO "\
+
+ # Usually 'no', except on cygwin/mingw when embedded into
+ # the cwrapper.
+ WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1
+ if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
+ # special case for '.'
+ if test \"\$thisdir\" = \".\"; then
+ thisdir=\`pwd\`
+ fi
+ # remove .libs from thisdir
+ case \"\$thisdir\" in
+ *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;;
+ $objdir ) thisdir=. ;;
+ esac
+ fi
+
+ # Try to get the absolute directory name.
+ absdir=\`cd \"\$thisdir\" && pwd\`
+ test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+ if test "$fast_install" = yes; then
+ $ECHO "\
+ program=lt-'$outputname'$exeext
+ progdir=\"\$thisdir/$objdir\"
+
+ if test ! -f \"\$progdir/\$program\" ||
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+ file=\"\$\$-\$program\"
+
+ if test ! -d \"\$progdir\"; then
+ $MKDIR \"\$progdir\"
+ else
+ $RM \"\$progdir/\$file\"
+ fi"
+
+ $ECHO "\
+
+ # relink executable if necessary
+ if test -n \"\$relink_command\"; then
+ if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+ else
+ $ECHO \"\$relink_command_output\" >&2
+ $RM \"\$progdir/\$file\"
+ exit 1
+ fi
+ fi
+
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+ { $RM \"\$progdir/\$program\";
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+ $RM \"\$progdir/\$file\"
+ fi"
+ else
+ $ECHO "\
+ program='$outputname'
+ progdir=\"\$thisdir/$objdir\"
+"
+ fi
+
+ $ECHO "\
+
+ if test -f \"\$progdir/\$program\"; then"
+
+ # Export our shlibpath_var if we have one.
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ $ECHO "\
+ # Add our own library path to $shlibpath_var
+ $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+ # Some systems cannot cope with colon-terminated $shlibpath_var
+ # The second colon is a workaround for a bug in BeOS R4 sed
+ $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+ export $shlibpath_var
+"
+ fi
+
+ # fixup the dll searchpath if we need to.
+ if test -n "$dllsearchpath"; then
+ $ECHO "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
+ $ECHO "\
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ # Run the actual program with our arguments.
+"
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2* | *-cegcc*)
+ $ECHO "\
+ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $ECHO "\
+ exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $ECHO "\
+ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+ exit 1
+ fi
+ else
+ # The program doesn't exist.
+ \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+ \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
+ $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+ exit 1
+ fi
+fi\
+"
+}
+# end: func_emit_wrapper_part2
+
+
+# func_emit_wrapper [arg=no]
+#
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
+# incorporate the script contents within a cygwin/mingw
+# wrapper executable. Must ONLY be called from within
+# func_mode_link because it depends on a number of variables
+# set therein.
+#
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# variable will take. If 'yes', then the emitted script
+# will assume that the directory in which it is stored is
+# the $objdir directory. This is a cygwin/mingw-specific
+# behavior.
+func_emit_wrapper ()
+{
+ func_emit_wrapper_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_arg1=$1
+ fi
+
+ # split this up so that func_emit_cwrapperexe_src
+ # can call each part independently.
+ func_emit_wrapper_part1 "${func_emit_wrapper_arg1}"
+ func_emit_wrapper_part2 "${func_emit_wrapper_arg1}"
+}
+
+
+# func_to_host_path arg
+#
+# Convert paths to host format when used with build tools.
+# Intended for use with "native" mingw (where libtool itself
+# is running under the msys shell), or in the following cross-
+# build environments:
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+# where wine is equipped with the `winepath' executable.
+# In the native mingw case, the (msys) shell automatically
+# converts paths for any non-msys applications it launches,
+# but that facility isn't available from inside the cwrapper.
+# Similar accommodations are necessary for $host mingw and
+# $build cygwin. Calling this function does no harm for other
+# $host/$build combinations not listed above.
+#
+# ARG is the path (on $build) that should be converted to
+# the proper representation for $host. The result is stored
+# in $func_to_host_path_result.
+func_to_host_path ()
+{
+ func_to_host_path_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ case $build in
+ *mingw* ) # actually, msys
+ # awkward: cmd appends spaces to result
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_path_tmp1=`( cmd //c echo "$1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_path_tmp1=`cygpath -w "$1"`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # Unfortunately, winepath does not exit with a non-zero
+ # error code, so we are forced to check the contents of
+ # stdout. On the other hand, if the command is not
+ # found, the shell will set an exit code of 127 and print
+ # *an error message* to stdout. So we must check for both
+ # error code of zero AND non-empty stdout, which explains
+ # the odd construction:
+ func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null`
+ if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ else
+ # Allow warning below.
+ func_to_host_path_result=""
+ fi
+ ;;
+ esac
+ if test -z "$func_to_host_path_result" ; then
+ func_error "Could not determine host path corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback:
+ func_to_host_path_result="$1"
+ fi
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_path
+
+# func_to_host_pathlist arg
+#
+# Convert pathlists to host format when used with build tools.
+# See func_to_host_path(), above. This function supports the
+# following $build/$host combinations (but does no harm for
+# combinations not listed here):
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+#
+# Path separators are also converted from $build format to
+# $host format. If ARG begins or ends with a path separator
+# character, it is preserved (but converted to $host format)
+# on output.
+#
+# ARG is a pathlist (on $build) that should be converted to
+# the proper representation on $host. The result is stored
+# in $func_to_host_pathlist_result.
+func_to_host_pathlist ()
+{
+ func_to_host_pathlist_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ # Remove leading and trailing path separator characters from
+ # ARG. msys behavior is inconsistent here, cygpath turns them
+ # into '.;' and ';.', and winepath ignores them completely.
+ func_to_host_pathlist_tmp2="$1"
+ # Once set for this call, this variable should not be
+ # reassigned. It is used in tha fallback case.
+ func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e 's|^:*||' -e 's|:*$||'`
+ case $build in
+ *mingw* ) # Actually, msys.
+ # Awkward: cmd appends spaces to result.
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # unfortunately, winepath doesn't convert pathlists
+ func_to_host_pathlist_result=""
+ func_to_host_pathlist_oldIFS=$IFS
+ IFS=:
+ for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do
+ IFS=$func_to_host_pathlist_oldIFS
+ if test -n "$func_to_host_pathlist_f" ; then
+ func_to_host_path "$func_to_host_pathlist_f"
+ if test -n "$func_to_host_path_result" ; then
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_to_host_pathlist_result="$func_to_host_path_result"
+ else
+ func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result"
+ fi
+ fi
+ fi
+ IFS=:
+ done
+ IFS=$func_to_host_pathlist_oldIFS
+ ;;
+ esac
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_error "Could not determine the host path(s) corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback. This may break if $1 contains DOS-style drive
+ # specifications. The fix is not to complicate the expression
+ # below, but for the user to provide a working wine installation
+ # with winepath so that path translation in the cross-to-mingw
+ # case works properly.
+ lt_replace_pathsep_nix_to_dos="s|:|;|g"
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_replace_pathsep_nix_to_dos"`
+ fi
+ # Now, add the leading and trailing path separators back
+ case "$1" in
+ :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result"
+ ;;
+ esac
+ case "$1" in
+ *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_pathlist
+
+# func_emit_cwrapperexe_src
+# emit the source code for a wrapper executable on stdout
+# Must ONLY be called from within func_mode_link because
+# it depends on a number of variable set therein.
+func_emit_cwrapperexe_src ()
+{
+ cat <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+ Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+
+ The $output program cannot be directly executed until all the libtool
+ libraries that it depends on are installed.
+
+ This wrapper executable should never be moved out of the build directory.
+ If it is, it will not operate correctly.
+
+ Currently, it simply execs the wrapper *script* "$SHELL $output",
+ but could eventually absorb all of the scripts functionality and
+ exec $objdir/$outputname directly.
+*/
+EOF
+ cat <<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+# include <process.h>
+# include <io.h>
+# define setmode _setmode
+#else
+# include <unistd.h>
+# include <stdint.h>
+# ifdef __CYGWIN__
+# include <io.h>
+# define HAVE_SETENV
+# ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+# endif
+# endif
+#endif
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef S_IXOTH
+# define S_IXOTH 0
+#endif
+#ifndef S_IXGRP
+# define S_IXGRP 0
+#endif
+
+#ifdef _MSC_VER
+# define S_IXUSR _S_IEXEC
+# define stat _stat
+# ifndef _INTPTR_T_DEFINED
+# define intptr_t int
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+ defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# define FOPEN_WB "wb"
+# ifndef DIR_SEPARATOR_2
+# define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+# define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#ifdef __CYGWIN__
+# define FOPEN_WB "wb"
+#endif
+
+#ifndef FOPEN_WB
+# define FOPEN_WB "w"
+#endif
+#ifndef _O_BINARY
+# define _O_BINARY 0
+#endif
+
+#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+ if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+#undef LTWRAPPER_DEBUGPRINTF
+#if defined DEBUGWRAPPER
+# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args
+static void
+ltwrapper_debugprintf (const char *fmt, ...)
+{
+ va_list args;
+ va_start (args, fmt);
+ (void) vfprintf (stderr, fmt, args);
+ va_end (args);
+}
+#else
+# define LTWRAPPER_DEBUGPRINTF(args)
+#endif
+
+const char *program_name = NULL;
+
+void *xmalloc (size_t num);
+char *xstrdup (const char *string);
+const char *base_name (const char *name);
+char *find_executable (const char *wrapper);
+char *chase_symlinks (const char *pathspec);
+int make_executable (const char *path);
+int check_executable (const char *path);
+char *strendzap (char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_opt_process_env_set (const char *arg);
+void lt_opt_process_env_prepend (const char *arg);
+void lt_opt_process_env_append (const char *arg);
+int lt_split_name_value (const char *arg, char** name, char** value);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+
+static const char *script_text_part1 =
+EOF
+
+ func_emit_wrapper_part1 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+ cat <<EOF
+
+static const char *script_text_part2 =
+EOF
+ func_emit_wrapper_part2 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+
+ cat <<EOF
+const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
+EOF
+
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ func_to_host_pathlist "$temp_rpath"
+ cat <<EOF
+const char * LIB_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * LIB_PATH_VALUE = "";
+EOF
+ fi
+
+ if test -n "$dllsearchpath"; then
+ func_to_host_pathlist "$dllsearchpath:"
+ cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE = "";
+EOF
+ fi
+
+ if test "$fast_install" = yes; then
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+ else
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+ fi
+
+
+ cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX "--lt-"
+#define LTWRAPPER_OPTION_PREFIX_LENGTH 5
+
+static const size_t opt_prefix_len = LTWRAPPER_OPTION_PREFIX_LENGTH;
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+
+static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script";
+
+static const size_t env_set_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 7;
+static const char *env_set_opt = LTWRAPPER_OPTION_PREFIX "env-set";
+ /* argument is putenv-style "foo=bar", value of foo is set to bar */
+
+static const size_t env_prepend_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 11;
+static const char *env_prepend_opt = LTWRAPPER_OPTION_PREFIX "env-prepend";
+ /* argument is putenv-style "foo=bar", new value of foo is bar${foo} */
+
+static const size_t env_append_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 10;
+static const char *env_append_opt = LTWRAPPER_OPTION_PREFIX "env-append";
+ /* argument is putenv-style "foo=bar", new value of foo is ${foo}bar */
+
+int
+main (int argc, char *argv[])
+{
+ char **newargz;
+ int newargc;
+ char *tmp_pathspec;
+ char *actual_cwrapper_path;
+ char *actual_cwrapper_name;
+ char *target_name;
+ char *lt_argv_zero;
+ intptr_t rval = 127;
+
+ int i;
+
+ program_name = (char *) xstrdup (base_name (argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) argv[0] : %s\n", argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name));
+
+ /* very simple arg parsing; don't want to rely on getopt */
+ for (i = 1; i < argc; i++)
+ {
+ if (strcmp (argv[i], dumpscript_opt) == 0)
+ {
+EOF
+ case "$host" in
+ *mingw* | *cygwin* )
+ # make stdout use "unix" line endings
+ echo " setmode(1,_O_BINARY);"
+ ;;
+ esac
+
+ cat <<"EOF"
+ printf ("%s", script_text_part1);
+ printf ("%s", script_text_part2);
+ return 0;
+ }
+ }
+
+ newargz = XMALLOC (char *, argc + 1);
+ tmp_pathspec = find_executable (argv[0]);
+ if (tmp_pathspec == NULL)
+ lt_fatal ("Couldn't find %s", argv[0]);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n",
+ tmp_pathspec));
+
+ actual_cwrapper_path = chase_symlinks (tmp_pathspec);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n",
+ actual_cwrapper_path));
+ XFREE (tmp_pathspec);
+
+ actual_cwrapper_name = xstrdup( base_name (actual_cwrapper_path));
+ strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+ /* wrapper name transforms */
+ strendzap (actual_cwrapper_name, ".exe");
+ tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+ XFREE (actual_cwrapper_name);
+ actual_cwrapper_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ /* target_name transforms -- use actual target program name; might have lt- prefix */
+ target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+ strendzap (target_name, ".exe");
+ tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+ XFREE (target_name);
+ target_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) libtool target name: %s\n",
+ target_name));
+EOF
+
+ cat <<EOF
+ newargz[0] =
+ XMALLOC (char, (strlen (actual_cwrapper_path) +
+ strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+ strcpy (newargz[0], actual_cwrapper_path);
+ strcat (newargz[0], "$objdir");
+ strcat (newargz[0], "/");
+EOF
+
+ cat <<"EOF"
+ /* stop here, and copy so we don't have to do this twice */
+ tmp_pathspec = xstrdup (newargz[0]);
+
+ /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+ strcat (newargz[0], actual_cwrapper_name);
+
+ /* DO want the lt- prefix here if it exists, so use target_name */
+ lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+ XFREE (tmp_pathspec);
+ tmp_pathspec = NULL;
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ {
+ char* p;
+ while ((p = strchr (newargz[0], '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ while ((p = strchr (lt_argv_zero, '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ }
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+ XFREE (target_name);
+ XFREE (actual_cwrapper_path);
+ XFREE (actual_cwrapper_name);
+
+ lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+ lt_setenv ("DUALCASE", "1"); /* for MSK sh */
+ lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+ lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+
+ newargc=0;
+ for (i = 1; i < argc; i++)
+ {
+ if (strncmp (argv[i], env_set_opt, env_set_opt_len) == 0)
+ {
+ if (argv[i][env_set_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_set_opt_len + 1;
+ lt_opt_process_env_set (p);
+ }
+ else if (argv[i][env_set_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_set (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_set_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_prepend_opt, env_prepend_opt_len) == 0)
+ {
+ if (argv[i][env_prepend_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_prepend_opt_len + 1;
+ lt_opt_process_env_prepend (p);
+ }
+ else if (argv[i][env_prepend_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_prepend (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_prepend_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_append_opt, env_append_opt_len) == 0)
+ {
+ if (argv[i][env_append_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_append_opt_len + 1;
+ lt_opt_process_env_append (p);
+ }
+ else if (argv[i][env_append_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_append (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_append_opt);
+ continue;
+ }
+ if (strncmp (argv[i], ltwrapper_option_prefix, opt_prefix_len) == 0)
+ {
+ /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+ namespace, but it is not one of the ones we know about and
+ have already dealt with, above (inluding dump-script), then
+ report an error. Otherwise, targets might begin to believe
+ they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+ namespace. The first time any user complains about this, we'll
+ need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+ or a configure.ac-settable value.
+ */
+ lt_fatal ("Unrecognized option in %s namespace: '%s'",
+ ltwrapper_option_prefix, argv[i]);
+ }
+ /* otherwise ... */
+ newargz[++newargc] = xstrdup (argv[i]);
+ }
+ newargz[++newargc] = NULL;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) lt_argv_zero : %s\n", (lt_argv_zero ? lt_argv_zero : "<NULL>")));
+ for (i = 0; i < newargc; i++)
+ {
+ LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : "<NULL>")));
+ }
+
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ /* execv doesn't actually work on mingw as expected on unix */
+ rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+ if (rval == -1)
+ {
+ /* failed to start process */
+ LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno));
+ return 127;
+ }
+ return rval;
+EOF
+ ;;
+ *)
+ cat <<"EOF"
+ execv (lt_argv_zero, newargz);
+ return rval; /* =127, but avoids unused variable warning */
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+ void *p = (void *) malloc (num);
+ if (!p)
+ lt_fatal ("Memory exhausted");
+
+ return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+ return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
+ string) : NULL;
+}
+
+const char *
+base_name (const char *name)
+{
+ const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ /* Skip over the disk name in MSDOS pathnames. */
+ if (isalpha ((unsigned char) name[0]) && name[1] == ':')
+ name += 2;
+#endif
+
+ for (base = name; *name; name++)
+ if (IS_DIR_SEPARATOR (*name))
+ base = name + 1;
+ return base;
+}
+
+int
+check_executable (const char *path)
+{
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if ((stat (path, &st) >= 0)
+ && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
+ return 1;
+ else
+ return 0;
+}
+
+int
+make_executable (const char *path)
+{
+ int rval = 0;
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if (stat (path, &st) >= 0)
+ {
+ rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
+ }
+ return rval;
+}
+
+/* Searches for the full path of the wrapper. Returns
+ newly allocated full path name if found, NULL otherwise
+ Does not chase symlinks, even on platforms that support them.
+*/
+char *
+find_executable (const char *wrapper)
+{
+ int has_slash = 0;
+ const char *p;
+ const char *p_next;
+ /* static buffer for getcwd */
+ char tmp[LT_PATHMAX + 1];
+ int tmp_len;
+ char *concat_name;
+
+ LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n",
+ wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"));
+
+ if ((wrapper == NULL) || (*wrapper == '\0'))
+ return NULL;
+
+ /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ else
+ {
+#endif
+ if (IS_DIR_SEPARATOR (wrapper[0]))
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ }
+#endif
+
+ for (p = wrapper; *p; p++)
+ if (*p == '/')
+ {
+ has_slash = 1;
+ break;
+ }
+ if (!has_slash)
+ {
+ /* no slashes; search PATH */
+ const char *path = getenv ("PATH");
+ if (path != NULL)
+ {
+ for (p = path; *p; p = p_next)
+ {
+ const char *q;
+ size_t p_len;
+ for (q = p; *q; q++)
+ if (IS_PATH_SEPARATOR (*q))
+ break;
+ p_len = q - p;
+ p_next = (*q == '\0' ? q : q + 1);
+ if (p_len == 0)
+ {
+ /* empty path: current directory */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name =
+ XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+ }
+ else
+ {
+ concat_name =
+ XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, p, p_len);
+ concat_name[p_len] = '/';
+ strcpy (concat_name + p_len + 1, wrapper);
+ }
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ }
+ /* not found in PATH; assume curdir */
+ }
+ /* Relative path | not found in path: prepend cwd */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ return NULL;
+}
+
+char *
+chase_symlinks (const char *pathspec)
+{
+#ifndef S_ISLNK
+ return xstrdup (pathspec);
+#else
+ char buf[LT_PATHMAX];
+ struct stat s;
+ char *tmp_pathspec = xstrdup (pathspec);
+ char *p;
+ int has_symlinks = 0;
+ while (strlen (tmp_pathspec) && !has_symlinks)
+ {
+ LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n",
+ tmp_pathspec));
+ if (lstat (tmp_pathspec, &s) == 0)
+ {
+ if (S_ISLNK (s.st_mode) != 0)
+ {
+ has_symlinks = 1;
+ break;
+ }
+
+ /* search backwards for last DIR_SEPARATOR */
+ p = tmp_pathspec + strlen (tmp_pathspec) - 1;
+ while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ p--;
+ if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ {
+ /* no more DIR_SEPARATORS left */
+ break;
+ }
+ *p = '\0';
+ }
+ else
+ {
+ char *errstr = strerror (errno);
+ lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr);
+ }
+ }
+ XFREE (tmp_pathspec);
+
+ if (!has_symlinks)
+ {
+ return xstrdup (pathspec);
+ }
+
+ tmp_pathspec = realpath (pathspec, buf);
+ if (tmp_pathspec == 0)
+ {
+ lt_fatal ("Could not follow symlinks for %s", pathspec);
+ }
+ return xstrdup (tmp_pathspec);
+#endif
+}
+
+char *
+strendzap (char *str, const char *pat)
+{
+ size_t len, patlen;
+
+ assert (str != NULL);
+ assert (pat != NULL);
+
+ len = strlen (str);
+ patlen = strlen (pat);
+
+ if (patlen <= len)
+ {
+ str += len - patlen;
+ if (strcmp (str, pat) == 0)
+ *str = '\0';
+ }
+ return str;
+}
+
+static void
+lt_error_core (int exit_status, const char *mode,
+ const char *message, va_list ap)
+{
+ fprintf (stderr, "%s: %s: ", program_name, mode);
+ vfprintf (stderr, message, ap);
+ fprintf (stderr, ".\n");
+
+ if (exit_status >= 0)
+ exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+ va_list ap;
+ va_start (ap, message);
+ lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ va_end (ap);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+ {
+#ifdef HAVE_SETENV
+ /* always make a copy, for consistency with !HAVE_SETENV */
+ char *str = xstrdup (value);
+ setenv (name, str, 1);
+#else
+ int len = strlen (name) + 1 + strlen (value) + 1;
+ char *str = XMALLOC (char, len);
+ sprintf (str, "%s=%s", name, value);
+ if (putenv (str) != EXIT_SUCCESS)
+ {
+ XFREE (str);
+ }
+#endif
+ }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+ char *new_value;
+ if (orig_value && *orig_value)
+ {
+ int orig_value_len = strlen (orig_value);
+ int add_len = strlen (add);
+ new_value = XMALLOC (char, add_len + orig_value_len + 1);
+ if (to_end)
+ {
+ strcpy (new_value, orig_value);
+ strcpy (new_value + orig_value_len, add);
+ }
+ else
+ {
+ strcpy (new_value, add);
+ strcpy (new_value + add_len, orig_value);
+ }
+ }
+ else
+ {
+ new_value = xstrdup (add);
+ }
+ return new_value;
+}
+
+int
+lt_split_name_value (const char *arg, char** name, char** value)
+{
+ const char *p;
+ int len;
+ if (!arg || !*arg)
+ return 1;
+
+ p = strchr (arg, (int)'=');
+
+ if (!p)
+ return 1;
+
+ *value = xstrdup (++p);
+
+ len = strlen (arg) - strlen (*value);
+ *name = XMALLOC (char, len);
+ strncpy (*name, arg, len-1);
+ (*name)[len - 1] = '\0';
+
+ return 0;
+}
+
+void
+lt_opt_process_env_set (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg);
+ }
+
+ lt_setenv (name, value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_prepend (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_append (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 1);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ /* some systems can't cope with a ':'-terminated path #' */
+ int len = strlen (new_value);
+ while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+ {
+ new_value[len-1] = '\0';
+ }
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+
+EOF
+}
+# end: func_emit_cwrapperexe_src
+
+# func_mode_link arg...
+func_mode_link ()
+{
+ $opt_debug
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ # It is impossible to link a dll without this setting, and
+ # we shouldn't force the makefile maintainer to figure out
+ # which system we are compiling for in order to pass an extra
+ # flag for every libtool invocation.
+ # allow_undefined=no
+
+ # FIXME: Unfortunately, there are problems with the above when trying
+ # to make a dll which has undefined symbols, in which case not
+ # even a static library is built. For now, we need to specify
+ # -no-undefined on the libtool link line when we can be certain
+ # that all symbols are satisfied, otherwise we get a static library.
+ allow_undefined=yes
+ ;;
+ *)
+ allow_undefined=yes
+ ;;
+ esac
+ libtool_args=$nonopt
+ base_compile="$nonopt $@"
+ compile_command=$nonopt
+ finalize_command=$nonopt
+
+ compile_rpath=
+ finalize_rpath=
+ compile_shlibpath=
+ finalize_shlibpath=
+ convenience=
+ old_convenience=
+ deplibs=
+ old_deplibs=
+ compiler_flags=
+ linker_flags=
+ dllsearchpath=
+ lib_search_path=`pwd`
+ inst_prefix_dir=
+ new_inherited_linker_flags=
+
+ avoid_version=no
+ dlfiles=
+ dlprefiles=
+ dlself=no
+ export_dynamic=no
+ export_symbols=
+ export_symbols_regex=
+ generated=
+ libobjs=
+ ltlibs=
+ module=no
+ no_install=no
+ objs=
+ non_pic_objects=
+ precious_files_regex=
+ prefer_static_libs=no
+ preload=no
+ prev=
+ prevarg=
+ release=
+ rpath=
+ xrpath=
+ perm_rpath=
+ temp_rpath=
+ thread_safe=no
+ vinfo=
+ vinfo_number=no
+ weak_libs=
+ single_module="${wl}-single_module"
+ func_infer_tag $base_compile
+
+ # We need to know -static, to get the right output filenames.
+ for arg
+ do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ break
+ ;;
+ -all-static | -static | -static-libtool-libs)
+ case $arg in
+ -all-static)
+ if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ func_warning "complete static linking is impossible in this configuration"
+ fi
+ if test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ -static)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=built
+ ;;
+ -static-libtool-libs)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ esac
+ build_libtool_libs=no
+ build_old_libs=yes
+ break
+ ;;
+ esac
+ done
+
+ # See if our shared archives depend on static archives.
+ test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+ # Go through the arguments, transforming them on the way.
+ while test "$#" -gt 0; do
+ arg="$1"
+ shift
+ func_quote_for_eval "$arg"
+ qarg=$func_quote_for_eval_unquoted_result
+ func_append libtool_args " $func_quote_for_eval_result"
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ output)
+ func_append compile_command " @OUTPUT@"
+ func_append finalize_command " @OUTPUT@"
+ ;;
+ esac
+
+ case $prev in
+ dlfiles|dlprefiles)
+ if test "$preload" = no; then
+ # Add the symbol object into the linking commands.
+ func_append compile_command " @SYMFILE@"
+ func_append finalize_command " @SYMFILE@"
+ preload=yes
+ fi
+ case $arg in
+ *.la | *.lo) ;; # We handle these cases below.
+ force)
+ if test "$dlself" = no; then
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ self)
+ if test "$prev" = dlprefiles; then
+ dlself=yes
+ elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ dlself=yes
+ else
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ *)
+ if test "$prev" = dlfiles; then
+ dlfiles="$dlfiles $arg"
+ else
+ dlprefiles="$dlprefiles $arg"
+ fi
+ prev=
+ continue
+ ;;
+ esac
+ ;;
+ expsyms)
+ export_symbols="$arg"
+ test -f "$arg" \
+ || func_fatal_error "symbol file \`$arg' does not exist"
+ prev=
+ continue
+ ;;
+ expsyms_regex)
+ export_symbols_regex="$arg"
+ prev=
+ continue
+ ;;
+ framework)
+ case $host in
+ *-*-darwin*)
+ case "$deplibs " in
+ *" $qarg.ltframework "*) ;;
+ *) deplibs="$deplibs $qarg.ltframework" # this is fixed later
+ ;;
+ esac
+ ;;
+ esac
+ prev=
+ continue
+ ;;
+ inst_prefix)
+ inst_prefix_dir="$arg"
+ prev=
+ continue
+ ;;
+ objectlist)
+ if test -f "$arg"; then
+ save_arg=$arg
+ moreargs=
+ for fil in `cat "$save_arg"`
+ do
+# moreargs="$moreargs $fil"
+ arg=$fil
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ done
+ else
+ func_fatal_error "link input file \`$arg' does not exist"
+ fi
+ arg=$save_arg
+ prev=
+ continue
+ ;;
+ precious_regex)
+ precious_files_regex="$arg"
+ prev=
+ continue
+ ;;
+ release)
+ release="-$arg"
+ prev=
+ continue
+ ;;
+ rpath | xrpath)
+ # We need an absolute path.
+ case $arg in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ if test "$prev" = rpath; then
+ case "$rpath " in
+ *" $arg "*) ;;
+ *) rpath="$rpath $arg" ;;
+ esac
+ else
+ case "$xrpath " in
+ *" $arg "*) ;;
+ *) xrpath="$xrpath $arg" ;;
+ esac
+ fi
+ prev=
+ continue
+ ;;
+ shrext)
+ shrext_cmds="$arg"
+ prev=
+ continue
+ ;;
+ weak)
+ weak_libs="$weak_libs $arg"
+ prev=
+ continue
+ ;;
+ xcclinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xcompiler)
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xlinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $wl$qarg"
+ prev=
+ func_append compile_command " $wl$qarg"
+ func_append finalize_command " $wl$qarg"
+ continue
+ ;;
+ *)
+ eval "$prev=\"\$arg\""
+ prev=
+ continue
+ ;;
+ esac
+ fi # test -n "$prev"
+
+ prevarg="$arg"
+
+ case $arg in
+ -all-static)
+ if test -n "$link_static_flag"; then
+ # See comment for -static flag below, for more details.
+ func_append compile_command " $link_static_flag"
+ func_append finalize_command " $link_static_flag"
+ fi
+ continue
+ ;;
+
+ -allow-undefined)
+ # FIXME: remove this flag sometime in the future.
+ func_fatal_error "\`-allow-undefined' must not be used because it is the default"
+ ;;
+
+ -avoid-version)
+ avoid_version=yes
+ continue
+ ;;
+
+ -dlopen)
+ prev=dlfiles
+ continue
+ ;;
+
+ -dlpreopen)
+ prev=dlprefiles
+ continue
+ ;;
+
+ -export-dynamic)
+ export_dynamic=yes
+ continue
+ ;;
+
+ -export-symbols | -export-symbols-regex)
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ func_fatal_error "more than one -exported-symbols argument is not allowed"
+ fi
+ if test "X$arg" = "X-export-symbols"; then
+ prev=expsyms
+ else
+ prev=expsyms_regex
+ fi
+ continue
+ ;;
+
+ -framework)
+ prev=framework
+ continue
+ ;;
+
+ -inst-prefix-dir)
+ prev=inst_prefix
+ continue
+ ;;
+
+ # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+ # so, if we see these flags be careful not to treat them like -L
+ -L[A-Z][A-Z]*:*)
+ case $with_gcc/$host in
+ no/*-*-irix* | /*-*-irix*)
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ ;;
+ esac
+ continue
+ ;;
+
+ -L*)
+ func_stripname '-L' '' "$arg"
+ dir=$func_stripname_result
+ if test -z "$dir"; then
+ if test "$#" -gt 0; then
+ func_fatal_error "require no space between \`-L' and \`$1'"
+ else
+ func_fatal_error "need path for \`-L' option"
+ fi
+ fi
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ test -z "$absdir" && \
+ func_fatal_error "cannot determine absolute directory name of \`$dir'"
+ dir="$absdir"
+ ;;
+ esac
+ case "$deplibs " in
+ *" -L$dir "*) ;;
+ *)
+ deplibs="$deplibs -L$dir"
+ lib_search_path="$lib_search_path $dir"
+ ;;
+ esac
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$dir:"*) ;;
+ ::) dllsearchpath=$dir;;
+ *) dllsearchpath="$dllsearchpath:$dir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ ::) dllsearchpath=$testbindir;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ continue
+ ;;
+
+ -l*)
+ if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*)
+ # These systems don't actually have a C or math library (as such)
+ continue
+ ;;
+ *-*-os2*)
+ # These systems don't actually have a C library (as such)
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C and math libraries are in the System framework
+ deplibs="$deplibs System.ltframework"
+ continue
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ test "X$arg" = "X-lc" && continue
+ ;;
+ esac
+ elif test "X$arg" = "X-lc_r"; then
+ case $host in
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc_r directly, use -pthread flag.
+ continue
+ ;;
+ esac
+ fi
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ -module)
+ module=yes
+ continue
+ ;;
+
+ # Tru64 UNIX uses -model [arg] to determine the layout of C++
+ # classes, name mangling, and exception handling.
+ # Darwin uses the -arch flag to determine output architecture.
+ -model|-arch|-isysroot)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ prev=xcompiler
+ continue
+ ;;
+
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ case "$new_inherited_linker_flags " in
+ *" $arg "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;;
+ esac
+ continue
+ ;;
+
+ -multi_module)
+ single_module="${wl}-multi_module"
+ continue
+ ;;
+
+ -no-fast-install)
+ fast_install=no
+ continue
+ ;;
+
+ -no-install)
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+ # The PATH hackery in wrapper scripts is required on Windows
+ # and Darwin in order for the loader to find any dlls it needs.
+ func_warning "\`-no-install' is ignored for $host"
+ func_warning "assuming \`-no-fast-install' instead"
+ fast_install=no
+ ;;
+ *) no_install=yes ;;
+ esac
+ continue
+ ;;
+
+ -no-undefined)
+ allow_undefined=no
+ continue
+ ;;
+
+ -objectlist)
+ prev=objectlist
+ continue
+ ;;
+
+ -o) prev=output ;;
+
+ -precious-files-regex)
+ prev=precious_regex
+ continue
+ ;;
+
+ -release)
+ prev=release
+ continue
+ ;;
+
+ -rpath)
+ prev=rpath
+ continue
+ ;;
+
+ -R)
+ prev=xrpath
+ continue
+ ;;
+
+ -R*)
+ func_stripname '-R' '' "$arg"
+ dir=$func_stripname_result
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ continue
+ ;;
+
+ -shared)
+ # The effects of -shared are defined in a previous loop.
+ continue
+ ;;
+
+ -shrext)
+ prev=shrext
+ continue
+ ;;
+
+ -static | -static-libtool-libs)
+ # The effects of -static are defined in a previous loop.
+ # We used to do the same as -all-static on platforms that
+ # didn't have a PIC flag, but the assumption that the effects
+ # would be equivalent was wrong. It would break on at least
+ # Digital Unix and AIX.
+ continue
+ ;;
+
+ -thread-safe)
+ thread_safe=yes
+ continue
+ ;;
+
+ -version-info)
+ prev=vinfo
+ continue
+ ;;
+
+ -version-number)
+ prev=vinfo
+ vinfo_number=yes
+ continue
+ ;;
+
+ -weak)
+ prev=weak
+ continue
+ ;;
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Wl,*)
+ func_stripname '-Wl,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $wl$func_quote_for_eval_result"
+ linker_flags="$linker_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Xcompiler)
+ prev=xcompiler
+ continue
+ ;;
+
+ -Xlinker)
+ prev=xlinker
+ continue
+ ;;
+
+ -XCClinker)
+ prev=xcclinker
+ continue
+ ;;
+
+ # -msg_* for osf cc
+ -msg_*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+ # -r[0-9][0-9]* specifies the processor on the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+ # +DA*, +DD* enable 64-bit mode on the HP compiler
+ # -q* pass through compiler args for the IBM compiler
+ # -m*, -t[45]*, -txscale* pass through architecture-specific
+ # compiler args for GCC
+ # -F/path gives path to uninstalled frameworks, gcc on darwin
+ # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
+ # @file GCC response files
+ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ compiler_flags="$compiler_flags $arg"
+ continue
+ ;;
+
+ # Some other compiler flag.
+ -* | +*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ *.$objext)
+ # A standard object.
+ objs="$objs $arg"
+ ;;
+
+ *.lo)
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ ;;
+
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+ old_deplibs="$old_deplibs $arg"
+ continue
+ ;;
+
+ *.la)
+ # A libtool-controlled library.
+
+ if test "$prev" = dlfiles; then
+ # This library was specified with -dlopen.
+ dlfiles="$dlfiles $arg"
+ prev=
+ elif test "$prev" = dlprefiles; then
+ # The library was specified with -dlpreopen.
+ dlprefiles="$dlprefiles $arg"
+ prev=
+ else
+ deplibs="$deplibs $arg"
+ fi
+ continue
+ ;;
+
+ # Some other compiler argument.
+ *)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+ esac # arg
+
+ # Now actually substitute the argument into the commands.
+ if test -n "$arg"; then
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+ done # argument parsing loop
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prevarg' option requires an argument"
+
+ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ eval arg=\"$export_dynamic_flag_spec\"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+
+ oldlibs=
+ # calculate the name of the file, without its directory
+ func_basename "$output"
+ outputname="$func_basename_result"
+ libobjs_save="$libobjs"
+
+ if test -n "$shlibpath_var"; then
+ # get the directories listed in $shlibpath_var
+ eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ else
+ shlib_search_path=
+ fi
+ eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+ eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+ func_dirname "$output" "/" ""
+ output_objdir="$func_dirname_result$objdir"
+ # Create the object directory.
+ func_mkdir_p "$output_objdir"
+
+ # Determine the type of output
+ case $output in
+ "")
+ func_fatal_help "you must specify an output file"
+ ;;
+ *.$libext) linkmode=oldlib ;;
+ *.lo | *.$objext) linkmode=obj ;;
+ *.la) linkmode=lib ;;
+ *) linkmode=prog ;; # Anything else should be a program.
+ esac
+
+ specialdeplibs=
+
+ libs=
+ # Find all interdependent deplibs by searching for libraries
+ # that are linked more than once (e.g. -la -lb -la)
+ for deplib in $deplibs; do
+ if $opt_duplicate_deps ; then
+ case "$libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ libs="$libs $deplib"
+ done
+
+ if test "$linkmode" = lib; then
+ libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+ # Compute libraries that are listed more than once in $predeps
+ # $postdeps and mark them as special (i.e., whose duplicates are
+ # not to be eliminated).
+ pre_post_deps=
+ if $opt_duplicate_compiler_generated_deps; then
+ for pre_post_dep in $predeps $postdeps; do
+ case "$pre_post_deps " in
+ *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ esac
+ pre_post_deps="$pre_post_deps $pre_post_dep"
+ done
+ fi
+ pre_post_deps=
+ fi
+
+ deplibs=
+ newdependency_libs=
+ newlib_search_path=
+ need_relink=no # whether we're linking any uninstalled libtool libraries
+ notinst_deplibs= # not-installed libtool libraries
+ notinst_path= # paths that contain not-installed libtool libraries
+
+ case $linkmode in
+ lib)
+ passes="conv dlpreopen link"
+ for file in $dlfiles $dlprefiles; do
+ case $file in
+ *.la) ;;
+ *)
+ func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file"
+ ;;
+ esac
+ done
+ ;;
+ prog)
+ compile_deplibs=
+ finalize_deplibs=
+ alldeplibs=no
+ newdlfiles=
+ newdlprefiles=
+ passes="conv scan dlopen dlpreopen link"
+ ;;
+ *) passes="conv"
+ ;;
+ esac
+
+ for pass in $passes; do
+ # The preopen pass in lib mode reverses $deplibs; put it back here
+ # so that -L comes before libs that need it for instance...
+ if test "$linkmode,$pass" = "lib,link"; then
+ ## FIXME: Find the place where the list is rebuilt in the wrong
+ ## order, and fix it there properly
+ tmp_deplibs=
+ for deplib in $deplibs; do
+ tmp_deplibs="$deplib $tmp_deplibs"
+ done
+ deplibs="$tmp_deplibs"
+ fi
+
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan"; then
+ libs="$deplibs"
+ deplibs=
+ fi
+ if test "$linkmode" = prog; then
+ case $pass in
+ dlopen) libs="$dlfiles" ;;
+ dlpreopen) libs="$dlprefiles" ;;
+ link)
+ libs="$deplibs %DEPLIBS%"
+ test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
+ ;;
+ esac
+ fi
+ if test "$linkmode,$pass" = "lib,dlpreopen"; then
+ # Collect and forward deplibs of preopened libtool libs
+ for lib in $dlprefiles; do
+ # Ignore non-libtool-libs
+ dependency_libs=
+ case $lib in
+ *.la) func_source "$lib" ;;
+ esac
+
+ # Collect preopened libtool deplibs, except any this library
+ # has declared as weak libs
+ for deplib in $dependency_libs; do
+ deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"`
+ case " $weak_libs " in
+ *" $deplib_base "*) ;;
+ *) deplibs="$deplibs $deplib" ;;
+ esac
+ done
+ done
+ libs="$dlprefiles"
+ fi
+ if test "$pass" = dlopen; then
+ # Collect dlpreopened libraries
+ save_deplibs="$deplibs"
+ deplibs=
+ fi
+
+ for deplib in $libs; do
+ lib=
+ found=no
+ case $deplib in
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags $deplib"
+ if test "$linkmode" = lib ; then
+ case "$new_inherited_linker_flags " in
+ *" $deplib "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ esac
+ fi
+ fi
+ continue
+ ;;
+ -l*)
+ if test "$linkmode" != lib && test "$linkmode" != prog; then
+ func_warning "\`-l' is ignored for archives/objects"
+ continue
+ fi
+ func_stripname '-l' '' "$deplib"
+ name=$func_stripname_result
+ if test "$linkmode" = lib; then
+ searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+ else
+ searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
+ fi
+ for searchdir in $searchdirs; do
+ for search_ext in .la $std_shrext .so .a; do
+ # Search the libtool library
+ lib="$searchdir/lib${name}${search_ext}"
+ if test -f "$lib"; then
+ if test "$search_ext" = ".la"; then
+ found=yes
+ else
+ found=no
+ fi
+ break 2
+ fi
+ done
+ done
+ if test "$found" != yes; then
+ # deplib doesn't seem to be a libtool library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ else # deplib is a libtool library
+ # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+ # We need to do some special things here, and not later.
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $deplib "*)
+ if func_lalib_p "$lib"; then
+ library_names=
+ old_library=
+ func_source "$lib"
+ for l in $old_library $library_names; do
+ ll="$l"
+ done
+ if test "X$ll" = "X$old_library" ; then # only static version available
+ found=no
+ func_dirname "$lib" "" "."
+ ladir="$func_dirname_result"
+ lib=$ladir/$old_library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ fi
+ fi
+ ;;
+ *) ;;
+ esac
+ fi
+ fi
+ ;; # -l
+ *.ltframework)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ if test "$linkmode" = lib ; then
+ case "$new_inherited_linker_flags " in
+ *" $deplib "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ esac
+ fi
+ fi
+ continue
+ ;;
+ -L*)
+ case $linkmode in
+ lib)
+ deplibs="$deplib $deplibs"
+ test "$pass" = conv && continue
+ newdependency_libs="$deplib $newdependency_libs"
+ func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ prog)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ if test "$pass" = scan; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ *)
+ func_warning "\`-L' is ignored for archives/objects"
+ ;;
+ esac # linkmode
+ continue
+ ;; # -L
+ -R*)
+ if test "$pass" = link; then
+ func_stripname '-R' '' "$deplib"
+ dir=$func_stripname_result
+ # Make sure the xrpath contains only unique directories.
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ fi
+ deplibs="$deplib $deplibs"
+ continue
+ ;;
+ *.la) lib="$deplib" ;;
+ *.$libext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ case $linkmode in
+ lib)
+ # Linking convenience modules into shared libraries is allowed,
+ # but linking other static libraries is non-portable.
+ case " $dlpreconveniencelibs " in
+ *" $deplib "*) ;;
+ *)
+ valid_a_lib=no
+ case $deplibs_check_method in
+ match_pattern*)
+ set dummy $deplibs_check_method; shift
+ match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ valid_a_lib=yes
+ fi
+ ;;
+ pass_all)
+ valid_a_lib=yes
+ ;;
+ esac
+ if test "$valid_a_lib" != yes; then
+ $ECHO
+ $ECHO "*** Warning: Trying to link with static lib archive $deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because the file extensions .$libext of this argument makes me believe"
+ $ECHO "*** that it is just a static archive that I should not use here."
+ else
+ $ECHO
+ $ECHO "*** Warning: Linking the shared library $output against the"
+ $ECHO "*** static library $deplib is not portable!"
+ deplibs="$deplib $deplibs"
+ fi
+ ;;
+ esac
+ continue
+ ;;
+ prog)
+ if test "$pass" != link; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ continue
+ ;;
+ esac # linkmode
+ ;; # *.$libext
+ *.lo | *.$objext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ elif test "$linkmode" = prog; then
+ if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+ # If there is no dlopen support or we're linking statically,
+ # we need to preload.
+ newdlprefiles="$newdlprefiles $deplib"
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ newdlfiles="$newdlfiles $deplib"
+ fi
+ fi
+ continue
+ ;;
+ %DEPLIBS%)
+ alldeplibs=yes
+ continue
+ ;;
+ esac # case $deplib
+
+ if test "$found" = yes || test -f "$lib"; then :
+ else
+ func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'"
+ fi
+
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$lib" \
+ || func_fatal_error "\`$lib' is not a valid libtool archive"
+
+ func_dirname "$lib" "" "."
+ ladir="$func_dirname_result"
+
+ dlname=
+ dlopen=
+ dlpreopen=
+ libdir=
+ library_names=
+ old_library=
+ inherited_linker_flags=
+ # If the library was installed with an old release of libtool,
+ # it will not redefine variables installed, or shouldnotlink
+ installed=yes
+ shouldnotlink=no
+ avoidtemprpath=
+
+
+ # Read the .la file
+ func_source "$lib"
+
+ # Convert "-framework foo" to "foo.ltframework"
+ if test -n "$inherited_linker_flags"; then
+ tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'`
+ for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
+ case " $new_inherited_linker_flags " in
+ *" $tmp_inherited_linker_flag "*) ;;
+ *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";;
+ esac
+ done
+ fi
+ dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan" ||
+ { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+ test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+ test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+ fi
+
+ if test "$pass" = conv; then
+ # Only check for convenience libraries
+ deplibs="$lib $deplibs"
+ if test -z "$libdir"; then
+ if test -z "$old_library"; then
+ func_fatal_error "cannot find name of link library for \`$lib'"
+ fi
+ # It is a libtool convenience library, so add in its objects.
+ convenience="$convenience $ladir/$objdir/$old_library"
+ old_convenience="$old_convenience $ladir/$objdir/$old_library"
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ deplibs="$deplib $deplibs"
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+ elif test "$linkmode" != prog && test "$linkmode" != lib; then
+ func_fatal_error "\`$lib' is not a convenience library"
+ fi
+ continue
+ fi # $pass = conv
+
+
+ # Get the name of the library we link against.
+ linklib=
+ for l in $old_library $library_names; do
+ linklib="$l"
+ done
+ if test -z "$linklib"; then
+ func_fatal_error "cannot find name of link library for \`$lib'"
+ fi
+
+ # This library was specified with -dlopen.
+ if test "$pass" = dlopen; then
+ if test -z "$libdir"; then
+ func_fatal_error "cannot -dlopen a convenience library: \`$lib'"
+ fi
+ if test -z "$dlname" ||
+ test "$dlopen_support" != yes ||
+ test "$build_libtool_libs" = no; then
+ # If there is no dlname, no dlopen support or we're linking
+ # statically, we need to preload. We also need to preload any
+ # dependent libraries so libltdl's deplib preloader doesn't
+ # bomb out in the load deplibs phase.
+ dlprefiles="$dlprefiles $lib $dependency_libs"
+ else
+ newdlfiles="$newdlfiles $lib"
+ fi
+ continue
+ fi # $pass = dlopen
+
+ # We need an absolute path.
+ case $ladir in
+ [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+ *)
+ abs_ladir=`cd "$ladir" && pwd`
+ if test -z "$abs_ladir"; then
+ func_warning "cannot determine absolute directory name of \`$ladir'"
+ func_warning "passing it literally to the linker, although it might fail"
+ abs_ladir="$ladir"
+ fi
+ ;;
+ esac
+ func_basename "$lib"
+ laname="$func_basename_result"
+
+ # Find the relevant object directory and library name.
+ if test "X$installed" = Xyes; then
+ if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ func_warning "library \`$lib' was moved."
+ dir="$ladir"
+ absdir="$abs_ladir"
+ libdir="$abs_ladir"
+ else
+ dir="$libdir"
+ absdir="$libdir"
+ fi
+ test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+ else
+ if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ dir="$ladir"
+ absdir="$abs_ladir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ else
+ dir="$ladir/$objdir"
+ absdir="$abs_ladir/$objdir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ fi
+ fi # $installed = yes
+ func_stripname 'lib' '.la' "$laname"
+ name=$func_stripname_result
+
+ # This library was specified with -dlpreopen.
+ if test "$pass" = dlpreopen; then
+ if test -z "$libdir" && test "$linkmode" = prog; then
+ func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'"
+ fi
+ # Prefer using a static library (so that no silly _DYNAMIC symbols
+ # are required to link).
+ if test -n "$old_library"; then
+ newdlprefiles="$newdlprefiles $dir/$old_library"
+ # Keep a list of preopened convenience libraries to check
+ # that they are being used correctly in the link pass.
+ test -z "$libdir" && \
+ dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library"
+ # Otherwise, use the dlname, so that lt_dlopen finds it.
+ elif test -n "$dlname"; then
+ newdlprefiles="$newdlprefiles $dir/$dlname"
+ else
+ newdlprefiles="$newdlprefiles $dir/$linklib"
+ fi
+ fi # $pass = dlpreopen
+
+ if test -z "$libdir"; then
+ # Link the convenience library
+ if test "$linkmode" = lib; then
+ deplibs="$dir/$old_library $deplibs"
+ elif test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$dir/$old_library $compile_deplibs"
+ finalize_deplibs="$dir/$old_library $finalize_deplibs"
+ else
+ deplibs="$lib $deplibs" # used for prog,scan pass
+ fi
+ continue
+ fi
+
+
+ if test "$linkmode" = prog && test "$pass" != link; then
+ newlib_search_path="$newlib_search_path $ladir"
+ deplibs="$lib $deplibs"
+
+ linkalldeplibs=no
+ if test "$link_all_deplibs" != no || test -z "$library_names" ||
+ test "$build_libtool_libs" = no; then
+ linkalldeplibs=yes
+ fi
+
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ esac
+ # Need to link against all dependency_libs?
+ if test "$linkalldeplibs" = yes; then
+ deplibs="$deplib $deplibs"
+ else
+ # Need to hardcode shared library paths
+ # or/and link against static libraries
+ newdependency_libs="$deplib $newdependency_libs"
+ fi
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done # for deplib
+ continue
+ fi # $linkmode = prog...
+
+ if test "$linkmode,$pass" = "prog,link"; then
+ if test -n "$library_names" &&
+ { { test "$prefer_static_libs" = no ||
+ test "$prefer_static_libs,$installed" = "built,yes"; } ||
+ test -z "$old_library"; }; then
+ # We need to hardcode the library path
+ if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+ # Make sure the rpath contains only unique directories.
+ case "$temp_rpath:" in
+ *"$absdir:"*) ;;
+ *) temp_rpath="$temp_rpath$absdir:" ;;
+ esac
+ fi
+
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi # $linkmode,$pass = prog,link...
+
+ if test "$alldeplibs" = yes &&
+ { test "$deplibs_check_method" = pass_all ||
+ { test "$build_libtool_libs" = yes &&
+ test -n "$library_names"; }; }; then
+ # We only need to search for static libraries
+ continue
+ fi
+ fi
+
+ link_static=no # Whether the deplib will be linked statically
+ use_static_libs=$prefer_static_libs
+ if test "$use_static_libs" = built && test "$installed" = yes; then
+ use_static_libs=no
+ fi
+ if test -n "$library_names" &&
+ { test "$use_static_libs" = no || test -z "$old_library"; }; then
+ case $host in
+ *cygwin* | *mingw* | *cegcc*)
+ # No point in relinking DLLs because paths are not encoded
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=no
+ ;;
+ *)
+ if test "$installed" = no; then
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=yes
+ fi
+ ;;
+ esac
+ # This is a shared library
+
+ # Warn about portability, can't link against -module's on some
+ # systems (darwin). Don't bleat about dlopened modules though!
+ dlopenmodule=""
+ for dlpremoduletest in $dlprefiles; do
+ if test "X$dlpremoduletest" = "X$lib"; then
+ dlopenmodule="$dlpremoduletest"
+ break
+ fi
+ done
+ if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then
+ $ECHO
+ if test "$linkmode" = prog; then
+ $ECHO "*** Warning: Linking the executable $output against the loadable module"
+ else
+ $ECHO "*** Warning: Linking the shared library $output against the loadable module"
+ fi
+ $ECHO "*** $linklib is not portable!"
+ fi
+ if test "$linkmode" = lib &&
+ test "$hardcode_into_libs" = yes; then
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi
+
+ if test -n "$old_archive_from_expsyms_cmds"; then
+ # figure out the soname
+ set dummy $library_names
+ shift
+ realname="$1"
+ shift
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ # use dlname if we got it. it's perfectly good, no?
+ if test -n "$dlname"; then
+ soname="$dlname"
+ elif test -n "$soname_spec"; then
+ # bleh windows
+ case $host in
+ *cygwin* | mingw* | *cegcc*)
+ func_arith $current - $age
+ major=$func_arith_result
+ versuffix="-$major"
+ ;;
+ esac
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+
+ # Make a new name for the extract_expsyms_cmds to use
+ soroot="$soname"
+ func_basename "$soroot"
+ soname="$func_basename_result"
+ func_stripname 'lib' '.dll' "$soname"
+ newlib=libimp-$func_stripname_result.a
+
+ # If the library has no export list, then create one now
+ if test -f "$output_objdir/$soname-def"; then :
+ else
+ func_verbose "extracting exported symbol list from \`$soname'"
+ func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
+ fi
+
+ # Create $newlib
+ if test -f "$output_objdir/$newlib"; then :; else
+ func_verbose "generating import library for \`$soname'"
+ func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
+ fi
+ # make sure the library variables are pointing to the new library
+ dir=$output_objdir
+ linklib=$newlib
+ fi # test -n "$old_archive_from_expsyms_cmds"
+
+ if test "$linkmode" = prog || test "$mode" != relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ lib_linked=yes
+ case $hardcode_action in
+ immediate | unsupported)
+ if test "$hardcode_direct" = no; then
+ add="$dir/$linklib"
+ case $host in
+ *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+ *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+ *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+ *-*-unixware7*) add_dir="-L$dir" ;;
+ *-*-darwin* )
+ # if the lib is a (non-dlopened) module then we can not
+ # link against it, someone is ignoring the earlier warnings
+ if /usr/bin/file -L $add 2> /dev/null |
+ $GREP ": [^:]* bundle" >/dev/null ; then
+ if test "X$dlopenmodule" != "X$lib"; then
+ $ECHO "*** Warning: lib $linklib is a module, not a shared library"
+ if test -z "$old_library" ; then
+ $ECHO
+ $ECHO "*** And there doesn't seem to be a static archive available"
+ $ECHO "*** The link will probably fail, sorry"
+ else
+ add="$dir/$old_library"
+ fi
+ elif test -n "$old_library"; then
+ add="$dir/$old_library"
+ fi
+ fi
+ esac
+ elif test "$hardcode_minus_L" = no; then
+ case $host in
+ *-*-sunos*) add_shlibpath="$dir" ;;
+ esac
+ add_dir="-L$dir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = no; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ relink)
+ if test "$hardcode_direct" = yes &&
+ test "$hardcode_direct_absolute" = no; then
+ add="$dir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$dir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ *) lib_linked=no ;;
+ esac
+
+ if test "$lib_linked" != yes; then
+ func_fatal_configuration "unsupported hardcode properties"
+ fi
+
+ if test -n "$add_shlibpath"; then
+ case :$compile_shlibpath: in
+ *":$add_shlibpath:"*) ;;
+ *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+ esac
+ fi
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+ test -n "$add" && compile_deplibs="$add $compile_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ if test "$hardcode_direct" != yes &&
+ test "$hardcode_minus_L" != yes &&
+ test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ fi
+ fi
+ fi
+
+ if test "$linkmode" = prog || test "$mode" = relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ # Finalize command for both is simple: just hardcode it.
+ if test "$hardcode_direct" = yes &&
+ test "$hardcode_direct_absolute" = no; then
+ add="$libdir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$libdir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ add="-l$name"
+ elif test "$hardcode_automatic" = yes; then
+ if test -n "$inst_prefix_dir" &&
+ test -f "$inst_prefix_dir$libdir/$linklib" ; then
+ add="$inst_prefix_dir$libdir/$linklib"
+ else
+ add="$libdir/$linklib"
+ fi
+ else
+ # We cannot seem to hardcode it, guess we'll fake it.
+ add_dir="-L$libdir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ fi
+
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+ test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ fi
+ fi
+ elif test "$linkmode" = prog; then
+ # Here we assume that one of hardcode_direct or hardcode_minus_L
+ # is not unsupported. This is valid on all known static and
+ # shared platforms.
+ if test "$hardcode_direct" != unsupported; then
+ test -n "$old_library" && linklib="$old_library"
+ compile_deplibs="$dir/$linklib $compile_deplibs"
+ finalize_deplibs="$dir/$linklib $finalize_deplibs"
+ else
+ compile_deplibs="-l$name -L$dir $compile_deplibs"
+ finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+ fi
+ elif test "$build_libtool_libs" = yes; then
+ # Not a shared library
+ if test "$deplibs_check_method" != pass_all; then
+ # We're trying link a shared library against a static one
+ # but the system doesn't support it.
+
+ # Just print a warning and add the library to dependency_libs so
+ # that the program can be linked against the static library.
+ $ECHO
+ $ECHO "*** Warning: This system can not link to static lib archive $lib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have."
+ if test "$module" = yes; then
+ $ECHO "*** But as you try to build a module library, libtool will still create "
+ $ECHO "*** a static module, that should work as long as the dlopening application"
+ $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime."
+ if test -z "$global_symbol_pipe"; then
+ $ECHO
+ $ECHO "*** However, this would only work if libtool was able to extract symbol"
+ $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $ECHO "*** not find such a program. So, this module is probably useless."
+ $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ else
+ deplibs="$dir/$old_library $deplibs"
+ link_static=yes
+ fi
+ fi # link shared/static library?
+
+ if test "$linkmode" = lib; then
+ if test -n "$dependency_libs" &&
+ { test "$hardcode_into_libs" != yes ||
+ test "$build_old_libs" = yes ||
+ test "$link_static" = yes; }; then
+ # Extract -R from dependency_libs
+ temp_deplibs=
+ for libdir in $dependency_libs; do
+ case $libdir in
+ -R*) func_stripname '-R' '' "$libdir"
+ temp_xrpath=$func_stripname_result
+ case " $xrpath " in
+ *" $temp_xrpath "*) ;;
+ *) xrpath="$xrpath $temp_xrpath";;
+ esac;;
+ *) temp_deplibs="$temp_deplibs $libdir";;
+ esac
+ done
+ dependency_libs="$temp_deplibs"
+ fi
+
+ newlib_search_path="$newlib_search_path $absdir"
+ # Link against this library
+ test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+ # ... and its dependency_libs
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ newdependency_libs="$deplib $newdependency_libs"
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+
+ if test "$link_all_deplibs" != no; then
+ # Add the search paths of all dependency libraries
+ for deplib in $dependency_libs; do
+ path=
+ case $deplib in
+ -L*) path="$deplib" ;;
+ *.la)
+ func_dirname "$deplib" "" "."
+ dir="$func_dirname_result"
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ func_warning "cannot determine absolute directory name of \`$dir'"
+ absdir="$dir"
+ fi
+ ;;
+ esac
+ if $GREP "^installed=no" $deplib > /dev/null; then
+ case $host in
+ *-*-darwin*)
+ depdepl=
+ eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+ if test -n "$deplibrary_names" ; then
+ for tmp in $deplibrary_names ; do
+ depdepl=$tmp
+ done
+ if test -f "$absdir/$objdir/$depdepl" ; then
+ depdepl="$absdir/$objdir/$depdepl"
+ darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ if test -z "$darwin_install_name"; then
+ darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ fi
+ compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
+ linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}"
+ path=
+ fi
+ fi
+ ;;
+ *)
+ path="-L$absdir/$objdir"
+ ;;
+ esac
+ else
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$deplib' is not a valid libtool archive"
+ test "$absdir" != "$libdir" && \
+ func_warning "\`$deplib' seems to be moved"
+
+ path="-L$absdir"
+ fi
+ ;;
+ esac
+ case " $deplibs " in
+ *" $path "*) ;;
+ *) deplibs="$path $deplibs" ;;
+ esac
+ done
+ fi # link_all_deplibs != no
+ fi # linkmode = lib
+ done # for deplib in $libs
+ if test "$pass" = link; then
+ if test "$linkmode" = "prog"; then
+ compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
+ finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ fi
+ fi
+ dependency_libs="$newdependency_libs"
+ if test "$pass" = dlpreopen; then
+ # Link the dlpreopened libraries before other libraries
+ for deplib in $save_deplibs; do
+ deplibs="$deplib $deplibs"
+ done
+ fi
+ if test "$pass" != dlopen; then
+ if test "$pass" != conv; then
+ # Make sure lib_search_path contains only unique directories.
+ lib_search_path=
+ for dir in $newlib_search_path; do
+ case "$lib_search_path " in
+ *" $dir "*) ;;
+ *) lib_search_path="$lib_search_path $dir" ;;
+ esac
+ done
+ newlib_search_path=
+ fi
+
+ if test "$linkmode,$pass" != "prog,link"; then
+ vars="deplibs"
+ else
+ vars="compile_deplibs finalize_deplibs"
+ fi
+ for var in $vars dependency_libs; do
+ # Add libraries to $var in reverse order
+ eval tmp_libs=\"\$$var\"
+ new_libs=
+ for deplib in $tmp_libs; do
+ # FIXME: Pedantically, this is the right thing to do, so
+ # that some nasty dependency loop isn't accidentally
+ # broken:
+ #new_libs="$deplib $new_libs"
+ # Pragmatically, this seems to cause very few problems in
+ # practice:
+ case $deplib in
+ -L*) new_libs="$deplib $new_libs" ;;
+ -R*) ;;
+ *)
+ # And here is the reason: when a library appears more
+ # than once as an explicit dependence of a library, or
+ # is implicitly linked in more than once by the
+ # compiler, it is considered special, and multiple
+ # occurrences thereof are not removed. Compare this
+ # with having the same library being listed as a
+ # dependency of multiple other libraries: in this case,
+ # we know (pedantically, we assume) the library does not
+ # need to be listed more than once, so we keep only the
+ # last copy. This is not always right, but it is rare
+ # enough that we require users that really mean to play
+ # such unportable linking tricks to link the library
+ # using -Wl,-lname, so that libtool does not consider it
+ # for duplicate removal.
+ case " $specialdeplibs " in
+ *" $deplib "*) new_libs="$deplib $new_libs" ;;
+ *)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$deplib $new_libs" ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+ done
+ tmp_libs=
+ for deplib in $new_libs; do
+ case $deplib in
+ -L*)
+ case " $tmp_libs " in
+ *" $deplib "*) ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ done
+ eval $var=\"$tmp_libs\"
+ done # for var
+ fi
+ # Last step: remove runtime libs from dependency_libs
+ # (they stay in deplibs)
+ tmp_libs=
+ for i in $dependency_libs ; do
+ case " $predeps $postdeps $compiler_lib_search_path " in
+ *" $i "*)
+ i=""
+ ;;
+ esac
+ if test -n "$i" ; then
+ tmp_libs="$tmp_libs $i"
+ fi
+ done
+ dependency_libs=$tmp_libs
+ done # for pass
+ if test "$linkmode" = prog; then
+ dlfiles="$newdlfiles"
+ fi
+ if test "$linkmode" = prog || test "$linkmode" = lib; then
+ dlprefiles="$newdlprefiles"
+ fi
+
+ case $linkmode in
+ oldlib)
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ func_warning "\`-dlopen' is ignored for archives"
+ fi
+
+ case " $deplibs" in
+ *\ -l* | *\ -L*)
+ func_warning "\`-l' and \`-L' are ignored for archives" ;;
+ esac
+
+ test -n "$rpath" && \
+ func_warning "\`-rpath' is ignored for archives"
+
+ test -n "$xrpath" && \
+ func_warning "\`-R' is ignored for archives"
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info/-version-number' is ignored for archives"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for archives"
+
+ test -n "$export_symbols$export_symbols_regex" && \
+ func_warning "\`-export-symbols' is ignored for archives"
+
+ # Now set the variables for building old libraries.
+ build_libtool_libs=no
+ oldlibs="$output"
+ objs="$objs$old_deplibs"
+ ;;
+
+ lib)
+ # Make sure we only generate libraries of the form `libNAME.la'.
+ case $outputname in
+ lib*)
+ func_stripname 'lib' '.la' "$outputname"
+ name=$func_stripname_result
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ ;;
+ *)
+ test "$module" = no && \
+ func_fatal_help "libtool library \`$output' must begin with \`lib'"
+
+ if test "$need_lib_prefix" != no; then
+ # Add the "lib" prefix for modules if required
+ func_stripname '' '.la' "$outputname"
+ name=$func_stripname_result
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ else
+ func_stripname '' '.la' "$outputname"
+ libname=$func_stripname_result
+ fi
+ ;;
+ esac
+
+ if test -n "$objs"; then
+ if test "$deplibs_check_method" != pass_all; then
+ func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs"
+ else
+ $ECHO
+ $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
+ $ECHO "*** objects $objs is not portable!"
+ libobjs="$libobjs $objs"
+ fi
+ fi
+
+ test "$dlself" != no && \
+ func_warning "\`-dlopen self' is ignored for libtool libraries"
+
+ set dummy $rpath
+ shift
+ test "$#" -gt 1 && \
+ func_warning "ignoring multiple \`-rpath's for a libtool library"
+
+ install_libdir="$1"
+
+ oldlibs=
+ if test -z "$rpath"; then
+ if test "$build_libtool_libs" = yes; then
+ # Building a libtool convenience library.
+ # Some compilers have problems with a `.al' extension so
+ # convenience libraries should have the same extension an
+ # archive normally would.
+ oldlibs="$output_objdir/$libname.$libext $oldlibs"
+ build_libtool_libs=convenience
+ build_old_libs=yes
+ fi
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info/-version-number' is ignored for convenience libraries"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for convenience libraries"
+ else
+
+ # Parse the version information argument.
+ save_ifs="$IFS"; IFS=':'
+ set dummy $vinfo 0 0 0
+ shift
+ IFS="$save_ifs"
+
+ test -n "$7" && \
+ func_fatal_help "too many parameters to \`-version-info'"
+
+ # convert absolute version numbers to libtool ages
+ # this retains compatibility with .la files and attempts
+ # to make the code below a bit more comprehensible
+
+ case $vinfo_number in
+ yes)
+ number_major="$1"
+ number_minor="$2"
+ number_revision="$3"
+ #
+ # There are really only two kinds -- those that
+ # use the current revision as the major version
+ # and those that subtract age and use age as
+ # a minor version. But, then there is irix
+ # which has an extra 1 added just for fun
+ #
+ case $version_type in
+ darwin|linux|osf|windows|none)
+ func_arith $number_major + $number_minor
+ current=$func_arith_result
+ age="$number_minor"
+ revision="$number_revision"
+ ;;
+ freebsd-aout|freebsd-elf|sunos)
+ current="$number_major"
+ revision="$number_minor"
+ age="0"
+ ;;
+ irix|nonstopux)
+ func_arith $number_major + $number_minor
+ current=$func_arith_result
+ age="$number_minor"
+ revision="$number_minor"
+ lt_irix_increment=no
+ ;;
+ *)
+ func_fatal_configuration "$modename: unknown library version type \`$version_type'"
+ ;;
+ esac
+ ;;
+ no)
+ current="$1"
+ revision="$2"
+ age="$3"
+ ;;
+ esac
+
+ # Check that each of the things are valid numbers.
+ case $current in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "CURRENT \`$current' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ case $revision in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "REVISION \`$revision' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ case $age in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "AGE \`$age' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ if test "$age" -gt "$current"; then
+ func_error "AGE \`$age' is greater than the current interface number \`$current'"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ fi
+
+ # Calculate the version variables.
+ major=
+ versuffix=
+ verstring=
+ case $version_type in
+ none) ;;
+
+ darwin)
+ # Like Linux, but with the current version available in
+ # verstring for coding it into the library header
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix="$major.$age.$revision"
+ # Darwin ld doesn't like 0 for these options...
+ func_arith $current + 1
+ minor_current=$func_arith_result
+ xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+ verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+ ;;
+
+ freebsd-aout)
+ major=".$current"
+ versuffix=".$current.$revision";
+ ;;
+
+ freebsd-elf)
+ major=".$current"
+ versuffix=".$current"
+ ;;
+
+ irix | nonstopux)
+ if test "X$lt_irix_increment" = "Xno"; then
+ func_arith $current - $age
+ else
+ func_arith $current - $age + 1
+ fi
+ major=$func_arith_result
+
+ case $version_type in
+ nonstopux) verstring_prefix=nonstopux ;;
+ *) verstring_prefix=sgi ;;
+ esac
+ verstring="$verstring_prefix$major.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$revision
+ while test "$loop" -ne 0; do
+ func_arith $revision - $loop
+ iface=$func_arith_result
+ func_arith $loop - 1
+ loop=$func_arith_result
+ verstring="$verstring_prefix$major.$iface:$verstring"
+ done
+
+ # Before this point, $major must not contain `.'.
+ major=.$major
+ versuffix="$major.$revision"
+ ;;
+
+ linux)
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix="$major.$age.$revision"
+ ;;
+
+ osf)
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix=".$current.$age.$revision"
+ verstring="$current.$age.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$age
+ while test "$loop" -ne 0; do
+ func_arith $current - $loop
+ iface=$func_arith_result
+ func_arith $loop - 1
+ loop=$func_arith_result
+ verstring="$verstring:${iface}.0"
+ done
+
+ # Make executables depend on our current version.
+ verstring="$verstring:${current}.0"
+ ;;
+
+ qnx)
+ major=".$current"
+ versuffix=".$current"
+ ;;
+
+ sunos)
+ major=".$current"
+ versuffix=".$current.$revision"
+ ;;
+
+ windows)
+ # Use '-' rather than '.', since we only want one
+ # extension on DOS 8.3 filesystems.
+ func_arith $current - $age
+ major=$func_arith_result
+ versuffix="-$major"
+ ;;
+
+ *)
+ func_fatal_configuration "unknown library version type \`$version_type'"
+ ;;
+ esac
+
+ # Clear the version info if we defaulted, and they specified a release.
+ if test -z "$vinfo" && test -n "$release"; then
+ major=
+ case $version_type in
+ darwin)
+ # we can't check for "0.0" in archive_cmds due to quoting
+ # problems, so we reset it completely
+ verstring=
+ ;;
+ *)
+ verstring="0.0"
+ ;;
+ esac
+ if test "$need_version" = no; then
+ versuffix=
+ else
+ versuffix=".0.0"
+ fi
+ fi
+
+ # Remove version info from name if versioning should be avoided
+ if test "$avoid_version" = yes && test "$need_version" = no; then
+ major=
+ versuffix=
+ verstring=""
+ fi
+
+ # Check to see if the archive will have undefined symbols.
+ if test "$allow_undefined" = yes; then
+ if test "$allow_undefined_flag" = unsupported; then
+ func_warning "undefined symbols not allowed in $host shared libraries"
+ build_libtool_libs=no
+ build_old_libs=yes
+ fi
+ else
+ # Don't allow undefined symbols.
+ allow_undefined_flag="$no_undefined_flag"
+ fi
+
+ fi
+
+ func_generate_dlsyms "$libname" "$libname" "yes"
+ libobjs="$libobjs $symfileobj"
+ test "X$libobjs" = "X " && libobjs=
+
+ if test "$mode" != relink; then
+ # Remove our outputs, but don't remove object files since they
+ # may have been created when compiling PIC objects.
+ removelist=
+ tempremovelist=`$ECHO "$output_objdir/*"`
+ for p in $tempremovelist; do
+ case $p in
+ *.$objext | *.gcno)
+ ;;
+ $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+ if test "X$precious_files_regex" != "X"; then
+ if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+ then
+ continue
+ fi
+ fi
+ removelist="$removelist $p"
+ ;;
+ *) ;;
+ esac
+ done
+ test -n "$removelist" && \
+ func_show_eval "${RM}r \$removelist"
+ fi
+
+ # Now set the variables for building old libraries.
+ if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+ oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+ # Transform .lo files to .o files.
+ oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+ fi
+
+ # Eliminate all temporary directories.
+ #for path in $notinst_path; do
+ # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"`
+ # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"`
+ # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"`
+ #done
+
+ if test -n "$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ temp_xrpath=
+ for libdir in $xrpath; do
+ temp_xrpath="$temp_xrpath -R$libdir"
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ dependency_libs="$temp_xrpath $dependency_libs"
+ fi
+ fi
+
+ # Make sure dlfiles contains only unique files that won't be dlpreopened
+ old_dlfiles="$dlfiles"
+ dlfiles=
+ for lib in $old_dlfiles; do
+ case " $dlprefiles $dlfiles " in
+ *" $lib "*) ;;
+ *) dlfiles="$dlfiles $lib" ;;
+ esac
+ done
+
+ # Make sure dlprefiles contains only unique files
+ old_dlprefiles="$dlprefiles"
+ dlprefiles=
+ for lib in $old_dlprefiles; do
+ case "$dlprefiles " in
+ *" $lib "*) ;;
+ *) dlprefiles="$dlprefiles $lib" ;;
+ esac
+ done
+
+ if test "$build_libtool_libs" = yes; then
+ if test -n "$rpath"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*)
+ # these systems don't actually have a c library (as such)!
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C library is in the System framework
+ deplibs="$deplibs System.ltframework"
+ ;;
+ *-*-netbsd*)
+ # Don't link with libc until the a.out ld.so is fixed.
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ ;;
+ *)
+ # Add libc to deplibs on all other systems if necessary.
+ if test "$build_libtool_need_lc" = "yes"; then
+ deplibs="$deplibs -lc"
+ fi
+ ;;
+ esac
+ fi
+
+ # Transform deplibs into only deplibs that can be linked in shared.
+ name_save=$name
+ libname_save=$libname
+ release_save=$release
+ versuffix_save=$versuffix
+ major_save=$major
+ # I'm not sure if I'm treating the release correctly. I think
+ # release should show up in the -l (ie -lgmp5) so we don't want to
+ # add it in twice. Is that correct?
+ release=""
+ versuffix=""
+ major=""
+ newdeplibs=
+ droppeddeps=no
+ case $deplibs_check_method in
+ pass_all)
+ # Don't check for shared/static. Everything works.
+ # This might be a little naive. We might want to check
+ # whether the library exists or not. But this is on
+ # osf3 & osf4 and I'm not really sure... Just
+ # implementing what was already the behavior.
+ newdeplibs=$deplibs
+ ;;
+ test_compile)
+ # This code stresses the "libraries are programs" paradigm to its
+ # limits. Maybe even breaks it. We compile a program, linking it
+ # against the deplibs as a proxy for the library. Then we can check
+ # whether they linked in statically or dynamically with ldd.
+ $opt_dry_run || $RM conftest.c
+ cat > conftest.c <<EOF
+ int main() { return 0; }
+EOF
+ $opt_dry_run || $RM conftest
+ if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
+ ldd_output=`ldd conftest`
+ for i in $deplibs; do
+ case $i in
+ -l*)
+ func_stripname -l '' "$i"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+ set dummy $deplib_matches; shift
+ deplib_match=$1
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which I believe you do not have"
+ $ECHO "*** because a test_compile did reveal that the linker did not use it for"
+ $ECHO "*** its dynamic dependency list that programs get resolved with at runtime."
+ fi
+ fi
+ ;;
+ *)
+ newdeplibs="$newdeplibs $i"
+ ;;
+ esac
+ done
+ else
+ # Error occurred in the first compile. Let's try to salvage
+ # the situation: Compile a separate program for each library.
+ for i in $deplibs; do
+ case $i in
+ -l*)
+ func_stripname -l '' "$i"
+ name=$func_stripname_result
+ $opt_dry_run || $RM conftest
+ if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
+ ldd_output=`ldd conftest`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+ set dummy $deplib_matches; shift
+ deplib_match=$1
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because a test_compile did reveal that the linker did not use this one"
+ $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime."
+ fi
+ fi
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning! Library $i is needed by this library but I was not able to"
+ $ECHO "*** make it link in! You will probably need to install it or some"
+ $ECHO "*** library that it depends on before this library will be fully"
+ $ECHO "*** functional. Installing it before continuing would be even better."
+ fi
+ ;;
+ *)
+ newdeplibs="$newdeplibs $i"
+ ;;
+ esac
+ done
+ fi
+ ;;
+ file_magic*)
+ set dummy $deplibs_check_method; shift
+ file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ for a_deplib in $deplibs; do
+ case $a_deplib in
+ -l*)
+ func_stripname -l '' "$a_deplib"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ # Follow soft links.
+ if ls -lLd "$potent_lib" 2>/dev/null |
+ $GREP " -> " >/dev/null; then
+ continue
+ fi
+ # The statement above tries to avoid entering an
+ # endless loop below, in case of cyclic links.
+ # We might still enter an endless loop, since a link
+ # loop can be closed while we follow links,
+ # but so what?
+ potlib="$potent_lib"
+ while test -h "$potlib" 2>/dev/null; do
+ potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+ case $potliblink in
+ [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+ *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+ esac
+ done
+ if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
+ $SED -e 10q |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
+ else
+ $ECHO "*** with $libname and none of the candidates passed a file format test"
+ $ECHO "*** using a file magic. Last file checked: $potlib"
+ fi
+ fi
+ ;;
+ *)
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ ;;
+ esac
+ done # Gone through all deplibs.
+ ;;
+ match_pattern*)
+ set dummy $deplibs_check_method; shift
+ match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ for a_deplib in $deplibs; do
+ case $a_deplib in
+ -l*)
+ func_stripname -l '' "$a_deplib"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ potlib="$potent_lib" # see symlink-check above in file_magic test
+ if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \
+ $EGREP "$match_pattern_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
+ else
+ $ECHO "*** with $libname and none of the candidates passed a file format test"
+ $ECHO "*** using a regex pattern. Last file checked: $potlib"
+ fi
+ fi
+ ;;
+ *)
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ ;;
+ esac
+ done # Gone through all deplibs.
+ ;;
+ none | unknown | *)
+ newdeplibs=""
+ tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \
+ -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ for i in $predeps $postdeps ; do
+ # can't use Xsed below, because $i might contain '/'
+ tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"`
+ done
+ fi
+ if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' |
+ $GREP . >/dev/null; then
+ $ECHO
+ if test "X$deplibs_check_method" = "Xnone"; then
+ $ECHO "*** Warning: inter-library dependencies are not supported in this platform."
+ else
+ $ECHO "*** Warning: inter-library dependencies are not known to be supported."
+ fi
+ $ECHO "*** All declared inter-library dependencies are being dropped."
+ droppeddeps=yes
+ fi
+ ;;
+ esac
+ versuffix=$versuffix_save
+ major=$major_save
+ release=$release_save
+ libname=$libname_save
+ name=$name_save
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library with the System framework
+ newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ ;;
+ esac
+
+ if test "$droppeddeps" = yes; then
+ if test "$module" = yes; then
+ $ECHO
+ $ECHO "*** Warning: libtool could not satisfy all declared inter-library"
+ $ECHO "*** dependencies of module $libname. Therefore, libtool will create"
+ $ECHO "*** a static module, that should work as long as the dlopening"
+ $ECHO "*** application is linked with the -dlopen flag."
+ if test -z "$global_symbol_pipe"; then
+ $ECHO
+ $ECHO "*** However, this would only work if libtool was able to extract symbol"
+ $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $ECHO "*** not find such a program. So, this module is probably useless."
+ $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ else
+ $ECHO "*** The inter-library dependencies that have been dropped here will be"
+ $ECHO "*** automatically added whenever a program is linked with this library"
+ $ECHO "*** or is declared to -dlopen it."
+
+ if test "$allow_undefined" = no; then
+ $ECHO
+ $ECHO "*** Since this library must not contain undefined symbols,"
+ $ECHO "*** because either the platform does not support them or"
+ $ECHO "*** it was explicitly requested with -no-undefined,"
+ $ECHO "*** libtool will only create a static version of it."
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ fi
+ fi
+ # Done checking deplibs!
+ deplibs=$newdeplibs
+ fi
+ # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+ case $host in
+ *-*-darwin*)
+ newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ ;;
+ esac
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ deplibs="$new_libs"
+
+ # All the library-specific variables (install_libdir is set above).
+ library_names=
+ old_library=
+ dlname=
+
+ # Test again, we may have decided not to build it any more
+ if test "$build_libtool_libs" = yes; then
+ if test "$hardcode_into_libs" = yes; then
+ # Hardcode the library paths
+ hardcode_libdirs=
+ dep_rpath=
+ rpath="$finalize_rpath"
+ test "$mode" != relink && rpath="$compile_rpath$rpath"
+ for libdir in $rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ dep_rpath="$dep_rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ if test -n "$hardcode_libdir_flag_spec_ld"; then
+ eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+ else
+ eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+ fi
+ fi
+ if test -n "$runpath_var" && test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+ fi
+ test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+ fi
+
+ shlibpath="$finalize_shlibpath"
+ test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ if test -n "$shlibpath"; then
+ eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+ fi
+
+ # Get the real and link names of the library.
+ eval shared_ext=\"$shrext_cmds\"
+ eval library_names=\"$library_names_spec\"
+ set dummy $library_names
+ shift
+ realname="$1"
+ shift
+
+ if test -n "$soname_spec"; then
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+ if test -z "$dlname"; then
+ dlname=$soname
+ fi
+
+ lib="$output_objdir/$realname"
+ linknames=
+ for link
+ do
+ linknames="$linknames $link"
+ done
+
+ # Use standard objects if they are pic
+ test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ test "X$libobjs" = "X " && libobjs=
+
+ delfiles=
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
+ export_symbols="$output_objdir/$libname.uexp"
+ delfiles="$delfiles $export_symbols"
+ fi
+
+ orig_export_symbols=
+ case $host_os in
+ cygwin* | mingw* | cegcc*)
+ if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
+ # exporting using user supplied symfile
+ if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
+ # and it's NOT already a .def file. Must figure out
+ # which of the given symbols are data symbols and tag
+ # them as such. So, trigger use of export_symbols_cmds.
+ # export_symbols gets reassigned inside the "prepare
+ # the list of exported symbols" if statement, so the
+ # include_expsyms logic still works.
+ orig_export_symbols="$export_symbols"
+ export_symbols=
+ always_export_symbols=yes
+ fi
+ fi
+ ;;
+ esac
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+ func_verbose "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $opt_dry_run || $RM $export_symbols
+ cmds=$export_symbols_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ func_len " $cmd"
+ len=$func_len_result
+ if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ func_show_eval "$cmd" 'exit $?'
+ skipped_export=false
+ else
+ # The command line is too long to execute in one step.
+ func_verbose "using reloadable object file for export list..."
+ skipped_export=:
+ # Break out early, otherwise skipped_export may be
+ # set to false by a later but shorter cmd.
+ break
+ fi
+ done
+ IFS="$save_ifs"
+ if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then
+ func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+ fi
+
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ tmp_export_symbols="$export_symbols"
+ test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ fi
+
+ if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then
+ # The given exports_symbols file has to be filtered, so filter it.
+ func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ # FIXME: $output_objdir/$libname.filter potentially contains lots of
+ # 's' commands which not all seds can handle. GNU sed should be fine
+ # though. Also, the filter scales superlinearly with the number of
+ # global variables. join(1) would be nice here, but unfortunately
+ # isn't a blessed tool.
+ $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+ delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ export_symbols=$output_objdir/$libname.def
+ $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+ fi
+
+ tmp_deplibs=
+ for test_deplib in $deplibs; do
+ case " $convenience " in
+ *" $test_deplib "*) ;;
+ *)
+ tmp_deplibs="$tmp_deplibs $test_deplib"
+ ;;
+ esac
+ done
+ deplibs="$tmp_deplibs"
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec" &&
+ test "$compiler_needs_object" = yes &&
+ test -z "$libobjs"; then
+ # extract the archives, so we have objects to list.
+ # TODO: could optimize this to just extract one archive.
+ whole_archive_flag_spec=
+ fi
+ if test -n "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ test "X$libobjs" = "X " && libobjs=
+ else
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ libobjs="$libobjs $func_extract_archives_result"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+ fi
+
+ if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+ eval flag=\"$thread_safe_flag_spec\"
+ linker_flags="$linker_flags $flag"
+ fi
+
+ # Make a backup of the uninstalled library when relinking
+ if test "$mode" = relink; then
+ $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
+ fi
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ eval test_cmds=\"$module_expsym_cmds\"
+ cmds=$module_expsym_cmds
+ else
+ eval test_cmds=\"$module_cmds\"
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ eval test_cmds=\"$archive_expsym_cmds\"
+ cmds=$archive_expsym_cmds
+ else
+ eval test_cmds=\"$archive_cmds\"
+ cmds=$archive_cmds
+ fi
+ fi
+
+ if test "X$skipped_export" != "X:" &&
+ func_len " $test_cmds" &&
+ len=$func_len_result &&
+ test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ :
+ else
+ # The command line is too long to link in one step, link piecewise
+ # or, if using GNU ld and skipped_export is not :, use a linker
+ # script.
+
+ # Save the value of $output and $libobjs because we want to
+ # use them later. If we have whole_archive_flag_spec, we
+ # want to use save_libobjs as it was before
+ # whole_archive_flag_spec was expanded, because we can't
+ # assume the linker understands whole_archive_flag_spec.
+ # This may have to be revisited, in case too many
+ # convenience libraries get linked in and end up exceeding
+ # the spec.
+ if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ fi
+ save_output=$output
+ output_la=`$ECHO "X$output" | $Xsed -e "$basename"`
+
+ # Clear the reloadable object creation command queue and
+ # initialize k to one.
+ test_cmds=
+ concat_cmds=
+ objlist=
+ last_robj=
+ k=1
+
+ if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then
+ output=${output_objdir}/${output_la}.lnkscript
+ func_verbose "creating GNU ld script: $output"
+ $ECHO 'INPUT (' > $output
+ for obj in $save_libobjs
+ do
+ $ECHO "$obj" >> $output
+ done
+ $ECHO ')' >> $output
+ delfiles="$delfiles $output"
+ elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then
+ output=${output_objdir}/${output_la}.lnk
+ func_verbose "creating linker input file list: $output"
+ : > $output
+ set x $save_libobjs
+ shift
+ firstobj=
+ if test "$compiler_needs_object" = yes; then
+ firstobj="$1 "
+ shift
+ fi
+ for obj
+ do
+ $ECHO "$obj" >> $output
+ done
+ delfiles="$delfiles $output"
+ output=$firstobj\"$file_list_spec$output\"
+ else
+ if test -n "$save_libobjs"; then
+ func_verbose "creating reloadable object files..."
+ output=$output_objdir/$output_la-${k}.$objext
+ eval test_cmds=\"$reload_cmds\"
+ func_len " $test_cmds"
+ len0=$func_len_result
+ len=$len0
+
+ # Loop over the list of objects to be linked.
+ for obj in $save_libobjs
+ do
+ func_len " $obj"
+ func_arith $len + $func_len_result
+ len=$func_arith_result
+ if test "X$objlist" = X ||
+ test "$len" -lt "$max_cmd_len"; then
+ func_append objlist " $obj"
+ else
+ # The command $test_cmds is almost too long, add a
+ # command to the queue.
+ if test "$k" -eq 1 ; then
+ # The first file doesn't have a previous command to add.
+ eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+ else
+ # All subsequent reloadable object files will link in
+ # the last one created.
+ eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\"
+ fi
+ last_robj=$output_objdir/$output_la-${k}.$objext
+ func_arith $k + 1
+ k=$func_arith_result
+ output=$output_objdir/$output_la-${k}.$objext
+ objlist=$obj
+ func_len " $last_robj"
+ func_arith $len0 + $func_len_result
+ len=$func_arith_result
+ fi
+ done
+ # Handle the remaining objects by creating one last
+ # reloadable object file. All subsequent reloadable object
+ # files will link in the last one created.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+ if test -n "$last_robj"; then
+ eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\"
+ fi
+ delfiles="$delfiles $output"
+
+ else
+ output=
+ fi
+
+ if ${skipped_export-false}; then
+ func_verbose "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $opt_dry_run || $RM $export_symbols
+ libobjs=$output
+ # Append the command to create the export file.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
+ if test -n "$last_robj"; then
+ eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
+ fi
+ fi
+
+ test -n "$save_libobjs" &&
+ func_verbose "creating a temporary reloadable object file: $output"
+
+ # Loop through the commands generated above and execute them.
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $concat_cmds; do
+ IFS="$save_ifs"
+ $opt_silent || {
+ func_quote_for_expand "$cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ $opt_dry_run || eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ ( cd "$output_objdir" && \
+ $RM "${realname}T" && \
+ $MV "${realname}U" "$realname" )
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ if test -n "$export_symbols_regex" && ${skipped_export-false}; then
+ func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+
+ if ${skipped_export-false}; then
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ tmp_export_symbols="$export_symbols"
+ test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ fi
+
+ if test -n "$orig_export_symbols"; then
+ # The given exports_symbols file has to be filtered, so filter it.
+ func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ # FIXME: $output_objdir/$libname.filter potentially contains lots of
+ # 's' commands which not all seds can handle. GNU sed should be fine
+ # though. Also, the filter scales superlinearly with the number of
+ # global variables. join(1) would be nice here, but unfortunately
+ # isn't a blessed tool.
+ $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+ delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ export_symbols=$output_objdir/$libname.def
+ $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+ fi
+ fi
+
+ libobjs=$output
+ # Restore the value of output.
+ output=$save_output
+
+ if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+ # Expand the library linking commands again to reset the
+ # value of $libobjs for piecewise linking.
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ cmds=$module_expsym_cmds
+ else
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ cmds=$archive_expsym_cmds
+ else
+ cmds=$archive_cmds
+ fi
+ fi
+ fi
+
+ if test -n "$delfiles"; then
+ # Append the command to remove temporary files to $cmds.
+ eval cmds=\"\$cmds~\$RM $delfiles\"
+ fi
+
+ # Add any objects from preloaded convenience libraries
+ if test -n "$dlprefiles"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $dlprefiles
+ libobjs="$libobjs $func_extract_archives_result"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $opt_silent || {
+ func_quote_for_expand "$cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ $opt_dry_run || eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ ( cd "$output_objdir" && \
+ $RM "${realname}T" && \
+ $MV "${realname}U" "$realname" )
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
+
+ if test -n "$convenience"; then
+ if test -z "$whole_archive_flag_spec"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ # Create links to the real library.
+ for linkname in $linknames; do
+ if test "$realname" != "$linkname"; then
+ func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
+ fi
+ done
+
+ # If -module or -export-dynamic was specified, set the dlname.
+ if test "$module" = yes || test "$export_dynamic" = yes; then
+ # On all known operating systems, these are identical.
+ dlname="$soname"
+ fi
+ fi
+ ;;
+
+ obj)
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ func_warning "\`-dlopen' is ignored for objects"
+ fi
+
+ case " $deplibs" in
+ *\ -l* | *\ -L*)
+ func_warning "\`-l' and \`-L' are ignored for objects" ;;
+ esac
+
+ test -n "$rpath" && \
+ func_warning "\`-rpath' is ignored for objects"
+
+ test -n "$xrpath" && \
+ func_warning "\`-R' is ignored for objects"
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info' is ignored for objects"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for objects"
+
+ case $output in
+ *.lo)
+ test -n "$objs$old_deplibs" && \
+ func_fatal_error "cannot build library object \`$output' from non-libtool objects"
+
+ libobj=$output
+ func_lo2o "$libobj"
+ obj=$func_lo2o_result
+ ;;
+ *)
+ libobj=
+ obj="$output"
+ ;;
+ esac
+
+ # Delete the old objects.
+ $opt_dry_run || $RM $obj $libobj
+
+ # Objects from convenience libraries. This assumes
+ # single-version convenience libraries. Whenever we create
+ # different ones for PIC/non-PIC, this we'll have to duplicate
+ # the extraction.
+ reload_conv_objs=
+ gentop=
+ # reload_cmds runs $LD directly, so let us get rid of
+ # -Wl from whole_archive_flag_spec and hope we can get by with
+ # turning comma into space..
+ wl=
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
+ reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
+ else
+ gentop="$output_objdir/${obj}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ reload_conv_objs="$reload_objs $func_extract_archives_result"
+ fi
+ fi
+
+ # Create the old-style object.
+ reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+ output="$obj"
+ func_execute_cmds "$reload_cmds" 'exit $?'
+
+ # Exit if we aren't doing a library object file.
+ if test -z "$libobj"; then
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$build_libtool_libs" != yes; then
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ # Create an invalid libtool object if no PIC, so that we don't
+ # accidentally link it into a program.
+ # $show "echo timestamp > $libobj"
+ # $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test -n "$pic_flag" || test "$pic_mode" != default; then
+ # Only do commands if we really have different PIC objects.
+ reload_objs="$libobjs $reload_conv_objs"
+ output="$libobj"
+ func_execute_cmds "$reload_cmds" 'exit $?'
+ fi
+
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ prog)
+ case $host in
+ *cygwin*) func_stripname '' '.exe' "$output"
+ output=$func_stripname_result.exe;;
+ esac
+ test -n "$vinfo" && \
+ func_warning "\`-version-info' is ignored for programs"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for programs"
+
+ test "$preload" = yes \
+ && test "$dlopen_support" = unknown \
+ && test "$dlopen_self" = unknown \
+ && test "$dlopen_self_static" = unknown && \
+ func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support."
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ ;;
+ esac
+
+ case $host in
+ *-*-darwin*)
+ # Don't allow lazy linking, it breaks C++ global constructors
+ # But is supposedly fixed on 10.4 or later (yay!).
+ if test "$tagname" = CXX ; then
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
+ 10.[0123])
+ compile_command="$compile_command ${wl}-bind_at_load"
+ finalize_command="$finalize_command ${wl}-bind_at_load"
+ ;;
+ esac
+ fi
+ # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+ compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ ;;
+ esac
+
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $compile_deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $compile_deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ compile_deplibs="$new_libs"
+
+
+ compile_command="$compile_command $compile_deplibs"
+ finalize_command="$finalize_command $finalize_deplibs"
+
+ if test -n "$rpath$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ for libdir in $rpath $xrpath; do
+ # This is the magic to use -rpath.
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ fi
+
+ # Now hardcode the library paths
+ rpath=
+ hardcode_libdirs=
+ for libdir in $compile_rpath $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$libdir:"*) ;;
+ ::) dllsearchpath=$libdir;;
+ *) dllsearchpath="$dllsearchpath:$libdir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ ::) dllsearchpath=$testbindir;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ compile_rpath="$rpath"
+
+ rpath=
+ hardcode_libdirs=
+ for libdir in $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$finalize_perm_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ finalize_rpath="$rpath"
+
+ if test -n "$libobjs" && test "$build_old_libs" = yes; then
+ # Transform all the library objects into standard objects.
+ compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ fi
+
+ func_generate_dlsyms "$outputname" "@PROGRAM@" "no"
+
+ # template prelinking step
+ if test -n "$prelink_cmds"; then
+ func_execute_cmds "$prelink_cmds" 'exit $?'
+ fi
+
+ wrappers_required=yes
+ case $host in
+ *cygwin* | *mingw* )
+ if test "$build_libtool_libs" != yes; then
+ wrappers_required=no
+ fi
+ ;;
+ *cegcc)
+ # Disable wrappers for cegcc, we are cross compiling anyway.
+ wrappers_required=no
+ ;;
+ *)
+ if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+ wrappers_required=no
+ fi
+ ;;
+ esac
+ if test "$wrappers_required" = no; then
+ # Replace the output file specification.
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ link_command="$compile_command$compile_rpath"
+
+ # We have no uninstalled library dependencies, so finalize right now.
+ exit_status=0
+ func_show_eval "$link_command" 'exit_status=$?'
+
+ # Delete the generated files.
+ if test -f "$output_objdir/${outputname}S.${objext}"; then
+ func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"'
+ fi
+
+ exit $exit_status
+ fi
+
+ if test -n "$compile_shlibpath$finalize_shlibpath"; then
+ compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+ fi
+ if test -n "$finalize_shlibpath"; then
+ finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+ fi
+
+ compile_var=
+ finalize_var=
+ if test -n "$runpath_var"; then
+ if test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ if test -n "$finalize_perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $finalize_perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ fi
+
+ if test "$no_install" = yes; then
+ # We don't need to create a wrapper script.
+ link_command="$compile_var$compile_command$compile_rpath"
+ # Replace the output file specification.
+ link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ # Delete the old output file.
+ $opt_dry_run || $RM $output
+ # Link the executable and exit
+ func_show_eval "$link_command" 'exit $?'
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+ func_warning "this platform does not like uninstalled shared libraries"
+ func_warning "\`$output' will be relinked during installation"
+ else
+ if test "$fast_install" != no; then
+ link_command="$finalize_var$compile_command$finalize_rpath"
+ if test "$fast_install" = yes; then
+ relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+ else
+ # fast_install is set to needless
+ relink_command=
+ fi
+ else
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+ fi
+ fi
+
+ # Replace the output file specification.
+ link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+ # Delete the old output files.
+ $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+ func_show_eval "$link_command" 'exit $?'
+
+ # Now create the wrapper script.
+ func_verbose "creating $output"
+
+ # Quote the relink command for shipping.
+ if test -n "$relink_command"; then
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ func_quote_for_eval "$var_value"
+ relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+ fi
+ done
+ relink_command="(cd `pwd`; $relink_command)"
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Quote $ECHO for shipping.
+ if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then
+ case $progpath in
+ [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+ *) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+ esac
+ qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"`
+ else
+ qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Only actually do things if not in dry run mode.
+ $opt_dry_run || {
+ # win32 will think the script is a binary if it has
+ # a .exe suffix, so we strip it off here.
+ case $output in
+ *.exe) func_stripname '' '.exe' "$output"
+ output=$func_stripname_result ;;
+ esac
+ # test for cygwin because mv fails w/o .exe extensions
+ case $host in
+ *cygwin*)
+ exeext=.exe
+ func_stripname '' '.exe' "$outputname"
+ outputname=$func_stripname_result ;;
+ *) exeext= ;;
+ esac
+ case $host in
+ *cygwin* | *mingw* )
+ func_dirname_and_basename "$output" "" "."
+ output_name=$func_basename_result
+ output_path=$func_dirname_result
+ cwrappersource="$output_path/$objdir/lt-$output_name.c"
+ cwrapper="$output_path/$output_name.exe"
+ $RM $cwrappersource $cwrapper
+ trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+ func_emit_cwrapperexe_src > $cwrappersource
+
+ # The wrapper executable is built using the $host compiler,
+ # because it contains $host paths and files. If cross-
+ # compiling, it, like the target executable, must be
+ # executed on the $host or under an emulation environment.
+ $opt_dry_run || {
+ $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
+ $STRIP $cwrapper
+ }
+
+ # Now, create the wrapper script for func_source use:
+ func_ltwrapper_scriptname $cwrapper
+ $RM $func_ltwrapper_scriptname_result
+ trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
+ $opt_dry_run || {
+ # note: this script will not be executed, so do not chmod.
+ if test "x$build" = "x$host" ; then
+ $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
+ else
+ func_emit_wrapper no > $func_ltwrapper_scriptname_result
+ fi
+ }
+ ;;
+ * )
+ $RM $output
+ trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
+
+ func_emit_wrapper no > $output
+ chmod +x $output
+ ;;
+ esac
+ }
+ exit $EXIT_SUCCESS
+ ;;
+ esac
+
+ # See if we need to build an old-fashioned archive.
+ for oldlib in $oldlibs; do
+
+ if test "$build_libtool_libs" = convenience; then
+ oldobjs="$libobjs_save $symfileobj"
+ addlibs="$convenience"
+ build_libtool_libs=no
+ else
+ if test "$build_libtool_libs" = module; then
+ oldobjs="$libobjs_save"
+ build_libtool_libs=no
+ else
+ oldobjs="$old_deplibs $non_pic_objects"
+ if test "$preload" = yes && test -f "$symfileobj"; then
+ oldobjs="$oldobjs $symfileobj"
+ fi
+ fi
+ addlibs="$old_convenience"
+ fi
+
+ if test -n "$addlibs"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $addlibs
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # Do each command in the archive commands.
+ if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+ cmds=$old_archive_from_new_cmds
+ else
+
+ # Add any objects from preloaded convenience libraries
+ if test -n "$dlprefiles"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $dlprefiles
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # POSIX demands no paths to be encoded in archives. We have
+ # to avoid creating archives with duplicate basenames if we
+ # might have to extract them afterwards, e.g., when creating a
+ # static archive out of a convenience library, or when linking
+ # the entirety of a libtool archive into another (currently
+ # not supported by libtool).
+ if (for obj in $oldobjs
+ do
+ func_basename "$obj"
+ $ECHO "$func_basename_result"
+ done | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $ECHO "copying selected object files to avoid basename conflicts..."
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+ func_mkdir_p "$gentop"
+ save_oldobjs=$oldobjs
+ oldobjs=
+ counter=1
+ for obj in $save_oldobjs
+ do
+ func_basename "$obj"
+ objbase="$func_basename_result"
+ case " $oldobjs " in
+ " ") oldobjs=$obj ;;
+ *[\ /]"$objbase "*)
+ while :; do
+ # Make sure we don't pick an alternate name that also
+ # overlaps.
+ newobj=lt$counter-$objbase
+ func_arith $counter + 1
+ counter=$func_arith_result
+ case " $oldobjs " in
+ *[\ /]"$newobj "*) ;;
+ *) if test ! -f "$gentop/$newobj"; then break; fi ;;
+ esac
+ done
+ func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+ oldobjs="$oldobjs $gentop/$newobj"
+ ;;
+ *) oldobjs="$oldobjs $obj" ;;
+ esac
+ done
+ fi
+ eval cmds=\"$old_archive_cmds\"
+
+ func_len " $cmds"
+ len=$func_len_result
+ if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ cmds=$old_archive_cmds
+ else
+ # the command line is too long to link in one step, link in parts
+ func_verbose "using piecewise archive linking..."
+ save_RANLIB=$RANLIB
+ RANLIB=:
+ objlist=
+ concat_cmds=
+ save_oldobjs=$oldobjs
+ oldobjs=
+ # Is there a better way of finding the last object in the list?
+ for obj in $save_oldobjs
+ do
+ last_oldobj=$obj
+ done
+ eval test_cmds=\"$old_archive_cmds\"
+ func_len " $test_cmds"
+ len0=$func_len_result
+ len=$len0
+ for obj in $save_oldobjs
+ do
+ func_len " $obj"
+ func_arith $len + $func_len_result
+ len=$func_arith_result
+ func_append objlist " $obj"
+ if test "$len" -lt "$max_cmd_len"; then
+ :
+ else
+ # the above command should be used before it gets too long
+ oldobjs=$objlist
+ if test "$obj" = "$last_oldobj" ; then
+ RANLIB=$save_RANLIB
+ fi
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+ objlist=
+ len=$len0
+ fi
+ done
+ RANLIB=$save_RANLIB
+ oldobjs=$objlist
+ if test "X$oldobjs" = "X" ; then
+ eval cmds=\"\$concat_cmds\"
+ else
+ eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+ fi
+ fi
+ fi
+ func_execute_cmds "$cmds" 'exit $?'
+ done
+
+ test -n "$generated" && \
+ func_show_eval "${RM}r$generated"
+
+ # Now create the libtool archive.
+ case $output in
+ *.la)
+ old_library=
+ test "$build_old_libs" = yes && old_library="$libname.$libext"
+ func_verbose "creating $output"
+
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ func_quote_for_eval "$var_value"
+ relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+ fi
+ done
+ # Quote the link command for shipping.
+ relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ if test "$hardcode_automatic" = yes ; then
+ relink_command=
+ fi
+
+ # Only create the output if not a dry run.
+ $opt_dry_run || {
+ for installed in no yes; do
+ if test "$installed" = yes; then
+ if test -z "$install_libdir"; then
+ break
+ fi
+ output="$output_objdir/$outputname"i
+ # Replace all uninstalled libtool libraries with the installed ones
+ newdependency_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ *.la)
+ func_basename "$deplib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$deplib' is not a valid libtool archive"
+ newdependency_libs="$newdependency_libs $libdir/$name"
+ ;;
+ *) newdependency_libs="$newdependency_libs $deplib" ;;
+ esac
+ done
+ dependency_libs="$newdependency_libs"
+ newdlfiles=
+
+ for lib in $dlfiles; do
+ case $lib in
+ *.la)
+ func_basename "$lib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$lib' is not a valid libtool archive"
+ newdlfiles="$newdlfiles $libdir/$name"
+ ;;
+ *) newdlfiles="$newdlfiles $lib" ;;
+ esac
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ *.la)
+ # Only pass preopened files to the pseudo-archive (for
+ # eventual linking with the app. that links it) if we
+ # didn't already link the preopened objects directly into
+ # the library:
+ func_basename "$lib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$lib' is not a valid libtool archive"
+ newdlprefiles="$newdlprefiles $libdir/$name"
+ ;;
+ esac
+ done
+ dlprefiles="$newdlprefiles"
+ else
+ newdlfiles=
+ for lib in $dlfiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlfiles="$newdlfiles $abs"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlprefiles="$newdlprefiles $abs"
+ done
+ dlprefiles="$newdlprefiles"
+ fi
+ $RM $output
+ # place dlname in correct position for cygwin
+ tdlname=$dlname
+ case $host,$output,$installed,$module,$dlname in
+ *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+ esac
+ $ECHO > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Linker flags that can not go in dependency_libs.
+inherited_linker_flags='$new_inherited_linker_flags'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Names of additional weak libraries provided by this library
+weak_library_names='$weak_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+ if test "$installed" = no && test "$need_relink" = yes; then
+ $ECHO >> $output "\
+relink_command=\"$relink_command\""
+ fi
+ done
+ }
+
+ # Do a symbolic link so that the libtool archive can be found in
+ # LD_LIBRARY_PATH before the program is installed.
+ func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
+ ;;
+ esac
+ exit $EXIT_SUCCESS
+}
+
+{ test "$mode" = link || test "$mode" = relink; } &&
+ func_mode_link ${1+"$@"}
+
+
+# func_mode_uninstall arg...
+func_mode_uninstall ()
+{
+ $opt_debug
+ RM="$nonopt"
+ files=
+ rmforce=
+ exit_status=0
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ for arg
+ do
+ case $arg in
+ -f) RM="$RM $arg"; rmforce=yes ;;
+ -*) RM="$RM $arg" ;;
+ *) files="$files $arg" ;;
+ esac
+ done
+
+ test -z "$RM" && \
+ func_fatal_help "you must specify an RM program"
+
+ rmdirs=
+
+ origobjdir="$objdir"
+ for file in $files; do
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+ if test "X$dir" = X.; then
+ objdir="$origobjdir"
+ else
+ objdir="$dir/$origobjdir"
+ fi
+ func_basename "$file"
+ name="$func_basename_result"
+ test "$mode" = uninstall && objdir="$dir"
+
+ # Remember objdir for removal later, being careful to avoid duplicates
+ if test "$mode" = clean; then
+ case " $rmdirs " in
+ *" $objdir "*) ;;
+ *) rmdirs="$rmdirs $objdir" ;;
+ esac
+ fi
+
+ # Don't error if the file doesn't exist and rm -f was used.
+ if { test -L "$file"; } >/dev/null 2>&1 ||
+ { test -h "$file"; } >/dev/null 2>&1 ||
+ test -f "$file"; then
+ :
+ elif test -d "$file"; then
+ exit_status=1
+ continue
+ elif test "$rmforce" = yes; then
+ continue
+ fi
+
+ rmfiles="$file"
+
+ case $name in
+ *.la)
+ # Possibly a libtool archive, so verify it.
+ if func_lalib_p "$file"; then
+ func_source $dir/$name
+
+ # Delete the libtool libraries and symlinks.
+ for n in $library_names; do
+ rmfiles="$rmfiles $objdir/$n"
+ done
+ test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+ case "$mode" in
+ clean)
+ case " $library_names " in
+ # " " in the beginning catches empty $dlname
+ *" $dlname "*) ;;
+ *) rmfiles="$rmfiles $objdir/$dlname" ;;
+ esac
+ test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+ ;;
+ uninstall)
+ if test -n "$library_names"; then
+ # Do each command in the postuninstall commands.
+ func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ fi
+
+ if test -n "$old_library"; then
+ # Do each command in the old_postuninstall commands.
+ func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ fi
+ # FIXME: should reinstall the best remaining shared library.
+ ;;
+ esac
+ fi
+ ;;
+
+ *.lo)
+ # Possibly a libtool object, so verify it.
+ if func_lalib_p "$file"; then
+
+ # Read the .lo file
+ func_source $dir/$name
+
+ # Add PIC object to the list of files to remove.
+ if test -n "$pic_object" &&
+ test "$pic_object" != none; then
+ rmfiles="$rmfiles $dir/$pic_object"
+ fi
+
+ # Add non-PIC object to the list of files to remove.
+ if test -n "$non_pic_object" &&
+ test "$non_pic_object" != none; then
+ rmfiles="$rmfiles $dir/$non_pic_object"
+ fi
+ fi
+ ;;
+
+ *)
+ if test "$mode" = clean ; then
+ noexename=$name
+ case $file in
+ *.exe)
+ func_stripname '' '.exe' "$file"
+ file=$func_stripname_result
+ func_stripname '' '.exe' "$name"
+ noexename=$func_stripname_result
+ # $file with .exe has already been added to rmfiles,
+ # add $file without .exe
+ rmfiles="$rmfiles $file"
+ ;;
+ esac
+ # Do a test to see if this is a libtool program.
+ if func_ltwrapper_p "$file"; then
+ if func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ relink_command=
+ func_source $func_ltwrapper_scriptname_result
+ rmfiles="$rmfiles $func_ltwrapper_scriptname_result"
+ else
+ relink_command=
+ func_source $dir/$noexename
+ fi
+
+ # note $name still contains .exe if it was in $file originally
+ # as does the version of $file that was added into $rmfiles
+ rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+ if test "$fast_install" = yes && test -n "$relink_command"; then
+ rmfiles="$rmfiles $objdir/lt-$name"
+ fi
+ if test "X$noexename" != "X$name" ; then
+ rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+ fi
+ fi
+ fi
+ ;;
+ esac
+ func_show_eval "$RM $rmfiles" 'exit_status=1'
+ done
+ objdir="$origobjdir"
+
+ # Try to remove the ${objdir}s in the directories where we deleted files
+ for dir in $rmdirs; do
+ if test -d "$dir"; then
+ func_show_eval "rmdir $dir >/dev/null 2>&1"
+ fi
+ done
+
+ exit $exit_status
+}
+
+{ test "$mode" = uninstall || test "$mode" = clean; } &&
+ func_mode_uninstall ${1+"$@"}
+
+test -z "$mode" && {
+ help="$generic_help"
+ func_fatal_help "you must specify a MODE"
+}
+
+test -z "$exec_cmd" && \
+ func_fatal_help "invalid operation mode \`$mode'"
+
+if test -n "$exec_cmd"; then
+ eval exec "$exec_cmd"
+ exit $EXIT_FAILURE
+fi
+
+exit $exit_status
+
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries. Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them. This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration. But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+build_libtool_libs=no
+build_old_libs=yes
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
+# vi:sw=2
+
--- /dev/null
+# gettext.m4 serial 60 (gettext-0.17)
+dnl Copyright (C) 1995-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2006.
+
+dnl Macro to add for using GNU gettext.
+
+dnl Usage: AM_GNU_GETTEXT([INTLSYMBOL], [NEEDSYMBOL], [INTLDIR]).
+dnl INTLSYMBOL can be one of 'external', 'no-libtool', 'use-libtool'. The
+dnl default (if it is not specified or empty) is 'no-libtool'.
+dnl INTLSYMBOL should be 'external' for packages with no intl directory,
+dnl and 'no-libtool' or 'use-libtool' for packages with an intl directory.
+dnl If INTLSYMBOL is 'use-libtool', then a libtool library
+dnl $(top_builddir)/intl/libintl.la will be created (shared and/or static,
+dnl depending on --{enable,disable}-{shared,static} and on the presence of
+dnl AM-DISABLE-SHARED). If INTLSYMBOL is 'no-libtool', a static library
+dnl $(top_builddir)/intl/libintl.a will be created.
+dnl If NEEDSYMBOL is specified and is 'need-ngettext', then GNU gettext
+dnl implementations (in libc or libintl) without the ngettext() function
+dnl will be ignored. If NEEDSYMBOL is specified and is
+dnl 'need-formatstring-macros', then GNU gettext implementations that don't
+dnl support the ISO C 99 <inttypes.h> formatstring macros will be ignored.
+dnl INTLDIR is used to find the intl libraries. If empty,
+dnl the value `$(top_builddir)/intl/' is used.
+dnl
+dnl The result of the configuration is one of three cases:
+dnl 1) GNU gettext, as included in the intl subdirectory, will be compiled
+dnl and used.
+dnl Catalog format: GNU --> install in $(datadir)
+dnl Catalog extension: .mo after installation, .gmo in source tree
+dnl 2) GNU gettext has been found in the system's C library.
+dnl Catalog format: GNU --> install in $(datadir)
+dnl Catalog extension: .mo after installation, .gmo in source tree
+dnl 3) No internationalization, always use English msgid.
+dnl Catalog format: none
+dnl Catalog extension: none
+dnl If INTLSYMBOL is 'external', only cases 2 and 3 can occur.
+dnl The use of .gmo is historical (it was needed to avoid overwriting the
+dnl GNU format catalogs when building on a platform with an X/Open gettext),
+dnl but we keep it in order not to force irrelevant filename changes on the
+dnl maintainers.
+dnl
+AC_DEFUN([AM_GNU_GETTEXT],
+[
+ dnl Argument checking.
+ ifelse([$1], [], , [ifelse([$1], [external], , [ifelse([$1], [no-libtool], , [ifelse([$1], [use-libtool], ,
+ [errprint([ERROR: invalid first argument to AM_GNU_GETTEXT
+])])])])])
+ ifelse([$2], [], , [ifelse([$2], [need-ngettext], , [ifelse([$2], [need-formatstring-macros], ,
+ [errprint([ERROR: invalid second argument to AM_GNU_GETTEXT
+])])])])
+ define([gt_included_intl],
+ ifelse([$1], [external],
+ ifdef([AM_GNU_GETTEXT_][INTL_SUBDIR], [yes], [no]),
+ [yes]))
+ define([gt_libtool_suffix_prefix], ifelse([$1], [use-libtool], [l], []))
+ gt_NEEDS_INIT
+ AM_GNU_GETTEXT_NEED([$2])
+
+ AC_REQUIRE([AM_PO_SUBDIRS])dnl
+ ifelse(gt_included_intl, yes, [
+ AC_REQUIRE([AM_INTL_SUBDIR])dnl
+ ])
+
+ dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+
+ dnl Sometimes libintl requires libiconv, so first search for libiconv.
+ dnl Ideally we would do this search only after the
+ dnl if test "$USE_NLS" = "yes"; then
+ dnl if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
+ dnl tests. But if configure.in invokes AM_ICONV after AM_GNU_GETTEXT
+ dnl the configure script would need to contain the same shell code
+ dnl again, outside any 'if'. There are two solutions:
+ dnl - Invoke AM_ICONV_LINKFLAGS_BODY here, outside any 'if'.
+ dnl - Control the expansions in more detail using AC_PROVIDE_IFELSE.
+ dnl Since AC_PROVIDE_IFELSE is only in autoconf >= 2.52 and not
+ dnl documented, we avoid it.
+ ifelse(gt_included_intl, yes, , [
+ AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
+ ])
+
+ dnl Sometimes, on MacOS X, libintl requires linking with CoreFoundation.
+ gt_INTL_MACOSX
+
+ dnl Set USE_NLS.
+ AC_REQUIRE([AM_NLS])
+
+ ifelse(gt_included_intl, yes, [
+ BUILD_INCLUDED_LIBINTL=no
+ USE_INCLUDED_LIBINTL=no
+ ])
+ LIBINTL=
+ LTLIBINTL=
+ POSUB=
+
+ dnl Add a version number to the cache macros.
+ case " $gt_needs " in
+ *" need-formatstring-macros "*) gt_api_version=3 ;;
+ *" need-ngettext "*) gt_api_version=2 ;;
+ *) gt_api_version=1 ;;
+ esac
+ gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc"
+ gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl"
+
+ dnl If we use NLS figure out what method
+ if test "$USE_NLS" = "yes"; then
+ gt_use_preinstalled_gnugettext=no
+ ifelse(gt_included_intl, yes, [
+ AC_MSG_CHECKING([whether included gettext is requested])
+ AC_ARG_WITH(included-gettext,
+ [ --with-included-gettext use the GNU gettext library included here],
+ nls_cv_force_use_gnu_gettext=$withval,
+ nls_cv_force_use_gnu_gettext=no)
+ AC_MSG_RESULT($nls_cv_force_use_gnu_gettext)
+
+ nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext"
+ if test "$nls_cv_force_use_gnu_gettext" != "yes"; then
+ ])
+ dnl User does not insist on using GNU NLS library. Figure out what
+ dnl to use. If GNU gettext is available we use this. Else we have
+ dnl to fall back to GNU NLS library.
+
+ if test $gt_api_version -ge 3; then
+ gt_revision_test_code='
+#ifndef __GNU_GETTEXT_SUPPORTED_REVISION
+#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1)
+#endif
+changequote(,)dnl
+typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1];
+changequote([,])dnl
+'
+ else
+ gt_revision_test_code=
+ fi
+ if test $gt_api_version -ge 2; then
+ gt_expression_test_code=' + * ngettext ("", "", 0)'
+ else
+ gt_expression_test_code=
+ fi
+
+ AC_CACHE_CHECK([for GNU gettext in libc], [$gt_func_gnugettext_libc],
+ [AC_TRY_LINK([#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern int *_nl_domain_bindings;],
+ [bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings],
+ [eval "$gt_func_gnugettext_libc=yes"],
+ [eval "$gt_func_gnugettext_libc=no"])])
+
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then
+ dnl Sometimes libintl requires libiconv, so first search for libiconv.
+ ifelse(gt_included_intl, yes, , [
+ AM_ICONV_LINK
+ ])
+ dnl Search for libintl and define LIBINTL, LTLIBINTL and INCINTL
+ dnl accordingly. Don't use AC_LIB_LINKFLAGS_BODY([intl],[iconv])
+ dnl because that would add "-liconv" to LIBINTL and LTLIBINTL
+ dnl even if libiconv doesn't exist.
+ AC_LIB_LINKFLAGS_BODY([intl])
+ AC_CACHE_CHECK([for GNU gettext in libintl],
+ [$gt_func_gnugettext_libintl],
+ [gt_save_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$CPPFLAGS $INCINTL"
+ gt_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBINTL"
+ dnl Now see whether libintl exists and does not depend on libiconv.
+ AC_TRY_LINK([#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);],
+ [bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")],
+ [eval "$gt_func_gnugettext_libintl=yes"],
+ [eval "$gt_func_gnugettext_libintl=no"])
+ dnl Now see whether libintl exists and depends on libiconv.
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then
+ LIBS="$LIBS $LIBICONV"
+ AC_TRY_LINK([#include <libintl.h>
+$gt_revision_test_code
+extern int _nl_msg_cat_cntr;
+extern
+#ifdef __cplusplus
+"C"
+#endif
+const char *_nl_expand_alias (const char *);],
+ [bindtextdomain ("", "");
+return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("")],
+ [LIBINTL="$LIBINTL $LIBICONV"
+ LTLIBINTL="$LTLIBINTL $LTLIBICONV"
+ eval "$gt_func_gnugettext_libintl=yes"
+ ])
+ fi
+ CPPFLAGS="$gt_save_CPPFLAGS"
+ LIBS="$gt_save_LIBS"])
+ fi
+
+ dnl If an already present or preinstalled GNU gettext() is found,
+ dnl use it. But if this macro is used in GNU gettext, and GNU
+ dnl gettext is already preinstalled in libintl, we update this
+ dnl libintl. (Cf. the install rule in intl/Makefile.in.)
+ if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \
+ || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \
+ && test "$PACKAGE" != gettext-runtime \
+ && test "$PACKAGE" != gettext-tools; }; then
+ gt_use_preinstalled_gnugettext=yes
+ else
+ dnl Reset the values set by searching for libintl.
+ LIBINTL=
+ LTLIBINTL=
+ INCINTL=
+ fi
+
+ ifelse(gt_included_intl, yes, [
+ if test "$gt_use_preinstalled_gnugettext" != "yes"; then
+ dnl GNU gettext is not found in the C library.
+ dnl Fall back on included GNU gettext library.
+ nls_cv_use_gnu_gettext=yes
+ fi
+ fi
+
+ if test "$nls_cv_use_gnu_gettext" = "yes"; then
+ dnl Mark actions used to generate GNU NLS library.
+ BUILD_INCLUDED_LIBINTL=yes
+ USE_INCLUDED_LIBINTL=yes
+ LIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LIBICONV $LIBTHREAD"
+ LTLIBINTL="ifelse([$3],[],\${top_builddir}/intl,[$3])/libintl.[]gt_libtool_suffix_prefix[]a $LTLIBICONV $LTLIBTHREAD"
+ LIBS=`echo " $LIBS " | sed -e 's/ -lintl / /' -e 's/^ //' -e 's/ $//'`
+ fi
+
+ CATOBJEXT=
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ dnl Mark actions to use GNU gettext tools.
+ CATOBJEXT=.gmo
+ fi
+ ])
+
+ if test -n "$INTL_MACOSX_LIBS"; then
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ dnl Some extra flags are needed during linking.
+ LIBINTL="$LIBINTL $INTL_MACOSX_LIBS"
+ LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS"
+ fi
+ fi
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes" \
+ || test "$nls_cv_use_gnu_gettext" = "yes"; then
+ AC_DEFINE(ENABLE_NLS, 1,
+ [Define to 1 if translation of program messages to the user's native language
+ is requested.])
+ else
+ USE_NLS=no
+ fi
+ fi
+
+ AC_MSG_CHECKING([whether to use NLS])
+ AC_MSG_RESULT([$USE_NLS])
+ if test "$USE_NLS" = "yes"; then
+ AC_MSG_CHECKING([where the gettext function comes from])
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ gt_source="external libintl"
+ else
+ gt_source="libc"
+ fi
+ else
+ gt_source="included intl directory"
+ fi
+ AC_MSG_RESULT([$gt_source])
+ fi
+
+ if test "$USE_NLS" = "yes"; then
+
+ if test "$gt_use_preinstalled_gnugettext" = "yes"; then
+ if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then
+ AC_MSG_CHECKING([how to link with libintl])
+ AC_MSG_RESULT([$LIBINTL])
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCINTL])
+ fi
+
+ dnl For backward compatibility. Some packages may be using this.
+ AC_DEFINE(HAVE_GETTEXT, 1,
+ [Define if the GNU gettext() function is already present or preinstalled.])
+ AC_DEFINE(HAVE_DCGETTEXT, 1,
+ [Define if the GNU dcgettext() function is already present or preinstalled.])
+ fi
+
+ dnl We need to process the po/ directory.
+ POSUB=po
+ fi
+
+ ifelse(gt_included_intl, yes, [
+ dnl If this is used in GNU gettext we have to set BUILD_INCLUDED_LIBINTL
+ dnl to 'yes' because some of the testsuite requires it.
+ if test "$PACKAGE" = gettext-runtime || test "$PACKAGE" = gettext-tools; then
+ BUILD_INCLUDED_LIBINTL=yes
+ fi
+
+ dnl Make all variables we use known to autoconf.
+ AC_SUBST(BUILD_INCLUDED_LIBINTL)
+ AC_SUBST(USE_INCLUDED_LIBINTL)
+ AC_SUBST(CATOBJEXT)
+
+ dnl For backward compatibility. Some configure.ins may be using this.
+ nls_cv_header_intl=
+ nls_cv_header_libgt=
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ DATADIRNAME=share
+ AC_SUBST(DATADIRNAME)
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ INSTOBJEXT=.mo
+ AC_SUBST(INSTOBJEXT)
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ GENCAT=gencat
+ AC_SUBST(GENCAT)
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ INTLOBJS=
+ if test "$USE_INCLUDED_LIBINTL" = yes; then
+ INTLOBJS="\$(GETTOBJS)"
+ fi
+ AC_SUBST(INTLOBJS)
+
+ dnl Enable libtool support if the surrounding package wishes it.
+ INTL_LIBTOOL_SUFFIX_PREFIX=gt_libtool_suffix_prefix
+ AC_SUBST(INTL_LIBTOOL_SUFFIX_PREFIX)
+ ])
+
+ dnl For backward compatibility. Some Makefiles may be using this.
+ INTLLIBS="$LIBINTL"
+ AC_SUBST(INTLLIBS)
+
+ dnl Make all documented variables known to autoconf.
+ AC_SUBST(LIBINTL)
+ AC_SUBST(LTLIBINTL)
+ AC_SUBST(POSUB)
+])
+
+
+dnl gt_NEEDS_INIT ensures that the gt_needs variable is initialized.
+m4_define([gt_NEEDS_INIT],
+[
+ m4_divert_text([DEFAULTS], [gt_needs=])
+ m4_define([gt_NEEDS_INIT], [])
+])
+
+
+dnl Usage: AM_GNU_GETTEXT_NEED([NEEDSYMBOL])
+AC_DEFUN([AM_GNU_GETTEXT_NEED],
+[
+ m4_divert_text([INIT_PREPARE], [gt_needs="$gt_needs $1"])
+])
+
+
+dnl Usage: AM_GNU_GETTEXT_VERSION([gettext-version])
+AC_DEFUN([AM_GNU_GETTEXT_VERSION], [])
--- /dev/null
+# Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
+# 2009, 2010, 2011 Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos, Simon Josefsson
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+AC_DEFUN([LIBGNUTLS_HOOKS],
+[
+ # Library code modified: REVISION++
+ # Interfaces changed/added/removed: CURRENT++ REVISION=0
+ # Interfaces added: AGE++
+ # Interfaces removed: AGE=0
+ AC_SUBST(LT_CURRENT, 44)
+ AC_SUBST(LT_REVISION, 7)
+ AC_SUBST(LT_AGE, 18)
+
+ AC_SUBST(LT_SSL_CURRENT, 27)
+ AC_SUBST(LT_SSL_REVISION, 0)
+ AC_SUBST(LT_SSL_AGE, 0)
+
+ AC_SUBST(CXX_LT_CURRENT, 27)
+ AC_SUBST(CXX_LT_REVISION, 0)
+ AC_SUBST(CXX_LT_AGE, 0)
+
+ # Used when creating the Windows libgnutls-XX.def files.
+ DLL_VERSION=`expr ${LT_CURRENT} - ${LT_AGE}`
+ AC_SUBST(DLL_VERSION)
+
+ cryptolib="nettle"
+
+ AC_ARG_WITH(libgcrypt,
+ AS_HELP_STRING([--with-libgcrypt], [use libgcrypt as crypto library]),
+ libgcrypt=$withval,
+ libgcrypt=no)
+ if test "$libgcrypt" = "yes"; then
+ cryptolib=libgcrypt
+ AC_DEFINE([HAVE_GCRYPT], 1, [whether the gcrypt library is in use])
+ AC_LIB_HAVE_LINKFLAGS([gcrypt], [gpg-error], [#include <gcrypt.h>],
+ [enum gcry_cipher_algos i = GCRY_CIPHER_CAMELLIA128])
+ if test "$ac_cv_libgcrypt" != yes; then
+ AC_MSG_ERROR([[
+***
+*** Libgcrypt v1.4.0 or later was not found. You may want to get it from
+*** ftp://ftp.gnupg.org/gcrypt/libgcrypt/
+***
+ ]])
+ fi
+ fi
+
+ AC_MSG_CHECKING([whether to use nettle])
+if test "$cryptolib" = "nettle";then
+ AC_MSG_RESULT(yes)
+ AC_LIB_HAVE_LINKFLAGS([nettle],, [#include <nettle/aes.h>],
+ [nettle_aes_invert_key (0, 0)])
+ if test "$ac_cv_libnettle" != yes; then
+ AC_MSG_ERROR([[
+ ***
+ *** Libnettle 2.1 was not found.
+ ]])
+ fi
+ NETTLE_LIBS="-lgmp -lpthread -lhogweed"
+else
+ AC_MSG_RESULT(no)
+fi
+ AC_SUBST(NETTLE_LIBS)
+ AM_CONDITIONAL(ENABLE_NETTLE, test "$cryptolib" = "nettle")
+
+ AC_ARG_WITH(included-libtasn1,
+ AS_HELP_STRING([--with-included-libtasn1], [use the included libtasn1]),
+ included_libtasn1=$withval,
+ included_libtasn1=no)
+ if test "$included_libtasn1" = "no"; then
+ AC_LIB_HAVE_LINKFLAGS(tasn1,, [#include <libtasn1.h>],
+ [asn1_check_version (NULL)])
+ if test "$ac_cv_libtasn1" != yes; then
+ included_libtasn1=yes
+ AC_MSG_WARN([[
+ ***
+ *** Libtasn1 was not found. Will use the included one.
+ ]])
+ fi
+ fi
+ AC_MSG_CHECKING([whether to use the included minitasn1])
+ AC_MSG_RESULT($included_libtasn1)
+ AM_CONDITIONAL(ENABLE_MINITASN1, test "$included_libtasn1" = "yes")
+
+ if test "$included_libtasn1" = "no"; then
+ GNUTLS_REQUIRES_PRIVATE="Requires.private: libtasn1"
+ fi
+
+ AC_ARG_WITH(included-pakchois,
+ AS_HELP_STRING([--with-included-pakchois], [use the included pakchois]),
+ included_pakchois=$withval,
+ included_pakchois=no)
+ if test "$included_pakchois" = "no"; then
+ AC_LIB_HAVE_LINKFLAGS(pakchois,, [#include <pakchois/pakchois.h>],
+ [pakchois_module_load(0,0);])
+ if test "$ac_cv_pakchois" != yes; then
+ included_pakchois=yes
+ AC_MSG_WARN([[
+ ***
+ *** Pakchois was not found. Will use the included one.
+ ]])
+ fi
+ fi
+ #not other option for now. The released pakchois cannot open an arbitrary PKCS11 module,
+ #and the author is reluctant to add such feature.
+ included_pakchois=yes
+ AC_MSG_CHECKING([whether to use the included pakchois])
+ AC_MSG_RESULT($included_pakchois)
+ AM_CONDITIONAL(ENABLE_LOCAL_PAKCHOIS, test "$included_pakchois" = "yes")
+ if test "$included_pakchois" = "yes";then
+ AC_CHECK_LIB(pthread, pthread_mutex_lock,,
+ [AC_MSG_WARN([could not find pthread_mutex_lock])])
+ AC_CHECK_LIB(dl, dlopen,,
+ [AC_MSG_WARN([could not find dlopen])])
+
+ fi
+
+ AC_ARG_WITH(lzo,
+ AS_HELP_STRING([--with-lzo], [use experimental LZO compression]),
+ use_lzo=$withval, use_lzo=no)
+ AC_MSG_CHECKING([whether to include LZO compression support])
+ AC_MSG_RESULT($use_lzo)
+ LZO_LIBS=
+ if test "$use_lzo" = "yes"; then
+ AC_CHECK_LIB(lzo2, lzo1x_1_compress, LZO_LIBS=-llzo2)
+ if test "$LZO_LIBS" = ""; then
+ AC_CHECK_LIB(lzo, lzo1x_1_compress, LZO_LIBS=-llzo, [
+ use_lzo=no
+ AC_MSG_WARN(
+ ***
+ *** Could not find liblzo or liblzo2. Disabling LZO compression.
+ )
+ ])
+ fi
+ fi
+ AC_SUBST(LZO_LIBS)
+ if test "$use_lzo" = "yes"; then
+ AC_DEFINE([USE_LZO], 1, [whether to use the LZO compression])
+ if test "$LZO_LIBS" = "-llzo"; then
+ AC_CHECK_HEADERS(lzo1x.h)
+ elif test "$LZO_LIBS" = "-llzo2"; then
+ AC_CHECK_HEADERS(lzo/lzo1x.h)
+ fi
+ fi
+ AM_CONDITIONAL(USE_LZO, test "$use_lzo" = "yes")
+
+ AC_MSG_CHECKING([whether C99 macros are supported])
+ AC_TRY_COMPILE(,
+ [
+ #define test_mac(...)
+ int z,y,x;
+ test_mac(x,y,z);
+ return 0;
+ ], [
+ AC_DEFINE([C99_MACROS], 1, [C99 macros are supported])
+ AC_MSG_RESULT(yes)
+ ], [
+ AC_MSG_RESULT(no)
+ AC_MSG_WARN([C99 macros not supported. This may affect compiling.])
+ ])
+
+ AC_MSG_CHECKING([whether to enable Opaque PRF input support])
+ AC_ARG_ENABLE(opaque-prf-input,
+ AS_HELP_STRING([--enable-opaque-prf-input=DD],
+ [enable Opaque PRF input using DD as extension type]),
+ ac_opaque_prf_input=$enableval, ac_opaque_prf_input=no)
+ if test "$ac_opaque_prf_input" != "no"; then
+ if ! echo $ac_opaque_prf_input | egrep -q '^[[0-9]]+$'; then
+ ac_opaque_prf_input=no
+ AC_MSG_WARN([[
+ *** Could not parse Opaque PRF Input extension type.
+ *** Use --enable-opaque-prf-input=XX where XX is decimal, for example
+ *** to use extension value 42 use --enable-opqaue-prf-input=42]])
+ fi
+ fi
+ if test "$ac_opaque_prf_input" != "no"; then
+ AC_MSG_RESULT([yes (extension value $ac_opaque_prf_input)])
+ AC_DEFINE_UNQUOTED([ENABLE_OPRFI], $ac_opaque_prf_input,
+ [enable Opaque PRF Input])
+ else
+ AC_MSG_RESULT(no)
+ fi
+ AM_CONDITIONAL(ENABLE_OPRFI, test "$ac_opaque_prf_input" != "no")
+
+ AC_MSG_CHECKING([whether to disable SRP authentication support])
+ AC_ARG_ENABLE(srp-authentication,
+ AS_HELP_STRING([--disable-srp-authentication],
+ [disable the SRP authentication support]),
+ ac_enable_srp=no)
+ if test x$ac_enable_srp != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE([ENABLE_SRP], 1, [enable SRP authentication])
+ else
+ ac_full=0
+ AC_MSG_RESULT(yes)
+ fi
+ AM_CONDITIONAL(ENABLE_SRP, test "$ac_enable_srp" != "no")
+
+ AC_MSG_CHECKING([whether to disable PSK authentication support])
+ AC_ARG_ENABLE(psk-authentication,
+ AS_HELP_STRING([--disable-psk-authentication],
+ [disable the PSK authentication support]),
+ ac_enable_psk=no)
+ if test x$ac_enable_psk != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE([ENABLE_PSK], 1, [enable PSK authentication])
+ else
+ ac_full=0
+ AC_MSG_RESULT(yes)
+ fi
+ AM_CONDITIONAL(ENABLE_PSK, test "$ac_enable_psk" != "no")
+
+ AC_MSG_CHECKING([whether to disable anonymous authentication support])
+ AC_ARG_ENABLE(anon-authentication,
+ AS_HELP_STRING([--disable-anon-authentication],
+ [disable the anonymous authentication support]),
+ ac_enable_anon=no)
+ if test x$ac_enable_anon != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE([ENABLE_ANON], 1, [enable anonymous authentication])
+ else
+ ac_full=0
+ AC_MSG_RESULT(yes)
+ fi
+ AM_CONDITIONAL(ENABLE_ANON, test "$ac_enable_anon" != "no")
+
+ # Allow disabling Camellia
+ if test "$nettle" != "yes";then
+ AC_ARG_ENABLE(camellia,
+ AS_HELP_STRING([--disable-camellia], [disable Camellia cipher]),
+ enable_camellia=$enableval, enable_camellia=yes)
+ else
+ enable_camellia=no
+ fi
+
+ AC_MSG_CHECKING([whether to disable Camellia cipher])
+ if test "$enable_camellia" != "no"; then
+ AC_MSG_RESULT([no])
+ AC_DEFINE([ENABLE_CAMELLIA], 1, [enable camellia block cipher])
+ else
+ AC_MSG_RESULT([yes])
+ fi
+
+ AC_MSG_CHECKING([whether to disable extra PKI stuff])
+ AC_ARG_ENABLE(extra-pki,
+ AS_HELP_STRING([--disable-extra-pki],
+ [only enable the basic PKI stuff]),
+ enable_pki=$enableval, enable_pki=yes)
+ if test "$enable_pki" != "yes"; then
+ ac_full=0
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+ AC_DEFINE([ENABLE_PKI], 1, [whether to include all the PKCS/PKI stuff])
+ fi
+ AM_CONDITIONAL(ENABLE_PKI, test "$enable_pki" = "yes")
+
+ ac_enable_openpgp=yes
+ AC_MSG_CHECKING([whether to disable OpenPGP Certificate authentication support])
+ AC_ARG_ENABLE(openpgp-authentication,
+ AS_HELP_STRING([--disable-openpgp-authentication],
+ [disable the OpenPGP authentication support]),
+ ac_enable_openpgp=no)
+ if test x$ac_enable_openpgp = xno; then
+ AC_MSG_RESULT(yes)
+ ac_full=0
+ else
+ AC_DEFINE([ENABLE_OPENPGP], 1, [use openpgp authentication])
+ AC_MSG_RESULT(no)
+ fi
+ AM_CONDITIONAL(ENABLE_OPENPGP, test "$ac_enable_openpgp" = "yes")
+
+ AC_MSG_CHECKING([whether to disable SessionTicket extension support])
+ AC_ARG_ENABLE(session-ticket,
+ AS_HELP_STRING([--disable-session-ticket],
+ [disable the SessionTicket extension support]),
+ ac_session_ticket=no)
+ if test x$ac_session_ticket != xno; then
+ AC_MSG_RESULT(no)
+ AC_DEFINE([ENABLE_SESSION_TICKET], 1, [enable SessionTicket extension])
+ else
+ ac_full=0
+ AC_MSG_RESULT(yes)
+ fi
+ AM_CONDITIONAL(ENABLE_SESSION_TICKET, test "$ac_enable_session_ticket" != "no")
+
+ # For cryptodev
+ AC_MSG_CHECKING([whether to add cryptodev support])
+ AC_ARG_ENABLE(cryptodev,
+ AS_HELP_STRING([--enable-cryptodev], [enable cryptodev support]),
+ enable_cryptodev=yes,enable_cryptodev=no)
+ AC_MSG_RESULT($enable_cryptodev)
+
+ if test "$enable_cryptodev" = "yes"; then
+ AC_DEFINE([ENABLE_CRYPTODEV], 1, [Enable cryptodev support])
+ fi
+
+ # For storing integers in pointers without warnings
+ # http://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc
+ AC_CHECK_SIZEOF(void *)
+ AC_CHECK_SIZEOF(long)
+ AC_CHECK_SIZEOF(int)
+ case $ac_cv_sizeof_void_p in
+ $ac_cv_sizeof_long)
+ AC_DEFINE([GNUTLS_POINTER_TO_INT_CAST], [(long)],
+ [Additional cast to bring void* to a type castable to int.])
+ ;;
+ *)
+ AC_DEFINE([GNUTLS_POINTER_TO_INT_CAST], [])
+ ;;
+ esac
+])
--- /dev/null
+# iconv.m4 serial AM6 (gettext-0.17)
+dnl Copyright (C) 2000-2002, 2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([AM_ICONV_LINKFLAGS_BODY],
+[
+ dnl Prerequisites of AC_LIB_LINKFLAGS_BODY.
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+
+ dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV
+ dnl accordingly.
+ AC_LIB_LINKFLAGS_BODY([iconv])
+])
+
+AC_DEFUN([AM_ICONV_LINK],
+[
+ dnl Some systems have iconv in libc, some have it in libiconv (OSF/1 and
+ dnl those with the standalone portable GNU libiconv installed).
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl for cross-compiles
+
+ dnl Search for libiconv and define LIBICONV, LTLIBICONV and INCICONV
+ dnl accordingly.
+ AC_REQUIRE([AM_ICONV_LINKFLAGS_BODY])
+
+ dnl Add $INCICONV to CPPFLAGS before performing the following checks,
+ dnl because if the user has installed libiconv and not disabled its use
+ dnl via --without-libiconv-prefix, he wants to use it. The first
+ dnl AC_TRY_LINK will then fail, the second AC_TRY_LINK will succeed.
+ am_save_CPPFLAGS="$CPPFLAGS"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INCICONV])
+
+ AC_CACHE_CHECK([for iconv], am_cv_func_iconv, [
+ am_cv_func_iconv="no, consider installing GNU libiconv"
+ am_cv_lib_iconv=no
+ AC_TRY_LINK([#include <stdlib.h>
+#include <iconv.h>],
+ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+ am_cv_func_iconv=yes)
+ if test "$am_cv_func_iconv" != yes; then
+ am_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIBICONV"
+ AC_TRY_LINK([#include <stdlib.h>
+#include <iconv.h>],
+ [iconv_t cd = iconv_open("","");
+ iconv(cd,NULL,NULL,NULL,NULL);
+ iconv_close(cd);],
+ am_cv_lib_iconv=yes
+ am_cv_func_iconv=yes)
+ LIBS="$am_save_LIBS"
+ fi
+ ])
+ if test "$am_cv_func_iconv" = yes; then
+ AC_CACHE_CHECK([for working iconv], am_cv_func_iconv_works, [
+ dnl This tests against bugs in AIX 5.1 and HP-UX 11.11.
+ am_save_LIBS="$LIBS"
+ if test $am_cv_lib_iconv = yes; then
+ LIBS="$LIBS $LIBICONV"
+ fi
+ AC_TRY_RUN([
+#include <iconv.h>
+#include <string.h>
+int main ()
+{
+ /* Test against AIX 5.1 bug: Failures are not distinguishable from successful
+ returns. */
+ {
+ iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8");
+ if (cd_utf8_to_88591 != (iconv_t)(-1))
+ {
+ static const char input[] = "\342\202\254"; /* EURO SIGN */
+ char buf[10];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_utf8_to_88591,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if (res == 0)
+ return 1;
+ }
+ }
+#if 0 /* This bug could be worked around by the caller. */
+ /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */
+ {
+ iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591");
+ if (cd_88591_to_utf8 != (iconv_t)(-1))
+ {
+ static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337";
+ char buf[50];
+ const char *inptr = input;
+ size_t inbytesleft = strlen (input);
+ char *outptr = buf;
+ size_t outbytesleft = sizeof (buf);
+ size_t res = iconv (cd_88591_to_utf8,
+ (char **) &inptr, &inbytesleft,
+ &outptr, &outbytesleft);
+ if ((int)res > 0)
+ return 1;
+ }
+ }
+#endif
+ /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is
+ provided. */
+ if (/* Try standardized names. */
+ iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1)
+ /* Try IRIX, OSF/1 names. */
+ && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1)
+ /* Try AIX names. */
+ && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1)
+ /* Try HP-UX names. */
+ && iconv_open ("utf8", "eucJP") == (iconv_t)(-1))
+ return 1;
+ return 0;
+}], [am_cv_func_iconv_works=yes], [am_cv_func_iconv_works=no],
+ [case "$host_os" in
+ aix* | hpux*) am_cv_func_iconv_works="guessing no" ;;
+ *) am_cv_func_iconv_works="guessing yes" ;;
+ esac])
+ LIBS="$am_save_LIBS"
+ ])
+ case "$am_cv_func_iconv_works" in
+ *no) am_func_iconv=no am_cv_lib_iconv=no ;;
+ *) am_func_iconv=yes ;;
+ esac
+ else
+ am_func_iconv=no am_cv_lib_iconv=no
+ fi
+ if test "$am_func_iconv" = yes; then
+ AC_DEFINE(HAVE_ICONV, 1,
+ [Define if you have the iconv() function and it works.])
+ fi
+ if test "$am_cv_lib_iconv" = yes; then
+ AC_MSG_CHECKING([how to link with libiconv])
+ AC_MSG_RESULT([$LIBICONV])
+ else
+ dnl If $LIBICONV didn't lead to a usable library, we don't need $INCICONV
+ dnl either.
+ CPPFLAGS="$am_save_CPPFLAGS"
+ LIBICONV=
+ LTLIBICONV=
+ fi
+ AC_SUBST(LIBICONV)
+ AC_SUBST(LTLIBICONV)
+])
+
+AC_DEFUN([AM_ICONV],
+[
+ AM_ICONV_LINK
+ if test "$am_cv_func_iconv" = yes; then
+ AC_MSG_CHECKING([for iconv declaration])
+ AC_CACHE_VAL(am_cv_proto_iconv, [
+ AC_TRY_COMPILE([
+#include <stdlib.h>
+#include <iconv.h>
+extern
+#ifdef __cplusplus
+"C"
+#endif
+#if defined(__STDC__) || defined(__cplusplus)
+size_t iconv (iconv_t cd, char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);
+#else
+size_t iconv();
+#endif
+], [], am_cv_proto_iconv_arg1="", am_cv_proto_iconv_arg1="const")
+ am_cv_proto_iconv="extern size_t iconv (iconv_t cd, $am_cv_proto_iconv_arg1 char * *inbuf, size_t *inbytesleft, char * *outbuf, size_t *outbytesleft);"])
+ am_cv_proto_iconv=`echo "[$]am_cv_proto_iconv" | tr -s ' ' | sed -e 's/( /(/'`
+ AC_MSG_RESULT([$]{ac_t:-
+ }[$]am_cv_proto_iconv)
+ AC_DEFINE_UNQUOTED(ICONV_CONST, $am_cv_proto_iconv_arg1,
+ [Define as const if the declaration of iconv() needs const.])
+ fi
+])
--- /dev/null
+# intlmacosx.m4 serial 1 (gettext-0.17)
+dnl Copyright (C) 2004-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Checks for special options needed on MacOS X.
+dnl Defines INTL_MACOSX_LIBS.
+AC_DEFUN([gt_INTL_MACOSX],
+[
+ dnl Check for API introduced in MacOS X 10.2.
+ AC_CACHE_CHECK([for CFPreferencesCopyAppValue],
+ gt_cv_func_CFPreferencesCopyAppValue,
+ [gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ AC_TRY_LINK([#include <CoreFoundation/CFPreferences.h>],
+ [CFPreferencesCopyAppValue(NULL, NULL)],
+ [gt_cv_func_CFPreferencesCopyAppValue=yes],
+ [gt_cv_func_CFPreferencesCopyAppValue=no])
+ LIBS="$gt_save_LIBS"])
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then
+ AC_DEFINE([HAVE_CFPREFERENCESCOPYAPPVALUE], 1,
+ [Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in the CoreFoundation framework.])
+ fi
+ dnl Check for API introduced in MacOS X 10.3.
+ AC_CACHE_CHECK([for CFLocaleCopyCurrent], gt_cv_func_CFLocaleCopyCurrent,
+ [gt_save_LIBS="$LIBS"
+ LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation"
+ AC_TRY_LINK([#include <CoreFoundation/CFLocale.h>], [CFLocaleCopyCurrent();],
+ [gt_cv_func_CFLocaleCopyCurrent=yes],
+ [gt_cv_func_CFLocaleCopyCurrent=no])
+ LIBS="$gt_save_LIBS"])
+ if test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+ AC_DEFINE([HAVE_CFLOCALECOPYCURRENT], 1,
+ [Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the CoreFoundation framework.])
+ fi
+ INTL_MACOSX_LIBS=
+ if test $gt_cv_func_CFPreferencesCopyAppValue = yes || test $gt_cv_func_CFLocaleCopyCurrent = yes; then
+ INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation"
+ fi
+ AC_SUBST([INTL_MACOSX_LIBS])
+])
--- /dev/null
+# inttypes_h.m4 serial 7
+dnl Copyright (C) 1997-2004, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_INTTYPES_H_WITH_UINTMAX if <inttypes.h> exists,
+# doesn't clash with <sys/types.h>, and declares uintmax_t.
+
+AC_DEFUN([gl_AC_HEADER_INTTYPES_H],
+[
+ AC_CACHE_CHECK([for inttypes.h], gl_cv_header_inttypes_h,
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#include <inttypes.h>],
+ [uintmax_t i = (uintmax_t) -1; return !i;],
+ gl_cv_header_inttypes_h=yes,
+ gl_cv_header_inttypes_h=no)])
+ if test $gl_cv_header_inttypes_h = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H_WITH_UINTMAX, 1,
+ [Define if <inttypes.h> exists, doesn't clash with <sys/types.h>,
+ and declares uintmax_t. ])
+ fi
+])
--- /dev/null
+# lib-ld.m4 serial 3 (gettext-0.13)
+dnl Copyright (C) 1996-2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Subroutines of libtool.m4,
+dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision
+dnl with libtool.m4.
+
+dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no.
+AC_DEFUN([AC_LIB_PROG_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ acl_cv_prog_gnu_ld=yes ;;
+*)
+ acl_cv_prog_gnu_ld=no ;;
+esac])
+with_gnu_ld=$acl_cv_prog_gnu_ld
+])
+
+dnl From libtool-1.4. Sets the variable LD.
+AC_DEFUN([AC_LIB_PROG_LD],
+[AC_ARG_WITH(gnu-ld,
+[ --with-gnu-ld assume the C compiler uses GNU ld [default=no]],
+test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no)
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by GCC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]* | [A-Za-z]:[\\/]*)]
+ [re_direlt='/[^/][^/]*/\.\./']
+ # Canonicalize the path of ld
+ ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(acl_cv_path_LD,
+[if test -z "$LD"; then
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ acl_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break ;;
+ *)
+ test "$with_gnu_ld" != yes && break ;;
+ esac
+ fi
+ done
+ IFS="$ac_save_ifs"
+else
+ acl_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$acl_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_LIB_PROG_LD_GNU
+])
--- /dev/null
+# lib-link.m4 serial 13 (gettext-0.17)
+dnl Copyright (C) 2001-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_PREREQ(2.54)
+
+dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and
+dnl the libraries corresponding to explicit and implicit dependencies.
+dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and
+dnl augments the CPPFLAGS variable.
+dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
+dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_LINKFLAGS],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+ define([Name],[translit([$1],[./-], [___])])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+ AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [
+ AC_LIB_LINKFLAGS_BODY([$1], [$2])
+ ac_cv_lib[]Name[]_libs="$LIB[]NAME"
+ ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME"
+ ac_cv_lib[]Name[]_cppflags="$INC[]NAME"
+ ac_cv_lib[]Name[]_prefix="$LIB[]NAME[]_PREFIX"
+ ])
+ LIB[]NAME="$ac_cv_lib[]Name[]_libs"
+ LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs"
+ INC[]NAME="$ac_cv_lib[]Name[]_cppflags"
+ LIB[]NAME[]_PREFIX="$ac_cv_lib[]Name[]_prefix"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
+ AC_SUBST([LIB]NAME)
+ AC_SUBST([LTLIB]NAME)
+ AC_SUBST([LIB]NAME[_PREFIX])
+ dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the
+ dnl results of this search when this library appears as a dependency.
+ HAVE_LIB[]NAME=yes
+ undefine([Name])
+ undefine([NAME])
+])
+
+dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode)
+dnl searches for libname and the libraries corresponding to explicit and
+dnl implicit dependencies, together with the specified include files and
+dnl the ability to compile and link the specified testcode. If found, it
+dnl sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME} and
+dnl LTLIB${NAME} variables and augments the CPPFLAGS variable, and
+dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs
+dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty.
+dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
+dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+ define([Name],[translit([$1],[./-], [___])])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+
+ dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME
+ dnl accordingly.
+ AC_LIB_LINKFLAGS_BODY([$1], [$2])
+
+ dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
+ dnl because if the user has installed lib[]Name and not disabled its use
+ dnl via --without-lib[]Name-prefix, he wants to use it.
+ ac_save_CPPFLAGS="$CPPFLAGS"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
+
+ AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIB[]NAME"
+ AC_TRY_LINK([$3], [$4], [ac_cv_lib[]Name=yes], [ac_cv_lib[]Name=no])
+ LIBS="$ac_save_LIBS"
+ ])
+ if test "$ac_cv_lib[]Name" = yes; then
+ HAVE_LIB[]NAME=yes
+ AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the $1 library.])
+ AC_MSG_CHECKING([how to link with lib[]$1])
+ AC_MSG_RESULT([$LIB[]NAME])
+ else
+ HAVE_LIB[]NAME=no
+ dnl If $LIB[]NAME didn't lead to a usable library, we don't need
+ dnl $INC[]NAME either.
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIB[]NAME=
+ LTLIB[]NAME=
+ LIB[]NAME[]_PREFIX=
+ fi
+ AC_SUBST([HAVE_LIB]NAME)
+ AC_SUBST([LIB]NAME)
+ AC_SUBST([LTLIB]NAME)
+ AC_SUBST([LIB]NAME[_PREFIX])
+ undefine([Name])
+ undefine([NAME])
+])
+
+dnl Determine the platform dependent parameters needed to use rpath:
+dnl acl_libext,
+dnl acl_shlibext,
+dnl acl_hardcode_libdir_flag_spec,
+dnl acl_hardcode_libdir_separator,
+dnl acl_hardcode_direct,
+dnl acl_hardcode_minus_L.
+AC_DEFUN([AC_LIB_RPATH],
+[
+ dnl Tell automake >= 1.10 to complain if config.rpath is missing.
+ m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([config.rpath])])
+ AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS
+ AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host
+ AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir
+ AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [
+ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
+ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
+ . ./conftest.sh
+ rm -f ./conftest.sh
+ acl_cv_rpath=done
+ ])
+ wl="$acl_cv_wl"
+ acl_libext="$acl_cv_libext"
+ acl_shlibext="$acl_cv_shlibext"
+ acl_libname_spec="$acl_cv_libname_spec"
+ acl_library_names_spec="$acl_cv_library_names_spec"
+ acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
+ acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
+ acl_hardcode_direct="$acl_cv_hardcode_direct"
+ acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
+ dnl Determine whether the user wants rpath handling at all.
+ AC_ARG_ENABLE(rpath,
+ [ --disable-rpath do not hardcode runtime library paths],
+ :, enable_rpath=yes)
+])
+
+dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and
+dnl the libraries corresponding to explicit and implicit dependencies.
+dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables.
+dnl Also, sets the LIB${NAME}_PREFIX variable to nonempty if libname was found
+dnl in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_LINKFLAGS_BODY],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+ dnl Autoconf >= 2.61 supports dots in --with options.
+ define([N_A_M_E],[m4_if(m4_version_compare(m4_defn([m4_PACKAGE_VERSION]),[2.61]),[-1],[translit([$1],[.],[_])],[$1])])
+ dnl By default, look in $includedir and $libdir.
+ use_additional=yes
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ AC_LIB_ARG_WITH([lib]N_A_M_E[-prefix],
+[ --with-lib]N_A_M_E[-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib
+ --without-lib]N_A_M_E[-prefix don't search for lib$1 in includedir and libdir],
+[
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+])
+ dnl Search the library and its dependencies in $additional_libdir and
+ dnl $LDFLAGS. Using breadth-first-seach.
+ LIB[]NAME=
+ LTLIB[]NAME=
+ INC[]NAME=
+ LIB[]NAME[]_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='$1 $2'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ dnl See if it was already located by an earlier AC_LIB_LINKFLAGS
+ dnl or AC_LIB_HAVE_LINKFLAGS call.
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value"
+ else
+ dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined
+ dnl that this library doesn't exist. So just drop it.
+ :
+ fi
+ else
+ dnl Search the library lib$name in $additional_libdir and $LDFLAGS
+ dnl and the already constructed $LIBNAME/$LTLIBNAME.
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ dnl The same code as in the loop below:
+ dnl First look for a shared library.
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ dnl Then look for a static library.
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ dnl First look for a shared library.
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ dnl Then look for a static library.
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ dnl Found the library.
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ dnl Linking with a shared library. We attempt to hardcode its
+ dnl directory into the executable's runpath, unless it's the
+ dnl standard /usr/lib.
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ dnl No hardcoding is needed.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ dnl Use an explicit option to hardcode DIR into the resulting
+ dnl binary.
+ dnl Potentially add DIR to ltrpathdirs.
+ dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ dnl The hardcoding into $LIBNAME is system dependent.
+ if test "$acl_hardcode_direct" = yes; then
+ dnl Using DIR/libNAME.so during linking hardcodes DIR into the
+ dnl resulting binary.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ dnl Use an explicit option to hardcode DIR into the resulting
+ dnl binary.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ dnl Potentially add DIR to rpathdirs.
+ dnl The rpathdirs will be appended to $LIBNAME at the end.
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ dnl Rely on "-L$found_dir".
+ dnl But don't add it if it's already contained in the LDFLAGS
+ dnl or the already constructed $LIBNAME
+ haveit=
+ for x in $LDFLAGS $LIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ dnl FIXME: Not sure whether we should use
+ dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
+ dnl here.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ dnl We cannot use $acl_hardcode_runpath_var and LD_RUN_PATH
+ dnl here, because this doesn't fit in flags passed to the
+ dnl compiler. So give up. No hardcoding. This affects only
+ dnl very old systems.
+ dnl FIXME: Not sure whether we should use
+ dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
+ dnl here.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ dnl Linking with a static library.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a"
+ else
+ dnl We shouldn't come here, but anyway it's good to have a
+ dnl fallback.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name"
+ fi
+ fi
+ dnl Assume the include files are nearby.
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIB[]NAME[]_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ dnl Potentially add $additional_includedir to $INCNAME.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/include,
+ dnl 2. if it's /usr/local/include and we are using GCC on Linux,
+ dnl 3. if it's already present in $CPPFLAGS or the already
+ dnl constructed $INCNAME,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INC[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ dnl Really add $additional_includedir to $INCNAME.
+ INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ dnl Look for dependencies.
+ if test -n "$found_la"; then
+ dnl Read the .la file. It defines the variables
+ dnl dlname, library_names, old_library, dependency_libs, current,
+ dnl age, revision, installed, dlopen, dlpreopen, libdir.
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ dnl We use only dependency_libs.
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/lib,
+ dnl 2. if it's /usr/local/lib and we are using GCC on Linux,
+ dnl 3. if it's already present in $LDFLAGS or the already
+ dnl constructed $LIBNAME,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LIBNAME.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LTLIBNAME.
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ dnl Potentially add DIR to rpathdirs.
+ dnl The rpathdirs will be appended to $LIBNAME at the end.
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ dnl Potentially add DIR to ltrpathdirs.
+ dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ dnl Handle this in the next round.
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ dnl Handle this in the next round. Throw away the .la's
+ dnl directory; it is already contained in a preceding -L
+ dnl option.
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ dnl Most likely an immediate library name.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep"
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ dnl Didn't find the library; assume it is in the system directories
+ dnl known to the linker and runtime loader. (All the system
+ dnl directories known to the linker should also be known to the
+ dnl runtime loader, otherwise the system is severely misconfigured.)
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ dnl Weird platform: only the last -rpath option counts, the user must
+ dnl pass all path elements in one option. We can arrange that for a
+ dnl single library, but not when more than one $LIBNAMEs are used.
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ dnl Note: acl_hardcode_libdir_flag_spec uses $libdir and $wl.
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
+ else
+ dnl The -rpath options are cumulative.
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ dnl When using libtool, the option that works for both libraries and
+ dnl executables is -R. The -R options are cumulative.
+ for found_dir in $ltrpathdirs; do
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir"
+ done
+ fi
+])
+
+dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR,
+dnl unless already present in VAR.
+dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes
+dnl contains two or three consecutive elements that belong together.
+AC_DEFUN([AC_LIB_APPENDTOVAR],
+[
+ for element in [$2]; do
+ haveit=
+ for x in $[$1]; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ [$1]="${[$1]}${[$1]:+ }$element"
+ fi
+ done
+])
+
+dnl For those cases where a variable contains several -L and -l options
+dnl referring to unknown libraries and directories, this macro determines the
+dnl necessary additional linker options for the runtime path.
+dnl AC_LIB_LINKFLAGS_FROM_LIBS([LDADDVAR], [LIBSVALUE], [USE-LIBTOOL])
+dnl sets LDADDVAR to linker options needed together with LIBSVALUE.
+dnl If USE-LIBTOOL evaluates to non-empty, linking with libtool is assumed,
+dnl otherwise linking without libtool is assumed.
+AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS],
+[
+ AC_REQUIRE([AC_LIB_RPATH])
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ $1=
+ if test "$enable_rpath" != no; then
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ dnl Use an explicit option to hardcode directories into the resulting
+ dnl binary.
+ rpathdirs=
+ next=
+ for opt in $2; do
+ if test -n "$next"; then
+ dir="$next"
+ dnl No need to hardcode the standard /usr/lib.
+ if test "X$dir" != "X/usr/$acl_libdirstem"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ next=
+ else
+ case $opt in
+ -L) next=yes ;;
+ -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'`
+ dnl No need to hardcode the standard /usr/lib.
+ if test "X$dir" != "X/usr/$acl_libdirstem"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ next= ;;
+ *) next= ;;
+ esac
+ fi
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n ""$3""; then
+ dnl libtool is used for linking. Use -R options.
+ for dir in $rpathdirs; do
+ $1="${$1}${$1:+ }-R$dir"
+ done
+ else
+ dnl The linker is used for linking directly.
+ if test -n "$acl_hardcode_libdir_separator"; then
+ dnl Weird platform: only the last -rpath option counts, the user
+ dnl must pass all path elements in one option.
+ alldirs=
+ for dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ $1="$flag"
+ else
+ dnl The -rpath options are cumulative.
+ for dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ $1="${$1}${$1:+ }$flag"
+ done
+ fi
+ fi
+ fi
+ fi
+ fi
+ AC_SUBST([$1])
+])
--- /dev/null
+# lib-prefix.m4 serial 5 (gettext-0.15)
+dnl Copyright (C) 2001-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+dnl AC_LIB_ARG_WITH is synonymous to AC_ARG_WITH in autoconf-2.13, and
+dnl similar to AC_ARG_WITH in autoconf 2.52...2.57 except that is doesn't
+dnl require excessive bracketing.
+ifdef([AC_HELP_STRING],
+[AC_DEFUN([AC_LIB_ARG_WITH], [AC_ARG_WITH([$1],[[$2]],[$3],[$4])])],
+[AC_DEFUN([AC_][LIB_ARG_WITH], [AC_ARG_WITH([$1],[$2],[$3],[$4])])])
+
+dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
+dnl to access previously installed libraries. The basic assumption is that
+dnl a user will want packages to use other packages he previously installed
+dnl with the same --prefix option.
+dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
+dnl libraries, but is otherwise very convenient.
+AC_DEFUN([AC_LIB_PREFIX],
+[
+ AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ dnl By default, look in $includedir and $libdir.
+ use_additional=yes
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ AC_LIB_ARG_WITH([lib-prefix],
+[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib
+ --without-lib-prefix don't search for libraries in includedir and libdir],
+[
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+])
+ if test $use_additional = yes; then
+ dnl Potentially add $additional_includedir to $CPPFLAGS.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/include,
+ dnl 2. if it's already present in $CPPFLAGS,
+ dnl 3. if it's /usr/local/include and we are using GCC on Linux,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ for x in $CPPFLAGS; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ dnl Really add $additional_includedir to $CPPFLAGS.
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ dnl Potentially add $additional_libdir to $LDFLAGS.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/lib,
+ dnl 2. if it's already present in $LDFLAGS,
+ dnl 3. if it's /usr/local/lib and we are using GCC on Linux,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ for x in $LDFLAGS; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux*) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LDFLAGS.
+ LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ fi
+])
+
+dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix,
+dnl acl_final_exec_prefix, containing the values to which $prefix and
+dnl $exec_prefix will expand at the end of the configure script.
+AC_DEFUN([AC_LIB_PREPARE_PREFIX],
+[
+ dnl Unfortunately, prefix and exec_prefix get only finally determined
+ dnl at the end of configure.
+ if test "X$prefix" = "XNONE"; then
+ acl_final_prefix="$ac_default_prefix"
+ else
+ acl_final_prefix="$prefix"
+ fi
+ if test "X$exec_prefix" = "XNONE"; then
+ acl_final_exec_prefix='${prefix}'
+ else
+ acl_final_exec_prefix="$exec_prefix"
+ fi
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
+ prefix="$acl_save_prefix"
+])
+
+dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the
+dnl variables prefix and exec_prefix bound to the values they will have
+dnl at the end of the configure script.
+AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX],
+[
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ $1
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+])
+
+dnl AC_LIB_PREPARE_MULTILIB creates a variable acl_libdirstem, containing
+dnl the basename of the libdir, either "lib" or "lib64".
+AC_DEFUN([AC_LIB_PREPARE_MULTILIB],
+[
+ dnl There is no formal standard regarding lib and lib64. The current
+ dnl practice is that on a system supporting 32-bit and 64-bit instruction
+ dnl sets or ABIs, 64-bit libraries go under $prefix/lib64 and 32-bit
+ dnl libraries go under $prefix/lib. We determine the compiler's default
+ dnl mode by looking at the compiler's library search path. If at least
+ dnl of its elements ends in /lib64 or points to a directory whose absolute
+ dnl pathname ends in /lib64, we assume a 64-bit ABI. Otherwise we use the
+ dnl default, namely "lib".
+ acl_libdirstem=lib
+ searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
+ if test -n "$searchpath"; then
+ acl_save_IFS="${IFS= }"; IFS=":"
+ for searchdir in $searchpath; do
+ if test -d "$searchdir"; then
+ case "$searchdir" in
+ */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
+ *) searchdir=`cd "$searchdir" && pwd`
+ case "$searchdir" in
+ */lib64 ) acl_libdirstem=lib64 ;;
+ esac ;;
+ esac
+ fi
+ done
+ IFS="$acl_save_IFS"
+ fi
+])
--- /dev/null
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+m4_define([_LT_COPYING], [dnl
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+])
+
+# serial 56 LT_INIT
+
+
+# LT_PREREQ(VERSION)
+# ------------------
+# Complain and exit if this libtool version is less that VERSION.
+m4_defun([LT_PREREQ],
+[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
+ [m4_default([$3],
+ [m4_fatal([Libtool version $1 or higher is required],
+ 63)])],
+ [$2])])
+
+
+# _LT_CHECK_BUILDDIR
+# ------------------
+# Complain if the absolute build directory name contains unusual characters
+m4_defun([_LT_CHECK_BUILDDIR],
+[case `pwd` in
+ *\ * | *\ *)
+ AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
+esac
+])
+
+
+# LT_INIT([OPTIONS])
+# ------------------
+AC_DEFUN([LT_INIT],
+[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT
+AC_BEFORE([$0], [LT_LANG])dnl
+AC_BEFORE([$0], [LT_OUTPUT])dnl
+AC_BEFORE([$0], [LTDL_INIT])dnl
+m4_require([_LT_CHECK_BUILDDIR])dnl
+
+dnl Autoconf doesn't catch unexpanded LT_ macros by default:
+m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
+m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
+dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
+dnl unless we require an AC_DEFUNed macro:
+AC_REQUIRE([LTOPTIONS_VERSION])dnl
+AC_REQUIRE([LTSUGAR_VERSION])dnl
+AC_REQUIRE([LTVERSION_VERSION])dnl
+AC_REQUIRE([LTOBSOLETE_VERSION])dnl
+m4_require([_LT_PROG_LTMAIN])dnl
+
+dnl Parse OPTIONS
+_LT_SET_OPTIONS([$0], [$1])
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+_LT_SETUP
+
+# Only expand once:
+m4_define([LT_INIT])
+])# LT_INIT
+
+# Old names:
+AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
+AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
+dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+m4_defun([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+ case $cc_temp in
+ compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+ distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_FILEUTILS_DEFAULTS
+# ----------------------
+# It is okay to use these file commands and assume they have been set
+# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'.
+m4_defun([_LT_FILEUTILS_DEFAULTS],
+[: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+])# _LT_FILEUTILS_DEFAULTS
+
+
+# _LT_SETUP
+# ---------
+m4_defun([_LT_SETUP],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+_LT_DECL([], [host_alias], [0], [The host system])dnl
+_LT_DECL([], [host], [0])dnl
+_LT_DECL([], [host_os], [0])dnl
+dnl
+_LT_DECL([], [build_alias], [0], [The build system])dnl
+_LT_DECL([], [build], [0])dnl
+_LT_DECL([], [build_os], [0])dnl
+dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+test -z "$LN_S" && LN_S="ln -s"
+_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
+dnl
+AC_REQUIRE([LT_CMD_MAX_LEN])dnl
+_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
+_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
+dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_CHECK_MAGIC_METHOD])dnl
+m4_require([_LT_CMD_OLD_ARCHIVE])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+
+_LT_CONFIG_LIBTOOL_INIT([
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+])
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+_LT_CHECK_OBJDIR
+
+m4_require([_LT_TAG_COMPILER])dnl
+_LT_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([["`\\]]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ _LT_PATH_MAGIC
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+LT_SUPPORTED_TAG([CC])
+_LT_LANG_C_CONFIG
+_LT_LANG_DEFAULT_CONFIG
+_LT_CONFIG_COMMANDS
+])# _LT_SETUP
+
+
+# _LT_PROG_LTMAIN
+# ---------------
+# Note that this code is called both from `configure', and `config.status'
+# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably,
+# `config.status' has no value for ac_aux_dir unless we are using Automake,
+# so we pass a copy along to make sure it has a sensible value anyway.
+m4_defun([_LT_PROG_LTMAIN],
+[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
+_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
+ltmain="$ac_aux_dir/ltmain.sh"
+])# _LT_PROG_LTMAIN
+
+
+## ------------------------------------- ##
+## Accumulate code for creating libtool. ##
+## ------------------------------------- ##
+
+# So that we can recreate a full libtool script including additional
+# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
+# in macros and then make a single call at the end using the `libtool'
+# label.
+
+
+# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
+# ----------------------------------------
+# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL_INIT],
+[m4_ifval([$1],
+ [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
+ [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_INIT])
+
+
+# _LT_CONFIG_LIBTOOL([COMMANDS])
+# ------------------------------
+# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL],
+[m4_ifval([$1],
+ [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
+ [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
+
+
+# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
+# -----------------------------------------------------
+m4_defun([_LT_CONFIG_SAVE_COMMANDS],
+[_LT_CONFIG_LIBTOOL([$1])
+_LT_CONFIG_LIBTOOL_INIT([$2])
+])
+
+
+# _LT_FORMAT_COMMENT([COMMENT])
+# -----------------------------
+# Add leading comment marks to the start of each line, and a trailing
+# full-stop to the whole comment if one is not present already.
+m4_define([_LT_FORMAT_COMMENT],
+[m4_ifval([$1], [
+m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
+ [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
+)])
+
+
+
+## ------------------------ ##
+## FIXME: Eliminate VARNAME ##
+## ------------------------ ##
+
+
+# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
+# -------------------------------------------------------------------
+# CONFIGNAME is the name given to the value in the libtool script.
+# VARNAME is the (base) name used in the configure script.
+# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
+# VARNAME. Any other value will be used directly.
+m4_define([_LT_DECL],
+[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
+ [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
+ [m4_ifval([$1], [$1], [$2])])
+ lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
+ m4_ifval([$4],
+ [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
+ lt_dict_add_subkey([lt_decl_dict], [$2],
+ [tagged?], [m4_ifval([$5], [yes], [no])])])
+])
+
+
+# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
+# --------------------------------------------------------
+m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
+
+
+# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_tag_varnames],
+[_lt_decl_filter([tagged?], [yes], $@)])
+
+
+# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
+# ---------------------------------------------------------
+m4_define([_lt_decl_filter],
+[m4_case([$#],
+ [0], [m4_fatal([$0: too few arguments: $#])],
+ [1], [m4_fatal([$0: too few arguments: $#: $1])],
+ [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
+ [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
+ [lt_dict_filter([lt_decl_dict], $@)])[]dnl
+])
+
+
+# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
+# --------------------------------------------------
+m4_define([lt_decl_quote_varnames],
+[_lt_decl_filter([value], [1], $@)])
+
+
+# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_dquote_varnames],
+[_lt_decl_filter([value], [2], $@)])
+
+
+# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_varnames_tagged],
+[m4_assert([$# <= 2])dnl
+_$0(m4_quote(m4_default([$1], [[, ]])),
+ m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
+ m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
+m4_define([_lt_decl_varnames_tagged],
+[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
+
+
+# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_all_varnames],
+[_$0(m4_quote(m4_default([$1], [[, ]])),
+ m4_if([$2], [],
+ m4_quote(lt_decl_varnames),
+ m4_quote(m4_shift($@))))[]dnl
+])
+m4_define([_lt_decl_all_varnames],
+[lt_join($@, lt_decl_varnames_tagged([$1],
+ lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
+])
+
+
+# _LT_CONFIG_STATUS_DECLARE([VARNAME])
+# ------------------------------------
+# Quote a variable value, and forward it to `config.status' so that its
+# declaration there will have the same value as in `configure'. VARNAME
+# must have a single quote delimited value for this to work.
+m4_define([_LT_CONFIG_STATUS_DECLARE],
+[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`'])
+
+
+# _LT_CONFIG_STATUS_DECLARATIONS
+# ------------------------------
+# We delimit libtool config variables with single quotes, so when
+# we write them to config.status, we have to be sure to quote all
+# embedded single quotes properly. In configure, this macro expands
+# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
+#
+# <var>='`$ECHO "X$<var>" | $Xsed -e "$delay_single_quote_subst"`'
+m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
+ [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAGS
+# ----------------
+# Output comment and list of tags supported by the script
+m4_defun([_LT_LIBTOOL_TAGS],
+[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
+available_tags="_LT_TAGS"dnl
+])
+
+
+# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
+# -----------------------------------
+# Extract the dictionary values for VARNAME (optionally with TAG) and
+# expand to a commented shell variable setting:
+#
+# # Some comment about what VAR is for.
+# visible_name=$lt_internal_name
+m4_define([_LT_LIBTOOL_DECLARE],
+[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
+ [description])))[]dnl
+m4_pushdef([_libtool_name],
+ m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
+m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
+ [0], [_libtool_name=[$]$1],
+ [1], [_libtool_name=$lt_[]$1],
+ [2], [_libtool_name=$lt_[]$1],
+ [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
+m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
+])
+
+
+# _LT_LIBTOOL_CONFIG_VARS
+# -----------------------
+# Produce commented declarations of non-tagged libtool config variables
+# suitable for insertion in the LIBTOOL CONFIG section of the `libtool'
+# script. Tagged libtool config variables (even for the LIBTOOL CONFIG
+# section) are produced by _LT_LIBTOOL_TAG_VARS.
+m4_defun([_LT_LIBTOOL_CONFIG_VARS],
+[m4_foreach([_lt_var],
+ m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
+ [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAG_VARS(TAG)
+# -------------------------
+m4_define([_LT_LIBTOOL_TAG_VARS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
+ [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
+
+
+# _LT_TAGVAR(VARNAME, [TAGNAME])
+# ------------------------------
+m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
+
+
+# _LT_CONFIG_COMMANDS
+# -------------------
+# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of
+# variables for single and double quote escaping we saved from calls
+# to _LT_DECL, we can put quote escaped variables declarations
+# into `config.status', and then the shell code to quote escape them in
+# for loops in `config.status'. Finally, any additional code accumulated
+# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
+m4_defun([_LT_CONFIG_COMMANDS],
+[AC_PROVIDE_IFELSE([LT_OUTPUT],
+ dnl If the libtool generation code has been placed in $CONFIG_LT,
+ dnl instead of duplicating it all over again into config.status,
+ dnl then we will have config.status run $CONFIG_LT later, so it
+ dnl needs to know what name is stored there:
+ [AC_CONFIG_COMMANDS([libtool],
+ [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
+ dnl If the libtool generation code is destined for config.status,
+ dnl expand the accumulated commands and init code now:
+ [AC_CONFIG_COMMANDS([libtool],
+ [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
+])#_LT_CONFIG_COMMANDS
+
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
+[
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+_LT_CONFIG_STATUS_DECLARATIONS
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_quote_varnames); do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[[\\\\\\\`\\"\\\$]]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_dquote_varnames); do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[[\\\\\\\`\\"\\\$]]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\[$]0 --fallback-echo"')dnl "
+ lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\`
+ ;;
+esac
+
+_LT_OUTPUT_LIBTOOL_INIT
+])
+
+
+# LT_OUTPUT
+# ---------
+# This macro allows early generation of the libtool script (before
+# AC_OUTPUT is called), incase it is used in configure for compilation
+# tests.
+AC_DEFUN([LT_OUTPUT],
+[: ${CONFIG_LT=./config.lt}
+AC_MSG_NOTICE([creating $CONFIG_LT])
+cat >"$CONFIG_LT" <<_LTEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate a libtool stub with the current configuration.
+
+lt_cl_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AS_SHELL_SANITIZE
+_AS_PREPARE
+
+exec AS_MESSAGE_FD>&1
+exec AS_MESSAGE_LOG_FD>>config.log
+{
+ echo
+ AS_BOX([Running $as_me.])
+} >&AS_MESSAGE_LOG_FD
+
+lt_cl_help="\
+\`$as_me' creates a local libtool stub from the current configuration,
+for use in further configure time tests before the real libtool is
+generated.
+
+Usage: $[0] [[OPTIONS]]
+
+ -h, --help print this help, then exit
+ -V, --version print version number, then exit
+ -q, --quiet do not print progress messages
+ -d, --debug don't remove temporary files
+
+Report bugs to <bug-libtool@gnu.org>."
+
+lt_cl_version="\
+m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
+m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
+configured by $[0], generated by m4_PACKAGE_STRING.
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.lt script is free software; the Free Software Foundation
+gives unlimited permision to copy, distribute and modify it."
+
+while test $[#] != 0
+do
+ case $[1] in
+ --version | --v* | -V )
+ echo "$lt_cl_version"; exit 0 ;;
+ --help | --h* | -h )
+ echo "$lt_cl_help"; exit 0 ;;
+ --debug | --d* | -d )
+ debug=: ;;
+ --quiet | --q* | --silent | --s* | -q )
+ lt_cl_silent=: ;;
+
+ -*) AC_MSG_ERROR([unrecognized option: $[1]
+Try \`$[0] --help' for more information.]) ;;
+
+ *) AC_MSG_ERROR([unrecognized argument: $[1]
+Try \`$[0] --help' for more information.]) ;;
+ esac
+ shift
+done
+
+if $lt_cl_silent; then
+ exec AS_MESSAGE_FD>/dev/null
+fi
+_LTEOF
+
+cat >>"$CONFIG_LT" <<_LTEOF
+_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AC_MSG_NOTICE([creating $ofile])
+_LT_OUTPUT_LIBTOOL_COMMANDS
+AS_EXIT(0)
+_LTEOF
+chmod +x "$CONFIG_LT"
+
+# configure is writing to config.log, but config.lt does its own redirection,
+# appending to config.log, which fails on DOS, as config.log is still kept
+# open by configure. Here we exec the FD to /dev/null, effectively closing
+# config.log, so it can be properly (re)opened and appended to by config.lt.
+if test "$no_create" != yes; then
+ lt_cl_success=:
+ test "$silent" = yes &&
+ lt_config_lt_args="$lt_config_lt_args --quiet"
+ exec AS_MESSAGE_LOG_FD>/dev/null
+ $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
+ exec AS_MESSAGE_LOG_FD>>config.log
+ $lt_cl_success || AS_EXIT(1)
+fi
+])# LT_OUTPUT
+
+
+# _LT_CONFIG(TAG)
+# ---------------
+# If TAG is the built-in tag, create an initial libtool script with a
+# default configuration from the untagged config vars. Otherwise add code
+# to config.status for appending the configuration named by TAG from the
+# matching tagged config vars.
+m4_defun([_LT_CONFIG],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_CONFIG_SAVE_COMMANDS([
+ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
+ m4_if(_LT_TAG, [C], [
+ # See if we are running on zsh, and set the options which allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile="${ofile}T"
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+_LT_COPYING
+_LT_LIBTOOL_TAGS
+
+# ### BEGIN LIBTOOL CONFIG
+_LT_LIBTOOL_CONFIG_VARS
+_LT_LIBTOOL_TAG_VARS
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+ _LT_PROG_LTMAIN
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ _LT_PROG_XSI_SHELLFNS
+
+ sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+],
+[cat <<_LT_EOF >> "$ofile"
+
+dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
+dnl in a comment (ie after a #).
+# ### BEGIN LIBTOOL TAG CONFIG: $1
+_LT_LIBTOOL_TAG_VARS(_LT_TAG)
+# ### END LIBTOOL TAG CONFIG: $1
+_LT_EOF
+])dnl /m4_if
+],
+[m4_if([$1], [], [
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ TIMESTAMP='$TIMESTAMP'
+ RM='$RM'
+ ofile='$ofile'], [])
+])dnl /_LT_CONFIG_SAVE_COMMANDS
+])# _LT_CONFIG
+
+
+# LT_SUPPORTED_TAG(TAG)
+# ---------------------
+# Trace this macro to discover what tags are supported by the libtool
+# --tag option, using:
+# autoconf --trace 'LT_SUPPORTED_TAG:$1'
+AC_DEFUN([LT_SUPPORTED_TAG], [])
+
+
+# C support is built-in for now
+m4_define([_LT_LANG_C_enabled], [])
+m4_define([_LT_TAGS], [])
+
+
+# LT_LANG(LANG)
+# -------------
+# Enable libtool support for the given language if not already enabled.
+AC_DEFUN([LT_LANG],
+[AC_BEFORE([$0], [LT_OUTPUT])dnl
+m4_case([$1],
+ [C], [_LT_LANG(C)],
+ [C++], [_LT_LANG(CXX)],
+ [Java], [_LT_LANG(GCJ)],
+ [Fortran 77], [_LT_LANG(F77)],
+ [Fortran], [_LT_LANG(FC)],
+ [Windows Resource], [_LT_LANG(RC)],
+ [m4_ifdef([_LT_LANG_]$1[_CONFIG],
+ [_LT_LANG($1)],
+ [m4_fatal([$0: unsupported language: "$1"])])])dnl
+])# LT_LANG
+
+
+# _LT_LANG(LANGNAME)
+# ------------------
+m4_defun([_LT_LANG],
+[m4_ifdef([_LT_LANG_]$1[_enabled], [],
+ [LT_SUPPORTED_TAG([$1])dnl
+ m4_append([_LT_TAGS], [$1 ])dnl
+ m4_define([_LT_LANG_]$1[_enabled], [])dnl
+ _LT_LANG_$1_CONFIG($1)])dnl
+])# _LT_LANG
+
+
+# _LT_LANG_DEFAULT_CONFIG
+# -----------------------
+m4_defun([_LT_LANG_DEFAULT_CONFIG],
+[AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [LT_LANG(CXX)],
+ [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_F77],
+ [LT_LANG(F77)],
+ [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_FC],
+ [LT_LANG(FC)],
+ [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
+
+dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
+dnl pulling things in needlessly.
+AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [m4_ifdef([AC_PROG_GCJ],
+ [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
+ m4_ifdef([A][M_PROG_GCJ],
+ [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
+ m4_ifdef([LT_PROG_GCJ],
+ [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+
+AC_PROVIDE_IFELSE([LT_PROG_RC],
+ [LT_LANG(RC)],
+ [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
+])# _LT_LANG_DEFAULT_CONFIG
+
+# Obsolete macros:
+AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
+AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
+AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
+AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
+dnl AC_DEFUN([AC_LIBTOOL_F77], [])
+dnl AC_DEFUN([AC_LIBTOOL_FC], [])
+dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
+
+
+# _LT_TAG_COMPILER
+# ----------------
+m4_defun([_LT_TAG_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
+_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
+_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
+_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_TAG_COMPILER
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+m4_defun([_LT_COMPILER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+m4_defun([_LT_LINKER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+])# _LT_LINKER_BOILERPLATE
+
+# _LT_REQUIRED_DARWIN_CHECKS
+# -------------------------
+m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
+ case $host_os in
+ rhapsody* | darwin*)
+ AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
+ AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
+ AC_CHECK_TOOL([LIPO], [lipo], [:])
+ AC_CHECK_TOOL([OTOOL], [otool], [:])
+ AC_CHECK_TOOL([OTOOL64], [otool64], [:])
+ _LT_DECL([], [DSYMUTIL], [1],
+ [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
+ _LT_DECL([], [NMEDIT], [1],
+ [Tool to change global to local symbols on Mac OS X])
+ _LT_DECL([], [LIPO], [1],
+ [Tool to manipulate fat objects and archives on Mac OS X])
+ _LT_DECL([], [OTOOL], [1],
+ [ldd/readelf like tool for Mach-O binaries on Mac OS X])
+ _LT_DECL([], [OTOOL64], [1],
+ [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
+
+ AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
+ [lt_cv_apple_cc_single_mod=no
+ if test -z "${LT_MULTI_MODULE}"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi])
+ AC_CACHE_CHECK([for -exported_symbols_list linker flag],
+ [lt_cv_ld_exported_symbols_list],
+ [lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+ [lt_cv_ld_exported_symbols_list=yes],
+ [lt_cv_ld_exported_symbols_list=no])
+ LDFLAGS="$save_LDFLAGS"
+ ])
+ case $host_os in
+ rhapsody* | darwin1.[[012]])
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ 10.[[012]]*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ 10.*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+ _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ if test "$DSYMUTIL" != ":"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+])
+
+
+# _LT_DARWIN_LINKER_FEATURES
+# --------------------------
+# Checks for linker and compiler features on darwin
+m4_defun([_LT_DARWIN_LINKER_FEATURES],
+[
+ m4_require([_LT_REQUIRED_DARWIN_CHECKS])
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+ m4_if([$1], [CXX],
+[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+ fi
+],[])
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+])
+
+# _LT_SYS_MODULE_PATH_AIX
+# -----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+m4_defun([_LT_SYS_MODULE_PATH_AIX],
+[m4_require([_LT_DECL_SED])dnl
+AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_SYS_MODULE_PATH_AIX
+
+
+# _LT_SHELL_INIT(ARG)
+# -------------------
+m4_define([_LT_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+ [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+ [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_SHELL_INIT
+
+
+# _LT_PROG_ECHO_BACKSLASH
+# -----------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+m4_defun([_LT_PROG_ECHO_BACKSLASH],
+[_LT_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+ ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X[$]1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<_LT_EOF
+[$]*
+_LT_EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+ if test "X${echo_test_string+set}" != Xset; then
+ # find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+ { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+ then
+ break
+ fi
+ done
+ fi
+
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+ else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$ECHO" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ ECHO='print -r'
+ elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+ else
+ # Try using printf.
+ ECHO='printf %s\n'
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+ if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "[$]0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ ECHO=echo
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+ lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(lt_ECHO)
+])
+_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
+_LT_DECL([], [ECHO], [1],
+ [An echo program that does not interpret backslashes])
+])# _LT_PROG_ECHO_BACKSLASH
+
+
+# _LT_ENABLE_LOCK
+# ---------------
+m4_defun([_LT_ENABLE_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+ [AS_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+ [AC_LANG_PUSH(C)
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+ AC_LANG_POP])
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks="$enable_libtool_lock"
+])# _LT_ENABLE_LOCK
+
+
+# _LT_CMD_OLD_ARCHIVE
+# -------------------
+m4_defun([_LT_CMD_OLD_ARCHIVE],
+[AC_CHECK_TOOL(AR, ar, false)
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+_LT_DECL([], [AR], [1], [The archiver])
+_LT_DECL([], [AR_FLAGS], [1])
+
+AC_CHECK_TOOL(STRIP, strip, :)
+test -z "$STRIP" && STRIP=:
+_LT_DECL([], [STRIP], [1], [A symbol stripping program])
+
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+test -z "$RANLIB" && RANLIB=:
+_LT_DECL([], [RANLIB], [1],
+ [Commands used to install an old-style archive])
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+_LT_DECL([], [old_postinstall_cmds], [2])
+_LT_DECL([], [old_postuninstall_cmds], [2])
+_LT_TAGDECL([], [old_archive_cmds], [2],
+ [Commands used to build an old-style archive])
+])# _LT_CMD_OLD_ARCHIVE
+
+
+# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([_LT_COMPILER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$3"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ fi
+ $RM conftest*
+])
+
+if test x"[$]$2" = xyes; then
+ m4_if([$5], , :, [$5])
+else
+ m4_if([$6], , :, [$6])
+fi
+])# _LT_COMPILER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
+
+
+# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------
+# Check whether the given linker option works
+AC_DEFUN([_LT_LINKER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $3"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&AS_MESSAGE_LOG_FD
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ else
+ $2=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+ m4_if([$4], , :, [$4])
+else
+ m4_if([$5], , :, [$5])
+fi
+])# _LT_LINKER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
+
+
+# LT_CMD_MAX_LEN
+#---------------
+AC_DEFUN([LT_CMD_MAX_LEN],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8 ; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+ = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+ AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+ AC_MSG_RESULT(none)
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+_LT_DECL([], [max_cmd_len], [0],
+ [What is the maximum length of a command?])
+])# LT_CMD_MAX_LEN
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
+
+
+# _LT_HEADER_DLFCN
+# ----------------
+m4_defun([_LT_HEADER_DLFCN],
+[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
+])# _LT_HEADER_DLFCN
+
+
+# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ----------------------------------------------------------------
+m4_defun([_LT_TRY_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+ [$4]
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}]
+_LT_EOF
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) $1 ;;
+ x$lt_dlneed_uscore) $2 ;;
+ x$lt_dlunknown|x*) $3 ;;
+ esac
+ else :
+ # compilation failed
+ $3
+ fi
+fi
+rm -fr conftest*
+])# _LT_TRY_DLOPEN_SELF
+
+
+# LT_SYS_DLOPEN_SELF
+# ------------------
+AC_DEFUN([LT_SYS_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ])
+ ;;
+
+ *)
+ AC_CHECK_FUNC([shl_load],
+ [lt_cv_dlopen="shl_load"],
+ [AC_CHECK_LIB([dld], [shl_load],
+ [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"],
+ [AC_CHECK_FUNC([dlopen],
+ [lt_cv_dlopen="dlopen"],
+ [AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+ [AC_CHECK_LIB([svld], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+ [AC_CHECK_LIB([dld], [dld_link],
+ [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"])
+ ])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ AC_CACHE_CHECK([whether a program can dlopen itself],
+ lt_cv_dlopen_self, [dnl
+ _LT_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+ lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+ ])
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+ lt_cv_dlopen_self_static, [dnl
+ _LT_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+ lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
+ ])
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+_LT_DECL([dlopen_support], [enable_dlopen], [0],
+ [Whether dlopen is supported])
+_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
+ [Whether dlopen of programs is supported])
+_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
+ [Whether dlopen of statically linked programs is supported])
+])# LT_SYS_DLOPEN_SELF
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
+
+
+# _LT_COMPILER_C_O([TAGNAME])
+# ---------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler.
+# This macro does not hard code the compiler like AC_PROG_CC_C_O.
+m4_defun([_LT_COMPILER_C_O],
+[m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+ [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+ [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+ fi
+ fi
+ chmod u+w . 2>&AS_MESSAGE_LOG_FD
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+])
+_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
+ [Does compiler simultaneously support -c and -o options?])
+])# _LT_COMPILER_C_O
+
+
+# _LT_COMPILER_FILE_LOCKS([TAGNAME])
+# ----------------------------------
+# Check to see if we can do hard links to lock some files if needed
+m4_defun([_LT_COMPILER_FILE_LOCKS],
+[m4_require([_LT_ENABLE_LOCK])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_COMPILER_C_O([$1])
+
+hard_links="nottested"
+if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ AC_MSG_CHECKING([if we can lock with hard links])
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ AC_MSG_RESULT([$hard_links])
+ if test "$hard_links" = no; then
+ AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
+])# _LT_COMPILER_FILE_LOCKS
+
+
+# _LT_CHECK_OBJDIR
+# ----------------
+m4_defun([_LT_CHECK_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+_LT_DECL([], [objdir], [0],
+ [The name of the directory that contains temporary libtool files])dnl
+m4_pattern_allow([LT_OBJDIR])dnl
+AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/",
+ [Define to the sub-directory in which libtool stores uninstalled libraries.])
+])# _LT_CHECK_OBJDIR
+
+
+# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
+# --------------------------------------
+# Check hardcoding attributes.
+m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
+ test -n "$_LT_TAGVAR(runpath_var, $1)" ||
+ test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$_LT_TAGVAR(hardcode_direct, $1)" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+ test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then
+ # Linking always hardcodes the temporary library directory.
+ _LT_TAGVAR(hardcode_action, $1)=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ _LT_TAGVAR(hardcode_action, $1)=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ _LT_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_TAGVAR(hardcode_action, $1)" = relink ||
+ test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+_LT_TAGDECL([], [hardcode_action], [0],
+ [How to hardcode a shared library path into an executable])
+])# _LT_LINKER_HARDCODE_LIBPATH
+
+
+# _LT_CMD_STRIPLIB
+# ----------------
+m4_defun([_LT_CMD_STRIPLIB],
+[m4_require([_LT_DECL_EGREP])
+striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ ;;
+ *)
+ AC_MSG_RESULT([no])
+ ;;
+ esac
+fi
+_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
+_LT_DECL([], [striplib], [1])
+])# _LT_CMD_STRIPLIB
+
+
+# _LT_SYS_DYNAMIC_LINKER([TAG])
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+m4_defun([_LT_SYS_DYNAMIC_LINKER],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_OBJDUMP])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_MSG_CHECKING([dynamic linker characteristics])
+m4_if([$1],
+ [], [
+if test "$GCC" = yes; then
+ case $host_os in
+ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+ *) lt_awk_arg="/^libraries:/" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary.
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+ else
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+ lt_foo="";
+ lt_count=0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo="/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[[lt_foo]]++; }
+ if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
+}'`
+ sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[[4-9]]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[[01]] | aix4.[[01]].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[[45]]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+m4_if([$1], [],[
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[[123]]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
+ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[[3-9]]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
+ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+ [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
+ [shlibpath_overrides_runpath=yes])])
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[[89]] | openbsd2.[[89]].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+_LT_DECL([], [variables_saved_for_relink], [1],
+ [Variables whose values should be saved in libtool wrapper scripts and
+ restored at link time])
+_LT_DECL([], [need_lib_prefix], [0],
+ [Do we need the "lib" prefix for modules?])
+_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
+_LT_DECL([], [version_type], [0], [Library versioning type])
+_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable])
+_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
+_LT_DECL([], [shlibpath_overrides_runpath], [0],
+ [Is shlibpath searched before the hard-coded library search path?])
+_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
+_LT_DECL([], [library_names_spec], [1],
+ [[List of archive names. First name is the real one, the rest are links.
+ The last name is the one that the linker finds with -lNAME]])
+_LT_DECL([], [soname_spec], [1],
+ [[The coded name of the library, if different from the real name]])
+_LT_DECL([], [postinstall_cmds], [2],
+ [Command to use after installation of a shared archive])
+_LT_DECL([], [postuninstall_cmds], [2],
+ [Command to use after uninstallation of a shared archive])
+_LT_DECL([], [finish_cmds], [2],
+ [Commands used to finish a libtool library installation in a directory])
+_LT_DECL([], [finish_eval], [1],
+ [[As "finish_cmds", except a single script fragment to be evaled but
+ not shown]])
+_LT_DECL([], [hardcode_into_libs], [0],
+ [Whether we should hardcode library paths into libraries])
+_LT_DECL([], [sys_lib_search_path_spec], [2],
+ [Compile-time system search path for libraries])
+_LT_DECL([], [sys_lib_dlsearch_path_spec], [2],
+ [Run-time system search path for libraries])
+])# _LT_SYS_DYNAMIC_LINKER
+
+
+# _LT_PATH_TOOL_PREFIX(TOOL)
+# --------------------------
+# find a file program which can recognize shared library
+AC_DEFUN([_LT_PATH_TOOL_PREFIX],
+[m4_require([_LT_DECL_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] | ?:[\\/]*])
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word. This closes a longstanding sh security hole.
+ ac_dummy="m4_if([$2], , $PATH, [$2])"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$1; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ AC_MSG_RESULT($MAGIC_CMD)
+else
+ AC_MSG_RESULT(no)
+fi
+_LT_DECL([], [MAGIC_CMD], [0],
+ [Used to examine libraries when file_magic_cmd begins with "file"])dnl
+])# _LT_PATH_TOOL_PREFIX
+
+# Old name:
+AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
+
+
+# _LT_PATH_MAGIC
+# --------------
+# find a file program which can recognize a shared library
+m4_defun([_LT_PATH_MAGIC],
+[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+ else
+ MAGIC_CMD=:
+ fi
+fi
+])# _LT_PATH_MAGIC
+
+
+# LT_PATH_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([LT_PATH_LD],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_ARG_WITH([gnu-ld],
+ [AS_HELP_STRING([--with-gnu-ld],
+ [assume the C compiler uses GNU ld @<:@default=no@:>@])],
+ [test "$withval" = no || with_gnu_ld=yes],
+ [with_gnu_ld=no])dnl
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by $CC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]]* | ?:[[\\/]]*)
+ re_direlt='/[[^/]][[^/]]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+_LT_PATH_LD_GNU
+AC_SUBST([LD])
+
+_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
+])# LT_PATH_LD
+
+# Old names:
+AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
+AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_LD], [])
+dnl AC_DEFUN([AC_PROG_LD], [])
+
+
+# _LT_PATH_LD_GNU
+#- --------------
+m4_defun([_LT_PATH_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# _LT_PATH_LD_GNU
+
+
+# _LT_CMD_RELOAD
+# --------------
+# find reload flag for linker
+# -- PORTME Some linkers may need a different reload flag.
+m4_defun([_LT_CMD_RELOAD],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+ lt_cv_ld_reload_flag,
+ [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+_LT_DECL([], [reload_flag], [1], [How to create reloadable object files])dnl
+_LT_DECL([], [reload_cmds], [2])dnl
+])# _LT_CMD_RELOAD
+
+
+# _LT_CHECK_MAGIC_METHOD
+# ----------------------
+# how to check for library dependencies
+# -- PORTME fill in with the dynamic library characteristics
+m4_defun([_LT_CHECK_MAGIC_METHOD],
+[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
+AC_CACHE_CHECK([how to recognize dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[[4-9]]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[[45]]*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[[3-9]]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+_LT_DECL([], [deplibs_check_method], [1],
+ [Method to check whether dependent libraries are shared objects])
+_LT_DECL([], [file_magic_cmd], [1],
+ [Command to use when deplibs_check_method == "file_magic"])
+])# _LT_CHECK_MAGIC_METHOD
+
+
+# LT_PATH_NM
+# ----------
+# find the pathname to a BSD- or MS-compatible name lister
+AC_DEFUN([LT_PATH_NM],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
+[if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ : ${lt_cv_path_NM=no}
+fi])
+if test "$lt_cv_path_NM" != "no"; then
+ NM="$lt_cv_path_NM"
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :)
+ AC_SUBST([DUMPBIN])
+ if test "$DUMPBIN" != ":"; then
+ NM="$DUMPBIN"
+ fi
+fi
+test -z "$NM" && NM=nm
+AC_SUBST([NM])
+_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
+
+AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
+ [lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD)
+ cat conftest.out >&AS_MESSAGE_LOG_FD
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*])
+])# LT_PATH_NM
+
+# Old names:
+AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
+AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_NM], [])
+dnl AC_DEFUN([AC_PROG_NM], [])
+
+
+# LT_LIB_M
+# --------
+# check for math library
+AC_DEFUN([LT_LIB_M],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+ # These system don't have libm, or don't need it
+ ;;
+*-ncr-sysv4.3*)
+ AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+ AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+ ;;
+*)
+ AC_CHECK_LIB(m, cos, LIBM="-lm")
+ ;;
+esac
+AC_SUBST([LIBM])
+])# LT_LIB_M
+
+# Old name:
+AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_CHECK_LIBM], [])
+
+
+# _LT_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------
+m4_defun([_LT_COMPILER_NO_RTTI],
+[m4_require([_LT_TAG_COMPILER])dnl
+
+_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+ _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+ lt_cv_prog_compiler_rtti_exceptions,
+ [-fno-rtti -fno-exceptions], [],
+ [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
+ [Compiler flag to turn off builtin functions])
+])# _LT_COMPILER_NO_RTTI
+
+
+# _LT_CMD_GLOBAL_SYMBOLS
+# ----------------------
+m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[[BCDT]]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[[ABCDGISTW]]'
+ ;;
+hpux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDEGRST]]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[[BCDEGRST]]'
+ ;;
+osf*)
+ symcode='[[BCDEGQRST]]'
+ ;;
+solaris*)
+ symcode='[[BDRT]]'
+ ;;
+sco3.2v5*)
+ symcode='[[DT]]'
+ ;;
+sysv4.2uw2*)
+ symcode='[[DT]]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[[ABDT]]'
+ ;;
+sysv4)
+ symcode='[[DFNSTU]]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function
+ # and D for any global variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK ['"\
+" {last_section=section; section=\$ 3};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+" s[1]~/^[@?]/{print s[1], s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx]"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if AC_TRY_EVAL(ac_compile); then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[[]] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ AC_MSG_RESULT(failed)
+else
+ AC_MSG_RESULT(ok)
+fi
+
+_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
+ [Take the output of nm and produce a listing of raw symbols and C names])
+_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
+ [Transform the output of nm in a proper C declaration])
+_LT_DECL([global_symbol_to_c_name_address],
+ [lt_cv_sys_global_symbol_to_c_name_address], [1],
+ [Transform the output of nm in a C name address pair])
+_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
+ [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
+ [Transform the output of nm in a C name address pair when lib prefix is needed])
+]) # _LT_CMD_GLOBAL_SYMBOLS
+
+
+# _LT_COMPILER_PIC([TAGNAME])
+# ---------------------------
+m4_defun([_LT_COMPILER_PIC],
+[m4_require([_LT_TAG_COMPILER])dnl
+_LT_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+m4_if([$1], [CXX], [
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | cygwin* | os2* | pw32* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ interix[[3-9]]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix[[4-9]]*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ if test "$host_cpu" != ia64; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ fi
+ ;;
+ aCC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ interix*)
+ # This is c89, which is MS Visual C++ (no shared libs)
+ # Anyone wants to do a port?
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ ecpc* )
+ # old Intel C++ for x86_64 which still supported -KPIC.
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ icpc* )
+ # Intel C++, used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ xlc* | xlC*)
+ # IBM XL 8.0 on PPC
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd* | netbsdelf*-gnu)
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ vxworks*)
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+],
+[
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[[3-9]]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC (with -KPIC) is the default.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ ccc*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All Alpha code is PIC.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ xl*)
+ # IBM XL C 8.0/Fortran 10.1 on PPC
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C 5.9
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ *Sun\ F*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All OSF/1 code is PIC.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ rdos*)
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ solaris*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ unicos*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+
+ uts4*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *)
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+])
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
+ ;;
+esac
+AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
+_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
+ [How to pass a linker flag through the compiler])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
+ [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
+ [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
+ [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
+ "" | " "*) ;;
+ *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+ esac],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
+ [Additional compiler flags for building library objects])
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
+_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
+ _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
+ $lt_tmp_static_flag,
+ [],
+ [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
+_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
+ [Compiler flag to prevent dynamic linking])
+])# _LT_COMPILER_PIC
+
+
+# _LT_LINKER_SHLIBS([TAGNAME])
+# ----------------------------
+# See if the linker supports building shared libraries.
+m4_defun([_LT_LINKER_SHLIBS],
+[AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+m4_if([$1], [CXX], [
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix[[4-9]]*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+ ;;
+ cygwin* | mingw* | cegcc*)
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ linux* | k*bsd*-gnu)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+ _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+], [
+ runpath_var=
+ _LT_TAGVAR(allow_undefined_flag, $1)=
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(archive_cmds, $1)=
+ _LT_TAGVAR(archive_expsym_cmds, $1)=
+ _LT_TAGVAR(compiler_needs_object, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ _LT_TAGVAR(hardcode_automatic, $1)=no
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ _LT_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_TAGVAR(inherit_rpath, $1)=no
+ _LT_TAGVAR(link_all_deplibs, $1)=unknown
+ _LT_TAGVAR(module_cmds, $1)=
+ _LT_TAGVAR(module_expsym_cmds, $1)=
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)=
+ _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+ _LT_TAGVAR(thread_safe_flag_spec, $1)=
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ _LT_TAGVAR(include_expsyms, $1)=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+dnl Note also adjust exclude_expsyms for C++ above.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ linux* | k*bsd*-gnu)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
+ esac
+
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[[3-9]]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)=''
+ ;;
+ m68k)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ interix[[3-9]]*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ tmp_diet=no
+ if test "$host_os" = linux-dietlibc; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test "$tmp_diet" = no
+ then
+ tmp_addflag=
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ tmp_sharedflag='--shared' ;;
+ xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(compiler_needs_object, $1)=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ xlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+
+ if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
+ runpath_var=
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ fi
+ ;;
+
+ aix[[4-9]]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_TAGVAR(archive_cmds, $1)=''
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)=''
+ ;;
+ m68k)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[[45]]*)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+ # FIXME: Should let the user specify the lib program.
+ _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
+ darwin* | rhapsody*)
+ _LT_DARWIN_LINKER_FEATURES($1)
+ ;;
+
+ dgux*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ freebsd1*)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ AC_LINK_IFELSE(int foo(void) {},
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+ )
+ LDFLAGS="$save_LDFLAGS"
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(inherit_rpath, $1)=yes
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ newsos6)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ else
+ case $host_os in
+ openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ os2*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ else
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ solaris*)
+ _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='${wl}'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ ;;
+ motorola)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4.3*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+
+ if test x$host_vendor = xsni; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+])
+AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
+
+_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
+_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
+_LT_DECL([], [extract_expsyms_cmds], [2],
+ [The commands to extract the exported symbol list from a shared archive])
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+ # Assume -lc should be added
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $_LT_TAGVAR(archive_cmds, $1) in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
+ pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
+ _LT_TAGVAR(allow_undefined_flag, $1)=
+ if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
+ then
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ else
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ fi
+ _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)])
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
+ [Whether or not to add -lc for building shared libraries])
+_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
+ [enable_shared_with_static_runtimes], [0],
+ [Whether or not to disallow shared libs when runtime libs are static])
+_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
+ [Compiler flag to allow reflexive dlopens])
+_LT_TAGDECL([], [whole_archive_flag_spec], [1],
+ [Compiler flag to generate shared objects directly from archives])
+_LT_TAGDECL([], [compiler_needs_object], [1],
+ [Whether the compiler copes with passing no objects directly])
+_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
+ [Create an old-style archive from a shared archive])
+_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
+ [Create a temporary old-style archive to link instead of a shared archive])
+_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
+_LT_TAGDECL([], [archive_expsym_cmds], [2])
+_LT_TAGDECL([], [module_cmds], [2],
+ [Commands used to build a loadable module if different from building
+ a shared archive.])
+_LT_TAGDECL([], [module_expsym_cmds], [2])
+_LT_TAGDECL([], [with_gnu_ld], [1],
+ [Whether we are building with GNU ld or not])
+_LT_TAGDECL([], [allow_undefined_flag], [1],
+ [Flag that allows shared libraries with undefined symbols to be built])
+_LT_TAGDECL([], [no_undefined_flag], [1],
+ [Flag that enforces no undefined symbols])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
+ [Flag to hardcode $libdir into a binary during linking.
+ This must work even if $libdir does not exist])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
+ [[If ld is used when linking, flag to hardcode $libdir into a binary
+ during linking. This must work even if $libdir does not exist]])
+_LT_TAGDECL([], [hardcode_libdir_separator], [1],
+ [Whether we need a single "-rpath" flag with a separated argument])
+_LT_TAGDECL([], [hardcode_direct], [0],
+ [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ DIR into the resulting binary])
+_LT_TAGDECL([], [hardcode_direct_absolute], [0],
+ [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ DIR into the resulting binary and the resulting library dependency is
+ "absolute", i.e impossible to change by setting ${shlibpath_var} if the
+ library is relocated])
+_LT_TAGDECL([], [hardcode_minus_L], [0],
+ [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+ into the resulting binary])
+_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
+ [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+ into the resulting binary])
+_LT_TAGDECL([], [hardcode_automatic], [0],
+ [Set to "yes" if building a shared library automatically hardcodes DIR
+ into the library and all subsequent libraries and executables linked
+ against it])
+_LT_TAGDECL([], [inherit_rpath], [0],
+ [Set to yes if linker adds runtime paths of dependent libraries
+ to runtime path list])
+_LT_TAGDECL([], [link_all_deplibs], [0],
+ [Whether libtool must link a program against all its dependency libraries])
+_LT_TAGDECL([], [fix_srcfile_path], [1],
+ [Fix the shell variable $srcfile for the compiler])
+_LT_TAGDECL([], [always_export_symbols], [0],
+ [Set to "yes" if exported symbols are required])
+_LT_TAGDECL([], [export_symbols_cmds], [2],
+ [The commands to list exported symbols])
+_LT_TAGDECL([], [exclude_expsyms], [1],
+ [Symbols that should not be listed in the preloaded symbols])
+_LT_TAGDECL([], [include_expsyms], [1],
+ [Symbols that must always be exported])
+_LT_TAGDECL([], [prelink_cmds], [2],
+ [Commands necessary for linking programs (against libraries) with templates])
+_LT_TAGDECL([], [file_list_spec], [1],
+ [Specify filename containing input files])
+dnl FIXME: Not yet implemented
+dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
+dnl [Compiler flag to generate thread safe objects])
+])# _LT_LINKER_SHLIBS
+
+
+# _LT_LANG_C_CONFIG([TAG])
+# ------------------------
+# Ensure that the configuration variables for a C compiler are suitably
+# defined. These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_C_CONFIG],
+[m4_require([_LT_DECL_EGREP])dnl
+lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+_LT_TAG_COMPILER
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+ LT_SYS_DLOPEN_SELF
+ _LT_CMD_STRIPLIB
+
+ # Report which library types will actually be built
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_CONFIG($1)
+fi
+AC_LANG_POP
+CC="$lt_save_CC"
+])# _LT_LANG_C_CONFIG
+
+
+# _LT_PROG_CXX
+# ------------
+# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++
+# compiler, we have our own version here.
+m4_defun([_LT_PROG_CXX],
+[
+pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes])
+AC_PROG_CXX
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_PROG_CXXCPP
+else
+ _lt_caught_CXX_error=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_CXX
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_CXX], [])
+
+
+# _LT_LANG_CXX_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a C++ compiler are suitably
+# defined. These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_CXX_CONFIG],
+[AC_REQUIRE([_LT_PROG_CXX])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_LANG_PUSH(C++)
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(compiler_needs_object, $1)=no
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_caught_CXX_error" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="int some_variable = 0;"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC=$CC
+ lt_save_LD=$LD
+ lt_save_GCC=$GCC
+ GCC=$GXX
+ lt_save_with_gnu_ld=$with_gnu_ld
+ lt_save_path_LD=$lt_cv_path_LD
+ if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+ else
+ $as_unset lt_cv_prog_gnu_ld
+ fi
+ if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+ else
+ $as_unset lt_cv_path_LD
+ fi
+ test -z "${LDCXX+set}" || LD=$LDCXX
+ CC=${CXX-"c++"}
+ compiler=$CC
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+
+ if test -n "$compiler"; then
+ # We don't want -fno-exception when compiling C++ code, so set the
+ # no_builtin_flag separately
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+ else
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+ fi
+
+ if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+ LT_PATH_LD
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+ $GREP 'no-whole-archive' > /dev/null; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+ fi
+
+ # PORTME: fill in a description of your system's C++ link characteristics
+ AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_TAGVAR(archive_cmds, $1)=''
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to
+ # export.
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty
+ # executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared
+ # libraries.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ _LT_DARWIN_LINKER_FEATURES($1)
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ freebsd[[12]]*)
+ # C++ shared libraries reported to be fairly broken before
+ # switch to ELF
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ freebsd-elf*)
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+
+ freebsd* | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+
+ gnu*)
+ ;;
+
+ hpux9*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ interix[[3-9]]*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+ fi
+ fi
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+ esac
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(inherit_rpath, $1)=yes
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc* | ecpc* )
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ case `$CC -V` in
+ *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*)
+ _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+ compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+ _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+ $RANLIB $oldlib'
+ _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ *) # Version 6 will use weak symbols
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ xl*)
+ # IBM XL 8.0 on PPC, with GNU ld
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(compiler_needs_object, $1)=yes
+
+ # Not sure whether something based on
+ # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+ # would be better.
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ m88k*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+
+ *nto* | *qnx*)
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd=echo
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ case $host in
+ osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
+ *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
+ esac
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ case $host in
+ osf3*)
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ ;;
+ *)
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+ $RM $lib.exp'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ case $host in
+ osf3*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ psos*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
+ _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+ ;;
+ esac
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+ if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ fi
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+
+ AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+ test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+ _LT_TAGVAR(GCC, $1)="$GXX"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_SYS_HIDDEN_LIBDEPS($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ CC=$lt_save_CC
+ LDCXX=$LD
+ LD=$lt_save_LD
+ GCC=$lt_save_GCC
+ with_gnu_ld=$lt_save_with_gnu_ld
+ lt_cv_path_LDCXX=$lt_cv_path_LD
+ lt_cv_path_LD=$lt_save_path_LD
+ lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+ lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test "$_lt_caught_CXX_error" != yes
+
+AC_LANG_POP
+])# _LT_LANG_CXX_CONFIG
+
+
+# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
+# ---------------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+# Dependencies to place before and after the object being linked:
+_LT_TAGVAR(predep_objects, $1)=
+_LT_TAGVAR(postdep_objects, $1)=
+_LT_TAGVAR(predeps, $1)=
+_LT_TAGVAR(postdeps, $1)=
+_LT_TAGVAR(compiler_lib_search_path, $1)=
+
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library. It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
+int a;
+void foo (void) { a = 0; }
+_LT_EOF
+], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+_LT_EOF
+], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
+ subroutine foo
+ implicit none
+ integer*4 a
+ a=0
+ return
+ end
+_LT_EOF
+], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
+ subroutine foo
+ implicit none
+ integer a
+ a=0
+ return
+ end
+_LT_EOF
+], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
+public class foo {
+ private int a;
+ public void bar (void) {
+ a = 0;
+ }
+};
+_LT_EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ for p in `eval "$output_verbose_link_cmd"`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" ||
+ test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
+ _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+ else
+ _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$_LT_TAGVAR(postdeps, $1)"; then
+ _LT_TAGVAR(postdeps, $1)="${prev}${p}"
+ else
+ _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
+ _LT_TAGVAR(predep_objects, $1)="$p"
+ else
+ _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
+ fi
+ else
+ if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
+ _LT_TAGVAR(postdep_objects, $1)="$p"
+ else
+ _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$RM -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+m4_if([$1], [CXX],
+[case $host_os in
+interix[[3-9]]*)
+ # Interix 3.5 installs completely hosed .la files for C++, so rather than
+ # hack all around it, let's just trust "g++" to DTRT.
+ _LT_TAGVAR(predep_objects,$1)=
+ _LT_TAGVAR(postdep_objects,$1)=
+ _LT_TAGVAR(postdeps,$1)=
+ ;;
+
+linux*)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ if test "$solaris_use_stlport4" != yes; then
+ _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+
+solaris*)
+ case $cc_basename in
+ CC*)
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ if test "$solaris_use_stlport4" != yes; then
+ _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+esac
+])
+
+case " $_LT_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=
+if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
+ [The directories searched by this compiler when creating a shared library])
+_LT_TAGDECL([], [predep_objects], [1],
+ [Dependencies to place before and after the objects being linked to
+ create a shared library])
+_LT_TAGDECL([], [postdep_objects], [1])
+_LT_TAGDECL([], [predeps], [1])
+_LT_TAGDECL([], [postdeps], [1])
+_LT_TAGDECL([], [compiler_lib_search_path], [1],
+ [The library search path used internally by the compiler when linking
+ a shared library])
+])# _LT_SYS_HIDDEN_LIBDEPS
+
+
+# _LT_PROG_F77
+# ------------
+# Since AC_PROG_F77 is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_F77],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes])
+AC_PROG_F77
+if test -z "$F77" || test "X$F77" = "Xno"; then
+ _lt_disable_F77=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_F77
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_F77], [])
+
+
+# _LT_LANG_F77_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a Fortran 77 compiler are
+# suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_F77_CONFIG],
+[AC_REQUIRE([_LT_PROG_F77])dnl
+AC_LANG_PUSH(Fortran 77)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the F77 compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_F77" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="\
+ subroutine t
+ return
+ end
+"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code="\
+ program t
+ end
+"
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC="$CC"
+ lt_save_GCC=$GCC
+ CC=${F77-"f77"}
+ compiler=$CC
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+ GCC=$G77
+ if test -n "$compiler"; then
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_TAGVAR(GCC, $1)="$G77"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ GCC=$lt_save_GCC
+ CC="$lt_save_CC"
+fi # test "$_lt_disable_F77" != yes
+
+AC_LANG_POP
+])# _LT_LANG_F77_CONFIG
+
+
+# _LT_PROG_FC
+# -----------
+# Since AC_PROG_FC is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_FC],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes])
+AC_PROG_FC
+if test -z "$FC" || test "X$FC" = "Xno"; then
+ _lt_disable_FC=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_FC
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_FC], [])
+
+
+# _LT_LANG_FC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for a Fortran compiler are
+# suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_FC_CONFIG],
+[AC_REQUIRE([_LT_PROG_FC])dnl
+AC_LANG_PUSH(Fortran)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for fc test sources.
+ac_ext=${ac_fc_srcext-f}
+
+# Object file extension for compiled fc test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the FC compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_FC" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="\
+ subroutine t
+ return
+ end
+"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code="\
+ program t
+ end
+"
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC="$CC"
+ lt_save_GCC=$GCC
+ CC=${FC-"f95"}
+ compiler=$CC
+ GCC=$ac_cv_fc_compiler_gnu
+
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+
+ if test -n "$compiler"; then
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_SYS_HIDDEN_LIBDEPS($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ GCC=$lt_save_GCC
+ CC="$lt_save_CC"
+fi # test "$_lt_disable_FC" != yes
+
+AC_LANG_POP
+])# _LT_LANG_FC_CONFIG
+
+
+# _LT_LANG_GCJ_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Java Compiler compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_GCJ_CONFIG],
+[AC_REQUIRE([LT_PROG_GCJ])dnl
+AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)="$LD"
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC="$lt_save_CC"
+])# _LT_LANG_GCJ_CONFIG
+
+
+# _LT_LANG_RC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for the Windows resource compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_RC_CONFIG],
+[AC_REQUIRE([LT_PROG_RC])dnl
+AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=
+CC=${RC-"windres"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+if test -n "$compiler"; then
+ :
+ _LT_CONFIG($1)
+fi
+
+GCC=$lt_save_GCC
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# _LT_LANG_RC_CONFIG
+
+
+# LT_PROG_GCJ
+# -----------
+AC_DEFUN([LT_PROG_GCJ],
+[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
+ [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
+ [AC_CHECK_TOOL(GCJ, gcj,)
+ test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+ AC_SUBST(GCJFLAGS)])])[]dnl
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+
+
+# LT_PROG_RC
+# ----------
+AC_DEFUN([LT_PROG_RC],
+[AC_CHECK_TOOL(RC, windres,)
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_RC], [])
+
+
+# _LT_DECL_EGREP
+# --------------
+# If we don't have a new enough Autoconf to choose the best grep
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_EGREP],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_REQUIRE([AC_PROG_FGREP])dnl
+test -z "$GREP" && GREP=grep
+_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
+_LT_DECL([], [EGREP], [1], [An ERE matcher])
+_LT_DECL([], [FGREP], [1], [A literal string matcher])
+dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
+AC_SUBST([GREP])
+])
+
+
+# _LT_DECL_OBJDUMP
+# --------------
+# If we don't have a new enough Autoconf to choose the best objdump
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_OBJDUMP],
+[AC_CHECK_TOOL(OBJDUMP, objdump, false)
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
+AC_SUBST([OBJDUMP])
+])
+
+
+# _LT_DECL_SED
+# ------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible. Prefer GNU sed if found.
+m4_defun([_LT_DECL_SED],
+[AC_PROG_SED
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
+_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
+ [Sed that helps us avoid accidentally triggering echo(1) options like -n])
+])# _LT_DECL_SED
+
+m4_ifndef([AC_PROG_SED], [
+############################################################
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_SED. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+############################################################
+
+m4_defun([AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+IFS=$as_save_IFS
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+])
+SED=$lt_cv_path_SED
+AC_SUBST([SED])
+AC_MSG_RESULT([$SED])
+])#AC_PROG_SED
+])#m4_ifndef
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_SED], [])
+
+
+# _LT_CHECK_SHELL_FEATURES
+# ------------------------
+# Find out whether the shell is Bourne or XSI compatible,
+# or has some other useful features.
+m4_defun([_LT_CHECK_SHELL_FEATURES],
+[AC_MSG_CHECKING([whether the shell understands some XSI constructs])
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+ test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,, \
+ && eval 'test $(( 1 + 1 )) -eq 2 \
+ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+ && xsi_shell=yes
+AC_MSG_RESULT([$xsi_shell])
+_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell'])
+
+AC_MSG_CHECKING([whether the shell understands "+="])
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \
+ >/dev/null 2>&1 \
+ && lt_shell_append=yes
+AC_MSG_RESULT([$lt_shell_append])
+_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append'])
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
+_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
+])# _LT_CHECK_SHELL_FEATURES
+
+
+# _LT_PROG_XSI_SHELLFNS
+# ---------------------
+# Bourne and XSI compatible variants of some useful shell functions.
+m4_defun([_LT_PROG_XSI_SHELLFNS],
+[case $xsi_shell in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=${1%%=*}
+ func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=$(( $[*] ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=${#1}
+}
+
+_LT_EOF
+ ;;
+ *) # Bourne compatible functions.
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+dnl func_dirname_and_basename
+dnl A portable version of this function is already defined in general.m4sh
+dnl so there is no need for it here.
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+ esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[[^=]]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+ func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "$[@]"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$[1]+=\$[2]"
+}
+_LT_EOF
+ ;;
+ *)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$[1]=\$$[1]\$[2]"
+}
+
+_LT_EOF
+ ;;
+ esac
+])
--- /dev/null
+# longlong.m4 serial 13
+dnl Copyright (C) 1999-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_LONG_LONG_INT if 'long long int' works.
+# This fixes a bug in Autoconf 2.61, but can be removed once we
+# assume 2.62 everywhere.
+
+# Note: If the type 'long long int' exists but is only 32 bits large
+# (as on some very old compilers), HAVE_LONG_LONG_INT will not be
+# defined. In this case you can treat 'long long int' like 'long int'.
+
+AC_DEFUN([AC_TYPE_LONG_LONG_INT],
+[
+ AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int],
+ [AC_LINK_IFELSE(
+ [_AC_TYPE_LONG_LONG_SNIPPET],
+ [dnl This catches a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004.
+ dnl If cross compiling, assume the bug isn't important, since
+ dnl nobody cross compiles for this platform as far as we know.
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[@%:@include <limits.h>
+ @%:@ifndef LLONG_MAX
+ @%:@ define HALF \
+ (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+ @%:@ define LLONG_MAX (HALF - 1 + HALF)
+ @%:@endif]],
+ [[long long int n = 1;
+ int i;
+ for (i = 0; ; i++)
+ {
+ long long int m = n << i;
+ if (m >> i != n)
+ return 1;
+ if (LLONG_MAX / 2 < m)
+ break;
+ }
+ return 0;]])],
+ [ac_cv_type_long_long_int=yes],
+ [ac_cv_type_long_long_int=no],
+ [ac_cv_type_long_long_int=yes])],
+ [ac_cv_type_long_long_int=no])])
+ if test $ac_cv_type_long_long_int = yes; then
+ AC_DEFINE([HAVE_LONG_LONG_INT], 1,
+ [Define to 1 if the system has the type `long long int'.])
+ fi
+])
+
+# Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works.
+# This fixes a bug in Autoconf 2.61, but can be removed once we
+# assume 2.62 everywhere.
+
+# Note: If the type 'unsigned long long int' exists but is only 32 bits
+# large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT
+# will not be defined. In this case you can treat 'unsigned long long int'
+# like 'unsigned long int'.
+
+AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT],
+[
+ AC_CACHE_CHECK([for unsigned long long int],
+ [ac_cv_type_unsigned_long_long_int],
+ [AC_LINK_IFELSE(
+ [_AC_TYPE_LONG_LONG_SNIPPET],
+ [ac_cv_type_unsigned_long_long_int=yes],
+ [ac_cv_type_unsigned_long_long_int=no])])
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+ AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], 1,
+ [Define to 1 if the system has the type `unsigned long long int'.])
+ fi
+])
+
+# Expands to a C program that can be used to test for simultaneous support
+# of 'long long' and 'unsigned long long'. We don't want to say that
+# 'long long' is available if 'unsigned long long' is not, or vice versa,
+# because too many programs rely on the symmetry between signed and unsigned
+# integer types (excluding 'bool').
+AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
+[
+ AC_LANG_PROGRAM(
+ [[/* Test preprocessor. */
+ #if ! (-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ error in preprocessor;
+ #endif
+ #if ! (18446744073709551615ULL <= -1ull)
+ error in preprocessor;
+ #endif
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;]],
+ [[/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));]])
+])
--- /dev/null
+# Helper functions for option handling. -*- Autoconf -*-
+#
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltoptions.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
+
+
+# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
+# ------------------------------------------
+m4_define([_LT_MANGLE_OPTION],
+[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
+
+
+# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
+# ---------------------------------------
+# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
+# matching handler defined, dispatch to it. Other OPTION-NAMEs are
+# saved as a flag.
+m4_define([_LT_SET_OPTION],
+[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
+m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
+ _LT_MANGLE_DEFUN([$1], [$2]),
+ [m4_warning([Unknown $1 option `$2'])])[]dnl
+])
+
+
+# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
+# ------------------------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+m4_define([_LT_IF_OPTION],
+[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
+
+
+# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
+# -------------------------------------------------------
+# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
+# are set.
+m4_define([_LT_UNLESS_OPTIONS],
+[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+ [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
+ [m4_define([$0_found])])])[]dnl
+m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
+])[]dnl
+])
+
+
+# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
+# ----------------------------------------
+# OPTION-LIST is a space-separated list of Libtool options associated
+# with MACRO-NAME. If any OPTION has a matching handler declared with
+# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
+# the unknown option and exit.
+m4_defun([_LT_SET_OPTIONS],
+[# Set options
+m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+ [_LT_SET_OPTION([$1], _LT_Option)])
+
+m4_if([$1],[LT_INIT],[
+ dnl
+ dnl Simply set some default values (i.e off) if boolean options were not
+ dnl specified:
+ _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
+ ])
+ _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
+ ])
+ dnl
+ dnl If no reference was made to various pairs of opposing options, then
+ dnl we run the default mode handler for the pair. For example, if neither
+ dnl `shared' nor `disable-shared' was passed, we enable building of shared
+ dnl archives by default:
+ _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
+ _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
+ _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
+ _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
+ [_LT_ENABLE_FAST_INSTALL])
+ ])
+])# _LT_SET_OPTIONS
+
+
+## --------------------------------- ##
+## Macros to handle LT_INIT options. ##
+## --------------------------------- ##
+
+# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
+# -----------------------------------------
+m4_define([_LT_MANGLE_DEFUN],
+[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
+
+
+# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
+# -----------------------------------------------
+m4_define([LT_OPTION_DEFINE],
+[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
+])# LT_OPTION_DEFINE
+
+
+# dlopen
+# ------
+LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
+])
+
+AU_DEFUN([AC_LIBTOOL_DLOPEN],
+[_LT_SET_OPTION([LT_INIT], [dlopen])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `dlopen' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
+
+
+# win32-dll
+# ---------
+# Declare package support for building win32 dll's.
+LT_OPTION_DEFINE([LT_INIT], [win32-dll],
+[enable_win32_dll=yes
+
+case $host in
+*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*)
+ AC_CHECK_TOOL(AS, as, false)
+ AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+ AC_CHECK_TOOL(OBJDUMP, objdump, false)
+ ;;
+esac
+
+test -z "$AS" && AS=as
+_LT_DECL([], [AS], [0], [Assembler program])dnl
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl
+])# win32-dll
+
+AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+_LT_SET_OPTION([LT_INIT], [win32-dll])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `win32-dll' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
+
+
+# _LT_ENABLE_SHARED([DEFAULT])
+# ----------------------------
+# implement the --enable-shared flag, and supports the `shared' and
+# `disable-shared' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_SHARED],
+[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([shared],
+ [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+ [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
+
+ _LT_DECL([build_libtool_libs], [enable_shared], [0],
+ [Whether or not to build shared libraries])
+])# _LT_ENABLE_SHARED
+
+LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
+])
+
+AC_DEFUN([AC_DISABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], [disable-shared])
+])
+
+AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_SHARED], [])
+dnl AC_DEFUN([AM_DISABLE_SHARED], [])
+
+
+
+# _LT_ENABLE_STATIC([DEFAULT])
+# ----------------------------
+# implement the --enable-static flag, and support the `static' and
+# `disable-static' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_STATIC],
+[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([static],
+ [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+ [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
+
+ _LT_DECL([build_old_libs], [enable_static], [0],
+ [Whether or not to build static libraries])
+])# _LT_ENABLE_STATIC
+
+LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
+])
+
+AC_DEFUN([AC_DISABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], [disable-static])
+])
+
+AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_STATIC], [])
+dnl AC_DEFUN([AM_DISABLE_STATIC], [])
+
+
+
+# _LT_ENABLE_FAST_INSTALL([DEFAULT])
+# ----------------------------------
+# implement the --enable-fast-install flag, and support the `fast-install'
+# and `disable-fast-install' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_FAST_INSTALL],
+[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([fast-install],
+ [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+ [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
+
+_LT_DECL([fast_install], [enable_fast_install], [0],
+ [Whether or not to optimize for fast installation])dnl
+])# _LT_ENABLE_FAST_INSTALL
+
+LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
+
+# Old names:
+AU_DEFUN([AC_ENABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `fast-install' option into LT_INIT's first parameter.])
+])
+
+AU_DEFUN([AC_DISABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `disable-fast-install' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
+dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
+
+
+# _LT_WITH_PIC([MODE])
+# --------------------
+# implement the --with-pic flag, and support the `pic-only' and `no-pic'
+# LT_INIT options.
+# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
+m4_define([_LT_WITH_PIC],
+[AC_ARG_WITH([pic],
+ [AS_HELP_STRING([--with-pic],
+ [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+ [pic_mode="$withval"],
+ [pic_mode=default])
+
+test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
+
+_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
+])# _LT_WITH_PIC
+
+LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
+
+# Old name:
+AU_DEFUN([AC_LIBTOOL_PICMODE],
+[_LT_SET_OPTION([LT_INIT], [pic-only])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `pic-only' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
+
+## ----------------- ##
+## LTDL_INIT Options ##
+## ----------------- ##
+
+m4_define([_LTDL_MODE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
+ [m4_define([_LTDL_MODE], [nonrecursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [recursive],
+ [m4_define([_LTDL_MODE], [recursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [subproject],
+ [m4_define([_LTDL_MODE], [subproject])])
+
+m4_define([_LTDL_TYPE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [installable],
+ [m4_define([_LTDL_TYPE], [installable])])
+LT_OPTION_DEFINE([LTDL_INIT], [convenience],
+ [m4_define([_LTDL_TYPE], [convenience])])
--- /dev/null
+# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
+#
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltsugar.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
+
+
+# lt_join(SEP, ARG1, [ARG2...])
+# -----------------------------
+# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
+# associated separator.
+# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
+# versions in m4sugar had bugs.
+m4_define([lt_join],
+[m4_if([$#], [1], [],
+ [$#], [2], [[$2]],
+ [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
+m4_define([_lt_join],
+[m4_if([$#$2], [2], [],
+ [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
+
+
+# lt_car(LIST)
+# lt_cdr(LIST)
+# ------------
+# Manipulate m4 lists.
+# These macros are necessary as long as will still need to support
+# Autoconf-2.59 which quotes differently.
+m4_define([lt_car], [[$1]])
+m4_define([lt_cdr],
+[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
+ [$#], 1, [],
+ [m4_dquote(m4_shift($@))])])
+m4_define([lt_unquote], $1)
+
+
+# lt_append(MACRO-NAME, STRING, [SEPARATOR])
+# ------------------------------------------
+# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
+# Note that neither SEPARATOR nor STRING are expanded; they are appended
+# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
+# No SEPARATOR is output if MACRO-NAME was previously undefined (different
+# than defined and empty).
+#
+# This macro is needed until we can rely on Autoconf 2.62, since earlier
+# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
+m4_define([lt_append],
+[m4_define([$1],
+ m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
+
+
+
+# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
+# ----------------------------------------------------------
+# Produce a SEP delimited list of all paired combinations of elements of
+# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
+# has the form PREFIXmINFIXSUFFIXn.
+# Needed until we can rely on m4_combine added in Autoconf 2.62.
+m4_define([lt_combine],
+[m4_if(m4_eval([$# > 3]), [1],
+ [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
+[[m4_foreach([_Lt_prefix], [$2],
+ [m4_foreach([_Lt_suffix],
+ ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
+ [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
+
+
+# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
+# -----------------------------------------------------------------------
+# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
+# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
+m4_define([lt_if_append_uniq],
+[m4_ifdef([$1],
+ [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
+ [lt_append([$1], [$2], [$3])$4],
+ [$5])],
+ [lt_append([$1], [$2], [$3])$4])])
+
+
+# lt_dict_add(DICT, KEY, VALUE)
+# -----------------------------
+m4_define([lt_dict_add],
+[m4_define([$1($2)], [$3])])
+
+
+# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
+# --------------------------------------------
+m4_define([lt_dict_add_subkey],
+[m4_define([$1($2:$3)], [$4])])
+
+
+# lt_dict_fetch(DICT, KEY, [SUBKEY])
+# ----------------------------------
+m4_define([lt_dict_fetch],
+[m4_ifval([$3],
+ m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
+ m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
+
+
+# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
+# -----------------------------------------------------------------
+m4_define([lt_if_dict_fetch],
+[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
+ [$5],
+ [$6])])
+
+
+# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
+# --------------------------------------------------------------
+m4_define([lt_dict_filter],
+[m4_if([$5], [], [],
+ [lt_join(m4_quote(m4_default([$4], [[, ]])),
+ lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
+ [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
+])
--- /dev/null
+# ltversion.m4 -- version numbers -*- Autoconf -*-
+#
+# Copyright (C) 2004 Free Software Foundation, Inc.
+# Written by Scott James Remnant, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# Generated from ltversion.in.
+
+# serial 3017 ltversion.m4
+# This file is part of GNU Libtool
+
+m4_define([LT_PACKAGE_VERSION], [2.2.6b])
+m4_define([LT_PACKAGE_REVISION], [1.3017])
+
+AC_DEFUN([LTVERSION_VERSION],
+[macro_version='2.2.6b'
+macro_revision='1.3017'
+_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
+_LT_DECL(, macro_revision, 0)
+])
--- /dev/null
+# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
+#
+# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
+# Written by Scott James Remnant, 2004.
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 4 lt~obsolete.m4
+
+# These exist entirely to fool aclocal when bootstrapping libtool.
+#
+# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
+# which have later been changed to m4_define as they aren't part of the
+# exported API, or moved to Autoconf or Automake where they belong.
+#
+# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
+# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
+# using a macro with the same name in our local m4/libtool.m4 it'll
+# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
+# and doesn't know about Autoconf macros at all.)
+#
+# So we provide this file, which has a silly filename so it's always
+# included after everything else. This provides aclocal with the
+# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
+# because those macros already exist, or will be overwritten later.
+# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
+#
+# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
+# Yes, that means every name once taken will need to remain here until
+# we give up compatibility with versions before 1.7, at which point
+# we need to keep only those names which we still refer to.
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
+
+m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
+m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
+m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
+m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
+m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
+m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
+m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
+m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
+m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
+m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
+m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
+m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
+m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
+m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
+m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
+m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
+m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
+m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
+m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
+m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
+m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
+m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
+m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
+m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
+m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
+m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
+m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
+m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
+m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
+m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
+m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
+m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
+m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
+m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
+m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
+m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
+m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
+m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
+m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])])
+m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
+m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
+m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
+m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
+m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
+m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
+m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
+m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
--- /dev/null
+# nls.m4 serial 3 (gettext-0.15)
+dnl Copyright (C) 1995-2003, 2005-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
+
+AC_PREREQ(2.50)
+
+AC_DEFUN([AM_NLS],
+[
+ AC_MSG_CHECKING([whether NLS is requested])
+ dnl Default is enabled NLS
+ AC_ARG_ENABLE(nls,
+ [ --disable-nls do not use Native Language Support],
+ USE_NLS=$enableval, USE_NLS=yes)
+ AC_MSG_RESULT($USE_NLS)
+ AC_SUBST(USE_NLS)
+])
--- /dev/null
+# po.m4 serial 15 (gettext-0.17)
+dnl Copyright (C) 1995-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
+
+AC_PREREQ(2.50)
+
+dnl Checks for all prerequisites of the po subdirectory.
+AC_DEFUN([AM_PO_SUBDIRS],
+[
+ AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+ AC_REQUIRE([AC_PROG_INSTALL])dnl
+ AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
+ AC_REQUIRE([AM_NLS])dnl
+
+ dnl Release version of the gettext macros. This is used to ensure that
+ dnl the gettext macros and po/Makefile.in.in are in sync.
+ AC_SUBST([GETTEXT_MACRO_VERSION], [0.17])
+
+ dnl Perform the following tests also if --disable-nls has been given,
+ dnl because they are needed for "make dist" to work.
+
+ dnl Search for GNU msgfmt in the PATH.
+ dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions.
+ dnl The second test excludes FreeBSD msgfmt.
+ AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
+ [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
+ (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
+ :)
+ AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
+
+ dnl Test whether it is GNU msgfmt >= 0.15.
+changequote(,)dnl
+ case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;;
+ *) MSGFMT_015=$MSGFMT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([MSGFMT_015])
+changequote(,)dnl
+ case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;;
+ *) GMSGFMT_015=$GMSGFMT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([GMSGFMT_015])
+
+ dnl Search for GNU xgettext 0.12 or newer in the PATH.
+ dnl The first test excludes Solaris xgettext and early GNU xgettext versions.
+ dnl The second test excludes FreeBSD xgettext.
+ AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
+ [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
+ (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
+ :)
+ dnl Remove leftover from FreeBSD xgettext call.
+ rm -f messages.po
+
+ dnl Test whether it is GNU xgettext >= 0.15.
+changequote(,)dnl
+ case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;;
+ *) XGETTEXT_015=$XGETTEXT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([XGETTEXT_015])
+
+ dnl Search for GNU msgmerge 0.11 or newer in the PATH.
+ AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge,
+ [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :)
+
+ dnl Installation directories.
+ dnl Autoconf >= 2.60 defines localedir. For older versions of autoconf, we
+ dnl have to define it here, so that it can be used in po/Makefile.
+ test -n "$localedir" || localedir='${datadir}/locale'
+ AC_SUBST([localedir])
+
+ dnl Support for AM_XGETTEXT_OPTION.
+ test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS=
+ AC_SUBST([XGETTEXT_EXTRA_OPTIONS])
+
+ AC_CONFIG_COMMANDS([po-directories], [[
+ for ac_file in $CONFIG_FILES; do
+ # Support "outfile[:infile[:infile...]]"
+ case "$ac_file" in
+ *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+ esac
+ # PO directories have a Makefile.in generated from Makefile.in.in.
+ case "$ac_file" in */Makefile.in)
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+ # Treat a directory as a PO directory if and only if it has a
+ # POTFILES.in file. This allows packages to have multiple PO
+ # directories under different names or in different locations.
+ if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
+ rm -f "$ac_dir/POTFILES"
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
+ cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
+ POMAKEFILEDEPS="POTFILES.in"
+ # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
+ # on $ac_dir but don't depend on user-specified configuration
+ # parameters.
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # The set of available languages was given in configure.in.
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
+ fi
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ done
+ fi
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
+ sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
+ for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
+ if test -f "$f"; then
+ case "$f" in
+ *.orig | *.bak | *~) ;;
+ *) cat "$f" >> "$ac_dir/Makefile" ;;
+ esac
+ fi
+ done
+ fi
+ ;;
+ esac
+ done]],
+ [# Capture the value of obsolete ALL_LINGUAS because we need it to compute
+ # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
+ # from automake < 1.5.
+ eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
+ # Capture the value of LINGUAS because we need it to compute CATALOGS.
+ LINGUAS="${LINGUAS-%UNSET%}"
+ ])
+])
+
+dnl Postprocesses a Makefile in a directory containing PO files.
+AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE],
+[
+ # When this code is run, in config.status, two variables have already been
+ # set:
+ # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in,
+ # - LINGUAS is the value of the environment variable LINGUAS at configure
+ # time.
+
+changequote(,)dnl
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+
+ # Find a way to echo strings without interpreting backslash.
+ if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then
+ gt_echo='echo'
+ else
+ if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then
+ gt_echo='printf %s\n'
+ else
+ echo_func () {
+ cat <<EOT
+$*
+EOT
+ }
+ gt_echo='echo_func'
+ fi
+ fi
+
+ # A sed script that extracts the value of VARIABLE from a Makefile.
+ sed_x_variable='
+# Test if the hold space is empty.
+x
+s/P/P/
+x
+ta
+# Yes it was empty. Look if we have the expected variable definition.
+/^[ ]*VARIABLE[ ]*=/{
+ # Seen the first line of the variable definition.
+ s/^[ ]*VARIABLE[ ]*=//
+ ba
+}
+bd
+:a
+# Here we are processing a line from the variable definition.
+# Remove comment, more precisely replace it with a space.
+s/#.*$/ /
+# See if the line ends in a backslash.
+tb
+:b
+s/\\$//
+# Print the line, without the trailing backslash.
+p
+tc
+# There was no trailing backslash. The end of the variable definition is
+# reached. Clear the hold space.
+s/^.*$//
+x
+bd
+:c
+# A trailing backslash means that the variable definition continues in the
+# next line. Put a nonempty string into the hold space to indicate this.
+s/^.*$/P/
+x
+:d
+'
+changequote([,])dnl
+
+ # Set POTFILES to the value of the Makefile variable POTFILES.
+ sed_x_POTFILES=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/POTFILES/g'`
+ POTFILES=`sed -n -e "$sed_x_POTFILES" < "$ac_file"`
+ # Compute POTFILES_DEPS as
+ # $(foreach file, $(POTFILES), $(top_srcdir)/$(file))
+ POTFILES_DEPS=
+ for file in $POTFILES; do
+ POTFILES_DEPS="$POTFILES_DEPS "'$(top_srcdir)/'"$file"
+ done
+ POMAKEFILEDEPS=""
+
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # Set ALL_LINGUAS to the value of the Makefile variable LINGUAS.
+ sed_x_LINGUAS=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/LINGUAS/g'`
+ ALL_LINGUAS_=`sed -n -e "$sed_x_LINGUAS" < "$ac_file"`
+ fi
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ # Compute PROPERTIESFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).properties)
+ # Compute CLASSFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).class)
+ # Compute QMFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).qm)
+ # Compute MSGFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang)).msg)
+ # Compute RESOURCESDLLFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang))/$(DOMAIN).resources.dll)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ PROPERTIESFILES=
+ CLASSFILES=
+ QMFILES=
+ MSGFILES=
+ RESOURCESDLLFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ PROPERTIESFILES="$PROPERTIESFILES \$(top_srcdir)/\$(DOMAIN)_$lang.properties"
+ CLASSFILES="$CLASSFILES \$(top_srcdir)/\$(DOMAIN)_$lang.class"
+ QMFILES="$QMFILES $srcdirpre$lang.qm"
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ MSGFILES="$MSGFILES $srcdirpre$frobbedlang.msg"
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ RESOURCESDLLFILES="$RESOURCESDLLFILES $srcdirpre$frobbedlang/\$(DOMAIN).resources.dll"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ JAVACATALOGS=
+ QTCATALOGS=
+ TCLCATALOGS=
+ CSHARPCATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ JAVACATALOGS="$JAVACATALOGS \$(DOMAIN)_$lang.properties"
+ QTCATALOGS="$QTCATALOGS $lang.qm"
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ TCLCATALOGS="$TCLCATALOGS $frobbedlang.msg"
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ CSHARPCATALOGS="$CSHARPCATALOGS $frobbedlang/\$(DOMAIN).resources.dll"
+ done
+ fi
+
+ sed -e "s|@POTFILES_DEPS@|$POTFILES_DEPS|g" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@PROPERTIESFILES@|$PROPERTIESFILES|g" -e "s|@CLASSFILES@|$CLASSFILES|g" -e "s|@QMFILES@|$QMFILES|g" -e "s|@MSGFILES@|$MSGFILES|g" -e "s|@RESOURCESDLLFILES@|$RESOURCESDLLFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@JAVACATALOGS@|$JAVACATALOGS|g" -e "s|@QTCATALOGS@|$QTCATALOGS|g" -e "s|@TCLCATALOGS@|$TCLCATALOGS|g" -e "s|@CSHARPCATALOGS@|$CSHARPCATALOGS|g" -e 's,^#distdir:,distdir:,' < "$ac_file" > "$ac_file.tmp"
+ if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then
+ # Add dependencies that cannot be formulated as a simple suffix rule.
+ for lang in $ALL_LINGUAS; do
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ cat >> "$ac_file.tmp" <<EOF
+$frobbedlang.msg: $lang.po
+ @echo "\$(MSGFMT) -c --tcl -d \$(srcdir) -l $lang $srcdirpre$lang.po"; \
+ \$(MSGFMT) -c --tcl -d "\$(srcdir)" -l $lang $srcdirpre$lang.po || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
+EOF
+ done
+ fi
+ if grep -l '@CSHARPCATALOGS@' "$ac_file" > /dev/null; then
+ # Add dependencies that cannot be formulated as a simple suffix rule.
+ for lang in $ALL_LINGUAS; do
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ cat >> "$ac_file.tmp" <<EOF
+$frobbedlang/\$(DOMAIN).resources.dll: $lang.po
+ @echo "\$(MSGFMT) -c --csharp -d \$(srcdir) -l $lang $srcdirpre$lang.po -r \$(DOMAIN)"; \
+ \$(MSGFMT) -c --csharp -d "\$(srcdir)" -l $lang $srcdirpre$lang.po -r "\$(DOMAIN)" || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
+EOF
+ done
+ fi
+ if test -n "$POMAKEFILEDEPS"; then
+ cat >> "$ac_file.tmp" <<EOF
+Makefile: $POMAKEFILEDEPS
+EOF
+ fi
+ mv "$ac_file.tmp" "$ac_file"
+])
+
+dnl Initializes the accumulator used by AM_XGETTEXT_OPTION.
+AC_DEFUN([AM_XGETTEXT_OPTION_INIT],
+[
+ XGETTEXT_EXTRA_OPTIONS=
+])
+
+dnl Registers an option to be passed to xgettext in the po subdirectory.
+AC_DEFUN([AM_XGETTEXT_OPTION],
+[
+ AC_REQUIRE([AM_XGETTEXT_OPTION_INIT])
+ XGETTEXT_EXTRA_OPTIONS="$XGETTEXT_EXTRA_OPTIONS $1"
+])
--- /dev/null
+# progtest.m4 serial 4 (gettext-0.14.2)
+dnl Copyright (C) 1996-2003, 2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1996.
+
+AC_PREREQ(2.50)
+
+# Search path for a program which passes the given test.
+
+dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR,
+dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]])
+AC_DEFUN([AM_PATH_PROG_WITH_TEST],
+[
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+
+# Find out how to test for executable files. Don't use a zero-byte file,
+# as systems may use methods other than mode bits to determine executability.
+cat >conf$$.file <<_ASEOF
+#! /bin/sh
+exit 0
+_ASEOF
+chmod +x conf$$.file
+if test -x conf$$.file >/dev/null 2>&1; then
+ ac_executable_p="test -x"
+else
+ ac_executable_p="test -f"
+fi
+rm -f conf$$.file
+
+# Extract the first word of "$2", so it can be a program name with args.
+set dummy $2; ac_word=[$]2
+AC_MSG_CHECKING([for $ac_word])
+AC_CACHE_VAL(ac_cv_path_$1,
+[case "[$]$1" in
+ [[\\/]]* | ?:[[\\/]]*)
+ ac_cv_path_$1="[$]$1" # Let the user override the test with a path.
+ ;;
+ *)
+ ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in ifelse([$5], , $PATH, [$5]); do
+ IFS="$ac_save_IFS"
+ test -z "$ac_dir" && ac_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then
+ echo "$as_me: trying $ac_dir/$ac_word..." >&AS_MESSAGE_LOG_FD
+ if [$3]; then
+ ac_cv_path_$1="$ac_dir/$ac_word$ac_exec_ext"
+ break 2
+ fi
+ fi
+ done
+ done
+ IFS="$ac_save_IFS"
+dnl If no 4th arg is given, leave the cache variable unset,
+dnl so AC_PATH_PROGS will keep looking.
+ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4"
+])dnl
+ ;;
+esac])dnl
+$1="$ac_cv_path_$1"
+if test ifelse([$4], , [-n "[$]$1"], ["[$]$1" != "$4"]); then
+ AC_MSG_RESULT([$]$1)
+else
+ AC_MSG_RESULT(no)
+fi
+AC_SUBST($1)dnl
+])
--- /dev/null
+# size_max.m4 serial 6
+dnl Copyright (C) 2003, 2005-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([gl_SIZE_MAX],
+[
+ AC_CHECK_HEADERS(stdint.h)
+ dnl First test whether the system already has SIZE_MAX.
+ AC_MSG_CHECKING([for SIZE_MAX])
+ AC_CACHE_VAL([gl_cv_size_max], [
+ gl_cv_size_max=
+ AC_EGREP_CPP([Found it], [
+#include <limits.h>
+#if HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef SIZE_MAX
+Found it
+#endif
+], gl_cv_size_max=yes)
+ if test -z "$gl_cv_size_max"; then
+ dnl Define it ourselves. Here we assume that the type 'size_t' is not wider
+ dnl than the type 'unsigned long'. Try hard to find a definition that can
+ dnl be used in a preprocessor #if, i.e. doesn't contain a cast.
+ AC_COMPUTE_INT([size_t_bits_minus_1], [sizeof (size_t) * CHAR_BIT - 1],
+ [#include <stddef.h>
+#include <limits.h>], size_t_bits_minus_1=)
+ AC_COMPUTE_INT([fits_in_uint], [sizeof (size_t) <= sizeof (unsigned int)],
+ [#include <stddef.h>], fits_in_uint=)
+ if test -n "$size_t_bits_minus_1" && test -n "$fits_in_uint"; then
+ if test $fits_in_uint = 1; then
+ dnl Even though SIZE_MAX fits in an unsigned int, it must be of type
+ dnl 'unsigned long' if the type 'size_t' is the same as 'unsigned long'.
+ AC_TRY_COMPILE([#include <stddef.h>
+ extern size_t foo;
+ extern unsigned long foo;
+ ], [], fits_in_uint=0)
+ fi
+ dnl We cannot use 'expr' to simplify this expression, because 'expr'
+ dnl works only with 'long' integers in the host environment, while we
+ dnl might be cross-compiling from a 32-bit platform to a 64-bit platform.
+ if test $fits_in_uint = 1; then
+ gl_cv_size_max="(((1U << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ else
+ gl_cv_size_max="(((1UL << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ fi
+ else
+ dnl Shouldn't happen, but who knows...
+ gl_cv_size_max='((size_t)~(size_t)0)'
+ fi
+ fi
+ ])
+ AC_MSG_RESULT([$gl_cv_size_max])
+ if test "$gl_cv_size_max" != yes; then
+ AC_DEFINE_UNQUOTED([SIZE_MAX], [$gl_cv_size_max],
+ [Define as the maximum value of type 'size_t', if the system doesn't define it.])
+ fi
+])
+
+dnl Autoconf >= 2.61 has AC_COMPUTE_INT built-in.
+dnl Remove this when we can assume autoconf >= 2.61.
+m4_ifdef([AC_COMPUTE_INT], [], [
+ AC_DEFUN([AC_COMPUTE_INT], [_AC_COMPUTE_INT([$2],[$1],[$3],[$4])])
+])
--- /dev/null
+# stdint_h.m4 serial 6
+dnl Copyright (C) 1997-2004, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_STDINT_H_WITH_UINTMAX if <stdint.h> exists,
+# doesn't clash with <sys/types.h>, and declares uintmax_t.
+
+AC_DEFUN([gl_AC_HEADER_STDINT_H],
+[
+ AC_CACHE_CHECK([for stdint.h], gl_cv_header_stdint_h,
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#include <stdint.h>],
+ [uintmax_t i = (uintmax_t) -1; return !i;],
+ gl_cv_header_stdint_h=yes,
+ gl_cv_header_stdint_h=no)])
+ if test $gl_cv_header_stdint_h = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_STDINT_H_WITH_UINTMAX, 1,
+ [Define if <stdint.h> exists, doesn't clash with <sys/types.h>,
+ and declares uintmax_t. ])
+ fi
+])
--- /dev/null
+# wchar_t.m4 serial 1 (gettext-0.12)
+dnl Copyright (C) 2002-2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether <stddef.h> has the 'wchar_t' type.
+dnl Prerequisite: AC_PROG_CC
+
+AC_DEFUN([gt_TYPE_WCHAR_T],
+[
+ AC_CACHE_CHECK([for wchar_t], gt_cv_c_wchar_t,
+ [AC_TRY_COMPILE([#include <stddef.h>
+ wchar_t foo = (wchar_t)'\0';], ,
+ gt_cv_c_wchar_t=yes, gt_cv_c_wchar_t=no)])
+ if test $gt_cv_c_wchar_t = yes; then
+ AC_DEFINE(HAVE_WCHAR_T, 1, [Define if you have the 'wchar_t' type.])
+ fi
+])
--- /dev/null
+# wint_t.m4 serial 2 (gettext-0.17)
+dnl Copyright (C) 2003, 2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether <wchar.h> has the 'wint_t' type.
+dnl Prerequisite: AC_PROG_CC
+
+AC_DEFUN([gt_TYPE_WINT_T],
+[
+ AC_CACHE_CHECK([for wint_t], gt_cv_c_wint_t,
+ [AC_TRY_COMPILE([
+/* Tru64 with Desktop Toolkit C has a bug: <stdio.h> must be included before
+ <wchar.h>.
+ BSD/OS 4.0.1 has a bug: <stddef.h>, <stdio.h> and <time.h> must be included
+ before <wchar.h>. */
+#include <stddef.h>
+#include <stdio.h>
+#include <time.h>
+#include <wchar.h>
+ wint_t foo = (wchar_t)'\0';], ,
+ gt_cv_c_wint_t=yes, gt_cv_c_wint_t=no)])
+ if test $gt_cv_c_wint_t = yes; then
+ AC_DEFINE(HAVE_WINT_T, 1, [Define if you have the 'wint_t' type.])
+ fi
+])
--- /dev/null
+# xsize.m4 serial 3
+dnl Copyright (C) 2003-2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_XSIZE],
+[
+ dnl Prerequisites of lib/xsize.h.
+ AC_REQUIRE([gl_SIZE_MAX])
+ AC_REQUIRE([AC_C_INLINE])
+ AC_CHECK_HEADERS(stdint.h)
+])
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+# Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+AM_CPPFLAGS = -DASN1_BUILDING \
+ -I$(srcdir)/../gl \
+ -I$(builddir)/../gl \
+ -I$(srcdir)/..
+
+noinst_LTLIBRARIES = libminitasn1.la
+
+libminitasn1_la_SOURCES = libtasn1.h gstr.h int.h parser_aux.h \
+ structure.h element.h decoding.c gstr.c errors.c parser_aux.c \
+ structure.c element.c coding.c version.c
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+# Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = minitasn1
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libminitasn1_la_LIBADD =
+am_libminitasn1_la_OBJECTS = decoding.lo gstr.lo errors.lo \
+ parser_aux.lo structure.lo element.lo coding.lo version.lo
+libminitasn1_la_OBJECTS = $(am_libminitasn1_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libminitasn1_la_SOURCES)
+DIST_SOURCES = $(libminitasn1_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CPPFLAGS = -DASN1_BUILDING \
+ -I$(srcdir)/../gl \
+ -I$(builddir)/../gl \
+ -I$(srcdir)/..
+
+noinst_LTLIBRARIES = libminitasn1.la
+libminitasn1_la_SOURCES = libtasn1.h gstr.h int.h parser_aux.h \
+ structure.h element.h decoding.c gstr.c errors.c parser_aux.c \
+ structure.c element.c coding.c version.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign minitasn1/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign minitasn1/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libminitasn1.la: $(libminitasn1_la_OBJECTS) $(libminitasn1_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(libminitasn1_la_OBJECTS) $(libminitasn1_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/coding.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/decoding.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/element.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/errors.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gstr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser_aux.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/structure.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/version.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+/*
+ * Copyright (C) 2002, 2004, 2006, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+
+/*****************************************************/
+/* File: coding.c */
+/* Description: Functions to create a DER coding of */
+/* an ASN1 type. */
+/*****************************************************/
+
+#include <int.h>
+#include "parser_aux.h"
+#include <gstr.h>
+#include "element.h"
+#include <structure.h>
+
+#define MAX_TAG_LEN 16
+
+/******************************************************/
+/* Function : _asn1_error_description_value_not_found */
+/* Description: creates the ErrorDescription string */
+/* for the ASN1_VALUE_NOT_FOUND error. */
+/* Parameters: */
+/* node: node of the tree where the value is NULL. */
+/* ErrorDescription: string returned. */
+/* Return: */
+/******************************************************/
+static void
+_asn1_error_description_value_not_found (ASN1_TYPE node,
+ char *ErrorDescription)
+{
+
+ if (ErrorDescription == NULL)
+ return;
+
+ Estrcpy (ErrorDescription, ":: value of element '");
+ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat (ErrorDescription, "' not found");
+
+}
+
+/**
+ * asn1_length_der:
+ * @len: value to convert.
+ * @ans: string returned.
+ * @ans_len: number of meaningful bytes of ANS (ans[0]..ans[ans_len-1]).
+ *
+ * Creates the DER coding for the LEN parameter (only the length).
+ * The @ans buffer is pre-allocated and must have room for the output.
+ **/
+void
+asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len)
+{
+ int k;
+ unsigned char temp[SIZEOF_UNSIGNED_LONG_INT];
+
+ if (len < 128)
+ {
+ /* short form */
+ if (ans != NULL)
+ ans[0] = (unsigned char) len;
+ *ans_len = 1;
+ }
+ else
+ {
+ /* Long form */
+ k = 0;
+ while (len)
+ {
+ temp[k++] = len & 0xFF;
+ len = len >> 8;
+ }
+ *ans_len = k + 1;
+ if (ans != NULL)
+ {
+ ans[0] = ((unsigned char) k & 0x7F) + 128;
+ while (k--)
+ ans[*ans_len - 1 - k] = temp[k];
+ }
+ }
+}
+
+/******************************************************/
+/* Function : _asn1_tag_der */
+/* Description: creates the DER coding for the CLASS */
+/* and TAG parameters. */
+/* Parameters: */
+/* class: value to convert. */
+/* tag_value: value to convert. */
+/* ans: string returned. */
+/* ans_len: number of meaningful bytes of ANS */
+/* (ans[0]..ans[ans_len-1]). */
+/* Return: */
+/******************************************************/
+static void
+_asn1_tag_der (unsigned char class, unsigned int tag_value,
+ unsigned char *ans, int *ans_len)
+{
+ int k;
+ unsigned char temp[SIZEOF_UNSIGNED_INT];
+
+ if (tag_value < 31)
+ {
+ /* short form */
+ ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F));
+ *ans_len = 1;
+ }
+ else
+ {
+ /* Long form */
+ ans[0] = (class & 0xE0) + 31;
+ k = 0;
+ while (tag_value)
+ {
+ temp[k++] = tag_value & 0x7F;
+ tag_value = tag_value >> 7;
+ }
+ *ans_len = k + 1;
+ while (k--)
+ ans[*ans_len - 1 - k] = temp[k] + 128;
+ ans[*ans_len - 1] -= 128;
+ }
+}
+
+/**
+ * asn1_octet_der:
+ * @str: OCTET string.
+ * @str_len: STR length (str[0]..str[str_len-1]).
+ * @der: string returned.
+ * @der_len: number of meaningful bytes of DER (der[0]..der[ans_len-1]).
+ *
+ * Creates the DER coding for an OCTET type (length included).
+ **/
+void
+asn1_octet_der (const unsigned char *str, int str_len,
+ unsigned char *der, int *der_len)
+{
+ int len_len;
+
+ if (der == NULL || str_len < 0)
+ return;
+ asn1_length_der (str_len, der, &len_len);
+ memcpy (der + len_len, str, str_len);
+ *der_len = str_len + len_len;
+}
+
+/******************************************************/
+/* Function : _asn1_time_der */
+/* Description: creates the DER coding for a TIME */
+/* type (length included). */
+/* Parameters: */
+/* str: TIME null-terminated string. */
+/* der: string returned. */
+/* der_len: number of meaningful bytes of DER */
+/* (der[0]..der[ans_len-1]). Initially it */
+/* if must store the lenght of DER. */
+/* Return: */
+/* ASN1_MEM_ERROR when DER isn't big enough */
+/* ASN1_SUCCESS otherwise */
+/******************************************************/
+static asn1_retCode
+_asn1_time_der (unsigned char *str, unsigned char *der, int *der_len)
+{
+ int len_len;
+ int max_len;
+
+ max_len = *der_len;
+
+ asn1_length_der (strlen (str), (max_len > 0) ? der : NULL, &len_len);
+
+ if ((len_len + (int) strlen (str)) <= max_len)
+ memcpy (der + len_len, str, strlen (str));
+ *der_len = len_len + strlen (str);
+
+ if ((*der_len) > max_len)
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+
+
+/*
+void
+_asn1_get_utctime_der(unsigned char *der,int *der_len,unsigned char *str)
+{
+ int len_len,str_len;
+ char temp[20];
+
+ if(str==NULL) return;
+ str_len=asn1_get_length_der(der,*der_len,&len_len);
+ if (str_len<0) return;
+ memcpy(temp,der+len_len,str_len);
+ *der_len=str_len+len_len;
+ switch(str_len){
+ case 11:
+ temp[10]=0;
+ strcat(temp,"00+0000");
+ break;
+ case 13:
+ temp[12]=0;
+ strcat(temp,"+0000");
+ break;
+ case 15:
+ temp[15]=0;
+ memmove(temp+12,temp+10,6);
+ temp[10]=temp[11]='0';
+ break;
+ case 17:
+ temp[17]=0;
+ break;
+ default:
+ return;
+ }
+ strcpy(str,temp);
+}
+*/
+
+/******************************************************/
+/* Function : _asn1_objectid_der */
+/* Description: creates the DER coding for an */
+/* OBJECT IDENTIFIER type (length included). */
+/* Parameters: */
+/* str: OBJECT IDENTIFIER null-terminated string. */
+/* der: string returned. */
+/* der_len: number of meaningful bytes of DER */
+/* (der[0]..der[ans_len-1]). Initially it */
+/* must store the length of DER. */
+/* Return: */
+/* ASN1_MEM_ERROR when DER isn't big enough */
+/* ASN1_SUCCESS otherwise */
+/******************************************************/
+static asn1_retCode
+_asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len)
+{
+ int len_len, counter, k, first, max_len;
+ char *temp, *n_end, *n_start;
+ unsigned char bit7;
+ unsigned long val, val1 = 0;
+
+ max_len = *der_len;
+
+ temp = (char *) _asn1_malloc (strlen (str) + 2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ strcpy (temp, str);
+ strcat (temp, ".");
+
+ counter = 0;
+ n_start = temp;
+ while ((n_end = strchr (n_start, '.')))
+ {
+ *n_end = 0;
+ val = strtoul (n_start, NULL, 10);
+ counter++;
+
+ if (counter == 1)
+ val1 = val;
+ else if (counter == 2)
+ {
+ if (max_len > 0)
+ der[0] = 40 * val1 + val;
+ *der_len = 1;
+ }
+ else
+ {
+ first = 0;
+ for (k = 4; k >= 0; k--)
+ {
+ bit7 = (val >> (k * 7)) & 0x7F;
+ if (bit7 || first || !k)
+ {
+ if (k)
+ bit7 |= 0x80;
+ if (max_len > (*der_len))
+ der[*der_len] = bit7;
+ (*der_len)++;
+ first = 1;
+ }
+ }
+
+ }
+ n_start = n_end + 1;
+ }
+
+ asn1_length_der (*der_len, NULL, &len_len);
+ if (max_len >= (*der_len + len_len))
+ {
+ memmove (der + len_len, der, *der_len);
+ asn1_length_der (*der_len, der, &len_len);
+ }
+ *der_len += len_len;
+
+ _asn1_free (temp);
+
+ if (max_len < (*der_len))
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+
+
+const char bit_mask[] = { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 };
+
+/**
+ * asn1_bit_der:
+ * @str: BIT string.
+ * @bit_len: number of meaningful bits in STR.
+ * @der: string returned.
+ * @der_len: number of meaningful bytes of DER
+ * (der[0]..der[ans_len-1]).
+ *
+ * Creates the DER coding for a BIT STRING type (length and pad
+ * included).
+ **/
+void
+asn1_bit_der (const unsigned char *str, int bit_len,
+ unsigned char *der, int *der_len)
+{
+ int len_len, len_byte, len_pad;
+
+ if (der == NULL)
+ return;
+ len_byte = bit_len >> 3;
+ len_pad = 8 - (bit_len & 7);
+ if (len_pad == 8)
+ len_pad = 0;
+ else
+ len_byte++;
+ asn1_length_der (len_byte + 1, der, &len_len);
+ der[len_len] = len_pad;
+ memcpy (der + len_len + 1, str, len_byte);
+ der[len_len + len_byte] &= bit_mask[len_pad];
+ *der_len = len_byte + len_len + 1;
+}
+
+
+/******************************************************/
+/* Function : _asn1_complete_explicit_tag */
+/* Description: add the length coding to the EXPLICIT */
+/* tags. */
+/* Parameters: */
+/* node: pointer to the tree element. */
+/* der: string with the DER coding of the whole tree*/
+/* counter: number of meaningful bytes of DER */
+/* (der[0]..der[*counter-1]). */
+/* max_len: size of der vector */
+/* Return: */
+/* ASN1_MEM_ERROR if der vector isn't big enough, */
+/* otherwise ASN1_SUCCESS. */
+/******************************************************/
+static asn1_retCode
+_asn1_complete_explicit_tag (ASN1_TYPE node, unsigned char *der,
+ int *counter, int *max_len)
+{
+ ASN1_TYPE p;
+ int is_tag_implicit, len2, len3;
+ unsigned char temp[SIZEOF_UNSIGNED_INT];
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG)
+ {
+ p = node->down;
+ /* When there are nested tags we must complete them reverse to
+ the order they were created. This is because completing a tag
+ modifies all data within it, including the incomplete tags
+ which store buffer positions -- simon@josefsson.org 2002-09-06
+ */
+ while (p->right)
+ p = p->right;
+ while (p && p != node->down->left)
+ {
+ if (type_field (p->type) == TYPE_TAG)
+ {
+ if (p->type & CONST_EXPLICIT)
+ {
+ len2 = strtol (p->name, NULL, 10);
+ _asn1_set_name (p, NULL);
+ asn1_length_der (*counter - len2, temp, &len3);
+ if (len3 <= (*max_len))
+ {
+ memmove (der + len2 + len3, der + len2,
+ *counter - len2);
+ memcpy (der + len2, temp, len3);
+ }
+ *max_len -= len3;
+ *counter += len3;
+ is_tag_implicit = 0;
+ }
+ else
+ { /* CONST_IMPLICIT */
+ if (!is_tag_implicit)
+ {
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->left;
+ }
+ }
+
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************/
+/* Function : _asn1_insert_tag_der */
+/* Description: creates the DER coding of tags of one */
+/* NODE. */
+/* Parameters: */
+/* node: pointer to the tree element. */
+/* der: string returned */
+/* counter: number of meaningful bytes of DER */
+/* (counter[0]..der[*counter-1]). */
+/* max_len: size of der vector */
+/* Return: */
+/* ASN1_GENERIC_ERROR if the type is unknown, */
+/* ASN1_MEM_ERROR if der vector isn't big enough, */
+/* otherwise ASN1_SUCCESS. */
+/******************************************************/
+static asn1_retCode
+_asn1_insert_tag_der (ASN1_TYPE node, unsigned char *der, int *counter,
+ int *max_len)
+{
+ ASN1_TYPE p;
+ int tag_len, is_tag_implicit;
+ unsigned char class, class_implicit = 0, temp[SIZEOF_UNSIGNED_INT * 3 + 1];
+ unsigned long tag_implicit = 0;
+ char tag_der[MAX_TAG_LEN];
+
+ is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG)
+ {
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == TYPE_TAG)
+ {
+ if (p->type & CONST_APPLICATION)
+ class = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class = ASN1_CLASS_PRIVATE;
+ else
+ class = ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT)
+ {
+ if (is_tag_implicit)
+ _asn1_tag_der (class_implicit, tag_implicit, tag_der,
+ &tag_len);
+ else
+ _asn1_tag_der (class | ASN1_CLASS_STRUCTURED,
+ strtoul (p->value, NULL, 10), tag_der,
+ &tag_len);
+
+ *max_len -= tag_len;
+ if (*max_len >= 0)
+ memcpy (der + *counter, tag_der, tag_len);
+ *counter += tag_len;
+
+ _asn1_ltostr (*counter, temp);
+ _asn1_set_name (p, temp);
+
+ is_tag_implicit = 0;
+ }
+ else
+ { /* CONST_IMPLICIT */
+ if (!is_tag_implicit)
+ {
+ if ((type_field (node->type) == TYPE_SEQUENCE) ||
+ (type_field (node->type) == TYPE_SEQUENCE_OF) ||
+ (type_field (node->type) == TYPE_SET) ||
+ (type_field (node->type) == TYPE_SET_OF))
+ class |= ASN1_CLASS_STRUCTURED;
+ class_implicit = class;
+ tag_implicit = strtoul (p->value, NULL, 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
+ }
+ }
+
+ if (is_tag_implicit)
+ {
+ _asn1_tag_der (class_implicit, tag_implicit, tag_der, &tag_len);
+ }
+ else
+ {
+ switch (type_field (node->type))
+ {
+ case TYPE_NULL:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_NULL, tag_der,
+ &tag_len);
+ break;
+ case TYPE_BOOLEAN:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BOOLEAN, tag_der,
+ &tag_len);
+ break;
+ case TYPE_INTEGER:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_INTEGER, tag_der,
+ &tag_len);
+ break;
+ case TYPE_ENUMERATED:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_ENUMERATED, tag_der,
+ &tag_len);
+ break;
+ case TYPE_OBJECT_ID:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OBJECT_ID, tag_der,
+ &tag_len);
+ break;
+ case TYPE_TIME:
+ if (node->type & CONST_UTC)
+ {
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_UTCTime, tag_der,
+ &tag_len);
+ }
+ else
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALIZEDTime,
+ tag_der, &tag_len);
+ break;
+ case TYPE_OCTET_STRING:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_OCTET_STRING, tag_der,
+ &tag_len);
+ break;
+ case TYPE_GENERALSTRING:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_GENERALSTRING,
+ tag_der, &tag_len);
+ break;
+ case TYPE_BIT_STRING:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL, ASN1_TAG_BIT_STRING, tag_der,
+ &tag_len);
+ break;
+ case TYPE_SEQUENCE:
+ case TYPE_SEQUENCE_OF:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ ASN1_TAG_SEQUENCE, tag_der, &tag_len);
+ break;
+ case TYPE_SET:
+ case TYPE_SET_OF:
+ _asn1_tag_der (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED,
+ ASN1_TAG_SET, tag_der, &tag_len);
+ break;
+ case TYPE_TAG:
+ tag_len = 0;
+ break;
+ case TYPE_CHOICE:
+ tag_len = 0;
+ break;
+ case TYPE_ANY:
+ tag_len = 0;
+ break;
+ default:
+ return ASN1_GENERIC_ERROR;
+ }
+ }
+
+ *max_len -= tag_len;
+ if (*max_len >= 0)
+ memcpy (der + *counter, tag_der, tag_len);
+ *counter += tag_len;
+
+ if (*max_len < 0)
+ return ASN1_MEM_ERROR;
+
+ return ASN1_SUCCESS;
+}
+
+/******************************************************/
+/* Function : _asn1_ordering_set */
+/* Description: puts the elements of a SET type in */
+/* the correct order according to DER rules. */
+/* Parameters: */
+/* der: string with the DER coding. */
+/* node: pointer to the SET element. */
+/* Return: */
+/******************************************************/
+static void
+_asn1_ordering_set (unsigned char *der, int der_len, ASN1_TYPE node)
+{
+ struct vet
+ {
+ int end;
+ unsigned long value;
+ struct vet *next, *prev;
+ };
+
+ int counter, len, len2;
+ struct vet *first, *last, *p_vet, *p2_vet;
+ ASN1_TYPE p;
+ unsigned char class, *temp;
+ unsigned long tag;
+
+ counter = 0;
+
+ if (type_field (node->type) != TYPE_SET)
+ return;
+
+ p = node->down;
+ while ((type_field (p->type) == TYPE_TAG)
+ || (type_field (p->type) == TYPE_SIZE))
+ p = p->right;
+
+ if ((p == NULL) || (p->right == NULL))
+ return;
+
+ first = last = NULL;
+ while (p)
+ {
+ p_vet = (struct vet *) _asn1_malloc (sizeof (struct vet));
+ if (p_vet == NULL)
+ return;
+
+ p_vet->next = NULL;
+ p_vet->prev = last;
+ if (first == NULL)
+ first = p_vet;
+ else
+ last->next = p_vet;
+ last = p_vet;
+
+ /* tag value calculation */
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return;
+ p_vet->value = (class << 24) | tag;
+ counter += len2;
+
+ /* extraction and length */
+ len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
+ if (len2 < 0)
+ return;
+ counter += len + len2;
+
+ p_vet->end = counter;
+ p = p->right;
+ }
+
+ p_vet = first;
+
+ while (p_vet)
+ {
+ p2_vet = p_vet->next;
+ counter = 0;
+ while (p2_vet)
+ {
+ if (p_vet->value > p2_vet->value)
+ {
+ /* change position */
+ temp = (unsigned char *) _asn1_malloc (p_vet->end - counter);
+ if (temp == NULL)
+ return;
+
+ memcpy (temp, der + counter, p_vet->end - counter);
+ memcpy (der + counter, der + p_vet->end,
+ p2_vet->end - p_vet->end);
+ memcpy (der + counter + p2_vet->end - p_vet->end, temp,
+ p_vet->end - counter);
+ _asn1_free (temp);
+
+ tag = p_vet->value;
+ p_vet->value = p2_vet->value;
+ p2_vet->value = tag;
+
+ p_vet->end = counter + (p2_vet->end - p_vet->end);
+ }
+ counter = p_vet->end;
+
+ p2_vet = p2_vet->next;
+ p_vet = p_vet->next;
+ }
+
+ if (p_vet != first)
+ p_vet->prev->next = NULL;
+ else
+ first = NULL;
+ _asn1_free (p_vet);
+ p_vet = first;
+ }
+}
+
+/******************************************************/
+/* Function : _asn1_ordering_set_of */
+/* Description: puts the elements of a SET OF type in */
+/* the correct order according to DER rules. */
+/* Parameters: */
+/* der: string with the DER coding. */
+/* node: pointer to the SET OF element. */
+/* Return: */
+/******************************************************/
+static void
+_asn1_ordering_set_of (unsigned char *der, int der_len, ASN1_TYPE node)
+{
+ struct vet
+ {
+ int end;
+ struct vet *next, *prev;
+ };
+
+ int counter, len, len2, change;
+ struct vet *first, *last, *p_vet, *p2_vet;
+ ASN1_TYPE p;
+ unsigned char *temp, class;
+ unsigned long k, max;
+
+ counter = 0;
+
+ if (type_field (node->type) != TYPE_SET_OF)
+ return;
+
+ p = node->down;
+ while ((type_field (p->type) == TYPE_TAG)
+ || (type_field (p->type) == TYPE_SIZE))
+ p = p->right;
+ p = p->right;
+
+ if ((p == NULL) || (p->right == NULL))
+ return;
+
+ first = last = NULL;
+ while (p)
+ {
+ p_vet = (struct vet *) _asn1_malloc (sizeof (struct vet));
+ if (p_vet == NULL)
+ return;
+
+ p_vet->next = NULL;
+ p_vet->prev = last;
+ if (first == NULL)
+ first = p_vet;
+ else
+ last->next = p_vet;
+ last = p_vet;
+
+ /* extraction of tag and length */
+ if (der_len - counter > 0)
+ {
+
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len,
+ NULL) != ASN1_SUCCESS)
+ return;
+ counter += len;
+
+ len2 = asn1_get_length_der (der + counter, der_len - counter, &len);
+ if (len2 < 0)
+ return;
+ counter += len + len2;
+ }
+
+ p_vet->end = counter;
+ p = p->right;
+ }
+
+ p_vet = first;
+
+ while (p_vet)
+ {
+ p2_vet = p_vet->next;
+ counter = 0;
+ while (p2_vet)
+ {
+ if ((p_vet->end - counter) > (p2_vet->end - p_vet->end))
+ max = p_vet->end - counter;
+ else
+ max = p2_vet->end - p_vet->end;
+
+ change = -1;
+ for (k = 0; k < max; k++)
+ if (der[counter + k] > der[p_vet->end + k])
+ {
+ change = 1;
+ break;
+ }
+ else if (der[counter + k] < der[p_vet->end + k])
+ {
+ change = 0;
+ break;
+ }
+
+ if ((change == -1)
+ && ((p_vet->end - counter) > (p2_vet->end - p_vet->end)))
+ change = 1;
+
+ if (change == 1)
+ {
+ /* change position */
+ temp = (unsigned char *) _asn1_malloc (p_vet->end - counter);
+ if (temp == NULL)
+ return;
+
+ memcpy (temp, der + counter, (p_vet->end) - counter);
+ memcpy (der + counter, der + (p_vet->end),
+ (p2_vet->end) - (p_vet->end));
+ memcpy (der + counter + (p2_vet->end) - (p_vet->end), temp,
+ (p_vet->end) - counter);
+ _asn1_free (temp);
+
+ p_vet->end = counter + (p2_vet->end - p_vet->end);
+ }
+ counter = p_vet->end;
+
+ p2_vet = p2_vet->next;
+ p_vet = p_vet->next;
+ }
+
+ if (p_vet != first)
+ p_vet->prev->next = NULL;
+ else
+ first = NULL;
+ _asn1_free (p_vet);
+ p_vet = first;
+ }
+}
+
+/**
+ * asn1_der_coding:
+ * @element: pointer to an ASN1 element
+ * @name: the name of the structure you want to encode (it must be
+ * inside *POINTER).
+ * @ider: vector that will contain the DER encoding. DER must be a
+ * pointer to memory cells already allocated.
+ * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy
+ * holds the sizeof of der vector.
+ * @errorDescription : return the error description or an empty
+ * string if success.
+ *
+ * Creates the DER encoding for the NAME structure (inside *POINTER
+ * structure).
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: DER encoding OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element.
+ *
+ * %ASN1_VALUE_NOT_FOUND: There is an element without a value.
+ *
+ * %ASN1_MEM_ERROR: @ider vector isn't big enough. Also in this case
+ * LEN will contain the length needed.
+ **/
+asn1_retCode
+asn1_der_coding (ASN1_TYPE element, const char *name, void *ider, int *len,
+ char *ErrorDescription)
+{
+ ASN1_TYPE node, p, p2;
+ char temp[SIZEOF_UNSIGNED_LONG_INT * 3 + 1];
+ int counter, counter_old, len2, len3, tlen, move, max_len, max_len_old;
+ asn1_retCode err;
+ unsigned char *der = ider;
+
+ node = asn1_find_node (element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ /* Node is now a locally allocated variable.
+ * That is because in some point we modify the
+ * structure, and I don't know why! --nmav
+ */
+ node = _asn1_copy_structure3 (node);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ max_len = *len;
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1)
+ {
+
+ counter_old = counter;
+ max_len_old = max_len;
+ if (move != UP)
+ {
+ err = _asn1_insert_tag_der (p, der, &counter, &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+ }
+ switch (type_field (p->type))
+ {
+ case TYPE_NULL:
+ max_len--;
+ if (max_len >= 0)
+ der[counter] = 0;
+ counter++;
+ move = RIGHT;
+ break;
+ case TYPE_BOOLEAN:
+ if ((p->type & CONST_DEFAULT) && (p->value == NULL))
+ {
+ counter = counter_old;
+ max_len = max_len_old;
+ }
+ else
+ {
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ max_len -= 2;
+ if (max_len >= 0)
+ {
+ der[counter++] = 1;
+ if (p->value[0] == 'F')
+ der[counter++] = 0;
+ else
+ der[counter++] = 0xFF;
+ }
+ else
+ counter += 2;
+ }
+ move = RIGHT;
+ break;
+ case TYPE_INTEGER:
+ case TYPE_ENUMERATED:
+ if ((p->type & CONST_DEFAULT) && (p->value == NULL))
+ {
+ counter = counter_old;
+ max_len = max_len_old;
+ }
+ else
+ {
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy (der + counter, p->value, len3 + len2);
+ counter += len3 + len2;
+ }
+ move = RIGHT;
+ break;
+ case TYPE_OBJECT_ID:
+ if ((p->type & CONST_DEFAULT) && (p->value == NULL))
+ {
+ counter = counter_old;
+ max_len = max_len_old;
+ }
+ else
+ {
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p,
+ ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err = _asn1_objectid_der (p->value, der + counter, &len2);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ }
+ move = RIGHT;
+ break;
+ case TYPE_TIME:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = max_len;
+ err = _asn1_time_der (p->value, der + counter, &len2);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+
+ max_len -= len2;
+ counter += len2;
+ move = RIGHT;
+ break;
+ case TYPE_OCTET_STRING:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy (der + counter, p->value, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_GENERALSTRING:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy (der + counter, p->value, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_BIT_STRING:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2 + len3;
+ if (max_len >= 0)
+ memcpy (der + counter, p->value, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_SEQUENCE:
+ case TYPE_SET:
+ if (move != UP)
+ {
+ _asn1_ltostr (counter, temp);
+ tlen = strlen (temp);
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ if (p->down == NULL)
+ {
+ move = UP;
+ continue;
+ }
+ else
+ {
+ p2 = p->down;
+ while (p2 && (type_field (p2->type) == TYPE_TAG))
+ p2 = p2->right;
+ if (p2)
+ {
+ p = p2;
+ move = RIGHT;
+ continue;
+ }
+ move = UP;
+ continue;
+ }
+ }
+ else
+ { /* move==UP */
+ len2 = strtol (p->value, NULL, 10);
+ _asn1_set_value (p, NULL, 0);
+ if ((type_field (p->type) == TYPE_SET) && (max_len >= 0))
+ _asn1_ordering_set (der + len2, max_len - len2, p);
+ asn1_length_der (counter - len2, temp, &len3);
+ max_len -= len3;
+ if (max_len >= 0)
+ {
+ memmove (der + len2 + len3, der + len2, counter - len2);
+ memcpy (der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case TYPE_SEQUENCE_OF:
+ case TYPE_SET_OF:
+ if (move != UP)
+ {
+ _asn1_ltostr (counter, temp);
+ tlen = strlen (temp);
+
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ p = p->down;
+ while ((type_field (p->type) == TYPE_TAG)
+ || (type_field (p->type) == TYPE_SIZE))
+ p = p->right;
+ if (p->right)
+ {
+ p = p->right;
+ move = RIGHT;
+ continue;
+ }
+ else
+ p = _asn1_find_up (p);
+ move = UP;
+ }
+ if (move == UP)
+ {
+ len2 = strtol (p->value, NULL, 10);
+ _asn1_set_value (p, NULL, 0);
+ if ((type_field (p->type) == TYPE_SET_OF)
+ && (max_len - len2 > 0))
+ {
+ _asn1_ordering_set_of (der + len2, max_len - len2, p);
+ }
+ asn1_length_der (counter - len2, temp, &len3);
+ max_len -= len3;
+ if (max_len >= 0)
+ {
+ memmove (der + len2 + len3, der + len2, counter - len2);
+ memcpy (der + len2, temp, len3);
+ }
+ counter += len3;
+ move = RIGHT;
+ }
+ break;
+ case TYPE_ANY:
+ if (p->value == NULL)
+ {
+ _asn1_error_description_value_not_found (p, ErrorDescription);
+ err = ASN1_VALUE_NOT_FOUND;
+ goto error;
+ }
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ if (len2 < 0)
+ {
+ err = ASN1_DER_ERROR;
+ goto error;
+ }
+ max_len -= len2;
+ if (max_len >= 0)
+ memcpy (der + counter, p->value + len3, len2);
+ counter += len2;
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
+
+ if ((move != DOWN) && (counter != counter_old))
+ {
+ err = _asn1_complete_explicit_tag (p, der, &counter, &max_len);
+ if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR)
+ goto error;
+ }
+
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ *len = counter;
+
+ if (max_len < 0)
+ {
+ err = ASN1_MEM_ERROR;
+ goto error;
+ }
+
+ err = ASN1_SUCCESS;
+
+error:
+ asn1_delete_structure (&node);
+ return err;
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2004, 2006, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+
+/*****************************************************/
+/* File: decoding.c */
+/* Description: Functions to manage DER decoding */
+/*****************************************************/
+
+#include <int.h>
+#include "parser_aux.h"
+#include <gstr.h>
+#include "structure.h"
+#include "element.h"
+
+static asn1_retCode
+_asn1_get_indefinite_length_string (const unsigned char *der, int *len);
+
+static void
+_asn1_error_description_tag_error (ASN1_TYPE node, char *ErrorDescription)
+{
+
+ Estrcpy (ErrorDescription, ":: tag error near element '");
+ _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription),
+ ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40);
+ Estrcat (ErrorDescription, "'");
+
+}
+
+/**
+ * asn1_get_length_der:
+ * @der: DER data to decode.
+ * @der_len: Length of DER data to decode.
+ * @len: Output variable containing the length of the DER length field.
+ *
+ * Extract a length field from DER data.
+ *
+ * Returns: Return the decoded length value, or -1 on indefinite
+ * length, or -2 when the value was too big.
+ **/
+signed long
+asn1_get_length_der (const unsigned char *der, int der_len, int *len)
+{
+ unsigned long ans;
+ int k, punt;
+
+ *len = 0;
+ if (der_len <= 0)
+ return 0;
+
+ if (!(der[0] & 128))
+ {
+ /* short form */
+ *len = 1;
+ return der[0];
+ }
+ else
+ {
+ /* Long form */
+ k = der[0] & 0x7F;
+ punt = 1;
+ if (k)
+ { /* definite length method */
+ ans = 0;
+ while (punt <= k && punt < der_len)
+ {
+ unsigned long last = ans;
+
+ ans = ans * 256 + der[punt++];
+ if (ans < last)
+ /* we wrapped around, no bignum support... */
+ return -2;
+ }
+ }
+ else
+ { /* indefinite length method */
+ ans = -1;
+ }
+
+ *len = punt;
+ return ans;
+ }
+}
+
+/**
+ * asn1_get_tag_der:
+ * @der: DER data to decode.
+ * @der_len: Length of DER data to decode.
+ * @cls: Output variable containing decoded class.
+ * @len: Output variable containing the length of the DER TAG data.
+ * @tag: Output variable containing the decoded tag.
+ *
+ * Decode the class and TAG from DER code.
+ *
+ * Returns: Returns %ASN1_SUCCESS on success, or an error.
+ **/
+int
+asn1_get_tag_der (const unsigned char *der, int der_len,
+ unsigned char *cls, int *len, unsigned long *tag)
+{
+ int punt, ris;
+
+ if (der == NULL || der_len < 2 || len == NULL)
+ return ASN1_DER_ERROR;
+
+ *cls = der[0] & 0xE0;
+ if ((der[0] & 0x1F) != 0x1F)
+ {
+ /* short form */
+ *len = 1;
+ ris = der[0] & 0x1F;
+ }
+ else
+ {
+ /* Long form */
+ punt = 1;
+ ris = 0;
+ while (punt <= der_len && der[punt] & 128)
+ {
+ int last = ris;
+ ris = ris * 128 + (der[punt++] & 0x7F);
+ if (ris < last)
+ /* wrapper around, and no bignums... */
+ return ASN1_DER_ERROR;
+ }
+ if (punt >= der_len)
+ return ASN1_DER_ERROR;
+ {
+ int last = ris;
+ ris = ris * 128 + (der[punt++] & 0x7F);
+ if (ris < last)
+ /* wrapper around, and no bignums... */
+ return ASN1_DER_ERROR;
+ }
+ *len = punt;
+ }
+ if (tag)
+ *tag = ris;
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_get_length_ber:
+ * @ber: BER data to decode.
+ * @ber_len: Length of BER data to decode.
+ * @len: Output variable containing the length of the BER length field.
+ *
+ * Extract a length field from BER data. The difference to
+ * asn1_get_length_der() is that this function will return a length
+ * even if the value has indefinite encoding.
+ *
+ * Returns: Return the decoded length value, or negative value when
+ * the value was too big.
+ *
+ * Since: 2.0
+ **/
+signed long
+asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len)
+{
+ int ret;
+ long err;
+
+ ret = asn1_get_length_der (ber, ber_len, len);
+ if (ret == -1)
+ { /* indefinite length method */
+ ret = ber_len;
+ err = _asn1_get_indefinite_length_string (ber + 1, &ret);
+ if (err != ASN1_SUCCESS)
+ return -3;
+ }
+
+ return ret;
+}
+
+/**
+ * asn1_get_octet_der:
+ * @der: DER data to decode containing the OCTET SEQUENCE.
+ * @der_len: Length of DER data to decode.
+ * @ret_len: Output variable containing the length of the DER data.
+ * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in.
+ * @str_size: Length of pre-allocated output buffer.
+ * @str_len: Output variable containing the length of the OCTET SEQUENCE.
+ *
+ * Extract an OCTET SEQUENCE from DER data.
+ *
+ * Returns: Returns %ASN1_SUCCESS on success, or an error.
+ **/
+int
+asn1_get_octet_der (const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *str_len)
+{
+ int len_len;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ /* if(str==NULL) return ASN1_SUCCESS; */
+ *str_len = asn1_get_length_der (der, der_len, &len_len);
+
+ if (*str_len < 0)
+ return ASN1_DER_ERROR;
+
+ *ret_len = *str_len + len_len;
+ if (str_size >= *str_len)
+ memcpy (str, der + len_len, *str_len);
+ else
+ {
+ return ASN1_MEM_ERROR;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+/* Returns ASN1_SUCCESS on success or an error code on error.
+ */
+static int
+_asn1_get_time_der (const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size)
+{
+ int len_len, str_len;
+
+ if (der_len <= 0 || str == NULL)
+ return ASN1_DER_ERROR;
+ str_len = asn1_get_length_der (der, der_len, &len_len);
+ if (str_len < 0 || str_size < str_len)
+ return ASN1_DER_ERROR;
+ memcpy (str, der + len_len, str_len);
+ str[str_len] = 0;
+ *ret_len = str_len + len_len;
+
+ return ASN1_SUCCESS;
+}
+
+static int
+_asn1_get_objectid_der (const unsigned char *der, int der_len, int *ret_len,
+ char *str, int str_size)
+{
+ int len_len, len, k;
+ int leading;
+ char temp[20];
+ unsigned long val, val1, prev_val;
+
+ *ret_len = 0;
+ if (str && str_size > 0)
+ str[0] = 0; /* no oid */
+
+ if (str == NULL || der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+ len = asn1_get_length_der (der, der_len, &len_len);
+
+ if (len < 0 || len > der_len || len_len > der_len)
+ return ASN1_DER_ERROR;
+
+ val1 = der[len_len] / 40;
+ val = der[len_len] - val1 * 40;
+
+ _asn1_str_cpy (str, str_size, _asn1_ltostr (val1, temp));
+ _asn1_str_cat (str, str_size, ".");
+ _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp));
+
+ prev_val = 0;
+ val = 0;
+ leading = 1;
+ for (k = 1; k < len; k++)
+ {
+ /* X.690 mandates that the leading byte must never be 0x80
+ */
+ if (leading != 0 && der[len_len + k] == 0x80)
+ return ASN1_DER_ERROR;
+ leading = 0;
+
+ /* check for wrap around */
+ val = val << 7;
+ val |= der[len_len + k] & 0x7F;
+
+ if (val < prev_val)
+ return ASN1_DER_ERROR;
+
+ prev_val = val;
+
+ if (!(der[len_len + k] & 0x80))
+ {
+ _asn1_str_cat (str, str_size, ".");
+ _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp));
+ val = 0;
+ prev_val = 0;
+ leading = 1;
+ }
+ }
+ *ret_len = len + len_len;
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_get_bit_der:
+ * @der: DER data to decode containing the BIT SEQUENCE.
+ * @der_len: Length of DER data to decode.
+ * @ret_len: Output variable containing the length of the DER data.
+ * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in.
+ * @str_size: Length of pre-allocated output buffer.
+ * @bit_len: Output variable containing the size of the BIT SEQUENCE.
+ *
+ * Extract a BIT SEQUENCE from DER data.
+ *
+ * Returns: Return %ASN1_SUCCESS on success, or an error.
+ **/
+int
+asn1_get_bit_der (const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str, int str_size,
+ int *bit_len)
+{
+ int len_len, len_byte;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+ len_byte = asn1_get_length_der (der, der_len, &len_len) - 1;
+ if (len_byte < 0)
+ return ASN1_DER_ERROR;
+
+ *ret_len = len_byte + len_len + 1;
+ *bit_len = len_byte * 8 - der[len_len];
+
+ if (str_size >= len_byte)
+ memcpy (str, der + len_len + 1, len_byte);
+ else
+ {
+ return ASN1_MEM_ERROR;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+static int
+_asn1_extract_tag_der (ASN1_TYPE node, const unsigned char *der, int der_len,
+ int *ret_len)
+{
+ ASN1_TYPE p;
+ int counter, len2, len3, is_tag_implicit;
+ unsigned long tag, tag_implicit = 0;
+ unsigned char class, class2, class_implicit = 0;
+
+ if (der_len <= 0)
+ return ASN1_GENERIC_ERROR;
+
+ counter = is_tag_implicit = 0;
+
+ if (node->type & CONST_TAG)
+ {
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == TYPE_TAG)
+ {
+ if (p->type & CONST_APPLICATION)
+ class2 = ASN1_CLASS_APPLICATION;
+ else if (p->type & CONST_UNIVERSAL)
+ class2 = ASN1_CLASS_UNIVERSAL;
+ else if (p->type & CONST_PRIVATE)
+ class2 = ASN1_CLASS_PRIVATE;
+ else
+ class2 = ASN1_CLASS_CONTEXT_SPECIFIC;
+
+ if (p->type & CONST_EXPLICIT)
+ {
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
+ counter += len2;
+
+ len3 =
+ asn1_get_length_ber (der + counter, der_len - counter,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+
+ counter += len2;
+ if (counter > der_len)
+ return ASN1_DER_ERROR;
+
+ if (!is_tag_implicit)
+ {
+ if ((class != (class2 | ASN1_CLASS_STRUCTURED)) ||
+ (tag != strtoul ((char *) p->value, NULL, 10)))
+ return ASN1_TAG_ERROR;
+ }
+ else
+ { /* ASN1_TAG_IMPLICIT */
+ if ((class != class_implicit) || (tag != tag_implicit))
+ return ASN1_TAG_ERROR;
+ }
+ is_tag_implicit = 0;
+ }
+ else
+ { /* ASN1_TAG_IMPLICIT */
+ if (!is_tag_implicit)
+ {
+ if ((type_field (node->type) == TYPE_SEQUENCE) ||
+ (type_field (node->type) == TYPE_SEQUENCE_OF) ||
+ (type_field (node->type) == TYPE_SET) ||
+ (type_field (node->type) == TYPE_SET_OF))
+ class2 |= ASN1_CLASS_STRUCTURED;
+ class_implicit = class2;
+ tag_implicit = strtoul ((char *) p->value, NULL, 10);
+ is_tag_implicit = 1;
+ }
+ }
+ }
+ p = p->right;
+ }
+ }
+
+ if (is_tag_implicit)
+ {
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
+
+ if ((class != class_implicit) || (tag != tag_implicit))
+ {
+ if (type_field (node->type) == TYPE_OCTET_STRING)
+ {
+ class_implicit |= ASN1_CLASS_STRUCTURED;
+ if ((class != class_implicit) || (tag != tag_implicit))
+ return ASN1_TAG_ERROR;
+ }
+ else
+ return ASN1_TAG_ERROR;
+ }
+ }
+ else
+ {
+ if (type_field (node->type) == TYPE_TAG)
+ {
+ counter = 0;
+ *ret_len = counter;
+ return ASN1_SUCCESS;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, der_len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+
+ if (counter + len2 > der_len)
+ return ASN1_DER_ERROR;
+
+ switch (type_field (node->type))
+ {
+ case TYPE_NULL:
+ if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_NULL))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_BOOLEAN:
+ if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BOOLEAN))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_INTEGER:
+ if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_INTEGER))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_ENUMERATED:
+ if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_ENUMERATED))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_OBJECT_ID:
+ if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_OBJECT_ID))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_TIME:
+ if (node->type & CONST_UTC)
+ {
+ if ((class != ASN1_CLASS_UNIVERSAL)
+ || (tag != ASN1_TAG_UTCTime))
+ return ASN1_DER_ERROR;
+ }
+ else
+ {
+ if ((class != ASN1_CLASS_UNIVERSAL)
+ || (tag != ASN1_TAG_GENERALIZEDTime))
+ return ASN1_DER_ERROR;
+ }
+ break;
+ case TYPE_OCTET_STRING:
+ if (((class != ASN1_CLASS_UNIVERSAL)
+ && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED)))
+ || (tag != ASN1_TAG_OCTET_STRING))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_GENERALSTRING:
+ if ((class != ASN1_CLASS_UNIVERSAL)
+ || (tag != ASN1_TAG_GENERALSTRING))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_BIT_STRING:
+ if ((class != ASN1_CLASS_UNIVERSAL) || (tag != ASN1_TAG_BIT_STRING))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_SEQUENCE:
+ case TYPE_SEQUENCE_OF:
+ if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))
+ || (tag != ASN1_TAG_SEQUENCE))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_SET:
+ case TYPE_SET_OF:
+ if ((class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))
+ || (tag != ASN1_TAG_SET))
+ return ASN1_DER_ERROR;
+ break;
+ case TYPE_ANY:
+ counter -= len2;
+ break;
+ default:
+ return ASN1_DER_ERROR;
+ break;
+ }
+ }
+
+ counter += len2;
+ *ret_len = counter;
+ return ASN1_SUCCESS;
+}
+
+static int
+_asn1_delete_not_used (ASN1_TYPE node)
+{
+ ASN1_TYPE p, p2;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if (p->type & CONST_NOT_USED)
+ {
+ p2 = NULL;
+ if (p != node)
+ {
+ p2 = _asn1_find_left (p);
+ if (!p2)
+ p2 = _asn1_find_up (p);
+ }
+ asn1_delete_structure (&p);
+ p = p2;
+ }
+
+ if (!p)
+ break; /* reach node */
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else
+ {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+ }
+ return ASN1_SUCCESS;
+}
+
+static asn1_retCode
+_asn1_extract_der_octet (ASN1_TYPE node, const unsigned char *der,
+ int der_len)
+{
+ int len2, len3;
+ int counter2, counter_end;
+
+ len2 = asn1_get_length_der (der, der_len, &len3);
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
+
+ counter2 = len3 + 1;
+
+ if (len2 == -1)
+ counter_end = der_len - 2;
+ else
+ counter_end = der_len;
+
+ while (counter2 < counter_end)
+ {
+ len2 = asn1_get_length_der (der + counter2, der_len - counter2, &len3);
+
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
+
+ if (len2 > 0)
+ {
+ _asn1_append_value (node, der + counter2 + len3, len2);
+ }
+ else
+ { /* indefinite */
+
+ len2 =
+ _asn1_extract_der_octet (node, der + counter2 + len3,
+ der_len - counter2 - len3);
+ if (len2 < 0)
+ return len2;
+ }
+
+ counter2 += len2 + len3 + 1;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+static asn1_retCode
+_asn1_get_octet_string (const unsigned char *der, ASN1_TYPE node, int *len)
+{
+ int len2, len3, counter, tot_len, indefinite;
+
+ counter = 0;
+
+ if (*(der - 1) & ASN1_CLASS_STRUCTURED)
+ {
+ tot_len = 0;
+ indefinite = asn1_get_length_der (der, *len, &len3);
+ if (indefinite < -1)
+ return ASN1_DER_ERROR;
+
+ counter += len3;
+ if (indefinite >= 0)
+ indefinite += len3;
+
+ while (1)
+ {
+ if (counter > (*len))
+ return ASN1_DER_ERROR;
+
+ if (indefinite == -1)
+ {
+ if ((der[counter] == 0) && (der[counter + 1] == 0))
+ {
+ counter += 2;
+ break;
+ }
+ }
+ else if (counter >= indefinite)
+ break;
+
+ if (der[counter] != ASN1_TAG_OCTET_STRING)
+ return ASN1_DER_ERROR;
+
+ counter++;
+
+ len2 = asn1_get_length_der (der + counter, *len - counter, &len3);
+ if (len2 <= 0)
+ return ASN1_DER_ERROR;
+
+ counter += len3 + len2;
+ tot_len += len2;
+ }
+
+ /* copy */
+ if (node)
+ {
+ unsigned char temp[DER_LEN];
+ int ret;
+
+ len2 = sizeof (temp);
+
+ asn1_length_der (tot_len, temp, &len2);
+ _asn1_set_value (node, temp, len2);
+
+ tot_len += len2;
+
+ ret = _asn1_extract_der_octet (node, der, *len);
+ if (ret != ASN1_SUCCESS)
+ return ret;
+
+ }
+ }
+ else
+ { /* NOT STRUCTURED */
+ len2 = asn1_get_length_der (der, *len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ if (len3 + len2 > *len)
+ return ASN1_DER_ERROR;
+ if (node)
+ _asn1_set_value (node, der, len3 + len2);
+ counter = len3 + len2;
+ }
+
+ *len = counter;
+ return ASN1_SUCCESS;
+
+}
+
+static asn1_retCode
+_asn1_get_indefinite_length_string (const unsigned char *der, int *len)
+{
+ int len2, len3, counter, indefinite;
+ unsigned long tag;
+ unsigned char class;
+
+ counter = indefinite = 0;
+
+ while (1)
+ {
+ if ((*len) < counter)
+ return ASN1_DER_ERROR;
+
+ if ((der[counter] == 0) && (der[counter + 1] == 0))
+ {
+ counter += 2;
+ indefinite--;
+ if (indefinite <= 0)
+ break;
+ else
+ continue;
+ }
+
+ if (asn1_get_tag_der
+ (der + counter, *len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > *len)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ len2 = asn1_get_length_der (der + counter, *len - counter, &len3);
+ if (len2 < -1)
+ return ASN1_DER_ERROR;
+ if (len2 == -1)
+ {
+ indefinite++;
+ counter += 1;
+ }
+ else
+ {
+ counter += len2 + len3;
+ }
+ }
+
+ *len = counter;
+ return ASN1_SUCCESS;
+
+}
+
+/**
+ * asn1_der_decoding:
+ * @element: pointer to an ASN1 structure.
+ * @ider: vector that contains the DER encoding.
+ * @len: number of bytes of *@ider: @ider[0]..@ider[len-1].
+ * @errorDescription: null-terminated string contains details when an
+ * error occurred.
+ *
+ * Fill the structure *@ELEMENT with values of a DER encoding
+ * string. The structure must just be created with function
+ * asn1_create_element(). If an error occurs during the decoding
+ * procedure, the *@ELEMENT is deleted and set equal to
+ * %ASN1_TYPE_EMPTY.
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if @ELEMENT is %ASN1_TYPE_EMPTY, and %ASN1_TAG_ERROR or
+ * %ASN1_DER_ERROR if the der encoding doesn't match the structure
+ * name (*@ELEMENT deleted).
+ **/
+asn1_retCode
+asn1_der_decoding (ASN1_TYPE * element, const void *ider, int len,
+ char *errorDescription)
+{
+ ASN1_TYPE node, p, p2, p3;
+ char temp[128];
+ int counter, len2, len3, len4, move, ris, tlen;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite, result;
+ const unsigned char *der = ider;
+
+ node = *element;
+
+ if (node == ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (node->type & CONST_OPTION)
+ {
+ asn1_delete_structure (element);
+ return ASN1_GENERIC_ERROR;
+ }
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1)
+ {
+ ris = ASN1_SUCCESS;
+ if (move != UP)
+ {
+ if (p->type & CONST_SET)
+ {
+ p2 = _asn1_find_up (p);
+ len2 = strtol (p2->value, NULL, 10);
+ if (len2 == -1)
+ {
+ if (!der[counter] && !der[counter + 1])
+ {
+ p = p2;
+ move = UP;
+ counter += 2;
+ continue;
+ }
+ }
+ else if (counter == len2)
+ {
+ p = p2;
+ move = UP;
+ continue;
+ }
+ else if (counter > len2)
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ p2 = p2->down;
+ while (p2)
+ {
+ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
+ {
+ if (type_field (p2->type) != TYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der (p2, der + counter,
+ len - counter, &len2);
+ else
+ {
+ p3 = p2->down;
+ while (p3)
+ {
+ ris =
+ _asn1_extract_tag_der (p3, der + counter,
+ len - counter, &len2);
+ if (ris == ASN1_SUCCESS)
+ break;
+ p3 = p3->right;
+ }
+ }
+ if (ris == ASN1_SUCCESS)
+ {
+ p2->type &= ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ }
+
+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
+ {
+ p2 = _asn1_find_up (p);
+ len2 = strtol (p2->value, NULL, 10);
+ if (counter == len2)
+ {
+ if (p->right)
+ {
+ p2 = p->right;
+ move = RIGHT;
+ }
+ else
+ move = UP;
+
+ if (p->type & CONST_OPTION)
+ asn1_delete_structure (&p);
+
+ p = p2;
+ continue;
+ }
+ }
+
+ if (type_field (p->type) == TYPE_CHOICE)
+ {
+ while (p->down)
+ {
+ if (counter < len)
+ ris =
+ _asn1_extract_tag_der (p->down, der + counter,
+ len - counter, &len2);
+ else
+ ris = ASN1_DER_ERROR;
+ if (ris == ASN1_SUCCESS)
+ {
+ while (p->down->right)
+ {
+ p2 = p->down->right;
+ asn1_delete_structure (&p2);
+ }
+ break;
+ }
+ else if (ris == ASN1_ERROR_TYPE_ANY)
+ {
+ asn1_delete_structure (element);
+ return ASN1_ERROR_TYPE_ANY;
+ }
+ else
+ {
+ p2 = p->down;
+ asn1_delete_structure (&p2);
+ }
+ }
+
+ if (p->down == NULL)
+ {
+ if (!(p->type & CONST_OPTION))
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ }
+ else
+ p = p->down;
+ }
+
+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
+ {
+ p2 = _asn1_find_up (p);
+ len2 = strtol (p2->value, NULL, 10);
+ if ((len2 != -1) && (counter > len2))
+ ris = ASN1_TAG_ERROR;
+ }
+
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ {
+ if (p->type & CONST_OPTION)
+ {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ }
+ else if (p->type & CONST_DEFAULT)
+ {
+ _asn1_set_value (p, NULL, 0);
+ move = RIGHT;
+ }
+ else
+ {
+ if (errorDescription != NULL)
+ _asn1_error_description_tag_error (p, errorDescription);
+
+ asn1_delete_structure (element);
+ return ASN1_TAG_ERROR;
+ }
+ }
+ else
+ counter += len2;
+ }
+
+ if (ris == ASN1_SUCCESS)
+ {
+ switch (type_field (p->type))
+ {
+ case TYPE_NULL:
+ if (der[counter])
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ counter++;
+ move = RIGHT;
+ break;
+ case TYPE_BOOLEAN:
+ if (der[counter++] != 1)
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ if (der[counter++] == 0)
+ _asn1_set_value (p, "F", 1);
+ else
+ _asn1_set_value (p, "T", 1);
+ move = RIGHT;
+ break;
+ case TYPE_INTEGER:
+ case TYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ if (len2 + len3 > len - counter)
+ return ASN1_DER_ERROR;
+ _asn1_set_value (p, der + counter, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_OBJECT_ID:
+ result =
+ _asn1_get_objectid_der (der + counter, len - counter, &len2,
+ temp, sizeof (temp));
+ if (result != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (element);
+ return result;
+ }
+
+ tlen = strlen (temp);
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ counter += len2;
+ move = RIGHT;
+ break;
+ case TYPE_TIME:
+ result =
+ _asn1_get_time_der (der + counter, len - counter, &len2, temp,
+ sizeof (temp) - 1);
+ if (result != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (element);
+ return result;
+ }
+ tlen = strlen (temp);
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ counter += len2;
+ move = RIGHT;
+ break;
+ case TYPE_OCTET_STRING:
+ len3 = len - counter;
+ ris = _asn1_get_octet_string (der + counter, p, &len3);
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len3;
+ move = RIGHT;
+ break;
+ case TYPE_GENERALSTRING:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ if (len3 + len2 > len - counter)
+ return ASN1_DER_ERROR;
+ _asn1_set_value (p, der + counter, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ if (len3 + len2 > len - counter)
+ return ASN1_DER_ERROR;
+ _asn1_set_value (p, der + counter, len3 + len2);
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_SEQUENCE:
+ case TYPE_SET:
+ if (move == UP)
+ {
+ len2 = strtol (p->value, NULL, 10);
+ _asn1_set_value (p, NULL, 0);
+ if (len2 == -1)
+ { /* indefinite length method */
+ if (len - counter + 1 > 0)
+ {
+ if ((der[counter]) || der[counter + 1])
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ }
+ else
+ return ASN1_DER_ERROR;
+ counter += 2;
+ }
+ else
+ { /* definite length method */
+ if (len2 != counter)
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ }
+ move = RIGHT;
+ }
+ else
+ { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der (der + counter, len - counter, &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if (len3 > 0)
+ {
+ _asn1_ltostr (counter + len3, temp);
+ tlen = strlen (temp);
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ move = DOWN;
+ }
+ else if (len3 == 0)
+ {
+ p2 = p->down;
+ while (p2)
+ {
+ if (type_field (p2->type) != TYPE_TAG)
+ {
+ p3 = p2->right;
+ asn1_delete_structure (&p2);
+ p2 = p3;
+ }
+ else
+ p2 = p2->right;
+ }
+ move = RIGHT;
+ }
+ else
+ { /* indefinite length method */
+ _asn1_set_value (p, "-1", 3);
+ move = DOWN;
+ }
+ }
+ break;
+ case TYPE_SEQUENCE_OF:
+ case TYPE_SET_OF:
+ if (move == UP)
+ {
+ len2 = strtol (p->value, NULL, 10);
+ if (len2 == -1)
+ { /* indefinite length method */
+ if ((counter + 2) > len)
+ return ASN1_DER_ERROR;
+ if ((der[counter]) || der[counter + 1])
+ {
+ _asn1_append_sequence_set (p);
+ p = p->down;
+ while (p->right)
+ p = p->right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value (p, NULL, 0);
+ counter += 2;
+ }
+ else
+ { /* definite length method */
+ if (len2 > counter)
+ {
+ _asn1_append_sequence_set (p);
+ p = p->down;
+ while (p->right)
+ p = p->right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value (p, NULL, 0);
+ if (len2 != counter)
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ }
+ }
+ else
+ { /* move==DOWN || move==RIGHT */
+ len3 =
+ asn1_get_length_der (der + counter, len - counter, &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if (len3)
+ {
+ if (len3 > 0)
+ { /* definite length method */
+ _asn1_ltostr (counter + len3, temp);
+ tlen = strlen (temp);
+
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ }
+ else
+ { /* indefinite length method */
+ _asn1_set_value (p, "-1", 3);
+ }
+ p2 = p->down;
+ while ((type_field (p2->type) == TYPE_TAG)
+ || (type_field (p2->type) == TYPE_SIZE))
+ p2 = p2->right;
+ if (p2->right == NULL)
+ _asn1_append_sequence_set (p);
+ p = p2;
+ }
+ }
+ move = RIGHT;
+ break;
+ case TYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > len)
+ return ASN1_DER_ERROR;
+ len4 =
+ asn1_get_length_der (der + counter + len2,
+ len - counter - len2, &len3);
+ if (len4 < -1)
+ return ASN1_DER_ERROR;
+ if (len4 > len - counter + len2 + len3)
+ return ASN1_DER_ERROR;
+ if (len4 != -1)
+ {
+ len2 += len4;
+ _asn1_set_value_octet (p, der + counter, len2 + len3);
+ counter += len2 + len3;
+ }
+ else
+ { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ ris =
+ _asn1_get_indefinite_length_string (der + counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (element);
+ return ris;
+ }
+
+ _asn1_set_value_octet (p, der + counter, len2);
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite)
+ {
+ if (!der[counter] && !der[counter + 1])
+ {
+ counter += 2;
+ }
+ else
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+ }
+ }
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
+ }
+
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+ if ((move == RIGHT) && !(p->type & CONST_SET))
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ _asn1_delete_not_used (*element);
+
+ if (counter != len)
+ {
+ asn1_delete_structure (element);
+ return ASN1_DER_ERROR;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+#define FOUND 1
+#define SAME_BRANCH 2
+#define OTHER_BRANCH 3
+#define EXIT 4
+
+/**
+ * asn1_der_decoding_element:
+ * @structure: pointer to an ASN1 structure
+ * @elementName: name of the element to fill
+ * @ider: vector that contains the DER encoding of the whole structure.
+ * @len: number of bytes of *der: der[0]..der[len-1]
+ * @errorDescription: null-terminated string contains details when an
+ * error occurred.
+ *
+ * Fill the element named @ELEMENTNAME with values of a DER encoding
+ * string. The structure must just be created with function
+ * asn1_create_element(). The DER vector must contain the encoding
+ * string of the whole @STRUCTURE. If an error occurs during the
+ * decoding procedure, the *@STRUCTURE is deleted and set equal to
+ * %ASN1_TYPE_EMPTY.
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if ELEMENT is %ASN1_TYPE_EMPTY or @elementName == NULL, and
+ * %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding doesn't
+ * match the structure @structure (*ELEMENT deleted).
+ **/
+asn1_retCode
+asn1_der_decoding_element (ASN1_TYPE * structure, const char *elementName,
+ const void *ider, int len, char *errorDescription)
+{
+ ASN1_TYPE node, p, p2, p3, nodeFound = ASN1_TYPE_EMPTY;
+ char temp[128], currentName[ASN1_MAX_NAME_SIZE * 10], *dot_p, *char_p;
+ int nameLen = ASN1_MAX_NAME_SIZE * 10 - 1, state;
+ int counter, len2, len3, len4, move, ris, tlen;
+ unsigned char class, *temp2;
+ unsigned long tag;
+ int indefinite, result;
+ const unsigned char *der = ider;
+
+ node = *structure;
+
+ if (node == ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (elementName == NULL)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ if (node->type & CONST_OPTION)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_GENERIC_ERROR;
+ }
+
+ if ((*structure)->name)
+ { /* Has *structure got a name? */
+ nameLen -= strlen ((*structure)->name);
+ if (nameLen > 0)
+ strcpy (currentName, (*structure)->name);
+ else
+ {
+ asn1_delete_structure (structure);
+ return ASN1_MEM_ERROR;
+ }
+ if (!(strcmp (currentName, elementName)))
+ {
+ state = FOUND;
+ nodeFound = *structure;
+ }
+ else if (!memcmp (currentName, elementName, strlen (currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ else
+ { /* *structure doesn't have a name? */
+ currentName[0] = 0;
+ if (elementName[0] == 0)
+ {
+ state = FOUND;
+ nodeFound = *structure;
+ }
+ else
+ {
+ state = SAME_BRANCH;
+ }
+ }
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1)
+ {
+
+ ris = ASN1_SUCCESS;
+
+ if (move != UP)
+ {
+ if (p->type & CONST_SET)
+ {
+ p2 = _asn1_find_up (p);
+ len2 = strtol (p2->value, NULL, 10);
+ if (counter == len2)
+ {
+ p = p2;
+ move = UP;
+ continue;
+ }
+ else if (counter > len2)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+ p2 = p2->down;
+ while (p2)
+ {
+ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
+ {
+ if (type_field (p2->type) != TYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der (p2, der + counter,
+ len - counter, &len2);
+ else
+ {
+ p3 = p2->down;
+ while (p3)
+ {
+ ris =
+ _asn1_extract_tag_der (p3, der + counter,
+ len - counter, &len2);
+ if (ris == ASN1_SUCCESS)
+ break;
+ p3 = p3->right;
+ }
+ }
+ if (ris == ASN1_SUCCESS)
+ {
+ p2->type &= ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+ }
+
+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
+ {
+ p2 = _asn1_find_up (p);
+ len2 = strtol (p2->value, NULL, 10);
+ if (counter == len2)
+ {
+ if (p->right)
+ {
+ p2 = p->right;
+ move = RIGHT;
+ }
+ else
+ move = UP;
+
+ if (p->type & CONST_OPTION)
+ asn1_delete_structure (&p);
+
+ p = p2;
+ continue;
+ }
+ }
+
+ if (type_field (p->type) == TYPE_CHOICE)
+ {
+ while (p->down)
+ {
+ if (counter < len)
+ ris =
+ _asn1_extract_tag_der (p->down, der + counter,
+ len - counter, &len2);
+ else
+ ris = ASN1_DER_ERROR;
+ if (ris == ASN1_SUCCESS)
+ {
+ while (p->down->right)
+ {
+ p2 = p->down->right;
+ asn1_delete_structure (&p2);
+ }
+ break;
+ }
+ else if (ris == ASN1_ERROR_TYPE_ANY)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_ERROR_TYPE_ANY;
+ }
+ else
+ {
+ p2 = p->down;
+ asn1_delete_structure (&p2);
+ }
+ }
+
+ if (p->down == NULL)
+ {
+ if (!(p->type & CONST_OPTION))
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+ }
+ else
+ p = p->down;
+ }
+
+ if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT))
+ {
+ p2 = _asn1_find_up (p);
+ len2 = strtol (p2->value, NULL, 10);
+ if (counter > len2)
+ ris = ASN1_TAG_ERROR;
+ }
+
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ {
+ if (p->type & CONST_OPTION)
+ {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ }
+ else if (p->type & CONST_DEFAULT)
+ {
+ _asn1_set_value (p, NULL, 0);
+ move = RIGHT;
+ }
+ else
+ {
+ if (errorDescription != NULL)
+ _asn1_error_description_tag_error (p, errorDescription);
+
+ asn1_delete_structure (structure);
+ return ASN1_TAG_ERROR;
+ }
+ }
+ else
+ counter += len2;
+ }
+
+ if (ris == ASN1_SUCCESS)
+ {
+ switch (type_field (p->type))
+ {
+ case TYPE_NULL:
+ if (der[counter])
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+
+ if (p == nodeFound)
+ state = EXIT;
+
+ counter++;
+ move = RIGHT;
+ break;
+ case TYPE_BOOLEAN:
+ if (der[counter++] != 1)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+
+ if (state == FOUND)
+ {
+ if (der[counter++] == 0)
+ _asn1_set_value (p, "F", 1);
+ else
+ _asn1_set_value (p, "T", 1);
+
+ if (p == nodeFound)
+ state = EXIT;
+
+ }
+ else
+ counter++;
+
+ move = RIGHT;
+ break;
+ case TYPE_INTEGER:
+ case TYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ if (state == FOUND)
+ {
+ if (len3 + len2 > len - counter)
+ return ASN1_DER_ERROR;
+ _asn1_set_value (p, der + counter, len3 + len2);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_OBJECT_ID:
+ if (state == FOUND)
+ {
+ result =
+ _asn1_get_objectid_der (der + counter, len - counter,
+ &len2, temp, sizeof (temp));
+ if (result != ASN1_SUCCESS)
+ {
+ return result;
+ }
+
+ tlen = strlen (temp);
+
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ else
+ {
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ len2 += len3;
+ }
+
+ counter += len2;
+ move = RIGHT;
+ break;
+ case TYPE_TIME:
+ if (state == FOUND)
+ {
+ result =
+ _asn1_get_time_der (der + counter, len - counter, &len2,
+ temp, sizeof (temp) - 1);
+ if (result != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (structure);
+ return result;
+ }
+
+ tlen = strlen (temp);
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ else
+ {
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ len2 += len3;
+ }
+
+ counter += len2;
+ move = RIGHT;
+ break;
+ case TYPE_OCTET_STRING:
+ len3 = len - counter;
+ if (state == FOUND)
+ {
+ ris = _asn1_get_octet_string (der + counter, p, &len3);
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ else
+ ris = _asn1_get_octet_string (der + counter, NULL, &len3);
+
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len3;
+ move = RIGHT;
+ break;
+ case TYPE_GENERALSTRING:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ if (state == FOUND)
+ {
+ if (len3 + len2 > len - counter)
+ return ASN1_DER_ERROR;
+ _asn1_set_value (p, der + counter, len3 + len2);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ if (state == FOUND)
+ {
+ if (len3 + len2 > len - counter)
+ return ASN1_DER_ERROR;
+ _asn1_set_value (p, der + counter, len3 + len2);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_SEQUENCE:
+ case TYPE_SET:
+ if (move == UP)
+ {
+ len2 = strtol (p->value, NULL, 10);
+ _asn1_set_value (p, NULL, 0);
+ if (len2 == -1)
+ { /* indefinite length method */
+ if ((der[counter]) || der[counter + 1])
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+ counter += 2;
+ }
+ else
+ { /* definite length method */
+ if (len2 != counter)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+ }
+ if (p == nodeFound)
+ state = EXIT;
+ move = RIGHT;
+ }
+ else
+ { /* move==DOWN || move==RIGHT */
+ if (state == OTHER_BRANCH)
+ {
+ len3 =
+ asn1_get_length_der (der + counter, len - counter,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+ counter += len2 + len3;
+ move = RIGHT;
+ }
+ else
+ { /* state==SAME_BRANCH or state==FOUND */
+ len3 =
+ asn1_get_length_der (der + counter, len - counter,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if (len3 > 0)
+ {
+ _asn1_ltostr (counter + len3, temp);
+ tlen = strlen (temp);
+
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ move = DOWN;
+ }
+ else if (len3 == 0)
+ {
+ p2 = p->down;
+ while (p2)
+ {
+ if (type_field (p2->type) != TYPE_TAG)
+ {
+ p3 = p2->right;
+ asn1_delete_structure (&p2);
+ p2 = p3;
+ }
+ else
+ p2 = p2->right;
+ }
+ move = RIGHT;
+ }
+ else
+ { /* indefinite length method */
+ _asn1_set_value (p, "-1", 3);
+ move = DOWN;
+ }
+ }
+ }
+ break;
+ case TYPE_SEQUENCE_OF:
+ case TYPE_SET_OF:
+ if (move == UP)
+ {
+ len2 = strtol (p->value, NULL, 10);
+ if (len2 > counter)
+ {
+ _asn1_append_sequence_set (p);
+ p = p->down;
+ while (p->right)
+ p = p->right;
+ move = RIGHT;
+ continue;
+ }
+ _asn1_set_value (p, NULL, 0);
+ if (len2 != counter)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ else
+ { /* move==DOWN || move==RIGHT */
+ if (state == OTHER_BRANCH)
+ {
+ len3 =
+ asn1_get_length_der (der + counter, len - counter,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+ counter += len2 + len3;
+ move = RIGHT;
+ }
+ else
+ { /* state==FOUND or state==SAME_BRANCH */
+ len3 =
+ asn1_get_length_der (der + counter, len - counter,
+ &len2);
+ if (len3 < 0)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if (len3)
+ {
+ _asn1_ltostr (counter + len3, temp);
+ tlen = strlen (temp);
+
+ if (tlen > 0)
+ _asn1_set_value (p, temp, tlen + 1);
+ p2 = p->down;
+ while ((type_field (p2->type) == TYPE_TAG)
+ || (type_field (p2->type) == TYPE_SIZE))
+ p2 = p2->right;
+ if (p2->right == NULL)
+ _asn1_append_sequence_set (p);
+ p = p2;
+ state = FOUND;
+ }
+ }
+ }
+
+ break;
+ case TYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > len)
+ return ASN1_DER_ERROR;
+
+ len4 =
+ asn1_get_length_der (der + counter + len2,
+ len - counter - len2, &len3);
+ if (len4 < -1)
+ return ASN1_DER_ERROR;
+
+ if (len4 != -1)
+ {
+ len2 += len4;
+ if (state == FOUND)
+ {
+ _asn1_set_value_octet (p, der + counter, len2 + len3);
+ temp2 = NULL;
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+ counter += len2 + len3;
+ }
+ else
+ { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ ris =
+ _asn1_get_indefinite_length_string (der + counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (structure);
+ return ris;
+ }
+
+ if (state == FOUND)
+ {
+ _asn1_set_value_octet (p, der + counter, len2);
+
+ if (p == nodeFound)
+ state = EXIT;
+ }
+
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite)
+ {
+ if (!der[counter] && !der[counter + 1])
+ {
+ counter += 2;
+ }
+ else
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+ }
+ }
+ move = RIGHT;
+ break;
+
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
+ }
+
+ if ((p == node && move != DOWN) || (state == EXIT))
+ break;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ {
+ p = p->down;
+
+ if (state != FOUND)
+ {
+ nameLen -= strlen (p->name) + 1;
+ if (nameLen > 0)
+ {
+ if (currentName[0])
+ strcat (currentName, ".");
+ strcat (currentName, p->name);
+ }
+ else
+ {
+ asn1_delete_structure (structure);
+ return ASN1_MEM_ERROR;
+ }
+ if (!(strcmp (currentName, elementName)))
+ {
+ state = FOUND;
+ nodeFound = p;
+ }
+ else
+ if (!memcmp
+ (currentName, elementName, strlen (currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ }
+ else
+ move = RIGHT;
+ }
+
+ if ((move == RIGHT) && !(p->type & CONST_SET))
+ {
+ if (p->right)
+ {
+ p = p->right;
+
+ if (state != FOUND)
+ {
+ dot_p = char_p = currentName;
+ while ((char_p = strchr (char_p, '.')))
+ {
+ dot_p = char_p++;
+ dot_p++;
+ }
+
+ nameLen += strlen (currentName) - (dot_p - currentName);
+ *dot_p = 0;
+
+ nameLen -= strlen (p->name);
+ if (nameLen > 0)
+ strcat (currentName, p->name);
+ else
+ {
+ asn1_delete_structure (structure);
+ return ASN1_MEM_ERROR;
+ }
+
+ if (!(strcmp (currentName, elementName)))
+ {
+ state = FOUND;
+ nodeFound = p;
+ }
+ else
+ if (!memcmp
+ (currentName, elementName, strlen (currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ }
+ else
+ move = UP;
+ }
+
+ if (move == UP)
+ {
+ p = _asn1_find_up (p);
+
+ if (state != FOUND)
+ {
+ dot_p = char_p = currentName;
+ while ((char_p = strchr (char_p, '.')))
+ {
+ dot_p = char_p++;
+ dot_p++;
+ }
+
+ nameLen += strlen (currentName) - (dot_p - currentName);
+ *dot_p = 0;
+
+ if (!(strcmp (currentName, elementName)))
+ {
+ state = FOUND;
+ nodeFound = p;
+ }
+ else
+ if (!memcmp (currentName, elementName, strlen (currentName)))
+ state = SAME_BRANCH;
+ else
+ state = OTHER_BRANCH;
+ }
+ }
+ }
+
+ _asn1_delete_not_used (*structure);
+
+ if (counter > len)
+ {
+ asn1_delete_structure (structure);
+ return ASN1_DER_ERROR;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+/**
+ * asn1_der_decoding_startEnd:
+ * @element: pointer to an ASN1 element
+ * @ider: vector that contains the DER encoding.
+ * @len: number of bytes of *@ider: @ider[0]..@ider[len-1]
+ * @name_element: an element of NAME structure.
+ * @start: the position of the first byte of NAME_ELEMENT decoding
+ * (@ider[*start])
+ * @end: the position of the last byte of NAME_ELEMENT decoding
+ * (@ider[*end])
+ *
+ * Find the start and end point of an element in a DER encoding
+ * string. I mean that if you have a der encoding and you have already
+ * used the function asn1_der_decoding() to fill a structure, it may
+ * happen that you want to find the piece of string concerning an
+ * element of the structure.
+ *
+ * One example is the sequence "tbsCertificate" inside an X509
+ * certificate.
+ *
+ * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND
+ * if ELEMENT is %ASN1_TYPE EMPTY or @name_element is not a valid
+ * element, %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding
+ * doesn't match the structure ELEMENT.
+ **/
+asn1_retCode
+asn1_der_decoding_startEnd (ASN1_TYPE element, const void *ider, int len,
+ const char *name_element, int *start, int *end)
+{
+ ASN1_TYPE node, node_to_find, p, p2, p3;
+ int counter, len2, len3, len4, move, ris;
+ unsigned char class;
+ unsigned long tag;
+ int indefinite;
+ const unsigned char *der = ider;
+
+ node = element;
+
+ if (node == ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ node_to_find = asn1_find_node (node, name_element);
+
+ if (node_to_find == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (node_to_find == node)
+ {
+ *start = 0;
+ *end = len - 1;
+ return ASN1_SUCCESS;
+ }
+
+ if (node->type & CONST_OPTION)
+ return ASN1_GENERIC_ERROR;
+
+ counter = 0;
+ move = DOWN;
+ p = node;
+ while (1)
+ {
+ ris = ASN1_SUCCESS;
+
+ if (move != UP)
+ {
+ if (p->type & CONST_SET)
+ {
+ p2 = _asn1_find_up (p);
+ len2 = strtol (p2->value, NULL, 10);
+ if (len2 == -1)
+ {
+ if (!der[counter] && !der[counter + 1])
+ {
+ p = p2;
+ move = UP;
+ counter += 2;
+ continue;
+ }
+ }
+ else if (counter == len2)
+ {
+ p = p2;
+ move = UP;
+ continue;
+ }
+ else if (counter > len2)
+ return ASN1_DER_ERROR;
+ p2 = p2->down;
+ while (p2)
+ {
+ if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED))
+ { /* CONTROLLARE */
+ if (type_field (p2->type) != TYPE_CHOICE)
+ ris =
+ _asn1_extract_tag_der (p2, der + counter,
+ len - counter, &len2);
+ else
+ {
+ p3 = p2->down;
+ ris =
+ _asn1_extract_tag_der (p3, der + counter,
+ len - counter, &len2);
+ }
+ if (ris == ASN1_SUCCESS)
+ {
+ p2->type &= ~CONST_NOT_USED;
+ p = p2;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ return ASN1_DER_ERROR;
+ }
+
+ if (p == node_to_find)
+ *start = counter;
+
+ if (type_field (p->type) == TYPE_CHOICE)
+ {
+ p = p->down;
+ ris =
+ _asn1_extract_tag_der (p, der + counter, len - counter,
+ &len2);
+ if (p == node_to_find)
+ *start = counter;
+ }
+
+ if (ris == ASN1_SUCCESS)
+ ris =
+ _asn1_extract_tag_der (p, der + counter, len - counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ {
+ if (p->type & CONST_OPTION)
+ {
+ p->type |= CONST_NOT_USED;
+ move = RIGHT;
+ }
+ else if (p->type & CONST_DEFAULT)
+ {
+ move = RIGHT;
+ }
+ else
+ {
+ return ASN1_TAG_ERROR;
+ }
+ }
+ else
+ counter += len2;
+ }
+
+ if (ris == ASN1_SUCCESS)
+ {
+ switch (type_field (p->type))
+ {
+ case TYPE_NULL:
+ if (der[counter])
+ return ASN1_DER_ERROR;
+ counter++;
+ move = RIGHT;
+ break;
+ case TYPE_BOOLEAN:
+ if (der[counter++] != 1)
+ return ASN1_DER_ERROR;
+ counter++;
+ move = RIGHT;
+ break;
+ case TYPE_INTEGER:
+ case TYPE_ENUMERATED:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_OBJECT_ID:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ counter += len2 + len3;
+ move = RIGHT;
+ break;
+ case TYPE_TIME:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ counter += len2 + len3;
+ move = RIGHT;
+ break;
+ case TYPE_OCTET_STRING:
+ len3 = len - counter;
+ ris = _asn1_get_octet_string (der + counter, NULL, &len3);
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len3;
+ move = RIGHT;
+ break;
+ case TYPE_GENERALSTRING:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_BIT_STRING:
+ len2 =
+ asn1_get_length_der (der + counter, len - counter, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ counter += len3 + len2;
+ move = RIGHT;
+ break;
+ case TYPE_SEQUENCE:
+ case TYPE_SET:
+ if (move != UP)
+ {
+ len3 =
+ asn1_get_length_der (der + counter, len - counter, &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if (len3 == 0)
+ move = RIGHT;
+ else
+ move = DOWN;
+ }
+ else
+ {
+ if (!der[counter] && !der[counter + 1]) /* indefinite length method */
+ counter += 2;
+ move = RIGHT;
+ }
+ break;
+ case TYPE_SEQUENCE_OF:
+ case TYPE_SET_OF:
+ if (move != UP)
+ {
+ len3 =
+ asn1_get_length_der (der + counter, len - counter, &len2);
+ if (len3 < -1)
+ return ASN1_DER_ERROR;
+ counter += len2;
+ if ((len3 == -1) && !der[counter] && !der[counter + 1])
+ counter += 2;
+ else if (len3)
+ {
+ p2 = p->down;
+ while ((type_field (p2->type) == TYPE_TAG) ||
+ (type_field (p2->type) == TYPE_SIZE))
+ p2 = p2->right;
+ p = p2;
+ }
+ }
+ else
+ {
+ if (!der[counter] && !der[counter + 1]) /* indefinite length method */
+ counter += 2;
+ }
+ move = RIGHT;
+ break;
+ case TYPE_ANY:
+ if (asn1_get_tag_der
+ (der + counter, len - counter, &class, &len2,
+ &tag) != ASN1_SUCCESS)
+ return ASN1_DER_ERROR;
+ if (counter + len2 > len)
+ return ASN1_DER_ERROR;
+
+ len4 =
+ asn1_get_length_der (der + counter + len2,
+ len - counter - len2, &len3);
+ if (len4 < -1)
+ return ASN1_DER_ERROR;
+
+ if (len4 != -1)
+ {
+ counter += len2 + len4 + len3;
+ }
+ else
+ { /* indefinite length */
+ /* Check indefinite lenth method in an EXPLICIT TAG */
+ if ((p->type & CONST_TAG) && (der[counter - 1] == 0x80))
+ indefinite = 1;
+ else
+ indefinite = 0;
+
+ len2 = len - counter;
+ ris =
+ _asn1_get_indefinite_length_string (der + counter, &len2);
+ if (ris != ASN1_SUCCESS)
+ return ris;
+ counter += len2;
+
+ /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with
+ an indefinite length method. */
+ if (indefinite)
+ {
+ if (!der[counter] && !der[counter + 1])
+ counter += 2;
+ else
+ return ASN1_DER_ERROR;
+ }
+ }
+ move = RIGHT;
+ break;
+ default:
+ move = (move == UP) ? RIGHT : DOWN;
+ break;
+ }
+ }
+
+ if ((p == node_to_find) && (move == RIGHT))
+ {
+ *end = counter - 1;
+ return ASN1_SUCCESS;
+ }
+
+ if (p == node && move != DOWN)
+ break;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+ if ((move == RIGHT) && !(p->type & CONST_SET))
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_ELEMENT_NOT_FOUND;
+}
+
+/**
+ * asn1_expand_any_defined_by:
+ * @definitions: ASN1 definitions
+ * @element: pointer to an ASN1 structure
+ *
+ * Expands every "ANY DEFINED BY" element of a structure created from
+ * a DER decoding process (asn1_der_decoding function). The element
+ * ANY must be defined by an OBJECT IDENTIFIER. The type used to
+ * expand the element ANY is the first one following the definition of
+ * the actual value of the OBJECT IDENTIFIER.
+ *
+ * Returns: %ASN1_SUCCESS if Substitution OK, %ASN1_ERROR_TYPE_ANY if
+ * some "ANY DEFINED BY" element couldn't be expanded due to a
+ * problem in OBJECT_ID -> TYPE association, or other error codes
+ * depending on DER decoding.
+ **/
+asn1_retCode
+asn1_expand_any_defined_by (ASN1_TYPE definitions, ASN1_TYPE * element)
+{
+ char definitionsName[ASN1_MAX_NAME_SIZE], name[2 * ASN1_MAX_NAME_SIZE + 1],
+ value[ASN1_MAX_NAME_SIZE];
+ asn1_retCode retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ ASN1_TYPE p, p2, p3, aux = ASN1_TYPE_EMPTY;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ if ((definitions == ASN1_TYPE_EMPTY) || (*element == ASN1_TYPE_EMPTY))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ strcpy (definitionsName, definitions->name);
+ strcat (definitionsName, ".");
+
+ p = *element;
+ while (p)
+ {
+
+ switch (type_field (p->type))
+ {
+ case TYPE_ANY:
+ if ((p->type & CONST_DEFINED_BY) && (p->value))
+ {
+ /* search the "DEF_BY" element */
+ p2 = p->down;
+ while ((p2) && (type_field (p2->type) != TYPE_CONSTANT))
+ p2 = p2->right;
+
+ if (!p2)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ p3 = _asn1_find_up (p);
+
+ if (!p3)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ p3 = p3->down;
+ while (p3)
+ {
+ if ((p3->name) && !(strcmp (p3->name, p2->name)))
+ break;
+ p3 = p3->right;
+ }
+
+ if ((!p3) || (type_field (p3->type) != TYPE_OBJECT_ID) ||
+ (p3->value == NULL))
+ {
+
+ p3 = _asn1_find_up (p);
+ p3 = _asn1_find_up (p3);
+
+ if (!p3)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ p3 = p3->down;
+
+ while (p3)
+ {
+ if ((p3->name) && !(strcmp (p3->name, p2->name)))
+ break;
+ p3 = p3->right;
+ }
+
+ if ((!p3) || (type_field (p3->type) != TYPE_OBJECT_ID) ||
+ (p3->value == NULL))
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+ }
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2)
+ {
+ if ((type_field (p2->type) == TYPE_OBJECT_ID) &&
+ (p2->type & CONST_ASSIGN))
+ {
+ strcpy (name, definitionsName);
+ strcat (name, p2->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result =
+ asn1_read_value (definitions, name, value, &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!strcmp (p3->value, value)))
+ {
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2) && (p2->type & CONST_ASSIGN))
+ p2 = p2->right;
+
+ if (p2)
+ {
+ strcpy (name, definitionsName);
+ strcat (name, p2->name);
+
+ result =
+ asn1_create_element (definitions, name, &aux);
+ if (result == ASN1_SUCCESS)
+ {
+ _asn1_set_name (aux, p->name);
+ len2 =
+ asn1_get_length_der (p->value,
+ p->value_len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+
+ result =
+ asn1_der_decoding (&aux, p->value + len3,
+ len2,
+ errorDescription);
+ if (result == ASN1_SUCCESS)
+ {
+
+ _asn1_set_right (aux, p->right);
+ _asn1_set_right (p, aux);
+
+ result = asn1_delete_structure (&p);
+ if (result == ASN1_SUCCESS)
+ {
+ p = aux;
+ aux = ASN1_TYPE_EMPTY;
+ break;
+ }
+ else
+ { /* error with asn1_delete_structure */
+ asn1_delete_structure (&aux);
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_der_decoding */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_create_element */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with the pointer to the structure to exapand */
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+ }
+ }
+ p2 = p2->right;
+ } /* end while */
+
+ if (!p2)
+ {
+ retCode = ASN1_ERROR_TYPE_ANY;
+ break;
+ }
+
+ }
+ break;
+ default:
+ break;
+ }
+
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p == *element)
+ {
+ p = NULL;
+ break;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == *element)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ return retCode;
+}
+
+/**
+ * asn1_expand_octet_string:
+ * @definitions: ASN1 definitions
+ * @element: pointer to an ASN1 structure
+ * @octetName: name of the OCTECT STRING field to expand.
+ * @objectName: name of the OBJECT IDENTIFIER field to use to define
+ * the type for expansion.
+ *
+ * Expands an "OCTET STRING" element of a structure created from a DER
+ * decoding process (the asn1_der_decoding() function). The type used
+ * for expansion is the first one following the definition of the
+ * actual value of the OBJECT IDENTIFIER indicated by OBJECTNAME.
+ *
+ * Returns: %ASN1_SUCCESS if substitution OK, %ASN1_ELEMENT_NOT_FOUND
+ * if @objectName or @octetName are not correct,
+ * %ASN1_VALUE_NOT_VALID if it wasn't possible to find the type to
+ * use for expansion, or other errors depending on DER decoding.
+ **/
+asn1_retCode
+asn1_expand_octet_string (ASN1_TYPE definitions, ASN1_TYPE * element,
+ const char *octetName, const char *objectName)
+{
+ char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE];
+ asn1_retCode retCode = ASN1_SUCCESS, result;
+ int len, len2, len3;
+ ASN1_TYPE p2, aux = ASN1_TYPE_EMPTY;
+ ASN1_TYPE octetNode = ASN1_TYPE_EMPTY, objectNode = ASN1_TYPE_EMPTY;
+ char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ if ((definitions == ASN1_TYPE_EMPTY) || (*element == ASN1_TYPE_EMPTY))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ octetNode = asn1_find_node (*element, octetName);
+ if (octetNode == ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (type_field (octetNode->type) != TYPE_OCTET_STRING)
+ return ASN1_ELEMENT_NOT_FOUND;
+ if (octetNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+ objectNode = asn1_find_node (*element, objectName);
+ if (objectNode == ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (type_field (objectNode->type) != TYPE_OBJECT_ID)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if (objectNode->value == NULL)
+ return ASN1_VALUE_NOT_FOUND;
+
+
+ /* search the OBJECT_ID into definitions */
+ p2 = definitions->down;
+ while (p2)
+ {
+ if ((type_field (p2->type) == TYPE_OBJECT_ID) &&
+ (p2->type & CONST_ASSIGN))
+ {
+ strcpy (name, definitions->name);
+ strcat (name, ".");
+ strcat (name, p2->name);
+
+ len = sizeof (value);
+ result = asn1_read_value (definitions, name, value, &len);
+
+ if ((result == ASN1_SUCCESS)
+ && (!strcmp (objectNode->value, value)))
+ {
+
+ p2 = p2->right; /* pointer to the structure to
+ use for expansion */
+ while ((p2) && (p2->type & CONST_ASSIGN))
+ p2 = p2->right;
+
+ if (p2)
+ {
+ strcpy (name, definitions->name);
+ strcat (name, ".");
+ strcat (name, p2->name);
+
+ result = asn1_create_element (definitions, name, &aux);
+ if (result == ASN1_SUCCESS)
+ {
+ _asn1_set_name (aux, octetNode->name);
+ len2 =
+ asn1_get_length_der (octetNode->value,
+ octetNode->value_len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+
+ result =
+ asn1_der_decoding (&aux, octetNode->value + len3,
+ len2, errorDescription);
+ if (result == ASN1_SUCCESS)
+ {
+
+ _asn1_set_right (aux, octetNode->right);
+ _asn1_set_right (octetNode, aux);
+
+ result = asn1_delete_structure (&octetNode);
+ if (result == ASN1_SUCCESS)
+ {
+ aux = ASN1_TYPE_EMPTY;
+ break;
+ }
+ else
+ { /* error with asn1_delete_structure */
+ asn1_delete_structure (&aux);
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_der_decoding */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with asn1_create_element */
+ retCode = result;
+ break;
+ }
+ }
+ else
+ { /* error with the pointer to the structure to exapand */
+ retCode = ASN1_VALUE_NOT_VALID;
+ break;
+ }
+ }
+ }
+
+ p2 = p2->right;
+
+ }
+
+ if (!p2)
+ retCode = ASN1_VALUE_NOT_VALID;
+
+ return retCode;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2006, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+/*****************************************************/
+/* File: element.c */
+/* Description: Functions with the read and write */
+/* functions. */
+/*****************************************************/
+
+
+#include <int.h>
+#include "parser_aux.h"
+#include <gstr.h>
+#include "structure.h"
+
+#include "element.h"
+
+void
+_asn1_hierarchical_name (ASN1_TYPE node, char *name, int name_size)
+{
+ ASN1_TYPE p;
+ char tmp_name[64];
+
+ p = node;
+
+ name[0] = 0;
+
+ while (p != NULL)
+ {
+ if (p->name != NULL)
+ {
+ _asn1_str_cpy (tmp_name, sizeof (tmp_name), name),
+ _asn1_str_cpy (name, name_size, p->name);
+ _asn1_str_cat (name, name_size, ".");
+ _asn1_str_cat (name, name_size, tmp_name);
+ }
+ p = _asn1_find_up (p);
+ }
+
+ if (name[0] == 0)
+ _asn1_str_cpy (name, name_size, "ROOT");
+}
+
+
+/******************************************************************/
+/* Function : _asn1_convert_integer */
+/* Description: converts an integer from a null terminated string */
+/* to der decoding. The convertion from a null */
+/* terminated string to an integer is made with */
+/* the 'strtol' function. */
+/* Parameters: */
+/* value: null terminated string to convert. */
+/* value_out: convertion result (memory must be already */
+/* allocated). */
+/* value_out_size: number of bytes of value_out. */
+/* len: number of significant byte of value_out. */
+/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */
+/******************************************************************/
+asn1_retCode
+_asn1_convert_integer (const char *value, unsigned char *value_out,
+ int value_out_size, int *len)
+{
+ char negative;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ long valtmp;
+ int k, k2;
+
+ valtmp = strtol (value, NULL, 10);
+
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
+ {
+ val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF;
+ }
+
+ if (val[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
+
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++)
+ {
+ if (negative && (val[k] != 0xFF))
+ break;
+ else if (!negative && val[k])
+ break;
+ }
+
+ if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80)))
+ k--;
+
+ *len = SIZEOF_UNSIGNED_LONG_INT - k;
+
+ if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size)
+ /* VALUE_OUT is too short to contain the value conversion */
+ return ASN1_MEM_ERROR;
+
+ for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++)
+ value_out[k2 - k] = val[k2];
+
+#if 0
+ printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len);
+ for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++)
+ printf (", vOut[%d]=%d", k, value_out[k]);
+ printf ("\n");
+#endif
+
+ return ASN1_SUCCESS;
+}
+
+
+int
+_asn1_append_sequence_set (ASN1_TYPE node)
+{
+ ASN1_TYPE p, p2;
+ char temp[10];
+ long n;
+
+ if (!node || !(node->down))
+ return ASN1_GENERIC_ERROR;
+
+ p = node->down;
+ while ((type_field (p->type) == TYPE_TAG)
+ || (type_field (p->type) == TYPE_SIZE))
+ p = p->right;
+ p2 = _asn1_copy_structure3 (p);
+ while (p->right)
+ p = p->right;
+ _asn1_set_right (p, p2);
+
+ if (p->name == NULL)
+ _asn1_str_cpy (temp, sizeof (temp), "?1");
+ else
+ {
+ n = strtol (p->name + 1, NULL, 0);
+ n++;
+ temp[0] = '?';
+ _asn1_ltostr (n, temp + 1);
+ }
+ _asn1_set_name (p2, temp);
+ /* p2->type |= CONST_OPTION; */
+
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_write_value:
+ * @node_root: pointer to a structure
+ * @name: the name of the element inside the structure that you want to set.
+ * @ivalue: vector used to specify the value to set. If len is >0,
+ * VALUE must be a two's complement form integer. if len=0 *VALUE
+ * must be a null terminated string with an integer value.
+ * @len: number of bytes of *value to use to set the value:
+ * value[0]..value[len-1] or 0 if value is a null terminated string
+ *
+ * Set the value of one element inside a structure.
+ *
+ * If an element is OPTIONAL and you want to delete it, you must use
+ * the value=NULL and len=0. Using "pkix.asn":
+ *
+ * result=asn1_write_value(cert, "tbsCertificate.issuerUniqueID",
+ * NULL, 0);
+ *
+ * Description for each type:
+ *
+ * INTEGER: VALUE must contain a two's complement form integer.
+ *
+ * value[0]=0xFF , len=1 -> integer=-1.
+ * value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1.
+ * value[0]=0x01 , len=1 -> integer= 1.
+ * value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1.
+ * value="123" , len=0 -> integer= 123.
+ *
+ * ENUMERATED: As INTEGER (but only with not negative numbers).
+ *
+ * BOOLEAN: VALUE must be the null terminated string "TRUE" or
+ * "FALSE" and LEN != 0.
+ *
+ * value="TRUE" , len=1 -> boolean=TRUE.
+ * value="FALSE" , len=1 -> boolean=FALSE.
+ *
+ * OBJECT IDENTIFIER: VALUE must be a null terminated string with
+ * each number separated by a dot (e.g. "1.2.3.543.1"). LEN != 0.
+ *
+ * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha.
+ *
+ * UTCTime: VALUE must be a null terminated string in one of these
+ * formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ",
+ * "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'",
+ * "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'". LEN != 0.
+ *
+ * value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998
+ * at 12h 00m Greenwich Mean Time
+ *
+ * GeneralizedTime: VALUE must be in one of this format:
+ * "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ",
+ * "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'",
+ * "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s
+ * indicates the seconds with any precision like "10.1" or "01.02".
+ * LEN != 0
+ *
+ * value="2001010112001.12-0700" , len=1 -> time=Jannuary
+ * 1st, 2001 at 12h 00m 01.12s Pacific Daylight Time
+ *
+ * OCTET STRING: VALUE contains the octet string and LEN is the
+ * number of octets.
+ *
+ * value="$\backslash$x01$\backslash$x02$\backslash$x03" ,
+ * len=3 -> three bytes octet string
+ *
+ * GeneralString: VALUE contains the generalstring and LEN is the
+ * number of octets.
+ *
+ * value="$\backslash$x01$\backslash$x02$\backslash$x03" ,
+ * len=3 -> three bytes generalstring
+ *
+ * BIT STRING: VALUE contains the bit string organized by bytes and
+ * LEN is the number of bits.
+ *
+ * value="$\backslash$xCF" , len=6 -> bit string="110011" (six
+ * bits)
+ *
+ * CHOICE: if NAME indicates a choice type, VALUE must specify one of
+ * the alternatives with a null terminated string. LEN != 0. Using
+ * "pkix.asn"\:
+ *
+ * result=asn1_write_value(cert,
+ * "certificate1.tbsCertificate.subject", "rdnSequence",
+ * 1);
+ *
+ * ANY: VALUE indicates the der encoding of a structure. LEN != 0.
+ *
+ * SEQUENCE OF: VALUE must be the null terminated string "NEW" and
+ * LEN != 0. With this instruction another element is appended in
+ * the sequence. The name of this element will be "?1" if it's the
+ * first one, "?2" for the second and so on.
+ *
+ * Using "pkix.asn"\:
+ *
+ * result=asn1_write_value(cert,
+ * "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1);
+ *
+ * SET OF: the same as SEQUENCE OF. Using "pkix.asn":
+ *
+ * result=asn1_write_value(cert,
+ * "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1);
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Set value OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element.
+ *
+ * %ASN1_VALUE_NOT_VALID: VALUE has a wrong format.
+ **/
+asn1_retCode
+asn1_write_value (ASN1_TYPE node_root, const char *name,
+ const void *ivalue, int len)
+{
+ ASN1_TYPE node, p, p2;
+ unsigned char *temp, *value_temp = NULL, *default_temp = NULL;
+ int len2, k, k2, negative;
+ size_t i;
+ const unsigned char *value = ivalue;
+
+ node = asn1_find_node (node_root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0))
+ {
+ asn1_delete_structure (&node);
+ return ASN1_SUCCESS;
+ }
+
+ if ((type_field (node->type) == TYPE_SEQUENCE_OF) && (value == NULL)
+ && (len == 0))
+ {
+ p = node->down;
+ while ((type_field (p->type) == TYPE_TAG)
+ || (type_field (p->type) == TYPE_SIZE))
+ p = p->right;
+
+ while (p->right)
+ asn1_delete_structure (&p->right);
+
+ return ASN1_SUCCESS;
+ }
+
+ switch (type_field (node->type))
+ {
+ case TYPE_BOOLEAN:
+ if (!strcmp (value, "TRUE"))
+ {
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != TYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE)
+ _asn1_set_value (node, NULL, 0);
+ else
+ _asn1_set_value (node, "T", 1);
+ }
+ else
+ _asn1_set_value (node, "T", 1);
+ }
+ else if (!strcmp (value, "FALSE"))
+ {
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != TYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_FALSE)
+ _asn1_set_value (node, NULL, 0);
+ else
+ _asn1_set_value (node, "F", 1);
+ }
+ else
+ _asn1_set_value (node, "F", 1);
+ }
+ else
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case TYPE_INTEGER:
+ case TYPE_ENUMERATED:
+ if (len == 0)
+ {
+ if ((isdigit (value[0])) || (value[0] == '-'))
+ {
+ value_temp =
+ (unsigned char *) _asn1_malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer (value, value_temp,
+ SIZEOF_UNSIGNED_LONG_INT, &len);
+ }
+ else
+ { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST))
+ return ASN1_VALUE_NOT_VALID;
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == TYPE_CONSTANT)
+ {
+ if ((p->name) && (!strcmp (p->name, value)))
+ {
+ value_temp =
+ (unsigned char *)
+ _asn1_malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ _asn1_convert_integer (p->value,
+ value_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len);
+ break;
+ }
+ }
+ p = p->right;
+ }
+ if (p == NULL)
+ return ASN1_VALUE_NOT_VALID;
+ }
+ }
+ else
+ { /* len != 0 */
+ value_temp = (unsigned char *) _asn1_malloc (len);
+ if (value_temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+ memcpy (value_temp, value, len);
+ }
+
+
+ if (value_temp[0] & 0x80)
+ negative = 1;
+ else
+ negative = 0;
+
+ if (negative && (type_field (node->type) == TYPE_ENUMERATED))
+ {
+ _asn1_free (value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+
+ for (k = 0; k < len - 1; k++)
+ if (negative && (value_temp[k] != 0xFF))
+ break;
+ else if (!negative && value_temp[k])
+ break;
+
+ if ((negative && !(value_temp[k] & 0x80)) ||
+ (!negative && (value_temp[k] & 0x80)))
+ k--;
+
+ _asn1_set_value_octet (node, value_temp + k, len - k);
+
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != TYPE_DEFAULT)
+ p = p->right;
+ if ((isdigit (p->value[0])) || (p->value[0] == '-'))
+ {
+ default_temp =
+ (unsigned char *) _asn1_malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp == NULL)
+ {
+ _asn1_free (value_temp);
+ return ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer (p->value, default_temp,
+ SIZEOF_UNSIGNED_LONG_INT, &len2);
+ }
+ else
+ { /* is an identifier like v1 */
+ if (!(node->type & CONST_LIST))
+ {
+ _asn1_free (value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ p2 = node->down;
+ while (p2)
+ {
+ if (type_field (p2->type) == TYPE_CONSTANT)
+ {
+ if ((p2->name) && (!strcmp (p2->name, p->value)))
+ {
+ default_temp =
+ (unsigned char *)
+ _asn1_malloc (SIZEOF_UNSIGNED_LONG_INT);
+ if (default_temp == NULL)
+ {
+ _asn1_free (value_temp);
+ return ASN1_MEM_ALLOC_ERROR;
+ }
+
+ _asn1_convert_integer (p2->value,
+ default_temp,
+ SIZEOF_UNSIGNED_LONG_INT,
+ &len2);
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ if (p2 == NULL)
+ {
+ _asn1_free (value_temp);
+ return ASN1_VALUE_NOT_VALID;
+ }
+ }
+
+
+ if ((len - k) == len2)
+ {
+ for (k2 = 0; k2 < len2; k2++)
+ if (value_temp[k + k2] != default_temp[k2])
+ {
+ break;
+ }
+ if (k2 == len2)
+ _asn1_set_value (node, NULL, 0);
+ }
+ _asn1_free (default_temp);
+ }
+ _asn1_free (value_temp);
+ break;
+ case TYPE_OBJECT_ID:
+ for (i = 0; i < strlen (value); i++)
+ if ((!isdigit (value[i])) && (value[i] != '.') && (value[i] != '+'))
+ return ASN1_VALUE_NOT_VALID;
+ if (node->type & CONST_DEFAULT)
+ {
+ p = node->down;
+ while (type_field (p->type) != TYPE_DEFAULT)
+ p = p->right;
+ if (!strcmp (value, p->value))
+ {
+ _asn1_set_value (node, NULL, 0);
+ break;
+ }
+ }
+ _asn1_set_value (node, value, strlen (value) + 1);
+ break;
+ case TYPE_TIME:
+ if (node->type & CONST_UTC)
+ {
+ if (strlen (value) < 11)
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 0; k < 10; k++)
+ if (!isdigit (value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ switch (strlen (value))
+ {
+ case 11:
+ if (value[10] != 'Z')
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 13:
+ if ((!isdigit (value[10])) || (!isdigit (value[11])) ||
+ (value[12] != 'Z'))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 15:
+ if ((value[10] != '+') && (value[10] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 11; k < 15; k++)
+ if (!isdigit (value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ case 17:
+ if ((!isdigit (value[10])) || (!isdigit (value[11])))
+ return ASN1_VALUE_NOT_VALID;
+ if ((value[12] != '+') && (value[12] != '-'))
+ return ASN1_VALUE_NOT_VALID;
+ for (k = 13; k < 17; k++)
+ if (!isdigit (value[k]))
+ return ASN1_VALUE_NOT_VALID;
+ break;
+ default:
+ return ASN1_VALUE_NOT_FOUND;
+ }
+ _asn1_set_value (node, value, strlen (value) + 1);
+ }
+ else
+ { /* GENERALIZED TIME */
+ if (value)
+ _asn1_set_value (node, value, strlen (value) + 1);
+ }
+ break;
+ case TYPE_OCTET_STRING:
+ if (len == 0)
+ len = strlen (value);
+ _asn1_set_value_octet (node, value, len);
+ break;
+ case TYPE_GENERALSTRING:
+ if (len == 0)
+ len = strlen (value);
+ _asn1_set_value_octet (node, value, len);
+ break;
+ case TYPE_BIT_STRING:
+ if (len == 0)
+ len = strlen (value);
+ asn1_length_der ((len >> 3) + 2, NULL, &len2);
+ temp = (unsigned char *) _asn1_malloc ((len >> 3) + 2 + len2);
+ if (temp == NULL)
+ return ASN1_MEM_ALLOC_ERROR;
+
+ asn1_bit_der (value, len, temp, &len2);
+ _asn1_set_value_m (node, temp, len2);
+ temp = NULL;
+ break;
+ case TYPE_CHOICE:
+ p = node->down;
+ while (p)
+ {
+ if (!strcmp (p->name, value))
+ {
+ p2 = node->down;
+ while (p2)
+ {
+ if (p2 != p)
+ {
+ asn1_delete_structure (&p2);
+ p2 = node->down;
+ }
+ else
+ p2 = p2->right;
+ }
+ break;
+ }
+ p = p->right;
+ }
+ if (!p)
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ case TYPE_ANY:
+ _asn1_set_value_octet (node, value, len);
+ break;
+ case TYPE_SEQUENCE_OF:
+ case TYPE_SET_OF:
+ if (strcmp (value, "NEW"))
+ return ASN1_VALUE_NOT_VALID;
+ _asn1_append_sequence_set (node);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+#define PUT_VALUE( ptr, ptr_size, data, data_size) \
+ *len = data_size; \
+ if (ptr_size < data_size) { \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ memcpy( ptr, data, data_size); \
+ }
+
+#define PUT_STR_VALUE( ptr, ptr_size, data) \
+ *len = strlen(data) + 1; \
+ if (ptr_size < *len) { \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ /* this strcpy is checked */ \
+ strcpy(ptr, data); \
+ }
+
+#define ADD_STR_VALUE( ptr, ptr_size, data) \
+ *len = (int) strlen(data) + 1; \
+ if (ptr_size < (int) strlen(ptr)+(*len)) { \
+ return ASN1_MEM_ERROR; \
+ } else { \
+ /* this strcat is checked */ \
+ strcat(ptr, data); \
+ }
+
+/**
+ * asn1_read_value:
+ * @root: pointer to a structure.
+ * @name: the name of the element inside a structure that you want to read.
+ * @ivalue: vector that will contain the element's content, must be a
+ * pointer to memory cells already allocated.
+ * @len: number of bytes of *value: value[0]..value[len-1]. Initialy
+ * holds the sizeof value.
+ *
+ * Returns the value of one element inside a structure.
+ *
+ * If an element is OPTIONAL and the function "read_value" returns
+ * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present
+ * in the der encoding that created the structure. The first element
+ * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and
+ * so on.
+ *
+ * INTEGER: VALUE will contain a two's complement form integer.
+ *
+ * integer=-1 -> value[0]=0xFF , len=1.
+ * integer=1 -> value[0]=0x01 , len=1.
+ *
+ * ENUMERATED: As INTEGER (but only with not negative numbers).
+ *
+ * BOOLEAN: VALUE will be the null terminated string "TRUE" or
+ * "FALSE" and LEN=5 or LEN=6.
+ *
+ * OBJECT IDENTIFIER: VALUE will be a null terminated string with
+ * each number separated by a dot (i.e. "1.2.3.543.1").
+ *
+ * LEN = strlen(VALUE)+1
+ *
+ * UTCTime: VALUE will be a null terminated string in one of these
+ * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'".
+ * LEN=strlen(VALUE)+1.
+ *
+ * GeneralizedTime: VALUE will be a null terminated string in the
+ * same format used to set the value.
+ *
+ * OCTET STRING: VALUE will contain the octet string and LEN will be
+ * the number of octets.
+ *
+ * GeneralString: VALUE will contain the generalstring and LEN will
+ * be the number of octets.
+ *
+ * BIT STRING: VALUE will contain the bit string organized by bytes
+ * and LEN will be the number of bits.
+ *
+ * CHOICE: If NAME indicates a choice type, VALUE will specify the
+ * alternative selected.
+ *
+ * ANY: If NAME indicates an any type, VALUE will indicate the DER
+ * encoding of the structure actually used.
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Set value OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element.
+ *
+ * %ASN1_VALUE_NOT_FOUND: There isn't any value for the element selected.
+ *
+ * %ASN1_MEM_ERROR: The value vector isn't big enough to store the result.
+ * In this case LEN will contain the number of bytes needed.
+ **/
+asn1_retCode
+asn1_read_value (ASN1_TYPE root, const char *name, void *ivalue, int *len)
+{
+ ASN1_TYPE node, p, p2;
+ int len2, len3;
+ int value_size = *len;
+ unsigned char *value = ivalue;
+
+ node = asn1_find_node (root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ if ((type_field (node->type) != TYPE_NULL) &&
+ (type_field (node->type) != TYPE_CHOICE) &&
+ !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) &&
+ (node->value == NULL))
+ return ASN1_VALUE_NOT_FOUND;
+
+ switch (type_field (node->type))
+ {
+ case TYPE_NULL:
+ PUT_STR_VALUE (value, value_size, "NULL");
+ break;
+ case TYPE_BOOLEAN:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ {
+ p = node->down;
+ while (type_field (p->type) != TYPE_DEFAULT)
+ p = p->right;
+ if (p->type & CONST_TRUE)
+ {
+ PUT_STR_VALUE (value, value_size, "TRUE");
+ }
+ else
+ {
+ PUT_STR_VALUE (value, value_size, "FALSE");
+ }
+ }
+ else if (node->value[0] == 'T')
+ {
+ PUT_STR_VALUE (value, value_size, "TRUE");
+ }
+ else
+ {
+ PUT_STR_VALUE (value, value_size, "FALSE");
+ }
+ break;
+ case TYPE_INTEGER:
+ case TYPE_ENUMERATED:
+ if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ {
+ p = node->down;
+ while (type_field (p->type) != TYPE_DEFAULT)
+ p = p->right;
+ if ((isdigit (p->value[0])) || (p->value[0] == '-')
+ || (p->value[0] == '+'))
+ {
+ if (_asn1_convert_integer
+ (p->value, value, value_size, len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ }
+ else
+ { /* is an identifier like v1 */
+ p2 = node->down;
+ while (p2)
+ {
+ if (type_field (p2->type) == TYPE_CONSTANT)
+ {
+ if ((p2->name) && (!strcmp (p2->name, p->value)))
+ {
+ if (_asn1_convert_integer
+ (p2->value, value, value_size,
+ len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ }
+ }
+ p2 = p2->right;
+ }
+ }
+ }
+ else
+ {
+ len2 = -1;
+ if (asn1_get_octet_der
+ (node->value, node->value_len, &len2, value, value_size,
+ len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ }
+ break;
+ case TYPE_OBJECT_ID:
+ if (node->type & CONST_ASSIGN)
+ {
+ value[0] = 0;
+ p = node->down;
+ while (p)
+ {
+ if (type_field (p->type) == TYPE_CONSTANT)
+ {
+ ADD_STR_VALUE (value, value_size, p->value);
+ if (p->right)
+ {
+ ADD_STR_VALUE (value, value_size, ".");
+ }
+ }
+ p = p->right;
+ }
+ *len = strlen (value) + 1;
+ }
+ else if ((node->type & CONST_DEFAULT) && (node->value == NULL))
+ {
+ p = node->down;
+ while (type_field (p->type) != TYPE_DEFAULT)
+ p = p->right;
+ PUT_STR_VALUE (value, value_size, p->value);
+ }
+ else
+ {
+ PUT_STR_VALUE (value, value_size, node->value);
+ }
+ break;
+ case TYPE_TIME:
+ PUT_STR_VALUE (value, value_size, node->value);
+ break;
+ case TYPE_OCTET_STRING:
+ len2 = -1;
+ if (asn1_get_octet_der
+ (node->value, node->value_len, &len2, value, value_size,
+ len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ case TYPE_GENERALSTRING:
+ len2 = -1;
+ if (asn1_get_octet_der
+ (node->value, node->value_len, &len2, value, value_size,
+ len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ case TYPE_BIT_STRING:
+ len2 = -1;
+ if (asn1_get_bit_der
+ (node->value, node->value_len, &len2, value, value_size,
+ len) != ASN1_SUCCESS)
+ return ASN1_MEM_ERROR;
+ break;
+ case TYPE_CHOICE:
+ PUT_STR_VALUE (value, value_size, node->down->name);
+ break;
+ case TYPE_ANY:
+ len3 = -1;
+ len2 = asn1_get_length_der (node->value, node->value_len, &len3);
+ if (len2 < 0)
+ return ASN1_DER_ERROR;
+ PUT_VALUE (value, value_size, node->value + len3, len2);
+ break;
+ default:
+ return ASN1_ELEMENT_NOT_FOUND;
+ break;
+ }
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_read_tag:
+ * @root: pointer to a structure
+ * @name: the name of the element inside a structure.
+ * @tagValue: variable that will contain the TAG value.
+ * @classValue: variable that will specify the TAG type.
+ *
+ * Returns the TAG and the CLASS of one element inside a structure.
+ * CLASS can have one of these constants: %ASN1_CLASS_APPLICATION,
+ * %ASN1_CLASS_UNIVERSAL, %ASN1_CLASS_PRIVATE or
+ * %ASN1_CLASS_CONTEXT_SPECIFIC.
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Set value OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: NAME is not a valid element.
+ **/
+asn1_retCode
+asn1_read_tag (ASN1_TYPE root, const char *name, int *tagValue,
+ int *classValue)
+{
+ ASN1_TYPE node, p, pTag;
+
+ node = asn1_find_node (root, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node->down;
+
+ /* pTag will points to the IMPLICIT TAG */
+ pTag = NULL;
+ if (node->type & CONST_TAG)
+ {
+ while (p)
+ {
+ if (type_field (p->type) == TYPE_TAG)
+ {
+ if ((p->type & CONST_IMPLICIT) && (pTag == NULL))
+ pTag = p;
+ else if (p->type & CONST_EXPLICIT)
+ pTag = NULL;
+ }
+ p = p->right;
+ }
+ }
+
+ if (pTag)
+ {
+ *tagValue = strtoul (pTag->value, NULL, 10);
+
+ if (pTag->type & CONST_APPLICATION)
+ *classValue = ASN1_CLASS_APPLICATION;
+ else if (pTag->type & CONST_UNIVERSAL)
+ *classValue = ASN1_CLASS_UNIVERSAL;
+ else if (pTag->type & CONST_PRIVATE)
+ *classValue = ASN1_CLASS_PRIVATE;
+ else
+ *classValue = ASN1_CLASS_CONTEXT_SPECIFIC;
+ }
+ else
+ {
+ *classValue = ASN1_CLASS_UNIVERSAL;
+
+ switch (type_field (node->type))
+ {
+ case TYPE_NULL:
+ *tagValue = ASN1_TAG_NULL;
+ break;
+ case TYPE_BOOLEAN:
+ *tagValue = ASN1_TAG_BOOLEAN;
+ break;
+ case TYPE_INTEGER:
+ *tagValue = ASN1_TAG_INTEGER;
+ break;
+ case TYPE_ENUMERATED:
+ *tagValue = ASN1_TAG_ENUMERATED;
+ break;
+ case TYPE_OBJECT_ID:
+ *tagValue = ASN1_TAG_OBJECT_ID;
+ break;
+ case TYPE_TIME:
+ if (node->type & CONST_UTC)
+ {
+ *tagValue = ASN1_TAG_UTCTime;
+ }
+ else
+ *tagValue = ASN1_TAG_GENERALIZEDTime;
+ break;
+ case TYPE_OCTET_STRING:
+ *tagValue = ASN1_TAG_OCTET_STRING;
+ break;
+ case TYPE_GENERALSTRING:
+ *tagValue = ASN1_TAG_GENERALSTRING;
+ break;
+ case TYPE_BIT_STRING:
+ *tagValue = ASN1_TAG_BIT_STRING;
+ break;
+ case TYPE_SEQUENCE:
+ case TYPE_SEQUENCE_OF:
+ *tagValue = ASN1_TAG_SEQUENCE;
+ break;
+ case TYPE_SET:
+ case TYPE_SET_OF:
+ *tagValue = ASN1_TAG_SET;
+ break;
+ case TYPE_TAG:
+ case TYPE_CHOICE:
+ case TYPE_ANY:
+ break;
+ default:
+ break;
+ }
+ }
+
+
+ return ASN1_SUCCESS;
+
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2006, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifndef _ELEMENT_H
+#define _ELEMENT_H
+
+
+asn1_retCode _asn1_append_sequence_set (ASN1_TYPE node);
+
+asn1_retCode _asn1_convert_integer (const char *value,
+ unsigned char *value_out,
+ int value_out_size, int *len);
+
+void _asn1_hierarchical_name (ASN1_TYPE node, char *name, int name_size);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2002, 2005, 2006, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#include <int.h>
+#ifdef STDC_HEADERS
+# include <stdarg.h>
+#endif
+
+#define LIBTASN1_ERROR_ENTRY(name) { #name, name }
+
+struct libtasn1_error_entry
+{
+ const char *name;
+ int number;
+};
+typedef struct libtasn1_error_entry libtasn1_error_entry;
+
+static const libtasn1_error_entry error_algorithms[] = {
+ LIBTASN1_ERROR_ENTRY (ASN1_SUCCESS),
+ LIBTASN1_ERROR_ENTRY (ASN1_FILE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_IDENTIFIER_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_DER_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_FOUND),
+ LIBTASN1_ERROR_ENTRY (ASN1_GENERIC_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_VALID),
+ LIBTASN1_ERROR_ENTRY (ASN1_TAG_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_TAG_IMPLICIT),
+ LIBTASN1_ERROR_ENTRY (ASN1_ERROR_TYPE_ANY),
+ LIBTASN1_ERROR_ENTRY (ASN1_SYNTAX_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_MEM_ALLOC_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_DER_OVERFLOW),
+ LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG),
+ LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR),
+ LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY),
+ {0, 0}
+};
+
+/**
+ * asn1_perror:
+ * @error: is an error returned by a libtasn1 function.
+ *
+ * Prints a string to stderr with a description of an error. This
+ * function is like perror(). The only difference is that it accepts
+ * an error returned by a libtasn1 function.
+ *
+ * This function replaces libtasn1_perror() in older libtasn1.
+ *
+ * Since: 1.6
+ **/
+void
+asn1_perror (asn1_retCode error)
+{
+ const char *str = asn1_strerror (error);
+ fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)");
+}
+
+/**
+ * asn1_strerror:
+ * @error: is an error returned by a libtasn1 function.
+ *
+ * Returns a string with a description of an error. This function is
+ * similar to strerror. The only difference is that it accepts an
+ * error (number) returned by a libtasn1 function.
+ *
+ * This function replaces libtasn1_strerror() in older libtasn1.
+ *
+ * Returns: Pointer to static zero-terminated string describing error
+ * code.
+ *
+ * Since: 1.6
+ **/
+const char *
+asn1_strerror (asn1_retCode error)
+{
+ const libtasn1_error_entry *p;
+
+ for (p = error_algorithms; p->name != NULL; p++)
+ if (p->number == error)
+ return p->name + sizeof ("ASN1_") - 1;
+
+ return NULL;
+}
+
+#ifndef ASN1_DISABLE_DEPRECATED
+
+/* Compatibility mappings to preserve ABI. */
+
+/**
+ * libtasn1_perror:
+ * @error: is an error returned by a libtasn1 function.
+ *
+ * Prints a string to stderr with a description of an error. This
+ * function is like perror(). The only difference is that it accepts
+ * an error returned by a libtasn1 function.
+ *
+ * Deprecated: Use asn1_perror() instead.
+ **/
+void
+libtasn1_perror (asn1_retCode error)
+{
+ asn1_perror (error);
+}
+
+/**
+ * libtasn1_strerror:
+ * @error: is an error returned by a libtasn1 function.
+ *
+ * Returns a string with a description of an error. This function is
+ * similar to strerror. The only difference is that it accepts an
+ * error (number) returned by a libtasn1 function.
+ *
+ * Returns: Pointer to static zero-terminated string describing error
+ * code.
+ *
+ * Deprecated: Use asn1_strerror() instead.
+ **/
+const char *
+libtasn1_strerror (asn1_retCode error)
+{
+ return asn1_strerror (error);
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2002, 2006, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#include <int.h>
+#include "gstr.h"
+
+/* These function are like strcat, strcpy. They only
+ * do bounds checking (they shouldn't cause buffer overruns),
+ * and they always produce null terminated strings.
+ *
+ * They should be used only with null terminated strings.
+ */
+void
+_asn1_str_cat (char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen (src);
+ size_t dest_size = strlen (dest);
+
+ if (dest_tot_size - dest_size > str_size)
+ {
+ strcat (dest, src);
+ }
+ else
+ {
+ if (dest_tot_size - dest_size > 0)
+ {
+ strncat (dest, src, (dest_tot_size - dest_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
+}
+
+void
+_asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src)
+{
+ size_t str_size = strlen (src);
+
+ if (dest_tot_size > str_size)
+ {
+ strcpy (dest, src);
+ }
+ else
+ {
+ if (dest_tot_size > 0)
+ {
+ strncpy (dest, src, (dest_tot_size) - 1);
+ dest[dest_tot_size - 1] = 0;
+ }
+ }
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2006, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+void _asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src);
+void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src);
+
+#define Estrcpy(x,y) _asn1_str_cpy(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
+#define Estrcat(x,y) _asn1_str_cat(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y)
--- /dev/null
+/*
+ * Copyright (C) 2002, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifndef INT_H
+#define INT_H
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdint.h>
+
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+
+#include <libtasn1.h>
+
+#define ASN1_SMALL_VALUE_SIZE 16
+
+/* This structure is also in libtasn1.h, but then contains less
+ fields. You cannot make any modifications to these first fields
+ without breaking ABI. */
+struct node_asn_struct
+{
+ /* public fields: */
+ char *name; /* Node name */
+ unsigned int type; /* Node type */
+ unsigned char *value; /* Node value */
+ int value_len;
+ ASN1_TYPE down; /* Pointer to the son node */
+ ASN1_TYPE right; /* Pointer to the brother node */
+ ASN1_TYPE left; /* Pointer to the next list element */
+ /* private fields: */
+ unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */
+};
+
+#define _asn1_malloc malloc
+#define _asn1_free free
+#define _asn1_calloc calloc
+#define _asn1_realloc realloc
+#define _asn1_strdup strdup
+
+#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */
+
+/* Define used for visiting trees. */
+#define UP 1
+#define RIGHT 2
+#define DOWN 3
+
+/****************************************/
+/* Returns the first 8 bits. */
+/* Used with the field type of node_asn */
+/****************************************/
+#define type_field(x) (x&0xFF)
+
+/* List of constants for field type of typedef node_asn */
+#define TYPE_CONSTANT 1
+#define TYPE_IDENTIFIER 2
+#define TYPE_INTEGER 3
+#define TYPE_BOOLEAN 4
+#define TYPE_SEQUENCE 5
+#define TYPE_BIT_STRING 6
+#define TYPE_OCTET_STRING 7
+#define TYPE_TAG 8
+#define TYPE_DEFAULT 9
+#define TYPE_SIZE 10
+#define TYPE_SEQUENCE_OF 11
+#define TYPE_OBJECT_ID 12
+#define TYPE_ANY 13
+#define TYPE_SET 14
+#define TYPE_SET_OF 15
+#define TYPE_DEFINITIONS 16
+#define TYPE_TIME 17
+#define TYPE_CHOICE 18
+#define TYPE_IMPORTS 19
+#define TYPE_NULL 20
+#define TYPE_ENUMERATED 21
+#define TYPE_GENERALSTRING 27
+
+
+/***********************************************************************/
+/* List of constants to better specify the type of typedef node_asn. */
+/***********************************************************************/
+/* Used with TYPE_TAG */
+#define CONST_UNIVERSAL (1<<8)
+#define CONST_PRIVATE (1<<9)
+#define CONST_APPLICATION (1<<10)
+#define CONST_EXPLICIT (1<<11)
+#define CONST_IMPLICIT (1<<12)
+
+#define CONST_TAG (1<<13) /* Used in ASN.1 assignement */
+#define CONST_OPTION (1<<14)
+#define CONST_DEFAULT (1<<15)
+#define CONST_TRUE (1<<16)
+#define CONST_FALSE (1<<17)
+
+#define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */
+#define CONST_MIN_MAX (1<<19)
+
+#define CONST_1_PARAM (1<<20)
+
+#define CONST_SIZE (1<<21)
+
+#define CONST_DEFINED_BY (1<<22)
+
+#define CONST_GENERALIZED (1<<23)
+#define CONST_UTC (1<<24)
+
+/* #define CONST_IMPORTS (1<<25) */
+
+#define CONST_NOT_USED (1<<26)
+#define CONST_SET (1<<27)
+#define CONST_ASSIGN (1<<28)
+
+#define CONST_DOWN (1<<29)
+#define CONST_RIGHT (1<<30)
+
+#endif /* INT_H */
--- /dev/null
+/*
+ * Copyright (C) 2002, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * LIBTASN1 is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * LIBTASN1 is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with LIBTASN1; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+#ifndef LIBTASN1_H
+# define LIBTASN1_H
+
+# ifndef ASN1_API
+# if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY
+# define ASN1_API __attribute__((__visibility__("default")))
+# elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC
+# define ASN1_API __declspec(dllexport)
+# elif defined _MSC_VER && ! defined ASN1_STATIC
+# define ASN1_API __declspec(dllimport)
+# else
+# define ASN1_API
+# endif
+# endif
+
+#include <stdio.h> /* for FILE* */
+#include <sys/types.h>
+#include <time.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#define ASN1_VERSION "2.6"
+
+ typedef int asn1_retCode; /* type returned by libtasn1 functions */
+
+ /*****************************************/
+ /* Errors returned by libtasn1 functions */
+ /*****************************************/
+#define ASN1_SUCCESS 0
+#define ASN1_FILE_NOT_FOUND 1
+#define ASN1_ELEMENT_NOT_FOUND 2
+#define ASN1_IDENTIFIER_NOT_FOUND 3
+#define ASN1_DER_ERROR 4
+#define ASN1_VALUE_NOT_FOUND 5
+#define ASN1_GENERIC_ERROR 6
+#define ASN1_VALUE_NOT_VALID 7
+#define ASN1_TAG_ERROR 8
+#define ASN1_TAG_IMPLICIT 9
+#define ASN1_ERROR_TYPE_ANY 10
+#define ASN1_SYNTAX_ERROR 11
+#define ASN1_MEM_ERROR 12
+#define ASN1_MEM_ALLOC_ERROR 13
+#define ASN1_DER_OVERFLOW 14
+#define ASN1_NAME_TOO_LONG 15
+#define ASN1_ARRAY_ERROR 16
+#define ASN1_ELEMENT_NOT_EMPTY 17
+
+ /*************************************/
+ /* Constants used in asn1_visit_tree */
+ /*************************************/
+#define ASN1_PRINT_NAME 1
+#define ASN1_PRINT_NAME_TYPE 2
+#define ASN1_PRINT_NAME_TYPE_VALUE 3
+#define ASN1_PRINT_ALL 4
+
+ /*****************************************/
+ /* Constants returned by asn1_read_tag */
+ /*****************************************/
+#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */
+#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */
+#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */
+#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */
+#define ASN1_CLASS_STRUCTURED 0x20
+
+ /*****************************************/
+ /* Constants returned by asn1_read_tag */
+ /*****************************************/
+#define ASN1_TAG_BOOLEAN 0x01
+#define ASN1_TAG_INTEGER 0x02
+#define ASN1_TAG_SEQUENCE 0x10
+#define ASN1_TAG_SET 0x11
+#define ASN1_TAG_OCTET_STRING 0x04
+#define ASN1_TAG_BIT_STRING 0x03
+#define ASN1_TAG_UTCTime 0x17
+#define ASN1_TAG_GENERALIZEDTime 0x18
+#define ASN1_TAG_OBJECT_ID 0x06
+#define ASN1_TAG_ENUMERATED 0x0A
+#define ASN1_TAG_NULL 0x05
+#define ASN1_TAG_GENERALSTRING 0x1B
+
+ /******************************************************/
+ /* Structure definition used for the node of the tree */
+ /* that represent an ASN.1 DEFINITION. */
+ /******************************************************/
+
+#if !defined ASN1_BUILDING
+ /* This structure is also in internal.h, but then contains more
+ fields. You cannot make any modifications to these fields
+ without breaking ABI. */
+ struct node_asn_struct
+ {
+ char *name; /* Node name */
+ unsigned int type; /* Node type */
+ unsigned char *value; /* Node value */
+ int value_len;
+ struct node_asn_struct *down; /* Pointer to the son node */
+ struct node_asn_struct *right; /* Pointer to the brother node */
+ struct node_asn_struct *left; /* Pointer to the next list element */
+ };
+#endif
+
+ typedef struct node_asn_struct node_asn;
+
+ typedef node_asn *ASN1_TYPE;
+
+#define ASN1_TYPE_EMPTY NULL
+
+ /*****************************************/
+ /* For the on-disk format of ASN.1 trees */
+ /*****************************************/
+ struct static_struct_asn
+ {
+ const char *name; /* Node name */
+ unsigned int type; /* Node type */
+ const void *value; /* Node value */
+ };
+ typedef struct static_struct_asn ASN1_ARRAY_TYPE;
+
+ /***********************************/
+ /* Fixed constants */
+ /***********************************/
+
+ /* maximum number of characters of a name */
+ /* inside a file with ASN1 definitons */
+#define ASN1_MAX_NAME_SIZE 128
+
+ /* maximum number of characters */
+ /* of a description message */
+ /* (null character included) */
+#define ASN1_MAX_ERROR_DESCRIPTION_SIZE 128
+
+ /***********************************/
+ /* Functions definitions */
+ /***********************************/
+
+ extern ASN1_API asn1_retCode
+ asn1_parser2tree (const char *file_name,
+ ASN1_TYPE * definitions, char *errorDescription);
+
+ extern ASN1_API asn1_retCode
+ asn1_parser2array (const char *inputFileName,
+ const char *outputFileName,
+ const char *vectorName, char *errorDescription);
+
+ extern ASN1_API asn1_retCode
+ asn1_array2tree (const ASN1_ARRAY_TYPE * array,
+ ASN1_TYPE * definitions, char *errorDescription);
+
+ extern ASN1_API void
+ asn1_print_structure (FILE * out, ASN1_TYPE structure,
+ const char *name, int mode);
+
+ extern ASN1_API asn1_retCode
+ asn1_create_element (ASN1_TYPE definitions,
+ const char *source_name, ASN1_TYPE * element);
+
+ extern ASN1_API asn1_retCode asn1_delete_structure (ASN1_TYPE * structure);
+
+ extern ASN1_API asn1_retCode
+ asn1_delete_element (ASN1_TYPE structure, const char *element_name);
+
+ extern ASN1_API asn1_retCode
+ asn1_write_value (ASN1_TYPE node_root, const char *name,
+ const void *ivalue, int len);
+
+ extern ASN1_API asn1_retCode
+ asn1_read_value (ASN1_TYPE root, const char *name,
+ void *ivalue, int *len);
+
+ extern ASN1_API asn1_retCode
+ asn1_number_of_elements (ASN1_TYPE element, const char *name, int *num);
+
+ extern ASN1_API asn1_retCode
+ asn1_der_coding (ASN1_TYPE element, const char *name,
+ void *ider, int *len, char *ErrorDescription);
+
+ extern ASN1_API asn1_retCode
+ asn1_der_decoding (ASN1_TYPE * element, const void *ider,
+ int len, char *errorDescription);
+
+ extern ASN1_API asn1_retCode
+ asn1_der_decoding_element (ASN1_TYPE * structure,
+ const char *elementName,
+ const void *ider, int len,
+ char *errorDescription);
+
+ extern ASN1_API asn1_retCode
+ asn1_der_decoding_startEnd (ASN1_TYPE element,
+ const void *ider, int len,
+ const char *name_element,
+ int *start, int *end);
+
+ extern ASN1_API asn1_retCode
+ asn1_expand_any_defined_by (ASN1_TYPE definitions, ASN1_TYPE * element);
+
+ extern ASN1_API asn1_retCode
+ asn1_expand_octet_string (ASN1_TYPE definitions,
+ ASN1_TYPE * element,
+ const char *octetName, const char *objectName);
+
+ extern ASN1_API asn1_retCode
+ asn1_read_tag (ASN1_TYPE root, const char *name,
+ int *tagValue, int *classValue);
+
+ extern ASN1_API const char *asn1_find_structure_from_oid (ASN1_TYPE
+ definitions,
+ const char
+ *oidValue);
+
+ extern ASN1_API const char *asn1_check_version (const char *req_version);
+
+ extern ASN1_API const char *asn1_strerror (asn1_retCode error);
+
+ extern ASN1_API void asn1_perror (asn1_retCode error);
+
+ /* DER utility functions. */
+
+ extern ASN1_API int
+ asn1_get_tag_der (const unsigned char *der, int der_len,
+ unsigned char *cls, int *len, unsigned long *tag);
+
+ extern ASN1_API void
+ asn1_octet_der (const unsigned char *str, int str_len,
+ unsigned char *der, int *der_len);
+
+ extern ASN1_API asn1_retCode
+ asn1_get_octet_der (const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str,
+ int str_size, int *str_len);
+
+ extern ASN1_API void asn1_bit_der (const unsigned char *str, int bit_len,
+ unsigned char *der, int *der_len);
+
+ extern ASN1_API asn1_retCode
+ asn1_get_bit_der (const unsigned char *der, int der_len,
+ int *ret_len, unsigned char *str,
+ int str_size, int *bit_len);
+
+ extern ASN1_API signed long
+ asn1_get_length_der (const unsigned char *der, int der_len, int *len);
+
+ extern ASN1_API signed long
+ asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len);
+
+ extern ASN1_API void
+ asn1_length_der (unsigned long int len, unsigned char *ans, int *ans_len);
+
+ /* Other utility functions. */
+
+ extern ASN1_API ASN1_TYPE
+ asn1_find_node (ASN1_TYPE pointer, const char *name);
+
+ extern ASN1_API asn1_retCode
+ asn1_copy_node (ASN1_TYPE dst, const char *dst_name,
+ ASN1_TYPE src, const char *src_name);
+
+ /* Deprecated stuff. */
+
+#ifndef ASN1_DISABLE_DEPRECATED
+
+#define LIBTASN1_VERSION ASN1_VERSION
+
+#ifndef MAX_NAME_SIZE
+# define MAX_NAME_SIZE ASN1_MAX_NAME_SIZE
+#endif
+
+#ifndef MAX_ERROR_DESCRIPTION_SIZE
+# define MAX_ERROR_DESCRIPTION_SIZE ASN1_MAX_ERROR_DESCRIPTION_SIZE
+#endif
+
+#ifndef __attribute__
+ /* This feature is available in gcc versions 2.5 and later. */
+# if __GNUC__ < 2 || (__GNUC__ == 2 && __GNUC_MINOR__ < 5)
+# define __attribute__(Spec) /* empty */
+# endif
+#endif
+
+ /* Use asn1_strerror instead. */
+ extern ASN1_API const char *libtasn1_strerror (asn1_retCode error)
+ __attribute__ ((deprecated));
+
+ /* Use asn1_perror instead. */
+ extern ASN1_API void
+ libtasn1_perror (asn1_retCode error) __attribute__ ((deprecated));
+
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LIBTASN1_H */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#include <int.h>
+#include "parser_aux.h"
+#include "gstr.h"
+#include "structure.h"
+#include "element.h"
+
+char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */
+
+/***********************************************/
+/* Type: list_type */
+/* Description: type used in the list during */
+/* the structure creation. */
+/***********************************************/
+typedef struct list_struct
+{
+ ASN1_TYPE node;
+ struct list_struct *next;
+} list_type;
+
+
+/* Pointer to the first element of the list */
+list_type *firstElement = NULL;
+
+/******************************************************/
+/* Function : _asn1_add_node */
+/* Description: creates a new NODE_ASN element and */
+/* puts it in the list pointed by firstElement. */
+/* Parameters: */
+/* type: type of the new element (see TYPE_ */
+/* and CONST_ constants). */
+/* Return: pointer to the new element. */
+/******************************************************/
+ASN1_TYPE
+_asn1_add_node (unsigned int type)
+{
+ list_type *listElement;
+ ASN1_TYPE punt;
+
+ punt = (ASN1_TYPE) _asn1_calloc (1, sizeof (struct node_asn_struct));
+ if (punt == NULL)
+ return NULL;
+
+ listElement = (list_type *) _asn1_malloc (sizeof (list_type));
+ if (listElement == NULL)
+ {
+ _asn1_free (punt);
+ return NULL;
+ }
+
+ listElement->node = punt;
+ listElement->next = firstElement;
+ firstElement = listElement;
+
+ punt->type = type;
+
+ return punt;
+}
+
+/**
+ * asn1_find_node:
+ * @pointer: NODE_ASN element pointer.
+ * @name: null terminated string with the element's name to find.
+ *
+ * Searches for an element called @name starting from @pointer. The
+ * name is composed by differents identifiers separated by dots. When
+ * *@pointer has a name, the first identifier must be the name of
+ * *@pointer, otherwise it must be the name of one child of *@pointer.
+ *
+ * Returns: the search result, or %NULL if not found.
+ **/
+ASN1_TYPE
+asn1_find_node (ASN1_TYPE pointer, const char *name)
+{
+ ASN1_TYPE p;
+ char *n_end, n[ASN1_MAX_NAME_SIZE + 1];
+ const char *n_start;
+
+ if (pointer == NULL)
+ return NULL;
+
+ if (name == NULL)
+ return NULL;
+
+ p = pointer;
+ n_start = name;
+
+ if (p->name != NULL)
+ { /* has *pointer got a name ? */
+ n_end = strchr (n_start, '.'); /* search the first dot */
+ if (n_end)
+ {
+ memcpy (n, n_start, n_end - n_start);
+ n[n_end - n_start] = 0;
+ n_start = n_end;
+ n_start++;
+ }
+ else
+ {
+ _asn1_str_cpy (n, sizeof (n), n_start);
+ n_start = NULL;
+ }
+
+ while (p)
+ {
+ if ((p->name) && (!strcmp (p->name, n)))
+ break;
+ else
+ p = p->right;
+ } /* while */
+
+ if (p == NULL)
+ return NULL;
+ }
+ else
+ { /* *pointer doesn't have a name */
+ if (n_start[0] == 0)
+ return p;
+ }
+
+ while (n_start)
+ { /* Has the end of NAME been reached? */
+ n_end = strchr (n_start, '.'); /* search the next dot */
+ if (n_end)
+ {
+ memcpy (n, n_start, n_end - n_start);
+ n[n_end - n_start] = 0;
+ n_start = n_end;
+ n_start++;
+ }
+ else
+ {
+ _asn1_str_cpy (n, sizeof (n), n_start);
+ n_start = NULL;
+ }
+
+ if (p->down == NULL)
+ return NULL;
+
+ p = p->down;
+
+ /* The identifier "?LAST" indicates the last element
+ in the right chain. */
+ if (!strcmp (n, "?LAST"))
+ {
+ if (p == NULL)
+ return NULL;
+ while (p->right)
+ p = p->right;
+ }
+ else
+ { /* no "?LAST" */
+ while (p)
+ {
+ if ((p->name) && (!strcmp (p->name, n)))
+ break;
+ else
+ p = p->right;
+ }
+ if (p == NULL)
+ return NULL;
+ }
+ } /* while */
+
+ return p;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_set_value */
+/* Description: sets the field VALUE in a NODE_ASN element. The */
+/* previous value (if exist) will be lost */
+/* Parameters: */
+/* node: element pointer. */
+/* value: pointer to the value that you want to set. */
+/* len: character number of value. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_set_value (ASN1_TYPE node, const void *value, unsigned int len)
+{
+ if (node == NULL)
+ return node;
+ if (node->value)
+ {
+ if (node->value != node->small_value)
+ _asn1_free (node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
+
+ if (!len)
+ return node;
+
+ if (len < sizeof (node->small_value))
+ {
+ node->value = node->small_value;
+ }
+ else
+ {
+ node->value = _asn1_malloc (len);
+ if (node->value == NULL)
+ return NULL;
+ }
+ node->value_len = len;
+
+ memcpy (node->value, value, len);
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_set_value_octet */
+/* Description: sets the field VALUE in a NODE_ASN element. The */
+/* previous value (if exist) will be lost. The value */
+/* given is stored as an octet string. */
+/* Parameters: */
+/* node: element pointer. */
+/* value: pointer to the value that you want to set. */
+/* len: character number of value. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_set_value_octet (ASN1_TYPE node, const void *value, unsigned int len)
+{
+ int len2;
+ void *temp;
+
+ if (node == NULL)
+ return node;
+
+ asn1_length_der (len, NULL, &len2);
+ temp = (unsigned char *) _asn1_malloc (len + len2);
+ if (temp == NULL)
+ return NULL;
+
+ asn1_octet_der (value, len, temp, &len2);
+ return _asn1_set_value_m (node, temp, len2);
+}
+
+/* the same as _asn1_set_value except that it sets an already malloc'ed
+ * value.
+ */
+ASN1_TYPE
+_asn1_set_value_m (ASN1_TYPE node, void *value, unsigned int len)
+{
+ if (node == NULL)
+ return node;
+
+ if (node->value)
+ {
+ if (node->value != node->small_value)
+ _asn1_free (node->value);
+ node->value = NULL;
+ node->value_len = 0;
+ }
+
+ if (!len)
+ return node;
+
+ node->value = value;
+ node->value_len = len;
+
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_append_value */
+/* Description: appends to the field VALUE in a NODE_ASN element. */
+/* */
+/* Parameters: */
+/* node: element pointer. */
+/* value: pointer to the value that you want to be appended. */
+/* len: character number of value. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_append_value (ASN1_TYPE node, const void *value, unsigned int len)
+{
+ if (node == NULL)
+ return node;
+ if (node->value != NULL && node->value != node->small_value)
+ {
+ /* value is allocated */
+ int prev_len = node->value_len;
+ node->value_len += len;
+ node->value = _asn1_realloc (node->value, node->value_len);
+ if (node->value == NULL)
+ {
+ node->value_len = 0;
+ return NULL;
+ }
+ memcpy (&node->value[prev_len], value, len);
+
+ return node;
+ }
+ else if (node->value == node->small_value)
+ {
+ /* value is in node */
+ int prev_len = node->value_len;
+ node->value_len += len;
+ node->value = _asn1_malloc (node->value_len);
+ if (node->value == NULL)
+ {
+ node->value_len = 0;
+ return NULL;
+ }
+ memcpy (node->value, node->small_value, prev_len);
+ memcpy (&node->value[prev_len], value, len);
+
+ return node;
+ }
+ else /* node->value == NULL */
+ return _asn1_set_value (node, value, len);
+}
+
+/******************************************************************/
+/* Function : _asn1_set_name */
+/* Description: sets the field NAME in a NODE_ASN element. The */
+/* previous value (if exist) will be lost */
+/* Parameters: */
+/* node: element pointer. */
+/* name: a null terminated string with the name that you want */
+/* to set. */
+/* Return: pointer to the NODE_ASN element. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_set_name (ASN1_TYPE node, const char *name)
+{
+ if (node == NULL)
+ return node;
+
+ if (node->name)
+ {
+ _asn1_free (node->name);
+ node->name = NULL;
+ }
+
+ if (name == NULL)
+ return node;
+
+ if (strlen (name))
+ {
+ node->name = (char *) _asn1_strdup (name);
+ if (node->name == NULL)
+ return NULL;
+ }
+ else
+ node->name = NULL;
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_set_right */
+/* Description: sets the field RIGHT in a NODE_ASN element. */
+/* Parameters: */
+/* node: element pointer. */
+/* right: pointer to a NODE_ASN element that you want be pointed*/
+/* by NODE. */
+/* Return: pointer to *NODE. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_set_right (ASN1_TYPE node, ASN1_TYPE right)
+{
+ if (node == NULL)
+ return node;
+ node->right = right;
+ if (right)
+ right->left = node;
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_get_right */
+/* Description: returns the element pointed by the RIGHT field of */
+/* a NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: field RIGHT of NODE. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_get_right (ASN1_TYPE node)
+{
+ if (node == NULL)
+ return NULL;
+ return node->right;
+}
+
+/******************************************************************/
+/* Function : _asn1_get_last_right */
+/* Description: return the last element along the right chain. */
+/* Parameters: */
+/* node: starting element pointer. */
+/* Return: pointer to the last element along the right chain. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_get_last_right (ASN1_TYPE node)
+{
+ ASN1_TYPE p;
+
+ if (node == NULL)
+ return NULL;
+ p = node;
+ while (p->right)
+ p = p->right;
+ return p;
+}
+
+/******************************************************************/
+/* Function : _asn1_set_down */
+/* Description: sets the field DOWN in a NODE_ASN element. */
+/* Parameters: */
+/* node: element pointer. */
+/* down: pointer to a NODE_ASN element that you want be pointed */
+/* by NODE. */
+/* Return: pointer to *NODE. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_set_down (ASN1_TYPE node, ASN1_TYPE down)
+{
+ if (node == NULL)
+ return node;
+ node->down = down;
+ if (down)
+ down->left = node;
+ return node;
+}
+
+/******************************************************************/
+/* Function : _asn1_get_down */
+/* Description: returns the element pointed by the DOWN field of */
+/* a NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: field DOWN of NODE. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_get_down (ASN1_TYPE node)
+{
+ if (node == NULL)
+ return NULL;
+ return node->down;
+}
+
+/******************************************************************/
+/* Function : _asn1_get_name */
+/* Description: returns the name of a NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: a null terminated string. */
+/******************************************************************/
+char *
+_asn1_get_name (ASN1_TYPE node)
+{
+ if (node == NULL)
+ return NULL;
+ return node->name;
+}
+
+/******************************************************************/
+/* Function : _asn1_mod_type */
+/* Description: change the field TYPE of an NODE_ASN element. */
+/* The new value is the old one | (bitwise or) the */
+/* paramener VALUE. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* value: the integer value that must be or-ed with the current */
+/* value of field TYPE. */
+/* Return: NODE pointer. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_mod_type (ASN1_TYPE node, unsigned int value)
+{
+ if (node == NULL)
+ return node;
+ node->type |= value;
+ return node;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_remove_node */
+/* Description: gets free the memory allocated for an NODE_ASN */
+/* element (not the elements pointed by it). */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/******************************************************************/
+void
+_asn1_remove_node (ASN1_TYPE node)
+{
+ if (node == NULL)
+ return;
+
+ if (node->name != NULL)
+ _asn1_free (node->name);
+ if (node->value != NULL && node->value != node->small_value)
+ _asn1_free (node->value);
+ _asn1_free (node);
+}
+
+/******************************************************************/
+/* Function : _asn1_find_up */
+/* Description: return the father of the NODE_ASN element. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: Null if not found. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_find_up (ASN1_TYPE node)
+{
+ ASN1_TYPE p;
+
+ if (node == NULL)
+ return NULL;
+
+ p = node;
+
+ while ((p->left != NULL) && (p->left->right == p))
+ p = p->left;
+
+ return p->left;
+}
+
+/******************************************************************/
+/* Function : _asn1_delete_list */
+/* Description: deletes the list elements (not the elements */
+/* pointed by them). */
+/******************************************************************/
+void
+_asn1_delete_list (void)
+{
+ list_type *listElement;
+
+ while (firstElement)
+ {
+ listElement = firstElement;
+ firstElement = firstElement->next;
+ _asn1_free (listElement);
+ }
+}
+
+/******************************************************************/
+/* Function : _asn1_delete_list_and nodes */
+/* Description: deletes the list elements and the elements */
+/* pointed by them. */
+/******************************************************************/
+void
+_asn1_delete_list_and_nodes (void)
+{
+ list_type *listElement;
+
+ while (firstElement)
+ {
+ listElement = firstElement;
+ firstElement = firstElement->next;
+ _asn1_remove_node (listElement->node);
+ _asn1_free (listElement);
+ }
+}
+
+
+char *
+_asn1_ltostr (long v, char *str)
+{
+ long d, r;
+ char temp[20];
+ int count, k, start;
+
+ if (v < 0)
+ {
+ str[0] = '-';
+ start = 1;
+ v = -v;
+ }
+ else
+ start = 0;
+
+ count = 0;
+ do
+ {
+ d = v / 10;
+ r = v - d * 10;
+ temp[start + count] = '0' + (char) r;
+ count++;
+ v = d;
+ }
+ while (v);
+
+ for (k = 0; k < count; k++)
+ str[k + start] = temp[start + count - k - 1];
+ str[count + start] = 0;
+ return str;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_change_integer_value */
+/* Description: converts into DER coding the value assign to an */
+/* INTEGER constant. */
+/* Parameters: */
+/* node: root of an ASN1element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+asn1_retCode
+_asn1_change_integer_value (ASN1_TYPE node)
+{
+ ASN1_TYPE p;
+ unsigned char val[SIZEOF_UNSIGNED_LONG_INT];
+ unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1];
+ int len;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if ((type_field (p->type) == TYPE_INTEGER) && (p->type & CONST_ASSIGN))
+ {
+ if (p->value)
+ {
+ _asn1_convert_integer (p->value, val, sizeof (val), &len);
+ asn1_octet_der (val, len, val2, &len);
+ _asn1_set_value (p, val2, len);
+ }
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else
+ {
+ if (p == node)
+ p = NULL;
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_expand_object_id */
+/* Description: expand the IDs of an OBJECT IDENTIFIER constant. */
+/* Parameters: */
+/* node: root of an ASN1 element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+asn1_retCode
+_asn1_expand_object_id (ASN1_TYPE node)
+{
+ ASN1_TYPE p, p2, p3, p4, p5;
+ char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1];
+ int move, tlen;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ _asn1_str_cpy (name_root, sizeof (name_root), node->name);
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if ((type_field (p->type) == TYPE_OBJECT_ID)
+ && (p->type & CONST_ASSIGN))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == TYPE_CONSTANT))
+ {
+ if (p2->value && !isdigit (p2->value[0]))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), name_root);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), p2->value);
+ p3 = asn1_find_node (node, name2);
+ if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) ||
+ !(p3->type & CONST_ASSIGN))
+ return ASN1_ELEMENT_NOT_FOUND;
+ _asn1_set_down (p, p2->right);
+ _asn1_remove_node (p2);
+ p2 = p;
+ p4 = p3->down;
+ while (p4)
+ {
+ if (type_field (p4->type) == TYPE_CONSTANT)
+ {
+ p5 = _asn1_add_node_only (TYPE_CONSTANT);
+ _asn1_set_name (p5, p4->name);
+ tlen = strlen (p4->value);
+ if (tlen > 0)
+ _asn1_set_value (p5, p4->value, tlen + 1);
+ if (p2 == p)
+ {
+ _asn1_set_right (p5, p->down);
+ _asn1_set_down (p, p5);
+ }
+ else
+ {
+ _asn1_set_right (p5, p2->right);
+ _asn1_set_right (p2, p5);
+ }
+ p2 = p5;
+ }
+ p4 = p4->right;
+ }
+ move = DOWN;
+ continue;
+ }
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+
+ /*******************************/
+ /* expand DEFAULT */
+ /*******************************/
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if ((type_field (p->type) == TYPE_OBJECT_ID) &&
+ (p->type & CONST_DEFAULT))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == TYPE_DEFAULT))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), name_root);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), p2->value);
+ p3 = asn1_find_node (node, name2);
+ if (!p3 || (type_field (p3->type) != TYPE_OBJECT_ID) ||
+ !(p3->type & CONST_ASSIGN))
+ return ASN1_ELEMENT_NOT_FOUND;
+ p4 = p3->down;
+ name2[0] = 0;
+ while (p4)
+ {
+ if (type_field (p4->type) == TYPE_CONSTANT)
+ {
+ if (name2[0])
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), p4->value);
+ }
+ p4 = p4->right;
+ }
+ tlen = strlen (name2);
+ if (tlen > 0)
+ _asn1_set_value (p2, name2, tlen + 1);
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_type_set_config */
+/* Description: sets the CONST_SET and CONST_NOT_USED properties */
+/* in the fields of the SET elements. */
+/* Parameters: */
+/* node: root of an ASN1 element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+asn1_retCode
+_asn1_type_set_config (ASN1_TYPE node)
+{
+ ASN1_TYPE p, p2;
+ int move;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if (type_field (p->type) == TYPE_SET)
+ {
+ p2 = p->down;
+ while (p2)
+ {
+ if (type_field (p2->type) != TYPE_TAG)
+ p2->type |= CONST_SET | CONST_NOT_USED;
+ p2 = p2->right;
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_check_identifier */
+/* Description: checks the definitions of all the identifiers */
+/* and the first element of an OBJECT_ID (e.g. {pkix 0 4}). */
+/* The _asn1_identifierMissing global variable is filled if */
+/* necessary. */
+/* Parameters: */
+/* node: root of an ASN1 element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */
+/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+asn1_retCode
+_asn1_check_identifier (ASN1_TYPE node)
+{
+ ASN1_TYPE p, p2;
+ char name2[ASN1_MAX_NAME_SIZE * 2 + 2];
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if (type_field (p->type) == TYPE_IDENTIFIER)
+ {
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), p->value);
+ p2 = asn1_find_node (node, name2);
+ if (p2 == NULL)
+ {
+ strcpy (_asn1_identifierMissing, p->value);
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ }
+ else if ((type_field (p->type) == TYPE_OBJECT_ID) &&
+ (p->type & CONST_DEFAULT))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == TYPE_DEFAULT))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), p2->value);
+ strcpy (_asn1_identifierMissing, p2->value);
+ p2 = asn1_find_node (node, name2);
+ if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) ||
+ !(p2->type & CONST_ASSIGN))
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0] = 0;
+ }
+ }
+ else if ((type_field (p->type) == TYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN))
+ {
+ p2 = p->down;
+ if (p2 && (type_field (p2->type) == TYPE_CONSTANT))
+ {
+ if (p2->value && !isdigit (p2->value[0]))
+ {
+ _asn1_str_cpy (name2, sizeof (name2), node->name);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), p2->value);
+ strcpy (_asn1_identifierMissing, p2->value);
+ p2 = asn1_find_node (node, name2);
+ if (!p2 || (type_field (p2->type) != TYPE_OBJECT_ID) ||
+ !(p2->type & CONST_ASSIGN))
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ else
+ _asn1_identifierMissing[0] = 0;
+ }
+ }
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_set_default_tag */
+/* Description: sets the default IMPLICIT or EXPLICIT property in */
+/* the tagged elements that don't have this declaration. */
+/* Parameters: */
+/* node: pointer to a DEFINITIONS element. */
+/* Return: */
+/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL or not a pointer to */
+/* a DEFINITIONS element, */
+/* otherwise ASN1_SUCCESS */
+/******************************************************************/
+asn1_retCode
+_asn1_set_default_tag (ASN1_TYPE node)
+{
+ ASN1_TYPE p;
+
+ if ((node == NULL) || (type_field (node->type) != TYPE_DEFINITIONS))
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ while (p)
+ {
+ if ((type_field (p->type) == TYPE_TAG) &&
+ !(p->type & CONST_EXPLICIT) && !(p->type & CONST_IMPLICIT))
+ {
+ if (node->type & CONST_EXPLICIT)
+ p->type |= CONST_EXPLICIT;
+ else
+ p->type |= CONST_IMPLICIT;
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == node)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ return ASN1_SUCCESS;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifndef _PARSER_AUX_H
+#define _PARSER_AUX_H
+
+#define DER_LEN 16
+
+/***************************************/
+/* Functions used by ASN.1 parser */
+/***************************************/
+ASN1_TYPE _asn1_add_node (unsigned int type);
+
+ASN1_TYPE
+_asn1_set_value (ASN1_TYPE node, const void *value, unsigned int len);
+
+ASN1_TYPE _asn1_set_value_m (ASN1_TYPE node, void *value, unsigned int len);
+
+ASN1_TYPE
+_asn1_set_value_octet (ASN1_TYPE node, const void *value, unsigned int len);
+
+ASN1_TYPE
+_asn1_append_value (ASN1_TYPE node, const void *value, unsigned int len);
+
+ASN1_TYPE _asn1_set_name (ASN1_TYPE node, const char *name);
+
+ASN1_TYPE _asn1_set_right (ASN1_TYPE node, ASN1_TYPE right);
+
+ASN1_TYPE _asn1_get_right (ASN1_TYPE node);
+
+ASN1_TYPE _asn1_get_last_right (ASN1_TYPE node);
+
+ASN1_TYPE _asn1_set_down (ASN1_TYPE node, ASN1_TYPE down);
+
+char *_asn1_get_name (ASN1_TYPE node);
+
+ASN1_TYPE _asn1_get_down (ASN1_TYPE node);
+
+ASN1_TYPE _asn1_mod_type (ASN1_TYPE node, unsigned int value);
+
+void _asn1_remove_node (ASN1_TYPE node);
+
+void _asn1_delete_list (void);
+
+void _asn1_delete_list_and_nodes (void);
+
+char *_asn1_ltostr (long v, char *str);
+
+ASN1_TYPE _asn1_find_up (ASN1_TYPE node);
+
+asn1_retCode _asn1_change_integer_value (ASN1_TYPE node);
+
+asn1_retCode _asn1_expand_object_id (ASN1_TYPE node);
+
+asn1_retCode _asn1_type_set_config (ASN1_TYPE node);
+
+asn1_retCode _asn1_check_identifier (ASN1_TYPE node);
+
+asn1_retCode _asn1_set_default_tag (ASN1_TYPE node);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+
+/*****************************************************/
+/* File: structure.c */
+/* Description: Functions to create and delete an */
+/* ASN1 tree. */
+/*****************************************************/
+
+
+#include <int.h>
+#include <structure.h>
+#include "parser_aux.h"
+#include <gstr.h>
+
+
+extern char _asn1_identifierMissing[];
+
+
+/******************************************************/
+/* Function : _asn1_add_node_only */
+/* Description: creates a new NODE_ASN element. */
+/* Parameters: */
+/* type: type of the new element (see TYPE_ */
+/* and CONST_ constants). */
+/* Return: pointer to the new element. */
+/******************************************************/
+ASN1_TYPE
+_asn1_add_node_only (unsigned int type)
+{
+ ASN1_TYPE punt;
+
+ punt = (ASN1_TYPE) _asn1_calloc (1, sizeof (struct node_asn_struct));
+ if (punt == NULL)
+ return NULL;
+
+ punt->type = type;
+
+ return punt;
+}
+
+
+/******************************************************************/
+/* Function : _asn1_find_left */
+/* Description: returns the NODE_ASN element with RIGHT field that*/
+/* points the element NODE. */
+/* Parameters: */
+/* node: NODE_ASN element pointer. */
+/* Return: NULL if not found. */
+/******************************************************************/
+ASN1_TYPE
+_asn1_find_left (ASN1_TYPE node)
+{
+ if ((node == NULL) || (node->left == NULL) || (node->left->down == node))
+ return NULL;
+
+ return node->left;
+}
+
+
+asn1_retCode
+_asn1_create_static_structure (ASN1_TYPE pointer, char *output_file_name,
+ char *vector_name)
+{
+ FILE *file;
+ ASN1_TYPE p;
+ unsigned long t;
+
+ file = fopen (output_file_name, "w");
+
+ if (file == NULL)
+ return ASN1_FILE_NOT_FOUND;
+
+ fprintf (file, "#if HAVE_CONFIG_H\n");
+ fprintf (file, "# include \"config.h\"\n");
+ fprintf (file, "#endif\n\n");
+
+ fprintf (file, "#include <libtasn1.h>\n\n");
+
+ fprintf (file, "const ASN1_ARRAY_TYPE %s[] = {\n", vector_name);
+
+ p = pointer;
+
+ while (p)
+ {
+ fprintf (file, " { ");
+
+ if (p->name)
+ fprintf (file, "\"%s\", ", p->name);
+ else
+ fprintf (file, "NULL, ");
+
+ t = p->type;
+ if (p->down)
+ t |= CONST_DOWN;
+ if (p->right)
+ t |= CONST_RIGHT;
+
+ fprintf (file, "%lu, ", t);
+
+ if (p->value)
+ fprintf (file, "\"%s\"},\n", p->value);
+ else
+ fprintf (file, "NULL },\n");
+
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else if (p->right)
+ {
+ p = p->right;
+ }
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == pointer)
+ {
+ p = NULL;
+ break;
+ }
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+
+ fprintf (file, " { NULL, 0, NULL }\n};\n");
+
+ fclose (file);
+
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_array2tree:
+ * @array: specify the array that contains ASN.1 declarations
+ * @definitions: return the pointer to the structure created by
+ * *ARRAY ASN.1 declarations
+ * @errorDescription: return the error description.
+ *
+ * Creates the structures needed to manage the ASN.1 definitions.
+ * @array is a vector created by asn1_parser2array().
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Structure created correctly.
+ *
+ * %ASN1_ELEMENT_NOT_EMPTY: *@definitions not ASN1_TYPE_EMPTY.
+ *
+ * %ASN1_IDENTIFIER_NOT_FOUND: In the file there is an identifier that
+ * is not defined (see @errorDescription for more information).
+ *
+ * %ASN1_ARRAY_ERROR: The array pointed by @array is wrong.
+ **/
+asn1_retCode
+asn1_array2tree (const ASN1_ARRAY_TYPE * array, ASN1_TYPE * definitions,
+ char *errorDescription)
+{
+ ASN1_TYPE p, p_last = NULL;
+ unsigned long k;
+ int move;
+ asn1_retCode result;
+
+
+ if (*definitions != ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_EMPTY;
+
+ move = UP;
+
+ k = 0;
+ while (array[k].value || array[k].type || array[k].name)
+ {
+ p = _asn1_add_node (array[k].type & (~CONST_DOWN));
+ if (array[k].name)
+ _asn1_set_name (p, array[k].name);
+ if (array[k].value)
+ _asn1_set_value (p, array[k].value, strlen (array[k].value) + 1);
+
+ if (*definitions == NULL)
+ *definitions = p;
+
+ if (move == DOWN)
+ _asn1_set_down (p_last, p);
+ else if (move == RIGHT)
+ _asn1_set_right (p_last, p);
+
+ p_last = p;
+
+ if (array[k].type & CONST_DOWN)
+ move = DOWN;
+ else if (array[k].type & CONST_RIGHT)
+ move = RIGHT;
+ else
+ {
+ while (1)
+ {
+ if (p_last == *definitions)
+ break;
+
+ p_last = _asn1_find_up (p_last);
+
+ if (p_last == NULL)
+ break;
+
+ if (p_last->type & CONST_RIGHT)
+ {
+ p_last->type &= ~CONST_RIGHT;
+ move = RIGHT;
+ break;
+ }
+ } /* while */
+ }
+ k++;
+ } /* while */
+
+ if (p_last == *definitions)
+ {
+ result = _asn1_check_identifier (*definitions);
+ if (result == ASN1_SUCCESS)
+ {
+ _asn1_change_integer_value (*definitions);
+ _asn1_expand_object_id (*definitions);
+ }
+ }
+ else
+ {
+ result = ASN1_ARRAY_ERROR;
+ }
+
+ if (errorDescription != NULL)
+ {
+ if (result == ASN1_IDENTIFIER_NOT_FOUND)
+ {
+ Estrcpy (errorDescription, ":: identifier '");
+ Estrcat (errorDescription, _asn1_identifierMissing);
+ Estrcat (errorDescription, "' not found");
+ }
+ else
+ errorDescription[0] = 0;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ _asn1_delete_list_and_nodes ();
+ *definitions = ASN1_TYPE_EMPTY;
+ }
+ else
+ _asn1_delete_list ();
+
+ return result;
+}
+
+/**
+ * asn1_delete_structure:
+ * @structure: pointer to the structure that you want to delete.
+ *
+ * Deletes the structure *@structure. At the end, *@structure is set
+ * to ASN1_TYPE_EMPTY.
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Everything OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: *@structure was ASN1_TYPE_EMPTY.
+ **/
+asn1_retCode
+asn1_delete_structure (ASN1_TYPE * structure)
+{
+ ASN1_TYPE p, p2, p3;
+
+ if (*structure == ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = *structure;
+ while (p)
+ {
+ if (p->down)
+ {
+ p = p->down;
+ }
+ else
+ { /* no down */
+ p2 = p->right;
+ if (p != *structure)
+ {
+ p3 = _asn1_find_up (p);
+ _asn1_set_down (p3, p2);
+ _asn1_remove_node (p);
+ p = p3;
+ }
+ else
+ { /* p==root */
+ p3 = _asn1_find_left (p);
+ if (!p3)
+ {
+ p3 = _asn1_find_up (p);
+ if (p3)
+ _asn1_set_down (p3, p2);
+ else
+ {
+ if (p->right)
+ p->right->left = NULL;
+ }
+ }
+ else
+ _asn1_set_right (p3, p2);
+ _asn1_remove_node (p);
+ p = NULL;
+ }
+ }
+ }
+
+ *structure = ASN1_TYPE_EMPTY;
+ return ASN1_SUCCESS;
+}
+
+
+
+/**
+ * asn1_delete_element:
+ * @structure: pointer to the structure that contains the element you
+ * want to delete.
+ * @element_name: element's name you want to delete.
+ *
+ * Deletes the element named *@element_name inside *@structure.
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Everything OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: The name element was not found.
+ **/
+asn1_retCode
+asn1_delete_element (ASN1_TYPE structure, const char *element_name)
+{
+ ASN1_TYPE p2, p3, source_node;
+
+ source_node = asn1_find_node (structure, element_name);
+
+ if (source_node == ASN1_TYPE_EMPTY)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p2 = source_node->right;
+ p3 = _asn1_find_left (source_node);
+ if (!p3)
+ {
+ p3 = _asn1_find_up (source_node);
+ if (p3)
+ _asn1_set_down (p3, p2);
+ else if (source_node->right)
+ source_node->right->left = NULL;
+ }
+ else
+ _asn1_set_right (p3, p2);
+
+ return asn1_delete_structure (&source_node);
+}
+
+ASN1_TYPE
+_asn1_copy_structure3 (ASN1_TYPE source_node)
+{
+ ASN1_TYPE dest_node, p_s, p_d, p_d_prev;
+ int move;
+
+ if (source_node == NULL)
+ return NULL;
+
+ dest_node = _asn1_add_node_only (source_node->type);
+
+ p_s = source_node;
+ p_d = dest_node;
+
+ move = DOWN;
+
+ do
+ {
+ if (move != UP)
+ {
+ if (p_s->name)
+ _asn1_set_name (p_d, p_s->name);
+ if (p_s->value)
+ _asn1_set_value (p_d, p_s->value, p_s->value_len);
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p_s->down)
+ {
+ p_s = p_s->down;
+ p_d_prev = p_d;
+ p_d = _asn1_add_node_only (p_s->type);
+ _asn1_set_down (p_d_prev, p_d);
+ }
+ else
+ move = RIGHT;
+ }
+
+ if (p_s == source_node)
+ break;
+
+ if (move == RIGHT)
+ {
+ if (p_s->right)
+ {
+ p_s = p_s->right;
+ p_d_prev = p_d;
+ p_d = _asn1_add_node_only (p_s->type);
+ _asn1_set_right (p_d_prev, p_d);
+ }
+ else
+ move = UP;
+ }
+ if (move == UP)
+ {
+ p_s = _asn1_find_up (p_s);
+ p_d = _asn1_find_up (p_d);
+ }
+ }
+ while (p_s != source_node);
+
+ return dest_node;
+}
+
+
+static ASN1_TYPE
+_asn1_copy_structure2 (ASN1_TYPE root, const char *source_name)
+{
+ ASN1_TYPE source_node;
+
+ source_node = asn1_find_node (root, source_name);
+
+ return _asn1_copy_structure3 (source_node);
+
+}
+
+
+static asn1_retCode
+_asn1_type_choice_config (ASN1_TYPE node)
+{
+ ASN1_TYPE p, p2, p3, p4;
+ int move, tlen;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node;
+ move = DOWN;
+
+ while (!((p == node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if ((type_field (p->type) == TYPE_CHOICE) && (p->type & CONST_TAG))
+ {
+ p2 = p->down;
+ while (p2)
+ {
+ if (type_field (p2->type) != TYPE_TAG)
+ {
+ p2->type |= CONST_TAG;
+ p3 = _asn1_find_left (p2);
+ while (p3)
+ {
+ if (type_field (p3->type) == TYPE_TAG)
+ {
+ p4 = _asn1_add_node_only (p3->type);
+ tlen = strlen (p3->value);
+ if (tlen > 0)
+ _asn1_set_value (p4, p3->value, tlen + 1);
+ _asn1_set_right (p4, p2->down);
+ _asn1_set_down (p2, p4);
+ }
+ p3 = _asn1_find_left (p3);
+ }
+ }
+ p2 = p2->right;
+ }
+ p->type &= ~(CONST_TAG);
+ p2 = p->down;
+ while (p2)
+ {
+ p3 = p2->right;
+ if (type_field (p2->type) == TYPE_TAG)
+ asn1_delete_structure (&p2);
+ p2 = p3;
+ }
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+static asn1_retCode
+_asn1_expand_identifier (ASN1_TYPE * node, ASN1_TYPE root)
+{
+ ASN1_TYPE p, p2, p3;
+ char name2[ASN1_MAX_NAME_SIZE + 2];
+ int move;
+
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = *node;
+ move = DOWN;
+
+ while (!((p == *node) && (move == UP)))
+ {
+ if (move != UP)
+ {
+ if (type_field (p->type) == TYPE_IDENTIFIER)
+ {
+ _asn1_str_cpy (name2, sizeof (name2), root->name);
+ _asn1_str_cat (name2, sizeof (name2), ".");
+ _asn1_str_cat (name2, sizeof (name2), p->value);
+ p2 = _asn1_copy_structure2 (root, name2);
+ if (p2 == NULL)
+ {
+ return ASN1_IDENTIFIER_NOT_FOUND;
+ }
+ _asn1_set_name (p2, p->name);
+ p2->right = p->right;
+ p2->left = p->left;
+ if (p->right)
+ p->right->left = p2;
+ p3 = p->down;
+ if (p3)
+ {
+ while (p3->right)
+ p3 = p3->right;
+ _asn1_set_right (p3, p2->down);
+ _asn1_set_down (p2, p->down);
+ }
+
+ p3 = _asn1_find_left (p);
+ if (p3)
+ _asn1_set_right (p3, p2);
+ else
+ {
+ p3 = _asn1_find_up (p);
+ if (p3)
+ _asn1_set_down (p3, p2);
+ else
+ {
+ p2->left = NULL;
+ }
+ }
+
+ if (p->type & CONST_SIZE)
+ p2->type |= CONST_SIZE;
+ if (p->type & CONST_TAG)
+ p2->type |= CONST_TAG;
+ if (p->type & CONST_OPTION)
+ p2->type |= CONST_OPTION;
+ if (p->type & CONST_DEFAULT)
+ p2->type |= CONST_DEFAULT;
+ if (p->type & CONST_SET)
+ p2->type |= CONST_SET;
+ if (p->type & CONST_NOT_USED)
+ p2->type |= CONST_NOT_USED;
+
+ if (p == *node)
+ *node = p2;
+ _asn1_remove_node (p);
+ p = p2;
+ move = DOWN;
+ continue;
+ }
+ move = DOWN;
+ }
+ else
+ move = RIGHT;
+
+ if (move == DOWN)
+ {
+ if (p->down)
+ p = p->down;
+ else
+ move = RIGHT;
+ }
+
+ if (p == *node)
+ {
+ move = UP;
+ continue;
+ }
+
+ if (move == RIGHT)
+ {
+ if (p->right)
+ p = p->right;
+ else
+ move = UP;
+ }
+ if (move == UP)
+ p = _asn1_find_up (p);
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_create_element:
+ * @definitions: pointer to the structure returned by "parser_asn1" function
+ * @source_name: the name of the type of the new structure (must be
+ * inside p_structure).
+ * @element: pointer to the structure created.
+ *
+ * Creates a structure of type @source_name. Example using
+ * "pkix.asn":
+ *
+ * rc = asn1_create_element(cert_def, "PKIX1.Certificate", certptr);
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Creation OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: SOURCE_NAME isn't known
+ **/
+asn1_retCode
+asn1_create_element (ASN1_TYPE definitions, const char *source_name,
+ ASN1_TYPE * element)
+{
+ ASN1_TYPE dest_node;
+ int res;
+
+ dest_node = _asn1_copy_structure2 (definitions, source_name);
+
+ if (dest_node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ _asn1_set_name (dest_node, "");
+
+ res = _asn1_expand_identifier (&dest_node, definitions);
+ _asn1_type_choice_config (dest_node);
+
+ *element = dest_node;
+
+ return res;
+}
+
+
+/**
+ * asn1_print_structure:
+ * @out: pointer to the output file (e.g. stdout).
+ * @structure: pointer to the structure that you want to visit.
+ * @name: an element of the structure
+ * @mode: specify how much of the structure to print, can be
+ * %ASN1_PRINT_NAME, %ASN1_PRINT_NAME_TYPE,
+ * %ASN1_PRINT_NAME_TYPE_VALUE, or %ASN1_PRINT_ALL.
+ *
+ * Prints on the @out file descriptor the structure's tree starting
+ * from the @name element inside the structure @structure.
+ **/
+void
+asn1_print_structure (FILE * out, ASN1_TYPE structure, const char *name,
+ int mode)
+{
+ ASN1_TYPE p, root;
+ int k, indent = 0, len, len2, len3;
+
+ if (out == NULL)
+ return;
+
+ root = asn1_find_node (structure, name);
+
+ if (root == NULL)
+ return;
+
+ p = root;
+ while (p)
+ {
+ if (mode == ASN1_PRINT_ALL)
+ {
+ for (k = 0; k < indent; k++)
+ fprintf (out, " ");
+ fprintf (out, "name:");
+ if (p->name)
+ fprintf (out, "%s ", p->name);
+ else
+ fprintf (out, "NULL ");
+ }
+ else
+ {
+ switch (type_field (p->type))
+ {
+ case TYPE_CONSTANT:
+ case TYPE_TAG:
+ case TYPE_SIZE:
+ break;
+ default:
+ for (k = 0; k < indent; k++)
+ fprintf (out, " ");
+ fprintf (out, "name:");
+ if (p->name)
+ fprintf (out, "%s ", p->name);
+ else
+ fprintf (out, "NULL ");
+ }
+ }
+
+ if (mode != ASN1_PRINT_NAME)
+ {
+ switch (type_field (p->type))
+ {
+ case TYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf (out, "type:CONST");
+ break;
+ case TYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf (out, "type:TAG");
+ break;
+ case TYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ fprintf (out, "type:SIZE");
+ break;
+ case TYPE_DEFAULT:
+ fprintf (out, "type:DEFAULT");
+ break;
+ case TYPE_NULL:
+ fprintf (out, "type:NULL");
+ break;
+ case TYPE_IDENTIFIER:
+ fprintf (out, "type:IDENTIFIER");
+ break;
+ case TYPE_INTEGER:
+ fprintf (out, "type:INTEGER");
+ break;
+ case TYPE_ENUMERATED:
+ fprintf (out, "type:ENUMERATED");
+ break;
+ case TYPE_TIME:
+ fprintf (out, "type:TIME");
+ break;
+ case TYPE_BOOLEAN:
+ fprintf (out, "type:BOOLEAN");
+ break;
+ case TYPE_SEQUENCE:
+ fprintf (out, "type:SEQUENCE");
+ break;
+ case TYPE_BIT_STRING:
+ fprintf (out, "type:BIT_STR");
+ break;
+ case TYPE_OCTET_STRING:
+ fprintf (out, "type:OCT_STR");
+ break;
+ case TYPE_GENERALSTRING:
+ fprintf (out, "type:GENERALSTRING");
+ break;
+ case TYPE_SEQUENCE_OF:
+ fprintf (out, "type:SEQ_OF");
+ break;
+ case TYPE_OBJECT_ID:
+ fprintf (out, "type:OBJ_ID");
+ break;
+ case TYPE_ANY:
+ fprintf (out, "type:ANY");
+ break;
+ case TYPE_SET:
+ fprintf (out, "type:SET");
+ break;
+ case TYPE_SET_OF:
+ fprintf (out, "type:SET_OF");
+ break;
+ case TYPE_CHOICE:
+ fprintf (out, "type:CHOICE");
+ break;
+ case TYPE_DEFINITIONS:
+ fprintf (out, "type:DEFINITIONS");
+ break;
+ default:
+ break;
+ }
+ }
+
+ if ((mode == ASN1_PRINT_NAME_TYPE_VALUE) || (mode == ASN1_PRINT_ALL))
+ {
+ switch (type_field (p->type))
+ {
+ case TYPE_CONSTANT:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case TYPE_TAG:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case TYPE_SIZE:
+ if (mode == ASN1_PRINT_ALL)
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case TYPE_DEFAULT:
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ else if (p->type & CONST_TRUE)
+ fprintf (out, " value:TRUE");
+ else if (p->type & CONST_FALSE)
+ fprintf (out, " value:FALSE");
+ break;
+ case TYPE_IDENTIFIER:
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case TYPE_INTEGER:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%02x", (p->value)[k + len2]);
+ }
+ break;
+ case TYPE_ENUMERATED:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:0x");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%02x", (p->value)[k + len2]);
+ }
+ break;
+ case TYPE_TIME:
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case TYPE_BOOLEAN:
+ if (p->value)
+ {
+ if (p->value[0] == 'T')
+ fprintf (out, " value:TRUE");
+ else if (p->value[0] == 'F')
+ fprintf (out, " value:FALSE");
+ }
+ break;
+ case TYPE_BIT_STRING:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ if (len > 0)
+ {
+ fprintf (out, " value(%i):",
+ (len - 1) * 8 - (p->value[len2]));
+ for (k = 1; k < len; k++)
+ fprintf (out, "%02x", (p->value)[k + len2]);
+ }
+ }
+ break;
+ case TYPE_OCTET_STRING:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%02x", (p->value)[k + len2]);
+ }
+ break;
+ case TYPE_GENERALSTRING:
+ if (p->value)
+ {
+ len2 = -1;
+ len = asn1_get_length_der (p->value, p->value_len, &len2);
+ fprintf (out, " value:");
+ if (len > 0)
+ for (k = 0; k < len; k++)
+ fprintf (out, "%02x", (p->value)[k + len2]);
+ }
+ break;
+ case TYPE_OBJECT_ID:
+ if (p->value)
+ fprintf (out, " value:%s", p->value);
+ break;
+ case TYPE_ANY:
+ if (p->value)
+ {
+ len3 = -1;
+ len2 = asn1_get_length_der (p->value, p->value_len, &len3);
+ fprintf (out, " value:");
+ if (len2 > 0)
+ for (k = 0; k < len2; k++)
+ fprintf (out, "%02x", (p->value)[k + len3]);
+ }
+ break;
+ case TYPE_SET:
+ case TYPE_SET_OF:
+ case TYPE_CHOICE:
+ case TYPE_DEFINITIONS:
+ case TYPE_SEQUENCE_OF:
+ case TYPE_SEQUENCE:
+ case TYPE_NULL:
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (mode == ASN1_PRINT_ALL)
+ {
+ if (p->type & 0x1FFFFF00)
+ {
+ fprintf (out, " attr:");
+ if (p->type & CONST_UNIVERSAL)
+ fprintf (out, "UNIVERSAL,");
+ if (p->type & CONST_PRIVATE)
+ fprintf (out, "PRIVATE,");
+ if (p->type & CONST_APPLICATION)
+ fprintf (out, "APPLICATION,");
+ if (p->type & CONST_EXPLICIT)
+ fprintf (out, "EXPLICIT,");
+ if (p->type & CONST_IMPLICIT)
+ fprintf (out, "IMPLICIT,");
+ if (p->type & CONST_TAG)
+ fprintf (out, "TAG,");
+ if (p->type & CONST_DEFAULT)
+ fprintf (out, "DEFAULT,");
+ if (p->type & CONST_TRUE)
+ fprintf (out, "TRUE,");
+ if (p->type & CONST_FALSE)
+ fprintf (out, "FALSE,");
+ if (p->type & CONST_LIST)
+ fprintf (out, "LIST,");
+ if (p->type & CONST_MIN_MAX)
+ fprintf (out, "MIN_MAX,");
+ if (p->type & CONST_OPTION)
+ fprintf (out, "OPTION,");
+ if (p->type & CONST_1_PARAM)
+ fprintf (out, "1_PARAM,");
+ if (p->type & CONST_SIZE)
+ fprintf (out, "SIZE,");
+ if (p->type & CONST_DEFINED_BY)
+ fprintf (out, "DEF_BY,");
+ if (p->type & CONST_GENERALIZED)
+ fprintf (out, "GENERALIZED,");
+ if (p->type & CONST_UTC)
+ fprintf (out, "UTC,");
+ if (p->type & CONST_SET)
+ fprintf (out, "SET,");
+ if (p->type & CONST_NOT_USED)
+ fprintf (out, "NOT_USED,");
+ if (p->type & CONST_ASSIGN)
+ fprintf (out, "ASSIGNMENT,");
+ }
+ }
+
+ if (mode == ASN1_PRINT_ALL)
+ {
+ fprintf (out, "\n");
+ }
+ else
+ {
+ switch (type_field (p->type))
+ {
+ case TYPE_CONSTANT:
+ case TYPE_TAG:
+ case TYPE_SIZE:
+ break;
+ default:
+ fprintf (out, "\n");
+ }
+ }
+
+ if (p->down)
+ {
+ p = p->down;
+ indent += 2;
+ }
+ else if (p == root)
+ {
+ p = NULL;
+ break;
+ }
+ else if (p->right)
+ p = p->right;
+ else
+ {
+ while (1)
+ {
+ p = _asn1_find_up (p);
+ if (p == root)
+ {
+ p = NULL;
+ break;
+ }
+ indent -= 2;
+ if (p->right)
+ {
+ p = p->right;
+ break;
+ }
+ }
+ }
+ }
+}
+
+
+
+/**
+ * asn1_number_of_elements:
+ * @element: pointer to the root of an ASN1 structure.
+ * @name: the name of a sub-structure of ROOT.
+ * @num: pointer to an integer where the result will be stored
+ *
+ * Counts the number of elements of a sub-structure called NAME with
+ * names equal to "?1","?2", ...
+ *
+ * Returns:
+ *
+ * %ASN1_SUCCESS: Creation OK.
+ *
+ * %ASN1_ELEMENT_NOT_FOUND: NAME isn't known.
+ *
+ * %ASN1_GENERIC_ERROR: Pointer num equal to NULL.
+ **/
+asn1_retCode
+asn1_number_of_elements (ASN1_TYPE element, const char *name, int *num)
+{
+ ASN1_TYPE node, p;
+
+ if (num == NULL)
+ return ASN1_GENERIC_ERROR;
+
+ *num = 0;
+
+ node = asn1_find_node (element, name);
+ if (node == NULL)
+ return ASN1_ELEMENT_NOT_FOUND;
+
+ p = node->down;
+
+ while (p)
+ {
+ if ((p->name) && (p->name[0] == '?'))
+ (*num)++;
+ p = p->right;
+ }
+
+ return ASN1_SUCCESS;
+}
+
+
+/**
+ * asn1_find_structure_from_oid:
+ * @definitions: ASN1 definitions
+ * @oidValue: value of the OID to search (e.g. "1.2.3.4").
+ *
+ * Search the structure that is defined just after an OID definition.
+ *
+ * Returns: %NULL when @oidValue not found, otherwise the pointer to a
+ * constant string that contains the element name defined just after
+ * the OID.
+ **/
+const char *
+asn1_find_structure_from_oid (ASN1_TYPE definitions, const char *oidValue)
+{
+ char definitionsName[ASN1_MAX_NAME_SIZE], name[2 * ASN1_MAX_NAME_SIZE + 1];
+ char value[ASN1_MAX_NAME_SIZE];
+ ASN1_TYPE p;
+ int len;
+ asn1_retCode result;
+
+ if ((definitions == ASN1_TYPE_EMPTY) || (oidValue == NULL))
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+
+
+ strcpy (definitionsName, definitions->name);
+ strcat (definitionsName, ".");
+
+ /* search the OBJECT_ID into definitions */
+ p = definitions->down;
+ while (p)
+ {
+ if ((type_field (p->type) == TYPE_OBJECT_ID) &&
+ (p->type & CONST_ASSIGN))
+ {
+ strcpy (name, definitionsName);
+ strcat (name, p->name);
+
+ len = ASN1_MAX_NAME_SIZE;
+ result = asn1_read_value (definitions, name, value, &len);
+
+ if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value)))
+ {
+ p = p->right;
+ if (p == NULL) /* reach the end of ASN1 definitions */
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+
+ return p->name;
+ }
+ }
+ p = p->right;
+ }
+
+ return NULL; /* ASN1_ELEMENT_NOT_FOUND; */
+}
+
+/**
+ * asn1_copy_node:
+ * @dst: Destination ASN1_TYPE node.
+ * @dst_name: Field name in destination node.
+ * @src: Source ASN1_TYPE node.
+ * @src_name: Field name in source node.
+ *
+ * Create a deep copy of a ASN1_TYPE variable.
+ *
+ * Return value: Return %ASN1_SUCCESS on success.
+ **/
+asn1_retCode
+asn1_copy_node (ASN1_TYPE dst, const char *dst_name,
+ ASN1_TYPE src, const char *src_name)
+{
+/* FIXME: rewrite using copy_structure().
+ * It seems quite hard to do.
+ */
+ int result;
+ ASN1_TYPE dst_node;
+ void *data = NULL;
+ int size = 0;
+
+ result = asn1_der_coding (src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR)
+ return result;
+
+ data = _asn1_malloc (size);
+ if (data == NULL)
+ return ASN1_MEM_ERROR;
+
+ result = asn1_der_coding (src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ _asn1_free (data);
+ return result;
+ }
+
+ dst_node = asn1_find_node (dst, dst_name);
+ if (dst_node == NULL)
+ {
+ _asn1_free (data);
+ return ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ result = asn1_der_decoding (&dst_node, data, size, NULL);
+
+ _asn1_free (data);
+
+ return result;
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2004, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+/*************************************************/
+/* File: structure.h */
+/* Description: list of exported object by */
+/* "structure.c" */
+/*************************************************/
+
+#ifndef _STRUCTURE_H
+#define _STRUCTURE_H
+
+asn1_retCode _asn1_create_static_structure (ASN1_TYPE pointer,
+ char *output_file_name,
+ char *vector_name);
+
+ASN1_TYPE _asn1_copy_structure3 (ASN1_TYPE source_node);
+
+ASN1_TYPE _asn1_add_node_only (unsigned int type);
+
+ASN1_TYPE _asn1_find_left (ASN1_TYPE node);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2004, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * This file is part of LIBTASN1.
+ *
+ * The LIBTASN1 library is free software; you can redistribute it
+ * and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif
+
+#include <string.h> /* for strverscmp */
+
+#include "libtasn1.h"
+
+/**
+ * asn1_check_version:
+ * @req_version: Required version number, or %NULL.
+ *
+ * Check that the version of the library is at minimum the
+ * requested one and return the version string; return %NULL if the
+ * condition is not satisfied. If a %NULL is passed to this function,
+ * no check is done, but the version string is simply returned.
+ *
+ * See %ASN1_VERSION for a suitable @req_version string.
+ *
+ * Returns: Version string of run-time library, or %NULL if the
+ * run-time library does not meet the required version number.
+ */
+const char *
+asn1_check_version (const char *req_version)
+{
+ if (!req_version || strverscmp (req_version, ASN1_VERSION) <= 0)
+ return ASN1_VERSION;
+
+ return NULL;
+}
--- /dev/null
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+ configure_ac=configure.ac
+else
+ configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+ # Try to run requested program, and just exit if it succeeds.
+ run=
+ shift
+ "$@" && exit 0
+ # Exit code 63 means version mismatch. This often happens
+ # when the user try to use an ancient version of a tool on
+ # a file that requires a minimum version. In this case we
+ # we should proceed has if the program had been absent, or
+ # if --run hadn't been passed.
+ if test $? = 63; then
+ run=:
+ msg="probably too old"
+ fi
+ ;;
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+ --run try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ autom4te touch the output file, or create a stub one
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ help2man touch the output file
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ tar try tar, gnutar, gtar, then tar without non-portable flags
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+ exit $?
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing $scriptversion (GNU Automake)"
+ exit $?
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+ s/^gnu-//; t
+ s/^gnu//; t
+ s/^g//; t'`
+
+# Now exit if we have it, but it failed. Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program). This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+ lex*|yacc*)
+ # Not GNU programs, they don't have --version.
+ ;;
+
+ tar*)
+ if test -n "$run"; then
+ echo 1>&2 "ERROR: \`tar' requires --run"
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ exit 1
+ fi
+ ;;
+
+ *)
+ if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+ # We have it, but it failed.
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ # Could not run --version or --help. This is probably someone
+ # running `$TOOL --version' or `$TOOL --help' to check whether
+ # $TOOL exists and not knowing $TOOL uses missing.
+ exit 1
+ fi
+ ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+ aclocal*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acinclude.m4' or \`${configure_ac}'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`${configure_ac}'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acconfig.h' or \`${configure_ac}'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case $f in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ autom4te*)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them.
+ You can get \`$1' as part of \`Autoconf' from any GNU
+ archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo "#! /bin/sh"
+ echo "# Created by GNU Automake missing as a replacement of"
+ echo "# $ $@"
+ echo "exit 0"
+ chmod +x $file
+ exit 1
+ fi
+ ;;
+
+ bison*|yacc*)
+ echo 1>&2 "\
+WARNING: \`$1' $msg. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f y.tab.h; then
+ echo >y.tab.h
+ fi
+ if test ! -f y.tab.c; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex*|flex*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f lex.yy.c; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ help2man*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a dependency of a manual page. You may need the
+ \`Help2man' package in order for those modifications to take
+ effect. You can get \`Help2man' from any GNU archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo ".ab help2man is required to generate this page"
+ exit $?
+ fi
+ ;;
+
+ makeinfo*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ # The file to touch is that specified with -o ...
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -z "$file"; then
+ # ... or it is the one specified with @setfilename ...
+ infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '
+ /^@setfilename/{
+ s/.* \([^ ]*\) *$/\1/
+ p
+ q
+ }' $infile`
+ # ... or it is derived from the source name (dir/f.texi becomes f.info)
+ test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+ fi
+ # If the file does not exist, the user really needs makeinfo;
+ # let's fail without touching anything.
+ test -f $file || exit 1
+ touch $file
+ ;;
+
+ tar*)
+ shift
+
+ # We have already tried tar in the generic part.
+ # Look for gnutar/gtar before invocation to avoid ugly error
+ # messages.
+ if (gnutar --version > /dev/null 2>&1); then
+ gnutar "$@" && exit 0
+ fi
+ if (gtar --version > /dev/null 2>&1); then
+ gtar "$@" && exit 0
+ fi
+ firstarg="$1"
+ if shift; then
+ case $firstarg in
+ *o*)
+ firstarg=`echo "$firstarg" | sed s/o//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ case $firstarg in
+ *h*)
+ firstarg=`echo "$firstarg" | sed s/h//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ fi
+
+ echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+ You may want to install GNU tar or Free paxutils, or check the
+ command line arguments."
+ exit 1
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequisites for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+# Foundation, Inc.
+#
+# Author: Nikos Mavroyanopoulos
+#
+# This file is part of GNUTLS.
+#
+# The GNUTLS library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GNUTLS library is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNUTLS library; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = \
+ -I$(srcdir)/../gl \
+ -I$(builddir)/../gl \
+ -I$(srcdir)/../includes \
+ -I$(builddir)/../includes \
+ -I$(srcdir)/..
+
+if ENABLE_MINITASN1
+AM_CPPFLAGS += -I$(srcdir)/../minitasn1
+endif
+
+noinst_LTLIBRARIES = libcrypto.la
+
+libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+# Foundation, Inc.
+#
+# Author: Nikos Mavroyanopoulos
+#
+# This file is part of GNUTLS.
+#
+# The GNUTLS library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GNUTLS library is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with the GNUTLS library; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@ENABLE_MINITASN1_TRUE@am__append_1 = -I$(srcdir)/../minitasn1
+subdir = nettle
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libcrypto_la_LIBADD =
+am_libcrypto_la_OBJECTS = pk.lo mpi.lo mac.lo cipher.lo rnd.lo init.lo \
+ egd.lo
+libcrypto_la_OBJECTS = $(am_libcrypto_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libcrypto_la_SOURCES)
+DIST_SOURCES = $(libcrypto_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = -I$(srcdir)/../gl -I$(builddir)/../gl \
+ -I$(srcdir)/../includes -I$(builddir)/../includes \
+ -I$(srcdir)/.. $(am__append_1)
+noinst_LTLIBRARIES = libcrypto.la
+libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign nettle/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign nettle/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libcrypto.la: $(libcrypto_la_OBJECTS) $(libcrypto_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(libcrypto_la_OBJECTS) $(libcrypto_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cipher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/egd.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pk.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rnd.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here lie nettle's wrappers for cipher support.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_cipher_int.h>
+#include <nettle/aes.h>
+#include <nettle/camellia.h>
+#include <nettle/arcfour.h>
+#include <nettle/arctwo.h>
+#include <nettle/des.h>
+#include <nettle/nettle-meta.h>
+#include <nettle/cbc.h>
+
+/* Functions that refer to the libgcrypt library.
+ */
+
+#define MAX_BLOCK_SIZE 32
+
+typedef void (*encrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
+ unsigned, uint8_t *, const uint8_t *);
+typedef void (*decrypt_func) (void *, nettle_crypt_func, unsigned, uint8_t *,
+ unsigned, uint8_t *, const uint8_t *);
+typedef void (*setkey_func) (void *, unsigned, const uint8_t *);
+
+static void
+stream_encrypt (void *ctx, nettle_crypt_func func, unsigned block_size,
+ uint8_t * iv, unsigned length, uint8_t * dst,
+ const uint8_t * src)
+{
+ func (ctx, length, dst, src);
+}
+
+struct aes_bidi_ctx
+{
+ struct aes_ctx encrypt;
+ struct aes_ctx decrypt;
+};
+
+static void
+aes_bidi_setkey (struct aes_bidi_ctx *ctx, unsigned length,
+ const uint8_t * key)
+{
+ aes_set_encrypt_key (&ctx->encrypt, length, key);
+ aes_invert_key (&ctx->decrypt, &ctx->encrypt);
+}
+
+static void
+aes_bidi_encrypt (struct aes_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
+{
+ aes_encrypt (&ctx->encrypt, length, dst, src);
+}
+
+static void
+aes_bidi_decrypt (struct aes_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
+{
+ aes_decrypt (&ctx->decrypt, length, dst, src);
+}
+
+struct camellia_bidi_ctx
+{
+ struct camellia_ctx encrypt;
+ struct camellia_ctx decrypt;
+};
+
+static void
+camellia_bidi_setkey (struct camellia_bidi_ctx *ctx, unsigned length,
+ const uint8_t * key)
+{
+ camellia_set_encrypt_key (&ctx->encrypt, length, key);
+ camellia_invert_key (&ctx->decrypt, &ctx->encrypt);
+}
+
+static void
+camellia_bidi_encrypt (struct camellia_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
+{
+ camellia_crypt (&ctx->encrypt, length, dst, src);
+}
+
+static void
+camellia_bidi_decrypt (struct camellia_bidi_ctx *ctx,
+ unsigned length, uint8_t * dst, const uint8_t * src)
+{
+ camellia_crypt (&ctx->decrypt, length, dst, src);
+}
+
+struct nettle_cipher_ctx
+{
+ union
+ {
+ struct aes_bidi_ctx aes_bidi;
+ struct camellia_bidi_ctx camellia_bidi;
+ struct arcfour_ctx arcfour;
+ struct arctwo_ctx arctwo;
+ struct des3_ctx des3;
+ struct des_ctx des;
+ } ctx;
+ void *ctx_ptr;
+ uint8_t iv[MAX_BLOCK_SIZE];
+ gnutls_cipher_algorithm_t algo;
+ size_t block_size;
+ nettle_crypt_func *i_encrypt;
+ nettle_crypt_func *i_decrypt;
+ encrypt_func encrypt;
+ decrypt_func decrypt;
+};
+
+
+
+static int
+wrap_nettle_cipher_init (gnutls_cipher_algorithm_t algo, void **_ctx)
+{
+ struct nettle_cipher_ctx *ctx;
+
+ ctx = gnutls_calloc (1, sizeof (*ctx));
+ if (ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx->algo = algo;
+
+ switch (algo)
+ {
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) camellia_bidi_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) camellia_bidi_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.camellia_bidi;
+ ctx->block_size = CAMELLIA_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) aes_bidi_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) aes_bidi_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.aes_bidi;
+ ctx->block_size = AES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des3_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des3_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des3;
+ ctx->block_size = DES3_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) des_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) des_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.des;
+ ctx->block_size = DES_BLOCK_SIZE;
+ break;
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ ctx->encrypt = stream_encrypt;
+ ctx->decrypt = stream_encrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arcfour_crypt;
+ ctx->ctx_ptr = &ctx->ctx.arcfour;
+ ctx->block_size = 1;
+ break;
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ ctx->encrypt = cbc_encrypt;
+ ctx->decrypt = cbc_decrypt;
+ ctx->i_encrypt = (nettle_crypt_func *) arctwo_encrypt;
+ ctx->i_decrypt = (nettle_crypt_func *) arctwo_decrypt;
+ ctx->ctx_ptr = &ctx->ctx.arctwo;
+ ctx->block_size = ARCTWO_BLOCK_SIZE;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *_ctx = ctx;
+
+ return 0;
+}
+
+static int
+wrap_nettle_cipher_setkey (void *_ctx, const void *key, size_t keysize)
+{
+ struct nettle_cipher_ctx *ctx = _ctx;
+ opaque des_key[DES3_KEY_SIZE];
+
+ switch (ctx->algo)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ case GNUTLS_CIPHER_AES_192_CBC:
+ case GNUTLS_CIPHER_AES_256_CBC:
+ aes_bidi_setkey (ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_CAMELLIA_128_CBC:
+ case GNUTLS_CIPHER_CAMELLIA_256_CBC:
+ camellia_bidi_setkey (ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (keysize != DES3_KEY_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity (keysize, des_key, key);
+
+ /* this fails on weak keys */
+ if (des3_set_key (ctx->ctx_ptr, des_key) != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
+ case GNUTLS_CIPHER_DES_CBC:
+ if (keysize != DES_KEY_SIZE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ des_fix_parity (keysize, des_key, key);
+
+ if (des_set_key (ctx->ctx_ptr, des_key) != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ break;
+ case GNUTLS_CIPHER_ARCFOUR_128:
+ case GNUTLS_CIPHER_ARCFOUR_40:
+ arcfour_set_key (ctx->ctx_ptr, keysize, key);
+ break;
+ case GNUTLS_CIPHER_RC2_40_CBC:
+ arctwo_set_key (ctx->ctx_ptr, keysize, key);
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+static int
+wrap_nettle_cipher_setiv (void *_ctx, const void *iv, size_t ivsize)
+{
+ struct nettle_cipher_ctx *ctx = _ctx;
+
+ if (ivsize > ctx->block_size)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ memcpy (ctx->iv, iv, ivsize);
+
+ return 0;
+}
+
+static int
+wrap_nettle_cipher_decrypt (void *_ctx, const void *encr, size_t encrsize,
+ void *plain, size_t plainsize)
+{
+ struct nettle_cipher_ctx *ctx = _ctx;
+
+ ctx->decrypt (ctx->ctx_ptr, ctx->i_decrypt, ctx->block_size, ctx->iv,
+ encrsize, plain, encr);
+
+ return 0;
+}
+
+static int
+wrap_nettle_cipher_encrypt (void *_ctx, const void *plain, size_t plainsize,
+ void *encr, size_t encrsize)
+{
+ struct nettle_cipher_ctx *ctx = _ctx;
+
+ ctx->encrypt (ctx->ctx_ptr, ctx->i_encrypt, ctx->block_size, ctx->iv,
+ plainsize, encr, plain);
+
+ return 0;
+}
+
+static void
+wrap_nettle_cipher_close (void *h)
+{
+ gnutls_free (h);
+}
+
+gnutls_crypto_cipher_st _gnutls_cipher_ops = {
+ .init = wrap_nettle_cipher_init,
+ .setkey = wrap_nettle_cipher_setkey,
+ .setiv = wrap_nettle_cipher_setiv,
+ .encrypt = wrap_nettle_cipher_encrypt,
+ .decrypt = wrap_nettle_cipher_decrypt,
+ .deinit = wrap_nettle_cipher_close,
+};
--- /dev/null
+/* rndegd.c - interface to the EGD
+ * Copyright (C) 1999, 2000, 2002, 2003, 2010 Free Software Foundation, Inc.
+ *
+ * This file is part of Libgcrypt.
+ *
+ * Libgcrypt is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * Libgcrypt is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
+ */
+
+#include <config.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+#include "egd.h"
+
+#include <gnutls_errors.h>
+
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+static int egd_socket = -1;
+
+static int
+do_write (int fd, void *buf, size_t nbytes)
+{
+ size_t nleft = nbytes;
+ int nwritten;
+
+ while (nleft > 0)
+ {
+ nwritten = write (fd, buf, nleft);
+ if (nwritten < 0)
+ {
+ if (errno == EINTR)
+ continue;
+ return -1;
+ }
+ nleft -= nwritten;
+ buf = (char *) buf + nwritten;
+ }
+ return 0;
+}
+
+static int
+do_read (int fd, void *buf, size_t nbytes)
+{
+ int n, nread = 0;
+
+ do
+ {
+ do
+ {
+ n = read (fd, (char *) buf + nread, nbytes);
+ }
+ while (n == -1 && errno == EINTR);
+ if (n == -1)
+ return nread ? nread : -1;
+ if (n == 0)
+ return -1;
+ nread += n;
+ nbytes -= n;
+ }
+ while (nread < nbytes);
+ return nread;
+}
+
+static const char *egd_names[] = {
+ "/var/run/egd-pool",
+ "/dev/egd-pool",
+ "/etc/egd-pool",
+ "/etc/entropy",
+ "/var/run/entropy",
+ "/dev/entropy",
+ NULL
+};
+
+static const char *
+find_egd_name (void)
+{
+ int i = 0;
+ struct stat st;
+
+ do
+ {
+ if (stat (egd_names[i], &st) != 0)
+ continue;
+
+ if (st.st_mode & S_IFSOCK)
+ { /* found */
+ return egd_names[i];
+ }
+
+ }
+ while (egd_names[++i] != NULL);
+
+ return NULL;
+}
+
+/* Connect to the EGD and return the file descriptor. Return -1 on
+ error. With NOFAIL set to true, silently fail and return the
+ error, otherwise print an error message and die. */
+int
+_rndegd_connect_socket (void)
+{
+ int fd;
+ const char *name;
+ struct sockaddr_un addr;
+ int addr_len;
+
+ if (egd_socket != -1)
+ {
+ close (egd_socket);
+ egd_socket = -1;
+ }
+
+ name = find_egd_name ();
+
+ if (strlen (name) + 1 >= sizeof addr.sun_path)
+ {
+ _gnutls_debug_log ("EGD socketname is too long\n");
+ return -1;
+ }
+
+ memset (&addr, 0, sizeof addr);
+ addr.sun_family = AF_LOCAL;
+ strcpy (addr.sun_path, name);
+ addr_len = (offsetof (struct sockaddr_un, sun_path)
+ + strlen (addr.sun_path));
+
+ fd = socket (AF_LOCAL, SOCK_STREAM, 0);
+ if (fd == -1)
+ {
+ _gnutls_debug_log ("can't create unix domain socket: %s\n",
+ strerror (errno));
+ return -1;
+ }
+ else if (connect (fd, (struct sockaddr *) &addr, addr_len) == -1)
+ {
+ _gnutls_debug_log ("can't connect to EGD socket `%s': %s\n",
+ name, strerror (errno));
+ close (fd);
+ fd = -1;
+ }
+
+ if (fd != -1)
+ egd_socket = fd;
+ return fd;
+}
+
+/****************
+ * Note: We always use the highest level.
+ * To boost the performance we may want to add some
+ * additional code for level 1
+ *
+ * Using a level of 0 should never block and better add nothing
+ * to the pool. So this is just a dummy for EGD.
+ */
+int
+_rndegd_read (int *fd, void *_output, size_t _length)
+{
+ int n;
+ uint8_t buffer[256 + 2];
+ int nbytes;
+ int do_restart = 0;
+ unsigned char *output = _output;
+ size_t length = _length;
+
+ if (!length)
+ return 0;
+
+
+restart:
+ if (*fd == -1 || do_restart)
+ *fd = _rndegd_connect_socket ();
+
+ do_restart = 0;
+
+ nbytes = length < 255 ? length : 255;
+ /* First time we do it with a non blocking request */
+ buffer[0] = 1; /* non blocking */
+ buffer[1] = nbytes;
+
+ if (do_write (*fd, buffer, 2) == -1)
+ _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
+
+ n = do_read (*fd, buffer, 1);
+ if (n == -1)
+ {
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ n = buffer[0];
+ if (n)
+ {
+ n = do_read (*fd, buffer, n);
+ if (n == -1)
+ {
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ if (n > length)
+ {
+ _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
+
+ memcpy (output, buffer, n);
+ output += n;
+ length -= n;
+ }
+
+ while (length)
+ {
+ nbytes = length < 255 ? length : 255;
+
+ buffer[0] = 2; /* blocking */
+ buffer[1] = nbytes;
+ if (do_write (*fd, buffer, 2) == -1)
+ _gnutls_debug_log ("can't write to the EGD: %s\n", strerror (errno));
+ n = do_read (*fd, buffer, nbytes);
+ if (n == -1)
+ {
+ _gnutls_debug_log ("read error on EGD: %s\n", strerror (errno));
+ do_restart = 1;
+ goto restart;
+ }
+
+ if (n > length)
+ {
+ _gnutls_debug_log ("read error on EGD: returned more bytes!\n");
+ n = length;
+ }
+
+ memcpy (output, buffer, n);
+ output += n;
+ length -= n;
+ }
+
+ return _length; /* success */
+}
--- /dev/null
+int _rndegd_read (int *fd, void *output, size_t length);
+int _rndegd_connect_socket (void);
--- /dev/null
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <gnutls_mpi.h>
+#include <gcrypt.h>
+
+/* Functions that refer to the initialization of the libgcrypt library.
+ */
+
+int
+gnutls_crypto_init (void)
+{
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file provides is the backend hash/mac API for libgcrypt.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_hash_int.h>
+#include <gnutls_errors.h>
+#include <nettle/md5.h>
+#include <nettle/md2.h>
+#include <nettle/sha.h>
+#include <nettle/hmac.h>
+
+typedef void (*update_func) (void *, unsigned, const uint8_t *);
+typedef void (*digest_func) (void *, unsigned, uint8_t *);
+typedef void (*set_key_func) (void *, unsigned, const uint8_t *);
+
+static int wrap_nettle_hash_init (gnutls_mac_algorithm_t algo, void **_ctx);
+
+struct nettle_hash_ctx
+{
+ union
+ {
+ struct md5_ctx md5;
+ struct md2_ctx md2;
+ struct sha224_ctx sha224;
+ struct sha256_ctx sha256;
+ struct sha384_ctx sha384;
+ struct sha512_ctx sha512;
+ struct sha1_ctx sha1;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+};
+
+struct nettle_hmac_ctx
+{
+ union
+ {
+ struct hmac_md5_ctx md5;
+ struct hmac_sha224_ctx sha224;
+ struct hmac_sha256_ctx sha256;
+ struct hmac_sha384_ctx sha384;
+ struct hmac_sha512_ctx sha512;
+ struct hmac_sha1_ctx sha1;
+ } ctx;
+ void *ctx_ptr;
+ gnutls_mac_algorithm_t algo;
+ size_t length;
+ update_func update;
+ digest_func digest;
+ set_key_func setkey;
+};
+
+static int
+wrap_nettle_hmac_init (gnutls_mac_algorithm_t algo, void **_ctx)
+{
+ struct nettle_hmac_ctx *ctx;
+
+ ctx = gnutls_malloc (sizeof (struct nettle_hmac_ctx));
+ if (ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx->algo = algo;
+
+ switch (algo)
+ {
+ case GNUTLS_MAC_MD5:
+ ctx->update = (update_func) hmac_md5_update;
+ ctx->digest = (digest_func) hmac_md5_digest;
+ ctx->setkey = (set_key_func) hmac_md5_set_key;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA1:
+ ctx->update = (update_func) hmac_sha1_update;
+ ctx->digest = (digest_func) hmac_sha1_digest;
+ ctx->setkey = (set_key_func) hmac_sha1_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA224:
+ ctx->update = (update_func) hmac_sha224_update;
+ ctx->digest = (digest_func) hmac_sha224_digest;
+ ctx->setkey = (set_key_func) hmac_sha224_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA256:
+ ctx->update = (update_func) hmac_sha256_update;
+ ctx->digest = (digest_func) hmac_sha256_digest;
+ ctx->setkey = (set_key_func) hmac_sha256_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA384:
+ ctx->update = (update_func) hmac_sha384_update;
+ ctx->digest = (digest_func) hmac_sha384_digest;
+ ctx->setkey = (set_key_func) hmac_sha384_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_MAC_SHA512:
+ ctx->update = (update_func) hmac_sha512_update;
+ ctx->digest = (digest_func) hmac_sha512_digest;
+ ctx->setkey = (set_key_func) hmac_sha512_set_key;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *_ctx = ctx;
+
+ return 0;
+}
+
+static int
+wrap_nettle_hmac_setkey (void *_ctx, const void *key, size_t keylen)
+{
+ struct nettle_hmac_ctx *ctx = _ctx;
+
+ ctx->setkey (ctx->ctx_ptr, keylen, key);
+
+ return GNUTLS_E_SUCCESS;
+}
+
+static int
+wrap_nettle_hmac_update (void *_ctx, const void *text, size_t textsize)
+{
+ struct nettle_hmac_ctx *ctx = _ctx;
+
+ ctx->update (ctx->ctx_ptr, textsize, text);
+
+ return GNUTLS_E_SUCCESS;
+}
+
+static int
+wrap_nettle_hash_update (void *_ctx, const void *text, size_t textsize)
+{
+ struct nettle_hash_ctx *ctx = _ctx;
+
+ ctx->update (ctx->ctx_ptr, textsize, text);
+
+ return GNUTLS_E_SUCCESS;
+}
+
+static int
+wrap_nettle_hash_copy (void **bhd, void *ahd)
+{
+ struct nettle_hash_ctx *ctx = ahd;
+ struct nettle_hash_ctx *dst_ctx;
+ int ret;
+
+ ret = wrap_nettle_hash_init (ctx->algo, bhd);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ dst_ctx = *bhd;
+
+ memcpy (&dst_ctx->ctx, &ctx->ctx, sizeof (ctx->ctx));
+
+ return 0;
+}
+
+static void
+wrap_nettle_md_close (void *hd)
+{
+ gnutls_free (hd);
+}
+
+static int
+wrap_nettle_hash_init (gnutls_mac_algorithm_t algo, void **_ctx)
+{
+ struct nettle_hash_ctx *ctx;
+
+ ctx = gnutls_malloc (sizeof (struct nettle_hash_ctx));
+ if (ctx == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ctx->algo = algo;
+
+ switch (algo)
+ {
+ case GNUTLS_DIG_MD5:
+ md5_init (&ctx->ctx.md5);
+ ctx->update = (update_func) md5_update;
+ ctx->digest = (digest_func) md5_digest;
+ ctx->ctx_ptr = &ctx->ctx.md5;
+ ctx->length = MD5_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA1:
+ sha1_init (&ctx->ctx.sha1);
+ ctx->update = (update_func) sha1_update;
+ ctx->digest = (digest_func) sha1_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha1;
+ ctx->length = SHA1_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_MD2:
+ md2_init (&ctx->ctx.md2);
+ ctx->update = (update_func) md2_update;
+ ctx->digest = (digest_func) md2_digest;
+ ctx->ctx_ptr = &ctx->ctx.md2;
+ ctx->length = MD2_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA224:
+ sha224_init (&ctx->ctx.sha224);
+ ctx->update = (update_func) sha224_update;
+ ctx->digest = (digest_func) sha224_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha224;
+ ctx->length = SHA224_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA256:
+ sha256_init (&ctx->ctx.sha256);
+ ctx->update = (update_func) sha256_update;
+ ctx->digest = (digest_func) sha256_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha256;
+ ctx->length = SHA256_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA384:
+ sha384_init (&ctx->ctx.sha384);
+ ctx->update = (update_func) sha384_update;
+ ctx->digest = (digest_func) sha384_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha384;
+ ctx->length = SHA384_DIGEST_SIZE;
+ break;
+ case GNUTLS_DIG_SHA512:
+ sha512_init (&ctx->ctx.sha512);
+ ctx->update = (update_func) sha512_update;
+ ctx->digest = (digest_func) sha512_digest;
+ ctx->ctx_ptr = &ctx->ctx.sha512;
+ ctx->length = SHA512_DIGEST_SIZE;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *_ctx = ctx;
+
+ return 0;
+}
+
+static int
+wrap_nettle_hash_output (void *src_ctx, void *digest, size_t digestsize)
+{
+ struct nettle_hash_ctx *ctx;
+ ctx = src_ctx;
+
+ if (digestsize < ctx->length)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ ctx->digest (ctx->ctx_ptr, digestsize, digest);
+
+ return 0;
+}
+
+static int
+wrap_nettle_hmac_output (void *src_ctx, void *digest, size_t digestsize)
+{
+ struct nettle_hmac_ctx *ctx;
+ ctx = src_ctx;
+
+ if (digestsize < ctx->length)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ ctx->digest (ctx->ctx_ptr, digestsize, digest);
+
+ return 0;
+}
+
+gnutls_crypto_mac_st _gnutls_mac_ops = {
+ .init = wrap_nettle_hmac_init,
+ .setkey = wrap_nettle_hmac_setkey,
+ .hash = wrap_nettle_hmac_update,
+ .output = wrap_nettle_hmac_output,
+ .deinit = wrap_nettle_md_close,
+};
+
+gnutls_crypto_digest_st _gnutls_digest_ops = {
+ .init = wrap_nettle_hash_init,
+ .hash = wrap_nettle_hash_update,
+ .copy = wrap_nettle_hash_copy,
+ .output = wrap_nettle_hash_output,
+ .deinit = wrap_nettle_md_close,
+};
--- /dev/null
+/*
+ * Copyright (C) 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here lie everything that has to do with large numbers, gmp.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_algorithms.h>
+#include <gnutls_num.h>
+#include <gnutls_mpi.h>
+#include <gmp.h>
+#include <nettle/bignum.h>
+#include <random.h>
+
+#define TOMPZ(x) (*((mpz_t*)(x)))
+
+static int
+wrap_nettle_mpi_print (const bigint_t a, void *buffer, size_t * nbytes,
+ gnutls_bigint_format_t format)
+{
+ unsigned int size;
+ mpz_t *p = (void *) a;
+
+ if (format == GNUTLS_MPI_FORMAT_USG)
+ {
+ size = nettle_mpz_sizeinbase_256_u (*p);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_STD)
+ {
+ size = nettle_mpz_sizeinbase_256_s (*p);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_PGP)
+ {
+ size = nettle_mpz_sizeinbase_256_u (*p) + 2;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (buffer == NULL || size > *nbytes)
+ {
+ *nbytes = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_PGP)
+ {
+ opaque *buf = buffer;
+ unsigned int nbits = _gnutls_mpi_get_nbits (a);
+ buf[0] = (nbits >> 8) & 0xff;
+ buf[1] = (nbits) & 0xff;
+ nettle_mpz_get_str_256 (size - 2, buf + 2, *p);
+ }
+ else
+ {
+ nettle_mpz_get_str_256 (size, buffer, *p);
+ }
+ *nbytes = size;
+
+ return 0;
+}
+
+static bigint_t
+wrap_nettle_mpi_new (int nbits)
+{
+ mpz_t *p;
+
+ p = gnutls_malloc (sizeof (*p));
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+ mpz_init2 (*p, nbits);
+
+ return p;
+}
+
+static bigint_t
+wrap_nettle_mpi_scan (const void *buffer, size_t nbytes,
+ gnutls_bigint_format_t format)
+{
+ bigint_t r = wrap_nettle_mpi_new (nbytes * 8);
+
+ if (r == NULL)
+ {
+ gnutls_assert ();
+ return r;
+ }
+
+ if (format == GNUTLS_MPI_FORMAT_USG)
+ {
+ nettle_mpz_set_str_256_u (TOMPZ (r), nbytes, buffer);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_STD)
+ {
+ nettle_mpz_set_str_256_s (TOMPZ (r), nbytes, buffer);
+ }
+ else if (format == GNUTLS_MPI_FORMAT_PGP)
+ {
+ const opaque *buf = buffer;
+ size_t size;
+
+ if (nbytes < 3)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ size = (buf[0] << 8) | buf[1];
+ size = (size + 7) / 8;
+
+ if (size > nbytes - 2)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+ nettle_mpz_set_str_256_u (TOMPZ (r), size, buf + 2);
+ }
+ else
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ return r;
+fail:
+ _gnutls_mpi_release (&r);
+ return NULL;
+
+}
+
+static int
+wrap_nettle_mpi_cmp (const bigint_t u, const bigint_t v)
+{
+ mpz_t *i1 = u, *i2 = v;
+
+ return mpz_cmp (*i1, *i2);
+}
+
+static int
+wrap_nettle_mpi_cmp_ui (const bigint_t u, unsigned long v)
+{
+ mpz_t *i1 = u;
+
+ return mpz_cmp_ui (*i1, v);
+}
+
+static bigint_t
+wrap_nettle_mpi_set (bigint_t w, const bigint_t u)
+{
+ mpz_t *i1, *i2 = u;
+
+ if (w == NULL)
+ w = _gnutls_mpi_alloc_like (u);
+ i1 = w;
+
+ mpz_set (*i1, *i2);
+
+ return i1;
+}
+
+static bigint_t
+wrap_nettle_mpi_set_ui (bigint_t w, unsigned long u)
+{
+ mpz_t *i1;
+
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (32);
+
+ i1 = w;
+
+ mpz_set_ui (*i1, u);
+
+ return i1;
+}
+
+static unsigned int
+wrap_nettle_mpi_get_nbits (bigint_t a)
+{
+ return mpz_sizeinbase (*((mpz_t *) a), 2);
+}
+
+static void
+wrap_nettle_mpi_release (bigint_t a)
+{
+ mpz_clear (*((mpz_t *) a));
+ gnutls_free (a);
+}
+
+static bigint_t
+wrap_nettle_mpi_mod (const bigint_t a, const bigint_t b)
+{
+ bigint_t r = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
+
+ if (r == NULL)
+ return NULL;
+
+ mpz_mod (*((mpz_t *) r), *((mpz_t *) a), *((mpz_t *) b));
+
+ return r;
+}
+
+static bigint_t
+wrap_nettle_mpi_powm (bigint_t w, const bigint_t b, const bigint_t e,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_powm (*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) e), *((mpz_t *) m));
+
+ return w;
+}
+
+static bigint_t
+wrap_nettle_mpi_addm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_add (*((mpz_t *) w), *((mpz_t *) b), *((mpz_t *) a));
+ mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
+
+ return w;
+}
+
+static bigint_t
+wrap_nettle_mpi_subm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_sub (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
+
+ return w;
+}
+
+static bigint_t
+wrap_nettle_mpi_mulm (bigint_t w, const bigint_t a, const bigint_t b,
+ const bigint_t m)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (m));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_mul (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+ mpz_fdiv_r (*((mpz_t *) w), *((mpz_t *) w), *((mpz_t *) m));
+
+ return w;
+}
+
+static bigint_t
+wrap_nettle_mpi_add (bigint_t w, const bigint_t a, const bigint_t b)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (b));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_add (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+
+ return w;
+}
+
+static bigint_t
+wrap_nettle_mpi_sub (bigint_t w, const bigint_t a, const bigint_t b)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_sub (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+
+ return w;
+}
+
+static bigint_t
+wrap_nettle_mpi_mul (bigint_t w, const bigint_t a, const bigint_t b)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_mul (*((mpz_t *) w), *((mpz_t *) a), *((mpz_t *) b));
+
+ return w;
+}
+
+/* q = a / b */
+static bigint_t
+wrap_nettle_mpi_div (bigint_t q, const bigint_t a, const bigint_t b)
+{
+ if (q == NULL)
+ q = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (q == NULL)
+ return NULL;
+
+ mpz_cdiv_q (*((mpz_t *) q), *((mpz_t *) a), *((mpz_t *) b));
+
+ return q;
+}
+
+static bigint_t
+wrap_nettle_mpi_add_ui (bigint_t w, const bigint_t a, unsigned long b)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_add_ui (*((mpz_t *) w), *((mpz_t *) a), b);
+
+ return w;
+}
+
+static bigint_t
+wrap_nettle_mpi_sub_ui (bigint_t w, const bigint_t a, unsigned long b)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_sub_ui (*((mpz_t *) w), *((mpz_t *) a), b);
+
+ return w;
+
+}
+
+static bigint_t
+wrap_nettle_mpi_mul_ui (bigint_t w, const bigint_t a, unsigned long b)
+{
+ if (w == NULL)
+ w = wrap_nettle_mpi_new (wrap_nettle_mpi_get_nbits (a));
+
+ if (w == NULL)
+ return NULL;
+
+ mpz_mul_ui (*((mpz_t *) w), *((mpz_t *) a), b);
+
+ return w;
+
+}
+
+#define PRIME_CHECK_PARAM 18
+static int
+wrap_nettle_prime_check (bigint_t pp)
+{
+ int ret;
+ ret = mpz_probab_prime_p (*((mpz_t *) pp), PRIME_CHECK_PARAM);
+
+ if (ret > 0)
+ {
+ return 0;
+ }
+
+ return GNUTLS_E_INTERNAL_ERROR; /* ignored */
+}
+
+
+/* generate a prime of the form p=2qw+1
+ * The algorithm is simple but probably it has to be modified to gcrypt's
+ * since it is really really slow. Nature did not want 2qw+1 to be prime.
+ * The generator will be the generator of a subgroup of order q-1.
+ *
+ * Algorithm based on the algorithm in "A Computational Introduction to Number
+ * Theory and Algebra" by V. Shoup, sec 11.1 Finding a generator for Z^{*}_p
+ */
+inline static int
+gen_group (mpz_t * prime, mpz_t * generator, unsigned int nbits)
+{
+ mpz_t q, w;
+ unsigned int p_bytes = nbits / 8;
+ opaque *buffer = NULL;
+ unsigned int q_bytes, w_bytes, r_bytes, w_bits;
+ int ret;
+
+ mpz_init (*prime);
+ mpz_init (*generator);
+
+ /* security level enforcement.
+ * Values for q are selected according to ECRYPT II recommendations.
+ */
+ q_bytes = _gnutls_pk_bits_to_subgroup_bits (nbits);
+ q_bytes /= 8;
+
+ if (q_bytes == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (nbits % 8 != 0)
+ p_bytes++;
+
+ _gnutls_debug_log
+ ("Generating group of prime of %u bits and format of 2wq+1. q_size=%u bits\n",
+ nbits, q_bytes * 8);
+ buffer = gnutls_malloc (p_bytes); /* p_bytes > q_bytes */
+ if (buffer == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ mpz_init2 (*prime, nbits);
+ mpz_init (*generator);
+ mpz_init (q);
+ mpz_init (w);
+
+ /* search for a prime. We are not that unlucky so search
+ * forever.
+ */
+ for (;;)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, q_bytes);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ nettle_mpz_set_str_256_u (q, q_bytes, buffer);
+ /* always odd */
+ mpz_setbit (q, 0);
+
+ ret = mpz_probab_prime_p (q, PRIME_CHECK_PARAM);
+ if (ret > 0)
+ {
+ break;
+ }
+ }
+
+ /* now generate w of size p_bytes - q_bytes */
+
+ w_bits = nbits - wrap_nettle_mpi_get_nbits (&q);
+
+ _gnutls_debug_log
+ ("Found prime q of %u bits. Will look for w of %u bits...\n",
+ wrap_nettle_mpi_get_nbits (&q), w_bits);
+
+ w_bytes = w_bits / 8;
+ if (w_bits % 8 != 0)
+ w_bytes++;
+
+ for (;;)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, w_bytes);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ nettle_mpz_set_str_256_u (w, w_bytes, buffer);
+ /* always odd */
+ mpz_setbit (w, 0);
+
+ ret = mpz_probab_prime_p (w, PRIME_CHECK_PARAM);
+ if (ret == 0)
+ {
+ continue;
+ }
+
+ /* check if 2wq+1 is prime */
+ mpz_mul_ui (*prime, w, 2);
+ mpz_mul (*prime, *prime, q);
+ mpz_add_ui (*prime, *prime, 1);
+
+ ret = mpz_probab_prime_p (*prime, PRIME_CHECK_PARAM);
+ if (ret > 0)
+ {
+ break;
+ }
+ }
+
+ _gnutls_debug_log ("Found prime w of %u bits. Looking for generator...\n",
+ wrap_nettle_mpi_get_nbits (&w));
+
+ /* finally a prime! Let calculate generator
+ */
+
+ /* c = r^((p-1)/q), r == random
+ * c = r^(2w)
+ * if c!=1 c is the generator for the subgroup of order q-1
+ *
+ * (here we reuse q as r)
+ */
+ r_bytes = p_bytes;
+
+ mpz_mul_ui (w, w, 2); /* w = w*2 */
+ mpz_fdiv_r (w, w, *prime);
+
+ for (;;)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, buffer, r_bytes);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ nettle_mpz_set_str_256_u (q, r_bytes, buffer);
+ mpz_fdiv_r (q, q, *prime);
+
+ /* check if r^w mod n != 1 mod n */
+ mpz_powm (*generator, q, w, *prime);
+
+ if (mpz_cmp_ui (*generator, 1) == 0)
+ continue;
+ else
+ break;
+ }
+
+ _gnutls_debug_log ("Found generator g of %u bits\n",
+ wrap_nettle_mpi_get_nbits (generator));
+ _gnutls_debug_log ("Prime n is of %u bits\n",
+ wrap_nettle_mpi_get_nbits (prime));
+
+ mpz_clear (q);
+ mpz_clear (w);
+ gnutls_free (buffer);
+
+ return 0;
+
+fail:
+ mpz_clear (q);
+ mpz_clear (w);
+ mpz_clear (*prime);
+ mpz_clear (*generator);
+ gnutls_free (buffer);
+
+ return ret;
+}
+
+static int
+wrap_nettle_generate_group (gnutls_group_st * group, unsigned int bits)
+{
+ int ret;
+ bigint_t p = wrap_nettle_mpi_new (bits);
+ bigint_t g;
+
+ if (p == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ g = wrap_nettle_mpi_new (bits);
+ if (g == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (&p);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gen_group (p, g, bits);
+ if (ret < 0)
+ {
+ _gnutls_mpi_release (&g);
+ _gnutls_mpi_release (&p);
+ gnutls_assert ();
+ return ret;
+ }
+
+ group->p = p;
+ group->g = g;
+
+ return 0;
+}
+
+
+int crypto_bigint_prio = INT_MAX;
+
+gnutls_crypto_bigint_st _gnutls_mpi_ops = {
+ .bigint_new = wrap_nettle_mpi_new,
+ .bigint_cmp = wrap_nettle_mpi_cmp,
+ .bigint_cmp_ui = wrap_nettle_mpi_cmp_ui,
+ .bigint_mod = wrap_nettle_mpi_mod,
+ .bigint_set = wrap_nettle_mpi_set,
+ .bigint_set_ui = wrap_nettle_mpi_set_ui,
+ .bigint_get_nbits = wrap_nettle_mpi_get_nbits,
+ .bigint_powm = wrap_nettle_mpi_powm,
+ .bigint_addm = wrap_nettle_mpi_addm,
+ .bigint_subm = wrap_nettle_mpi_subm,
+ .bigint_add = wrap_nettle_mpi_add,
+ .bigint_sub = wrap_nettle_mpi_sub,
+ .bigint_add_ui = wrap_nettle_mpi_add_ui,
+ .bigint_sub_ui = wrap_nettle_mpi_sub_ui,
+ .bigint_mul = wrap_nettle_mpi_mul,
+ .bigint_mulm = wrap_nettle_mpi_mulm,
+ .bigint_mul_ui = wrap_nettle_mpi_mul_ui,
+ .bigint_div = wrap_nettle_mpi_div,
+ .bigint_prime_check = wrap_nettle_prime_check,
+ .bigint_release = wrap_nettle_mpi_release,
+ .bigint_print = wrap_nettle_mpi_print,
+ .bigint_scan = wrap_nettle_mpi_scan,
+ .bigint_generate_group = wrap_nettle_generate_group
+};
--- /dev/null
+/*
+ * Copyright (C) 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains the functions needed for RSA/DSA public key
+ * encryption and signatures.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_mpi.h>
+#include <gnutls_pk.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_num.h>
+#include <x509/x509_int.h>
+#include <x509/common.h>
+#include <random.h>
+#include <gnutls_pk.h>
+#include <nettle/dsa.h>
+#include <nettle/rsa.h>
+#include <random.h>
+#include <gnutls/crypto.h>
+
+#define TOMPZ(x) (*((mpz_t*)(x)))
+
+static void
+rnd_func (void *_ctx, unsigned length, uint8_t * data)
+{
+ _gnutls_rnd (GNUTLS_RND_RANDOM, data, length);
+}
+
+static void
+_dsa_params_to_pubkey (const gnutls_pk_params_st * pk_params,
+ struct dsa_public_key *pub)
+{
+ memcpy (&pub->p, pk_params->params[0], sizeof (mpz_t));
+ memcpy (&pub->q, pk_params->params[1], sizeof (mpz_t));
+ memcpy (&pub->g, pk_params->params[2], sizeof (mpz_t));
+ memcpy (&pub->y, pk_params->params[3], sizeof (mpz_t));
+}
+
+static void
+_dsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
+ struct dsa_private_key *pub)
+{
+ memcpy (&pub->x, pk_params->params[4], sizeof (mpz_t));
+}
+
+static void
+_rsa_params_to_privkey (const gnutls_pk_params_st * pk_params,
+ struct rsa_private_key *priv)
+{
+ memcpy (&priv->d, pk_params->params[2], sizeof (mpz_t));
+ memcpy (&priv->p, pk_params->params[3], sizeof (mpz_t));
+ memcpy (&priv->q, pk_params->params[4], sizeof (mpz_t));
+ memcpy (&priv->c, pk_params->params[5], sizeof (mpz_t));
+ memcpy (&priv->a, pk_params->params[6], sizeof (mpz_t));
+ memcpy (&priv->b, pk_params->params[7], sizeof (mpz_t));
+
+}
+
+static int
+_wrap_nettle_pk_encrypt (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * ciphertext,
+ const gnutls_datum_t * plaintext,
+ const gnutls_pk_params_st * pk_params)
+{
+ int ret;
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ bigint_t p;
+
+ if (_gnutls_mpi_scan_nz (&p, plaintext->data, plaintext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ mpz_powm (p, p, TOMPZ (pk_params->params[1]) /*e */ ,
+ TOMPZ (pk_params->params[0] /*m */ ));
+
+ ret = _gnutls_mpi_dprint_size (p, ciphertext, plaintext->size);
+ _gnutls_mpi_release (&p);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+
+ return ret;
+}
+
+/* returns the blinded c and the inverse of a random
+ * number r;
+ */
+static bigint_t
+rsa_blind (bigint_t c, bigint_t e, bigint_t n, bigint_t * _ri)
+{
+ bigint_t nc = NULL, r = NULL, ri = NULL;
+
+ /* nc = c*(r^e)
+ * ri = r^(-1)
+ */
+ nc = _gnutls_mpi_alloc_like (n);
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ri = _gnutls_mpi_alloc_like (n);
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ r = _gnutls_mpi_randomize (NULL, _gnutls_mpi_get_nbits (n),
+ GNUTLS_RND_NONCE);
+ if (r == NULL)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ /* invert r */
+ if (mpz_invert (ri, r, n) == 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ /* r = r^e */
+
+ _gnutls_mpi_powm (r, r, e, n);
+
+ _gnutls_mpi_mulm (nc, c, r, n);
+
+ *_ri = ri;
+
+ _gnutls_mpi_release (&r);
+
+ return nc;
+fail:
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&r);
+ return NULL;
+}
+
+/* c = c*ri mod n
+ */
+static inline void
+rsa_unblind (bigint_t c, bigint_t ri, bigint_t n)
+{
+ _gnutls_mpi_mulm (c, c, ri, n);
+}
+
+static int
+_wrap_nettle_pk_decrypt (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * plaintext,
+ const gnutls_datum_t * ciphertext,
+ const gnutls_pk_params_st * pk_params)
+{
+ int ret;
+
+ /* make a sexp from pkey */
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ bigint_t c, ri, nc;
+
+ if (_gnutls_mpi_scan_nz (&c, ciphertext->data, ciphertext->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ nc = rsa_blind (c, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
+ _gnutls_mpi_release (&c);
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ rsa_private_key_init (&priv);
+ _rsa_params_to_privkey (pk_params, &priv);
+
+ rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
+
+ rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
+
+ ret = _gnutls_mpi_dprint_size (nc, plaintext, ciphertext->size);
+
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&ri);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+
+ return ret;
+}
+
+/* in case of DSA puts into data, r,s
+ */
+static int
+_wrap_nettle_pk_sign (gnutls_pk_algorithm_t algo,
+ gnutls_datum_t * signature,
+ const gnutls_datum_t * vdata,
+ const gnutls_pk_params_st * pk_params)
+{
+ int ret, hash;
+
+ switch (algo)
+ {
+
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+ struct dsa_signature sig;
+ int hash_len;
+
+ dsa_public_key_init (&pub);
+ dsa_private_key_init (&priv);
+ _dsa_params_to_pubkey (pk_params, &pub);
+ _dsa_params_to_privkey (pk_params, &priv);
+
+ dsa_signature_init (&sig);
+
+ hash = _gnutls_dsa_q_to_hash (pub.q);
+ hash_len = _gnutls_hash_get_algo_len (hash);
+ if (hash_len > vdata->size)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret =
+ _dsa_sign (&pub, &priv, NULL, rnd_func,
+ hash_len, vdata->data, &sig);
+ if (ret == 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIGN_FAILED;
+ goto dsa_fail;
+ }
+
+ ret = _gnutls_encode_ber_rs (signature, &sig.r, &sig.s);
+
+ dsa_fail:
+ dsa_signature_clear (&sig);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_private_key priv;
+ bigint_t hash, nc, ri;
+
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ rsa_private_key_init (&priv);
+ _rsa_params_to_privkey (pk_params, &priv);
+
+ nc = rsa_blind (hash, pk_params->params[1] /*e */ ,
+ pk_params->params[0] /*m */ , &ri);
+
+ _gnutls_mpi_release (&hash);
+
+ if (nc == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ rsa_compute_root (&priv, TOMPZ (nc), TOMPZ (nc));
+
+ rsa_unblind (nc, ri, pk_params->params[0] /*m */ );
+
+ ret = _gnutls_mpi_dprint (nc, signature);
+ _gnutls_mpi_release (&nc);
+ _gnutls_mpi_release (&ri);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+
+ return ret;
+}
+
+static int
+_int_rsa_verify (const gnutls_pk_params_st * pk_params,
+ bigint_t m, bigint_t s)
+{
+ int res;
+
+ mpz_t m1;
+
+ if ((mpz_sgn (TOMPZ (s)) <= 0)
+ || (mpz_cmp (TOMPZ (s), TOMPZ (pk_params->params[0])) >= 0))
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+
+ mpz_init (m1);
+
+ mpz_powm (m1, TOMPZ (s), TOMPZ (pk_params->params[1]),
+ TOMPZ (pk_params->params[0]));
+
+ res = !mpz_cmp (TOMPZ (m), m1);
+
+ mpz_clear (m1);
+
+ if (res == 0)
+ res = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ else
+ res = 0;
+
+ return res;
+}
+
+static int
+_wrap_nettle_pk_verify (gnutls_pk_algorithm_t algo,
+ const gnutls_datum_t * vdata,
+ const gnutls_datum_t * signature,
+ const gnutls_pk_params_st * pk_params)
+{
+ int ret, hash;
+ bigint_t tmp[2] = { NULL, NULL };
+
+ switch (algo)
+ {
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_signature sig;
+
+ ret = _gnutls_decode_ber_rs (signature, &tmp[0], &tmp[1]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ dsa_public_key_init (&pub);
+ _dsa_params_to_pubkey (pk_params, &pub);
+ memcpy (&sig.r, tmp[0], sizeof (sig.r));
+ memcpy (&sig.s, tmp[1], sizeof (sig.s));
+
+ hash = _gnutls_dsa_q_to_hash (pub.q);
+
+ if (vdata->size != _gnutls_hash_get_algo_len (hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ goto dsa_fail;
+ }
+
+ ret = _dsa_verify (&pub, vdata->size, vdata->data, &sig);
+ if (ret == 0)
+ {
+ gnutls_assert();
+ ret = GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+ else
+ ret = 0;
+
+ dsa_fail:
+ _gnutls_mpi_release (&tmp[0]);
+ _gnutls_mpi_release (&tmp[1]);
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ bigint_t hash;
+
+ if (_gnutls_mpi_scan_nz (&hash, vdata->data, vdata->size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ ret = _gnutls_mpi_scan_nz (&tmp[0], signature->data, signature->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _int_rsa_verify (pk_params, hash, tmp[0]);
+ _gnutls_mpi_release (&tmp[0]);
+ _gnutls_mpi_release (&hash);
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ goto cleanup;
+ }
+
+cleanup:
+
+ return ret;
+}
+
+static int
+wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
+ unsigned int level /*bits */ ,
+ gnutls_pk_params_st * params)
+{
+ int ret, i;
+ int q_bits;
+
+ switch (algo)
+ {
+
+ case GNUTLS_PK_DSA:
+ {
+ struct dsa_public_key pub;
+ struct dsa_private_key priv;
+
+ dsa_public_key_init (&pub);
+ dsa_private_key_init (&priv);
+
+ /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
+ * but we do NIST DSA here */
+ if (level <= 1024)
+ q_bits = 160;
+ else
+ q_bits = 256;
+
+ ret =
+ dsa_generate_keypair (&pub, &priv, NULL,
+ rnd_func, NULL, NULL, level, q_bits);
+ if (ret != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
+ {
+ params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
+ if (params->params[i] == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ dsa_private_key_clear (&priv);
+ dsa_public_key_clear (&pub);
+ goto fail;
+ }
+ params->params_nr++;
+ }
+ _gnutls_mpi_set (params->params[0], pub.p);
+ _gnutls_mpi_set (params->params[1], pub.q);
+ _gnutls_mpi_set (params->params[2], pub.g);
+ _gnutls_mpi_set (params->params[3], pub.y);
+ _gnutls_mpi_set (params->params[4], priv.x);
+
+ dsa_private_key_clear (&priv);
+ dsa_public_key_clear (&pub);
+
+ break;
+ }
+ case GNUTLS_PK_RSA:
+ {
+ struct rsa_public_key pub;
+ struct rsa_private_key priv;
+
+ rsa_public_key_init (&pub);
+ rsa_private_key_init (&priv);
+
+ _gnutls_mpi_set_ui (&pub.e, 65537);
+
+ ret =
+ rsa_generate_keypair (&pub, &priv, NULL,
+ rnd_func, NULL, NULL, level, 0);
+ if (ret != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ params->params_nr = 0;
+ for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
+ {
+ params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
+ if (params->params[i] == NULL)
+ {
+ ret = GNUTLS_E_MEMORY_ERROR;
+ rsa_private_key_clear (&priv);
+ rsa_public_key_clear (&pub);
+ goto fail;
+ }
+ params->params_nr++;
+
+ }
+ _gnutls_mpi_set (params->params[0], pub.n);
+ _gnutls_mpi_set (params->params[1], pub.e);
+ _gnutls_mpi_set (params->params[2], priv.d);
+ _gnutls_mpi_set (params->params[3], priv.p);
+ _gnutls_mpi_set (params->params[4], priv.q);
+ _gnutls_mpi_set (params->params[5], priv.c);
+ _gnutls_mpi_set (params->params[6], priv.a);
+ _gnutls_mpi_set (params->params[7], priv.b);
+ rsa_private_key_clear (&priv);
+ rsa_public_key_clear (&pub);
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+fail:
+
+ for (i = 0; i < params->params_nr; i++)
+ {
+ _gnutls_mpi_release (¶ms->params[i]);
+ }
+ params->params_nr = 0;
+
+ return ret;
+}
+
+
+static int
+wrap_nettle_pk_fixup (gnutls_pk_algorithm_t algo,
+ gnutls_direction_t direction,
+ gnutls_pk_params_st * params)
+{
+ int result;
+
+ if (direction == GNUTLS_IMPORT && algo == GNUTLS_PK_RSA)
+ {
+ /* do not trust the generated values. Some old private keys
+ * generated by us have mess on the values. Those were very
+ * old but it seemed some of the shipped example private
+ * keys were as old.
+ */
+ mpz_invert (TOMPZ (params->params[5]),
+ TOMPZ (params->params[4]), TOMPZ (params->params[3]));
+
+ /* calculate exp1 [6] and exp2 [7] */
+ _gnutls_mpi_release (¶ms->params[6]);
+ _gnutls_mpi_release (¶ms->params[7]);
+
+ result = _gnutls_calc_rsa_exp (params->params, RSA_PRIVATE_PARAMS - 2);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ params->params_nr = RSA_PRIVATE_PARAMS;
+ }
+
+ return 0;
+}
+
+int crypto_pk_prio = INT_MAX;
+
+gnutls_crypto_pk_st _gnutls_pk_ops = {
+ .encrypt = _wrap_nettle_pk_encrypt,
+ .decrypt = _wrap_nettle_pk_decrypt,
+ .sign = _wrap_nettle_pk_sign,
+ .verify = _wrap_nettle_pk_verify,
+ .generate = wrap_nettle_pk_generate_params,
+ .pk_fixup_private_params = wrap_nettle_pk_fixup,
+};
--- /dev/null
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ * Copyright (C) 2000, 2001, 2008 Niels Möller
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GNUTLS.
+ *
+ * The GNUTLS library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Here is the random generator layer. This code was based on the LSH
+ * random generator (the trivia and device source functions for POSIX)
+ * and modified to fit gnutls' needs. Relicenced with permission.
+ * Original author Niels Möller.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <nettle/yarrow.h>
+
+#define SOURCES 2
+
+#define RND_LOCK if (gnutls_mutex_lock(&rnd_mutex)!=0) abort()
+#define RND_UNLOCK if (gnutls_mutex_unlock(&rnd_mutex)!=0) abort()
+
+enum
+{
+ RANDOM_SOURCE_TRIVIA = 0,
+ RANDOM_SOURCE_DEVICE,
+};
+
+static struct yarrow256_ctx yctx;
+static struct yarrow_source ysources[SOURCES];
+static time_t device_last_read = 0;
+static time_t trivia_time_count = 0;
+
+static void *rnd_mutex;
+
+#define DEVICE_READ_INTERVAL 1200
+
+#ifdef _WIN32
+
+#include <windows.h>
+
+#define DEVICE_READ_SIZE 16
+#define DEVICE_READ_SIZE_MAX 32
+
+static HCRYPTPROV device_fd = NULL;
+
+static int
+do_trivia_source (int init)
+{
+ struct
+ {
+ FILETIME now;
+ unsigned count;
+ } event;
+
+ unsigned entropy = 0;
+
+ GetSystemTimeAsFileTime (&event.now);
+ event.count = 0;
+
+ if (init)
+ {
+ trivia_time_count = 0;
+ }
+ else
+ {
+ event.count = trivia_time_count++;
+ entropy = 1;
+ }
+
+ return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
+ sizeof (event), (const uint8_t *) &event);
+}
+
+static int
+do_device_source (int init)
+{
+ time_t now = time (NULL);
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init)
+ {
+ int old;
+
+ if (!CryptAcquireContext
+ (&device_fd, NULL, NULL, PROV_RSA_FULL,
+ CRYPT_SILENT | CRYPT_VERIFYCONTEXT))
+ {
+ _gnutls_debug_log ("error in CryptAcquireContext!\n");
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ device_last_read = now;
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((device_fd != NULL)
+ && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
+ {
+
+ /* More than a minute since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+
+ if (!CryptGenRandom (device_fd, (DWORD) read_size, buf))
+ {
+ _gnutls_debug_log ("Error in CryptGenRandom: %s\n",
+ GetLastError ());
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ device_last_read = now;
+ return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 /
+ 2 /* we trust the system RNG */ ,
+ read_size, buf);
+ }
+ return 0;
+}
+
+static void
+wrap_nettle_rnd_deinit (void *ctx)
+{
+ RND_LOCK;
+ CryptReleaseContext (device_fd, 0);
+ RND_UNLOCK;
+
+ gnutls_mutex_deinit (&rnd_mutex);
+ rnd_mutex = NULL;
+}
+
+#else /* POSIX */
+
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <fcntl.h>
+#include <locks.h>
+#include <unistd.h> /* getpid */
+#ifdef HAVE_GETRUSAGE
+#include <sys/resource.h>
+#endif
+#include "egd.h"
+
+#define DEVICE_READ_SIZE 16
+#define DEVICE_READ_SIZE_MAX 32
+
+static int device_fd;
+static time_t trivia_previous_time = 0;
+
+static int
+do_trivia_source (int init)
+{
+ struct
+ {
+ struct timeval now;
+#ifdef HAVE_GETRUSAGE
+ struct rusage rusage;
+#endif
+ unsigned count;
+ pid_t pid;
+ } event;
+
+ unsigned entropy = 0;
+
+ if (gettimeofday (&event.now, NULL) < 0)
+ {
+ _gnutls_debug_log ("gettimeofday failed: %s\n", strerror (errno));
+ abort ();
+ }
+#ifdef HAVE_GETRUSAGE
+ if (getrusage (RUSAGE_SELF, &event.rusage) < 0)
+ {
+ _gnutls_debug_log ("getrusage failed: %s\n", strerror (errno));
+ abort ();
+ }
+#endif
+
+ event.count = 0;
+ if (init)
+ {
+ trivia_time_count = 0;
+ }
+ else
+ {
+ event.count = trivia_time_count++;
+
+ if (event.now.tv_sec != trivia_previous_time)
+ {
+ /* Count one bit of entropy if we either have more than two
+ * invocations in one second, or more than two seconds
+ * between invocations. */
+ if ((trivia_time_count > 2)
+ || ((event.now.tv_sec - trivia_previous_time) > 2))
+ entropy++;
+
+ trivia_time_count = 0;
+ }
+ }
+ trivia_previous_time = event.now.tv_sec;
+ event.pid = getpid ();
+
+ return yarrow256_update (&yctx, RANDOM_SOURCE_TRIVIA, entropy,
+ sizeof (event), (const uint8_t *) &event);
+}
+
+static int
+do_device_source_urandom (int init)
+{
+ time_t now = time (NULL);
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init)
+ {
+ int old;
+
+ device_fd = open ("/dev/urandom", O_RDONLY);
+ if (device_fd < 0)
+ {
+ _gnutls_debug_log ("Cannot open urandom!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ old = fcntl (device_fd, F_GETFD);
+ fcntl (device_fd, F_SETFD, old | 1);
+ device_last_read = now;
+
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((device_fd > 0)
+ && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
+ {
+ /* More than a minute since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;)
+ {
+ int res;
+ do
+ res = read (device_fd, buf + done, sizeof (buf) - done);
+ while (res < 0 && errno == EINTR);
+
+ if (res <= 0)
+ {
+ if (res < 0)
+ {
+ _gnutls_debug_log ("Failed to read /dev/urandom: %s\n",
+ strerror (errno));
+ }
+ else
+ {
+ _gnutls_debug_log
+ ("Failed to read /dev/urandom: end of file\n");
+ }
+
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ done += res;
+ }
+
+ device_last_read = now;
+ return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE,
+ read_size * 8 / 2 /* we trust the RNG */ ,
+ read_size, buf);
+ }
+ return 0;
+}
+
+static int
+do_device_source_egd (int init)
+{
+ time_t now = time (NULL);
+ int read_size = DEVICE_READ_SIZE;
+
+ if (init)
+ {
+ device_fd = _rndegd_connect_socket ();
+ if (device_fd < 0)
+ {
+ _gnutls_debug_log ("Cannot open egd socket!\n");
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ device_last_read = now;
+
+ read_size = DEVICE_READ_SIZE_MAX; /* initially read more data */
+ }
+
+ if ((device_fd > 0)
+ && (init || ((now - device_last_read) > DEVICE_READ_INTERVAL)))
+ {
+
+ /* More than a minute since we last read the device */
+ uint8_t buf[DEVICE_READ_SIZE_MAX];
+ uint32_t done;
+
+ for (done = 0; done < read_size;)
+ {
+ int res;
+ res = _rndegd_read (&device_fd, buf + done, sizeof (buf) - done);
+ if (res <= 0)
+ {
+ if (res < 0)
+ {
+ _gnutls_debug_log ("Failed to read egd.\n");
+ }
+ else
+ {
+ _gnutls_debug_log ("Failed to read egd: end of file\n");
+ }
+
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+ done += res;
+ }
+
+ device_last_read = now;
+ return yarrow256_update (&yctx, RANDOM_SOURCE_DEVICE, read_size * 8 / 2,
+ read_size, buf);
+ }
+ return 0;
+}
+
+static int
+do_device_source (int init)
+{
+ static pid_t pid; /* detect fork() */
+ int ret, reseed = 0;
+ static int (*do_source) (int init) = NULL;
+/* using static var here is ok since we are
+ * always called with mutexes down
+ */
+
+ if (init == 1)
+ {
+ pid = getpid();
+
+ do_source = do_device_source_urandom;
+ ret = do_source (init);
+ if (ret < 0)
+ {
+ do_source = do_device_source_egd;
+ ret = do_source (init);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return ret;
+ }
+ else
+ {
+ if (getpid() != pid)
+ { /* fork() detected */
+ device_last_read = 0;
+ pid = getpid();
+ reseed = 1;
+ }
+
+ ret = do_source (init);
+
+ if (reseed)
+ yarrow256_slow_reseed (&yctx);
+
+ return ret;
+ }
+}
+
+
+static void
+wrap_nettle_rnd_deinit (void *ctx)
+{
+ RND_LOCK;
+ close (device_fd);
+ RND_UNLOCK;
+
+ gnutls_mutex_deinit (&rnd_mutex);
+ rnd_mutex = NULL;
+}
+
+#endif
+
+
+static int
+wrap_nettle_rnd_init (void **ctx)
+{
+ int ret;
+
+ ret = gnutls_mutex_init (&rnd_mutex);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ yarrow256_init (&yctx, SOURCES, ysources);
+
+ ret = do_device_source (1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = do_trivia_source (1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ yarrow256_slow_reseed (&yctx);
+
+ return 0;
+}
+
+
+
+static int
+wrap_nettle_rnd (void *_ctx, int level, void *data, size_t datasize)
+{
+ int ret;
+
+ RND_LOCK;
+
+ ret = do_trivia_source (0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = do_device_source (0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ yarrow256_random (&yctx, datasize, data);
+ RND_UNLOCK;
+ return 0;
+}
+
+int crypto_rnd_prio = INT_MAX;
+
+gnutls_crypto_rnd_st _gnutls_rnd_ops = {
+ .init = wrap_nettle_rnd_init,
+ .deinit = wrap_nettle_rnd_deinit,
+ .rnd = wrap_nettle_rnd,
+};
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+# Foundation, Inc.
+#
+# Author: Nikos Mavroyanopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+AM_CPPFLAGS = \
+ -I$(srcdir)/../gl \
+ -I$(builddir)/../gl \
+ -I$(srcdir)/../includes \
+ -I$(builddir)/../includes \
+ -I$(srcdir)/..
+
+if ENABLE_MINITASN1
+AM_CPPFLAGS += -I$(srcdir)/../minitasn1
+endif
+
+noinst_LTLIBRARIES = libminiopencdk.la
+
+libminiopencdk_la_SOURCES = armor.c filters.h keydb.h main.c types.h \
+ kbnode.c main.h packet.h dummy.c sig-check.c verify.c hash.c \
+ keydb.c pubkey.c stream.c write-packet.c misc.c seskey.c \
+ context.h literal.c new-packet.c read-packet.c stream.h opencdk.h
+
+EXTRA_DIST = README
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+# Foundation, Inc.
+#
+# Author: Nikos Mavroyanopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@ENABLE_MINITASN1_TRUE@am__append_1 = -I$(srcdir)/../minitasn1
+subdir = opencdk
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libminiopencdk_la_LIBADD =
+am_libminiopencdk_la_OBJECTS = armor.lo main.lo kbnode.lo dummy.lo \
+ sig-check.lo verify.lo hash.lo keydb.lo pubkey.lo stream.lo \
+ write-packet.lo misc.lo seskey.lo literal.lo new-packet.lo \
+ read-packet.lo
+libminiopencdk_la_OBJECTS = $(am_libminiopencdk_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libminiopencdk_la_SOURCES)
+DIST_SOURCES = $(libminiopencdk_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CPPFLAGS = -I$(srcdir)/../gl -I$(builddir)/../gl \
+ -I$(srcdir)/../includes -I$(builddir)/../includes \
+ -I$(srcdir)/.. $(am__append_1)
+noinst_LTLIBRARIES = libminiopencdk.la
+libminiopencdk_la_SOURCES = armor.c filters.h keydb.h main.c types.h \
+ kbnode.c main.h packet.h dummy.c sig-check.c verify.c hash.c \
+ keydb.c pubkey.c stream.c write-packet.c misc.c seskey.c \
+ context.h literal.c new-packet.c read-packet.c stream.h opencdk.h
+
+EXTRA_DIST = README
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign opencdk/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign opencdk/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libminiopencdk.la: $(libminiopencdk_la_OBJECTS) $(libminiopencdk_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(libminiopencdk_la_OBJECTS) $(libminiopencdk_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/armor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dummy.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kbnode.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keydb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/literal.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/main.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/new-packet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pubkey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/read-packet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/seskey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sig-check.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stream.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/write-packet.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+This is a stripped down mirror of the files in OpenCDK
+src/. To avoid to link proc-packets.c, dummy.c is included.
+
+In Makefile.am libminiopencdk_la_SOURCES contains the list
+of all needed files.
--- /dev/null
+/* armor.c - Armor filters
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2007, 2008, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ * ChangeLog for basic BASE64 code (base64_encode, base64_decode):
+ * Original author: Eric S. Raymond (Fetchmail)
+ * Heavily modified by Brendan Cully <brendan@kublai.com> (Mutt)
+ * Modify the code for generic use by Timo Schulz <twoaday@freakmail.de>
+ */
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "filters.h"
+
+#ifdef __MINGW32__
+#define LF "\r\n"
+#else
+#define LF "\n"
+#endif
+
+#define CRCINIT 0xB704CE
+
+#define BAD -1
+#define b64val(c) index64[(unsigned int)(c)]
+
+static u32 crc_table[] = {
+ 0x000000, 0x864CFB, 0x8AD50D, 0x0C99F6, 0x93E6E1, 0x15AA1A, 0x1933EC,
+ 0x9F7F17,
+ 0xA18139, 0x27CDC2, 0x2B5434, 0xAD18CF, 0x3267D8, 0xB42B23, 0xB8B2D5,
+ 0x3EFE2E,
+ 0xC54E89, 0x430272, 0x4F9B84, 0xC9D77F, 0x56A868, 0xD0E493, 0xDC7D65,
+ 0x5A319E,
+ 0x64CFB0, 0xE2834B, 0xEE1ABD, 0x685646, 0xF72951, 0x7165AA, 0x7DFC5C,
+ 0xFBB0A7,
+ 0x0CD1E9, 0x8A9D12, 0x8604E4, 0x00481F, 0x9F3708, 0x197BF3, 0x15E205,
+ 0x93AEFE,
+ 0xAD50D0, 0x2B1C2B, 0x2785DD, 0xA1C926, 0x3EB631, 0xB8FACA, 0xB4633C,
+ 0x322FC7,
+ 0xC99F60, 0x4FD39B, 0x434A6D, 0xC50696, 0x5A7981, 0xDC357A, 0xD0AC8C,
+ 0x56E077,
+ 0x681E59, 0xEE52A2, 0xE2CB54, 0x6487AF, 0xFBF8B8, 0x7DB443, 0x712DB5,
+ 0xF7614E,
+ 0x19A3D2, 0x9FEF29, 0x9376DF, 0x153A24, 0x8A4533, 0x0C09C8, 0x00903E,
+ 0x86DCC5,
+ 0xB822EB, 0x3E6E10, 0x32F7E6, 0xB4BB1D, 0x2BC40A, 0xAD88F1, 0xA11107,
+ 0x275DFC,
+ 0xDCED5B, 0x5AA1A0, 0x563856, 0xD074AD, 0x4F0BBA, 0xC94741, 0xC5DEB7,
+ 0x43924C,
+ 0x7D6C62, 0xFB2099, 0xF7B96F, 0x71F594, 0xEE8A83, 0x68C678, 0x645F8E,
+ 0xE21375,
+ 0x15723B, 0x933EC0, 0x9FA736, 0x19EBCD, 0x8694DA, 0x00D821, 0x0C41D7,
+ 0x8A0D2C,
+ 0xB4F302, 0x32BFF9, 0x3E260F, 0xB86AF4, 0x2715E3, 0xA15918, 0xADC0EE,
+ 0x2B8C15,
+ 0xD03CB2, 0x567049, 0x5AE9BF, 0xDCA544, 0x43DA53, 0xC596A8, 0xC90F5E,
+ 0x4F43A5,
+ 0x71BD8B, 0xF7F170, 0xFB6886, 0x7D247D, 0xE25B6A, 0x641791, 0x688E67,
+ 0xEEC29C,
+ 0x3347A4, 0xB50B5F, 0xB992A9, 0x3FDE52, 0xA0A145, 0x26EDBE, 0x2A7448,
+ 0xAC38B3,
+ 0x92C69D, 0x148A66, 0x181390, 0x9E5F6B, 0x01207C, 0x876C87, 0x8BF571,
+ 0x0DB98A,
+ 0xF6092D, 0x7045D6, 0x7CDC20, 0xFA90DB, 0x65EFCC, 0xE3A337, 0xEF3AC1,
+ 0x69763A,
+ 0x578814, 0xD1C4EF, 0xDD5D19, 0x5B11E2, 0xC46EF5, 0x42220E, 0x4EBBF8,
+ 0xC8F703,
+ 0x3F964D, 0xB9DAB6, 0xB54340, 0x330FBB, 0xAC70AC, 0x2A3C57, 0x26A5A1,
+ 0xA0E95A,
+ 0x9E1774, 0x185B8F, 0x14C279, 0x928E82, 0x0DF195, 0x8BBD6E, 0x872498,
+ 0x016863,
+ 0xFAD8C4, 0x7C943F, 0x700DC9, 0xF64132, 0x693E25, 0xEF72DE, 0xE3EB28,
+ 0x65A7D3,
+ 0x5B59FD, 0xDD1506, 0xD18CF0, 0x57C00B, 0xC8BF1C, 0x4EF3E7, 0x426A11,
+ 0xC426EA,
+ 0x2AE476, 0xACA88D, 0xA0317B, 0x267D80, 0xB90297, 0x3F4E6C, 0x33D79A,
+ 0xB59B61,
+ 0x8B654F, 0x0D29B4, 0x01B042, 0x87FCB9, 0x1883AE, 0x9ECF55, 0x9256A3,
+ 0x141A58,
+ 0xEFAAFF, 0x69E604, 0x657FF2, 0xE33309, 0x7C4C1E, 0xFA00E5, 0xF69913,
+ 0x70D5E8,
+ 0x4E2BC6, 0xC8673D, 0xC4FECB, 0x42B230, 0xDDCD27, 0x5B81DC, 0x57182A,
+ 0xD154D1,
+ 0x26359F, 0xA07964, 0xACE092, 0x2AAC69, 0xB5D37E, 0x339F85, 0x3F0673,
+ 0xB94A88,
+ 0x87B4A6, 0x01F85D, 0x0D61AB, 0x8B2D50, 0x145247, 0x921EBC, 0x9E874A,
+ 0x18CBB1,
+ 0xE37B16, 0x6537ED, 0x69AE1B, 0xEFE2E0, 0x709DF7, 0xF6D10C, 0xFA48FA,
+ 0x7C0401,
+ 0x42FA2F, 0xC4B6D4, 0xC82F22, 0x4E63D9, 0xD11CCE, 0x575035, 0x5BC9C3,
+ 0xDD8538
+};
+
+static const char *armor_begin[] = {
+ "BEGIN PGP MESSAGE",
+ "BEGIN PGP PUBLIC KEY BLOCK",
+ "BEGIN PGP PRIVATE KEY BLOCK",
+ "BEGIN PGP SIGNATURE",
+ NULL
+};
+
+static const char *armor_end[] = {
+ "END PGP MESSAGE",
+ "END PGP PUBLIC KEY BLOCK",
+ "END PGP PRIVATE KEY BLOCK",
+ "END PGP SIGNATURE",
+ NULL
+};
+
+static const char *valid_headers[] = {
+ "Comment",
+ "Version",
+ "MessageID",
+ "Hash",
+ "Charset",
+ NULL
+};
+
+static char b64chars[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static int index64[128] = {
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63,
+ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1,
+ -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
+ 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1,
+ -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
+ 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1
+};
+
+
+/* encode a raw binary buffer to a null-terminated base64 strings */
+static int
+base64_encode (char *out, const byte * in, size_t len, size_t olen)
+{
+ if (!out || !in)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ while (len >= 3 && olen > 10)
+ {
+ *out++ = b64chars[in[0] >> 2];
+ *out++ = b64chars[((in[0] << 4) & 0x30) | (in[1] >> 4)];
+ *out++ = b64chars[((in[1] << 2) & 0x3c) | (in[2] >> 6)];
+ *out++ = b64chars[in[2] & 0x3f];
+ olen -= 4;
+ len -= 3;
+ in += 3;
+ }
+
+ /* clean up remainder */
+ if (len > 0 && olen > 4)
+ {
+ byte fragment = 0;
+ *out++ = b64chars[in[0] >> 2];
+ fragment = (in[0] << 4) & 0x30;
+ if (len > 1)
+ fragment |= in[1] >> 4;
+ *out++ = b64chars[fragment];
+ *out++ = (len < 2) ? '=' : b64chars[(in[1] << 2) & 0x3c];
+ *out++ = '=';
+ }
+ *out = '\0';
+ return 0;
+}
+
+
+/* Convert '\0'-terminated base64 string to raw byte buffer.
+ Returns length of returned buffer, or -1 on error. */
+static int
+base64_decode (byte * out, const char *in)
+{
+ size_t len;
+ byte digit1, digit2, digit3, digit4;
+
+ if (!out || !in)
+ {
+ gnutls_assert ();
+ return -1;
+ }
+
+ len = 0;
+ do
+ {
+ digit1 = in[0];
+ if (digit1 > 127 || b64val (digit1) == BAD)
+ {
+ gnutls_assert ();
+ return -1;
+ }
+ digit2 = in[1];
+ if (digit2 > 127 || b64val (digit2) == BAD)
+ {
+ gnutls_assert ();
+ return -1;
+ }
+ digit3 = in[2];
+ if (digit3 > 127 || ((digit3 != '=') && (b64val (digit3) == BAD)))
+ {
+ gnutls_assert ();
+ return -1;
+ }
+ digit4 = in[3];
+ if (digit4 > 127 || ((digit4 != '=') && (b64val (digit4) == BAD)))
+ {
+ gnutls_assert ();
+ return -1;
+ }
+ in += 4;
+
+ /* digits are already sanity-checked */
+ *out++ = (b64val (digit1) << 2) | (b64val (digit2) >> 4);
+ len++;
+ if (digit3 != '=')
+ {
+ *out++ = ((b64val (digit2) << 4) & 0xf0) | (b64val (digit3) >> 2);
+ len++;
+ if (digit4 != '=')
+ {
+ *out++ = ((b64val (digit3) << 6) & 0xc0) | b64val (digit4);
+ len++;
+ }
+ }
+ }
+ while (*in && digit4 != '=');
+
+ return len;
+}
+
+
+/* Return the compression algorithm in @r_zipalgo.
+ If the parameter is not set after execution,
+ the stream is not compressed. */
+static int
+compress_get_algo (cdk_stream_t inp, int *r_zipalgo)
+{
+ byte plain[512];
+ char buf[128];
+ int nread, pkttype;
+
+ *r_zipalgo = 0;
+ cdk_stream_seek (inp, 0);
+ while (!cdk_stream_eof (inp))
+ {
+ nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
+ if (!nread || nread == -1)
+ break;
+ if (nread == 1 && !cdk_stream_eof (inp)
+ && (nread = _cdk_stream_gets (inp, buf, DIM (buf) - 1)) > 0)
+ {
+ base64_decode (plain, buf);
+ if (!(*plain & 0x80))
+ break;
+ pkttype = *plain & 0x40 ? (*plain & 0x3f) : ((*plain >> 2) & 0xf);
+ if (pkttype == CDK_PKT_COMPRESSED && r_zipalgo)
+ {
+ _gnutls_buffers_log ("armor compressed (algo=%d)\n",
+ *(plain + 1));
+ *r_zipalgo = *(plain + 1);
+ }
+ break;
+ }
+ }
+ return 0;
+}
+
+
+static int
+check_armor (cdk_stream_t inp, int *r_zipalgo)
+{
+ char buf[4096];
+ size_t nread;
+ int check;
+
+ check = 0;
+ nread = cdk_stream_read (inp, buf, DIM (buf) - 1);
+ if (nread > 0)
+ {
+ buf[nread] = '\0';
+ if (strstr (buf, "-----BEGIN PGP"))
+ {
+ compress_get_algo (inp, r_zipalgo);
+ check = 1;
+ }
+ cdk_stream_seek (inp, 0);
+ }
+ return check;
+}
+
+
+static int
+is_armored (int ctb)
+{
+ int pkttype = 0;
+
+ if (!(ctb & 0x80))
+ {
+ gnutls_assert ();
+ return 1; /* invalid packet: assume it is armored */
+ }
+ pkttype = ctb & 0x40 ? (ctb & 0x3f) : ((ctb >> 2) & 0xf);
+ switch (pkttype)
+ {
+ case CDK_PKT_MARKER:
+ case CDK_PKT_ONEPASS_SIG:
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_PUBKEY_ENC:
+ case CDK_PKT_SIGNATURE:
+ case CDK_PKT_LITERAL:
+ case CDK_PKT_COMPRESSED:
+ return 0; /* seems to be a regular packet: not armored */
+ }
+ return 1;
+}
+
+
+static u32
+update_crc (u32 crc, const byte * buf, size_t buflen)
+{
+ unsigned int j;
+
+ if (!crc)
+ crc = CRCINIT;
+
+ for (j = 0; j < buflen; j++)
+ crc = (crc << 8) ^ crc_table[0xff & ((crc >> 16) ^ buf[j])];
+ crc &= 0xffffff;
+ return crc;
+}
+
+
+static cdk_error_t
+armor_encode (void *data, FILE * in, FILE * out)
+{
+ armor_filter_t *afx = data;
+ struct stat statbuf;
+ char crcbuf[5], buf[128], raw[49];
+ byte crcbuf2[3];
+ size_t nread = 0;
+ const char *lf;
+
+ if (!afx)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (afx->idx < 0 || afx->idx > (int) DIM (armor_begin) ||
+ afx->idx2 < 0 || afx->idx2 > (int) DIM (armor_end))
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_buffers_log ("armor filter: encode\n");
+
+ memset (crcbuf, 0, sizeof (crcbuf));
+
+ lf = afx->le ? afx->le : LF;
+ fprintf (out, "-----%s-----%s", armor_begin[afx->idx], lf);
+ fprintf (out, "Version: OpenPrivacy " PACKAGE_VERSION "%s", lf);
+ if (afx->hdrlines)
+ fwrite (afx->hdrlines, 1, strlen (afx->hdrlines), out);
+ fprintf (out, "%s", lf);
+
+ if (fstat (fileno (in), &statbuf))
+ {
+ gnutls_assert ();
+ return CDK_General_Error;
+ }
+
+ while (!feof (in))
+ {
+ nread = fread (raw, 1, DIM (raw) - 1, in);
+ if (!nread)
+ break;
+ if (ferror (in))
+ {
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+ afx->crc = update_crc (afx->crc, (byte *) raw, nread);
+ base64_encode (buf, (byte *) raw, nread, DIM (buf) - 1);
+ fprintf (out, "%s%s", buf, lf);
+ }
+
+ crcbuf2[0] = afx->crc >> 16;
+ crcbuf2[1] = afx->crc >> 8;
+ crcbuf2[2] = afx->crc;
+ crcbuf[0] = b64chars[crcbuf2[0] >> 2];
+ crcbuf[1] = b64chars[((crcbuf2[0] << 4) & 0x30) | (crcbuf2[1] >> 4)];
+ crcbuf[2] = b64chars[((crcbuf2[1] << 2) & 0x3c) | (crcbuf2[2] >> 6)];
+ crcbuf[3] = b64chars[crcbuf2[2] & 0x3f];
+ fprintf (out, "=%s%s", crcbuf, lf);
+ fprintf (out, "-----%s-----%s", armor_end[afx->idx2], lf);
+
+ return 0;
+}
+
+
+/**
+ * cdk_armor_filter_use:
+ * @inp: the stream to check
+ *
+ * Check if the stream contains armored data.
+ **/
+int
+cdk_armor_filter_use (cdk_stream_t inp)
+{
+ int c, check;
+ int zipalgo;
+
+ zipalgo = 0;
+ c = cdk_stream_getc (inp);
+ if (c == EOF)
+ return 0; /* EOF, doesn't matter whether armored or not */
+ cdk_stream_seek (inp, 0);
+ check = is_armored (c);
+ if (check)
+ {
+ check = check_armor (inp, &zipalgo);
+ if (zipalgo)
+ _cdk_stream_set_compress_algo (inp, zipalgo);
+ }
+ return check;
+}
+
+
+static int
+search_header (const char *buf, const char **array)
+{
+ const char *s;
+ int i;
+
+ if (strlen (buf) < 5 || strncmp (buf, "-----", 5))
+ {
+ gnutls_assert ();
+ return -1;
+ }
+ for (i = 0; (s = array[i]); i++)
+ {
+ if (!strncmp (s, buf + 5, strlen (s)))
+ return i;
+ }
+ return -1;
+}
+
+
+const char *
+_cdk_armor_get_lineend (void)
+{
+ return LF;
+}
+
+
+static cdk_error_t
+armor_decode (void *data, FILE * in, FILE * out)
+{
+ armor_filter_t *afx = data;
+ const char *s;
+ char buf[127];
+ byte raw[128], crcbuf[4];
+ u32 crc2 = 0;
+ ssize_t nread = 0;
+ int i, pgp_data = 0;
+ cdk_error_t rc = 0;
+
+ if (!afx)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_buffers_log ("armor filter: decode\n");
+
+ fseek (in, 0, SEEK_SET);
+ /* Search the begin of the message */
+ while (!feof (in) && !pgp_data)
+ {
+ s = fgets (buf, DIM (buf) - 1, in);
+ if (!s)
+ break;
+ afx->idx = search_header (buf, armor_begin);
+ if (afx->idx >= 0)
+ pgp_data = 1;
+ }
+
+ if (feof (in) || !pgp_data)
+ {
+ gnutls_assert ();
+ return CDK_Armor_Error; /* no data found */
+ }
+
+ /* Parse header until the empty line is reached */
+ while (!feof (in))
+ {
+ s = fgets (buf, DIM (buf) - 1, in);
+ if (!s)
+ return CDK_EOF;
+ if (strlen (s) == strlen (LF))
+ {
+ rc = 0;
+ break; /* empty line */
+ }
+ /* From RFC2440: OpenPGP should consider improperly formatted Armor
+ Headers to be corruption of the ASCII Armor. A colon and a single
+ space separate the key and value. */
+ if (!strstr (buf, ": "))
+ {
+ gnutls_assert ();
+ return CDK_Armor_Error;
+ }
+ rc = CDK_General_Error;
+ for (i = 0; (s = valid_headers[i]); i++)
+ {
+ if (!strncmp (s, buf, strlen (s)))
+ rc = 0;
+ }
+ if (rc)
+ {
+ /* From RFC2440: Unknown keys should be reported to the user,
+ but OpenPGP should continue to process the message. */
+ _cdk_log_info ("unknown header: `%s'\n", buf);
+ rc = 0;
+ }
+ }
+
+ /* Read the data body */
+ while (!feof (in))
+ {
+ s = fgets (buf, DIM (buf) - 1, in);
+ if (!s)
+ break;
+ buf[strlen (buf) - strlen (LF)] = '\0';
+ if (buf[0] == '=' && strlen (s) == 5)
+ { /* CRC */
+ memset (crcbuf, 0, sizeof (crcbuf));
+ base64_decode (crcbuf, buf + 1);
+ crc2 = (crcbuf[0] << 16) | (crcbuf[1] << 8) | crcbuf[2];
+ break; /* stop here */
+ }
+ else
+ {
+ nread = base64_decode (raw, buf);
+ if (nread == -1 || nread == 0)
+ break;
+ afx->crc = update_crc (afx->crc, raw, nread);
+ fwrite (raw, 1, nread, out);
+ }
+ }
+
+ /* Search the tail of the message */
+ s = fgets (buf, DIM (buf) - 1, in);
+ if (s)
+ {
+ buf[strlen (buf) - strlen (LF)] = '\0';
+ rc = CDK_General_Error;
+ afx->idx2 = search_header (buf, armor_end);
+ if (afx->idx2 >= 0)
+ rc = 0;
+ }
+
+ /* This catches error when no tail was found or the header is
+ different then the tail line. */
+ if (rc || afx->idx != afx->idx2)
+ rc = CDK_Armor_Error;
+
+ afx->crc_okay = (afx->crc == crc2) ? 1 : 0;
+ if (!afx->crc_okay && !rc)
+ {
+ _gnutls_buffers_log ("file crc=%08X afx_crc=%08X\n",
+ (unsigned int) crc2, (unsigned int) afx->crc);
+ rc = CDK_Armor_CRC_Error;
+ }
+
+ return rc;
+}
+
+
+/**
+ * cdk_file_armor:
+ * @hd: Handle
+ * @file: Name of the file to protect.
+ * @output: Output filename.
+ *
+ * Protect a file with ASCII armor.
+ **/
+cdk_error_t
+cdk_file_armor (cdk_ctx_t hd, const char *file, const char *output)
+{
+ cdk_stream_t inp, out;
+ cdk_error_t rc;
+
+ rc = _cdk_check_args (hd->opt.overwrite, file, output);
+ if (rc)
+ return rc;
+
+ rc = cdk_stream_open (file, &inp);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = cdk_stream_new (output, &out);
+ if (rc)
+ {
+ cdk_stream_close (inp);
+ gnutls_assert ();
+ return rc;
+ }
+
+ cdk_stream_set_armor_flag (out, CDK_ARMOR_MESSAGE);
+ if (hd->opt.compress)
+ rc = cdk_stream_set_compress_flag (out, hd->compress.algo,
+ hd->compress.level);
+ if (!rc)
+ rc = cdk_stream_set_literal_flag (out, 0, file);
+ if (!rc)
+ rc = cdk_stream_kick_off (inp, out);
+ if (!rc)
+ rc = _cdk_stream_get_errno (out);
+
+ cdk_stream_close (out);
+ cdk_stream_close (inp);
+ return rc;
+}
+
+
+/**
+ * cdk_file_dearmor:
+ * @file: Name of the file to unprotect.
+ * @output: Output filename.
+ *
+ * Remove ASCII armor from a file.
+ **/
+cdk_error_t
+cdk_file_dearmor (const char *file, const char *output)
+{
+ cdk_stream_t inp, out;
+ cdk_error_t rc;
+ int zipalgo;
+
+ rc = _cdk_check_args (1, file, output);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = cdk_stream_open (file, &inp);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = cdk_stream_create (output, &out);
+ if (rc)
+ {
+ cdk_stream_close (inp);
+ gnutls_assert ();
+ return rc;
+ }
+
+ if (cdk_armor_filter_use (inp))
+ {
+ rc = cdk_stream_set_literal_flag (inp, 0, NULL);
+ zipalgo = cdk_stream_is_compressed (inp);
+ if (zipalgo)
+ rc = cdk_stream_set_compress_flag (inp, zipalgo, 0);
+ if (!rc)
+ rc = cdk_stream_set_armor_flag (inp, 0);
+ if (!rc)
+ rc = cdk_stream_kick_off (inp, out);
+ if (!rc)
+ rc = _cdk_stream_get_errno (inp);
+ }
+
+ cdk_stream_close (inp);
+ cdk_stream_close (out);
+ gnutls_assert ();
+ return rc;
+}
+
+
+int
+_cdk_filter_armor (void *data, int ctl, FILE * in, FILE * out)
+{
+ if (ctl == STREAMCTL_READ)
+ return armor_decode (data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return armor_encode (data, in, out);
+ else if (ctl == STREAMCTL_FREE)
+ {
+ armor_filter_t *afx = data;
+ if (afx)
+ {
+ _gnutls_buffers_log ("free armor filter\n");
+ afx->idx = afx->idx2 = 0;
+ afx->crc = afx->crc_okay = 0;
+ return 0;
+ }
+ }
+
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+}
+
+
+/**
+ * cdk_armor_encode_buffer:
+ * @inbuf: the raw input buffer
+ * @inlen: raw buffer len
+ * @outbuf: the destination buffer for the base64 output
+ * @outlen: destination buffer len
+ * @nwritten: actual length of the base64 data
+ * @type: the base64 file type.
+ *
+ * Encode the given buffer into base64 format.
+ **/
+cdk_error_t
+cdk_armor_encode_buffer (const byte * inbuf, size_t inlen,
+ char *outbuf, size_t outlen,
+ size_t * nwritten, int type)
+{
+ const char *head, *tail, *le;
+ byte tempbuf[48];
+ char tempout[128];
+ size_t pos, off, len, rest;
+
+ if (!inbuf || !nwritten)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (type > CDK_ARMOR_SIGNATURE)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ head = armor_begin[type];
+ tail = armor_end[type];
+ le = _cdk_armor_get_lineend ();
+ pos = strlen (head) + 10 + 2 + 2 + strlen (tail) + 10 + 2 + 5 + 2;
+ /* The output data is 4/3 times larger, plus a line end for each line. */
+ pos += (4 * inlen / 3) + 2 * (4 * inlen / 3 / 64);
+
+ if (outbuf && outlen < pos)
+ {
+ gnutls_assert ();
+ return CDK_Too_Short;
+ }
+
+ /* Only return the size of the output. */
+ if (!outbuf)
+ {
+ *nwritten = pos;
+ return 0;
+ }
+
+ pos = 0;
+ memset (outbuf, 0, outlen);
+ memcpy (outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy (outbuf + pos, head, strlen (head));
+ pos += strlen (head);
+ memcpy (outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy (outbuf + pos, le, strlen (le));
+ pos += strlen (le);
+ memcpy (outbuf + pos, le, strlen (le));
+ pos += strlen (le);
+ rest = inlen;
+ for (off = 0; off < inlen;)
+ {
+ if (rest > 48)
+ {
+ memcpy (tempbuf, inbuf + off, 48);
+ off += 48;
+ len = 48;
+ }
+ else
+ {
+ memcpy (tempbuf, inbuf + off, rest);
+ off += rest;
+ len = rest;
+ }
+ rest -= len;
+ base64_encode (tempout, tempbuf, len, DIM (tempout) - 1);
+ memcpy (outbuf + pos, tempout, strlen (tempout));
+ pos += strlen (tempout);
+ memcpy (outbuf + pos, le, strlen (le));
+ pos += strlen (le);
+ }
+
+ memcpy (outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy (outbuf + pos, tail, strlen (tail));
+ pos += strlen (tail);
+ memcpy (outbuf + pos, "-----", 5);
+ pos += 5;
+ memcpy (outbuf + pos, le, strlen (le));
+ pos += strlen (le);
+ *nwritten = pos;
+ return 0;
+}
--- /dev/null
+/* context.h
+ * Copyright (C) 2002, 2003, 2007, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef CDK_CONTEXT_H
+#define CDK_CONTEXT_H
+
+#include "types.h"
+
+struct cdk_listkey_s
+{
+ unsigned init:1;
+ cdk_stream_t inp;
+ cdk_keydb_hd_t db;
+ int type;
+ union
+ {
+ char *patt;
+ cdk_strlist_t fpatt;
+ } u;
+ cdk_strlist_t t;
+};
+
+
+struct cdk_s2k_s
+{
+ int mode;
+ byte hash_algo;
+ byte salt[8];
+ u32 count;
+};
+
+
+struct cdk_ctx_s
+{
+ int cipher_algo;
+ int digest_algo;
+ struct
+ {
+ int algo;
+ int level;
+ } compress;
+ struct
+ {
+ int mode;
+ int digest_algo;
+ } _s2k;
+ struct
+ {
+ unsigned blockmode:1;
+ unsigned armor:1;
+ unsigned textmode:1;
+ unsigned compress:1;
+ unsigned mdc:1;
+ unsigned overwrite;
+ unsigned force_digest:1;
+ } opt;
+ struct
+ {
+ cdk_verify_result_t verify;
+ } result;
+ struct
+ {
+ cdk_pkt_seckey_t sk;
+ unsigned on:1;
+ } cache;
+ struct
+ {
+ cdk_keydb_hd_t sec;
+ cdk_keydb_hd_t pub;
+ unsigned int close_db:1;
+ } db;
+ char *(*passphrase_cb) (void *opaque, const char *prompt);
+ void *passphrase_cb_value;
+};
+
+struct cdk_prefitem_s
+{
+ byte type;
+ byte value;
+};
+
+struct cdk_desig_revoker_s
+{
+ struct cdk_desig_revoker_s *next;
+ byte r_class;
+ byte algid;
+ byte fpr[KEY_FPR_LEN];
+};
+
+struct cdk_subpkt_s
+{
+ struct cdk_subpkt_s *next;
+ u32 size;
+ byte type;
+ byte *d;
+};
+
+struct cdk_keylist_s
+{
+ struct cdk_keylist_s *next;
+ union
+ {
+ cdk_pkt_pubkey_t pk;
+ cdk_pkt_seckey_t sk;
+ } key;
+ int version;
+ int type;
+};
+
+struct cdk_dek_s
+{
+ int algo;
+ int keylen;
+ int use_mdc;
+ byte key[32]; /* 256-bit */
+};
+
+struct cdk_strlist_s
+{
+ struct cdk_strlist_s *next;
+ char *d;
+};
+
+#endif /* CDK_CONTEXT_H */
--- /dev/null
+#include <stdio.h>
+#include <string.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "filters.h"
+#include "packet.h"
+
+cdk_error_t
+_cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
+ const char *output, cdk_stream_t outstream,
+ digest_hd_st * md)
+{
+ return 0;
+}
--- /dev/null
+/* filters.h - Filter structs
+ * Copyright (C) 2002, 2003, 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef CDK_FILTERS_H
+#define CDK_FILTERS_H
+
+enum
+{
+ STREAMCTL_READ = 0,
+ STREAMCTL_WRITE = 1,
+ STREAMCTL_FREE = 2
+};
+
+typedef struct
+{
+ cipher_hd_st hd;
+ digest_hd_st mdc;
+ int mdc_method;
+ u32 datalen;
+ struct
+ {
+ size_t on;
+ off_t size;
+ off_t nleft;
+ } blkmode;
+ cdk_stream_t s;
+} cipher_filter_t;
+
+typedef struct
+{
+ int digest_algo;
+ digest_hd_st md;
+ int md_initialized;
+} md_filter_t;
+
+typedef struct
+{
+ const char *le; /* line endings */
+ const char *hdrlines;
+ u32 crc;
+ int crc_okay;
+ int idx, idx2;
+} armor_filter_t;
+
+typedef struct
+{
+ cdk_lit_format_t mode;
+ char *orig_filename; /* This original name of the input file. */
+ char *filename;
+ digest_hd_st md;
+ int md_initialized;
+ struct
+ {
+ size_t on;
+ off_t size;
+ } blkmode;
+} literal_filter_t;
+
+typedef struct
+{
+ size_t inbufsize;
+ byte inbuf[8192];
+ size_t outbufsize;
+ byte outbuf[8192];
+ int algo; /* compress algo */
+ int level;
+} compress_filter_t;
+
+typedef struct
+{
+ const char *lf;
+} text_filter_t;
+
+
+/*-- armor.c -*/
+int _cdk_filter_armor (void *opaque, int ctl, FILE * in, FILE * out);
+
+/*-- cipher.c --*/
+cdk_error_t _cdk_filter_hash (void *opaque, int ctl, FILE * in, FILE * out);
+cdk_error_t _cdk_filter_cipher (void *opaque, int ctl, FILE * in, FILE * out);
+
+/*-- literal.c --*/
+int _cdk_filter_literal (void *opaque, int ctl, FILE * in, FILE * out);
+int _cdk_filter_text (void *opaque, int ctl, FILE * in, FILE * out);
+
+/*-- compress.c --*/
+cdk_error_t _cdk_filter_compress (void *opaque, int ctl,
+ FILE * in, FILE * out);
+
+#endif /* CDK_FILTERS_H */
--- /dev/null
+/* hash.c - Hash filters
+ * Copyright (C) 2002, 2003, 2007, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <sys/stat.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "filters.h"
+
+static cdk_error_t
+hash_encode (void *data, FILE * in, FILE * out)
+{
+ md_filter_t *mfx = data;
+ byte buf[BUFSIZE];
+ int err;
+ int nread;
+
+ if (!mfx)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ _cdk_log_debug ("hash filter: encode algo=%d\n", mfx->digest_algo);
+
+ if (!mfx->md_initialized)
+ {
+ err = _gnutls_hash_init (&mfx->md, mfx->digest_algo);
+ if (err < 0)
+ {
+ gnutls_assert ();
+ return map_gnutls_error (err);
+ }
+
+ mfx->md_initialized = 1;
+ }
+
+ while (!feof (in))
+ {
+ nread = fread (buf, 1, BUFSIZE, in);
+ if (!nread)
+ break;
+ _gnutls_hash (&mfx->md, buf, nread);
+ }
+
+ wipemem (buf, sizeof (buf));
+ return 0;
+}
+
+cdk_error_t
+_cdk_filter_hash (void *data, int ctl, FILE * in, FILE * out)
+{
+ if (ctl == STREAMCTL_READ)
+ return hash_encode (data, in, out);
+ else if (ctl == STREAMCTL_FREE)
+ {
+ md_filter_t *mfx = data;
+ if (mfx)
+ {
+ _cdk_log_debug ("free hash filter\n");
+ _gnutls_hash_deinit (&mfx->md, NULL);
+ mfx->md_initialized = 0;
+ return 0;
+ }
+ }
+
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+}
--- /dev/null
+/* kbnode.c - keyblock node utility functions
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2007, 2008, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+
+
+/**
+ * cdk_kbnode_new:
+ * @pkt: the packet to add
+ *
+ * Allocates a new key node and adds a packet.
+ **/
+cdk_kbnode_t
+cdk_kbnode_new (cdk_packet_t pkt)
+{
+ cdk_kbnode_t n;
+
+ n = cdk_calloc (1, sizeof *n);
+ if (!n)
+ return NULL;
+ n->pkt = pkt;
+ return n;
+}
+
+
+void
+_cdk_kbnode_clone (cdk_kbnode_t node)
+{
+ /* Mark the node as clone which means that the packet
+ will not be freed, just the node itself. */
+ if (node)
+ node->is_cloned = 1;
+}
+
+
+/**
+ * cdk_kbnode_release:
+ * @n: the key node
+ *
+ * Releases the memory of the node.
+ **/
+void
+cdk_kbnode_release (cdk_kbnode_t node)
+{
+ cdk_kbnode_t n2;
+
+ while (node)
+ {
+ n2 = node->next;
+ if (!node->is_cloned)
+ cdk_pkt_release (node->pkt);
+ cdk_free (node);
+ node = n2;
+ }
+}
+
+
+/**
+ * cdk_kbnode_delete:
+ * @node: the key node
+ *
+ * Marks the given node as deleted.
+ **/
+void
+cdk_kbnode_delete (cdk_kbnode_t node)
+{
+ if (node)
+ node->is_deleted = 1;
+}
+
+
+/* Append NODE to ROOT. ROOT must exist! */
+void
+_cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node)
+{
+ cdk_kbnode_t n1;
+
+ for (n1 = root; n1->next; n1 = n1->next)
+ ;
+ n1->next = node;
+}
+
+
+/**
+ * cdk_kbnode_insert:
+ * @root: the root key node
+ * @node: the node to add
+ * @pkttype: packet type
+ *
+ * Inserts @node into the list after @root but before a packet which is not of
+ * type @pkttype (only if @pkttype != 0).
+ **/
+void
+cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype)
+{
+ if (!pkttype)
+ {
+ node->next = root->next;
+ root->next = node;
+ }
+ else
+ {
+ cdk_kbnode_t n1;
+
+ for (n1 = root; n1->next; n1 = n1->next)
+ if (pkttype != n1->next->pkt->pkttype)
+ {
+ node->next = n1->next;
+ n1->next = node;
+ return;
+ }
+ /* No such packet, append */
+ node->next = NULL;
+ n1->next = node;
+ }
+}
+
+
+/**
+ * cdk_kbnode_find_prev:
+ * @root: the root key node
+ * @node: the key node
+ * @pkttype: packet type
+ *
+ * Finds the previous node (if @pkttype = 0) or the previous node
+ * with pkttype @pkttype in the list starting with @root of @node.
+ **/
+cdk_kbnode_t
+cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype)
+{
+ cdk_kbnode_t n1;
+
+ for (n1 = NULL; root && root != node; root = root->next)
+ {
+ if (!pkttype || root->pkt->pkttype == pkttype)
+ n1 = root;
+ }
+ return n1;
+}
+
+
+/**
+ * cdk_kbnode_find_next:
+ * @node: the key node
+ * @pkttype: packet type
+ *
+ * Ditto, but find the next packet. The behaviour is trivial if
+ * @pkttype is 0 but if it is specified, the next node with a packet
+ * of this type is returned. The function has some knowledge about
+ * the valid ordering of packets: e.g. if the next signature packet
+ * is requested, the function will not return one if it encounters
+ * a user-id.
+ **/
+cdk_kbnode_t
+cdk_kbnode_find_next (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+{
+ for (node = node->next; node; node = node->next)
+ {
+ if (!pkttype)
+ return node;
+ else if (pkttype == CDK_PKT_USER_ID &&
+ (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
+ else if (pkttype == CDK_PKT_SIGNATURE &&
+ (node->pkt->pkttype == CDK_PKT_USER_ID ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY))
+ return NULL;
+ else if (node->pkt->pkttype == pkttype)
+ return node;
+ }
+ return NULL;
+}
+
+
+/**
+ * cdk_kbnode_find:
+ * @node: the key node
+ * @pkttype: packet type
+ *
+ * Tries to find the next node with the packettype @pkttype.
+ **/
+cdk_kbnode_t
+cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+{
+ for (; node; node = node->next)
+ {
+ if (node->pkt->pkttype == pkttype)
+ return node;
+ }
+ return NULL;
+}
+
+
+/**
+ * cdk_kbnode_find_packet:
+ * @node: the key node
+ * @pkttype: packet type
+ *
+ * Same as cdk_kbnode_find but it returns the packet instead of the node.
+ **/
+cdk_packet_t
+cdk_kbnode_find_packet (cdk_kbnode_t node, cdk_packet_type_t pkttype)
+{
+ cdk_kbnode_t res;
+
+ res = cdk_kbnode_find (node, pkttype);
+ return res ? res->pkt : NULL;
+}
+
+
+/**
+ * cdk_kbnode_walk:
+ *
+ * Walks through a list of kbnodes. This function returns
+ * the next kbnode for each call; before using the function the first
+ * time, the caller must set CONTEXT to NULL (This has simply the effect
+ * to start with ROOT).
+ */
+cdk_kbnode_t
+cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx, int all)
+{
+ cdk_kbnode_t n;
+
+ do
+ {
+ if (!*ctx)
+ {
+ *ctx = root;
+ n = root;
+ }
+ else
+ {
+ n = (*ctx)->next;
+ *ctx = n;
+ }
+ }
+ while (!all && n && n->is_deleted);
+ return n;
+}
+
+
+/**
+ * cdk_kbnode_commit:
+ * @root: the nodes
+ *
+ * Commits changes made to the kblist at ROOT. Note that ROOT my change,
+ * and it is therefore passed by reference.
+ * The function has the effect of removing all nodes marked as deleted.
+ *
+ * Returns: true if any node has been changed
+ */
+int
+cdk_kbnode_commit (cdk_kbnode_t * root)
+{
+ cdk_kbnode_t n, nl;
+ int changed = 0;
+
+ for (n = *root, nl = NULL; n; n = nl->next)
+ {
+ if (n->is_deleted)
+ {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release (n->pkt);
+ cdk_free (n);
+ changed = 1;
+ }
+ else
+ nl = n;
+ }
+ return changed;
+}
+
+
+/**
+ * cdk_kbnode_remove:
+ * @root: the root node
+ * @node: the node to delete
+ *
+ * Removes a node from the root node.
+ */
+void
+cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node)
+{
+ cdk_kbnode_t n, nl;
+
+ for (n = *root, nl = NULL; n; n = nl->next)
+ {
+ if (n == node)
+ {
+ if (n == *root)
+ *root = nl = n->next;
+ else
+ nl->next = n->next;
+ if (!n->is_cloned)
+ cdk_pkt_release (n->pkt);
+ cdk_free (n);
+ }
+ else
+ nl = n;
+ }
+}
+
+
+
+/**
+ * cdk_cdknode_move:
+ * @root: root node
+ * @node: the node to move
+ * @where: destination place where to move the node.
+ *
+ * Moves NODE behind right after WHERE or to the beginning if WHERE is NULL.
+ */
+void
+cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node, cdk_kbnode_t where)
+{
+ cdk_kbnode_t tmp, prev;
+
+ if (!root || !*root || !node)
+ return;
+ for (prev = *root; prev && prev->next != node; prev = prev->next)
+ ;
+ if (!prev)
+ return; /* Node is not in the list */
+
+ if (!where)
+ { /* Move node before root */
+ if (node == *root)
+ return;
+ prev->next = node->next;
+ node->next = *root;
+ *root = node;
+ return;
+ }
+ if (node == where) /* Move it after where. */
+ return;
+ tmp = node->next;
+ node->next = where->next;
+ where->next = node;
+ prev->next = tmp;
+}
+
+
+/**
+ * cdk_kbnode_get_packet:
+ * @node: the key node
+ *
+ * Get packet in node.
+ *
+ * Returns: the packet which is stored inside the node in @node.
+ **/
+cdk_packet_t
+cdk_kbnode_get_packet (cdk_kbnode_t node)
+{
+ if (node)
+ return node->pkt;
+ return NULL;
+}
+
+
+/**
+ * cdk_kbnode_read_from_mem:
+ * @ret_node: the new key node
+ * @buf: the buffer which stores the key sequence
+ * @buflen: the length of the buffer
+ *
+ * Tries to read a key node from the memory buffer @buf.
+ **/
+cdk_error_t
+cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
+ const byte * buf, size_t buflen)
+{
+ cdk_stream_t inp;
+ cdk_error_t rc;
+
+ if (!ret_node || !buf)
+ return CDK_Inv_Value;
+
+ *ret_node = NULL;
+ if (!buflen)
+ return CDK_Too_Short;
+
+ rc = cdk_stream_tmp_from_mem (buf, buflen, &inp);
+ if (rc)
+ return rc;
+ rc = cdk_keydb_get_keyblock (inp, ret_node);
+ if (rc)
+ gnutls_assert ();
+ cdk_stream_close (inp);
+ return rc;
+}
+
+
+/**
+ * cdk_kbnode_write_to_mem_alloc:
+ * @node: the key node
+ * @r_buf: buffer to hold the raw data
+ * @r_buflen: buffer length of the allocated raw data.
+ *
+ * The function acts similar to cdk_kbnode_write_to_mem but
+ * it allocates the buffer to avoid the lengthy second run.
+ */
+cdk_error_t
+cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
+ byte ** r_buf, size_t * r_buflen)
+{
+ cdk_kbnode_t n;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ size_t len;
+
+ if (!node || !r_buf || !r_buflen)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ *r_buf = NULL;
+ *r_buflen = 0;
+
+ rc = cdk_stream_tmp_new (&s);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ for (n = node; n; n = n->next)
+ {
+ /* Skip all packets which cannot occur in a key composition. */
+ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
+ rc = cdk_pkt_write (s, n->pkt);
+ if (rc)
+ {
+ cdk_stream_close (s);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ cdk_stream_seek (s, 0);
+ len = cdk_stream_get_length (s);
+ *r_buf = cdk_calloc (1, len);
+ *r_buflen = cdk_stream_read (s, *r_buf, len);
+ cdk_stream_close (s);
+ return 0;
+}
+
+
+/**
+ * cdk_kbnode_write_to_mem:
+ * @node: the key node
+ * @buf: the buffer to store the node data
+ * @r_nbytes: the new length of the buffer.
+ *
+ * Tries to write the contents of the key node to the buffer @buf and
+ * return the length of it in @r_nbytes. If buf is zero, only the
+ * length of the node is calculated and returned in @r_nbytes.
+ * Whenever it is possible, the cdk_kbnode_write_to_mem_alloc should be used.
+ **/
+cdk_error_t
+cdk_kbnode_write_to_mem (cdk_kbnode_t node, byte * buf, size_t * r_nbytes)
+{
+ cdk_kbnode_t n;
+ cdk_stream_t s;
+ cdk_error_t rc;
+ size_t len;
+
+ if (!node || !r_nbytes)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_stream_tmp_new (&s);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ for (n = node; n; n = n->next)
+ {
+ /* Skip all packets which cannot occur in a key composition. */
+ if (n->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ n->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ n->pkt->pkttype != CDK_PKT_SECRET_SUBKEY &&
+ n->pkt->pkttype != CDK_PKT_SIGNATURE &&
+ n->pkt->pkttype != CDK_PKT_USER_ID &&
+ n->pkt->pkttype != CDK_PKT_ATTRIBUTE)
+ continue;
+ rc = cdk_pkt_write (s, n->pkt);
+ if (rc)
+ {
+ cdk_stream_close (s);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ cdk_stream_seek (s, 0);
+ len = cdk_stream_get_length (s);
+ if (!buf)
+ {
+ *r_nbytes = len; /* Only return the length of the buffer */
+ cdk_stream_close (s);
+ return 0;
+ }
+ if (*r_nbytes < len)
+ {
+ *r_nbytes = len;
+ rc = CDK_Too_Short;
+ }
+ if (!rc)
+ *r_nbytes = cdk_stream_read (s, buf, len);
+ else
+ gnutls_assert ();
+ cdk_stream_close (s);
+ return rc;
+}
+
+
+/**
+ * cdk_kbnode_hash:
+ * @node: the key node
+ * @hashctx: opaque pointer to the hash context
+ * @is_v4: OpenPGP signature (yes=1, no=0)
+ * @pkttype: packet type to hash (if zero use the packet type from the node)
+ * @flags: flags which depend on the operation
+ *
+ * Hashes the key node contents. Two modes are supported. If the packet
+ * type is used (!= 0) then the function searches the first node with
+ * this type. Otherwise the node is seen as a single node and the type
+ * is extracted from it.
+ **/
+cdk_error_t
+cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md, int is_v4,
+ cdk_packet_type_t pkttype, int flags)
+{
+ cdk_packet_t pkt;
+
+ if (!node || !md)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (!pkttype)
+ {
+ pkt = cdk_kbnode_get_packet (node);
+ pkttype = pkt->pkttype;
+ }
+ else
+ {
+ pkt = cdk_kbnode_find_packet (node, pkttype);
+ if (!pkt)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Packet;
+ }
+ }
+
+ switch (pkttype)
+ {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ _cdk_hash_pubkey (pkt->pkt.public_key, md, flags & 1);
+ break;
+
+ case CDK_PKT_USER_ID:
+ _cdk_hash_userid (pkt->pkt.user_id, is_v4, md);
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ _cdk_hash_sig_data (pkt->pkt.signature, md);
+ break;
+
+ default:
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ return 0;
+}
--- /dev/null
+/* keydb.c - Key database routines
+ * Copyright (C) 2002, 2003, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <sys/stat.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <ctype.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+#include "filters.h"
+#include "stream.h"
+#include "keydb.h"
+
+#define KEYID_CMP(a, b) ((a[0]) == (b[0]) && (a[1]) == (b[1]))
+#define KEYDB_CACHE_ENTRIES 8
+
+static void keydb_cache_free (key_table_t cache);
+static int classify_data (const byte * buf, size_t len);
+static cdk_kbnode_t find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk);
+
+static char *
+keydb_idx_mkname (const char *file)
+{
+ static const char *fmt = "%s.idx";
+ char *fname;
+ size_t len = strlen (file) + strlen (fmt);
+
+ fname = cdk_calloc (1, len + 1);
+ if (!fname)
+ return NULL;
+ if (snprintf (fname, len, fmt, file) <= 0)
+ return NULL;
+ return fname;
+}
+
+
+/* This functions builds an index of the keyring into a separate file
+ with the name keyring.ext.idx. It contains the offset of all public-
+ and public subkeys. The format of the file is:
+ --------
+ 4 octets offset of the packet
+ 8 octets keyid
+ 20 octets fingerprint
+ --------
+ We store the keyid and the fingerprint due to the fact we can't get
+ the keyid from a v3 fingerprint directly.
+*/
+static cdk_error_t
+keydb_idx_build (const char *file)
+{
+ cdk_packet_t pkt;
+ cdk_stream_t inp, out = NULL;
+ byte buf[4 + 8 + KEY_FPR_LEN];
+ char *idx_name;
+ u32 keyid[2];
+ cdk_error_t rc;
+
+ if (!file)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_stream_open (file, &inp);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ idx_name = keydb_idx_mkname (file);
+ if (!idx_name)
+ {
+ cdk_stream_close (inp);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ rc = cdk_stream_create (idx_name, &out);
+ cdk_free (idx_name);
+ if (rc)
+ {
+ cdk_stream_close (inp);
+ gnutls_assert ();
+ return rc;
+ }
+
+ cdk_pkt_new (&pkt);
+ while (!cdk_stream_eof (inp))
+ {
+ off_t pos = cdk_stream_tell (inp);
+
+ rc = cdk_pkt_read (inp, pkt);
+ if (rc)
+ {
+ _cdk_log_debug ("index build failed packet off=%lu\n", pos);
+ /* FIXME: The index is incomplete */
+ break;
+ }
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ {
+ _cdk_u32tobuf (pos, buf);
+ cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
+ _cdk_u32tobuf (keyid[0], buf + 4);
+ _cdk_u32tobuf (keyid[1], buf + 8);
+ cdk_pk_get_fingerprint (pkt->pkt.public_key, buf + 12);
+ cdk_stream_write (out, buf, 4 + 8 + KEY_FPR_LEN);
+ }
+ cdk_pkt_free (pkt);
+ }
+
+ cdk_pkt_release (pkt);
+
+ cdk_stream_close (out);
+ cdk_stream_close (inp);
+ gnutls_assert ();
+ return rc;
+}
+
+
+/**
+ * cdk_keydb_idx_rebuild:
+ * @hd: key database handle
+ *
+ * Rebuild the key index files for the given key database.
+ **/
+cdk_error_t
+cdk_keydb_idx_rebuild (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
+{
+ struct stat stbuf;
+ char *tmp_idx_name;
+ cdk_error_t rc;
+ int err;
+
+ if (!db || !db->name || !dbs)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (db->secret)
+ return 0;
+
+ tmp_idx_name = keydb_idx_mkname (db->name);
+ if (!tmp_idx_name)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ err = stat (tmp_idx_name, &stbuf);
+ cdk_free (tmp_idx_name);
+ /* This function expects an existing index which can be rebuild,
+ if no index exists we do not build one and just return. */
+ if (err)
+ return 0;
+
+ cdk_stream_close (dbs->idx);
+ dbs->idx = NULL;
+ if (!dbs->idx_name)
+ {
+ dbs->idx_name = keydb_idx_mkname (db->name);
+ if (!dbs->idx_name)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ }
+ rc = keydb_idx_build (db->name);
+ if (!rc)
+ rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
+ else
+ gnutls_assert ();
+ return rc;
+}
+
+
+static cdk_error_t
+keydb_idx_parse (cdk_stream_t inp, key_idx_t * r_idx)
+{
+ key_idx_t idx;
+ byte buf[4];
+
+ if (!inp || !r_idx)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ idx = cdk_calloc (1, sizeof *idx);
+ if (!idx)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+
+ while (!cdk_stream_eof (inp))
+ {
+ if (cdk_stream_read (inp, buf, 4) == CDK_EOF)
+ break;
+ idx->offset = _cdk_buftou32 (buf);
+ cdk_stream_read (inp, buf, 4);
+ idx->keyid[0] = _cdk_buftou32 (buf);
+ cdk_stream_read (inp, buf, 4);
+ idx->keyid[1] = _cdk_buftou32 (buf);
+ cdk_stream_read (inp, idx->fpr, KEY_FPR_LEN);
+ break;
+ }
+ *r_idx = idx;
+ return cdk_stream_eof (inp) ? CDK_EOF : 0;
+}
+
+
+static cdk_error_t
+keydb_idx_search (cdk_stream_t inp, u32 * keyid, const byte * fpr,
+ off_t * r_off)
+{
+ key_idx_t idx;
+
+ if (!inp || !r_off)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if ((keyid && fpr) || (!keyid && !fpr))
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ /* We need an initialize the offset var with a value
+ because it might be possible the returned offset will
+ be 0 and then we cannot differ between the begin and an EOF. */
+ *r_off = 0xFFFFFFFF;
+ cdk_stream_seek (inp, 0);
+ while (keydb_idx_parse (inp, &idx) != CDK_EOF)
+ {
+ if (keyid && KEYID_CMP (keyid, idx->keyid))
+ {
+ *r_off = idx->offset;
+ break;
+ }
+ else if (fpr && !memcmp (idx->fpr, fpr, KEY_FPR_LEN))
+ {
+ *r_off = idx->offset;
+ break;
+ }
+ cdk_free (idx);
+ idx = NULL;
+ }
+ cdk_free (idx);
+ return *r_off != 0xFFFFFFFF ? 0 : CDK_EOF;
+}
+
+
+/**
+ * cdk_keydb_new_from_mem:
+ * @r_hd: The keydb output handle.
+ * @data: The raw key data.
+ * @datlen: The length of the raw data.
+ *
+ * Create a new keyring db handle from the contents of a buffer.
+ */
+cdk_error_t
+cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_db, int secret,
+ const void *data, size_t datlen)
+{
+ cdk_keydb_hd_t db;
+ cdk_error_t rc;
+
+ if (!r_db)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ *r_db = NULL;
+ db = calloc (1, sizeof *db);
+ rc = cdk_stream_tmp_from_mem (data, datlen, &db->fp);
+ if (!db->fp)
+ {
+ cdk_free (db);
+ gnutls_assert ();
+ return rc;
+ }
+ if (cdk_armor_filter_use (db->fp))
+ cdk_stream_set_armor_flag (db->fp, 0);
+ db->type = CDK_DBTYPE_DATA;
+ db->secret = secret;
+ *r_db = db;
+ return 0;
+}
+
+
+/**
+ * cdk_keydb_new_from_stream:
+ * @r_hd: the output keydb handle
+ * @secret: does the stream contain secret key data
+ * @in: the input stream to use
+ *
+ * This function creates a new keydb handle based on the given
+ * stream. The stream is not closed in cdk_keydb_free() and it
+ * is up to the caller to close it. No decoding is done.
+ */
+cdk_error_t
+cdk_keydb_new_from_stream (cdk_keydb_hd_t * r_hd, int secret, cdk_stream_t in)
+{
+ cdk_keydb_hd_t hd;
+
+ if (!r_hd)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ *r_hd = NULL;
+
+ hd = calloc (1, sizeof *hd);
+ hd->fp = in;
+ hd->fp_ref = 1;
+ hd->type = CDK_DBTYPE_STREAM;
+ hd->secret = secret;
+ *r_hd = hd;
+
+ /* We do not push any filters and thus we expect that the format
+ of the stream has the format the user wanted. */
+
+ return 0;
+}
+
+
+cdk_error_t
+cdk_keydb_new_from_file (cdk_keydb_hd_t * r_hd, int secret, const char *fname)
+{
+ cdk_keydb_hd_t hd;
+
+ if (!r_hd)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ *r_hd = NULL;
+ hd = calloc (1, sizeof *hd);
+ hd->name = cdk_strdup (fname);
+ if (!hd->name)
+ {
+ cdk_free (hd);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ hd->type = secret ? CDK_DBTYPE_SK_KEYRING : CDK_DBTYPE_PK_KEYRING;
+ hd->secret = secret;
+ *r_hd = hd;
+ return 0;
+}
+
+
+
+/**
+ * cdk_keydb_new:
+ * @r_hd: handle to store the new keydb object
+ * @type: type of the keyring
+ * @data: data which depends on the keyring type
+ * @count: length of the data
+ *
+ * Create a new keydb object
+ **/
+cdk_error_t
+cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data, size_t count)
+{
+ switch (type)
+ {
+ case CDK_DBTYPE_PK_KEYRING:
+ case CDK_DBTYPE_SK_KEYRING:
+ return cdk_keydb_new_from_file (r_hd, type == CDK_DBTYPE_SK_KEYRING,
+ (const char *) data);
+
+ case CDK_DBTYPE_DATA:
+ return cdk_keydb_new_from_mem (r_hd, 0, data, count);
+
+ case CDK_DBTYPE_STREAM:
+ return cdk_keydb_new_from_stream (r_hd, 0, (cdk_stream_t) data);
+
+ default:
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+}
+
+
+/**
+ * cdk_keydb_free:
+ * @hd: the keydb object
+ *
+ * Free the keydb object.
+ **/
+void
+cdk_keydb_free (cdk_keydb_hd_t hd)
+{
+ if (!hd)
+ return;
+
+ if (hd->name)
+ {
+ cdk_free (hd->name);
+ hd->name = NULL;
+ }
+
+ if (hd->fp && !hd->fp_ref)
+ {
+ cdk_stream_close (hd->fp);
+ hd->fp = NULL;
+ }
+
+
+ hd->isopen = 0;
+ hd->secret = 0;
+ cdk_free (hd);
+}
+
+
+static cdk_error_t
+_cdk_keydb_open (cdk_keydb_hd_t hd, cdk_stream_t * ret_kr)
+{
+ cdk_error_t rc;
+ cdk_stream_t kr;
+
+ if (!hd || !ret_kr)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = 0;
+ if ((hd->type == CDK_DBTYPE_DATA || hd->type == CDK_DBTYPE_STREAM)
+ && hd->fp)
+ {
+ kr = hd->fp;
+ cdk_stream_seek (kr, 0);
+ }
+ else if (hd->type == CDK_DBTYPE_PK_KEYRING ||
+ hd->type == CDK_DBTYPE_SK_KEYRING)
+ {
+ rc = cdk_stream_open (hd->name, &kr);
+
+ if (rc)
+ goto leave;
+
+ if (cdk_armor_filter_use (kr))
+ cdk_stream_set_armor_flag (kr, 0);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+leave:
+
+ *ret_kr = kr;
+ return rc;
+}
+
+
+static int
+find_by_keyid (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+{
+ cdk_kbnode_t node;
+ u32 keyid[2];
+
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ _cdk_pkt_get_keyid (node->pkt, keyid);
+ switch (ks->type)
+ {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ if (keyid[1] == ks->u.keyid[1])
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP (keyid, ks->u.keyid))
+ return 1;
+ break;
+
+ default:
+ _cdk_log_debug ("find_by_keyid: invalid mode = %d\n", ks->type);
+ return 0;
+ }
+ }
+ }
+ return 0;
+}
+
+
+static int
+find_by_fpr (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+{
+ cdk_kbnode_t node;
+ byte fpr[KEY_FPR_LEN];
+
+ if (ks->type != CDK_DBSEARCH_FPR)
+ return 0;
+
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ _cdk_pkt_get_fingerprint (node->pkt, fpr);
+ if (!memcmp (ks->u.fpr, fpr, KEY_FPR_LEN))
+ return 1;
+ break;
+ }
+ }
+
+ return 0;
+}
+
+
+static int
+find_by_pattern (cdk_kbnode_t knode, cdk_keydb_search_t ks)
+{
+ cdk_kbnode_t node;
+ size_t uidlen;
+ char *name;
+
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype != CDK_PKT_USER_ID)
+ continue;
+ if (node->pkt->pkt.user_id->attrib_img != NULL)
+ continue; /* Skip attribute packets. */
+ uidlen = node->pkt->pkt.user_id->len;
+ name = node->pkt->pkt.user_id->name;
+ switch (ks->type)
+ {
+ case CDK_DBSEARCH_EXACT:
+ if (name &&
+ (strlen (ks->u.pattern) == uidlen &&
+ !strncmp (ks->u.pattern, name, uidlen)))
+ return 1;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (uidlen > 65536)
+ break;
+ if (name && strlen (ks->u.pattern) > uidlen)
+ break;
+ if (name && _cdk_memistr (name, uidlen, ks->u.pattern))
+ return 1;
+ break;
+
+ default: /* Invalid mode */
+ return 0;
+ }
+ }
+ return 0;
+}
+
+
+static void
+keydb_cache_free (key_table_t cache)
+{
+ key_table_t c2;
+
+ while (cache)
+ {
+ c2 = cache->next;
+ cache->offset = 0;
+ cdk_free (cache);
+ cache = c2;
+ }
+}
+
+
+static key_table_t
+keydb_cache_find (cdk_keydb_search_t desc)
+{
+ key_table_t cache = desc->cache;
+ key_table_t t;
+
+ for (t = cache; t; t = t->next)
+ {
+ switch (desc->type)
+ {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ if (KEYID_CMP (desc->u.keyid, desc->u.keyid))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ if (strlen (desc->u.pattern) == strlen (desc->u.pattern) &&
+ !strcmp (desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_SUBSTR:
+ if (strstr (desc->u.pattern, desc->u.pattern))
+ return t;
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ if (!memcmp (desc->u.fpr, desc->u.fpr, KEY_FPR_LEN))
+ return t;
+ break;
+ }
+ }
+
+ return NULL;
+}
+
+
+static cdk_error_t
+keydb_cache_add (cdk_keydb_search_t dbs, off_t offset)
+{
+ key_table_t k;
+
+ if (dbs->ncache > KEYDB_CACHE_ENTRIES)
+ return 0; /* FIXME: we should replace the last entry. */
+ k = cdk_calloc (1, sizeof *k);
+ if (!k)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+
+ k->offset = offset;
+
+ k->next = dbs->cache;
+ dbs->cache = k;
+ dbs->ncache++;
+ _cdk_log_debug ("cache: add entry off=%d type=%d\n", (int) offset,
+ (int) dbs->type);
+ return 0;
+}
+
+static cdk_error_t
+idx_init (cdk_keydb_hd_t db, cdk_keydb_search_t dbs)
+{
+ cdk_error_t ec, rc = 0;
+
+ if (cdk_stream_get_length (db->fp) < 524288)
+ {
+ dbs->no_cache = 1;
+ goto leave;
+ }
+
+ dbs->idx_name = keydb_idx_mkname (db->name);
+ if (!dbs->idx_name)
+ {
+ rc = CDK_Out_Of_Core;
+ goto leave;
+ }
+ ec = cdk_stream_open (dbs->idx_name, &dbs->idx);
+
+ if (ec && !db->secret)
+ {
+ rc = keydb_idx_build (db->name);
+ if (!rc)
+ rc = cdk_stream_open (dbs->idx_name, &dbs->idx);
+ if (!rc)
+ {
+ _cdk_log_debug ("create key index table\n");
+ }
+ else
+ {
+ /* This is no real error, it just means we can't create
+ the index at the given directory. maybe we've no write
+ access. in this case, we simply disable the index. */
+ _cdk_log_debug ("disable key index table err=%d\n", rc);
+ rc = 0;
+ dbs->no_cache = 1;
+ }
+ }
+
+leave:
+
+ return rc;
+}
+
+/**
+ * cdk_keydb_search_start:
+ * @st: search handle
+ * @db: key database handle
+ * @type: specifies the search type
+ * @desc: description which depends on the type
+ *
+ * Create a new keydb search object.
+ **/
+cdk_error_t
+cdk_keydb_search_start (cdk_keydb_search_t * st, cdk_keydb_hd_t db, int type,
+ void *desc)
+{
+ u32 *keyid;
+ char *p, tmp[3];
+ int i;
+ cdk_error_t rc;
+
+ if (!db)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (type != CDK_DBSEARCH_NEXT && !desc)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ *st = cdk_calloc (1, sizeof (cdk_keydb_search_s));
+ if (!(*st))
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+
+ rc = idx_init (db, *st);
+ if (rc != CDK_Success)
+ {
+ free (*st);
+ gnutls_assert ();
+ return rc;
+ }
+
+ (*st)->type = type;
+ switch (type)
+ {
+ case CDK_DBSEARCH_EXACT:
+ case CDK_DBSEARCH_SUBSTR:
+ cdk_free ((*st)->u.pattern);
+ (*st)->u.pattern = cdk_strdup (desc);
+ if (!(*st)->u.pattern)
+ {
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ break;
+
+ case CDK_DBSEARCH_SHORT_KEYID:
+ keyid = desc;
+ (*st)->u.keyid[1] = keyid[0];
+ break;
+
+ case CDK_DBSEARCH_KEYID:
+ keyid = desc;
+ (*st)->u.keyid[0] = keyid[0];
+ (*st)->u.keyid[1] = keyid[1];
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ memcpy ((*st)->u.fpr, desc, KEY_FPR_LEN);
+ break;
+
+ case CDK_DBSEARCH_NEXT:
+ break;
+
+ case CDK_DBSEARCH_AUTO:
+ /* Override the type with the actual db search type. */
+ (*st)->type = classify_data (desc, strlen (desc));
+ switch ((*st)->type)
+ {
+ case CDK_DBSEARCH_SUBSTR:
+ case CDK_DBSEARCH_EXACT:
+ cdk_free ((*st)->u.pattern);
+ p = (*st)->u.pattern = cdk_strdup (desc);
+ if (!p)
+ {
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ break;
+
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ p = desc;
+ if (!strncmp (p, "0x", 2))
+ p += 2;
+ if (strlen (p) == 8)
+ {
+ (*st)->u.keyid[0] = 0;
+ (*st)->u.keyid[1] = strtoul (p, NULL, 16);
+ }
+ else if (strlen (p) == 16)
+ {
+ (*st)->u.keyid[0] = strtoul (p, NULL, 16);
+ (*st)->u.keyid[1] = strtoul (p + 8, NULL, 16);
+ }
+ else
+ { /* Invalid key ID object. */
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ p = desc;
+ if (strlen (p) != 2 * KEY_FPR_LEN)
+ {
+ cdk_free (*st);
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ for (i = 0; i < KEY_FPR_LEN; i++)
+ {
+ tmp[0] = p[2 * i];
+ tmp[1] = p[2 * i + 1];
+ tmp[2] = 0x00;
+ (*st)->u.fpr[i] = strtoul (tmp, NULL, 16);
+ }
+ break;
+ }
+ break;
+
+ default:
+ cdk_free (*st);
+ _cdk_log_debug ("cdk_keydb_search_start: invalid mode = %d\n", type);
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ return 0;
+}
+
+
+static cdk_error_t
+keydb_pos_from_cache (cdk_keydb_hd_t hd, cdk_keydb_search_t ks,
+ int *r_cache_hit, off_t * r_off)
+{
+ key_table_t c;
+
+ if (!hd || !r_cache_hit || !r_off)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ /* Reset the values. */
+ *r_cache_hit = 0;
+ *r_off = 0;
+
+ c = keydb_cache_find (ks);
+ if (c != NULL)
+ {
+ _cdk_log_debug ("cache: found entry in cache.\n");
+ *r_cache_hit = 1;
+ *r_off = c->offset;
+ return 0;
+ }
+
+ /* No index cache available so we just return here. */
+ if (!ks->idx)
+ return 0;
+
+ if (ks->idx)
+ {
+ if (ks->type == CDK_DBSEARCH_KEYID)
+ {
+ if (keydb_idx_search (ks->idx, ks->u.keyid, NULL, r_off))
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug ("cache: found keyid entry in idx table.\n");
+ *r_cache_hit = 1;
+ }
+ else if (ks->type == CDK_DBSEARCH_FPR)
+ {
+ if (keydb_idx_search (ks->idx, NULL, ks->u.fpr, r_off))
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ _cdk_log_debug ("cache: found fpr entry in idx table.\n");
+ *r_cache_hit = 1;
+ }
+ }
+
+ return 0;
+}
+
+void
+cdk_keydb_search_release (cdk_keydb_search_t st)
+{
+ keydb_cache_free (st->cache);
+
+ if (st->idx)
+ cdk_stream_close (st->idx);
+
+ if (!st)
+ return;
+ if (st->type == CDK_DBSEARCH_EXACT || st->type == CDK_DBSEARCH_SUBSTR)
+ cdk_free (st->u.pattern);
+
+ cdk_free (st);
+}
+
+/**
+ * cdk_keydb_search:
+ * @st: the search handle
+ * @hd: the keydb object
+ * @ret_key: kbnode object to store the key
+ *
+ * Search for a key in the given keyring. The search mode is handled
+ * via @ks. If the key was found, @ret_key contains the key data.
+ **/
+cdk_error_t
+cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
+ cdk_kbnode_t * ret_key)
+{
+ cdk_stream_t kr;
+ cdk_kbnode_t knode;
+ cdk_error_t rc = 0;
+ off_t pos = 0, off = 0;
+ int key_found = 0, cache_hit = 0;
+
+ if (!hd || !ret_key || !st)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ *ret_key = NULL;
+ kr = NULL;
+
+ rc = _cdk_keydb_open (hd, &kr);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ if (!st->no_cache)
+ {
+ /* It is possible the index is not up-to-date and thus we do
+ not find the requesed key. In this case, we reset cache hit
+ and continue our normal search procedure. */
+ rc = keydb_pos_from_cache (hd, st, &cache_hit, &off);
+ if (rc)
+ cache_hit = 0;
+ }
+
+ knode = NULL;
+
+ while (!key_found && !rc)
+ {
+ if (cache_hit && st->type != CDK_DBSEARCH_NEXT)
+ cdk_stream_seek (kr, off);
+ else if (st->type == CDK_DBSEARCH_NEXT)
+ cdk_stream_seek (kr, st->off);
+
+ pos = cdk_stream_tell (kr);
+
+ rc = cdk_keydb_get_keyblock (kr, &knode);
+
+ if (rc)
+ {
+ if (rc == CDK_EOF)
+ break;
+ else
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ switch (st->type)
+ {
+ case CDK_DBSEARCH_SHORT_KEYID:
+ case CDK_DBSEARCH_KEYID:
+ key_found = find_by_keyid (knode, st);
+ break;
+
+ case CDK_DBSEARCH_FPR:
+ key_found = find_by_fpr (knode, st);
+ break;
+
+ case CDK_DBSEARCH_EXACT:
+ case CDK_DBSEARCH_SUBSTR:
+ key_found = find_by_pattern (knode, st);
+ break;
+
+ case CDK_DBSEARCH_NEXT:
+ st->off = cdk_stream_tell (kr);
+ key_found = knode ? 1 : 0;
+ break;
+ }
+
+ if (key_found)
+ {
+ if (!keydb_cache_find (st))
+ keydb_cache_add (st, pos);
+ break;
+ }
+
+ cdk_kbnode_release (knode);
+ knode = NULL;
+ }
+
+ if (key_found && rc == CDK_EOF)
+ rc = 0;
+ else if (rc == CDK_EOF && !key_found)
+ {
+ gnutls_assert ();
+ rc = CDK_Error_No_Key;
+ }
+ *ret_key = key_found ? knode : NULL;
+ return rc;
+}
+
+cdk_error_t
+cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, u32 * keyid, cdk_kbnode_t * ret_key)
+{
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
+
+ if (!hd || !keyid || !ret_key)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (!rc)
+ rc = cdk_keydb_search (st, hd, ret_key);
+
+ cdk_keydb_search_release (st);
+ return rc;
+}
+
+
+cdk_error_t
+cdk_keydb_get_byfpr (cdk_keydb_hd_t hd, const byte * fpr,
+ cdk_kbnode_t * r_key)
+{
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
+
+ if (!hd || !fpr || !r_key)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_FPR, (byte *) fpr);
+ if (!rc)
+ rc = cdk_keydb_search (st, hd, r_key);
+
+ cdk_keydb_search_release (st);
+ return rc;
+}
+
+
+cdk_error_t
+cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
+ cdk_kbnode_t * ret_key)
+{
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
+
+ if (!hd || !patt || !ret_key)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_SUBSTR, (char *) patt);
+ if (!rc)
+ rc = cdk_keydb_search (st, hd, ret_key);
+
+ if (rc)
+ gnutls_assert ();
+
+ cdk_keydb_search_release (st);
+ return rc;
+}
+
+
+static int
+keydb_check_key (cdk_packet_t pkt)
+{
+ cdk_pkt_pubkey_t pk;
+ int is_sk, valid;
+
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ {
+ pk = pkt->pkt.public_key;
+ is_sk = 0;
+ }
+ else if (pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ pk = pkt->pkt.secret_key->pk;
+ is_sk = 1;
+ }
+ else /* No key object. */
+ return 0;
+ valid = !pk->is_revoked && !pk->has_expired;
+ if (is_sk)
+ return valid;
+ return valid && !pk->is_invalid;
+}
+
+
+/* Find the first kbnode with the requested packet type
+ that represents a valid key. */
+static cdk_kbnode_t
+kbnode_find_valid (cdk_kbnode_t root, cdk_packet_type_t pkttype)
+{
+ cdk_kbnode_t n;
+
+ for (n = root; n; n = n->next)
+ {
+ if (n->pkt->pkttype != pkttype)
+ continue;
+ if (keydb_check_key (n->pkt))
+ return n;
+ }
+
+ return NULL;
+}
+
+
+static cdk_kbnode_t
+keydb_find_byusage (cdk_kbnode_t root, int req_usage, int is_pk)
+{
+ cdk_kbnode_t node, key;
+ int req_type;
+ long timestamp;
+
+ req_type = is_pk ? CDK_PKT_PUBLIC_KEY : CDK_PKT_SECRET_KEY;
+ if (!req_usage)
+ return kbnode_find_valid (root, req_type);
+
+ node = cdk_kbnode_find (root, req_type);
+ if (node && !keydb_check_key (node->pkt))
+ return NULL;
+
+ key = NULL;
+ timestamp = 0;
+ /* We iteratre over the all nodes and search for keys or
+ subkeys which match the usage and which are not invalid.
+ A timestamp is used to figure out the newest valid key. */
+ for (node = root; node; node = node->next)
+ {
+ if (is_pk && (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ && keydb_check_key (node->pkt)
+ && (node->pkt->pkt.public_key->pubkey_usage & req_usage))
+ {
+ if (node->pkt->pkt.public_key->timestamp > timestamp)
+ key = node;
+ }
+ if (!is_pk && (node->pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ node->pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ && keydb_check_key (node->pkt)
+ && (node->pkt->pkt.secret_key->pk->pubkey_usage & req_usage))
+ {
+ if (node->pkt->pkt.secret_key->pk->timestamp > timestamp)
+ key = node;
+ }
+
+ }
+ return key;
+}
+
+
+static cdk_kbnode_t
+keydb_find_bykeyid (cdk_kbnode_t root, const u32 * keyid, int search_mode)
+{
+ cdk_kbnode_t node;
+ u32 kid[2];
+
+ for (node = root; node; node = node->next)
+ {
+ if (!_cdk_pkt_get_keyid (node->pkt, kid))
+ continue;
+ if (search_mode == CDK_DBSEARCH_SHORT_KEYID && kid[1] == keyid[1])
+ return node;
+ else if (kid[0] == keyid[0] && kid[1] == keyid[1])
+ return node;
+ }
+ return NULL;
+}
+
+
+cdk_error_t
+_cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
+ cdk_seckey_t * ret_sk, int usage)
+{
+ cdk_kbnode_t knode = NULL;
+ cdk_kbnode_t node, sk_node, pk_node;
+ cdk_pkt_seckey_t sk;
+ cdk_error_t rc;
+ const char *s;
+ int pkttype;
+ cdk_keydb_search_t st;
+
+ if (!ret_sk || !usage)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ if (!hd)
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_sk = NULL;
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = cdk_keydb_search (st, hd, &knode);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ cdk_keydb_search_release (st);
+
+ sk_node = keydb_find_byusage (knode, usage, 0);
+ if (!sk_node)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return CDK_Unusable_Key;
+ }
+
+ /* We clone the node with the secret key to avoid that the
+ packet will be released. */
+ _cdk_kbnode_clone (sk_node);
+ sk = sk_node->pkt->pkt.secret_key;
+
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID)
+ {
+ s = node->pkt->pkt.user_id->name;
+ if (sk && !sk->pk->uid && _cdk_memistr (s, strlen (s), name))
+ {
+ _cdk_copy_userid (&sk->pk->uid, node->pkt->pkt.user_id);
+ break;
+ }
+ }
+ }
+
+ /* To find the self signature, we need the primary public key because
+ the selected secret key might be different from the primary key. */
+ pk_node = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
+ if (!pk_node)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return CDK_Unusable_Key;
+ }
+ node = find_selfsig_node (knode, pk_node->pkt->pkt.secret_key->pk);
+ if (sk->pk->uid && node)
+ _cdk_copy_signature (&sk->pk->uid->selfsig, node->pkt->pkt.signature);
+
+ /* We only release the outer packet. */
+ _cdk_pkt_detach_free (sk_node->pkt, &pkttype, (void *) &sk);
+ cdk_kbnode_release (knode);
+ *ret_sk = sk;
+ return rc;
+}
+
+
+cdk_error_t
+_cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
+ cdk_pubkey_t * ret_pk, int usage)
+{
+ cdk_kbnode_t knode, node, pk_node;
+ cdk_pkt_pubkey_t pk;
+ const char *s;
+ cdk_error_t rc;
+ cdk_keydb_search_t st;
+
+ if (!ret_pk || !usage)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (!hd)
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_pk = NULL;
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, (char *) name);
+ if (!rc)
+ rc = cdk_keydb_search (st, hd, &knode);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ cdk_keydb_search_release (st);
+
+ node = keydb_find_byusage (knode, usage, 1);
+ if (!node)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return CDK_Unusable_Key;
+ }
+
+ pk = NULL;
+ _cdk_copy_pubkey (&pk, node->pkt->pkt.public_key);
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID)
+ {
+ s = node->pkt->pkt.user_id->name;
+ if (pk && !pk->uid && _cdk_memistr (s, strlen (s), name))
+ {
+ _cdk_copy_userid (&pk->uid, node->pkt->pkt.user_id);
+ break;
+ }
+ }
+ }
+
+ /* Same as in the sk code, the selected key can be a sub key
+ and thus we need the primary key to find the self sig. */
+ pk_node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
+ if (!pk_node)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return CDK_Unusable_Key;
+ }
+ node = find_selfsig_node (knode, pk_node->pkt->pkt.public_key);
+ if (pk->uid && node)
+ _cdk_copy_signature (&pk->uid->selfsig, node->pkt->pkt.signature);
+ cdk_kbnode_release (knode);
+
+ *ret_pk = pk;
+ return rc;
+}
+
+
+/**
+ * cdk_keydb_get_pk:
+ * @hd: key db handle
+ * @keyid: keyid of the key
+ * @r_pk: the allocated public key
+ *
+ * Perform a key database search by keyid and return the raw public
+ * key without any signatures or user id's.
+ **/
+cdk_error_t
+cdk_keydb_get_pk (cdk_keydb_hd_t hd, u32 * keyid, cdk_pubkey_t * r_pk)
+{
+ cdk_kbnode_t knode = NULL, node;
+ cdk_pubkey_t pk;
+ cdk_error_t rc;
+ size_t s_type;
+ int pkttype;
+ cdk_keydb_search_t st;
+
+ if (!keyid || !r_pk)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (!hd)
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Keyring;
+ }
+
+ *r_pk = NULL;
+ s_type = !keyid[0] ? CDK_DBSEARCH_SHORT_KEYID : CDK_DBSEARCH_KEYID;
+ rc = cdk_keydb_search_start (&st, hd, s_type, keyid);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ rc = cdk_keydb_search (st, hd, &knode);
+ cdk_keydb_search_release (st);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ node = keydb_find_bykeyid (knode, keyid, s_type);
+ if (!node)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+
+ /* See comment in cdk_keydb_get_sk() */
+ _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &pk);
+ *r_pk = pk;
+ _cdk_kbnode_clone (node);
+ cdk_kbnode_release (knode);
+
+ return rc;
+}
+
+
+/**
+ * cdk_keydb_get_sk:
+ * @hd: key db handle
+ * @keyid: the keyid of the key
+ * @ret_sk: the allocated secret key
+ *
+ * Perform a key database search by keyid and return
+ * only the raw secret key without the additional nodes,
+ * like the user id or the signatures.
+ **/
+cdk_error_t
+cdk_keydb_get_sk (cdk_keydb_hd_t hd, u32 * keyid, cdk_seckey_t * ret_sk)
+{
+ cdk_kbnode_t snode, node;
+ cdk_seckey_t sk;
+ cdk_error_t rc;
+ int pkttype;
+
+ if (!keyid || !ret_sk)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (!hd)
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Keyring;
+ }
+
+ *ret_sk = NULL;
+ rc = cdk_keydb_get_bykeyid (hd, keyid, &snode);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ node = keydb_find_bykeyid (snode, keyid, CDK_DBSEARCH_KEYID);
+ if (!node)
+ {
+ cdk_kbnode_release (snode);
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+
+ /* We need to release the packet itself but not its contents
+ and thus we detach the openpgp packet and release the structure. */
+ _cdk_pkt_detach_free (node->pkt, &pkttype, (void *) &sk);
+ _cdk_kbnode_clone (node);
+ cdk_kbnode_release (snode);
+
+ *ret_sk = sk;
+ return 0;
+}
+
+
+static int
+is_selfsig (cdk_kbnode_t node, const u32 * keyid)
+{
+ cdk_pkt_signature_t sig;
+
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ return 0;
+ sig = node->pkt->pkt.signature;
+ if ((sig->sig_class >= 0x10 && sig->sig_class <= 0x13) &&
+ sig->keyid[0] == keyid[0] && sig->keyid[1] == keyid[1])
+ return 1;
+
+ return 0;
+}
+
+
+/* Find the newest self signature for the public key @pk
+ and return the signature node. */
+static cdk_kbnode_t
+find_selfsig_node (cdk_kbnode_t key, cdk_pkt_pubkey_t pk)
+{
+ cdk_kbnode_t n, sig;
+ unsigned int ts;
+ u32 keyid[2];
+
+ cdk_pk_get_keyid (pk, keyid);
+ sig = NULL;
+ ts = 0;
+ for (n = key; n; n = n->next)
+ {
+ if (is_selfsig (n, keyid) && n->pkt->pkt.signature->timestamp > ts)
+ {
+ ts = n->pkt->pkt.signature->timestamp;
+ sig = n;
+ }
+ }
+
+ return sig;
+}
+
+static unsigned int
+key_usage_to_cdk_usage (unsigned int usage)
+{
+ unsigned key_usage = 0;
+
+ if (usage & 0x01) /* cert + sign data */
+ key_usage |= CDK_KEY_USG_CERT_SIGN;
+ if (usage & 0x02) /* cert + sign data */
+ key_usage |= CDK_KEY_USG_DATA_SIGN;
+ if (usage & 0x04) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_COMM_ENCR;
+ if (usage & 0x08) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_STORAGE_ENCR;
+ if (usage & 0x10) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_SPLIT_KEY;
+ if (usage & 0x20)
+ key_usage |= CDK_KEY_USG_AUTH;
+ if (usage & 0x80) /* encrypt comm. + storage */
+ key_usage |= CDK_KEY_USG_SHARED_KEY;
+
+ return key_usage;
+}
+
+static cdk_error_t
+keydb_merge_selfsig (cdk_kbnode_t key, u32 * keyid)
+{
+ cdk_kbnode_t node, kbnode, unode;
+ cdk_subpkt_t s = NULL;
+ cdk_pkt_signature_t sig = NULL;
+ cdk_pkt_userid_t uid = NULL;
+ const byte *symalg = NULL, *hashalg = NULL, *compalg = NULL;
+ size_t nsymalg = 0, nhashalg = 0, ncompalg = 0, n = 0;
+ size_t key_expire = 0;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ for (node = key; node; node = node->next)
+ {
+ if (!is_selfsig (node, keyid))
+ continue;
+ unode = cdk_kbnode_find_prev (key, node, CDK_PKT_USER_ID);
+ if (!unode)
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ uid = unode->pkt->pkt.user_id;
+ sig = node->pkt->pkt.signature;
+ s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PRIMARY_UID);
+ if (s)
+ uid->is_primary = 1;
+ s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_FEATURES);
+ if (s && s->size == 1 && s->d[0] & 0x01)
+ uid->mdc_feature = 1;
+ s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s && s->size == 4)
+ key_expire = _cdk_buftou32 (s->d);
+ s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_SYM);
+ if (s)
+ {
+ symalg = s->d;
+ nsymalg = s->size;
+ n += s->size + 1;
+ }
+ s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_HASH);
+ if (s)
+ {
+ hashalg = s->d;
+ nhashalg = s->size;
+ n += s->size + 1;
+ }
+ s = cdk_subpkt_find (sig->hashed, CDK_SIGSUBPKT_PREFS_ZIP);
+ if (s)
+ {
+ compalg = s->d;
+ ncompalg = s->size;
+ n += s->size + 1;
+ }
+ if (uid->prefs != NULL)
+ cdk_free (uid->prefs);
+ if (!n || !hashalg || !compalg || !symalg)
+ uid->prefs = NULL;
+ else
+ {
+ uid->prefs = cdk_calloc (1, sizeof (*uid->prefs) * (n + 1));
+ if (!uid->prefs)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ n = 0;
+ for (; nsymalg; nsymalg--, n++)
+ {
+ uid->prefs[n].type = CDK_PREFTYPE_SYM;
+ uid->prefs[n].value = *symalg++;
+ }
+ for (; nhashalg; nhashalg--, n++)
+ {
+ uid->prefs[n].type = CDK_PREFTYPE_HASH;
+ uid->prefs[n].value = *hashalg++;
+ }
+ for (; ncompalg; ncompalg--, n++)
+ {
+ uid->prefs[n].type = CDK_PREFTYPE_ZIP;
+ uid->prefs[n].value = *compalg++;
+ }
+
+ uid->prefs[n].type = CDK_PREFTYPE_NONE; /* end of list marker */
+ uid->prefs[n].value = 0;
+ uid->prefs_size = n;
+ }
+ }
+
+ /* Now we add the extracted information to the primary key. */
+ kbnode = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
+ if (kbnode)
+ {
+ cdk_pkt_pubkey_t pk = kbnode->pkt->pkt.public_key;
+ if (uid && uid->prefs && n)
+ {
+ if (pk->prefs != NULL)
+ cdk_free (pk->prefs);
+ pk->prefs = _cdk_copy_prefs (uid->prefs);
+ pk->prefs_size = n;
+ }
+ if (key_expire)
+ {
+ pk->expiredate = pk->timestamp + key_expire;
+ pk->has_expired = pk->expiredate > (u32) time (NULL) ? 0 : 1;
+ }
+
+ pk->is_invalid = 0;
+ }
+
+ return 0;
+}
+
+
+static cdk_error_t
+keydb_parse_allsigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd, int check)
+{
+ cdk_kbnode_t node, kb;
+ cdk_pkt_signature_t sig;
+ cdk_pkt_pubkey_t pk;
+ cdk_subpkt_t s = NULL;
+ u32 expiredate = 0, curtime = (u32) time (NULL);
+ u32 keyid[2];
+
+ if (!knode)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (check && !hd)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ kb = cdk_kbnode_find (knode, CDK_PKT_SECRET_KEY);
+ if (kb)
+ return 0;
+
+ /* Reset */
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_USER_ID)
+ node->pkt->pkt.user_id->is_revoked = 0;
+ else if (node->pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_revoked = 0;
+ }
+
+ kb = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
+ if (!kb)
+ {
+ gnutls_assert ();
+ return CDK_Wrong_Format;
+ }
+ cdk_pk_get_keyid (kb->pkt->pkt.public_key, keyid);
+
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE)
+ {
+ sig = node->pkt->pkt.signature;
+ /* Revocation certificates for primary keys */
+ if (sig->sig_class == 0x20)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
+ if (kb)
+ {
+ kb->pkt->pkt.public_key->is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certificates for subkeys */
+ else if (sig->sig_class == 0x28)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
+ if (kb)
+ {
+ kb->pkt->pkt.public_key->is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Revocation certifcates for user ID's */
+ else if (sig->sig_class == 0x30)
+ {
+ if (sig->keyid[0] != keyid[0] || sig->keyid[1] != keyid[1])
+ continue; /* revokes an earlier signature, no userID. */
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_USER_ID);
+ if (kb)
+ {
+ kb->pkt->pkt.user_id->is_revoked = 1;
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for primary keys */
+ else if (sig->sig_class == 0x1F)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_KEY);
+ if (kb)
+ {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s)
+ {
+ expiredate = _cdk_buftou32 (s->d);
+ pk->expiredate = pk->timestamp + expiredate;
+ pk->has_expired = pk->expiredate > curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ /* Direct certificates for subkeys */
+ else if (sig->sig_class == 0x18)
+ {
+ kb = cdk_kbnode_find_prev (knode, node, CDK_PKT_PUBLIC_SUBKEY);
+ if (kb)
+ {
+ pk = kb->pkt->pkt.public_key;
+ pk->is_invalid = 0;
+ s = cdk_subpkt_find (node->pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_EXPIRE);
+ if (s)
+ {
+ expiredate = _cdk_buftou32 (s->d);
+ pk->expiredate = pk->timestamp + expiredate;
+ pk->has_expired = pk->expiredate > curtime ? 0 : 1;
+ }
+ if (check)
+ _cdk_pk_check_sig (hd, kb, node, NULL, NULL);
+ }
+ else
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+ }
+ }
+ }
+ node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
+ if (node && node->pkt->pkt.public_key->version == 3)
+ {
+ /* v3 public keys have no additonal signatures for the key directly.
+ we say the key is valid when we have at least a self signature. */
+ pk = node->pkt->pkt.public_key;
+ for (node = knode; node; node = node->next)
+ {
+ if (is_selfsig (node, keyid))
+ {
+ pk->is_invalid = 0;
+ break;
+ }
+ }
+ }
+ if (node && (node->pkt->pkt.public_key->is_revoked ||
+ node->pkt->pkt.public_key->has_expired))
+ {
+ /* If the primary key has been revoked, mark all subkeys as invalid
+ because without a primary key they are not useable */
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ node->pkt->pkt.public_key->is_invalid = 1;
+ }
+ }
+
+ return 0;
+}
+
+static void
+add_key_usage (cdk_kbnode_t knode, u32 keyid[2], unsigned int usage)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if ((pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY)
+ && pkt->pkt.public_key->keyid[0] == keyid[0]
+ && pkt->pkt.public_key->keyid[1] == keyid[1])
+ {
+ pkt->pkt.public_key->pubkey_usage = usage;
+ return;
+ }
+ }
+ return;
+}
+
+cdk_error_t
+cdk_keydb_get_keyblock (cdk_stream_t inp, cdk_kbnode_t * r_knode)
+{
+ cdk_packet_t pkt;
+ cdk_kbnode_t knode, node;
+ cdk_desig_revoker_t revkeys;
+ cdk_error_t rc;
+ u32 keyid[2], main_keyid[2];
+ off_t old_off;
+ int key_seen, got_key;
+
+ if (!inp || !r_knode)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ /* Reset all values. */
+ keyid[0] = keyid[1] = 0;
+ main_keyid[0] = main_keyid[1] = 0;
+ revkeys = NULL;
+ knode = NULL;
+ key_seen = got_key = 0;
+
+ *r_knode = NULL;
+ rc = CDK_EOF;
+ while (!cdk_stream_eof (inp))
+ {
+ cdk_pkt_new (&pkt);
+ old_off = cdk_stream_tell (inp);
+ rc = cdk_pkt_read (inp, pkt);
+ if (rc)
+ {
+ cdk_pkt_release (pkt);
+ if (rc == CDK_EOF)
+ break;
+ else
+ { /* Release all packets we reached so far. */
+ _cdk_log_debug ("keydb_get_keyblock: error %d\n", rc);
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ if (key_seen && (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY))
+ {
+ /* The next key starts here so set the file pointer
+ and leave the loop. */
+ cdk_stream_seek (inp, old_off);
+ cdk_pkt_release (pkt);
+ break;
+ }
+ if (pkt->pkttype == CDK_PKT_PUBLIC_KEY ||
+ pkt->pkttype == CDK_PKT_SECRET_KEY)
+ {
+ _cdk_pkt_get_keyid (pkt, main_keyid);
+ key_seen = 1;
+ }
+ else if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY ||
+ pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ {
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ {
+ pkt->pkt.public_key->main_keyid[0] = main_keyid[0];
+ pkt->pkt.public_key->main_keyid[1] = main_keyid[1];
+ }
+ else
+ {
+ pkt->pkt.secret_key->main_keyid[0] = main_keyid[0];
+ pkt->pkt.secret_key->main_keyid[1] = main_keyid[1];
+ }
+ }
+ /* We save this for the signature */
+ _cdk_pkt_get_keyid (pkt, keyid);
+ got_key = 1;
+ }
+ else if (pkt->pkttype == CDK_PKT_USER_ID)
+ ;
+ else if (pkt->pkttype == CDK_PKT_SIGNATURE)
+ {
+ cdk_subpkt_t s;
+
+ pkt->pkt.signature->key[0] = keyid[0];
+ pkt->pkt.signature->key[1] = keyid[1];
+ if (pkt->pkt.signature->sig_class == 0x1F &&
+ pkt->pkt.signature->revkeys)
+ revkeys = pkt->pkt.signature->revkeys;
+
+ s =
+ cdk_subpkt_find (pkt->pkt.signature->hashed,
+ CDK_SIGSUBPKT_KEY_FLAGS);
+ if (s)
+ {
+ unsigned int key_usage = key_usage_to_cdk_usage (s->d[0]);
+ add_key_usage (knode, pkt->pkt.signature->key, key_usage);
+ }
+ }
+ node = cdk_kbnode_new (pkt);
+ if (!knode)
+ knode = node;
+ else
+ _cdk_kbnode_add (knode, node);
+ }
+
+ if (got_key)
+ {
+ keydb_merge_selfsig (knode, main_keyid);
+ rc = keydb_parse_allsigs (knode, NULL, 0);
+ if (revkeys)
+ {
+ node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
+ if (node)
+ node->pkt->pkt.public_key->revkeys = revkeys;
+ }
+ }
+ else
+ cdk_kbnode_release (knode);
+ *r_knode = got_key ? knode : NULL;
+
+ /* It is possible that we are in an EOF condition after we
+ successfully read a keyblock. For example if the requested
+ key is the last in the file. */
+ if (rc == CDK_EOF && got_key)
+ rc = 0;
+ return rc;
+}
+
+
+/* Return the type of the given data. In case it cannot be classified,
+ a substring search will be performed. */
+static int
+classify_data (const byte * buf, size_t len)
+{
+ int type;
+ unsigned int i;
+
+ if (buf[0] == '0' && (buf[1] == 'x' || buf[1] == 'X'))
+ { /* Skip hex prefix. */
+ buf += 2;
+ len -= 2;
+ }
+
+ /* The length of the data does not match either a keyid or a fingerprint. */
+ if (len != 8 && len != 16 && len != 40)
+ return CDK_DBSEARCH_SUBSTR;
+
+ for (i = 0; i < len; i++)
+ {
+ if (!isxdigit (buf[i]))
+ return CDK_DBSEARCH_SUBSTR;
+ }
+ if (i != len)
+ return CDK_DBSEARCH_SUBSTR;
+ switch (len)
+ {
+ case 8:
+ type = CDK_DBSEARCH_SHORT_KEYID;
+ break;
+ case 16:
+ type = CDK_DBSEARCH_KEYID;
+ break;
+ case 40:
+ type = CDK_DBSEARCH_FPR;
+ break;
+ default:
+ type = CDK_DBSEARCH_SUBSTR;
+ break;
+ }
+
+ return type;
+}
+
+
+/**
+ * cdk_keydb_export:
+ * @hd: the keydb handle
+ * @out: the output stream
+ * @remusr: the list of key pattern to export
+ *
+ * Export a list of keys to the given output stream.
+ * Use string list with names for pattering searching.
+ * This procedure strips local signatures.
+ **/
+cdk_error_t
+cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out, cdk_strlist_t remusr)
+{
+ cdk_kbnode_t knode, node;
+ cdk_strlist_t r;
+ cdk_error_t rc;
+ int old_ctb;
+ cdk_keydb_search_t st;
+
+ for (r = remusr; r; r = r->next)
+ {
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_AUTO, r->d);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ rc = cdk_keydb_search (st, hd, &knode);
+ cdk_keydb_search_release (st);
+
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ node = cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY);
+ if (!node)
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+
+ /* If the key is a version 3 key, use the old packet
+ format for the output. */
+ if (node->pkt->pkt.public_key->version == 3)
+ old_ctb = 1;
+ else
+ old_ctb = 0;
+
+ for (node = knode; node; node = node->next)
+ {
+ /* No specified format; skip them */
+ if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
+ continue;
+ /* We never export local signed signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable)
+ continue;
+ /* Filter out invalid signatures */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ (!KEY_CAN_SIGN (node->pkt->pkt.signature->pubkey_algo)))
+ continue;
+
+ /* Adjust the ctb flag if needed. */
+ node->pkt->old_ctb = old_ctb;
+ rc = cdk_pkt_write (out, node->pkt);
+ if (rc)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+ cdk_kbnode_release (knode);
+ knode = NULL;
+ }
+ return 0;
+}
+
+
+static cdk_packet_t
+find_key_packet (cdk_kbnode_t knode, int *r_is_sk)
+{
+ cdk_packet_t pkt;
+
+ pkt = cdk_kbnode_find_packet (knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ {
+ pkt = cdk_kbnode_find_packet (knode, CDK_PKT_SECRET_KEY);
+ if (r_is_sk)
+ *r_is_sk = pkt ? 1 : 0;
+ }
+ return pkt;
+}
+
+
+/* Return 1 if the is allowd in a key node. */
+static int
+is_key_node (cdk_kbnode_t node)
+{
+ switch (node->pkt->pkttype)
+ {
+ case CDK_PKT_SIGNATURE:
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ case CDK_PKT_USER_ID:
+ case CDK_PKT_ATTRIBUTE:
+ return 1;
+
+ default:
+ return 0;
+ }
+
+ return 0;
+}
+
+
+cdk_error_t
+cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode)
+{
+ cdk_kbnode_t node, chk;
+ cdk_packet_t pkt;
+ cdk_stream_t out;
+ cdk_error_t rc;
+ u32 keyid[2];
+
+ if (!hd || !knode)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ pkt = find_key_packet (knode, NULL);
+ if (!pkt)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Packet;
+ }
+
+ _cdk_pkt_get_keyid (pkt, keyid);
+ chk = NULL;
+ cdk_keydb_get_bykeyid (hd, keyid, &chk);
+ if (chk)
+ { /* FIXME: search for new signatures */
+ cdk_kbnode_release (chk);
+ return 0;
+ }
+
+ /* We append data to the stream so we need to close
+ the stream here to re-open it later. */
+ if (hd->fp)
+ {
+ cdk_stream_close (hd->fp);
+ hd->fp = NULL;
+ }
+
+ rc = _cdk_stream_append (hd->name, &out);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ for (node = knode; node; node = node->next)
+ {
+ if (node->pkt->pkttype == CDK_PKT_RING_TRUST)
+ continue; /* No uniformed syntax for this packet */
+ if (node->pkt->pkttype == CDK_PKT_SIGNATURE &&
+ !node->pkt->pkt.signature->flags.exportable)
+ {
+ _cdk_log_debug ("key db import: skip local signature\n");
+ continue;
+ }
+
+ if (!is_key_node (node))
+ {
+ _cdk_log_debug ("key db import: skip invalid node of type %d\n",
+ node->pkt->pkttype);
+ continue;
+ }
+
+ rc = cdk_pkt_write (out, node->pkt);
+ if (rc)
+ {
+ cdk_stream_close (out);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ cdk_stream_close (out);
+ hd->stats.new_keys++;
+
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid, const char *id)
+{
+ cdk_kbnode_t knode = NULL, unode = NULL;
+ cdk_error_t rc;
+ int check;
+ cdk_keydb_search_t st;
+
+ if (!hd)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ rc = cdk_keydb_search (st, hd, &knode);
+ cdk_keydb_search_release (st);
+
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
+ if (!rc)
+ {
+ rc = cdk_keydb_search (st, hd, &unode);
+ cdk_keydb_search_release (st);
+ }
+ if (rc)
+ {
+ cdk_kbnode_release (knode);
+ gnutls_assert ();
+ return rc;
+ }
+
+ check = 0;
+ cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_KEYID, keyid);
+ if (unode && find_by_keyid (unode, st))
+ check++;
+ cdk_keydb_search_release (st);
+ cdk_kbnode_release (unode);
+
+ cdk_keydb_search_start (&st, hd, CDK_DBSEARCH_EXACT, (char *) id);
+ if (knode && find_by_pattern (knode, st))
+ check++;
+ cdk_keydb_search_release (st);
+ cdk_kbnode_release (knode);
+
+ return check == 2 ? 0 : CDK_Inv_Value;
+}
+
+
+/**
+ * cdk_keydb_check_sk:
+ * @hd: the key db handle
+ * @keyid: the 64-bit keyid
+ *
+ * Check if a secret key with the given key ID is available
+ * in the key database.
+ **/
+cdk_error_t
+cdk_keydb_check_sk (cdk_keydb_hd_t hd, u32 * keyid)
+{
+ cdk_stream_t db;
+ cdk_packet_t pkt;
+ cdk_error_t rc;
+ u32 kid[2];
+
+ if (!hd || !keyid)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (!hd->secret)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ rc = _cdk_keydb_open (hd, &db);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ cdk_pkt_new (&pkt);
+ while (!cdk_pkt_read (db, pkt))
+ {
+ if (pkt->pkttype != CDK_PKT_SECRET_KEY &&
+ pkt->pkttype != CDK_PKT_SECRET_SUBKEY)
+ {
+ cdk_pkt_free (pkt);
+ continue;
+ }
+ cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
+ if (KEYID_CMP (kid, keyid))
+ {
+ cdk_pkt_release (pkt);
+ return 0;
+ }
+ cdk_pkt_free (pkt);
+ }
+ cdk_pkt_release (pkt);
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+}
+
+
+/**
+ * cdk_listkey_start:
+ * @r_ctx: pointer to store the new context
+ * @db: the key database handle
+ * @patt: string pattern
+ * @fpatt: recipients from a stringlist to show
+ *
+ * Prepare a key listing with the given parameters. Two modes are supported.
+ * The first mode uses string pattern to determine if the key should be
+ * returned or not. The other mode uses a string list to request the key
+ * which should be listed.
+ **/
+cdk_error_t
+cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
+ const char *patt, cdk_strlist_t fpatt)
+{
+ cdk_listkey_t ctx;
+ cdk_stream_t inp;
+ cdk_error_t rc;
+
+ if (!r_ctx || !db)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if ((patt && fpatt) || (!patt && !fpatt))
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ rc = _cdk_keydb_open (db, &inp);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ ctx = cdk_calloc (1, sizeof *ctx);
+ if (!ctx)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ ctx->db = db;
+ ctx->inp = inp;
+ if (patt)
+ {
+ ctx->u.patt = cdk_strdup (patt);
+ if (!ctx->u.patt)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ }
+ else if (fpatt)
+ {
+ cdk_strlist_t l;
+ for (l = fpatt; l; l = l->next)
+ cdk_strlist_add (&ctx->u.fpatt, l->d);
+ }
+ ctx->type = patt ? 1 : 0;
+ ctx->init = 1;
+ *r_ctx = ctx;
+ return 0;
+}
+
+
+/**
+ * cdk_listkey_close:
+ * @ctx: the list key context
+ *
+ * Free the list key context.
+ **/
+void
+cdk_listkey_close (cdk_listkey_t ctx)
+{
+ if (!ctx)
+ return;
+
+ if (ctx->type)
+ cdk_free (ctx->u.patt);
+ else
+ cdk_strlist_free (ctx->u.fpatt);
+ cdk_free (ctx);
+}
+
+
+/**
+ * cdk_listkey_next:
+ * @ctx: list key context
+ * @r_key: the pointer to the new key node object
+ *
+ * Retrieve the next key from the pattern of the key list context.
+ **/
+cdk_error_t
+cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key)
+{
+ if (!ctx || !ret_key)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (!ctx->init)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ if (ctx->type && ctx->u.patt[0] == '*')
+ return cdk_keydb_get_keyblock (ctx->inp, ret_key);
+ else if (ctx->type)
+ {
+ cdk_kbnode_t node;
+ struct cdk_keydb_search_s ks;
+ cdk_error_t rc;
+
+ for (;;)
+ {
+ rc = cdk_keydb_get_keyblock (ctx->inp, &node);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ memset (&ks, 0, sizeof (ks));
+ ks.type = CDK_DBSEARCH_SUBSTR;
+ ks.u.pattern = ctx->u.patt;
+ if (find_by_pattern (node, &ks))
+ {
+ *ret_key = node;
+ return 0;
+ }
+ cdk_kbnode_release (node);
+ node = NULL;
+ }
+ }
+ else
+ {
+ if (!ctx->t)
+ ctx->t = ctx->u.fpatt;
+ else if (ctx->t->next)
+ ctx->t = ctx->t->next;
+ else
+ return CDK_EOF;
+ return cdk_keydb_get_bypattern (ctx->db, ctx->t->d, ret_key);
+ }
+ gnutls_assert ();
+ return CDK_General_Error;
+}
+
+
+int
+_cdk_keydb_is_secret (cdk_keydb_hd_t db)
+{
+ return db->secret;
+}
--- /dev/null
+/* Internal key index structure. */
+struct key_idx_s
+{
+ off_t offset;
+ u32 keyid[2];
+ byte fpr[KEY_FPR_LEN];
+};
+typedef struct key_idx_s *key_idx_t;
+
+/* Internal key cache to associate a key with an file offset. */
+struct key_table_s
+{
+ struct key_table_s *next;
+ off_t offset;
+};
+typedef struct key_table_s *key_table_t;
+
+typedef struct cdk_keydb_search_s
+{
+ off_t off; /* last file offset */
+ union
+ {
+ char *pattern; /* A search is performed by pattern. */
+ u32 keyid[2]; /* A search by keyid. */
+ byte fpr[KEY_FPR_LEN]; /* A search by fingerprint. */
+ } u;
+ int type;
+ struct key_table_s *cache;
+ size_t ncache;
+ unsigned int no_cache:1; /* disable the index cache. */
+
+ cdk_stream_t idx;
+ char *idx_name; /* name of the index file or NULL. */
+
+} cdk_keydb_search_s;
+
+/* Internal key database handle. */
+struct cdk_keydb_hd_s
+{
+ int type; /* type of the key db handle. */
+ int fp_ref; /* 1=means it is a reference and shall not be closed. */
+ cdk_stream_t fp;
+ char *name; /* name of the underlying file or NULL. */
+ unsigned int secret:1; /* contain secret keys. */
+ unsigned int isopen:1; /* the underlying stream is opened. */
+
+ /* structure to store some stats about the keydb. */
+ struct
+ {
+ size_t new_keys; /* amount of new keys that were imported. */
+ } stats;
+};
--- /dev/null
+/* literal.c - Literal packet filters
+ * Copyright (C) 2002, 2003, 2008, 2009, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <time.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "filters.h"
+
+
+/* Duplicate the string @s but strip of possible
+ relative folder names of it. */
+static char *
+dup_trim_filename (const char *s)
+{
+ char *p = NULL;
+
+ p = strrchr (s, '/');
+ if (!p)
+ p = strrchr (s, '\\');
+ if (!p)
+ return cdk_strdup (s);
+ return cdk_strdup (p + 1);
+}
+
+
+static cdk_error_t
+literal_decode (void *data, FILE * in, FILE * out)
+{
+ literal_filter_t *pfx = data;
+ cdk_stream_t si, so;
+ cdk_packet_t pkt;
+ cdk_pkt_literal_t pt;
+ byte buf[BUFSIZE];
+ ssize_t nread;
+ int bufsize;
+ cdk_error_t rc;
+
+ _cdk_log_debug ("literal filter: decode\n");
+
+ if (!pfx || !in || !out)
+ return CDK_Inv_Value;
+
+ rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
+ if (rc)
+ return rc;
+
+ cdk_pkt_new (&pkt);
+ rc = cdk_pkt_read (si, pkt);
+ if (rc || pkt->pkttype != CDK_PKT_LITERAL)
+ {
+ cdk_pkt_release (pkt);
+ cdk_stream_close (si);
+ return !rc ? CDK_Inv_Packet : rc;
+ }
+
+ rc = _cdk_stream_fpopen (out, STREAMCTL_WRITE, &so);
+ if (rc)
+ {
+ cdk_pkt_release (pkt);
+ cdk_stream_close (si);
+ return rc;
+ }
+
+ pt = pkt->pkt.literal;
+ pfx->mode = pt->mode;
+
+ if (pfx->filename && pt->namelen > 0)
+ {
+ /* The name in the literal packet is more authorative. */
+ cdk_free (pfx->filename);
+ pfx->filename = dup_trim_filename (pt->name);
+ }
+ else if (!pfx->filename && pt->namelen > 0)
+ pfx->filename = dup_trim_filename (pt->name);
+ else if (!pt->namelen && !pfx->filename && pfx->orig_filename)
+ {
+ /* In this case, we need to derrive the output file name
+ from the original name and cut off the OpenPGP extension.
+ If this is not possible, we return an error. */
+ if (!stristr (pfx->orig_filename, ".gpg") &&
+ !stristr (pfx->orig_filename, ".pgp") &&
+ !stristr (pfx->orig_filename, ".asc"))
+ {
+ cdk_pkt_release (pkt);
+ cdk_stream_close (si);
+ cdk_stream_close (so);
+ _cdk_log_debug
+ ("literal filter: no file name and no PGP extension\n");
+ return CDK_Inv_Mode;
+ }
+ _cdk_log_debug ("literal filter: derrive file name from original\n");
+ pfx->filename = dup_trim_filename (pfx->orig_filename);
+ pfx->filename[strlen (pfx->filename) - 4] = '\0';
+ }
+
+ while (!feof (in))
+ {
+ _cdk_log_debug ("literal_decode: part on %d size %lu\n",
+ (int) pfx->blkmode.on, pfx->blkmode.size);
+ if (pfx->blkmode.on)
+ bufsize = pfx->blkmode.size;
+ else
+ bufsize = pt->len < DIM (buf) ? pt->len : DIM (buf);
+ nread = cdk_stream_read (pt->buf, buf, bufsize);
+ if (nread == EOF)
+ {
+ rc = CDK_File_Error;
+ break;
+ }
+ if (pfx->md_initialized)
+ _gnutls_hash (&pfx->md, buf, nread);
+ cdk_stream_write (so, buf, nread);
+ pt->len -= nread;
+ if (pfx->blkmode.on)
+ {
+ pfx->blkmode.size = _cdk_pkt_read_len (in, &pfx->blkmode.on);
+ if ((ssize_t) pfx->blkmode.size == EOF)
+ return CDK_Inv_Packet;
+ }
+ if (pt->len <= 0 && !pfx->blkmode.on)
+ break;
+ }
+
+ cdk_stream_close (si);
+ cdk_stream_close (so);
+ cdk_pkt_release (pkt);
+ return rc;
+}
+
+
+static char
+intmode_to_char (int mode)
+{
+ switch (mode)
+ {
+ case CDK_LITFMT_BINARY:
+ return 'b';
+ case CDK_LITFMT_TEXT:
+ return 't';
+ case CDK_LITFMT_UNICODE:
+ return 'u';
+ default:
+ return 'b';
+ }
+
+ return 'b';
+}
+
+
+static cdk_error_t
+literal_encode (void *data, FILE * in, FILE * out)
+{
+ literal_filter_t *pfx = data;
+ cdk_pkt_literal_t pt;
+ cdk_stream_t si;
+ cdk_packet_t pkt;
+ size_t filelen;
+ cdk_error_t rc;
+
+ _cdk_log_debug ("literal filter: encode\n");
+
+ if (!pfx || !in || !out)
+ return CDK_Inv_Value;
+ if (!pfx->filename)
+ {
+ pfx->filename = cdk_strdup ("_CONSOLE");
+ if (!pfx->filename)
+ return CDK_Out_Of_Core;
+ }
+
+ rc = _cdk_stream_fpopen (in, STREAMCTL_READ, &si);
+ if (rc)
+ return rc;
+
+ filelen = strlen (pfx->filename);
+ cdk_pkt_new (&pkt);
+ pt = pkt->pkt.literal = cdk_calloc (1, sizeof *pt + filelen);
+ pt->name = (char *) pt + sizeof (*pt);
+ if (!pt)
+ {
+ cdk_pkt_release (pkt);
+ cdk_stream_close (si);
+ return CDK_Out_Of_Core;
+ }
+ memcpy (pt->name, pfx->filename, filelen);
+ pt->namelen = filelen;
+ pt->name[pt->namelen] = '\0';
+ pt->timestamp = (u32) time (NULL);
+ pt->mode = intmode_to_char (pfx->mode);
+ pt->len = cdk_stream_get_length (si);
+ pt->buf = si;
+ pkt->old_ctb = 1;
+ pkt->pkttype = CDK_PKT_LITERAL;
+ pkt->pkt.literal = pt;
+ rc = _cdk_pkt_write_fp (out, pkt);
+
+ cdk_pkt_release (pkt);
+ cdk_stream_close (si);
+ return rc;
+}
+
+
+int
+_cdk_filter_literal (void *data, int ctl, FILE * in, FILE * out)
+{
+ if (ctl == STREAMCTL_READ)
+ return literal_decode (data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return literal_encode (data, in, out);
+ else if (ctl == STREAMCTL_FREE)
+ {
+ literal_filter_t *pfx = data;
+ if (pfx)
+ {
+ _cdk_log_debug ("free literal filter\n");
+ cdk_free (pfx->filename);
+ pfx->filename = NULL;
+ cdk_free (pfx->orig_filename);
+ pfx->orig_filename = NULL;
+ return 0;
+ }
+ }
+ return CDK_Inv_Mode;
+}
+
+
+static int
+text_encode (void *data, FILE * in, FILE * out)
+{
+ const char *s;
+ char buf[2048];
+
+ if (!in || !out)
+ return CDK_Inv_Value;
+
+ /* FIXME: This code does not work for very long lines. */
+ while (!feof (in))
+ {
+ s = fgets (buf, DIM (buf) - 1, in);
+ if (!s)
+ break;
+ _cdk_trim_string (buf, 1);
+ fwrite (buf, 1, strlen (buf), out);
+ }
+
+ return 0;
+}
+
+
+static int
+text_decode (void *data, FILE * in, FILE * out)
+{
+ text_filter_t *tfx = data;
+ const char *s;
+ char buf[2048];
+
+ if (!tfx || !in || !out)
+ return CDK_Inv_Value;
+
+ while (!feof (in))
+ {
+ s = fgets (buf, DIM (buf) - 1, in);
+ if (!s)
+ break;
+ _cdk_trim_string (buf, 0);
+ fwrite (buf, 1, strlen (buf), out);
+ fwrite (tfx->lf, 1, strlen (tfx->lf), out);
+ }
+
+ return 0;
+}
+
+
+int
+_cdk_filter_text (void *data, int ctl, FILE * in, FILE * out)
+{
+ if (ctl == STREAMCTL_READ)
+ return text_encode (data, in, out);
+ else if (ctl == STREAMCTL_WRITE)
+ return text_decode (data, in, out);
+ else if (ctl == STREAMCTL_FREE)
+ {
+ text_filter_t *tfx = data;
+ if (tfx)
+ {
+ _cdk_log_debug ("free text filter\n");
+ tfx->lf = NULL;
+ }
+ }
+ return CDK_Inv_Mode;
+}
--- /dev/null
+/* main.c
+ * Copyright (C) 2001, 2002, 2003, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef _WIN32
+#include <windows.h>
+#endif
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+
+
+/* Set a default cipher algorithm and a digest algorithm.
+ Even if AES and SHA-256 are not 'MUST' in the latest
+ OpenPGP draft, AES seems to be a good choice. */
+#define DEFAULT_DIGEST_ALGO GNUTLS_DIG_SHA256
+
+/* Use the passphrase callback in the handle HD or
+ return NULL if there is no valid callback. */
+char *
+_cdk_passphrase_get (cdk_ctx_t hd, const char *prompt)
+{
+ if (!hd || !hd->passphrase_cb)
+ return NULL;
+ return hd->passphrase_cb (hd->passphrase_cb_value, prompt);
+}
+
+
+static void
+handle_set_digest (cdk_ctx_t hd, int digest)
+{
+ if (!hd)
+ return;
+ if (_gnutls_hash_get_algo_len (digest) <= 0)
+ digest = DEFAULT_DIGEST_ALGO;
+ hd->digest_algo = digest;
+}
+
+
+static void
+handle_set_s2k (cdk_ctx_t hd, int mode, int digest)
+{
+ if (!hd)
+ return;
+ if (_gnutls_hash_get_algo_len (digest) <= 0)
+ digest = DEFAULT_DIGEST_ALGO;
+ if (mode != CDK_S2K_SIMPLE &&
+ mode != CDK_S2K_SALTED && mode != CDK_S2K_ITERSALTED)
+ mode = CDK_S2K_ITERSALTED;
+ hd->_s2k.mode = mode;
+ hd->_s2k.digest_algo = digest;
+}
+
+
+static void
+handle_set_compress (cdk_ctx_t hd, int algo, int level)
+{
+ if (!hd)
+ return;
+ if (algo < 0 || algo > 2)
+ algo = 0;
+ hd->compress.algo = algo;
+ if (!algo)
+ hd->opt.compress = 0;
+ else
+ {
+ if (level > 0 && level < 10)
+ hd->compress.level = level;
+ else
+ hd->compress.level = 6;
+ }
+}
+
+
+/**
+ * cdk_handle_control:
+ * @hd: session handle
+ * @action: flag which indicates whether put or get is requested
+ * @cmd: command id
+ *
+ * Perform various control operations for the current session.
+ **/
+int
+cdk_handle_control (cdk_ctx_t hd, int action, int cmd, ...)
+{
+ va_list arg_ptr;
+ int set = action == CDK_CTLF_SET, val = 0;
+
+ if (!hd)
+ return -1;
+
+ if (action != CDK_CTLF_SET && action != CDK_CTLF_GET)
+ return -1;
+ va_start (arg_ptr, cmd);
+ switch (cmd)
+ {
+ case CDK_CTL_ARMOR:
+ if (set)
+ hd->opt.armor = va_arg (arg_ptr, int);
+ else
+ val = hd->opt.armor;
+ break;
+
+ case CDK_CTL_DIGEST:
+ if (set)
+ handle_set_digest (hd, va_arg (arg_ptr, int));
+ else
+ val = hd->digest_algo;
+ break;
+
+ case CDK_CTL_OVERWRITE:
+ if (set)
+ hd->opt.overwrite = va_arg (arg_ptr, int);
+ else
+ val = hd->opt.overwrite;
+ break;
+
+ case CDK_CTL_COMPRESS:
+ if (set)
+ {
+ int algo = va_arg (arg_ptr, int);
+ int level = va_arg (arg_ptr, int);
+ handle_set_compress (hd, algo, level);
+ }
+ else
+ val = hd->compress.algo;
+ break;
+
+ case CDK_CTL_S2K:
+ if (set)
+ {
+ int mode = va_arg (arg_ptr, int);
+ int digest = va_arg (arg_ptr, int);
+ handle_set_s2k (hd, mode, digest);
+ }
+ else
+ val = hd->_s2k.mode;
+ break;
+
+ case CDK_CTL_FORCE_DIGEST:
+ if (set)
+ hd->opt.force_digest = va_arg (arg_ptr, int);
+ else
+ val = hd->opt.force_digest;
+ break;
+
+ case CDK_CTL_BLOCKMODE_ON:
+ if (set)
+ hd->opt.blockmode = va_arg (arg_ptr, int);
+ else
+ val = hd->opt.blockmode;
+ break;
+
+ default:
+ val = -1;
+ break;
+ }
+ va_end (arg_ptr);
+ return val;
+}
+
+
+
+/**
+ * cdk_handle_new:
+ * @r_ctx: context to store the handle
+ *
+ * create a new session handle.
+ **/
+cdk_error_t
+cdk_handle_new (cdk_ctx_t * r_ctx)
+{
+ cdk_ctx_t c;
+
+ if (!r_ctx)
+ return CDK_Inv_Value;
+
+ c = cdk_calloc (1, sizeof *c);
+ if (!c)
+ return CDK_Out_Of_Core;
+
+ /* For S2K use the iterated and salted mode and use the
+ default digest and cipher algorithms. Because the MDC
+ feature will be used, the default cipher should use a
+ blocksize of 128 bits. */
+ c->_s2k.mode = CDK_S2K_ITERSALTED;
+ c->_s2k.digest_algo = DEFAULT_DIGEST_ALGO;
+
+ c->opt.mdc = 1;
+ c->opt.compress = 1;
+ c->opt.armor = 0;
+ c->opt.textmode = 0;
+
+ c->digest_algo = DEFAULT_DIGEST_ALGO;
+
+ c->compress.algo = CDK_COMPRESS_ZIP;
+ c->compress.level = 6;
+
+ *r_ctx = c;
+ return 0;
+}
+
+
+/**
+ * cdk_handle_set_keyring:
+ * @hd: session handle
+ * @type: public=0 or secret=1 keyring type
+ * @kringname: file name of the keyring which shall be used.
+ *
+ * Convenient function to set the keyring for the current session.
+ */
+cdk_error_t
+cdk_handle_set_keyring (cdk_ctx_t hd, int type, const char *kringname)
+{
+ cdk_keydb_hd_t db;
+ cdk_error_t err;
+
+ err = cdk_keydb_new_from_file (&db, type, kringname);
+ if (err)
+ return err;
+
+ if (!type)
+ hd->db.pub = db;
+ else
+ hd->db.sec = db;
+ hd->db.close_db = 1;
+ return 0;
+}
+
+
+/**
+ * cdk_handle_set_keydb:
+ * @hd: session handle
+ * @db: the database handle
+ *
+ * set the key database handle.
+ * the function automatically detects whether this is a public or
+ * secret keyring and the right handle is set.
+ **/
+void
+cdk_handle_set_keydb (cdk_ctx_t hd, cdk_keydb_hd_t db)
+{
+ if (!hd)
+ return;
+ if (_cdk_keydb_is_secret (db))
+ hd->db.sec = db;
+ else
+ hd->db.pub = db;
+}
+
+
+/**
+ * cdk_handle_get_keydb:
+ * @hd: session handle
+ * @type: type of the keyring
+ *
+ * Return the keydb handle from the session handle.
+ * The caller should not free these handles.
+ **/
+cdk_keydb_hd_t
+cdk_handle_get_keydb (cdk_ctx_t hd, int type)
+{
+ if (!hd)
+ return NULL;
+ if (type == CDK_DBTYPE_PK_KEYRING)
+ return hd->db.pub;
+ else if (type == CDK_DBTYPE_SK_KEYRING)
+ return hd->db.sec;
+ return NULL;
+}
+
+
+/**
+ * cdk_handle_set_passphrase_cb:
+ * @hd: session handle
+ * @cb: callback function
+ * @cb_value: the opaque value for the cb function
+ *
+ * set the passphrase callback.
+ **/
+void
+cdk_handle_set_passphrase_cb (cdk_ctx_t hd,
+ char *(*cb) (void *opa, const char *prompt),
+ void *cb_value)
+{
+ if (!hd)
+ return;
+ hd->passphrase_cb = cb;
+ hd->passphrase_cb_value = cb_value;
+}
+
+
+/**
+ * cdk_handle_verify_get_result:
+ * @hd: the session handle
+ *
+ * Return the verify result for the current session.
+ * Do not free the pointer.
+ **/
+cdk_verify_result_t
+cdk_handle_verify_get_result (cdk_ctx_t hd)
+{
+ return hd->result.verify;
+}
+
+
+/**
+ * cdk_handle_free:
+ * @hd: the handle
+ *
+ * Release the main handle.
+ **/
+void
+cdk_handle_free (cdk_ctx_t hd)
+{
+ if (!hd)
+ return;
+ _cdk_result_verify_free (hd->result.verify);
+
+ /* If cdk_handle_set_keyring() were used, we need to free the key db
+ handles here because the handles are not controlled by the user. */
+ if (hd->db.close_db)
+ {
+ if (hd->db.pub)
+ cdk_keydb_free (hd->db.pub);
+ if (hd->db.sec)
+ cdk_keydb_free (hd->db.sec);
+ hd->db.pub = hd->db.sec = NULL;
+ }
+ cdk_free (hd);
+}
--- /dev/null
+/* main.h
+ * Copyright (C) 2002, 2003, 2007, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef CDK_MAIN_H
+#define CDK_MAIN_H
+
+#include "types.h"
+
+#define _cdk_log_debug _gnutls_debug_log
+#define _cdk_log_info _gnutls_x509_log
+#define _cdk_get_log_level() _gnutls_log_level
+
+#define cdk_malloc gnutls_malloc
+#define cdk_free gnutls_free
+#define cdk_calloc gnutls_calloc
+#define cdk_realloc gnutls_realloc_fast
+#define cdk_strdup gnutls_strdup
+#define cdk_salloc gnutls_secure_calloc
+
+#define map_gnutls_error _cdk_map_gnutls_error
+
+cdk_error_t map_gnutls_error (int err);
+
+/* The general size of a buffer for the variou modules. */
+#define BUFSIZE 8192
+
+/* This is the default block size for the partial length packet mode. */
+#define DEF_BLOCKSIZE 8192
+#define DEF_BLOCKBITS 13 /* 2^13 = 8192 */
+
+/* For now SHA-1 is used to create fingerprint for keys.
+ But if this will ever change, it is a good idea to
+ have a constant for it to avoid to change it in all files. */
+#define KEY_FPR_LEN 20
+
+#include "context.h"
+
+/* The maximal amount of bits a multi precsion integer can have. */
+#define MAX_MPI_BITS 16384
+#define MAX_MPI_BYTES (MAX_MPI_BITS/8)
+
+
+/* Because newer DSA variants are not limited to SHA-1, we must consider
+ that SHA-512 is used and increase the buffer size of the digest. */
+#define MAX_DIGEST_LEN 64
+
+/* Helper to find out if the signature were made over a user ID
+ or if the signature revokes a previous user ID. */
+#define IS_UID_SIG(s) (((s)->sig_class & ~3) == 0x10)
+#define IS_UID_REV(s) ((s)->sig_class == 0x30)
+
+#define DEBUG_PKT (_cdk_get_log_level () == (CDK_LOG_DEBUG+1))
+
+/* Helper to find out if a key has the requested capability. */
+#define KEY_CAN_ENCRYPT(a) ((_cdk_pk_algo_usage ((a))) & CDK_KEY_USG_ENCR)
+#define KEY_CAN_SIGN(a) ((_cdk_pk_algo_usage ((a))) & CDK_KEY_USG_SIGN)
+#define KEY_CAN_AUTH(a) ((_cdk_pk_algo_usage ((a))) & CDK_KEY_USG_AUTH)
+
+/* Helper macro to make sure the buffer is overwritten. */
+#define wipemem(_ptr,_len) do { \
+ volatile char *_vptr = (volatile char *)(_ptr); \
+ size_t _vlen = (_len); \
+ while (_vlen) \
+ { \
+ *_vptr = 0; \
+ _vptr++; \
+ _vlen--; \
+ } } while (0)
+
+/*-- armor.c --*/
+const char *_cdk_armor_get_lineend (void);
+
+/*-- main.c --*/
+char *_cdk_passphrase_get (cdk_ctx_t hd, const char *prompt);
+
+/*-- misc.c --*/
+int _cdk_check_args (int overwrite, const char *in, const char *out);
+u32 _cdk_buftou32 (const byte * buf);
+void _cdk_u32tobuf (u32 u, byte * buf);
+const char *_cdk_memistr (const char *buf, size_t buflen, const char *sub);
+FILE *_cdk_tmpfile (void);
+
+/* Helper to provide case insentensive strstr version. */
+#define stristr(haystack, needle) \
+ _cdk_memistr((haystack), strlen (haystack), (needle))
+
+/*-- proc-packet.c --*/
+cdk_error_t _cdk_proc_packets (cdk_ctx_t hd, cdk_stream_t inp,
+ cdk_stream_t data,
+ const char *output, cdk_stream_t outstream,
+ digest_hd_st * md);
+cdk_error_t _cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx);
+
+/*-- pubkey.c --*/
+u32 _cdk_pkt_get_keyid (cdk_packet_t pkt, u32 * keyid);
+cdk_error_t _cdk_pkt_get_fingerprint (cdk_packet_t pkt, byte * fpr);
+int _cdk_pk_algo_usage (int algo);
+int _cdk_pk_test_algo (int algo, unsigned int usage);
+int _cdk_sk_get_csum (cdk_pkt_seckey_t sk);
+
+/*-- new-packet.c --*/
+byte *_cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes);
+cdk_error_t _cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src);
+void _cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx);
+
+/*-- sig-check.c --*/
+cdk_error_t _cdk_sig_check (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig,
+ digest_hd_st * digest, int *r_expired);
+cdk_error_t _cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * hd);
+cdk_error_t _cdk_hash_userid (cdk_pkt_userid_t uid, int sig_version,
+ digest_hd_st * md);
+cdk_error_t _cdk_hash_pubkey (cdk_pkt_pubkey_t pk, digest_hd_st * md,
+ int use_fpr);
+cdk_error_t _cdk_pk_check_sig (cdk_keydb_hd_t hd, cdk_kbnode_t knode,
+ cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid);
+
+/*-- kbnode.c --*/
+void _cdk_kbnode_add (cdk_kbnode_t root, cdk_kbnode_t node);
+void _cdk_kbnode_clone (cdk_kbnode_t node);
+
+/*-- sesskey.c --*/
+cdk_error_t _cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen,
+ int pk_algo,
+ const byte * md,
+ int digest_algo, unsigned nbits);
+cdk_error_t _cdk_sk_unprotect_auto (cdk_ctx_t hd, cdk_pkt_seckey_t sk);
+
+/*-- keydb.c --*/
+int _cdk_keydb_is_secret (cdk_keydb_hd_t db);
+cdk_error_t _cdk_keydb_get_pk_byusage (cdk_keydb_hd_t hd, const char *name,
+ cdk_pkt_pubkey_t * ret_pk, int usage);
+cdk_error_t _cdk_keydb_get_sk_byusage (cdk_keydb_hd_t hd, const char *name,
+ cdk_pkt_seckey_t * ret_sk, int usage);
+cdk_error_t _cdk_keydb_check_userid (cdk_keydb_hd_t hd, u32 * keyid,
+ const char *id);
+
+/*-- sign.c --*/
+int _cdk_sig_hash_for (cdk_pkt_pubkey_t pk);
+void _cdk_trim_string (char *s, int canon);
+cdk_error_t _cdk_sig_create (cdk_pkt_pubkey_t pk, cdk_pkt_signature_t sig);
+cdk_error_t _cdk_sig_complete (cdk_pkt_signature_t sig, cdk_pkt_seckey_t sk,
+ digest_hd_st * hd);
+
+/*-- stream.c --*/
+void _cdk_stream_set_compress_algo (cdk_stream_t s, int algo);
+cdk_error_t _cdk_stream_open_mode (const char *file, const char *mode,
+ cdk_stream_t * ret_s);
+void *_cdk_stream_get_opaque (cdk_stream_t s, int fid);
+const char *_cdk_stream_get_fname (cdk_stream_t s);
+FILE *_cdk_stream_get_fp (cdk_stream_t s);
+int _cdk_stream_gets (cdk_stream_t s, char *buf, size_t count);
+cdk_error_t _cdk_stream_append (const char *file, cdk_stream_t * ret_s);
+int _cdk_stream_get_errno (cdk_stream_t s);
+cdk_error_t _cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes);
+int _cdk_stream_get_blockmode (cdk_stream_t s);
+int _cdk_stream_puts (cdk_stream_t s, const char *buf);
+cdk_error_t _cdk_stream_fpopen (FILE * fp, unsigned write_mode,
+ cdk_stream_t * ret_out);
+
+/*-- verify.c --*/
+void _cdk_result_verify_free (cdk_verify_result_t res);
+cdk_verify_result_t _cdk_result_verify_new (void);
+
+
+/*-- read-packet.c --*/
+size_t _cdk_pkt_read_len (FILE * inp, size_t * ret_partial);
+
+/*-- write-packet.c --*/
+cdk_error_t _cdk_pkt_write_fp (FILE * out, cdk_packet_t pkt);
+
+/*-- seskey.c --*/
+cdk_error_t _cdk_s2k_copy (cdk_s2k_t * r_dst, cdk_s2k_t src);
+
+#define _cdk_pub_algo_to_pgp(algo) (algo)
+#define _pgp_pub_algo_to_cdk(algo) (algo)
+int _gnutls_hash_algo_to_pgp (int algo);
+int _pgp_hash_algo_to_gnutls (int algo);
+int _gnutls_cipher_to_pgp (int cipher);
+int _pgp_cipher_to_gnutls (int cipher);
+
+#endif /* CDK_MAIN_H */
--- /dev/null
+/* misc.c
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2007, 2008, 2009,
+ * 2010 Free Software Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/stat.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "../random.h"
+
+
+u32
+_cdk_buftou32 (const byte * buf)
+{
+ u32 u;
+
+ if (!buf)
+ return 0;
+ u = buf[0] << 24;
+ u |= buf[1] << 16;
+ u |= buf[2] << 8;
+ u |= buf[3];
+ return u;
+}
+
+
+void
+_cdk_u32tobuf (u32 u, byte * buf)
+{
+ if (!buf)
+ return;
+ buf[0] = u >> 24;
+ buf[1] = u >> 16;
+ buf[2] = u >> 8;
+ buf[3] = u;
+}
+
+/**
+ * cdk_strlist_free:
+ * @sl: the string list
+ *
+ * Release the string list object.
+ **/
+void
+cdk_strlist_free (cdk_strlist_t sl)
+{
+ cdk_strlist_t sl2;
+
+ for (; sl; sl = sl2)
+ {
+ sl2 = sl->next;
+ cdk_free (sl);
+ }
+}
+
+
+/**
+ * cdk_strlist_add:
+ * @list: destination string list
+ * @string: the string to add
+ *
+ * Add the given list to the string list.
+ **/
+cdk_strlist_t
+cdk_strlist_add (cdk_strlist_t * list, const char *string)
+{
+ cdk_strlist_t sl;
+
+ if (!string)
+ return NULL;
+
+ sl = cdk_calloc (1, sizeof *sl + strlen (string) + 2);
+ if (!sl)
+ return NULL;
+ sl->d = (char *) sl + sizeof (*sl);
+ strcpy (sl->d, string);
+ sl->next = *list;
+ *list = sl;
+ return sl;
+}
+
+
+/**
+ * cdk_strlist_next:
+ * @root: the opaque string list.
+ * @r_str: optional argument to store the string data.
+ *
+ * Return the next string list node from @root. The optional
+ * argument @r_str return the data of the current (!) node.
+ **/
+cdk_strlist_t
+cdk_strlist_next (cdk_strlist_t root, const char **r_str)
+{
+ cdk_strlist_t node;
+
+ if (!root)
+ return NULL;
+
+ if (r_str)
+ *r_str = root->d;
+ for (node = root->next; node; node = node->next)
+ return node;
+
+ return NULL;
+}
+
+
+const char *
+_cdk_memistr (const char *buf, size_t buflen, const char *sub)
+{
+ const byte *t, *s;
+ size_t n;
+
+ for (t = (byte *) buf, n = buflen, s = (byte *) sub; n; t++, n--)
+ {
+ if (toupper (*t) == toupper (*s))
+ {
+ for (buf = t++, buflen = n--, s++;
+ n && toupper (*t) == toupper ((byte) * s); t++, s++, n--)
+ ;
+ if (!*s)
+ return buf;
+ t = (byte *) buf;
+ n = buflen;
+ s = (byte *) sub;
+ }
+ }
+
+ return NULL;
+}
+
+cdk_error_t
+_cdk_map_gnutls_error (int err)
+{
+ switch (err)
+ {
+ case 0:
+ return CDK_Success;
+ case GNUTLS_E_INVALID_REQUEST:
+ return CDK_Inv_Value;
+ default:
+ return CDK_General_Error;
+ }
+}
+
+
+/* Remove all trailing white spaces from the string. */
+void
+_cdk_trim_string (char *s, int canon)
+{
+ while (s && *s &&
+ (s[strlen (s) - 1] == '\t' ||
+ s[strlen (s) - 1] == '\r' ||
+ s[strlen (s) - 1] == '\n' || s[strlen (s) - 1] == ' '))
+ s[strlen (s) - 1] = '\0';
+ if (canon)
+ strcat (s, "\r\n");
+}
+
+
+int
+_cdk_check_args (int overwrite, const char *in, const char *out)
+{
+ struct stat stbuf;
+
+ if (!in || !out)
+ return CDK_Inv_Value;
+ if (strlen (in) == strlen (out) && strcmp (in, out) == 0)
+ return CDK_Inv_Mode;
+ if (!overwrite && !stat (out, &stbuf))
+ return CDK_Inv_Mode;
+ return 0;
+}
+
+#ifdef _WIN32
+#include <io.h>
+#include <fcntl.h>
+
+FILE *
+_cdk_tmpfile (void)
+{
+ /* Because the tmpfile() version of wine is not really useful,
+ we implement our own version to avoid problems with 'make check'. */
+ static const char *letters = "abcdefghijklmnopqrstuvwxyz";
+ char buf[512], rnd[24];
+ FILE *fp;
+ int fd, i;
+
+ _gnutls_rnd (GNUTLS_RND_NONCE, rnd, DIM (rnd));
+ for (i = 0; i < DIM (rnd) - 1; i++)
+ {
+ char c = letters[(unsigned char) rnd[i] % 26];
+ rnd[i] = c;
+ }
+ rnd[DIM (rnd) - 1] = 0;
+ if (!GetTempPath (464, buf))
+ return NULL;
+ strcat (buf, "_cdk_");
+ strcat (buf, rnd);
+
+ /* We need to make sure the file will be deleted when it is closed. */
+ fd = _open (buf, _O_CREAT | _O_EXCL | _O_TEMPORARY |
+ _O_RDWR | _O_BINARY, _S_IREAD | _S_IWRITE);
+ if (fd == -1)
+ return NULL;
+ fp = fdopen (fd, "w+b");
+ if (fp != NULL)
+ return fp;
+ _close (fd);
+ return NULL;
+}
+#else
+FILE *
+_cdk_tmpfile (void)
+{
+ return tmpfile ();
+}
+#endif
+
+int
+_gnutls_hash_algo_to_pgp (int algo)
+{
+ switch (algo)
+ {
+ case GNUTLS_DIG_MD5:
+ return 0x01;
+ case GNUTLS_DIG_MD2:
+ return 0x05;
+ case GNUTLS_DIG_SHA1:
+ return 0x02;
+ case GNUTLS_DIG_RMD160:
+ return 0x03;
+ case GNUTLS_DIG_SHA256:
+ return 0x08;
+ case GNUTLS_DIG_SHA384:
+ return 0x09;
+ case GNUTLS_DIG_SHA512:
+ return 0x0A;
+ case GNUTLS_DIG_SHA224:
+ return 0x0B;
+ default:
+ gnutls_assert ();
+ return 0x00;
+ }
+}
+
+int
+_pgp_hash_algo_to_gnutls (int algo)
+{
+ switch (algo)
+ {
+ case 0x01:
+ return GNUTLS_DIG_MD5;
+ case 0x02:
+ return GNUTLS_DIG_SHA1;
+ case 0x03:
+ return GNUTLS_DIG_RMD160;
+ case 0x05:
+ return GNUTLS_DIG_MD2;
+ case 0x08:
+ return GNUTLS_DIG_SHA256;
+ case 0x09:
+ return GNUTLS_DIG_SHA384;
+ case 0x0A:
+ return GNUTLS_DIG_SHA512;
+ case 0x0B:
+ return GNUTLS_DIG_SHA224;
+ default:
+ gnutls_assert ();
+ return GNUTLS_DIG_NULL;
+ }
+}
+
+int
+_pgp_cipher_to_gnutls (int cipher)
+{
+ switch (cipher)
+ {
+ case 1:
+ return GNUTLS_CIPHER_IDEA_PGP_CFB;
+ case 2:
+ return GNUTLS_CIPHER_3DES_PGP_CFB;
+ case 3:
+ return GNUTLS_CIPHER_CAST5_PGP_CFB;
+ case 4:
+ return GNUTLS_CIPHER_BLOWFISH_PGP_CFB;
+ case 5:
+ return GNUTLS_CIPHER_SAFER_SK128_PGP_CFB;
+ case 7:
+ return GNUTLS_CIPHER_AES128_PGP_CFB;
+ case 8:
+ return GNUTLS_CIPHER_AES192_PGP_CFB;
+ case 9:
+ return GNUTLS_CIPHER_AES256_PGP_CFB;
+ case 10:
+ return GNUTLS_CIPHER_TWOFISH_PGP_CFB;
+
+ default:
+ gnutls_assert ();
+ return GNUTLS_CIPHER_NULL;
+ }
+}
+
+int
+_gnutls_cipher_to_pgp (int cipher)
+{
+ switch (cipher)
+ {
+
+ case GNUTLS_CIPHER_IDEA_PGP_CFB:
+ return 1;
+ case GNUTLS_CIPHER_3DES_PGP_CFB:
+ return 2;
+ case GNUTLS_CIPHER_CAST5_PGP_CFB:
+ return 3;
+ case GNUTLS_CIPHER_BLOWFISH_PGP_CFB:
+ return 4;
+ case GNUTLS_CIPHER_SAFER_SK128_PGP_CFB:
+ return 5;
+ case GNUTLS_CIPHER_AES128_PGP_CFB:
+ return 7;
+ case GNUTLS_CIPHER_AES192_PGP_CFB:
+ return 8;
+ case GNUTLS_CIPHER_AES256_PGP_CFB:
+ return 9;
+ case GNUTLS_CIPHER_TWOFISH_PGP_CFB:
+ return 10;
+ default:
+ gnutls_assert ();
+ return 0;
+ }
+}
--- /dev/null
+/* new-packet.c - packet handling (freeing, copying, ...)
+ * Copyright (C) 2001, 2002, 2003, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <string.h>
+#include <stdio.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+
+
+/* Release an array of MPI values. */
+void
+_cdk_free_mpibuf (size_t n, bigint_t * array)
+{
+ while (n--)
+ {
+ _gnutls_mpi_release (&array[n]);
+ }
+}
+
+
+/**
+ * cdk_pkt_new:
+ * @r_pkt: the new packet
+ *
+ * Allocate a new packet.
+ **/
+cdk_error_t
+cdk_pkt_new (cdk_packet_t * r_pkt)
+{
+ cdk_packet_t pkt;
+
+ if (!r_pkt)
+ return CDK_Inv_Value;
+ pkt = cdk_calloc (1, sizeof *pkt);
+ if (!pkt)
+ return CDK_Out_Of_Core;
+ *r_pkt = pkt;
+ return 0;
+}
+
+
+static void
+free_pubkey_enc (cdk_pkt_pubkey_enc_t enc)
+{
+ size_t nenc;
+
+ if (!enc)
+ return;
+
+ nenc = cdk_pk_get_nenc (enc->pubkey_algo);
+ _cdk_free_mpibuf (nenc, enc->mpi);
+ cdk_free (enc);
+}
+
+
+static void
+free_literal (cdk_pkt_literal_t pt)
+{
+ if (!pt)
+ return;
+ /* The buffer which is referenced in this packet is closed
+ elsewhere. To close it here would cause a double close. */
+ cdk_free (pt);
+}
+
+
+void
+_cdk_free_userid (cdk_pkt_userid_t uid)
+{
+ if (!uid)
+ return;
+
+ cdk_free (uid->prefs);
+ uid->prefs = NULL;
+ cdk_free (uid->attrib_img);
+ uid->attrib_img = NULL;
+ cdk_free (uid);
+}
+
+
+void
+_cdk_free_signature (cdk_pkt_signature_t sig)
+{
+ cdk_desig_revoker_t r;
+ size_t nsig;
+
+ if (!sig)
+ return;
+
+ nsig = cdk_pk_get_nsig (sig->pubkey_algo);
+ _cdk_free_mpibuf (nsig, sig->mpi);
+
+ cdk_subpkt_free (sig->hashed);
+ sig->hashed = NULL;
+ cdk_subpkt_free (sig->unhashed);
+ sig->unhashed = NULL;
+ while (sig->revkeys)
+ {
+ r = sig->revkeys->next;
+ cdk_free (sig->revkeys);
+ sig->revkeys = r;
+ }
+ cdk_free (sig);
+}
+
+
+void
+cdk_pk_release (cdk_pubkey_t pk)
+{
+ size_t npkey;
+
+ if (!pk)
+ return;
+
+ npkey = cdk_pk_get_npkey (pk->pubkey_algo);
+ _cdk_free_userid (pk->uid);
+ pk->uid = NULL;
+ cdk_free (pk->prefs);
+ pk->prefs = NULL;
+ _cdk_free_mpibuf (npkey, pk->mpi);
+ cdk_free (pk);
+}
+
+
+void
+cdk_sk_release (cdk_seckey_t sk)
+{
+ size_t nskey;
+
+ if (!sk)
+ return;
+
+ nskey = cdk_pk_get_nskey (sk->pubkey_algo);
+ _cdk_free_mpibuf (nskey, sk->mpi);
+ cdk_free (sk->encdata);
+ sk->encdata = NULL;
+ cdk_pk_release (sk->pk);
+ sk->pk = NULL;
+ cdk_s2k_free (sk->protect.s2k);
+ sk->protect.s2k = NULL;
+ cdk_free (sk);
+}
+
+
+/* Detach the openpgp packet from the packet structure
+ and release the packet structure itself. */
+void
+_cdk_pkt_detach_free (cdk_packet_t pkt, int *r_pkttype, void **ctx)
+{
+ /* For now we just allow this for keys. */
+ switch (pkt->pkttype)
+ {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ *ctx = pkt->pkt.public_key;
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ *ctx = pkt->pkt.secret_key;
+ break;
+
+ default:
+ *r_pkttype = 0;
+ return;
+ }
+
+ /* The caller might expect a specific packet type and
+ is not interested to store it for later use. */
+ if (r_pkttype)
+ *r_pkttype = pkt->pkttype;
+
+ cdk_free (pkt);
+}
+
+
+void
+cdk_pkt_free (cdk_packet_t pkt)
+{
+ if (!pkt)
+ return;
+
+ switch (pkt->pkttype)
+ {
+ case CDK_PKT_ATTRIBUTE:
+ case CDK_PKT_USER_ID:
+ _cdk_free_userid (pkt->pkt.user_id);
+ break;
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ cdk_pk_release (pkt->pkt.public_key);
+ break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ cdk_sk_release (pkt->pkt.secret_key);
+ break;
+ case CDK_PKT_SIGNATURE:
+ _cdk_free_signature (pkt->pkt.signature);
+ break;
+ case CDK_PKT_PUBKEY_ENC:
+ free_pubkey_enc (pkt->pkt.pubkey_enc);
+ break;
+ case CDK_PKT_MDC:
+ cdk_free (pkt->pkt.mdc);
+ break;
+ case CDK_PKT_ONEPASS_SIG:
+ cdk_free (pkt->pkt.onepass_sig);
+ break;
+ case CDK_PKT_LITERAL:
+ free_literal (pkt->pkt.literal);
+ break;
+ case CDK_PKT_COMPRESSED:
+ cdk_free (pkt->pkt.compressed);
+ break;
+ default:
+ break;
+ }
+
+ /* Reset the packet type to avoid, when cdk_pkt_release() will be
+ used, that the second cdk_pkt_free() call will double free the data. */
+ pkt->pkttype = 0;
+}
+
+
+/**
+ * cdk_pkt_release:
+ * @pkt: the packet
+ *
+ * Free the contents of the given package and
+ * release the memory of the structure.
+ **/
+void
+cdk_pkt_release (cdk_packet_t pkt)
+{
+ if (!pkt)
+ return;
+ cdk_pkt_free (pkt);
+ cdk_free (pkt);
+}
+
+
+/**
+ * cdk_pkt_alloc:
+ * @r_pkt: output is the new packet
+ * @pkttype: the requested packet type
+ *
+ * Allocate a new packet structure with the given packet type.
+ **/
+cdk_error_t
+cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype)
+{
+ cdk_packet_t pkt;
+ int rc;
+
+ if (!r_pkt)
+ return CDK_Inv_Value;
+
+ rc = cdk_pkt_new (&pkt);
+ if (rc)
+ return rc;
+
+ switch (pkttype)
+ {
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = cdk_calloc (1, sizeof pkt->pkt.user_id);
+ if (!pkt->pkt.user_id)
+ return CDK_Out_Of_Core;
+ pkt->pkt.user_id->name = NULL;
+ break;
+
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
+ pkt->pkt.secret_key->pk =
+ cdk_calloc (1, sizeof *pkt->pkt.secret_key->pk);
+ if (!pkt->pkt.secret_key || !pkt->pkt.secret_key->pk)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
+ if (!pkt->pkt.signature)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_PUBKEY_ENC:
+ pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
+ if (!pkt->pkt.pubkey_enc)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_MDC:
+ pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
+ if (!pkt->pkt.mdc)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_ONEPASS_SIG:
+ pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
+ if (!pkt->pkt.onepass_sig)
+ return CDK_Out_Of_Core;
+ break;
+
+ case CDK_PKT_LITERAL:
+ /* FIXME: We would need the size of the file name to allocate extra
+ bytes, otherwise the result would be useless. */
+ pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
+ if (!pkt->pkt.literal)
+ return CDK_Out_Of_Core;
+ pkt->pkt.literal->name = NULL;
+ break;
+
+ default:
+ return CDK_Not_Implemented;
+ }
+ pkt->pkttype = pkttype;
+ *r_pkt = pkt;
+ return 0;
+}
+
+
+cdk_prefitem_t
+_cdk_copy_prefs (const cdk_prefitem_t prefs)
+{
+ size_t n = 0;
+ struct cdk_prefitem_s *new_prefs;
+
+ if (!prefs)
+ return NULL;
+
+ for (n = 0; prefs[n].type; n++)
+ ;
+ new_prefs = cdk_calloc (1, sizeof *new_prefs * (n + 1));
+ if (!new_prefs)
+ return NULL;
+ for (n = 0; prefs[n].type; n++)
+ {
+ new_prefs[n].type = prefs[n].type;
+ new_prefs[n].value = prefs[n].value;
+ }
+ new_prefs[n].type = CDK_PREFTYPE_NONE;
+ new_prefs[n].value = 0;
+ return new_prefs;
+}
+
+
+cdk_error_t
+_cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src)
+{
+ cdk_pkt_userid_t u;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ u = cdk_calloc (1, sizeof *u + strlen (src->name) + 2);
+ if (!u)
+ return CDK_Out_Of_Core;
+ u->name = (char *) u + sizeof (*u);
+
+ memcpy (u, src, sizeof *u);
+ memcpy (u->name, src->name, strlen (src->name));
+ u->prefs = _cdk_copy_prefs (src->prefs);
+ if (src->selfsig)
+ _cdk_copy_signature (&u->selfsig, src->selfsig);
+ *dst = u;
+
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_copy_pubkey (cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src)
+{
+ cdk_pkt_pubkey_t k;
+ int i;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ k = cdk_calloc (1, sizeof *k);
+ if (!k)
+ return CDK_Out_Of_Core;
+ memcpy (k, src, sizeof *k);
+ if (src->uid)
+ _cdk_copy_userid (&k->uid, src->uid);
+ if (src->prefs)
+ k->prefs = _cdk_copy_prefs (src->prefs);
+ for (i = 0; i < cdk_pk_get_npkey (src->pubkey_algo); i++)
+ k->mpi[i] = _gnutls_mpi_copy (src->mpi[i]);
+ *dst = k;
+
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src)
+{
+ cdk_pkt_seckey_t k;
+ int i;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ k = cdk_calloc (1, sizeof *k);
+ if (!k)
+ return CDK_Out_Of_Core;
+ memcpy (k, src, sizeof *k);
+ _cdk_copy_pubkey (&k->pk, src->pk);
+
+ if (src->encdata)
+ {
+ k->encdata = cdk_calloc (1, src->enclen + 1);
+ if (!k->encdata)
+ return CDK_Out_Of_Core;
+ memcpy (k->encdata, src->encdata, src->enclen);
+ }
+
+ _cdk_s2k_copy (&k->protect.s2k, src->protect.s2k);
+ for (i = 0; i < cdk_pk_get_nskey (src->pubkey_algo); i++)
+ {
+ k->mpi[i] = _gnutls_mpi_copy (src->mpi[i]);
+ }
+
+ *dst = k;
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk)
+{
+ if (!pk || !sk)
+ return CDK_Inv_Value;
+
+ sk->version = pk->version;
+ sk->expiredate = pk->expiredate;
+ sk->pubkey_algo = _pgp_pub_algo_to_cdk (pk->pubkey_algo);
+ sk->has_expired = pk->has_expired;
+ sk->is_revoked = pk->is_revoked;
+ sk->main_keyid[0] = pk->main_keyid[0];
+ sk->main_keyid[1] = pk->main_keyid[1];
+ sk->keyid[0] = pk->keyid[0];
+ sk->keyid[1] = pk->keyid[1];
+
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_copy_signature (cdk_pkt_signature_t * dst, cdk_pkt_signature_t src)
+{
+ cdk_pkt_signature_t s;
+
+ if (!dst || !src)
+ return CDK_Inv_Value;
+
+ *dst = NULL;
+ s = cdk_calloc (1, sizeof *s);
+ if (!s)
+ return CDK_Out_Of_Core;
+ memcpy (s, src, sizeof *src);
+ _cdk_subpkt_copy (&s->hashed, src->hashed);
+ _cdk_subpkt_copy (&s->unhashed, src->unhashed);
+ /* FIXME: Copy MPI parts */
+ *dst = s;
+
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b)
+{
+ int na, nb, i;
+
+ if (a->timestamp != b->timestamp || a->pubkey_algo != b->pubkey_algo)
+ return -1;
+ if (a->version < 4 && a->expiredate != b->expiredate)
+ return -1;
+ na = cdk_pk_get_npkey (a->pubkey_algo);
+ nb = cdk_pk_get_npkey (b->pubkey_algo);
+ if (na != nb)
+ return -1;
+
+ for (i = 0; i < na; i++)
+ {
+ if (_gnutls_mpi_cmp (a->mpi[i], b->mpi[i]))
+ return -1;
+ }
+
+ return 0;
+}
+
+
+/**
+ * cdk_subpkt_free:
+ * @ctx: the sub packet node to free
+ *
+ * Release the context.
+ **/
+void
+cdk_subpkt_free (cdk_subpkt_t ctx)
+{
+ cdk_subpkt_t s;
+
+ while (ctx)
+ {
+ s = ctx->next;
+ cdk_free (ctx);
+ ctx = s;
+ }
+}
+
+
+/**
+ * cdk_subpkt_find:
+ * @ctx: the sub packet node
+ * @type: the packet type to find
+ *
+ * Find the given packet type in the node. If no packet with this
+ * type was found, return null otherwise pointer to the node.
+ **/
+cdk_subpkt_t
+cdk_subpkt_find (cdk_subpkt_t ctx, size_t type)
+{
+ return cdk_subpkt_find_nth (ctx, type, 0);
+}
+
+/**
+ * cdk_subpkt_type_count:
+ * @ctx: The sub packet context
+ * @type: The sub packet type.
+ *
+ * Return the amount of sub packets with this type.
+ **/
+size_t
+cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type)
+{
+ cdk_subpkt_t s;
+ size_t count;
+
+ count = 0;
+ for (s = ctx; s; s = s->next)
+ {
+ if (s->type == type)
+ count++;
+ }
+
+ return count;
+}
+
+
+/**
+ * cdk_subpkt_find_nth:
+ * @ctx: The sub packet context
+ * @type: The sub packet type
+ * @index: The nth packet to retrieve, 0 means the first
+ *
+ * Return the nth sub packet of the given type.
+ **/
+cdk_subpkt_t
+cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type, size_t idx)
+{
+ cdk_subpkt_t s;
+ size_t pos;
+
+ pos = 0;
+ for (s = ctx; s; s = s->next)
+ {
+ if (s->type == type && pos++ == idx)
+ return s;
+ }
+
+ return NULL;
+}
+
+
+/**
+ * cdk_subpkt_new:
+ * @size: the size of the new context
+ *
+ * Create a new sub packet node with the size of @size.
+ **/
+cdk_subpkt_t
+cdk_subpkt_new (size_t size)
+{
+ cdk_subpkt_t s;
+
+ if (!size)
+ return NULL;
+ s = cdk_calloc (1, sizeof *s + size + 2);
+ if (!s)
+ return NULL;
+ s->d = (char *) s + sizeof (*s);
+
+ return s;
+}
+
+
+/**
+ * cdk_subpkt_get_data:
+ * @ctx: the sub packet node
+ * @r_type: pointer store the packet type
+ * @r_nbytes: pointer to store the packet size
+ *
+ * Extract the data from the given sub packet. The type is returned
+ * in @r_type and the size in @r_nbytes.
+ **/
+const byte *
+cdk_subpkt_get_data (cdk_subpkt_t ctx, size_t * r_type, size_t * r_nbytes)
+{
+ if (!ctx || !r_nbytes)
+ return NULL;
+ if (r_type)
+ *r_type = ctx->type;
+ *r_nbytes = ctx->size;
+ return ctx->d;
+}
+
+
+/**
+ * cdk_subpkt_add:
+ * @root: the root node
+ * @node: the node to add
+ *
+ * Add the node in @node to the root node @root.
+ **/
+cdk_error_t
+cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node)
+{
+ cdk_subpkt_t n1;
+
+ if (!root)
+ return CDK_Inv_Value;
+ for (n1 = root; n1->next; n1 = n1->next)
+ ;
+ n1->next = node;
+ return 0;
+}
+
+
+byte *
+_cdk_subpkt_get_array (cdk_subpkt_t s, int count, size_t * r_nbytes)
+{
+ cdk_subpkt_t list;
+ byte *buf;
+ size_t n, nbytes;
+
+ if (!s)
+ {
+ if (r_nbytes)
+ *r_nbytes = 0;
+ return NULL;
+ }
+
+ for (n = 0, list = s; list; list = list->next)
+ {
+ n++; /* type */
+ n += list->size;
+ if (list->size < 192)
+ n++;
+ else if (list->size < 8384)
+ n += 2;
+ else
+ n += 5;
+ }
+ buf = cdk_calloc (1, n + 1);
+ if (!buf)
+ return NULL;
+
+ n = 0;
+ for (list = s; list; list = list->next)
+ {
+ nbytes = 1 + list->size; /* type */
+ if (nbytes < 192)
+ buf[n++] = nbytes;
+ else if (nbytes < 8384)
+ {
+ buf[n++] = nbytes / 256 + 192;
+ buf[n++] = nbytes % 256;
+ }
+ else
+ {
+ buf[n++] = 0xFF;
+ buf[n++] = nbytes >> 24;
+ buf[n++] = nbytes >> 16;
+ buf[n++] = nbytes >> 8;
+ buf[n++] = nbytes;
+ }
+ buf[n++] = list->type;
+ memcpy (buf + n, list->d, list->size);
+ n += list->size;
+ }
+
+ if (count)
+ {
+ cdk_free (buf);
+ buf = NULL;
+ }
+ if (r_nbytes)
+ *r_nbytes = n;
+ return buf;
+}
+
+
+cdk_error_t
+_cdk_subpkt_copy (cdk_subpkt_t * r_dst, cdk_subpkt_t src)
+{
+ cdk_subpkt_t root, p, node;
+
+ if (!src || !r_dst)
+ return CDK_Inv_Value;
+
+ root = NULL;
+ for (p = src; p; p = p->next)
+ {
+ node = cdk_subpkt_new (p->size);
+ if (node)
+ {
+ memcpy (node->d, p->d, p->size);
+ node->type = p->type;
+ node->size = p->size;
+ }
+ if (!root)
+ root = node;
+ else
+ cdk_subpkt_add (root, node);
+ }
+ *r_dst = root;
+ return 0;
+}
+
+
+/**
+ * cdk_subpkt_init:
+ * @node: the sub packet node
+ * @type: type of the packet which data should be initialized
+ * @buf: the buffer with the actual data
+ * @buflen: the size of the data
+ *
+ * Set the packet data of the given root and set the type of it.
+ **/
+void
+cdk_subpkt_init (cdk_subpkt_t node, size_t type,
+ const void *buf, size_t buflen)
+{
+ if (!node)
+ return;
+ node->type = type;
+ node->size = buflen;
+ memcpy (node->d, buf, buflen);
+}
+
+
+/* FIXME: We need to think of a public interface for it. */
+const byte *
+cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
+ cdk_desig_revoker_t * ctx,
+ int *r_class, int *r_algid)
+{
+ cdk_desig_revoker_t n;
+
+ if (!*ctx)
+ {
+ *ctx = root;
+ n = root;
+ }
+ else
+ {
+ n = (*ctx)->next;
+ *ctx = n;
+ }
+
+ if (n && r_class && r_algid)
+ {
+ *r_class = n->r_class;
+ *r_algid = n->algid;
+ }
+
+ return n ? n->fpr : NULL;
+}
+
+
+/**
+ * cdk_subpkt_find_next:
+ * @root: the base where to begin the iteration
+ * @type: the type to find or 0 for the next node.
+ *
+ * Try to find the next node after @root with type.
+ * If type is 0, the next node will be returned.
+ **/
+cdk_subpkt_t
+cdk_subpkt_find_next (cdk_subpkt_t root, size_t type)
+{
+ cdk_subpkt_t node;
+
+ for (node = root->next; node; node = node->next)
+ {
+ if (!type)
+ return node;
+ else if (node->type == type)
+ return node;
+ }
+
+ return NULL;
+}
--- /dev/null
+/* opencdk.h - Open Crypto Development Kit (OpenCDK)
+ * Copyright (C) 2001, 2002, 2003, 2006, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ *
+ */
+
+#ifndef OPENCDK_H
+#define OPENCDK_H
+
+#include <stddef.h> /* for size_t */
+#include <stdarg.h>
+#include <gnutls_int.h>
+#include <gnutls_mem.h>
+#include <gnutls/gnutls.h>
+#include <gnutls_errors.h>
+#include <gnutls_hash_int.h>
+
+/* The OpenCDK version as a string. */
+#define OPENCDK_VERSION "0.6.6"
+
+/* The OpenCDK version as integer components major.minor.path */
+#define OPENCDK_VERSION_MAJOR 0
+#define OPENCDK_VERSION_MINOR 6
+#define OPENCDK_VERSION_PATCH 6
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/* General contexts */
+
+/* 'Session' handle to support the various options and run-time
+ information. */
+ struct cdk_ctx_s;
+ typedef struct cdk_ctx_s *cdk_ctx_t;
+
+/* A generic context to store list of strings. */
+ struct cdk_strlist_s;
+ typedef struct cdk_strlist_s *cdk_strlist_t;
+
+/* Context used to list keys of a keyring. */
+ struct cdk_listkey_s;
+ typedef struct cdk_listkey_s *cdk_listkey_t;
+
+/* Opaque String to Key (S2K) handle. */
+ struct cdk_s2k_s;
+ typedef struct cdk_s2k_s *cdk_s2k_t;
+
+/* Abstract I/O object, a stream, which is used for most operations. */
+ struct cdk_stream_s;
+ typedef struct cdk_stream_s *cdk_stream_t;
+
+/* Opaque handle for the user ID preferences. */
+ struct cdk_prefitem_s;
+ typedef struct cdk_prefitem_s *cdk_prefitem_t;
+
+/* Node to store a single key node packet. */
+ struct cdk_kbnode_s;
+ typedef struct cdk_kbnode_s *cdk_kbnode_t;
+
+/* Key database handle. */
+ struct cdk_keydb_hd_s;
+ typedef struct cdk_keydb_hd_s *cdk_keydb_hd_t;
+
+ struct cdk_keydb_search_s;
+ typedef struct cdk_keydb_search_s *cdk_keydb_search_t;
+
+/* Context to store a list of recipient keys. */
+ struct cdk_keylist_s;
+ typedef struct cdk_keylist_s *cdk_keylist_t;
+
+/* Context to encapsulate a single sub packet of a signature. */
+ struct cdk_subpkt_s;
+ typedef struct cdk_subpkt_s *cdk_subpkt_t;
+
+/* Context used to generate key pairs. */
+ struct cdk_keygen_ctx_s;
+ typedef struct cdk_keygen_ctx_s *cdk_keygen_ctx_t;
+
+/* Handle for a single designated revoker. */
+ struct cdk_desig_revoker_s;
+ typedef struct cdk_desig_revoker_s *cdk_desig_revoker_t;
+
+/* Alias for backward compatibility. */
+ typedef bigint_t cdk_mpi_t;
+
+
+/* All valid error constants. */
+ typedef enum
+ {
+ CDK_EOF = -1,
+ CDK_Success = 0,
+ CDK_General_Error = 1,
+ CDK_File_Error = 2,
+ CDK_Bad_Sig = 3,
+ CDK_Inv_Packet = 4,
+ CDK_Inv_Algo = 5,
+ CDK_Not_Implemented = 6,
+ CDK_Armor_Error = 8,
+ CDK_Armor_CRC_Error = 9,
+ CDK_MPI_Error = 10,
+ CDK_Inv_Value = 11,
+ CDK_Error_No_Key = 12,
+ CDK_Chksum_Error = 13,
+ CDK_Time_Conflict = 14,
+ CDK_Zlib_Error = 15,
+ CDK_Weak_Key = 16,
+ CDK_Out_Of_Core = 17,
+ CDK_Wrong_Seckey = 18,
+ CDK_Bad_MDC = 19,
+ CDK_Inv_Mode = 20,
+ CDK_Error_No_Keyring = 21,
+ CDK_Wrong_Format = 22,
+ CDK_Inv_Packet_Ver = 23,
+ CDK_Too_Short = 24,
+ CDK_Unusable_Key = 25,
+ CDK_No_Data = 26,
+ CDK_No_Passphrase = 27,
+ CDK_Network_Error = 28
+ } cdk_error_t;
+
+
+ enum cdk_control_flags
+ {
+ CDK_CTLF_SET = 0, /* Value to set an option */
+ CDK_CTLF_GET = 1, /* Value to get an option */
+ CDK_CTL_DIGEST = 10, /* Option to set the digest algorithm. */
+ CDK_CTL_ARMOR = 12, /* Option to enable armor output. */
+ CDK_CTL_COMPRESS = 13, /* Option to enable compression. */
+ CDK_CTL_COMPAT = 14, /* Option to switch in compat mode. */
+ CDK_CTL_OVERWRITE = 15, /* Option to enable file overwritting. */
+ CDK_CTL_S2K = 16, /* Option to set S2K values. */
+ CDK_CTL_FORCE_DIGEST = 19, /* Force the use of a digest algorithm. */
+ CDK_CTL_BLOCKMODE_ON = 20 /* Enable partial body lengths */
+ };
+
+
+/* Specifies all valid log levels. */
+ enum cdk_log_level_t
+ {
+ CDK_LOG_NONE = 0, /* No log message will be shown. */
+ CDK_LOG_INFO = 1,
+ CDK_LOG_DEBUG = 2,
+ CDK_LOG_DEBUG_PKT = 3
+ };
+
+
+/* All valid compression algorithms in OpenPGP */
+ enum cdk_compress_algo_t
+ {
+ CDK_COMPRESS_NONE = 0,
+ CDK_COMPRESS_ZIP = 1,
+ CDK_COMPRESS_ZLIB = 2,
+ CDK_COMPRESS_BZIP2 = 3 /* Not supported in this version */
+ };
+
+/* All valid public key algorithms valid in OpenPGP */
+ enum cdk_pubkey_algo_t
+ {
+ CDK_PK_UNKNOWN = 0,
+ CDK_PK_RSA = 1,
+ CDK_PK_RSA_E = 2, /* RSA-E and RSA-S are deprecated use RSA instead */
+ CDK_PK_RSA_S = 3, /* and use the key flags in the self signatures. */
+ CDK_PK_ELG_E = 16,
+ CDK_PK_DSA = 17
+ };
+
+/* The valid 'String-To-Key' modes */
+ enum cdk_s2k_type_t
+ {
+ CDK_S2K_SIMPLE = 0,
+ CDK_S2K_SALTED = 1,
+ CDK_S2K_ITERSALTED = 3,
+ CDK_S2K_GNU_EXT = 101
+ /* GNU extensions: refer to DETAILS from GnuPG:
+ http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/trunk/doc/DETAILS?root=GnuPG
+ */
+ };
+
+/* The different kind of user ID preferences. */
+ enum cdk_pref_type_t
+ {
+ CDK_PREFTYPE_NONE = 0,
+ CDK_PREFTYPE_SYM = 1, /* Symmetric ciphers */
+ CDK_PREFTYPE_HASH = 2, /* Message digests */
+ CDK_PREFTYPE_ZIP = 3 /* Compression algorithms */
+ };
+
+
+/* All valid sub packet types. */
+ enum cdk_sig_subpacket_t
+ {
+ CDK_SIGSUBPKT_NONE = 0,
+ CDK_SIGSUBPKT_SIG_CREATED = 2,
+ CDK_SIGSUBPKT_SIG_EXPIRE = 3,
+ CDK_SIGSUBPKT_EXPORTABLE = 4,
+ CDK_SIGSUBPKT_TRUST = 5,
+ CDK_SIGSUBPKT_REGEXP = 6,
+ CDK_SIGSUBPKT_REVOCABLE = 7,
+ CDK_SIGSUBPKT_KEY_EXPIRE = 9,
+ CDK_SIGSUBPKT_PREFS_SYM = 11,
+ CDK_SIGSUBPKT_REV_KEY = 12,
+ CDK_SIGSUBPKT_ISSUER = 16,
+ CDK_SIGSUBPKT_NOTATION = 20,
+ CDK_SIGSUBPKT_PREFS_HASH = 21,
+ CDK_SIGSUBPKT_PREFS_ZIP = 22,
+ CDK_SIGSUBPKT_KS_FLAGS = 23,
+ CDK_SIGSUBPKT_PREF_KS = 24,
+ CDK_SIGSUBPKT_PRIMARY_UID = 25,
+ CDK_SIGSUBPKT_POLICY = 26,
+ CDK_SIGSUBPKT_KEY_FLAGS = 27,
+ CDK_SIGSUBPKT_SIGNERS_UID = 28,
+ CDK_SIGSUBPKT_REVOC_REASON = 29,
+ CDK_SIGSUBPKT_FEATURES = 30
+ };
+
+
+/* All valid armor types. */
+ enum cdk_armor_type_t
+ {
+ CDK_ARMOR_MESSAGE = 0,
+ CDK_ARMOR_PUBKEY = 1,
+ CDK_ARMOR_SECKEY = 2,
+ CDK_ARMOR_SIGNATURE = 3,
+ CDK_ARMOR_CLEARSIG = 4
+ };
+
+ enum cdk_keydb_flag_t
+ {
+ /* Valid database search modes */
+ CDK_DBSEARCH_EXACT = 1, /* Exact string search */
+ CDK_DBSEARCH_SUBSTR = 2, /* Sub string search */
+ CDK_DBSEARCH_SHORT_KEYID = 3, /* 32-bit keyid search */
+ CDK_DBSEARCH_KEYID = 4, /* 64-bit keyid search */
+ CDK_DBSEARCH_FPR = 5, /* 160-bit fingerprint search */
+ CDK_DBSEARCH_NEXT = 6, /* Enumerate all keys */
+ CDK_DBSEARCH_AUTO = 7, /* Try to classify the string */
+ /* Valid database types */
+ CDK_DBTYPE_PK_KEYRING = 100, /* A file with one or more public keys */
+ CDK_DBTYPE_SK_KEYRING = 101, /* A file with one or more secret keys */
+ CDK_DBTYPE_DATA = 102, /* A buffer with at least one public key */
+ CDK_DBTYPE_STREAM = 103 /* A stream is used to read keys from */
+ };
+
+
+/* All valid modes for cdk_data_transform() */
+ enum cdk_crypto_mode_t
+ {
+ CDK_CRYPTYPE_NONE = 0,
+ CDK_CRYPTYPE_ENCRYPT = 1,
+ CDK_CRYPTYPE_DECRYPT = 2,
+ CDK_CRYPTYPE_SIGN = 3,
+ CDK_CRYPTYPE_VERIFY = 4,
+ CDK_CRYPTYPE_EXPORT = 5,
+ CDK_CRYPTYPE_IMPORT = 6
+ };
+
+#define CDK_KEY_USG_ENCR (CDK_KEY_USG_COMM_ENCR | CDK_KEY_USG_STORAGE_ENCR)
+#define CDK_KEY_USG_SIGN (CDK_KEY_USG_DATA_SIGN | CDK_KEY_USG_CERT_SIGN)
+/* A list of valid public key usages. */
+ enum cdk_key_usage_t
+ {
+ CDK_KEY_USG_CERT_SIGN = 1,
+ CDK_KEY_USG_DATA_SIGN = 2,
+ CDK_KEY_USG_COMM_ENCR = 4,
+ CDK_KEY_USG_STORAGE_ENCR = 8,
+ CDK_KEY_USG_SPLIT_KEY = 16,
+ CDK_KEY_USG_AUTH = 32,
+ CDK_KEY_USG_SHARED_KEY = 128
+ };
+
+
+/* Valid flags for keys. */
+ enum cdk_key_flag_t
+ {
+ CDK_KEY_VALID = 0,
+ CDK_KEY_INVALID = 1, /* Missing or wrong self signature */
+ CDK_KEY_EXPIRED = 2, /* Key is expired. */
+ CDK_KEY_REVOKED = 4, /* Key has been revoked. */
+ CDK_KEY_NOSIGNER = 8
+ };
+
+
+/* Trust values and flags for keys and user IDs */
+ enum cdk_trust_flag_t
+ {
+ CDK_TRUST_UNKNOWN = 0,
+ CDK_TRUST_EXPIRED = 1,
+ CDK_TRUST_UNDEFINED = 2,
+ CDK_TRUST_NEVER = 3,
+ CDK_TRUST_MARGINAL = 4,
+ CDK_TRUST_FULLY = 5,
+ CDK_TRUST_ULTIMATE = 6,
+ /* trust flags */
+ CDK_TFLAG_REVOKED = 32,
+ CDK_TFLAG_SUB_REVOKED = 64,
+ CDK_TFLAG_DISABLED = 128
+ };
+
+
+/* Signature states and the signature modes. */
+ enum cdk_signature_stat_t
+ {
+ /* Signature status */
+ CDK_SIGSTAT_NONE = 0,
+ CDK_SIGSTAT_GOOD = 1,
+ CDK_SIGSTAT_BAD = 2,
+ CDK_SIGSTAT_NOKEY = 3,
+ CDK_SIGSTAT_VALID = 4, /* True if made with a valid key. */
+ /* FIXME: We need indicators for revoked/expires signatures. */
+
+ /* Signature modes */
+ CDK_SIGMODE_NORMAL = 100,
+ CDK_SIGMODE_DETACHED = 101,
+ CDK_SIGMODE_CLEAR = 102
+ };
+
+
+/* Key flags. */
+ typedef enum
+ {
+ CDK_FLAG_KEY_REVOKED = 256,
+ CDK_FLAG_KEY_EXPIRED = 512,
+ CDK_FLAG_SIG_EXPIRED = 1024
+ } cdk_key_flags_t;
+
+
+/* Possible format for the literal data. */
+ typedef enum
+ {
+ CDK_LITFMT_BINARY = 0,
+ CDK_LITFMT_TEXT = 1,
+ CDK_LITFMT_UNICODE = 2
+ } cdk_lit_format_t;
+
+/* Valid OpenPGP packet types and their IDs */
+ typedef enum
+ {
+ CDK_PKT_RESERVED = 0,
+ CDK_PKT_PUBKEY_ENC = 1,
+ CDK_PKT_SIGNATURE = 2,
+ CDK_PKT_ONEPASS_SIG = 4,
+ CDK_PKT_SECRET_KEY = 5,
+ CDK_PKT_PUBLIC_KEY = 6,
+ CDK_PKT_SECRET_SUBKEY = 7,
+ CDK_PKT_COMPRESSED = 8,
+ CDK_PKT_MARKER = 10,
+ CDK_PKT_LITERAL = 11,
+ CDK_PKT_RING_TRUST = 12,
+ CDK_PKT_USER_ID = 13,
+ CDK_PKT_PUBLIC_SUBKEY = 14,
+ CDK_PKT_OLD_COMMENT = 16,
+ CDK_PKT_ATTRIBUTE = 17,
+ CDK_PKT_MDC = 19
+ } cdk_packet_type_t;
+
+/* Define the maximal number of multiprecion integers for
+ a public key. */
+#define MAX_CDK_PK_PARTS 4
+
+/* Define the maximal number of multiprecision integers for
+ a signature/encrypted blob issued by a secret key. */
+#define MAX_CDK_DATA_PARTS 2
+
+
+/* Helper macro to figure out if the packet is encrypted */
+#define CDK_PKT_IS_ENCRYPTED(pkttype) (\
+ ((pkttype)==CDK_PKT_ENCRYPTED_MDC) \
+ || ((pkttype)==CDK_PKT_ENCRYPTED))
+
+
+ struct cdk_pkt_signature_s
+ {
+ unsigned char version;
+ unsigned char sig_class;
+ unsigned int timestamp;
+ unsigned int expiredate;
+ unsigned int keyid[2];
+ unsigned char pubkey_algo;
+ unsigned char digest_algo;
+ unsigned char digest_start[2];
+ unsigned short hashed_size;
+ cdk_subpkt_t hashed;
+ unsigned short unhashed_size;
+ cdk_subpkt_t unhashed;
+ bigint_t mpi[MAX_CDK_DATA_PARTS];
+ cdk_desig_revoker_t revkeys;
+ struct
+ {
+ unsigned exportable:1;
+ unsigned revocable:1;
+ unsigned policy_url:1;
+ unsigned notation:1;
+ unsigned expired:1;
+ unsigned checked:1;
+ unsigned valid:1;
+ unsigned missing_key:1;
+ } flags;
+ unsigned int key[2]; /* only valid for key signatures */
+ };
+ typedef struct cdk_pkt_signature_s *cdk_pkt_signature_t;
+
+
+ struct cdk_pkt_userid_s
+ {
+ unsigned int len;
+ unsigned is_primary:1;
+ unsigned is_revoked:1;
+ unsigned mdc_feature:1;
+ cdk_prefitem_t prefs;
+ size_t prefs_size;
+ unsigned char *attrib_img; /* Tag 17 if not null */
+ size_t attrib_len;
+ cdk_pkt_signature_t selfsig;
+ char *name;
+ };
+ typedef struct cdk_pkt_userid_s *cdk_pkt_userid_t;
+
+
+ struct cdk_pkt_pubkey_s
+ {
+ unsigned char version;
+ unsigned char pubkey_algo;
+ unsigned char fpr[20];
+ unsigned int keyid[2];
+ unsigned int main_keyid[2];
+ unsigned int timestamp;
+ unsigned int expiredate;
+ bigint_t mpi[MAX_CDK_PK_PARTS];
+ unsigned is_revoked:1;
+ unsigned is_invalid:1;
+ unsigned has_expired:1;
+ int pubkey_usage;
+ cdk_pkt_userid_t uid;
+ cdk_prefitem_t prefs;
+ size_t prefs_size;
+ cdk_desig_revoker_t revkeys;
+ };
+ typedef struct cdk_pkt_pubkey_s *cdk_pkt_pubkey_t;
+
+/* Alias to define a generic public key context. */
+ typedef cdk_pkt_pubkey_t cdk_pubkey_t;
+
+
+ struct cdk_pkt_seckey_s
+ {
+ cdk_pkt_pubkey_t pk;
+ unsigned int expiredate;
+ int version;
+ int pubkey_algo;
+ unsigned int keyid[2];
+ unsigned int main_keyid[2];
+ unsigned char s2k_usage;
+ struct
+ {
+ unsigned char algo;
+ unsigned char sha1chk; /* SHA1 is used instead of a 16 bit checksum */
+ cdk_s2k_t s2k;
+ unsigned char iv[16];
+ unsigned char ivlen;
+ } protect;
+ unsigned short csum;
+ bigint_t mpi[MAX_CDK_PK_PARTS];
+ unsigned char *encdata;
+ size_t enclen;
+ unsigned char is_protected;
+ unsigned is_primary:1;
+ unsigned has_expired:1;
+ unsigned is_revoked:1;
+ };
+ typedef struct cdk_pkt_seckey_s *cdk_pkt_seckey_t;
+
+/* Alias to define a generic secret key context. */
+ typedef cdk_pkt_seckey_t cdk_seckey_t;
+
+
+ struct cdk_pkt_onepass_sig_s
+ {
+ unsigned char version;
+ unsigned int keyid[2];
+ unsigned char sig_class;
+ unsigned char digest_algo;
+ unsigned char pubkey_algo;
+ unsigned char last;
+ };
+ typedef struct cdk_pkt_onepass_sig_s *cdk_pkt_onepass_sig_t;
+
+
+ struct cdk_pkt_pubkey_enc_s
+ {
+ unsigned char version;
+ unsigned int keyid[2];
+ int throw_keyid;
+ unsigned char pubkey_algo;
+ bigint_t mpi[MAX_CDK_DATA_PARTS];
+ };
+ typedef struct cdk_pkt_pubkey_enc_s *cdk_pkt_pubkey_enc_t;
+
+ struct cdk_pkt_encrypted_s
+ {
+ unsigned int len;
+ int extralen;
+ unsigned char mdc_method;
+ cdk_stream_t buf;
+ };
+ typedef struct cdk_pkt_encrypted_s *cdk_pkt_encrypted_t;
+
+
+ struct cdk_pkt_mdc_s
+ {
+ unsigned char hash[20];
+ };
+ typedef struct cdk_pkt_mdc_s *cdk_pkt_mdc_t;
+
+
+ struct cdk_pkt_literal_s
+ {
+ unsigned int len;
+ cdk_stream_t buf;
+ int mode;
+ unsigned int timestamp;
+ int namelen;
+ char *name;
+ };
+ typedef struct cdk_pkt_literal_s *cdk_pkt_literal_t;
+
+
+ struct cdk_pkt_compressed_s
+ {
+ unsigned int len;
+ int algorithm;
+ cdk_stream_t buf;
+ };
+ typedef struct cdk_pkt_compressed_s *cdk_pkt_compressed_t;
+
+
+/* Structure which represents a single OpenPGP packet. */
+ struct cdk_packet_s
+ {
+ size_t pktlen; /* real packet length */
+ size_t pktsize; /* length with all headers */
+ int old_ctb; /* 1 if RFC1991 mode is used */
+ cdk_packet_type_t pkttype;
+ union
+ {
+ cdk_pkt_mdc_t mdc;
+ cdk_pkt_userid_t user_id;
+ cdk_pkt_pubkey_t public_key;
+ cdk_pkt_seckey_t secret_key;
+ cdk_pkt_signature_t signature;
+ cdk_pkt_pubkey_enc_t pubkey_enc;
+ cdk_pkt_compressed_t compressed;
+ cdk_pkt_encrypted_t encrypted;
+ cdk_pkt_literal_t literal;
+ cdk_pkt_onepass_sig_t onepass_sig;
+ } pkt;
+ };
+ typedef struct cdk_packet_s *cdk_packet_t;
+
+/* Session handle routines */
+ cdk_error_t cdk_handle_new (cdk_ctx_t * r_ctx);
+ void cdk_handle_free (cdk_ctx_t c);
+
+/* Set the key database handle for the given session handle.
+ The type of the key db handle (public or secret) decides
+ which session key db handle to use. */
+ void cdk_handle_set_keydb (cdk_ctx_t hd, cdk_keydb_hd_t db);
+
+/* Convenient function to avoid to open a key db first.
+ The user can directly use the file name, the rest is
+ done internally. */
+ cdk_error_t cdk_handle_set_keyring (cdk_ctx_t hd, int type,
+ const char *kringname);
+
+/* Return keydb handle stored in the session handle. */
+ cdk_keydb_hd_t cdk_handle_get_keydb (cdk_ctx_t hd, int type);
+ int cdk_handle_control (cdk_ctx_t hd, int action, int cmd, ...);
+
+/* Set a passphrase callback for the given session handle. */
+ void cdk_handle_set_passphrase_cb (cdk_ctx_t hd,
+ char *(*cb) (void *opa,
+ const char *prompt),
+ void *cb_value);
+
+/* shortcuts for some controls */
+
+/* Enable or disable armor output. */
+#define cdk_handle_set_armor(a, val) \
+ cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_ARMOR, (val))
+
+/* Set the compression algorithm and level. 0 means disable compression. */
+#define cdk_handle_set_compress(a, algo, level) \
+ cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_COMPRESS, (algo), (level))
+
+/* Activate partial bodies for the output. This is needed if the length
+ of the data is not known in advance or for the use with sockets
+ or pipes. */
+#define cdk_handle_set_blockmode(a, val) \
+ cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_BLOCKMODE_ON, (val))
+
+/* Set the digest for the PK signing operation. */
+#define cdk_handle_set_digest(a, val) \
+ cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_DIGEST, (val))
+
+/* Set the mode and the digest for the S2K operation. */
+#define cdk_handle_set_s2k(a, val1, val2) \
+ cdk_handle_control ((a), CDK_CTLF_SET, CDK_CTL_S2K, (val1), (val2))
+
+
+/* This context holds all information of the verification process. */
+ struct cdk_verify_result_s
+ {
+ int sig_ver; /* Version of the signature. */
+ int sig_status; /* The status (GOOD, BAD) of the signature */
+ int sig_flags; /* May contain expired or revoked flags */
+ unsigned int keyid[2]; /* The issuer key ID */
+ unsigned int created; /* Timestamp when the sig was created. */
+ unsigned int expires;
+ int pubkey_algo;
+ int digest_algo;
+ char *user_id; /* NULL or user ID which issued the signature. */
+ char *policy_url; /* If set, the policy the sig was created under. */
+ size_t sig_len; /* Size of the signature data inbits. */
+ unsigned char *sig_data; /* Raw signature data. */
+ };
+ typedef struct cdk_verify_result_s *cdk_verify_result_t;
+
+/* Return the verify result. Do not free the data. */
+ cdk_verify_result_t cdk_handle_verify_get_result (cdk_ctx_t hd);
+
+/* Raw packet routines. */
+
+/* Allocate a new packet or a new packet with the given packet type. */
+ cdk_error_t cdk_pkt_new (cdk_packet_t * r_pkt);
+ cdk_error_t cdk_pkt_alloc (cdk_packet_t * r_pkt, cdk_packet_type_t pkttype);
+
+/* Only release the contents of the packet but not @PKT itself. */
+ void cdk_pkt_free (cdk_packet_t pkt);
+
+/* Release the packet contents and the packet structure @PKT itself. */
+ void cdk_pkt_release (cdk_packet_t pkt);
+
+/* Read or write the given output from or to the stream. */
+ cdk_error_t cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt);
+ cdk_error_t cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt);
+
+/* Sub packet routines */
+ cdk_subpkt_t cdk_subpkt_new (size_t size);
+ void cdk_subpkt_free (cdk_subpkt_t ctx);
+ cdk_subpkt_t cdk_subpkt_find (cdk_subpkt_t ctx, size_t type);
+ cdk_subpkt_t cdk_subpkt_find_next (cdk_subpkt_t root, size_t type);
+ size_t cdk_subpkt_type_count (cdk_subpkt_t ctx, size_t type);
+ cdk_subpkt_t cdk_subpkt_find_nth (cdk_subpkt_t ctx, size_t type,
+ size_t index);
+ cdk_error_t cdk_subpkt_add (cdk_subpkt_t root, cdk_subpkt_t node);
+ const unsigned char *cdk_subpkt_get_data (cdk_subpkt_t ctx,
+ size_t * r_type,
+ size_t * r_nbytes);
+ void cdk_subpkt_init (cdk_subpkt_t node, size_t type, const void *buf,
+ size_t buflen);
+
+/* Designated Revoker routines */
+ const unsigned char *cdk_key_desig_revoker_walk (cdk_desig_revoker_t root,
+ cdk_desig_revoker_t * ctx,
+ int *r_class,
+ int *r_algid);
+
+#define is_RSA(a) ((a) == CDK_PK_RSA \
+ || (a) == CDK_PK_RSA_E \
+ || (a) == CDK_PK_RSA_S)
+#define is_ELG(a) ((a) == CDK_PK_ELG_E)
+#define is_DSA(a) ((a) == CDK_PK_DSA)
+
+/* Encrypt the given session key @SK with the public key @PK
+ and write the contents into the packet @PKE. */
+ cdk_error_t cdk_pk_encrypt (cdk_pubkey_t pk, cdk_pkt_pubkey_enc_t pke,
+ bigint_t sk);
+
+/* Decrypt the given encrypted session key in @PKE with the secret key
+ @SK and store it in @R_SK. */
+ cdk_error_t cdk_pk_decrypt (cdk_seckey_t sk, cdk_pkt_pubkey_enc_t pke,
+ bigint_t * r_sk);
+
+/* Sign the given message digest @MD with the secret key @SK and
+ store the signature in the packet @SIG. */
+ cdk_error_t cdk_pk_sign (cdk_seckey_t sk, cdk_pkt_signature_t sig,
+ const unsigned char *md);
+
+/* Verify the given signature in @SIG with the public key @PK
+ and compare it against the message digest @MD. */
+ cdk_error_t cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
+ const unsigned char *md);
+
+/* Use cdk_pk_get_npkey() and cdk_pk_get_nskey to find out how much
+ multiprecision integers a key consists of. */
+
+/* Return a multi precision integer of the public key with the index @IDX
+ in the buffer @BUF. @R_NWRITTEN will contain the length in octets.
+ Optional @R_NBITS may contain the size in bits. */
+ cdk_error_t cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
+
+/* Same as the function above but of the secret key. */
+ cdk_error_t cdk_sk_get_mpi (cdk_seckey_t sk, size_t idx,
+ unsigned char *buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits);
+
+/* Helper to get the exact number of multi precision integers
+ for the given object. */
+ int cdk_pk_get_nbits (cdk_pubkey_t pk);
+ int cdk_pk_get_npkey (int algo);
+ int cdk_pk_get_nskey (int algo);
+ int cdk_pk_get_nsig (int algo);
+ int cdk_pk_get_nenc (int algo);
+
+/* Fingerprint and key ID routines. */
+
+/* Calculate the fingerprint of the given public key.
+ the FPR parameter must be at least 20 octets to hold the SHA1 hash. */
+ cdk_error_t cdk_pk_get_fingerprint (cdk_pubkey_t pk, unsigned char *fpr);
+
+/* Same as above, but with additional sanity checks of the buffer size. */
+ cdk_error_t cdk_pk_to_fingerprint (cdk_pubkey_t pk,
+ unsigned char *fpr, size_t fprlen,
+ size_t * r_nout);
+
+/* Derive the keyid from the fingerprint. This is only possible for
+ modern, version 4 keys. */
+ unsigned int cdk_pk_fingerprint_get_keyid (const unsigned char *fpr,
+ size_t fprlen,
+ unsigned int *keyid);
+
+/* Various functions to get the keyid from the specific packet type. */
+ unsigned int cdk_pk_get_keyid (cdk_pubkey_t pk, unsigned int *keyid);
+ unsigned int cdk_sk_get_keyid (cdk_seckey_t sk, unsigned int *keyid);
+ unsigned int cdk_sig_get_keyid (cdk_pkt_signature_t sig,
+ unsigned int *keyid);
+
+/* Key release functions. */
+ void cdk_pk_release (cdk_pubkey_t pk);
+ void cdk_sk_release (cdk_seckey_t sk);
+
+/* Create a public key with the data from the secret key @SK. */
+ cdk_error_t cdk_pk_from_secret_key (cdk_seckey_t sk, cdk_pubkey_t * ret_pk);
+
+/* Sexp conversion of keys. */
+ cdk_error_t cdk_pubkey_to_sexp (cdk_pubkey_t pk, char **sexp, size_t * len);
+ cdk_error_t cdk_seckey_to_sexp (cdk_seckey_t sk, char **sexp, size_t * len);
+
+
+/* String to Key routines. */
+ cdk_error_t cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
+ const unsigned char *salt);
+ void cdk_s2k_free (cdk_s2k_t s2k);
+
+ cdk_error_t cdk_file_armor (cdk_ctx_t hd, const char *file,
+ const char *output);
+ cdk_error_t cdk_file_dearmor (const char *file, const char *output);
+ int cdk_armor_filter_use (cdk_stream_t inp);
+
+/* Protect the inbuf with ASCII armor of the specified type.
+ If @outbuf and @outlen are NULL, the function returns the calculated
+ size of the base64 encoded data in @nwritten. */
+ cdk_error_t cdk_armor_encode_buffer (const unsigned char *inbuf,
+ size_t inlen, char *outbuf,
+ size_t outlen, size_t * nwritten,
+ int type);
+
+
+/* This context contain user callbacks for different stream operations.
+ Some of these callbacks might be NULL to indicate that the callback
+ is not used. */
+ struct cdk_stream_cbs_s
+ {
+ cdk_error_t (*open) (void *);
+ cdk_error_t (*release) (void *);
+ int (*read) (void *, void *buf, size_t);
+ int (*write) (void *, const void *buf, size_t);
+ int (*seek) (void *, off_t);
+ };
+ typedef struct cdk_stream_cbs_s *cdk_stream_cbs_t;
+
+ int cdk_stream_is_compressed (cdk_stream_t s);
+
+/* Return a stream object which is associated to a socket. */
+ cdk_error_t cdk_stream_sockopen (const char *host, unsigned short port,
+ cdk_stream_t * ret_out);
+
+/* Return a stream object which is associated to an existing file. */
+ cdk_error_t cdk_stream_open (const char *file, cdk_stream_t * ret_s);
+
+/* Return a stream object which is associated to a file which will
+ be created when the stream is closed. */
+ cdk_error_t cdk_stream_new (const char *file, cdk_stream_t * ret_s);
+
+/* Return a stream object with custom callback functions for the
+ various core operations. */
+ cdk_error_t cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
+ cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_create (const char *file, cdk_stream_t * ret_s);
+ cdk_error_t cdk_stream_tmp_new (cdk_stream_t * r_out);
+ cdk_error_t cdk_stream_tmp_from_mem (const void *buf, size_t buflen,
+ cdk_stream_t * r_out);
+ void cdk_stream_tmp_set_mode (cdk_stream_t s, int val);
+ cdk_error_t cdk_stream_flush (cdk_stream_t s);
+ cdk_error_t cdk_stream_enable_cache (cdk_stream_t s, int val);
+ cdk_error_t cdk_stream_filter_disable (cdk_stream_t s, int type);
+ cdk_error_t cdk_stream_close (cdk_stream_t s);
+ off_t cdk_stream_get_length (cdk_stream_t s);
+ int cdk_stream_read (cdk_stream_t s, void *buf, size_t count);
+ int cdk_stream_write (cdk_stream_t s, const void *buf, size_t count);
+ int cdk_stream_putc (cdk_stream_t s, int c);
+ int cdk_stream_getc (cdk_stream_t s);
+ int cdk_stream_eof (cdk_stream_t s);
+ off_t cdk_stream_tell (cdk_stream_t s);
+ cdk_error_t cdk_stream_seek (cdk_stream_t s, off_t offset);
+ cdk_error_t cdk_stream_set_armor_flag (cdk_stream_t s, int type);
+
+/* Push the literal filter for the given stream. */
+ cdk_error_t cdk_stream_set_literal_flag (cdk_stream_t s,
+ cdk_lit_format_t mode,
+ const char *fname);
+
+ cdk_error_t cdk_stream_set_compress_flag (cdk_stream_t s, int algo,
+ int level);
+ cdk_error_t cdk_stream_set_hash_flag (cdk_stream_t s, int algo);
+ cdk_error_t cdk_stream_set_text_flag (cdk_stream_t s, const char *lf);
+ cdk_error_t cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out);
+ cdk_error_t cdk_stream_mmap (cdk_stream_t s, unsigned char **ret_buf,
+ size_t * ret_buflen);
+ cdk_error_t cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
+ unsigned char **ret_buf,
+ size_t * ret_buflen);
+
+/* Read from the stream but restore the file pointer after reading
+ the requested amount of bytes. */
+ int cdk_stream_peek (cdk_stream_t inp, unsigned char *buf, size_t buflen);
+
+/* A wrapper around the various new_from_XXX functions. Because
+ the function does not support all combinations, the dedicated
+ functions should be preferred. */
+ cdk_error_t cdk_keydb_new (cdk_keydb_hd_t * r_hd, int type, void *data,
+ size_t count);
+
+/* Create a new key db handle from a memory buffer. */
+ cdk_error_t cdk_keydb_new_from_mem (cdk_keydb_hd_t * r_hd, int secret,
+ const void *data, size_t datlen);
+
+/* Create a new key db which uses an existing file. */
+ cdk_error_t cdk_keydb_new_from_file (cdk_keydb_hd_t * r_hd, int secret,
+ const char *fname);
+
+/* Uses a stream as the key db input. For searching it is important
+ that the seek function is supported on the stream. Furthermore,
+ the stream is not closed in cdk_keydb_free(). The caller must do it. */
+ cdk_error_t cdk_keydb_new_from_stream (cdk_keydb_hd_t * r_hd, int secret,
+ cdk_stream_t in);
+
+/* Check that a secret key with the given key ID is available. */
+ cdk_error_t cdk_keydb_check_sk (cdk_keydb_hd_t hd, unsigned int *keyid);
+
+/* Prepare the key db search. */
+ cdk_error_t cdk_keydb_search_start (cdk_keydb_search_t * st,
+ cdk_keydb_hd_t db, int type,
+ void *desc);
+
+ void cdk_keydb_search_release (cdk_keydb_search_t st);
+
+/* Return a key which matches a valid description given in
+ cdk_keydb_search_start(). */
+ cdk_error_t cdk_keydb_search (cdk_keydb_search_t st, cdk_keydb_hd_t hd,
+ cdk_kbnode_t * ret_key);
+
+/* Release the key db handle and all its resources. */
+ void cdk_keydb_free (cdk_keydb_hd_t hd);
+
+/* The following functions will try to find a key in the given key
+ db handle either by keyid, by fingerprint or by some pattern. */
+ cdk_error_t cdk_keydb_get_bykeyid (cdk_keydb_hd_t hd, unsigned int *keyid,
+ cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_byfpr (cdk_keydb_hd_t hd,
+ const unsigned char *fpr,
+ cdk_kbnode_t * ret_pk);
+ cdk_error_t cdk_keydb_get_bypattern (cdk_keydb_hd_t hd, const char *patt,
+ cdk_kbnode_t * ret_pk);
+
+/* These function, in contrast to most other key db functions, only
+ return the public or secret key packet without the additional
+ signatures and user IDs. */
+ cdk_error_t cdk_keydb_get_pk (cdk_keydb_hd_t khd, unsigned int *keyid,
+ cdk_pubkey_t * ret_pk);
+ cdk_error_t cdk_keydb_get_sk (cdk_keydb_hd_t khd, unsigned int *keyid,
+ cdk_seckey_t * ret_sk);
+
+/* Try to read the next key block from the given input stream.
+ The key will be returned in @RET_KEY on success. */
+ cdk_error_t cdk_keydb_get_keyblock (cdk_stream_t inp,
+ cdk_kbnode_t * ret_key);
+
+/* Rebuild the key db index if possible. */
+ cdk_error_t cdk_keydb_idx_rebuild (cdk_keydb_hd_t db,
+ cdk_keydb_search_t dbs);
+
+/* Export one or more keys from the given key db handle into
+ the stream @OUT. The export is done by substring search and
+ uses the string list @REMUSR for the pattern. */
+ cdk_error_t cdk_keydb_export (cdk_keydb_hd_t hd, cdk_stream_t out,
+ cdk_strlist_t remusr);
+
+/* Import the given key node @knode into the key db. */
+ cdk_error_t cdk_keydb_import (cdk_keydb_hd_t hd, cdk_kbnode_t knode);
+
+
+/* List or enumerate keys from a given key db handle. */
+
+/* Start the key list process. Either use @PATT for a pattern search
+ or @FPATT for a list of pattern. */
+ cdk_error_t cdk_listkey_start (cdk_listkey_t * r_ctx, cdk_keydb_hd_t db,
+ const char *patt, cdk_strlist_t fpatt);
+ void cdk_listkey_close (cdk_listkey_t ctx);
+
+/* Return the next key which matches the pattern. */
+ cdk_error_t cdk_listkey_next (cdk_listkey_t ctx, cdk_kbnode_t * ret_key);
+
+ cdk_kbnode_t cdk_kbnode_new (cdk_packet_t pkt);
+ cdk_error_t cdk_kbnode_read_from_mem (cdk_kbnode_t * ret_node,
+ const unsigned char *buf,
+ size_t buflen);
+ cdk_error_t cdk_kbnode_write_to_mem (cdk_kbnode_t node,
+ unsigned char *buf, size_t * r_nbytes);
+ cdk_error_t cdk_kbnode_write_to_mem_alloc (cdk_kbnode_t node,
+ unsigned char **r_buf,
+ size_t * r_buflen);
+
+ void cdk_kbnode_release (cdk_kbnode_t node);
+ void cdk_kbnode_delete (cdk_kbnode_t node);
+ void cdk_kbnode_insert (cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ int cdk_kbnode_commit (cdk_kbnode_t * root);
+ void cdk_kbnode_remove (cdk_kbnode_t * root, cdk_kbnode_t node);
+ void cdk_kbnode_move (cdk_kbnode_t * root, cdk_kbnode_t node,
+ cdk_kbnode_t where);
+ cdk_kbnode_t cdk_kbnode_walk (cdk_kbnode_t root, cdk_kbnode_t * ctx,
+ int all);
+ cdk_packet_t cdk_kbnode_find_packet (cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_packet_t cdk_kbnode_get_packet (cdk_kbnode_t node);
+ cdk_kbnode_t cdk_kbnode_find (cdk_kbnode_t node, cdk_packet_type_t pkttype);
+ cdk_kbnode_t cdk_kbnode_find_prev (cdk_kbnode_t root, cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_kbnode_t cdk_kbnode_find_next (cdk_kbnode_t node,
+ cdk_packet_type_t pkttype);
+ cdk_error_t cdk_kbnode_hash (cdk_kbnode_t node, digest_hd_st * md,
+ int is_v4, cdk_packet_type_t pkttype,
+ int flags);
+
+/* Check each signature in the key node and return a summary of the
+ key status in @r_status. Values of cdk_key_flag_t are used. */
+ cdk_error_t cdk_pk_check_sigs (cdk_kbnode_t knode, cdk_keydb_hd_t hd,
+ int *r_status);
+
+/* Check the self signature of the key to make sure it is valid. */
+ cdk_error_t cdk_pk_check_self_sig (cdk_kbnode_t knode, int *r_status);
+
+/* Return a matching algorithm from the given public key list.
+ @PREFTYPE can be either sym-cipher/compress/digest. */
+ int cdk_pklist_select_algo (cdk_keylist_t pkl, int preftype);
+
+/* Return 0 or 1 if the given key list is able to understand the
+ MDC feature. */
+ int cdk_pklist_use_mdc (cdk_keylist_t pkl);
+ cdk_error_t cdk_pklist_build (cdk_keylist_t * ret_pkl, cdk_keydb_hd_t hd,
+ cdk_strlist_t remusr, int use);
+ void cdk_pklist_release (cdk_keylist_t pkl);
+
+/* Secret key lists */
+ cdk_error_t cdk_sklist_build (cdk_keylist_t * ret_skl,
+ cdk_keydb_hd_t db, cdk_ctx_t hd,
+ cdk_strlist_t locusr,
+ int unlock, unsigned int use);
+ void cdk_sklist_release (cdk_keylist_t skl);
+ cdk_error_t cdk_sklist_write (cdk_keylist_t skl, cdk_stream_t outp,
+ digest_hd_st * mdctx, int sigclass,
+ int sigver);
+ cdk_error_t cdk_sklist_write_onepass (cdk_keylist_t skl, cdk_stream_t outp,
+ int sigclass, int mdalgo);
+
+/* Encrypt the given stream @INP with the recipients given in @REMUSR.
+ If @REMUSR is NULL, symmetric encryption will be used. The output
+ will be written to @OUT. */
+ cdk_error_t cdk_stream_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
+ cdk_stream_t inp, cdk_stream_t out);
+
+/* Decrypt the @INP stream into @OUT. */
+ cdk_error_t cdk_stream_decrypt (cdk_ctx_t hd, cdk_stream_t inp,
+ cdk_stream_t out);
+
+/* Same as the function above but it works on files. */
+ cdk_error_t cdk_file_encrypt (cdk_ctx_t hd, cdk_strlist_t remusr,
+ const char *file, const char *output);
+ cdk_error_t cdk_file_decrypt (cdk_ctx_t hd, const char *file,
+ const char *output);
+
+/* Generic function to transform data. The mode can be either sign,
+ verify, encrypt, decrypt, import or export. The meanings of the
+ parameters are similar to the functions above.
+ @OUTBUF will contain the output and @OUTSIZE the length of it. */
+ cdk_error_t cdk_data_transform (cdk_ctx_t hd, enum cdk_crypto_mode_t mode,
+ cdk_strlist_t locusr, cdk_strlist_t remusr,
+ const void *inbuf, size_t insize,
+ unsigned char **outbuf, size_t * outsize,
+ int modval);
+
+/* Sign the stream @INP. Optionally, the output will be encrypted
+ if @REMUSR is not NULL and the @ENCRYPTFLAG is set.
+ The output will be written to @OUT.
+ @LOCUSR contains one ore more pattern for the secret key(s) to use. */
+ cdk_error_t cdk_stream_sign (cdk_ctx_t hd, cdk_stream_t inp,
+ cdk_stream_t out, cdk_strlist_t locusr,
+ cdk_strlist_t remusr, int encryptflag,
+ int sigmode);
+
+/* Same as the function above but it works on files. */
+ cdk_error_t cdk_file_sign (cdk_ctx_t hd, cdk_strlist_t locusr,
+ cdk_strlist_t remusr,
+ const char *file, const char *output,
+ int sigmode, int encryptflag);
+
+ cdk_error_t cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp,
+ cdk_stream_t data, cdk_stream_t out);
+
+/* Verify the given file @FILE. For a detached signature, @DATA_FILE
+ contains the actual file data and @FILE is only the signature.
+ If the @OUTPUT is not NULL, the plaintext will be written to this file. */
+ cdk_error_t cdk_file_verify (cdk_ctx_t hd, const char *file,
+ const char *data_file, const char *output);
+
+ int cdk_trustdb_get_validity (cdk_stream_t inp, cdk_pkt_userid_t id,
+ int *r_val);
+ int cdk_trustdb_get_ownertrust (cdk_stream_t inp, cdk_pubkey_t pk,
+ int *r_val, int *r_flags);
+
+ void cdk_strlist_free (cdk_strlist_t sl);
+ cdk_strlist_t cdk_strlist_add (cdk_strlist_t * list, const char *string);
+ cdk_strlist_t cdk_strlist_next (cdk_strlist_t root, const char **r_str);
+ const char *cdk_check_version (const char *req_version);
+/* UTF8 */
+ char *cdk_utf8_encode (const char *string);
+ char *cdk_utf8_decode (const char *string, size_t length, int delim);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OPENCDK_H */
--- /dev/null
+/* packet.h
+ * Copyright (C) 2002, 2003, 2007, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA
+ *
+ */
+#ifndef CDK_PACKET_H
+#define CDK_PACKET_H
+
+struct cdk_kbnode_s
+{
+ struct cdk_kbnode_s *next;
+ cdk_packet_t pkt;
+ unsigned int is_deleted:1;
+ unsigned int is_cloned:1;
+};
+
+/*-- new-packet.c --*/
+void _cdk_free_mpibuf (size_t n, bigint_t * array);
+void _cdk_free_userid (cdk_pkt_userid_t uid);
+void _cdk_free_signature (cdk_pkt_signature_t sig);
+cdk_prefitem_t _cdk_copy_prefs (const cdk_prefitem_t prefs);
+cdk_error_t _cdk_copy_userid (cdk_pkt_userid_t * dst, cdk_pkt_userid_t src);
+cdk_error_t _cdk_copy_pubkey (cdk_pkt_pubkey_t * dst, cdk_pkt_pubkey_t src);
+cdk_error_t _cdk_copy_seckey (cdk_pkt_seckey_t * dst, cdk_pkt_seckey_t src);
+cdk_error_t _cdk_copy_pk_to_sk (cdk_pkt_pubkey_t pk, cdk_pkt_seckey_t sk);
+cdk_error_t _cdk_copy_signature (cdk_pkt_signature_t * dst,
+ cdk_pkt_signature_t src);
+cdk_error_t _cdk_pubkey_compare (cdk_pkt_pubkey_t a, cdk_pkt_pubkey_t b);
+
+#endif /* CDK_PACKET_H */
--- /dev/null
+/* pubkey.c - Public key API
+ * Copyright (C) 2002, 2003, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+
+/* This function gets the signature parameters and encodes
+ * them into a way for _gnutls_pk_verify to use.
+ */
+static cdk_error_t
+sig_to_datum (gnutls_datum_t * r_sig, cdk_pkt_signature_t sig)
+{
+ int err;
+ cdk_error_t rc;
+
+ if (!r_sig || !sig)
+ return CDK_Inv_Value;
+
+ rc = 0;
+ if (is_RSA (sig->pubkey_algo))
+ {
+ err = _gnutls_mpi_dprint (sig->mpi[0], r_sig);
+ if (err < 0)
+ rc = map_gnutls_error (err);
+ }
+ else if (is_DSA (sig->pubkey_algo))
+ {
+ err = _gnutls_encode_ber_rs (r_sig, sig->mpi[0], sig->mpi[1]);
+ if (err < 0)
+ rc = map_gnutls_error (err);
+ }
+ else
+ rc = CDK_Inv_Algo;
+ return rc;
+}
+
+/**
+ * cdk_pk_verify:
+ * @pk: the public key
+ * @sig: signature
+ * @md: the message digest
+ *
+ * Verify the signature in @sig and compare it with the message digest in @md.
+ **/
+cdk_error_t
+cdk_pk_verify (cdk_pubkey_t pk, cdk_pkt_signature_t sig, const byte * md)
+{
+ gnutls_datum_t s_sig;
+ byte *encmd = NULL;
+ size_t enclen;
+ cdk_error_t rc;
+ int ret, algo;
+ unsigned int i;
+ gnutls_datum_t data;
+ gnutls_pk_params_st params;
+
+ if (!pk || !sig || !md)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ if (is_DSA (pk->pubkey_algo))
+ algo = GNUTLS_PK_DSA;
+ else if (is_RSA (pk->pubkey_algo))
+ algo = GNUTLS_PK_RSA;
+ else
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ rc = sig_to_datum (&s_sig, sig);
+ if (rc)
+ {
+ gnutls_assert ();
+ goto leave;
+ }
+
+ rc = _cdk_digest_encode_pkcs1 (&encmd, &enclen, pk->pubkey_algo, md,
+ sig->digest_algo, cdk_pk_get_nbits (pk));
+ if (rc)
+ {
+ gnutls_assert ();
+ goto leave;
+ }
+
+ data.data = encmd;
+ data.size = enclen;
+
+ params.params_nr = cdk_pk_get_npkey (pk->pubkey_algo);
+ for (i = 0; i < params.params_nr; i++)
+ params.params[i] = pk->mpi[i];
+ params.flags = 0;
+ ret = _gnutls_pk_verify (algo, &data, &s_sig, ¶ms);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ rc = map_gnutls_error (ret);
+ goto leave;
+ }
+
+ rc = 0;
+
+leave:
+ _gnutls_free_datum (&s_sig);
+ cdk_free (encmd);
+ return rc;
+}
+
+
+/**
+ * cdk_pk_get_nbits:
+ * @pk: the public key
+ *
+ * Return the length of the public key in bits.
+ * The meaning of length is actually the size of the 'prime'
+ * object in the key. For RSA keys the modulus, for ElG/DSA
+ * the size of the public prime.
+ **/
+int
+cdk_pk_get_nbits (cdk_pubkey_t pk)
+{
+ if (!pk || !pk->mpi[0])
+ return 0;
+ return _gnutls_mpi_get_nbits (pk->mpi[0]);
+}
+
+
+/**
+ * cdk_pk_get_npkey:
+ * @algo: The public key algorithm.
+ *
+ * Return the number of multiprecison integer forming an public
+ * key with the given algorithm.
+ */
+int
+cdk_pk_get_npkey (int algo)
+{
+ if (is_RSA (algo))
+ return RSA_PUBLIC_PARAMS;
+ else if (is_DSA (algo))
+ return DSA_PUBLIC_PARAMS;
+ else if (is_ELG (algo))
+ return 3;
+ else
+ {
+ gnutls_assert ();
+ return 0;
+ }
+}
+
+
+/**
+ * cdk_pk_get_nskey:
+ * @algo: the public key algorithm
+ *
+ * Return the number of multiprecision integers forming an
+ * secret key with the given algorithm.
+ **/
+int
+cdk_pk_get_nskey (int algo)
+{
+ int ret;
+
+ if (is_RSA (algo))
+ ret = RSA_PRIVATE_PARAMS - 2; /* we don't have exp1 and exp2 */
+ else if (is_DSA (algo))
+ ret = DSA_PRIVATE_PARAMS;
+ else if (is_ELG (algo))
+ ret = 4;
+ else
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ret -= cdk_pk_get_npkey (algo);
+ return ret;
+}
+
+
+/**
+ * cdk_pk_get_nbits:
+ * @algo: the public key algorithm
+ *
+ * Return the number of MPIs a signature consists of.
+ **/
+int
+cdk_pk_get_nsig (int algo)
+{
+ if (is_RSA (algo))
+ return 1;
+ else if (is_DSA (algo))
+ return 2;
+ else
+ return 0;
+}
+
+
+/**
+ * cdk_pk_get_nenc:
+ * @algo: the public key algorithm
+ *
+ * Return the number of MPI's the encrypted data consists of.
+ **/
+int
+cdk_pk_get_nenc (int algo)
+{
+ if (is_RSA (algo))
+ return 1;
+ else if (is_ELG (algo))
+ return 2;
+ else
+ return 0;
+}
+
+
+int
+_cdk_pk_algo_usage (int algo)
+{
+ int usage;
+
+ /* The ElGamal sign+encrypt algorithm is not supported any longer. */
+ switch (algo)
+ {
+ case CDK_PK_RSA:
+ usage = CDK_KEY_USG_SIGN | CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_RSA_E:
+ usage = CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_RSA_S:
+ usage = CDK_KEY_USG_SIGN;
+ break;
+ case CDK_PK_ELG_E:
+ usage = CDK_KEY_USG_ENCR;
+ break;
+ case CDK_PK_DSA:
+ usage = CDK_KEY_USG_SIGN;
+ break;
+ default:
+ usage = 0;
+ }
+ return usage;
+}
+
+/* You can use a NULL buf to get the output size only
+ */
+static cdk_error_t
+mpi_to_buffer (bigint_t a, byte * buf, size_t buflen,
+ size_t * r_nwritten, size_t * r_nbits)
+{
+ size_t nbits;
+ int err;
+
+ if (!a || !r_nwritten)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ nbits = _gnutls_mpi_get_nbits (a);
+ if (r_nbits)
+ *r_nbits = nbits;
+
+ if (r_nwritten)
+ *r_nwritten = (nbits + 7) / 8 + 2;
+
+ if ((nbits + 7) / 8 + 2 > buflen)
+ return CDK_Too_Short;
+
+ *r_nwritten = buflen;
+ err = _gnutls_mpi_print (a, buf, r_nwritten);
+ if (err < 0)
+ {
+ gnutls_assert ();
+ return map_gnutls_error (err);
+ }
+
+ return 0;
+}
+
+
+/**
+ * cdk_pk_get_mpi:
+ * @pk: public key
+ * @idx: index of the MPI to retrieve
+ * @buf: buffer to hold the raw data
+ * @r_nwritten: output how large the raw data is
+ * @r_nbits: size of the MPI in bits.
+ *
+ * Return the MPI with the given index of the public key.
+ **/
+cdk_error_t
+cdk_pk_get_mpi (cdk_pubkey_t pk, size_t idx,
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
+{
+ if (!pk || !r_nwritten)
+ return CDK_Inv_Value;
+
+ if ((ssize_t) idx > cdk_pk_get_npkey (pk->pubkey_algo))
+ return CDK_Inv_Value;
+ return mpi_to_buffer (pk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
+}
+
+
+/**
+ * cdk_sk_get_mpi:
+ * @sk: secret key
+ * @idx: index of the MPI to retrieve
+ * @buf: buffer to hold the raw data
+ * @r_nwritten: output length of the raw data
+ * @r_nbits: length of the MPI data in bits.
+ *
+ * Return the MPI of the given secret key with the
+ * index @idx. It is important to check if the key
+ * is protected and thus no real MPI data will be returned then.
+ **/
+cdk_error_t
+cdk_sk_get_mpi (cdk_pkt_seckey_t sk, size_t idx,
+ byte * buf, size_t buflen, size_t * r_nwritten,
+ size_t * r_nbits)
+{
+ if (!sk || !r_nwritten)
+ return CDK_Inv_Value;
+
+ if ((ssize_t) idx > cdk_pk_get_nskey (sk->pubkey_algo))
+ return CDK_Inv_Value;
+ return mpi_to_buffer (sk->mpi[idx], buf, buflen, r_nwritten, r_nbits);
+}
+
+
+static u16
+checksum_mpi (bigint_t m)
+{
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nread;
+ unsigned int i;
+ u16 chksum = 0;
+
+ if (!m)
+ return 0;
+ nread = DIM (buf);
+ if (_gnutls_mpi_print_pgp (m, buf, &nread) < 0)
+ return 0;
+ for (i = 0; i < nread; i++)
+ chksum += buf[i];
+ return chksum;
+}
+
+/**
+ * cdk_pk_from_secret_key:
+ * @sk: the secret key
+ * @ret_pk: the new public key
+ *
+ * Create a new public key from a secret key.
+ **/
+cdk_error_t
+cdk_pk_from_secret_key (cdk_pkt_seckey_t sk, cdk_pubkey_t * ret_pk)
+{
+ if (!sk)
+ return CDK_Inv_Value;
+ return _cdk_copy_pubkey (ret_pk, sk->pk);
+}
+
+
+int
+_cdk_sk_get_csum (cdk_pkt_seckey_t sk)
+{
+ u16 csum = 0, i;
+
+ if (!sk)
+ return 0;
+ for (i = 0; i < cdk_pk_get_nskey (sk->pubkey_algo); i++)
+ csum += checksum_mpi (sk->mpi[i]);
+ return csum;
+}
+
+
+/**
+ * cdk_pk_get_fingerprint:
+ * @pk: the public key
+ * @fpr: the buffer to hold the fingerprint
+ *
+ * Return the fingerprint of the given public key.
+ * The buffer must be at least 20 octets.
+ * This function should be considered deprecated and
+ * the new cdk_pk_to_fingerprint() should be used whenever
+ * possible to avoid overflows.
+ **/
+cdk_error_t
+cdk_pk_get_fingerprint (cdk_pubkey_t pk, byte * fpr)
+{
+ digest_hd_st hd;
+ int md_algo;
+ int dlen = 0;
+ int err;
+
+ if (!pk || !fpr)
+ return CDK_Inv_Value;
+
+ if (pk->version < 4 && is_RSA (pk->pubkey_algo))
+ md_algo = GNUTLS_DIG_MD5; /* special */
+ else
+ md_algo = GNUTLS_DIG_SHA1;
+ dlen = _gnutls_hash_get_algo_len (md_algo);
+ err = _gnutls_hash_init (&hd, md_algo);
+ if (err < 0)
+ {
+ gnutls_assert ();
+ return map_gnutls_error (err);
+ }
+ _cdk_hash_pubkey (pk, &hd, 1);
+ _gnutls_hash_deinit (&hd, fpr);
+ if (dlen == 16)
+ memset (fpr + 16, 0, 4);
+ return 0;
+}
+
+
+/**
+ * cdk_pk_to_fingerprint:
+ * @pk: the public key
+ * @fprbuf: buffer to save the fingerprint
+ * @fprbuflen: buffer size
+ * @r_nout: actual length of the fingerprint.
+ *
+ * Calculate a fingerprint of the given key and
+ * return it in the given byte array.
+ **/
+cdk_error_t
+cdk_pk_to_fingerprint (cdk_pubkey_t pk,
+ byte * fprbuf, size_t fprbuflen, size_t * r_nout)
+{
+ size_t key_fprlen;
+ cdk_error_t err;
+
+ if (!pk)
+ return CDK_Inv_Value;
+
+ if (pk->version < 4)
+ key_fprlen = 16;
+ else
+ key_fprlen = 20;
+
+ /* Only return the required buffer size for the fingerprint. */
+ if (!fprbuf && !fprbuflen && r_nout)
+ {
+ *r_nout = key_fprlen;
+ return 0;
+ }
+
+ if (!fprbuf || key_fprlen > fprbuflen)
+ return CDK_Too_Short;
+
+ err = cdk_pk_get_fingerprint (pk, fprbuf);
+ if (r_nout)
+ *r_nout = key_fprlen;
+
+ return err;
+}
+
+
+/**
+ * cdk_pk_fingerprint_get_keyid:
+ * @fpr: the key fingerprint
+ * @fprlen: the length of the fingerprint
+ *
+ * Derive the key ID from the key fingerprint.
+ * For version 3 keys, this is not working.
+ **/
+u32
+cdk_pk_fingerprint_get_keyid (const byte * fpr, size_t fprlen, u32 * keyid)
+{
+ u32 lowbits = 0;
+
+ /* In this case we say the key is a V3 RSA key and we can't
+ use the fingerprint to get the keyid. */
+ if (fpr && fprlen == 16)
+ {
+ keyid[0] = 0;
+ keyid[1] = 0;
+ return 0;
+ }
+ else if (keyid && fpr)
+ {
+ keyid[0] = _cdk_buftou32 (fpr + 12);
+ keyid[1] = _cdk_buftou32 (fpr + 16);
+ lowbits = keyid[1];
+ }
+ else if (fpr)
+ lowbits = _cdk_buftou32 (fpr + 16);
+ return lowbits;
+}
+
+
+/**
+ * cdk_pk_get_keyid:
+ * @pk: the public key
+ * @keyid: buffer to store the key ID
+ *
+ * Calculate the key ID of the given public key.
+ **/
+u32
+cdk_pk_get_keyid (cdk_pubkey_t pk, u32 * keyid)
+{
+ u32 lowbits = 0;
+ byte buf[24];
+
+ if (pk && (!pk->keyid[0] || !pk->keyid[1]))
+ {
+ if (pk->version < 4 && is_RSA (pk->pubkey_algo))
+ {
+ byte p[MAX_MPI_BYTES];
+ size_t n;
+
+ n = MAX_MPI_BYTES;
+ _gnutls_mpi_print (pk->mpi[0], p, &n);
+ pk->keyid[0] =
+ p[n - 8] << 24 | p[n - 7] << 16 | p[n - 6] << 8 | p[n - 5];
+ pk->keyid[1] =
+ p[n - 4] << 24 | p[n - 3] << 16 | p[n - 2] << 8 | p[n - 1];
+ }
+ else if (pk->version == 4)
+ {
+ cdk_pk_get_fingerprint (pk, buf);
+ pk->keyid[0] = _cdk_buftou32 (buf + 12);
+ pk->keyid[1] = _cdk_buftou32 (buf + 16);
+ }
+ }
+ lowbits = pk ? pk->keyid[1] : 0;
+ if (keyid && pk)
+ {
+ keyid[0] = pk->keyid[0];
+ keyid[1] = pk->keyid[1];
+ }
+
+ return lowbits;
+}
+
+
+/**
+ * cdk_sk_get_keyid:
+ * @sk: the secret key
+ * @keyid: buffer to hold the key ID
+ *
+ * Calculate the key ID of the secret key, actually the public key.
+ **/
+u32
+cdk_sk_get_keyid (cdk_pkt_seckey_t sk, u32 * keyid)
+{
+ u32 lowbits = 0;
+
+ if (sk && sk->pk)
+ {
+ lowbits = cdk_pk_get_keyid (sk->pk, keyid);
+ sk->keyid[0] = sk->pk->keyid[0];
+ sk->keyid[1] = sk->pk->keyid[1];
+ }
+
+ return lowbits;
+}
+
+
+/**
+ * cdk_sig_get_keyid:
+ * @sig: the signature
+ * @keyid: buffer to hold the key ID
+ *
+ * Retrieve the key ID from the given signature.
+ **/
+u32
+cdk_sig_get_keyid (cdk_pkt_signature_t sig, u32 * keyid)
+{
+ u32 lowbits = sig ? sig->keyid[1] : 0;
+
+ if (keyid && sig)
+ {
+ keyid[0] = sig->keyid[0];
+ keyid[1] = sig->keyid[1];
+ }
+ return lowbits;
+}
+
+
+/* Return the key ID from the given packet.
+ If this is not possible, 0 is returned */
+u32
+_cdk_pkt_get_keyid (cdk_packet_t pkt, u32 * keyid)
+{
+ u32 lowbits;
+
+ if (!pkt)
+ return 0;
+
+ switch (pkt->pkttype)
+ {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ lowbits = cdk_pk_get_keyid (pkt->pkt.public_key, keyid);
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ lowbits = cdk_sk_get_keyid (pkt->pkt.secret_key, keyid);
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ lowbits = cdk_sig_get_keyid (pkt->pkt.signature, keyid);
+ break;
+
+ default:
+ lowbits = 0;
+ break;
+ }
+
+ return lowbits;
+}
+
+
+/* Get the fingerprint of the packet if possible. */
+cdk_error_t
+_cdk_pkt_get_fingerprint (cdk_packet_t pkt, byte * fpr)
+{
+ if (!pkt || !fpr)
+ return CDK_Inv_Value;
+
+ switch (pkt->pkttype)
+ {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ return cdk_pk_get_fingerprint (pkt->pkt.public_key, fpr);
+
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ return cdk_pk_get_fingerprint (pkt->pkt.secret_key->pk, fpr);
+
+ default:
+ return CDK_Inv_Mode;
+ }
+ return 0;
+}
--- /dev/null
+/* read-packet.c - Read OpenPGP packets
+ * Copyright (C) 2001, 2002, 2003, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <string.h>
+#include <stdio.h>
+#include <time.h>
+#include <assert.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+#include "types.h"
+#include <gnutls_algorithms.h>
+
+/* The version of the MDC packet considering the lastest OpenPGP draft. */
+#define MDC_PKT_VER 1
+
+static int
+stream_read (cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+{
+ *r_nread = cdk_stream_read (s, buf, buflen);
+ return *r_nread > 0 ? 0 : _cdk_stream_get_errno (s);
+}
+
+
+/* Try to read 4 octets from the stream. */
+static u32
+read_32 (cdk_stream_t s)
+{
+ byte buf[4];
+ size_t nread;
+
+ assert (s != NULL);
+
+ stream_read (s, buf, 4, &nread);
+ if (nread != 4)
+ return (u32) - 1;
+ return buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3];
+}
+
+
+/* Try to read 2 octets from a stream. */
+static u16
+read_16 (cdk_stream_t s)
+{
+ byte buf[2];
+ size_t nread;
+
+ assert (s != NULL);
+
+ stream_read (s, buf, 2, &nread);
+ if (nread != 2)
+ return (u16) - 1;
+ return buf[0] << 8 | buf[1];
+}
+
+
+/* read about S2K at http://tools.ietf.org/html/rfc4880#section-3.7.1 */
+static cdk_error_t
+read_s2k (cdk_stream_t inp, cdk_s2k_t s2k)
+{
+ size_t nread;
+
+ s2k->mode = cdk_stream_getc (inp);
+ s2k->hash_algo = cdk_stream_getc (inp);
+ if (s2k->mode == CDK_S2K_SIMPLE)
+ return 0;
+ else if (s2k->mode == CDK_S2K_SALTED || s2k->mode == CDK_S2K_ITERSALTED)
+ {
+ if (stream_read (inp, s2k->salt, DIM (s2k->salt), &nread))
+ return CDK_Inv_Packet;
+ if (nread != DIM (s2k->salt))
+ return CDK_Inv_Packet;
+
+ if (s2k->mode == CDK_S2K_ITERSALTED)
+ s2k->count = cdk_stream_getc (inp);
+ }
+ else if (s2k->mode == CDK_S2K_GNU_EXT)
+ {
+ /* GNU extensions to the S2K : read DETAILS from gnupg */
+ return 0;
+ }
+ else
+ return CDK_Not_Implemented;
+
+ return 0;
+}
+
+
+static cdk_error_t
+read_mpi (cdk_stream_t inp, bigint_t * ret_m, int secure)
+{
+ bigint_t m;
+ int err;
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nread, nbits;
+ cdk_error_t rc;
+
+ if (!inp || !ret_m)
+ return CDK_Inv_Value;
+
+ *ret_m = NULL;
+ nbits = read_16 (inp);
+ nread = (nbits + 7) / 8;
+
+ if (nbits > MAX_MPI_BITS || nbits == 0)
+ {
+ _gnutls_write_log ("read_mpi: too large %d bits\n", (int) nbits);
+ return CDK_MPI_Error; /* Sanity check */
+ }
+
+ rc = stream_read (inp, buf + 2, nread, &nread);
+ if (!rc && nread != ((nbits + 7) / 8))
+ {
+ _gnutls_write_log ("read_mpi: too short %d < %d\n", (int) nread,
+ (int) ((nbits + 7) / 8));
+ return CDK_MPI_Error;
+ }
+
+ buf[0] = nbits >> 8;
+ buf[1] = nbits >> 0;
+ nread += 2;
+ err = _gnutls_mpi_scan_pgp (&m, buf, nread);
+ if (err < 0)
+ return map_gnutls_error (err);
+
+ *ret_m = m;
+ return rc;
+}
+
+
+/* Read the encoded packet length directly from the file
+ object INP and return it. Reset RET_PARTIAL if this is
+ the last packet in block mode. */
+size_t
+_cdk_pkt_read_len (FILE * inp, size_t * ret_partial)
+{
+ int c1, c2;
+ size_t pktlen;
+
+ c1 = fgetc (inp);
+ if (c1 == EOF)
+ return (size_t) EOF;
+ if (c1 < 224 || c1 == 255)
+ *ret_partial = 0; /* End of partial data */
+ if (c1 < 192)
+ pktlen = c1;
+ else if (c1 >= 192 && c1 <= 223)
+ {
+ c2 = fgetc (inp);
+ if (c2 == EOF)
+ return (size_t) EOF;
+ pktlen = ((c1 - 192) << 8) + c2 + 192;
+ }
+ else if (c1 == 255)
+ {
+ pktlen = fgetc (inp) << 24;
+ pktlen |= fgetc (inp) << 16;
+ pktlen |= fgetc (inp) << 8;
+ pktlen |= fgetc (inp) << 0;
+ }
+ else
+ pktlen = 1 << (c1 & 0x1f);
+ return pktlen;
+}
+
+
+static cdk_error_t
+read_pubkey_enc (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_enc_t pke)
+{
+ size_t i, nenc;
+
+ if (!inp || !pke)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_pubkey_enc: %d octets\n", (int) pktlen);
+
+ if (pktlen < 12)
+ return CDK_Inv_Packet;
+ pke->version = cdk_stream_getc (inp);
+ if (pke->version < 2 || pke->version > 3)
+ return CDK_Inv_Packet;
+ pke->keyid[0] = read_32 (inp);
+ pke->keyid[1] = read_32 (inp);
+ if (!pke->keyid[0] && !pke->keyid[1])
+ pke->throw_keyid = 1; /* RFC2440 "speculative" keyID */
+ pke->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
+ nenc = cdk_pk_get_nenc (pke->pubkey_algo);
+ if (!nenc)
+ return CDK_Inv_Algo;
+ for (i = 0; i < nenc; i++)
+ {
+ cdk_error_t rc = read_mpi (inp, &pke->mpi[i], 0);
+ if (rc)
+ return rc;
+ }
+
+ return 0;
+}
+
+
+
+static cdk_error_t
+read_mdc (cdk_stream_t inp, cdk_pkt_mdc_t mdc)
+{
+ size_t n;
+ cdk_error_t rc;
+
+ if (!inp || !mdc)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_mdc:\n");
+
+ rc = stream_read (inp, mdc->hash, DIM (mdc->hash), &n);
+ if (rc)
+ return rc;
+
+ return n != DIM (mdc->hash) ? CDK_Inv_Packet : 0;
+}
+
+
+static cdk_error_t
+read_compressed (cdk_stream_t inp, size_t pktlen, cdk_pkt_compressed_t c)
+{
+ if (!inp || !c)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_compressed: %d octets\n", (int) pktlen);
+
+ c->algorithm = cdk_stream_getc (inp);
+ if (c->algorithm > 3)
+ return CDK_Inv_Packet;
+
+ /* don't know the size, so we read until EOF */
+ if (!pktlen)
+ {
+ c->len = 0;
+ c->buf = inp;
+ }
+
+ /* FIXME: Support partial bodies. */
+ return 0;
+}
+
+
+static cdk_error_t
+read_public_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
+{
+ size_t i, ndays, npkey;
+
+ if (!inp || !pk)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_public_key: %d octets\n", (int) pktlen);
+
+ pk->is_invalid = 1; /* default to detect missing self signatures */
+ pk->is_revoked = 0;
+ pk->has_expired = 0;
+
+ pk->version = cdk_stream_getc (inp);
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet_Ver;
+ pk->timestamp = read_32 (inp);
+ if (pk->version < 4)
+ {
+ ndays = read_16 (inp);
+ if (ndays)
+ pk->expiredate = pk->timestamp + ndays * 86400L;
+ }
+
+ pk->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
+ npkey = cdk_pk_get_npkey (pk->pubkey_algo);
+ if (!npkey)
+ {
+ gnutls_assert ();
+ _gnutls_write_log ("invalid public key algorithm %d\n",
+ pk->pubkey_algo);
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < npkey; i++)
+ {
+ cdk_error_t rc = read_mpi (inp, &pk->mpi[i], 0);
+ if (rc)
+ return rc;
+ }
+
+ /* This value is just for the first run and will be
+ replaced with the actual key flags from the self signature. */
+ pk->pubkey_usage = 0;
+ return 0;
+}
+
+
+static cdk_error_t
+read_public_subkey (cdk_stream_t inp, size_t pktlen, cdk_pkt_pubkey_t pk)
+{
+ if (!inp || !pk)
+ return CDK_Inv_Value;
+ return read_public_key (inp, pktlen, pk);
+}
+
+static cdk_error_t
+read_secret_key (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
+{
+ size_t p1, p2, nread;
+ int i, nskey;
+ int rc;
+
+ if (!inp || !sk || !sk->pk)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_secret_key: %d octets\n", (int) pktlen);
+
+ p1 = cdk_stream_tell (inp);
+ rc = read_public_key (inp, pktlen, sk->pk);
+ if (rc)
+ return rc;
+
+ sk->s2k_usage = cdk_stream_getc (inp);
+ sk->protect.sha1chk = 0;
+ if (sk->s2k_usage == 254 || sk->s2k_usage == 255)
+ {
+ sk->protect.sha1chk = (sk->s2k_usage == 254);
+ sk->protect.algo = _pgp_cipher_to_gnutls (cdk_stream_getc (inp));
+ sk->protect.s2k = cdk_calloc (1, sizeof *sk->protect.s2k);
+ if (!sk->protect.s2k)
+ return CDK_Out_Of_Core;
+ rc = read_s2k (inp, sk->protect.s2k);
+ if (rc)
+ return rc;
+ /* refer to --export-secret-subkeys in gpg(1) */
+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
+ sk->protect.ivlen = 0;
+ else
+ {
+ sk->protect.ivlen = gnutls_cipher_get_block_size (sk->protect.algo);
+ if (!sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ rc = stream_read (inp, sk->protect.iv, sk->protect.ivlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != sk->protect.ivlen)
+ return CDK_Inv_Packet;
+ }
+ }
+ else
+ sk->protect.algo = _pgp_cipher_to_gnutls (sk->s2k_usage);
+ if (sk->protect.algo == GNUTLS_CIPHER_NULL)
+ {
+ sk->csum = 0;
+ nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
+ if (!nskey)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < nskey; i++)
+ {
+ rc = read_mpi (inp, &sk->mpi[i], 1);
+ if (rc)
+ return rc;
+ }
+ sk->csum = read_16 (inp);
+ sk->is_protected = 0;
+ }
+ else if (sk->pk->version < 4)
+ {
+ /* The length of each multiprecision integer is stored in plaintext. */
+ nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
+ if (!nskey)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Algo;
+ }
+ for (i = 0; i < nskey; i++)
+ {
+ rc = read_mpi (inp, &sk->mpi[i], 1);
+ if (rc)
+ return rc;
+ }
+ sk->csum = read_16 (inp);
+ sk->is_protected = 1;
+ }
+ else
+ {
+ /* We need to read the rest of the packet because we do not
+ have any information how long the encrypted mpi's are */
+ p2 = cdk_stream_tell (inp);
+ p2 -= p1;
+ sk->enclen = pktlen - p2;
+ if (sk->enclen < 2)
+ return CDK_Inv_Packet; /* at least 16 bits for the checksum! */
+ sk->encdata = cdk_calloc (1, sk->enclen + 1);
+ if (!sk->encdata)
+ return CDK_Out_Of_Core;
+ if (stream_read (inp, sk->encdata, sk->enclen, &nread))
+ return CDK_Inv_Packet;
+ /* Handle the GNU S2K extensions we know (just gnu-dummy right now): */
+ if (sk->protect.s2k->mode == CDK_S2K_GNU_EXT)
+ {
+ unsigned char gnumode;
+ if ((sk->enclen < strlen ("GNU") + 1) ||
+ (0 != memcmp ("GNU", sk->encdata, strlen ("GNU"))))
+ return CDK_Inv_Packet;
+ gnumode = sk->encdata[strlen ("GNU")];
+ /* we only handle gnu-dummy (mode 1).
+ mode 2 should refer to external smart cards.
+ */
+ if (gnumode != 1)
+ return CDK_Inv_Packet;
+ /* gnu-dummy should have no more data */
+ if (sk->enclen != strlen ("GNU") + 1)
+ return CDK_Inv_Packet;
+ }
+ nskey = cdk_pk_get_nskey (sk->pk->pubkey_algo);
+ if (!nskey)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Algo;
+ }
+ /* We mark each MPI entry with NULL to indicate a protected key. */
+ for (i = 0; i < nskey; i++)
+ sk->mpi[i] = NULL;
+ sk->is_protected = 1;
+ }
+
+ sk->is_primary = 1;
+ _cdk_copy_pk_to_sk (sk->pk, sk);
+ return 0;
+}
+
+
+static cdk_error_t
+read_secret_subkey (cdk_stream_t inp, size_t pktlen, cdk_pkt_seckey_t sk)
+{
+ cdk_error_t rc;
+
+ if (!inp || !sk || !sk->pk)
+ return CDK_Inv_Value;
+
+ rc = read_secret_key (inp, pktlen, sk);
+ sk->is_primary = 0;
+ return rc;
+}
+
+
+static cdk_error_t
+read_attribute (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t attr)
+{
+ const byte *p;
+ byte *buf;
+ size_t len, nread;
+ cdk_error_t rc;
+
+ if (!inp || !attr || !pktlen)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_attribute: %d octets\n", (int) pktlen);
+
+ strcpy (attr->name, "[attribute]");
+ attr->len = strlen (attr->name);
+ buf = cdk_calloc (1, pktlen);
+ if (!buf)
+ return CDK_Out_Of_Core;
+ rc = stream_read (inp, buf, pktlen, &nread);
+ if (rc)
+ {
+ cdk_free (buf);
+ return CDK_Inv_Packet;
+ }
+ p = buf;
+ len = *p++;
+ pktlen--;
+ if (len == 255)
+ {
+ len = _cdk_buftou32 (p);
+ p += 4;
+ pktlen -= 4;
+ }
+ else if (len >= 192)
+ {
+ if (pktlen < 2)
+ {
+ cdk_free (buf);
+ return CDK_Inv_Packet;
+ }
+ len = ((len - 192) << 8) + *p + 192;
+ p++;
+ pktlen--;
+ }
+
+ if (*p != 1) /* Currently only 1, meaning an image, is defined. */
+ {
+ cdk_free (buf);
+ return CDK_Inv_Packet;
+ }
+ p++;
+ len--;
+
+ if (pktlen - (len + 1) > 0)
+ return CDK_Inv_Packet;
+ attr->attrib_img = cdk_calloc (1, len);
+ if (!attr->attrib_img)
+ {
+ cdk_free (buf);
+ return CDK_Out_Of_Core;
+ }
+ attr->attrib_len = len;
+ memcpy (attr->attrib_img, p, len);
+ cdk_free (buf);
+ return rc;
+}
+
+
+static cdk_error_t
+read_user_id (cdk_stream_t inp, size_t pktlen, cdk_pkt_userid_t user_id)
+{
+ size_t nread;
+ cdk_error_t rc;
+
+ if (!inp || !user_id)
+ return CDK_Inv_Value;
+ if (!pktlen)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_user_id: %lu octets\n", pktlen);
+
+ user_id->len = pktlen;
+ rc = stream_read (inp, user_id->name, pktlen, &nread);
+ if (rc)
+ return rc;
+ if (nread != pktlen)
+ return CDK_Inv_Packet;
+ user_id->name[nread] = '\0';
+ return rc;
+}
+
+
+static cdk_error_t
+read_subpkt (cdk_stream_t inp, cdk_subpkt_t * r_ctx, size_t * r_nbytes)
+{
+ byte c, c1;
+ size_t size, nread, n;
+ cdk_subpkt_t node;
+ cdk_error_t rc;
+
+ if (!inp || !r_nbytes)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_subpkt:\n");
+
+ n = 0;
+ *r_nbytes = 0;
+ c = cdk_stream_getc (inp);
+ n++;
+ if (c == 255)
+ {
+ size = read_32 (inp);
+ n += 4;
+ }
+ else if (c >= 192 && c < 255)
+ {
+ c1 = cdk_stream_getc (inp);
+ n++;
+ if (c1 == 0)
+ return 0;
+ size = ((c - 192) << 8) + c1 + 192;
+ }
+ else if (c < 192)
+ size = c;
+ else
+ return CDK_Inv_Packet;
+
+ node = cdk_subpkt_new (size);
+ if (!node)
+ return CDK_Out_Of_Core;
+ node->size = size;
+ node->type = cdk_stream_getc (inp);
+ if (DEBUG_PKT)
+ _gnutls_write_log (" %d octets %d type\n", node->size, node->type);
+ n++;
+ node->size--;
+ rc = stream_read (inp, node->d, node->size, &nread);
+ n += nread;
+ if (rc)
+ return rc;
+ *r_nbytes = n;
+ if (!*r_ctx)
+ *r_ctx = node;
+ else
+ cdk_subpkt_add (*r_ctx, node);
+ return rc;
+}
+
+
+static cdk_error_t
+read_onepass_sig (cdk_stream_t inp, size_t pktlen, cdk_pkt_onepass_sig_t sig)
+{
+ if (!inp || !sig)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_onepass_sig: %d octets\n", (int) pktlen);
+
+ if (pktlen != 13)
+ return CDK_Inv_Packet;
+ sig->version = cdk_stream_getc (inp);
+ if (sig->version != 3)
+ return CDK_Inv_Packet_Ver;
+ sig->sig_class = cdk_stream_getc (inp);
+ sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
+ sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
+ sig->keyid[0] = read_32 (inp);
+ sig->keyid[1] = read_32 (inp);
+ sig->last = cdk_stream_getc (inp);
+ return 0;
+}
+
+
+static cdk_error_t
+parse_sig_subpackets (cdk_pkt_signature_t sig)
+{
+ cdk_subpkt_t node;
+
+ /* Setup the standard packet entries, so we can use V4
+ signatures similar to V3. */
+ for (node = sig->unhashed; node; node = node->next)
+ {
+ if (node->type == CDK_SIGSUBPKT_ISSUER && node->size >= 8)
+ {
+ sig->keyid[0] = _cdk_buftou32 (node->d);
+ sig->keyid[1] = _cdk_buftou32 (node->d + 4);
+ }
+ else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
+ {
+ /* Sometimes this packet might be placed in the unhashed area */
+ sig->flags.exportable = 0;
+ }
+ }
+ for (node = sig->hashed; node; node = node->next)
+ {
+ if (node->type == CDK_SIGSUBPKT_SIG_CREATED && node->size >= 4)
+ sig->timestamp = _cdk_buftou32 (node->d);
+ else if (node->type == CDK_SIGSUBPKT_SIG_EXPIRE && node->size >= 4)
+ {
+ sig->expiredate = _cdk_buftou32 (node->d);
+ if (sig->expiredate > 0 && sig->expiredate < (u32) time (NULL))
+ sig->flags.expired = 1;
+ }
+ else if (node->type == CDK_SIGSUBPKT_POLICY)
+ sig->flags.policy_url = 1;
+ else if (node->type == CDK_SIGSUBPKT_NOTATION)
+ sig->flags.notation = 1;
+ else if (node->type == CDK_SIGSUBPKT_REVOCABLE && node->d[0] == 0)
+ sig->flags.revocable = 0;
+ else if (node->type == CDK_SIGSUBPKT_EXPORTABLE && node->d[0] == 0)
+ sig->flags.exportable = 0;
+ }
+ if (sig->sig_class == 0x1F)
+ {
+ cdk_desig_revoker_t r, rnode;
+
+ for (node = sig->hashed; node; node = node->next)
+ {
+ if (node->type == CDK_SIGSUBPKT_REV_KEY)
+ {
+ if (node->size < 22)
+ continue;
+ rnode = cdk_calloc (1, sizeof *rnode);
+ if (!rnode)
+ return CDK_Out_Of_Core;
+ rnode->r_class = node->d[0];
+ rnode->algid = node->d[1];
+ memcpy (rnode->fpr, node->d + 2, KEY_FPR_LEN);
+ if (!sig->revkeys)
+ sig->revkeys = rnode;
+ else
+ {
+ for (r = sig->revkeys; r->next; r = r->next)
+ ;
+ r->next = rnode;
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+static cdk_error_t
+read_signature (cdk_stream_t inp, size_t pktlen, cdk_pkt_signature_t sig)
+{
+ size_t nbytes;
+ size_t i, size, nsig;
+ cdk_error_t rc;
+
+ if (!inp || !sig)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_signature: %d octets\n", (int) pktlen);
+
+ if (pktlen < 16)
+ return CDK_Inv_Packet;
+ sig->version = cdk_stream_getc (inp);
+ if (sig->version < 2 || sig->version > 4)
+ return CDK_Inv_Packet_Ver;
+
+ sig->flags.exportable = 1;
+ sig->flags.revocable = 1;
+
+ if (sig->version < 4)
+ {
+ if (cdk_stream_getc (inp) != 5)
+ return CDK_Inv_Packet;
+ sig->sig_class = cdk_stream_getc (inp);
+ sig->timestamp = read_32 (inp);
+ sig->keyid[0] = read_32 (inp);
+ sig->keyid[1] = read_32 (inp);
+ sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
+ sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
+ sig->digest_start[0] = cdk_stream_getc (inp);
+ sig->digest_start[1] = cdk_stream_getc (inp);
+ nsig = cdk_pk_get_nsig (sig->pubkey_algo);
+ if (!nsig)
+ return CDK_Inv_Algo;
+ for (i = 0; i < nsig; i++)
+ {
+ rc = read_mpi (inp, &sig->mpi[i], 0);
+ if (rc)
+ return rc;
+ }
+ }
+ else
+ {
+ sig->sig_class = cdk_stream_getc (inp);
+ sig->pubkey_algo = _pgp_pub_algo_to_cdk (cdk_stream_getc (inp));
+ sig->digest_algo = _pgp_hash_algo_to_gnutls (cdk_stream_getc (inp));
+ sig->hashed_size = read_16 (inp);
+ size = sig->hashed_size;
+ sig->hashed = NULL;
+ while (size > 0)
+ {
+ rc = read_subpkt (inp, &sig->hashed, &nbytes);
+ if (rc)
+ return rc;
+ size -= nbytes;
+ }
+ sig->unhashed_size = read_16 (inp);
+ size = sig->unhashed_size;
+ sig->unhashed = NULL;
+ while (size > 0)
+ {
+ rc = read_subpkt (inp, &sig->unhashed, &nbytes);
+ if (rc)
+ return rc;
+ size -= nbytes;
+ }
+
+ rc = parse_sig_subpackets (sig);
+ if (rc)
+ return rc;
+
+ sig->digest_start[0] = cdk_stream_getc (inp);
+ sig->digest_start[1] = cdk_stream_getc (inp);
+ nsig = cdk_pk_get_nsig (sig->pubkey_algo);
+ if (!nsig)
+ return CDK_Inv_Algo;
+ for (i = 0; i < nsig; i++)
+ {
+ rc = read_mpi (inp, &sig->mpi[i], 0);
+ if (rc)
+ return rc;
+ }
+ }
+
+ return 0;
+}
+
+
+static cdk_error_t
+read_literal (cdk_stream_t inp, size_t pktlen,
+ cdk_pkt_literal_t * ret_pt, int is_partial)
+{
+ cdk_pkt_literal_t pt = *ret_pt;
+ size_t nread;
+ cdk_error_t rc;
+
+ if (!inp || !pt)
+ return CDK_Inv_Value;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("read_literal: %d octets\n", (int) pktlen);
+
+ pt->mode = cdk_stream_getc (inp);
+ if (pt->mode != 0x62 && pt->mode != 0x74 && pt->mode != 0x75)
+ return CDK_Inv_Packet;
+ if (cdk_stream_eof (inp))
+ return CDK_Inv_Packet;
+
+ pt->namelen = cdk_stream_getc (inp);
+ if (pt->namelen > 0)
+ {
+ *ret_pt = pt = cdk_realloc (pt, sizeof *pt + pt->namelen + 2);
+ if (!pt)
+ return CDK_Out_Of_Core;
+ pt->name = (char *) pt + sizeof (*pt);
+ rc = stream_read (inp, pt->name, pt->namelen, &nread);
+ if (rc)
+ return rc;
+ if ((int) nread != pt->namelen)
+ return CDK_Inv_Packet;
+ pt->name[pt->namelen] = '\0';
+ }
+ pt->timestamp = read_32 (inp);
+ pktlen = pktlen - 6 - pt->namelen;
+ if (is_partial)
+ _cdk_stream_set_blockmode (inp, pktlen);
+ pt->buf = inp;
+ pt->len = pktlen;
+ return 0;
+}
+
+
+/* Read an old packet CTB and return the length of the body. */
+static void
+read_old_length (cdk_stream_t inp, int ctb, size_t * r_len, size_t * r_size)
+{
+ int llen = ctb & 0x03;
+
+ if (llen == 0)
+ {
+ *r_len = cdk_stream_getc (inp);
+ (*r_size)++;
+ }
+ else if (llen == 1)
+ {
+ *r_len = read_16 (inp);
+ (*r_size) += 2;
+ }
+ else if (llen == 2)
+ {
+ *r_len = read_32 (inp);
+ (*r_size) += 4;
+ }
+ else
+ {
+ *r_len = 0;
+ *r_size = 0;
+ }
+}
+
+
+/* Read a new CTB and decode the body length. */
+static void
+read_new_length (cdk_stream_t inp,
+ size_t * r_len, size_t * r_size, size_t * r_partial)
+{
+ int c, c1;
+
+ c = cdk_stream_getc (inp);
+ (*r_size)++;
+ if (c < 192)
+ *r_len = c;
+ else if (c >= 192 && c <= 223)
+ {
+ c1 = cdk_stream_getc (inp);
+ (*r_size)++;
+ *r_len = ((c - 192) << 8) + c1 + 192;
+ }
+ else if (c == 255)
+ {
+ *r_len = read_32 (inp);
+ (*r_size) += 4;
+ }
+ else
+ {
+ *r_len = 1 << (c & 0x1f);
+ *r_partial = 1;
+ }
+}
+
+
+/* Skip the current packet body. */
+static void
+skip_packet (cdk_stream_t inp, size_t pktlen)
+{
+ byte buf[BUFSIZE];
+ size_t nread, buflen = DIM (buf);
+
+ while (pktlen > 0)
+ {
+ stream_read (inp, buf, pktlen > buflen ? buflen : pktlen, &nread);
+ pktlen -= nread;
+ }
+
+ assert (pktlen == 0);
+}
+
+
+/**
+ * cdk_pkt_read:
+ * @inp: the input stream
+ * @pkt: allocated packet handle to store the packet
+ *
+ * Parse the next packet on the @inp stream and return its contents in @pkt.
+ **/
+cdk_error_t
+cdk_pkt_read (cdk_stream_t inp, cdk_packet_t pkt)
+{
+ int ctb, is_newctb;
+ int pkttype;
+ size_t pktlen = 0, pktsize = 0, is_partial = 0;
+ cdk_error_t rc;
+
+ if (!inp || !pkt)
+ return CDK_Inv_Value;
+
+ ctb = cdk_stream_getc (inp);
+ if (cdk_stream_eof (inp) || ctb == EOF)
+ return CDK_EOF;
+ else if (!ctb)
+ return CDK_Inv_Packet;
+
+ pktsize++;
+ if (!(ctb & 0x80))
+ {
+ _cdk_log_info ("cdk_pkt_read: no openpgp data found. "
+ "(ctb=%02X; fpos=%02X)\n", (int) ctb,
+ (int) cdk_stream_tell (inp));
+ return CDK_Inv_Packet;
+ }
+
+ if (ctb & 0x40) /* RFC2440 packet format. */
+ {
+ pkttype = ctb & 0x3f;
+ is_newctb = 1;
+ }
+ else /* the old RFC1991 packet format. */
+ {
+ pkttype = ctb & 0x3f;
+ pkttype >>= 2;
+ is_newctb = 0;
+ }
+
+ if (pkttype > 63)
+ {
+ _cdk_log_info ("cdk_pkt_read: unknown type %d\n", pkttype);
+ return CDK_Inv_Packet;
+ }
+
+ if (is_newctb)
+ read_new_length (inp, &pktlen, &pktsize, &is_partial);
+ else
+ read_old_length (inp, ctb, &pktlen, &pktsize);
+
+ pkt->pkttype = pkttype;
+ pkt->pktlen = pktlen;
+ pkt->pktsize = pktsize + pktlen;
+ pkt->old_ctb = is_newctb ? 0 : 1;
+
+ rc = 0;
+ switch (pkt->pkttype)
+ {
+ case CDK_PKT_ATTRIBUTE:
+ pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
+ + pkt->pktlen + 16 + 1);
+ if (!pkt->pkt.user_id)
+ return CDK_Out_Of_Core;
+ pkt->pkt.user_id->name =
+ (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
+
+ rc = read_attribute (inp, pktlen, pkt->pkt.user_id);
+ pkt->pkttype = CDK_PKT_ATTRIBUTE;
+ break;
+
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = cdk_calloc (1, sizeof *pkt->pkt.user_id
+ + pkt->pktlen + 1);
+ if (!pkt->pkt.user_id)
+ return CDK_Out_Of_Core;
+ pkt->pkt.user_id->name =
+ (char *) pkt->pkt.user_id + sizeof (*pkt->pkt.user_id);
+ rc = read_user_id (inp, pktlen, pkt->pkt.user_id);
+ break;
+
+ case CDK_PKT_PUBLIC_KEY:
+ pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return CDK_Out_Of_Core;
+ rc = read_public_key (inp, pktlen, pkt->pkt.public_key);
+ break;
+
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key = cdk_calloc (1, sizeof *pkt->pkt.public_key);
+ if (!pkt->pkt.public_key)
+ return CDK_Out_Of_Core;
+ rc = read_public_subkey (inp, pktlen, pkt->pkt.public_key);
+ break;
+
+ case CDK_PKT_SECRET_KEY:
+ pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+ return CDK_Out_Of_Core;
+ pkt->pkt.secret_key->pk = cdk_calloc (1,
+ sizeof *pkt->pkt.secret_key->pk);
+ if (!pkt->pkt.secret_key->pk)
+ return CDK_Out_Of_Core;
+ rc = read_secret_key (inp, pktlen, pkt->pkt.secret_key);
+ break;
+
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key = cdk_calloc (1, sizeof *pkt->pkt.secret_key);
+ if (!pkt->pkt.secret_key)
+ return CDK_Out_Of_Core;
+ pkt->pkt.secret_key->pk = cdk_calloc (1,
+ sizeof *pkt->pkt.secret_key->pk);
+ if (!pkt->pkt.secret_key->pk)
+ return CDK_Out_Of_Core;
+ rc = read_secret_subkey (inp, pktlen, pkt->pkt.secret_key);
+ break;
+
+ case CDK_PKT_LITERAL:
+ pkt->pkt.literal = cdk_calloc (1, sizeof *pkt->pkt.literal);
+ if (!pkt->pkt.literal)
+ return CDK_Out_Of_Core;
+ rc = read_literal (inp, pktlen, &pkt->pkt.literal, is_partial);
+ break;
+
+ case CDK_PKT_ONEPASS_SIG:
+ pkt->pkt.onepass_sig = cdk_calloc (1, sizeof *pkt->pkt.onepass_sig);
+ if (!pkt->pkt.onepass_sig)
+ return CDK_Out_Of_Core;
+ rc = read_onepass_sig (inp, pktlen, pkt->pkt.onepass_sig);
+ break;
+
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature = cdk_calloc (1, sizeof *pkt->pkt.signature);
+ if (!pkt->pkt.signature)
+ return CDK_Out_Of_Core;
+ rc = read_signature (inp, pktlen, pkt->pkt.signature);
+ break;
+
+ case CDK_PKT_PUBKEY_ENC:
+ pkt->pkt.pubkey_enc = cdk_calloc (1, sizeof *pkt->pkt.pubkey_enc);
+ if (!pkt->pkt.pubkey_enc)
+ return CDK_Out_Of_Core;
+ rc = read_pubkey_enc (inp, pktlen, pkt->pkt.pubkey_enc);
+ break;
+
+ case CDK_PKT_COMPRESSED:
+ pkt->pkt.compressed = cdk_calloc (1, sizeof *pkt->pkt.compressed);
+ if (!pkt->pkt.compressed)
+ return CDK_Out_Of_Core;
+ rc = read_compressed (inp, pktlen, pkt->pkt.compressed);
+ break;
+
+ case CDK_PKT_MDC:
+ pkt->pkt.mdc = cdk_calloc (1, sizeof *pkt->pkt.mdc);
+ if (!pkt->pkt.mdc)
+ return CDK_Out_Of_Core;
+ rc = read_mdc (inp, pkt->pkt.mdc);
+ break;
+
+ default:
+ /* Skip all packets we don't understand */
+ skip_packet (inp, pktlen);
+ break;
+ }
+
+ return rc;
+}
--- /dev/null
+/* seskey.c - Session key routines
+ * Copyright (C) 1998, 1999, 2000, 2002, 2003, 2007, 2008, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+
+
+/* We encode the MD in this way:
+ *
+ * 0 1 PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes)
+ *
+ * PAD consists of FF bytes.
+ */
+static cdk_error_t
+do_encode_md (byte ** r_frame, size_t * r_flen, const byte * md, int algo,
+ size_t len, unsigned nbits, const byte * asn, size_t asnlen)
+{
+ byte *frame = NULL;
+ size_t nframe = (nbits + 7) / 8;
+ ssize_t i;
+ size_t n = 0;
+
+ if (!asn || !md || !r_frame || !r_flen)
+ return CDK_Inv_Value;
+
+ if (len + asnlen + 4 > nframe)
+ return CDK_General_Error;
+
+ frame = cdk_calloc (1, nframe);
+ if (!frame)
+ return CDK_Out_Of_Core;
+ frame[n++] = 0;
+ frame[n++] = 1;
+ i = nframe - len - asnlen - 3;
+ if (i < 0)
+ {
+ cdk_free (frame);
+ return CDK_Inv_Value;
+ }
+ memset (frame + n, 0xFF, i);
+ n += i;
+ frame[n++] = 0;
+ memcpy (frame + n, asn, asnlen);
+ n += asnlen;
+ memcpy (frame + n, md, len);
+ n += len;
+ if (n != nframe)
+ {
+ cdk_free (frame);
+ return CDK_Inv_Value;
+ }
+ *r_frame = frame;
+ *r_flen = n;
+ return 0;
+}
+
+static const byte md5_asn[18] = /* Object ID is 1.2.840.113549.2.5 */
+{ 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48,
+ 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10
+};
+
+static const byte sha1_asn[15] = /* Object ID is 1.3.14.3.2.26 */
+{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03,
+ 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14
+};
+
+static const byte sha224_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.4 */
+{ 0x30, 0x2D, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48,
+ 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, 0x05, 0x00, 0x04,
+ 0x1C
+};
+
+static const byte sha256_asn[19] = /* Object ID is 2.16.840.1.101.3.4.2.1 */
+{ 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+ 0x00, 0x04, 0x20
+};
+
+static const byte sha512_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.3 */
+{
+ 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, 0x05,
+ 0x00, 0x04, 0x40
+};
+
+static const byte sha384_asn[] = /* Object ID is 2.16.840.1.101.3.4.2.2 */
+{
+ 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
+ 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, 0x05,
+ 0x00, 0x04, 0x30
+};
+
+static const byte rmd160_asn[15] = /* Object ID is 1.3.36.3.2.1 */
+{ 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x24, 0x03,
+ 0x02, 0x01, 0x05, 0x00, 0x04, 0x14
+};
+
+static int
+_gnutls_get_digest_oid (gnutls_digest_algorithm_t algo, const byte ** data)
+{
+ switch (algo)
+ {
+ case GNUTLS_DIG_MD5:
+ *data = md5_asn;
+ return sizeof (md5_asn);
+ case GNUTLS_DIG_SHA1:
+ *data = sha1_asn;
+ return sizeof (sha1_asn);
+ case GNUTLS_DIG_RMD160:
+ *data = rmd160_asn;
+ return sizeof (rmd160_asn);
+ case GNUTLS_DIG_SHA256:
+ *data = sha256_asn;
+ return sizeof (sha256_asn);
+ case GNUTLS_DIG_SHA384:
+ *data = sha384_asn;
+ return sizeof (sha384_asn);
+ case GNUTLS_DIG_SHA512:
+ *data = sha512_asn;
+ return sizeof (sha512_asn);
+ case GNUTLS_DIG_SHA224:
+ *data = sha224_asn;
+ return sizeof (sha224_asn);
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+}
+
+
+/* Encode the given digest into a pkcs#1 compatible format. */
+cdk_error_t
+_cdk_digest_encode_pkcs1 (byte ** r_md, size_t * r_mdlen, int pk_algo,
+ const byte * md, int digest_algo, unsigned nbits)
+{
+ size_t dlen;
+
+ if (!md || !r_md || !r_mdlen)
+ return CDK_Inv_Value;
+
+ dlen = _gnutls_hash_get_algo_len (digest_algo);
+ if (dlen <= 0)
+ return CDK_Inv_Algo;
+ if (is_DSA (pk_algo))
+ { /* DSS does not use a special encoding. */
+ *r_md = cdk_malloc (dlen + 1);
+ if (!*r_md)
+ return CDK_Out_Of_Core;
+ *r_mdlen = dlen;
+ memcpy (*r_md, md, dlen);
+ return 0;
+ }
+ else
+ {
+ const byte *asn;
+ int asnlen;
+ cdk_error_t rc;
+
+ asnlen = _gnutls_get_digest_oid (digest_algo, &asn);
+ if (asnlen < 0)
+ return asnlen;
+
+ rc = do_encode_md (r_md, r_mdlen, md, digest_algo, dlen,
+ nbits, asn, asnlen);
+ return rc;
+ }
+ return 0;
+}
+
+
+/**
+ * cdk_s2k_new:
+ * @ret_s2k: output for the new S2K object
+ * @mode: the S2K mode (simple, salted, iter+salted)
+ * @digest_algo: the hash algorithm
+ * @salt: random salt
+ *
+ * Create a new S2K object with the given parameter.
+ * The @salt parameter must be always 8 octets.
+ **/
+cdk_error_t
+cdk_s2k_new (cdk_s2k_t * ret_s2k, int mode, int digest_algo,
+ const byte * salt)
+{
+ cdk_s2k_t s2k;
+
+ if (!ret_s2k)
+ return CDK_Inv_Value;
+
+ if (mode != 0x00 && mode != 0x01 && mode != 0x03)
+ return CDK_Inv_Mode;
+
+ if (_gnutls_hash_get_algo_len (digest_algo) <= 0)
+ return CDK_Inv_Algo;
+
+ s2k = cdk_calloc (1, sizeof *s2k);
+ if (!s2k)
+ return CDK_Out_Of_Core;
+ s2k->mode = mode;
+ s2k->hash_algo = digest_algo;
+ if (salt)
+ memcpy (s2k->salt, salt, 8);
+ *ret_s2k = s2k;
+ return 0;
+}
+
+
+/**
+ * cdk_s2k_free:
+ * @s2k: the S2K object
+ *
+ * Release the given S2K object.
+ **/
+void
+cdk_s2k_free (cdk_s2k_t s2k)
+{
+ cdk_free (s2k);
+}
+
+
+/* Make a copy of the source s2k into R_DST. */
+cdk_error_t
+_cdk_s2k_copy (cdk_s2k_t * r_dst, cdk_s2k_t src)
+{
+ cdk_s2k_t dst;
+ cdk_error_t err;
+
+ err = cdk_s2k_new (&dst, src->mode, src->hash_algo, src->salt);
+ if (err)
+ return err;
+ dst->count = src->count;
+ *r_dst = dst;
+
+ return 0;
+}
--- /dev/null
+/* sig-check.c - Check signatures
+ * Copyright (C) 1998, 1999, 2000, 2001, 2002, 2003, 2007, 2008, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <time.h>
+#include <assert.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "packet.h"
+
+/* Hash all multi precision integers of the key PK with the given
+ message digest context MD. */
+static int
+hash_mpibuf (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+{
+ byte buf[MAX_MPI_BYTES]; /* FIXME: do not use hardcoded length. */
+ size_t nbytes;
+ size_t i, npkey;
+ int err;
+
+ /* We have to differ between two modes for v3 keys. To form the
+ fingerprint, we hash the MPI values without the length prefix.
+ But if we calculate the hash for verifying/signing we use all data. */
+ npkey = cdk_pk_get_npkey (pk->pubkey_algo);
+ for (i = 0; i < npkey; i++)
+ {
+ nbytes = MAX_MPI_BYTES;
+ err = _gnutls_mpi_print_pgp (pk->mpi[i], buf, &nbytes);
+
+ if (err < 0)
+ {
+ gnutls_assert ();
+ return map_gnutls_error (err);
+ }
+
+ if (!usefpr || pk->version == 4)
+ _gnutls_hash (md, buf, nbytes);
+ else /* without the prefix. */
+ _gnutls_hash (md, buf + 2, nbytes - 2);
+ }
+ return 0;
+}
+
+
+/* Hash an entire public key PK with the given message digest context
+ MD. The @usefpr param is only valid for version 3 keys because of
+ the different way to calculate the fingerprint. */
+cdk_error_t
+_cdk_hash_pubkey (cdk_pubkey_t pk, digest_hd_st * md, int usefpr)
+{
+ byte buf[12];
+ size_t i, n, npkey;
+
+ if (!pk || !md)
+ return CDK_Inv_Value;
+
+ if (usefpr && pk->version < 4 && is_RSA (pk->pubkey_algo))
+ return hash_mpibuf (pk, md, 1);
+
+ /* The version 4 public key packet does not have the 2 octets for
+ the expiration date. */
+ n = pk->version < 4 ? 8 : 6;
+ npkey = cdk_pk_get_npkey (pk->pubkey_algo);
+ for (i = 0; i < npkey; i++)
+ n = n + (_gnutls_mpi_get_nbits (pk->mpi[i]) + 7) / 8 + 2;
+
+ i = 0;
+ buf[i++] = 0x99;
+ buf[i++] = n >> 8;
+ buf[i++] = n >> 0;
+ buf[i++] = pk->version;
+ buf[i++] = pk->timestamp >> 24;
+ buf[i++] = pk->timestamp >> 16;
+ buf[i++] = pk->timestamp >> 8;
+ buf[i++] = pk->timestamp >> 0;
+
+ if (pk->version < 4)
+ {
+ u16 a = 0;
+
+ /* Convert the expiration date into days. */
+ if (pk->expiredate)
+ a = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
+ buf[i++] = a >> 8;
+ buf[i++] = a;
+ }
+ buf[i++] = pk->pubkey_algo;
+ _gnutls_hash (md, buf, i);
+ return hash_mpibuf (pk, md, 0);
+}
+
+
+/* Hash the user ID @uid with the given message digest @md.
+ Use openpgp mode if @is_v4 is 1. */
+cdk_error_t
+_cdk_hash_userid (cdk_pkt_userid_t uid, int is_v4, digest_hd_st * md)
+{
+ const byte *data;
+ byte buf[5];
+ u32 dlen;
+
+ if (!uid || !md)
+ return CDK_Inv_Value;
+
+ if (!is_v4)
+ {
+ _gnutls_hash (md, (byte *) uid->name, uid->len);
+ return 0;
+ }
+
+ dlen = uid->attrib_img ? uid->attrib_len : uid->len;
+ data = uid->attrib_img ? uid->attrib_img : (byte *) uid->name;
+ buf[0] = uid->attrib_img ? 0xD1 : 0xB4;
+ buf[1] = dlen >> 24;
+ buf[2] = dlen >> 16;
+ buf[3] = dlen >> 8;
+ buf[4] = dlen >> 0;
+ _gnutls_hash (md, buf, 5);
+ _gnutls_hash (md, data, dlen);
+ return 0;
+}
+
+
+/* Hash all parts of the signature which are needed to derive
+ the correct message digest to verify the sig. */
+cdk_error_t
+_cdk_hash_sig_data (cdk_pkt_signature_t sig, digest_hd_st * md)
+{
+ byte buf[4];
+ byte tmp;
+
+ if (!sig || !md)
+ return CDK_Inv_Value;
+
+ if (sig->version == 4)
+ _gnutls_hash (md, &sig->version, 1);
+
+ _gnutls_hash (md, &sig->sig_class, 1);
+ if (sig->version < 4)
+ {
+ buf[0] = sig->timestamp >> 24;
+ buf[1] = sig->timestamp >> 16;
+ buf[2] = sig->timestamp >> 8;
+ buf[3] = sig->timestamp >> 0;
+ _gnutls_hash (md, buf, 4);
+ }
+ else
+ {
+ size_t n;
+
+ tmp = _cdk_pub_algo_to_pgp (sig->pubkey_algo);
+ _gnutls_hash (md, &tmp, 1);
+ tmp = _gnutls_hash_algo_to_pgp (sig->digest_algo);
+ _gnutls_hash (md, &tmp, 1);
+ if (sig->hashed != NULL)
+ {
+ byte *p = _cdk_subpkt_get_array (sig->hashed, 0, &n);
+ assert (p != NULL);
+ buf[0] = n >> 8;
+ buf[1] = n >> 0;
+ _gnutls_hash (md, buf, 2);
+ _gnutls_hash (md, p, n);
+ cdk_free (p);
+ sig->hashed_size = n;
+ n = sig->hashed_size + 6;
+ }
+ else
+ {
+ tmp = 0x00;
+ _gnutls_hash (md, &tmp, 1);
+ _gnutls_hash (md, &tmp, 1);
+ n = 6;
+ }
+ _gnutls_hash (md, &sig->version, 1);
+ tmp = 0xff;
+ _gnutls_hash (md, &tmp, 1);
+ buf[0] = n >> 24;
+ buf[1] = n >> 16;
+ buf[2] = n >> 8;
+ buf[3] = n >> 0;
+ _gnutls_hash (md, buf, 4);
+ }
+ return 0;
+}
+
+
+/* Cache the signature result and store it inside the sig. */
+static void
+cache_sig_result (cdk_pkt_signature_t sig, int res)
+{
+ sig->flags.checked = 0;
+ sig->flags.valid = 0;
+ if (res == 0)
+ {
+ sig->flags.checked = 1;
+ sig->flags.valid = 1;
+ }
+ else if (res == CDK_Bad_Sig)
+ {
+ sig->flags.checked = 1;
+ sig->flags.valid = 0;
+ }
+}
+
+
+/* Check the given signature @sig with the public key @pk.
+ Use the digest handle @digest. */
+cdk_error_t
+_cdk_sig_check (cdk_pubkey_t pk, cdk_pkt_signature_t sig,
+ digest_hd_st * digest, int *r_expired)
+{
+ cdk_error_t rc;
+ byte md[MAX_DIGEST_LEN];
+ time_t cur_time = (u32) time (NULL);
+
+ if (!pk || !sig || !digest)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ if (sig->flags.checked)
+ return sig->flags.valid ? 0 : CDK_Bad_Sig;
+ if (!KEY_CAN_SIGN (pk->pubkey_algo))
+ return CDK_Inv_Algo;
+ if (pk->timestamp > sig->timestamp || pk->timestamp > cur_time)
+ return CDK_Time_Conflict;
+
+ if (r_expired && pk->expiredate
+ && (pk->expiredate + pk->timestamp) > cur_time)
+ *r_expired = 1;
+
+ _cdk_hash_sig_data (sig, digest);
+ _gnutls_hash_output (digest, md);
+
+ if (md[0] != sig->digest_start[0] || md[1] != sig->digest_start[1])
+ {
+ gnutls_assert ();
+ return CDK_Chksum_Error;
+ }
+
+ rc = cdk_pk_verify (pk, sig, md);
+ cache_sig_result (sig, rc);
+ return rc;
+}
+
+
+/* Check the given key signature.
+ @knode is the key node and @snode the signature node. */
+cdk_error_t
+_cdk_pk_check_sig (cdk_keydb_hd_t keydb,
+ cdk_kbnode_t knode, cdk_kbnode_t snode, int *is_selfsig,
+ char **ret_uid)
+{
+ digest_hd_st md;
+ int err;
+ cdk_pubkey_t pk;
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc = 0;
+ int is_expired;
+
+ if (!knode || !snode)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ if (is_selfsig)
+ *is_selfsig = 0;
+ if ((knode->pkt->pkttype != CDK_PKT_PUBLIC_KEY &&
+ knode->pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY) ||
+ snode->pkt->pkttype != CDK_PKT_SIGNATURE)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ pk = knode->pkt->pkt.public_key;
+ sig = snode->pkt->pkt.signature;
+
+ err = _gnutls_hash_init (&md, sig->digest_algo);
+ if (err < 0)
+ {
+ gnutls_assert ();
+ return map_gnutls_error (err);
+ }
+
+ is_expired = 0;
+ if (sig->sig_class == 0x20)
+ { /* key revocation */
+ cdk_kbnode_hash (knode, &md, 0, 0, 0);
+ rc = _cdk_sig_check (pk, sig, &md, &is_expired);
+ }
+ else if (sig->sig_class == 0x28)
+ { /* subkey revocation */
+ node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
+ if (!node)
+ { /* no subkey for subkey revocation packet */
+ gnutls_assert ();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+ cdk_kbnode_hash (knode, &md, 0, 0, 0);
+ cdk_kbnode_hash (node, &md, 0, 0, 0);
+ rc = _cdk_sig_check (pk, sig, &md, &is_expired);
+ }
+ else if (sig->sig_class == 0x18 || sig->sig_class == 0x19)
+ { /* primary/secondary key binding */
+ node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_PUBLIC_SUBKEY);
+ if (!node)
+ { /* no subkey for subkey binding packet */
+ gnutls_assert ();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+ cdk_kbnode_hash (knode, &md, 0, 0, 0);
+ cdk_kbnode_hash (node, &md, 0, 0, 0);
+ rc = _cdk_sig_check (pk, sig, &md, &is_expired);
+ }
+ else if (sig->sig_class == 0x1F)
+ { /* direct key signature */
+ cdk_kbnode_hash (knode, &md, 0, 0, 0);
+ rc = _cdk_sig_check (pk, sig, &md, &is_expired);
+ }
+ else
+ { /* all other classes */
+ cdk_pkt_userid_t uid;
+ node = cdk_kbnode_find_prev (knode, snode, CDK_PKT_USER_ID);
+ if (!node)
+ { /* no user ID for key signature packet */
+ gnutls_assert ();
+ rc = CDK_Error_No_Key;
+ goto fail;
+ }
+
+ uid = node->pkt->pkt.user_id;
+ if (ret_uid)
+ {
+ *ret_uid = uid->name;
+ }
+ cdk_kbnode_hash (knode, &md, 0, 0, 0);
+ cdk_kbnode_hash (node, &md, sig->version == 4, 0, 0);
+
+ if (pk->keyid[0] == sig->keyid[0] && pk->keyid[1] == sig->keyid[1])
+ {
+ rc = _cdk_sig_check (pk, sig, &md, &is_expired);
+ if (is_selfsig)
+ *is_selfsig = 1;
+ }
+ else if (keydb != NULL)
+ {
+ cdk_pubkey_t sig_pk;
+ rc = cdk_keydb_get_pk (keydb, sig->keyid, &sig_pk);
+ if (!rc)
+ rc = _cdk_sig_check (sig_pk, sig, &md, &is_expired);
+ cdk_pk_release (sig_pk);
+ }
+ }
+fail:
+ _gnutls_hash_deinit (&md, NULL);
+ return rc;
+}
+
+struct verify_uid
+{
+ const char *name;
+ int nsigs;
+ struct verify_uid *next;
+};
+
+static int
+uid_list_add_sig (struct verify_uid **list, const char *uid,
+ unsigned int flag)
+{
+ if (*list == NULL)
+ {
+ *list = cdk_calloc (1, sizeof (struct verify_uid));
+ if (*list == NULL)
+ return CDK_Out_Of_Core;
+ (*list)->name = uid;
+
+ if (flag != 0)
+ (*list)->nsigs++;
+ }
+ else
+ {
+ struct verify_uid *p, *prev_p = NULL;
+ int found = 0;
+
+ p = *list;
+
+ while (p != NULL)
+ {
+ if (strcmp (uid, p->name) == 0)
+ {
+ found = 1;
+ break;
+ }
+ prev_p = p;
+ p = p->next;
+ }
+
+ if (found == 0)
+ { /* not found add to the last */
+ prev_p->next = cdk_calloc (1, sizeof (struct verify_uid));
+ if (prev_p->next == NULL)
+ return CDK_Out_Of_Core;
+ prev_p->next->name = uid;
+ if (flag != 0)
+ prev_p->next->nsigs++;
+ }
+ else
+ { /* found... increase sigs */
+ if (flag != 0)
+ p->nsigs++;
+ }
+ }
+
+ return CDK_Success;
+}
+
+static void
+uid_list_free (struct verify_uid *list)
+{
+ struct verify_uid *p, *p1;
+
+ p = list;
+ while (p != NULL)
+ {
+ p1 = p->next;
+ cdk_free (p);
+ p = p1;
+ }
+}
+
+/* returns non zero if all UIDs in the list have at least one
+ * signature. If the list is empty or no signatures are present
+ * a zero value is returned.
+ */
+static int
+uid_list_all_signed (struct verify_uid *list)
+{
+ struct verify_uid *p;
+
+ if (list == NULL)
+ return 0;
+
+ p = list;
+ while (p != NULL)
+ {
+ if (p->nsigs == 0)
+ {
+ return 0;
+ }
+ p = p->next;
+ }
+ return 1; /* all signed */
+}
+
+/**
+ * cdk_pk_check_sigs:
+ * @key: the public key
+ * @hd: an optinal key database handle
+ * @r_status: variable to store the status of the key
+ *
+ * Check all signatures. When no key is available for checking, the
+ * sigstat is marked as 'NOKEY'. The @r_status contains the key flags
+ * which are or-ed or zero when there are no flags.
+ **/
+cdk_error_t
+cdk_pk_check_sigs (cdk_kbnode_t key, cdk_keydb_hd_t keydb, int *r_status)
+{
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc;
+ u32 keyid;
+ int key_status, is_selfsig = 0;
+ struct verify_uid *uid_list = NULL;
+ char *uid_name;
+
+ if (!key || !r_status)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ *r_status = 0;
+ node = cdk_kbnode_find (key, CDK_PKT_PUBLIC_KEY);
+ if (!node)
+ {
+ gnutls_assert ();
+ return CDK_Error_No_Key;
+ }
+
+ key_status = 0;
+ /* Continue with the signature check but adjust the
+ key status flags accordingly. */
+ if (node->pkt->pkt.public_key->is_revoked)
+ key_status |= CDK_KEY_REVOKED;
+ if (node->pkt->pkt.public_key->has_expired)
+ key_status |= CDK_KEY_EXPIRED;
+ rc = 0;
+
+ keyid = cdk_pk_get_keyid (node->pkt->pkt.public_key, NULL);
+ for (node = key; node; node = node->next)
+ {
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+ rc = _cdk_pk_check_sig (keydb, key, node, &is_selfsig, &uid_name);
+
+ if (rc && rc != CDK_Error_No_Key)
+ {
+ /* It might be possible that a single signature has been
+ corrupted, thus we do not consider it a problem when
+ one ore more signatures are bad. But at least the self
+ signature has to be valid. */
+ if (is_selfsig)
+ {
+ key_status |= CDK_KEY_INVALID;
+ break;
+ }
+ }
+
+ _cdk_log_debug ("signature %s: signer %08X keyid %08X\n",
+ rc == CDK_Bad_Sig ? "BAD" : "good",
+ (unsigned int) sig->keyid[1], (unsigned int) keyid);
+
+ if (IS_UID_SIG (sig) && uid_name != NULL)
+ {
+ /* add every uid in the uid list. Only consider valid:
+ * - verification was ok
+ * - not a selfsig
+ */
+ rc =
+ uid_list_add_sig (&uid_list, uid_name,
+ (rc == CDK_Success && is_selfsig == 0) ? 1 : 0);
+ if (rc != CDK_Success)
+ {
+ gnutls_assert ();
+ goto exit;
+ }
+ }
+
+ }
+
+ if (uid_list_all_signed (uid_list) == 0)
+ key_status |= CDK_KEY_NOSIGNER;
+ *r_status = key_status;
+ if (rc == CDK_Error_No_Key)
+ rc = 0;
+
+exit:
+ uid_list_free (uid_list);
+ return rc;
+}
+
+
+/**
+ * cdk_pk_check_self_sig:
+ * @key: the key node
+ * @r_status: output the status of the key.
+ *
+ * A convenient function to make sure the key is valid.
+ * Valid means the self signature is ok.
+ **/
+cdk_error_t
+cdk_pk_check_self_sig (cdk_kbnode_t key, int *r_status)
+{
+ cdk_pkt_signature_t sig;
+ cdk_kbnode_t node;
+ cdk_error_t rc;
+ u32 keyid[2], sigid[2];
+ int is_selfsig, sig_ok;
+ cdk_kbnode_t p, ctx = NULL;
+ cdk_packet_t pkt;
+
+ if (!key || !r_status)
+ return CDK_Inv_Value;
+
+ cdk_pk_get_keyid (key->pkt->pkt.public_key, keyid);
+
+ while ((p = cdk_kbnode_walk (key, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype != CDK_PKT_PUBLIC_SUBKEY
+ && pkt->pkttype != CDK_PKT_PUBLIC_KEY)
+ continue;
+
+ /* FIXME: we should set expire/revoke here also but callers
+ expect CDK_KEY_VALID=0 if the key is okay. */
+ sig_ok = 0;
+ for (node = p; node; node = node->next)
+ {
+ if (node->pkt->pkttype != CDK_PKT_SIGNATURE)
+ continue;
+ sig = node->pkt->pkt.signature;
+
+ cdk_sig_get_keyid (sig, sigid);
+ if (sigid[0] != keyid[0] || sigid[1] != keyid[1])
+ continue;
+ /* FIXME: Now we check all self signatures. */
+ rc = _cdk_pk_check_sig (NULL, p, node, &is_selfsig, NULL);
+ if (rc)
+ {
+ *r_status = CDK_KEY_INVALID;
+ return rc;
+ }
+ else /* For each valid self sig we increase this counter. */
+ sig_ok++;
+ }
+
+ /* A key without a self signature is not valid. At least one
+ * signature for the given key has to be found.
+ */
+ if (!sig_ok)
+ {
+ *r_status = CDK_KEY_INVALID;
+ return CDK_General_Error;
+ }
+ }
+
+ /* No flags indicate a valid key. */
+ *r_status = CDK_KEY_VALID;
+
+ return 0;
+}
--- /dev/null
+/* stream.c - The stream implementation
+ * Copyright (C) 2002, 2003, 2007, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <assert.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#include "opencdk.h"
+#include "main.h"
+#include "filters.h"
+#include "stream.h"
+#include "types.h"
+
+/* This is the maximal amount of bytes we map. */
+#define MAX_MAP_SIZE 16777216
+
+static cdk_error_t stream_flush (cdk_stream_t s);
+static cdk_error_t stream_filter_write (cdk_stream_t s);
+static int stream_cache_flush (cdk_stream_t s, FILE * fp);
+struct stream_filter_s *filter_add (cdk_stream_t s, filter_fnct_t fnc,
+ int type);
+
+
+/* FIXME: The read/write/putc/getc function cannot directly
+ return an error code. It is stored in an error variable
+ inside the string. Right now there is no code to
+ return the error code or to reset it. */
+
+/**
+ * cdk_stream_open:
+ * @file: The file to open
+ * @ret_s: The new STREAM object
+ *
+ * Creates a new stream based on an existing file. The stream is
+ * opened in read-only mode.
+ **/
+cdk_error_t
+cdk_stream_open (const char *file, cdk_stream_t * ret_s)
+{
+ return _cdk_stream_open_mode (file, "rb", ret_s);
+}
+
+
+/* Helper function to allow to open a stream in different modes. */
+cdk_error_t
+_cdk_stream_open_mode (const char *file, const char *mode,
+ cdk_stream_t * ret_s)
+{
+ cdk_stream_t s;
+
+ if (!file || !ret_s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_read_log ("open stream `%s'\n", file);
+ *ret_s = NULL;
+ s = cdk_calloc (1, sizeof *s);
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ s->fname = cdk_strdup (file);
+ if (!s->fname)
+ {
+ cdk_free (s);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ s->fp = fopen (file, mode);
+ if (!s->fp)
+ {
+ cdk_free (s->fname);
+ cdk_free (s);
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+ _gnutls_read_log ("open stream fd=%d\n", fileno (s->fp));
+ s->flags.write = 0;
+ *ret_s = s;
+ return 0;
+}
+
+
+/**
+ * cdk_stream_new_from_cbs:
+ * @cbs: the callback context with all user callback functions
+ * @opa: opaque handle which is passed to all callbacks.
+ * @ret_s: the allocated stream
+ *
+ * This function creates a stream which uses user callback
+ * for the core operations (open, close, read, write, seek).
+ */
+cdk_error_t
+cdk_stream_new_from_cbs (cdk_stream_cbs_t cbs, void *opa,
+ cdk_stream_t * ret_s)
+{
+ cdk_stream_t s;
+
+ if (!cbs || !opa || !ret_s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ *ret_s = NULL;
+ s = cdk_calloc (1, sizeof *s);
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+
+ s->cbs.read = cbs->read;
+ s->cbs.write = cbs->write;
+ s->cbs.seek = cbs->seek;
+ s->cbs.release = cbs->release;
+ s->cbs.open = cbs->open;
+ s->cbs_hd = opa;
+ *ret_s = s;
+
+ /* If there is a user callback for open, we need to call it
+ here because read/write expects an open stream. */
+ if (s->cbs.open)
+ return s->cbs.open (s->cbs_hd);
+ return 0;
+}
+
+
+/**
+ * cdk_stream_new:
+ * @file: The name of the new file
+ * @ret_s: The new STREAM object
+ *
+ * Create a new stream into the given file.
+ **/
+cdk_error_t
+cdk_stream_new (const char *file, cdk_stream_t * ret_s)
+{
+ cdk_stream_t s;
+
+ if (!ret_s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_read_log ("new stream `%s'\n", file ? file : "[temp]");
+ *ret_s = NULL;
+ s = cdk_calloc (1, sizeof *s);
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ s->flags.write = 1;
+ if (!file)
+ s->flags.temp = 1;
+ else
+ {
+ s->fname = cdk_strdup (file);
+ if (!s->fname)
+ {
+ cdk_free (s);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ }
+ s->fp = _cdk_tmpfile ();
+ if (!s->fp)
+ {
+ cdk_free (s->fname);
+ cdk_free (s);
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+ _gnutls_read_log ("new stream fd=%d\n", fileno (s->fp));
+ *ret_s = s;
+ return 0;
+}
+
+/**
+ * cdk_stream_create:
+ * @file: the filename
+ * @ret_s: the object
+ *
+ * Creates a new stream.
+ * The difference to cdk_stream_new is, that no filtering can be used with
+ * this kind of stream and everything is written directly to the stream.
+ **/
+cdk_error_t
+cdk_stream_create (const char *file, cdk_stream_t * ret_s)
+{
+ cdk_stream_t s;
+
+ if (!file || !ret_s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_read_log ("create stream `%s'\n", file);
+ *ret_s = NULL;
+ s = cdk_calloc (1, sizeof *s);
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ s->flags.write = 1;
+ s->flags.filtrated = 1;
+ s->fname = cdk_strdup (file);
+ if (!s->fname)
+ {
+ cdk_free (s);
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ s->fp = fopen (file, "w+b");
+ if (!s->fp)
+ {
+ cdk_free (s->fname);
+ cdk_free (s);
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+ _gnutls_read_log ("stream create fd=%d\n", fileno (s->fp));
+ *ret_s = s;
+ return 0;
+}
+
+
+/**
+ * cdk_stream_tmp_new:
+ * @r_out: the new temp stream.
+ *
+ * Allocates a new tempory stream which is not associated with a file.
+ */
+cdk_error_t
+cdk_stream_tmp_new (cdk_stream_t * r_out)
+{
+ return cdk_stream_new (NULL, r_out);
+}
+
+
+
+/**
+ * cdk_stream_tmp_from_mem:
+ * @buf: the buffer which shall be written to the temp stream.
+ * @buflen: how large the buffer is
+ * @r_out: the new stream with the given contents.
+ *
+ * Creates a new tempory stream with the given contests.
+ */
+cdk_error_t
+cdk_stream_tmp_from_mem (const void *buf, size_t buflen, cdk_stream_t * r_out)
+{
+ cdk_stream_t s;
+ cdk_error_t rc;
+ int nwritten;
+
+ *r_out = NULL;
+ rc = cdk_stream_tmp_new (&s);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ nwritten = cdk_stream_write (s, buf, buflen);
+ if (nwritten == EOF)
+ {
+ cdk_stream_close (s);
+ gnutls_assert ();
+ return s->error;
+ }
+ cdk_stream_seek (s, 0);
+ *r_out = s;
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_stream_fpopen (FILE * fp, unsigned write_mode, cdk_stream_t * ret_out)
+{
+ cdk_stream_t s;
+
+ *ret_out = NULL;
+ s = cdk_calloc (1, sizeof *s);
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+
+ _gnutls_read_log ("stream ref fd=%d\n", fileno (fp));
+ s->fp = fp;
+ s->fp_ref = 1;
+ s->flags.filtrated = 1;
+ s->flags.write = write_mode;
+
+ *ret_out = s;
+ return 0;
+}
+
+
+cdk_error_t
+_cdk_stream_append (const char *file, cdk_stream_t * ret_s)
+{
+ cdk_stream_t s;
+ cdk_error_t rc;
+
+ if (!ret_s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ *ret_s = NULL;
+
+ rc = _cdk_stream_open_mode (file, "a+b", &s);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ /* In the append mode, we need to write to the flag. */
+ s->flags.write = 1;
+ *ret_s = s;
+ return 0;
+}
+
+/**
+ * cdk_stream_is_compressed:
+ * @s: the stream
+ *
+ * Check whether stream is compressed.
+ *
+ * Returns: 0 if the stream is uncompressed, otherwise the compression
+ * algorithm.
+ */
+int
+cdk_stream_is_compressed (cdk_stream_t s)
+{
+ if (!s)
+ return 0;
+ return s->flags.compressed;
+}
+
+void
+_cdk_stream_set_compress_algo (cdk_stream_t s, int algo)
+{
+ if (!s)
+ return;
+ s->flags.compressed = algo;
+}
+
+
+cdk_error_t
+cdk_stream_flush (cdk_stream_t s)
+{
+ cdk_error_t rc;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ /* The user callback does not support flush */
+ if (s->cbs_hd)
+ return 0;
+
+ /* For read-only streams, no flush is needed. */
+ if (!s->flags.write)
+ return 0;
+
+ if (!s->flags.filtrated)
+ {
+ if (!cdk_stream_get_length (s))
+ return 0;
+ rc = cdk_stream_seek (s, 0);
+ if (!rc)
+ rc = stream_flush (s);
+ if (!rc)
+ rc = stream_filter_write (s);
+ s->flags.filtrated = 1;
+ if (rc)
+ {
+ s->error = rc;
+ gnutls_assert ();
+ return rc;
+ }
+ }
+ return 0;
+}
+
+
+void
+cdk_stream_tmp_set_mode (cdk_stream_t s, int val)
+{
+ if (s && s->flags.temp)
+ s->fmode = val;
+}
+
+
+/**
+ * cdk_stream_close:
+ * @s: The STREAM object.
+ *
+ * Close a stream and flush all buffers. This function work different
+ * for read or write streams. When the stream is for reading, the
+ * filtering is already done and we can simply close the file and all
+ * buffers. But for the case it's a write stream, we need to apply
+ * all registered filters now. The file is closed in the filter
+ * function and not here.
+ **/
+cdk_error_t
+cdk_stream_close (cdk_stream_t s)
+{
+ struct stream_filter_s *f, *f2;
+ cdk_error_t rc;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ _gnutls_read_log ("close stream ref=%d `%s'\n",
+ s->fp_ref, s->fname ? s->fname : "[temp]");
+
+ /* In the user callback mode, we call the release cb if possible
+ and just free the stream. */
+ if (s->cbs_hd)
+ {
+ if (s->cbs.release)
+ rc = s->cbs.release (s->cbs_hd);
+ else
+ rc = 0;
+ cdk_free (s);
+ gnutls_assert ();
+ return rc;
+ }
+
+
+ rc = 0;
+ if (!s->flags.filtrated && !s->error)
+ rc = cdk_stream_flush (s);
+ if (!s->fp_ref && (s->fname || s->flags.temp))
+ {
+ int err;
+
+ _gnutls_read_log ("close stream fd=%d\n", fileno (s->fp));
+ err = fclose (s->fp);
+ s->fp = NULL;
+ if (err)
+ rc = CDK_File_Error;
+ }
+
+ /* Iterate over the filter list and use the cleanup flag to
+ free the allocated internal structures. */
+ f = s->filters;
+ while (f)
+ {
+ f2 = f->next;
+ if (f->fnct)
+ f->fnct (f->opaque, STREAMCTL_FREE, NULL, NULL);
+ cdk_free (f);
+ f = f2;
+ }
+
+ if (s->fname)
+ {
+ cdk_free (s->fname);
+ s->fname = NULL;
+ }
+
+ cdk_free (s->cache.buf);
+ s->cache.alloced = 0;
+
+ cdk_free (s);
+ gnutls_assert ();
+ return rc;
+}
+
+
+/**
+ * cdk_stream_eof:
+ * @s: The STREAM object.
+ *
+ * Return if the associated file handle was set to EOF. This
+ * function will only work with read streams.
+ **/
+int
+cdk_stream_eof (cdk_stream_t s)
+{
+ return s ? s->flags.eof : -1;
+}
+
+
+const char *
+_cdk_stream_get_fname (cdk_stream_t s)
+{
+ if (!s)
+ return NULL;
+ if (s->flags.temp)
+ return NULL;
+ return s->fname ? s->fname : NULL;
+}
+
+
+/* Return the underlying FP of the stream.
+ WARNING: This handle should not be closed. */
+FILE *
+_cdk_stream_get_fp (cdk_stream_t s)
+{
+ return s ? s->fp : NULL;
+}
+
+
+int
+_cdk_stream_get_errno (cdk_stream_t s)
+{
+ return s ? s->error : CDK_Inv_Value;
+}
+
+
+/**
+ * cdk_stream_get_length:
+ * @s: The STREAM object.
+ *
+ * Return the length of the associated file handle. This function
+ * should work for both read and write streams. For write streams an
+ * additional flush is used to write possible pending data.
+ **/
+off_t
+cdk_stream_get_length (cdk_stream_t s)
+{
+ struct stat statbuf;
+ cdk_error_t rc;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return (off_t) - 1;
+ }
+
+ /* The user callback does not support stat. */
+ if (s->cbs_hd)
+ return 0;
+
+ rc = stream_flush (s);
+ if (rc)
+ {
+ s->error = rc;
+ gnutls_assert ();
+ return (off_t) - 1;
+ }
+
+ if (fstat (fileno (s->fp), &statbuf))
+ {
+ s->error = CDK_File_Error;
+ gnutls_assert ();
+ return (off_t) - 1;
+ }
+
+ return statbuf.st_size;
+}
+
+
+static struct stream_filter_s *
+filter_add2 (cdk_stream_t s)
+{
+ struct stream_filter_s *f;
+
+ assert (s);
+
+ f = cdk_calloc (1, sizeof *f);
+ if (!f)
+ return NULL;
+ f->next = s->filters;
+ s->filters = f;
+ return f;
+}
+
+
+static struct stream_filter_s *
+filter_search (cdk_stream_t s, filter_fnct_t fnc)
+{
+ struct stream_filter_s *f;
+
+ assert (s);
+
+ for (f = s->filters; f; f = f->next)
+ {
+ if (f->fnct == fnc)
+ return f;
+ }
+
+ return NULL;
+}
+
+static inline void
+set_opaque (struct stream_filter_s *f)
+{
+ switch (f->type)
+ {
+ case fARMOR:
+ f->opaque = &f->u.afx;
+ break;
+ case fCIPHER:
+ f->opaque = &f->u.cfx;
+ break;
+ case fLITERAL:
+ f->opaque = &f->u.pfx;
+ break;
+ case fCOMPRESS:
+ f->opaque = &f->u.zfx;
+ break;
+ case fHASH:
+ f->opaque = &f->u.mfx;
+ break;
+ case fTEXT:
+ f->opaque = &f->u.tfx;
+ break;
+ default:
+ f->opaque = NULL;
+ }
+
+}
+
+struct stream_filter_s *
+filter_add (cdk_stream_t s, filter_fnct_t fnc, int type)
+{
+ struct stream_filter_s *f;
+
+ assert (s);
+
+ s->flags.filtrated = 0;
+ f = filter_search (s, fnc);
+ if (f)
+ return f;
+ f = filter_add2 (s);
+ if (!f)
+ return NULL;
+ f->fnct = fnc;
+ f->flags.enabled = 1;
+ f->tmp = NULL;
+ f->type = type;
+
+ set_opaque (f);
+
+ return f;
+}
+
+static int
+stream_get_mode (cdk_stream_t s)
+{
+ assert (s);
+
+ if (s->flags.temp)
+ return s->fmode;
+ return s->flags.write;
+}
+
+
+static filter_fnct_t
+stream_id_to_filter (int type)
+{
+ switch (type)
+ {
+ case fARMOR:
+ return _cdk_filter_armor;
+ case fLITERAL:
+ return _cdk_filter_literal;
+ case fTEXT:
+ return _cdk_filter_text;
+/* case fCIPHER : return _cdk_filter_cipher; */
+/* case fCOMPRESS: return _cdk_filter_compress; */
+ default:
+ return NULL;
+ }
+}
+
+
+/**
+ * cdk_stream_filter_disable:
+ * @s: The STREAM object
+ * @type: The numberic filter ID.
+ *
+ * Disables the filter with the type 'type'.
+ **/
+cdk_error_t
+cdk_stream_filter_disable (cdk_stream_t s, int type)
+{
+ struct stream_filter_s *f;
+ filter_fnct_t fnc;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ fnc = stream_id_to_filter (type);
+ if (!fnc)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ f = filter_search (s, fnc);
+ if (f)
+ f->flags.enabled = 0;
+ return 0;
+}
+
+
+/* WARNING: tmp should not be closed by the caller. */
+static cdk_error_t
+stream_fp_replace (cdk_stream_t s, FILE ** tmp)
+{
+ int rc;
+
+ assert (s);
+
+ _gnutls_read_log ("replace stream fd=%d with fd=%d\n",
+ fileno (s->fp), fileno (*tmp));
+ rc = fclose (s->fp);
+ if (rc)
+ {
+ s->fp = NULL;
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+ s->fp = *tmp;
+ *tmp = NULL;
+ return 0;
+}
+
+
+/* This function is exactly like filter_read, except the fact that we can't
+ use tmpfile () all the time. That's why we open the real file when there
+ is no last filter. */
+static cdk_error_t
+stream_filter_write (cdk_stream_t s)
+{
+ struct stream_filter_s *f;
+ cdk_error_t rc = 0;
+
+ assert (s);
+
+ if (s->flags.filtrated)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ for (f = s->filters; f; f = f->next)
+ {
+ if (!f->flags.enabled)
+ continue;
+ /* if there is no next filter, create the final output file */
+ _gnutls_read_log ("filter [write]: last filter=%d fname=%s\n",
+ f->next ? 1 : 0, s->fname);
+ if (!f->next && s->fname)
+ f->tmp = fopen (s->fname, "w+b");
+ else
+ f->tmp = _cdk_tmpfile ();
+ if (!f->tmp)
+ {
+ rc = CDK_File_Error;
+ break;
+ }
+ /* If there is no next filter, flush the cache. We also do this
+ when the next filter is the armor filter because this filter
+ is special and before it starts, all data should be written. */
+ if ((!f->next || f->next->type == fARMOR) && s->cache.size)
+ {
+ rc = stream_cache_flush (s, f->tmp);
+ if (rc)
+ break;
+ }
+ rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp);
+ _gnutls_read_log ("filter [write]: type=%d rc=%d\n", f->type, rc);
+ if (!rc)
+ rc = stream_fp_replace (s, &f->tmp);
+ if (!rc)
+ rc = cdk_stream_seek (s, 0);
+ if (rc)
+ {
+ _gnutls_read_log ("filter [close]: fd=%d\n", fileno (f->tmp));
+ fclose (f->tmp);
+ f->tmp = NULL;
+ break;
+ }
+ }
+ return rc;
+}
+
+
+/* Here all data from the file handle is passed through all filters.
+ The scheme works like this:
+ Create a tempfile and use it for the output of the filter. Then the
+ original file handle will be closed and replace with the temp handle.
+ The file pointer will be set to the begin and the game starts again. */
+static cdk_error_t
+stream_filter_read (cdk_stream_t s)
+{
+ struct stream_filter_s *f;
+ cdk_error_t rc = 0;
+
+ assert (s);
+
+ if (s->flags.filtrated)
+ return 0;
+
+ for (f = s->filters; f; f = f->next)
+ {
+ if (!f->flags.enabled)
+ continue;
+ if (f->flags.error)
+ {
+ _gnutls_read_log ("filter %s [read]: has the error flag; skipped\n",
+ s->fname ? s->fname : "[temp]");
+ continue;
+ }
+
+ f->tmp = _cdk_tmpfile ();
+ if (!f->tmp)
+ {
+ rc = CDK_File_Error;
+ break;
+ }
+ rc = f->fnct (f->opaque, f->ctl, s->fp, f->tmp);
+ _gnutls_read_log ("filter %s [read]: type=%d rc=%d\n",
+ s->fname ? s->fname : "[temp]", f->type, rc);
+ if (rc)
+ {
+ f->flags.error = 1;
+ break;
+ }
+
+ f->flags.error = 0;
+ /* If the filter is read-only, do not replace the FP because
+ the contents were not altered in any way. */
+ if (!f->flags.rdonly)
+ {
+ rc = stream_fp_replace (s, &f->tmp);
+ if (rc)
+ break;
+ }
+ else
+ {
+ fclose (f->tmp);
+ f->tmp = NULL;
+ }
+ rc = cdk_stream_seek (s, 0);
+ if (rc)
+ break;
+ /* Disable the filter after it was successfully used. The idea
+ is the following: let's say the armor filter was pushed and
+ later more filters were added. The second time the filter code
+ will be executed, only the new filter should be started but
+ not the old because we already used it. */
+ f->flags.enabled = 0;
+ }
+
+ return rc;
+}
+
+
+void *
+_cdk_stream_get_opaque (cdk_stream_t s, int fid)
+{
+ struct stream_filter_s *f;
+
+ if (!s)
+ return NULL;
+
+ for (f = s->filters; f; f = f->next)
+ {
+ if ((int) f->type == fid)
+ return f->opaque;
+ }
+ return NULL;
+}
+
+
+/**
+ * cdk_stream_read:
+ * @s: The STREAM object.
+ * @buf: The buffer to insert the readed bytes.
+ * @count: Request so much bytes.
+ *
+ * Tries to read count bytes from the STREAM object.
+ * When this function is called the first time, it can take a while
+ * because all filters need to be processed. Please remember that you
+ * need to add the filters in reserved order.
+ **/
+int
+cdk_stream_read (cdk_stream_t s, void *buf, size_t buflen)
+{
+ int nread;
+ int rc;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return EOF;
+ }
+
+ if (s->cbs_hd)
+ {
+ if (s->cbs.read)
+ return s->cbs.read (s->cbs_hd, buf, buflen);
+ return 0;
+ }
+
+ if (s->flags.write && !s->flags.temp)
+ {
+ s->error = CDK_Inv_Mode;
+ gnutls_assert ();
+ return EOF; /* This is a write stream */
+ }
+
+ if (!s->flags.no_filter && !s->cache.on && !s->flags.filtrated)
+ {
+ rc = stream_filter_read (s);
+ if (rc)
+ {
+ s->error = rc;
+ if (s->fp && feof (s->fp))
+ s->flags.eof = 1;
+ gnutls_assert ();
+ return EOF;
+ }
+ s->flags.filtrated = 1;
+ }
+
+ if (!buf && !buflen)
+ return 0;
+
+ nread = fread (buf, 1, buflen, s->fp);
+ if (!nread)
+ nread = EOF;
+
+ if (feof (s->fp))
+ {
+ s->error = 0;
+ s->flags.eof = 1;
+ }
+ return nread;
+}
+
+
+int
+cdk_stream_getc (cdk_stream_t s)
+{
+ unsigned char buf[2];
+ int nread;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return EOF;
+ }
+ nread = cdk_stream_read (s, buf, 1);
+ if (nread == EOF)
+ {
+ s->error = CDK_File_Error;
+ gnutls_assert ();
+ return EOF;
+ }
+ return buf[0];
+}
+
+
+/**
+ * cdk_stream_write:
+ * @s: The STREAM object
+ * @buf: The buffer with the values to write.
+ * @count: The size of the buffer.
+ *
+ * Tries to write count bytes into the stream.
+ * In this function we simply write the bytes to the stream. We can't
+ * use the filters here because it would mean they have to support
+ * partial flushing.
+ **/
+int
+cdk_stream_write (cdk_stream_t s, const void *buf, size_t count)
+{
+ int nwritten;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return EOF;
+ }
+
+ if (s->cbs_hd)
+ {
+ if (s->cbs.write)
+ return s->cbs.write (s->cbs_hd, buf, count);
+ return 0;
+ }
+
+ if (!s->flags.write)
+ {
+ s->error = CDK_Inv_Mode; /* this is a read stream */
+ gnutls_assert ();
+ return EOF;
+ }
+
+ if (!buf && !count)
+ return stream_flush (s);
+
+ if (s->cache.on)
+ {
+ /* We need to resize the buffer if the additional data wouldn't
+ fit into it. We allocate more memory to avoid to resize it the
+ next time the function is used. */
+ if (s->cache.size + count > s->cache.alloced)
+ {
+ byte *old = s->cache.buf;
+
+ s->cache.buf =
+ cdk_calloc (1, s->cache.alloced + count + STREAM_BUFSIZE);
+ s->cache.alloced += (count + STREAM_BUFSIZE);
+ memcpy (s->cache.buf, old, s->cache.size);
+ cdk_free (old);
+ _gnutls_read_log ("stream: enlarge cache to %d octets\n",
+ (int) s->cache.alloced);
+ }
+ memcpy (s->cache.buf + s->cache.size, buf, count);
+ s->cache.size += count;
+ return count;
+ }
+
+ nwritten = fwrite (buf, 1, count, s->fp);
+ if (!nwritten)
+ nwritten = EOF;
+ return nwritten;
+}
+
+
+int
+cdk_stream_putc (cdk_stream_t s, int c)
+{
+ byte buf[2];
+ int nwritten;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return EOF;
+ }
+ buf[0] = c;
+ nwritten = cdk_stream_write (s, buf, 1);
+ if (nwritten == EOF)
+ return EOF;
+ return 0;
+}
+
+
+off_t
+cdk_stream_tell (cdk_stream_t s)
+{
+ return s ? ftell (s->fp) : (off_t) - 1;
+}
+
+
+cdk_error_t
+cdk_stream_seek (cdk_stream_t s, off_t offset)
+{
+ off_t len;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ if (s->cbs_hd)
+ {
+ if (s->cbs.seek)
+ return s->cbs.seek (s->cbs_hd, offset);
+ return 0;
+ }
+
+ /* Set or reset the EOF flag. */
+ len = cdk_stream_get_length (s);
+ if (len == offset)
+ s->flags.eof = 1;
+ else
+ s->flags.eof = 0;
+
+ if (fseek (s->fp, offset, SEEK_SET))
+ {
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+ return 0;
+}
+
+
+static cdk_error_t
+stream_flush (cdk_stream_t s)
+{
+ assert (s);
+
+ /* For some constellations it cannot be assured that the
+ return value is defined, thus we ignore it for now. */
+ (void) fflush (s->fp);
+ return 0;
+}
+
+
+/**
+ * cdk_stream_set_armor_flag:
+ * @s: the stream object
+ * @type: the type of armor to use
+ *
+ * If the file is in read-mode, no armor type needs to be
+ * defined (armor_type=0) because the armor filter will be
+ * used for decoding existing armor data.
+ * For the write mode, @armor_type can be set to any valid
+ * armor type (message, key, sig).
+ **/
+cdk_error_t
+cdk_stream_set_armor_flag (cdk_stream_t s, int armor_type)
+{
+ struct stream_filter_s *f;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ f = filter_add (s, _cdk_filter_armor, fARMOR);
+ if (!f)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ f->u.afx.idx = f->u.afx.idx2 = armor_type;
+ f->ctl = stream_get_mode (s);
+ return 0;
+}
+
+
+/**
+ * cdk_stream_set_literal_flag:
+ * @s: the stream object
+ * @mode: the mode to use (binary, text, unicode)
+ * @fname: the file name to store in the packet.
+ *
+ * In read mode it kicks off the literal decoding routine to
+ * unwrap the data from the packet. The @mode parameter is ignored.
+ * In write mode the function can be used to wrap the stream data
+ * into a literal packet with the given mode and file name.
+ **/
+cdk_error_t
+cdk_stream_set_literal_flag (cdk_stream_t s, cdk_lit_format_t mode,
+ const char *fname)
+{
+ struct stream_filter_s *f;
+ const char *orig_fname;
+
+ _gnutls_read_log ("stream: enable literal mode.\n");
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ orig_fname = _cdk_stream_get_fname (s);
+ f = filter_add (s, _cdk_filter_literal, fLITERAL);
+ if (!f)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ f->u.pfx.mode = mode;
+ f->u.pfx.filename = fname ? cdk_strdup (fname) : NULL;
+ f->u.pfx.orig_filename = orig_fname ? cdk_strdup (orig_fname) : NULL;
+ f->ctl = stream_get_mode (s);
+ if (s->blkmode > 0)
+ {
+ f->u.pfx.blkmode.on = 1;
+ f->u.pfx.blkmode.size = s->blkmode;
+ }
+ return 0;
+}
+
+
+/**
+ * cdk_stream_set_compress_flag:
+ * @s: the stream object
+ * @algo: the compression algo
+ * @level: level of compression (0..9)
+ *
+ * In read mode it kicks off the decompression filter to retrieve
+ * the uncompressed data.
+ * In write mode the stream data will be compressed with the
+ * given algorithm at the given level.
+ **/
+cdk_error_t
+cdk_stream_set_compress_flag (cdk_stream_t s, int algo, int level)
+{
+
+ gnutls_assert ();
+ return CDK_Not_Implemented;
+
+#if 0
+ struct stream_filter_s *f;
+
+ if (!s)
+ return CDK_Inv_Value;
+ f = filter_add (s, _cdk_filter_compress, fCOMPRESS);
+ if (!f)
+ return CDK_Out_Of_Core;
+ f->ctl = stream_get_mode (s);
+ f->u.zfx.algo = algo;
+ f->u.zfx.level = level;
+ return 0;
+#endif
+}
+
+
+/**
+ * cdk_stream_set_text_flag:
+ * @s: the stream object
+ * @lf: line ending
+ *
+ * Pushes the text filter to store the stream data in cannoncial format.
+ **/
+cdk_error_t
+cdk_stream_set_text_flag (cdk_stream_t s, const char *lf)
+{
+ struct stream_filter_s *f;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ f = filter_add (s, _cdk_filter_text, fTEXT);
+ if (!f)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ f->ctl = stream_get_mode (s);
+ f->u.tfx.lf = lf;
+ return 0;
+}
+
+
+/**
+ * cdk_stream_set_hash_flag:
+ * @s: the stream object
+ * @digest_algo: the digest algorithm to use
+ *
+ * This is for read-only streams. It pushes a digest filter to
+ * calculate the digest of the given stream data.
+ **/
+cdk_error_t
+cdk_stream_set_hash_flag (cdk_stream_t s, int digest_algo)
+{
+ struct stream_filter_s *f;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (stream_get_mode (s))
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ f = filter_add (s, _cdk_filter_hash, fHASH);
+ if (!f)
+ {
+ gnutls_assert ();
+ return CDK_Out_Of_Core;
+ }
+ f->ctl = stream_get_mode (s);
+ f->u.mfx.digest_algo = digest_algo;
+ f->flags.rdonly = 1;
+ return 0;
+}
+
+
+/**
+ * cdk_stream_enable_cache:
+ * @s: the stream object
+ * @val: 1=on, 0=off
+ *
+ * Enables or disable the cache section of a stream object.
+ **/
+cdk_error_t
+cdk_stream_enable_cache (cdk_stream_t s, int val)
+{
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ if (!s->flags.write)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+ s->cache.on = val;
+ if (!s->cache.buf)
+ {
+ s->cache.buf = cdk_calloc (1, STREAM_BUFSIZE);
+ s->cache.alloced = STREAM_BUFSIZE;
+ _gnutls_read_log ("stream: allocate cache of %d octets\n",
+ STREAM_BUFSIZE);
+ }
+ return 0;
+}
+
+
+static int
+stream_cache_flush (cdk_stream_t s, FILE * fp)
+{
+ int nwritten;
+
+ assert (s);
+
+ /* FIXME: We should find a way to use cdk_stream_write here. */
+ if (s->cache.size > 0)
+ {
+ nwritten = fwrite (s->cache.buf, 1, s->cache.size, fp);
+ if (!nwritten)
+ {
+ gnutls_assert ();
+ return CDK_File_Error;
+ }
+ s->cache.size = 0;
+ s->cache.on = 0;
+ wipemem (s->cache.buf, s->cache.alloced);
+ }
+ return 0;
+}
+
+
+/**
+ * cdk_stream_kick_off:
+ * @inp: the input stream
+ * @out: the output stream.
+ *
+ * Passes the entire data from @inp into the output stream @out
+ * with all the activated filters.
+ */
+cdk_error_t
+cdk_stream_kick_off (cdk_stream_t inp, cdk_stream_t out)
+{
+ byte buf[BUFSIZE];
+ int nread, nwritten;
+ cdk_error_t rc;
+
+ if (!inp || !out)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ rc = CDK_Success;
+ while (!cdk_stream_eof (inp))
+ {
+ nread = cdk_stream_read (inp, buf, DIM (buf));
+ if (!nread || nread == EOF)
+ break;
+ nwritten = cdk_stream_write (out, buf, nread);
+ if (!nwritten || nwritten == EOF)
+ { /* In case of errors, we leave the loop. */
+ rc = inp->error;
+ break;
+ }
+ }
+
+ wipemem (buf, sizeof (buf));
+ return rc;
+}
+
+
+/**
+ * cdk_stream_mmap_part:
+ * @s: the stream
+ * @off: the offset where to start
+ * @len: how much bytes shall be mapped
+ * @ret_buf: the buffer to store the content
+ * @ret_buflen: length of the buffer
+ *
+ * Maps the data of the given stream into a memory section. @ret_count
+ * contains the length of the buffer.
+ **/
+cdk_error_t
+cdk_stream_mmap_part (cdk_stream_t s, off_t off, size_t len,
+ byte ** ret_buf, size_t * ret_buflen)
+{
+ cdk_error_t rc;
+ off_t oldpos;
+ unsigned int n;
+
+ if (!ret_buf || !ret_buflen)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+ *ret_buf = NULL;
+ *ret_buflen = 0;
+
+ if (!s)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Value;
+ }
+
+ /* Memory mapping is not supported on custom I/O objects. */
+ if (s->cbs_hd)
+ {
+ _gnutls_read_log ("cdk_stream_mmap_part: not supported on callbacks\n");
+ gnutls_assert ();
+ return CDK_Inv_Mode;
+ }
+
+ oldpos = cdk_stream_tell (s);
+ rc = cdk_stream_flush (s);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ rc = cdk_stream_seek (s, off);
+ if (rc)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+ if (!len)
+ len = cdk_stream_get_length (s);
+ if (!len)
+ {
+ _gnutls_read_log ("cdk_stream_mmap_part: invalid file size %lu\n", len);
+ gnutls_assert ();
+ return s->error;
+ }
+ if (len > MAX_MAP_SIZE)
+ {
+ gnutls_assert ();
+ return CDK_Too_Short;
+ }
+
+ *ret_buf = cdk_calloc (1, len + 1);
+ *ret_buflen = len;
+ n = cdk_stream_read (s, *ret_buf, len);
+ if (n != len)
+ *ret_buflen = n;
+ rc = cdk_stream_seek (s, oldpos);
+ if (rc)
+ gnutls_assert ();
+ return rc;
+}
+
+
+cdk_error_t
+cdk_stream_mmap (cdk_stream_t inp, byte ** buf, size_t * buflen)
+{
+ off_t len;
+
+ /* We need to make sure all data is flushed before we retrieve the size. */
+ cdk_stream_flush (inp);
+ len = cdk_stream_get_length (inp);
+ return cdk_stream_mmap_part (inp, 0, len, buf, buflen);
+}
+
+
+/**
+ * cdk_stream_peek:
+ * @inp: the input stream handle
+ * @s: buffer
+ * @count: number of bytes to peek
+ *
+ * The function acts like cdk_stream_read with the difference that
+ * the file pointer is moved to the old position after the bytes were read.
+ **/
+int
+cdk_stream_peek (cdk_stream_t inp, byte * buf, size_t buflen)
+{
+ off_t off;
+ int nbytes;
+
+ if (!inp || !buf)
+ return 0;
+ if (inp->cbs_hd)
+ return 0;
+
+ off = cdk_stream_tell (inp);
+ nbytes = cdk_stream_read (inp, buf, buflen);
+ if (nbytes == -1)
+ return 0;
+ if (cdk_stream_seek (inp, off))
+ return 0;
+ return nbytes;
+}
+
+
+/* Try to read a line from the given stream. */
+int
+_cdk_stream_gets (cdk_stream_t s, char *buf, size_t count)
+{
+ int c, i;
+
+ assert (s);
+
+ i = 0;
+ while (!cdk_stream_eof (s) && count > 0)
+ {
+ c = cdk_stream_getc (s);
+ if (c == EOF || c == '\r' || c == '\n')
+ {
+ buf[i++] = '\0';
+ break;
+ }
+ buf[i++] = c;
+ count--;
+ }
+ return i;
+}
+
+
+/* Try to write string into the stream @s. */
+int
+_cdk_stream_puts (cdk_stream_t s, const char *buf)
+{
+ return cdk_stream_write (s, buf, strlen (buf));
+}
+
+
+/* Activate the block mode for the given stream. */
+cdk_error_t
+_cdk_stream_set_blockmode (cdk_stream_t s, size_t nbytes)
+{
+ assert (s);
+
+ _gnutls_read_log ("stream: activate block mode with blocksize %d\n",
+ (int) nbytes);
+ s->blkmode = nbytes;
+ return 0;
+}
+
+
+/* Return the block mode state of the given stream. */
+int
+_cdk_stream_get_blockmode (cdk_stream_t s)
+{
+ return s ? s->blkmode : 0;
+}
--- /dev/null
+/* stream.h - internal definiton for the STREAM object
+ * Copyright (C) 2002, 2003, 2007, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef CDK_STREAM_H
+#define CDK_STREAM_H
+
+/* The default buffer size for the stream. */
+#define STREAM_BUFSIZE 8192
+
+enum
+{
+ fDUMMY = 0,
+ fARMOR = 1,
+ fCIPHER = 2,
+ fLITERAL = 3,
+ fCOMPRESS = 4,
+ fHASH = 5,
+ fTEXT = 6
+};
+
+/* Type definition for the filter function. */
+typedef cdk_error_t (*filter_fnct_t) (void *opaque, int ctl, FILE * in,
+ FILE * out);
+
+/* The stream filter context structure. */
+struct stream_filter_s
+{
+ struct stream_filter_s *next;
+ filter_fnct_t fnct;
+ void *opaque;
+ FILE *tmp;
+ union
+ {
+ armor_filter_t afx;
+ cipher_filter_t cfx;
+ literal_filter_t pfx;
+ compress_filter_t zfx;
+ text_filter_t tfx;
+ md_filter_t mfx;
+ } u;
+ struct
+ {
+ unsigned enabled:1;
+ unsigned rdonly:1;
+ unsigned error:1;
+ } flags;
+ unsigned type;
+ unsigned ctl;
+};
+
+
+/* The stream context structure. */
+struct cdk_stream_s
+{
+ struct stream_filter_s *filters;
+ int fmode;
+ int error;
+ size_t blkmode;
+ struct
+ {
+ unsigned filtrated:1;
+ unsigned eof:1;
+ unsigned write:1;
+ unsigned temp:1;
+ unsigned reset:1;
+ unsigned no_filter:1;
+ unsigned compressed:3;
+ } flags;
+ struct
+ {
+ unsigned char *buf;
+ unsigned on:1;
+ size_t size;
+ size_t alloced;
+ } cache;
+ char *fname;
+ FILE *fp;
+ unsigned int fp_ref:1;
+ struct cdk_stream_cbs_s cbs;
+ void *cbs_hd;
+};
+
+#endif /* CDK_STREAM_H */
--- /dev/null
+/* types.h - Some type definitions
+ * Copyright (C) 2002, 2003, 2007, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifndef CDK_TYPES_H
+#define CDK_TYPES_H
+
+#ifndef HAVE_BYTE_TYPEDEF
+#undef byte
+typedef unsigned char byte;
+#define HAVE_BYTE_TYPEDEF
+#endif
+
+#ifndef HAVE_U16_TYPEDEF
+#undef u16
+typedef unsigned short u16;
+#define HAVE_U16_TYPEDEF
+#endif
+
+#ifndef HAVE_U32_TYPEDEF
+#undef u32
+typedef unsigned int u32;
+#define HAVE_U32_TYPEDEF
+#endif
+
+#ifndef DIM
+#define DIM(v) (sizeof (v)/sizeof ((v)[0]))
+#define DIMof(type, member) DIM(((type *)0)->member)
+#endif
+
+#endif /* CDK_TYPES_H */
--- /dev/null
+/* verify.c - Verify signatures
+ * Copyright (C) 2001, 2002, 2003, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include "opencdk.h"
+#include "main.h"
+#include "filters.h"
+#include "packet.h"
+
+
+/* Table of all supported digest algorithms and their names. */
+struct
+{
+ const char *name;
+ int algo;
+} digest_table[] =
+{
+ {
+ "MD5", GNUTLS_DIG_MD5},
+ {
+ "SHA1", GNUTLS_DIG_SHA1},
+ {
+ "RIPEMD160", GNUTLS_DIG_RMD160},
+ {
+ "SHA256", GNUTLS_DIG_SHA256},
+ {
+ "SHA384", GNUTLS_DIG_SHA384},
+ {
+ "SHA512", GNUTLS_DIG_SHA512},
+ {
+ NULL, 0}
+};
+
+
+static cdk_error_t file_verify_clearsign (cdk_ctx_t, const char *,
+ const char *);
+
+
+/**
+ * cdk_stream_verify:
+ * @hd: session handle
+ * @inp: the input stream
+ * @data: for detached signatures, this is the data stream @inp is the sig
+ * @out: where the output shall be written.
+ *
+ * Verify a signature in stream.
+ */
+cdk_error_t
+cdk_stream_verify (cdk_ctx_t hd, cdk_stream_t inp, cdk_stream_t data,
+ cdk_stream_t out)
+{
+ /* FIXME: out is not currently used. */
+ if (cdk_armor_filter_use (inp))
+ cdk_stream_set_armor_flag (inp, 0);
+ return _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL);
+}
+
+/**
+ * cdk_file_verify:
+ * @hd: the session handle
+ * @file: the input file
+ * @data_file: for detached signature this is the data file and @file is the sig.
+ * @output: the output file
+ *
+ * Verify a signature.
+ **/
+cdk_error_t
+cdk_file_verify (cdk_ctx_t hd, const char *file, const char *data_file,
+ const char *output)
+{
+ struct stat stbuf;
+ cdk_stream_t inp, data;
+ char buf[4096];
+ int n;
+ cdk_error_t rc;
+
+ if (!hd || !file)
+ return CDK_Inv_Value;
+ if (output && !hd->opt.overwrite && !stat (output, &stbuf))
+ return CDK_Inv_Mode;
+
+ rc = cdk_stream_open (file, &inp);
+ if (rc)
+ return rc;
+ if (cdk_armor_filter_use (inp))
+ {
+ n = cdk_stream_peek (inp, (byte *) buf, DIM (buf) - 1);
+ if (!n || n == -1)
+ return CDK_EOF;
+ buf[n] = '\0';
+ if (strstr (buf, "BEGIN PGP SIGNED MESSAGE"))
+ {
+ cdk_stream_close (inp);
+ return file_verify_clearsign (hd, file, output);
+ }
+ cdk_stream_set_armor_flag (inp, 0);
+ }
+
+ if (data_file)
+ {
+ rc = cdk_stream_open (data_file, &data);
+ if (rc)
+ {
+ cdk_stream_close (inp);
+ return rc;
+ }
+ }
+ else
+ data = NULL;
+
+ rc = _cdk_proc_packets (hd, inp, data, NULL, NULL, NULL);
+
+ if (data != NULL)
+ cdk_stream_close (data);
+ cdk_stream_close (inp);
+ return rc;
+}
+
+
+void
+_cdk_result_verify_free (cdk_verify_result_t res)
+{
+ if (!res)
+ return;
+ cdk_free (res->policy_url);
+ cdk_free (res->sig_data);
+ cdk_free (res);
+}
+
+
+cdk_verify_result_t
+_cdk_result_verify_new (void)
+{
+ cdk_verify_result_t res;
+
+ res = cdk_calloc (1, sizeof *res);
+ if (!res)
+ return NULL;
+ return res;
+}
+
+
+static cdk_error_t
+file_verify_clearsign (cdk_ctx_t hd, const char *file, const char *output)
+{
+ cdk_stream_t inp = NULL, out = NULL, tmp = NULL;
+ digest_hd_st md;
+ char buf[512], chk[512];
+ const char *s;
+ int i, is_signed = 0, nbytes;
+ int digest_algo = 0;
+ int err;
+ cdk_error_t rc;
+
+ memset(&md, 0, sizeof(md));
+
+ if (output)
+ {
+ rc = cdk_stream_create (output, &out);
+ if (rc)
+ return rc;
+ }
+
+ rc = cdk_stream_open (file, &inp);
+ if (rc)
+ {
+ if (output)
+ cdk_stream_close (out);
+ return rc;
+ }
+
+ s = "-----BEGIN PGP SIGNED MESSAGE-----";
+ while (!cdk_stream_eof (inp))
+ {
+ nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
+ if (!nbytes || nbytes == -1)
+ break;
+ if (!strncmp (buf, s, strlen (s)))
+ {
+ is_signed = 1;
+ break;
+ }
+ }
+
+ if (cdk_stream_eof (inp) && !is_signed)
+ {
+ rc = CDK_Armor_Error;
+ goto leave;
+ }
+
+ while (!cdk_stream_eof (inp))
+ {
+ nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
+ if (!nbytes || nbytes == -1)
+ break;
+ if (nbytes == 1) /* Empty line */
+ break;
+ else if (!strncmp (buf, "Hash: ", 6))
+ {
+ for (i = 0; digest_table[i].name; i++)
+ {
+ if (!strcmp (buf + 6, digest_table[i].name))
+ {
+ digest_algo = digest_table[i].algo;
+ break;
+ }
+ }
+ }
+ }
+
+ if (digest_algo && _gnutls_hash_get_algo_len (digest_algo) <= 0)
+ {
+ rc = CDK_Inv_Algo;
+ goto leave;
+ }
+
+ if (!digest_algo)
+ digest_algo = GNUTLS_DIG_MD5;
+
+ err = _gnutls_hash_init (&md, digest_algo);
+ if (err < 0)
+ {
+ gnutls_assert ();
+ rc = map_gnutls_error (err);
+ goto leave;
+ }
+
+ s = "-----BEGIN PGP SIGNATURE-----";
+ while (!cdk_stream_eof (inp))
+ {
+ nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
+ if (!nbytes || nbytes == -1)
+ break;
+ if (!strncmp (buf, s, strlen (s)))
+ break;
+ else
+ {
+ cdk_stream_peek (inp, (byte *) chk, DIM (chk) - 1);
+ i = strncmp (chk, s, strlen (s));
+ if (strlen (buf) == 0 && i == 0)
+ continue; /* skip last '\n' */
+ _cdk_trim_string (buf, i == 0 ? 0 : 1);
+ _gnutls_hash (&md, buf, strlen (buf));
+ }
+ if (!strncmp (buf, "- ", 2)) /* FIXME: handle it recursive. */
+ memmove (buf, buf + 2, nbytes - 2);
+ if (out)
+ {
+ if (strstr (buf, "\r\n"))
+ buf[strlen (buf) - 2] = '\0';
+ cdk_stream_write (out, buf, strlen (buf));
+ _cdk_stream_puts (out, _cdk_armor_get_lineend ());
+ }
+ }
+
+ /* We create a temporary stream object to store the
+ signature data in there. */
+ rc = cdk_stream_tmp_new (&tmp);
+ if (rc)
+ goto leave;
+
+ s = "-----BEGIN PGP SIGNATURE-----\n";
+ _cdk_stream_puts (tmp, s);
+ while (!cdk_stream_eof (inp))
+ {
+ nbytes = _cdk_stream_gets (inp, buf, DIM (buf) - 1);
+ if (!nbytes || nbytes == -1)
+ break;
+ if (nbytes < (int) (DIM (buf) - 3))
+ {
+ buf[nbytes - 1] = '\n';
+ buf[nbytes] = '\0';
+ }
+ cdk_stream_write (tmp, buf, nbytes);
+ }
+
+ /* FIXME: This code is not very elegant. */
+ cdk_stream_tmp_set_mode (tmp, STREAMCTL_READ);
+ cdk_stream_seek (tmp, 0);
+ cdk_stream_set_armor_flag (tmp, 0);
+ cdk_stream_read (tmp, NULL, 0);
+
+ /* the digest handle will be closed there. */
+ rc = _cdk_proc_packets (hd, tmp, NULL, NULL, NULL, &md);
+
+leave:
+ _gnutls_hash_deinit (&md, NULL);
+ cdk_stream_close (out);
+ cdk_stream_close (tmp);
+ cdk_stream_close (inp);
+ return rc;
+}
--- /dev/null
+/* write-packet.c - Write OpenPGP packets
+ * Copyright (C) 2001, 2002, 2003, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz
+ *
+ * This file is part of OpenCDK.
+ *
+ * The OpenCDK library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+#include <string.h>
+#include <stdio.h>
+#include <assert.h>
+
+#include "opencdk.h"
+#include "main.h"
+
+
+static int
+stream_write (cdk_stream_t s, const void *buf, size_t buflen)
+{
+ int nwritten;
+
+ nwritten = cdk_stream_write (s, buf, buflen);
+ if (nwritten == EOF)
+ return _cdk_stream_get_errno (s);
+ return 0;
+}
+
+
+static int
+stream_read (cdk_stream_t s, void *buf, size_t buflen, size_t * r_nread)
+{
+ int nread;
+
+ assert (r_nread);
+
+ nread = cdk_stream_read (s, buf, buflen);
+ if (nread == EOF)
+ return _cdk_stream_get_errno (s);
+ *r_nread = nread;
+ return 0;
+}
+
+
+static int
+stream_putc (cdk_stream_t s, int c)
+{
+ int nwritten = cdk_stream_putc (s, c);
+ if (nwritten == EOF)
+ return _cdk_stream_get_errno (s);
+ return 0;
+}
+
+
+static int
+write_32 (cdk_stream_t out, u32 u)
+{
+ byte buf[4];
+
+ buf[0] = u >> 24;
+ buf[1] = u >> 16;
+ buf[2] = u >> 8;
+ buf[3] = u;
+ return stream_write (out, buf, 4);
+}
+
+
+static int
+write_16 (cdk_stream_t out, u16 u)
+{
+ byte buf[2];
+
+ buf[0] = u >> 8;
+ buf[1] = u;
+ return stream_write (out, buf, 2);
+}
+
+
+static size_t
+calc_mpisize (bigint_t mpi[MAX_CDK_PK_PARTS], size_t ncount)
+{
+ size_t size, i;
+
+ size = 0;
+ for (i = 0; i < ncount; i++)
+ size += (_gnutls_mpi_get_nbits (mpi[i]) + 7) / 8 + 2;
+ return size;
+}
+
+
+static int
+write_mpi (cdk_stream_t out, bigint_t m)
+{
+ byte buf[MAX_MPI_BYTES + 2];
+ size_t nbits, nread;
+ int err;
+
+ if (!out || !m)
+ return CDK_Inv_Value;
+ nbits = _gnutls_mpi_get_nbits (m);
+ if (nbits > MAX_MPI_BITS || nbits < 1)
+ return CDK_MPI_Error;
+
+ nread = MAX_MPI_BYTES + 2;
+ err = _gnutls_mpi_print_pgp (m, buf, &nread);
+ if (err < 0)
+ return map_gnutls_error (err);
+ return stream_write (out, buf, nread);
+}
+
+
+static cdk_error_t
+write_mpibuf (cdk_stream_t out, bigint_t mpi[MAX_CDK_PK_PARTS], size_t count)
+{
+ size_t i;
+ cdk_error_t rc;
+
+ for (i = 0; i < count; i++)
+ {
+ rc = write_mpi (out, mpi[i]);
+ if (rc)
+ return rc;
+ }
+ return 0;
+}
+
+
+static cdk_error_t
+pkt_encode_len (cdk_stream_t out, size_t pktlen)
+{
+ cdk_error_t rc;
+
+ assert (out);
+
+ rc = 0;
+ if (!pktlen)
+ {
+ /* Block mode, partial bodies, with 'DEF_BLOCKSIZE' from main.h */
+ rc = stream_putc (out, (0xE0 | DEF_BLOCKBITS));
+ }
+ else if (pktlen < 192)
+ rc = stream_putc (out, pktlen);
+ else if (pktlen < 8384)
+ {
+ pktlen -= 192;
+ rc = stream_putc (out, (pktlen / 256) + 192);
+ if (!rc)
+ rc = stream_putc (out, (pktlen % 256));
+ }
+ else
+ {
+ rc = stream_putc (out, 255);
+ if (!rc)
+ rc = write_32 (out, pktlen);
+ }
+
+ return rc;
+}
+
+
+static cdk_error_t
+write_head_new (cdk_stream_t out, size_t size, int type)
+{
+ cdk_error_t rc;
+
+ assert (out);
+
+ if (type < 0 || type > 63)
+ return CDK_Inv_Packet;
+ rc = stream_putc (out, (0xC0 | type));
+ if (!rc)
+ rc = pkt_encode_len (out, size);
+ return rc;
+}
+
+
+static cdk_error_t
+write_head_old (cdk_stream_t out, size_t size, int type)
+{
+ cdk_error_t rc;
+ int ctb;
+
+ assert (out);
+
+ if (type < 0 || type > 16)
+ return CDK_Inv_Packet;
+ ctb = 0x80 | (type << 2);
+ if (!size)
+ ctb |= 3;
+ else if (size < 256)
+ ;
+ else if (size < 65536)
+ ctb |= 1;
+ else
+ ctb |= 2;
+ rc = stream_putc (out, ctb);
+ if (!size)
+ return rc;
+ if (!rc)
+ {
+ if (size < 256)
+ rc = stream_putc (out, size);
+ else if (size < 65536)
+ rc = write_16 (out, size);
+ else
+ rc = write_32 (out, size);
+ }
+
+ return rc;
+}
+
+
+/* Write special PGP2 packet header. PGP2 (wrongly) uses two byte header
+ length for signatures and keys even if the size is < 256. */
+static cdk_error_t
+pkt_write_head2 (cdk_stream_t out, size_t size, int type)
+{
+ cdk_error_t rc;
+
+ rc = cdk_stream_putc (out, 0x80 | (type << 2) | 1);
+ if (!rc)
+ rc = cdk_stream_putc (out, size >> 8);
+ if (!rc)
+ rc = cdk_stream_putc (out, size & 0xff);
+ return rc;
+}
+
+
+static int
+pkt_write_head (cdk_stream_t out, int old_ctb, size_t size, int type)
+{
+ if (old_ctb)
+ return write_head_old (out, size, type);
+ return write_head_new (out, size, type);
+}
+
+
+static int
+write_pubkey_enc (cdk_stream_t out, cdk_pkt_pubkey_enc_t pke, int old_ctb)
+{
+ size_t size;
+ int rc, nenc;
+
+ assert (out);
+ assert (pke);
+
+ if (pke->version < 2 || pke->version > 3)
+ return CDK_Inv_Packet;
+ if (!KEY_CAN_ENCRYPT (pke->pubkey_algo))
+ return CDK_Inv_Algo;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_pubkey_enc:\n");
+
+ nenc = cdk_pk_get_nenc (pke->pubkey_algo);
+ size = 10 + calc_mpisize (pke->mpi, nenc);
+ rc = pkt_write_head (out, old_ctb, size, CDK_PKT_PUBKEY_ENC);
+ if (rc)
+ return rc;
+
+ rc = stream_putc (out, pke->version);
+ if (!rc)
+ rc = write_32 (out, pke->keyid[0]);
+ if (!rc)
+ rc = write_32 (out, pke->keyid[1]);
+ if (!rc)
+ rc = stream_putc (out, _cdk_pub_algo_to_pgp (pke->pubkey_algo));
+ if (!rc)
+ rc = write_mpibuf (out, pke->mpi, nenc);
+ return rc;
+}
+
+
+static cdk_error_t
+write_mdc (cdk_stream_t out, cdk_pkt_mdc_t mdc)
+{
+ cdk_error_t rc;
+
+ assert (mdc);
+ assert (out);
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_mdc:\n");
+
+ /* This packet requires a fixed header encoding */
+ rc = stream_putc (out, 0xD3); /* packet ID and 1 byte length */
+ if (!rc)
+ rc = stream_putc (out, 0x14);
+ if (!rc)
+ rc = stream_write (out, mdc->hash, DIM (mdc->hash));
+ return rc;
+}
+
+
+static size_t
+calc_subpktsize (cdk_subpkt_t s)
+{
+ size_t nbytes;
+
+ /* In the count mode, no buffer is returned. */
+ _cdk_subpkt_get_array (s, 1, &nbytes);
+ return nbytes;
+}
+
+
+static cdk_error_t
+write_v3_sig (cdk_stream_t out, cdk_pkt_signature_t sig, int nsig)
+{
+ size_t size;
+ cdk_error_t rc;
+
+ size = 19 + calc_mpisize (sig->mpi, nsig);
+ if (is_RSA (sig->pubkey_algo))
+ rc = pkt_write_head2 (out, size, CDK_PKT_SIGNATURE);
+ else
+ rc = pkt_write_head (out, 1, size, CDK_PKT_SIGNATURE);
+ if (!rc)
+ rc = stream_putc (out, sig->version);
+ if (!rc)
+ rc = stream_putc (out, 5);
+ if (!rc)
+ rc = stream_putc (out, sig->sig_class);
+ if (!rc)
+ rc = write_32 (out, sig->timestamp);
+ if (!rc)
+ rc = write_32 (out, sig->keyid[0]);
+ if (!rc)
+ rc = write_32 (out, sig->keyid[1]);
+ if (!rc)
+ rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
+ if (!rc)
+ rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
+ if (!rc)
+ rc = stream_putc (out, sig->digest_start[0]);
+ if (!rc)
+ rc = stream_putc (out, sig->digest_start[1]);
+ if (!rc)
+ rc = write_mpibuf (out, sig->mpi, nsig);
+ return rc;
+}
+
+
+static cdk_error_t
+write_signature (cdk_stream_t out, cdk_pkt_signature_t sig, int old_ctb)
+{
+ byte *buf;
+ size_t nbytes, size, nsig;
+ cdk_error_t rc;
+
+ assert (out);
+ assert (sig);
+
+ if (!KEY_CAN_SIGN (sig->pubkey_algo))
+ return CDK_Inv_Algo;
+ if (sig->version < 2 || sig->version > 4)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_signature:\n");
+
+ nsig = cdk_pk_get_nsig (sig->pubkey_algo);
+ if (!nsig)
+ return CDK_Inv_Algo;
+ if (sig->version < 4)
+ return write_v3_sig (out, sig, nsig);
+
+ size = 10 + calc_subpktsize (sig->hashed)
+ + calc_subpktsize (sig->unhashed) + calc_mpisize (sig->mpi, nsig);
+ rc = pkt_write_head (out, 0, size, CDK_PKT_SIGNATURE);
+ if (!rc)
+ rc = stream_putc (out, 4);
+ if (!rc)
+ rc = stream_putc (out, sig->sig_class);
+ if (!rc)
+ rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
+ if (!rc)
+ rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
+ if (!rc)
+ rc = write_16 (out, sig->hashed_size);
+ if (!rc)
+ {
+ buf = _cdk_subpkt_get_array (sig->hashed, 0, &nbytes);
+ if (!buf)
+ return CDK_Out_Of_Core;
+ rc = stream_write (out, buf, nbytes);
+ cdk_free (buf);
+ }
+ if (!rc)
+ rc = write_16 (out, sig->unhashed_size);
+ if (!rc)
+ {
+ buf = _cdk_subpkt_get_array (sig->unhashed, 0, &nbytes);
+ if (!buf)
+ return CDK_Out_Of_Core;
+ rc = stream_write (out, buf, nbytes);
+ cdk_free (buf);
+ }
+ if (!rc)
+ rc = stream_putc (out, sig->digest_start[0]);
+ if (!rc)
+ rc = stream_putc (out, sig->digest_start[1]);
+ if (!rc)
+ rc = write_mpibuf (out, sig->mpi, nsig);
+ return rc;
+}
+
+
+static cdk_error_t
+write_public_key (cdk_stream_t out, cdk_pkt_pubkey_t pk,
+ int is_subkey, int old_ctb)
+{
+ int pkttype, ndays = 0;
+ size_t npkey = 0, size = 6;
+ cdk_error_t rc;
+
+ assert (out);
+ assert (pk);
+
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_public_key: subkey=%d\n", is_subkey);
+
+ pkttype = is_subkey ? CDK_PKT_PUBLIC_SUBKEY : CDK_PKT_PUBLIC_KEY;
+ npkey = cdk_pk_get_npkey (pk->pubkey_algo);
+ if (!npkey)
+ return CDK_Inv_Algo;
+ if (pk->version < 4)
+ size += 2; /* expire date */
+ if (is_subkey)
+ old_ctb = 0;
+ size += calc_mpisize (pk->mpi, npkey);
+ if (old_ctb)
+ rc = pkt_write_head2 (out, size, pkttype);
+ else
+ rc = pkt_write_head (out, old_ctb, size, pkttype);
+ if (!rc)
+ rc = stream_putc (out, pk->version);
+ if (!rc)
+ rc = write_32 (out, pk->timestamp);
+ if (!rc && pk->version < 4)
+ {
+ if (pk->expiredate)
+ ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
+ rc = write_16 (out, ndays);
+ }
+ if (!rc)
+ rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
+ if (!rc)
+ rc = write_mpibuf (out, pk->mpi, npkey);
+ return rc;
+}
+
+
+static int
+calc_s2ksize (cdk_pkt_seckey_t sk)
+{
+ size_t nbytes = 0;
+
+ if (!sk->is_protected)
+ return 0;
+ switch (sk->protect.s2k->mode)
+ {
+ case CDK_S2K_SIMPLE:
+ nbytes = 2;
+ break;
+ case CDK_S2K_SALTED:
+ nbytes = 10;
+ break;
+ case CDK_S2K_ITERSALTED:
+ nbytes = 11;
+ break;
+ }
+ nbytes += sk->protect.ivlen;
+ nbytes++; /* single cipher byte */
+ return nbytes;
+}
+
+
+static cdk_error_t
+write_secret_key (cdk_stream_t out, cdk_pkt_seckey_t sk,
+ int is_subkey, int old_ctb)
+{
+ cdk_pkt_pubkey_t pk = NULL;
+ size_t size = 6, npkey, nskey;
+ int pkttype, s2k_mode;
+ cdk_error_t rc;
+
+ assert (out);
+ assert (sk);
+
+ if (!sk->pk)
+ return CDK_Inv_Value;
+ pk = sk->pk;
+ if (pk->version < 2 || pk->version > 4)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_secret_key:\n");
+
+ npkey = cdk_pk_get_npkey (pk->pubkey_algo);
+ nskey = cdk_pk_get_nskey (pk->pubkey_algo);
+ if (!npkey || !nskey)
+ {
+ gnutls_assert ();
+ return CDK_Inv_Algo;
+ }
+ if (pk->version < 4)
+ size += 2;
+ /* If the key is unprotected, the 1 extra byte:
+ 1 octet - cipher algorithm byte (0x00)
+ the other bytes depend on the mode:
+ a) simple checksum - 2 octets
+ b) sha-1 checksum - 20 octets */
+ size = !sk->is_protected ? size + 1 : size + 1 + calc_s2ksize (sk);
+ size += calc_mpisize (pk->mpi, npkey);
+ if (sk->version == 3 || !sk->is_protected)
+ {
+ if (sk->version == 3)
+ {
+ size += 2; /* force simple checksum */
+ sk->protect.sha1chk = 0;
+ }
+ else
+ size += sk->protect.sha1chk ? 20 : 2;
+ size += calc_mpisize (sk->mpi, nskey);
+ }
+ else /* We do not know anything about the encrypted mpi's so we
+ treat the data as opaque. */
+ size += sk->enclen;
+
+ pkttype = is_subkey ? CDK_PKT_SECRET_SUBKEY : CDK_PKT_SECRET_KEY;
+ rc = pkt_write_head (out, old_ctb, size, pkttype);
+ if (!rc)
+ rc = stream_putc (out, pk->version);
+ if (!rc)
+ rc = write_32 (out, pk->timestamp);
+ if (!rc && pk->version < 4)
+ {
+ u16 ndays = 0;
+ if (pk->expiredate)
+ ndays = (u16) ((pk->expiredate - pk->timestamp) / 86400L);
+ rc = write_16 (out, ndays);
+ }
+ if (!rc)
+ rc = stream_putc (out, _cdk_pub_algo_to_pgp (pk->pubkey_algo));
+
+ if (!rc)
+ rc = write_mpibuf (out, pk->mpi, npkey);
+
+ if (!rc)
+ {
+ if (sk->is_protected == 0)
+ rc = stream_putc (out, 0x00);
+ else
+ {
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ rc = stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
+ else if (sk->protect.s2k)
+ {
+ s2k_mode = sk->protect.s2k->mode;
+ rc = stream_putc (out, sk->protect.sha1chk ? 0xFE : 0xFF);
+ if (!rc)
+ rc =
+ stream_putc (out, _gnutls_cipher_to_pgp (sk->protect.algo));
+ if (!rc)
+ rc = stream_putc (out, sk->protect.s2k->mode);
+ if (!rc)
+ rc = stream_putc (out, sk->protect.s2k->hash_algo);
+ if (!rc && (s2k_mode == 1 || s2k_mode == 3))
+ {
+ rc = stream_write (out, sk->protect.s2k->salt, 8);
+ if (!rc && s2k_mode == 3)
+ rc = stream_putc (out, sk->protect.s2k->count);
+ }
+ }
+ else
+ return CDK_Inv_Value;
+ if (!rc)
+ rc = stream_write (out, sk->protect.iv, sk->protect.ivlen);
+ }
+ }
+ if (!rc && sk->is_protected && pk->version == 4)
+ {
+ if (sk->encdata && sk->enclen)
+ rc = stream_write (out, sk->encdata, sk->enclen);
+ }
+ else
+ {
+ if (!rc)
+ rc = write_mpibuf (out, sk->mpi, nskey);
+ if (!rc)
+ {
+ if (!sk->csum)
+ sk->csum = _cdk_sk_get_csum (sk);
+ rc = write_16 (out, sk->csum);
+ }
+ }
+
+ return rc;
+}
+
+
+static cdk_error_t
+write_compressed (cdk_stream_t out, cdk_pkt_compressed_t cd)
+{
+ cdk_error_t rc;
+
+ assert (out);
+ assert (cd);
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("packet: write_compressed\n");
+
+ /* Use an old (RFC1991) header for this packet. */
+ rc = pkt_write_head (out, 1, 0, CDK_PKT_COMPRESSED);
+ if (!rc)
+ rc = stream_putc (out, cd->algorithm);
+ return rc;
+}
+
+
+static cdk_error_t
+write_literal (cdk_stream_t out, cdk_pkt_literal_t pt, int old_ctb)
+{
+ byte buf[BUFSIZE];
+ size_t size;
+ cdk_error_t rc;
+
+ assert (out);
+ assert (pt);
+
+ /* We consider a packet without a body as an invalid packet.
+ At least one octet must be present. */
+ if (!pt->len)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_literal:\n");
+
+ size = 6 + pt->namelen + pt->len;
+ rc = pkt_write_head (out, old_ctb, size, CDK_PKT_LITERAL);
+ if (rc)
+ return rc;
+
+ rc = stream_putc (out, pt->mode);
+ if (rc)
+ return rc;
+ rc = stream_putc (out, pt->namelen);
+ if (rc)
+ return rc;
+
+ if (pt->namelen > 0)
+ rc = stream_write (out, pt->name, pt->namelen);
+ if (!rc)
+ rc = write_32 (out, pt->timestamp);
+ if (rc)
+ return rc;
+
+ while (!cdk_stream_eof (pt->buf) && !rc)
+ {
+ rc = stream_read (pt->buf, buf, DIM (buf), &size);
+ if (!rc)
+ rc = stream_write (out, buf, size);
+ }
+
+ wipemem (buf, sizeof (buf));
+ return rc;
+}
+
+
+static cdk_error_t
+write_onepass_sig (cdk_stream_t out, cdk_pkt_onepass_sig_t sig)
+{
+ cdk_error_t rc;
+
+ assert (out);
+ assert (sig);
+
+ if (sig->version != 3)
+ return CDK_Inv_Packet;
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_onepass_sig:\n");
+
+ rc = pkt_write_head (out, 0, 13, CDK_PKT_ONEPASS_SIG);
+ if (!rc)
+ rc = stream_putc (out, sig->version);
+ if (!rc)
+ rc = stream_putc (out, sig->sig_class);
+ if (!rc)
+ rc = stream_putc (out, _gnutls_hash_algo_to_pgp (sig->digest_algo));
+ if (!rc)
+ rc = stream_putc (out, _cdk_pub_algo_to_pgp (sig->pubkey_algo));
+ if (!rc)
+ rc = write_32 (out, sig->keyid[0]);
+ if (!rc)
+ rc = write_32 (out, sig->keyid[1]);
+ if (!rc)
+ rc = stream_putc (out, sig->last);
+ return rc;
+}
+
+
+static cdk_error_t
+write_user_id (cdk_stream_t out, cdk_pkt_userid_t id, int old_ctb,
+ int pkttype)
+{
+ cdk_error_t rc;
+
+ if (!out || !id)
+ return CDK_Inv_Value;
+
+ if (pkttype == CDK_PKT_ATTRIBUTE)
+ {
+ if (!id->attrib_img)
+ return CDK_Inv_Value;
+ rc =
+ pkt_write_head (out, old_ctb, id->attrib_len + 6, CDK_PKT_ATTRIBUTE);
+ if (rc)
+ return rc;
+ /* Write subpacket part. */
+ stream_putc (out, 255);
+ write_32 (out, id->attrib_len + 1);
+ stream_putc (out, 1);
+ rc = stream_write (out, id->attrib_img, id->attrib_len);
+ }
+ else
+ {
+ if (!id->name)
+ return CDK_Inv_Value;
+ rc = pkt_write_head (out, old_ctb, id->len, CDK_PKT_USER_ID);
+ if (!rc)
+ rc = stream_write (out, id->name, id->len);
+ }
+
+ return rc;
+}
+
+
+/**
+ * cdk_pkt_write:
+ * @out: the output stream handle
+ * @pkt: the packet itself
+ *
+ * Write the contents of @pkt into the @out stream.
+ * Return 0 on success.
+ **/
+cdk_error_t
+cdk_pkt_write (cdk_stream_t out, cdk_packet_t pkt)
+{
+ cdk_error_t rc;
+
+ if (!out || !pkt)
+ return CDK_Inv_Value;
+
+ _gnutls_write_log ("write packet pkttype=%d\n", pkt->pkttype);
+ switch (pkt->pkttype)
+ {
+ case CDK_PKT_LITERAL:
+ rc = write_literal (out, pkt->pkt.literal, pkt->old_ctb);
+ break;
+ case CDK_PKT_ONEPASS_SIG:
+ rc = write_onepass_sig (out, pkt->pkt.onepass_sig);
+ break;
+ case CDK_PKT_MDC:
+ rc = write_mdc (out, pkt->pkt.mdc);
+ break;
+ case CDK_PKT_PUBKEY_ENC:
+ rc = write_pubkey_enc (out, pkt->pkt.pubkey_enc, pkt->old_ctb);
+ break;
+ case CDK_PKT_SIGNATURE:
+ rc = write_signature (out, pkt->pkt.signature, pkt->old_ctb);
+ break;
+ case CDK_PKT_PUBLIC_KEY:
+ rc = write_public_key (out, pkt->pkt.public_key, 0, pkt->old_ctb);
+ break;
+ case CDK_PKT_PUBLIC_SUBKEY:
+ rc = write_public_key (out, pkt->pkt.public_key, 1, pkt->old_ctb);
+ break;
+ case CDK_PKT_COMPRESSED:
+ rc = write_compressed (out, pkt->pkt.compressed);
+ break;
+ case CDK_PKT_SECRET_KEY:
+ rc = write_secret_key (out, pkt->pkt.secret_key, 0, pkt->old_ctb);
+ break;
+ case CDK_PKT_SECRET_SUBKEY:
+ rc = write_secret_key (out, pkt->pkt.secret_key, 1, pkt->old_ctb);
+ break;
+ case CDK_PKT_USER_ID:
+ case CDK_PKT_ATTRIBUTE:
+ rc = write_user_id (out, pkt->pkt.user_id, pkt->old_ctb, pkt->pkttype);
+ break;
+ default:
+ rc = CDK_Inv_Packet;
+ break;
+ }
+
+ if (DEBUG_PKT)
+ _gnutls_write_log ("write_packet rc=%d pkttype=%d\n", rc, pkt->pkttype);
+ return rc;
+}
+
+
+cdk_error_t
+_cdk_pkt_write2 (cdk_stream_t out, int pkttype, void *pktctx)
+{
+ cdk_packet_t pkt;
+ cdk_error_t rc;
+
+ rc = cdk_pkt_new (&pkt);
+ if (rc)
+ return rc;
+
+ switch (pkttype)
+ {
+ case CDK_PKT_PUBLIC_KEY:
+ case CDK_PKT_PUBLIC_SUBKEY:
+ pkt->pkt.public_key = pktctx;
+ break;
+ case CDK_PKT_SIGNATURE:
+ pkt->pkt.signature = pktctx;
+ break;
+ case CDK_PKT_SECRET_KEY:
+ case CDK_PKT_SECRET_SUBKEY:
+ pkt->pkt.secret_key = pktctx;
+ break;
+
+ case CDK_PKT_USER_ID:
+ pkt->pkt.user_id = pktctx;
+ break;
+ }
+ pkt->pkttype = pkttype;
+ rc = cdk_pkt_write (out, pkt);
+ cdk_free (pkt);
+ return rc;
+}
+
+
+cdk_error_t
+_cdk_pkt_write_fp (FILE * out, cdk_packet_t pkt)
+{
+ cdk_stream_t so;
+ cdk_error_t rc;
+
+ rc = _cdk_stream_fpopen (out, 1, &so);
+ if (rc)
+ return rc;
+ rc = cdk_pkt_write (so, pkt);
+ cdk_stream_close (so);
+ return rc;
+}
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+# Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = \
+ -I$(srcdir)/../gl \
+ -I$(builddir)/../gl \
+ -I$(srcdir)/../includes \
+ -I$(builddir)/../includes \
+ -I$(srcdir)/.. \
+ -I$(srcdir)/../opencdk
+
+if ENABLE_MINITASN1
+AM_CPPFLAGS += -I$(srcdir)/../minitasn1
+endif
+
+noinst_LTLIBRARIES = libgnutls_openpgp.la
+
+COBJECTS = pgp.c pgpverify.c extras.c compat.c privkey.c output.c \
+ gnutls_openpgp.c
+
+libgnutls_openpgp_la_SOURCES = $(COBJECTS) openpgp_int.h gnutls_openpgp.h
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+# Free Software Foundation, Inc.
+#
+# Author: Nikos Mavrogiannopoulos
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# The GnuTLS is distributed in the hope that it will be
+# useful, but WITHOUT ANY WARRANTY; without even the implied warranty
+# of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with GnuTLS; if not, write to the Free
+# Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+# MA 02110-1301, USA
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@ENABLE_MINITASN1_TRUE@am__append_1 = -I$(srcdir)/../minitasn1
+subdir = openpgp
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libgnutls_openpgp_la_LIBADD =
+am__objects_1 = pgp.lo pgpverify.lo extras.lo compat.lo privkey.lo \
+ output.lo gnutls_openpgp.lo
+am_libgnutls_openpgp_la_OBJECTS = $(am__objects_1)
+libgnutls_openpgp_la_OBJECTS = $(am_libgnutls_openpgp_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libgnutls_openpgp_la_SOURCES)
+DIST_SOURCES = $(libgnutls_openpgp_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = -I$(srcdir)/../gl -I$(builddir)/../gl \
+ -I$(srcdir)/../includes -I$(builddir)/../includes \
+ -I$(srcdir)/.. -I$(srcdir)/../opencdk $(am__append_1)
+noinst_LTLIBRARIES = libgnutls_openpgp.la
+COBJECTS = pgp.c pgpverify.c extras.c compat.c privkey.c output.c \
+ gnutls_openpgp.c
+
+libgnutls_openpgp_la_SOURCES = $(COBJECTS) openpgp_int.h gnutls_openpgp.h
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign openpgp/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign openpgp/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libgnutls_openpgp.la: $(libgnutls_openpgp_la_OBJECTS) $(libgnutls_openpgp_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(libgnutls_openpgp_la_OBJECTS) $(libgnutls_openpgp_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/compat.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/extras.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gnutls_openpgp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/output.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pgpverify.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz, Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+/* Compatibility functions on OpenPGP key parsing.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_openpgp.h>
+#include <openpgp_int.h>
+
+/*-
+ * gnutls_openpgp_verify_key:
+ * @cert_list: the structure that holds the certificates.
+ * @cert_list_lenght: the items in the cert_list.
+ * @status: the output of the verification function
+ *
+ * Verify all signatures in the certificate list. When the key
+ * is not available, the signature is skipped.
+ *
+ * The return value is one of the CertificateStatus entries.
+ *
+ * NOTE: this function does not verify using any "web of trust". You
+ * may use GnuPG for that purpose, or any other external PGP application.
+ -*/
+int
+_gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t cred,
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status)
+{
+ int ret = 0;
+ gnutls_openpgp_crt_t key = NULL;
+ unsigned int verify = 0, verify_self = 0;
+
+ if (!cert_list || cert_list_length != 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ ret = gnutls_openpgp_crt_init (&key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ gnutls_openpgp_crt_import (key, &cert_list[0], GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto leave;
+ }
+
+ if (cred->keyring != NULL)
+ {
+ ret = gnutls_openpgp_crt_verify_ring (key, cred->keyring, 0, &verify);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto leave;
+ }
+ }
+
+ /* Now try the self signature. */
+ ret = gnutls_openpgp_crt_verify_self (key, 0, &verify_self);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto leave;
+ }
+
+ *status = verify_self | verify;
+
+ /* If we only checked the self signature. */
+ if (!cred->keyring)
+ *status |= GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ ret = 0;
+
+leave:
+ gnutls_openpgp_crt_deinit (key);
+
+ return ret;
+}
+
+/*-
+ * gnutls_openpgp_fingerprint:
+ * @cert: the raw data that contains the OpenPGP public key.
+ * @fpr: the buffer to save the fingerprint.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Returns the fingerprint of the OpenPGP key. Depence on the algorithm,
+ * the fingerprint can be 16 or 20 bytes.
+ -*/
+int
+_gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
+ unsigned char *fpr, size_t * fprlen)
+{
+ gnutls_openpgp_crt_t key;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init (&key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_get_fingerprint (key, fpr, fprlen);
+ gnutls_openpgp_crt_deinit (key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/*-
+ * gnutls_openpgp_get_raw_key_creation_time:
+ * @cert: the raw data that contains the OpenPGP public key.
+ *
+ * Returns the timestamp when the OpenPGP key was created.
+ -*/
+time_t
+_gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t * cert)
+{
+ gnutls_openpgp_crt_t key;
+ int ret;
+ time_t tim;
+
+ ret = gnutls_openpgp_crt_init (&key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ tim = gnutls_openpgp_crt_get_creation_time (key);
+
+ gnutls_openpgp_crt_deinit (key);
+
+ return tim;
+}
+
+
+/*-
+ * gnutls_openpgp_get_raw_key_expiration_time:
+ * @cert: the raw data that contains the OpenPGP public key.
+ *
+ * Returns the time when the OpenPGP key expires. A value of '0' means
+ * that the key doesn't expire at all.
+ -*/
+time_t
+_gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t * cert)
+{
+ gnutls_openpgp_crt_t key;
+ int ret;
+ time_t tim;
+
+ ret = gnutls_openpgp_crt_init (&key);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import (key, cert, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ tim = gnutls_openpgp_crt_get_expiration_time (key);
+
+ gnutls_openpgp_crt_deinit (key);
+
+ return tim;
+}
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Timo Schulz
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+/* Functions on keyring parsing
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <openpgp_int.h>
+#include <gnutls_openpgp.h>
+#include <gnutls_num.h>
+
+/* Keyring stuff.
+ */
+
+/**
+ * gnutls_openpgp_keyring_init:
+ * @keyring: The structure to be initialized
+ *
+ * This function will initialize an keyring structure.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_keyring_init (gnutls_openpgp_keyring_t * keyring)
+{
+ *keyring = gnutls_calloc (1, sizeof (gnutls_openpgp_keyring_int));
+
+ if (*keyring)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+
+/**
+ * gnutls_openpgp_keyring_deinit:
+ * @keyring: The structure to be initialized
+ *
+ * This function will deinitialize a keyring structure.
+ **/
+void
+gnutls_openpgp_keyring_deinit (gnutls_openpgp_keyring_t keyring)
+{
+ if (!keyring)
+ return;
+
+ if (keyring->db)
+ {
+ cdk_keydb_free (keyring->db);
+ keyring->db = NULL;
+ }
+
+ gnutls_free (keyring);
+}
+
+/**
+ * gnutls_openpgp_keyring_check_id:
+ * @ring: holds the keyring to check against
+ * @keyid: will hold the keyid to check for.
+ * @flags: unused (should be 0)
+ *
+ * Check if a given key ID exists in the keyring.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success (if keyid exists) and a
+ * negative error code on failure.
+ **/
+int
+gnutls_openpgp_keyring_check_id (gnutls_openpgp_keyring_t ring,
+ const gnutls_openpgp_keyid_t keyid,
+ unsigned int flags)
+{
+ cdk_pkt_pubkey_t pk;
+ uint32_t id[2];
+
+ id[0] = _gnutls_read_uint32 (keyid);
+ id[1] = _gnutls_read_uint32 (&keyid[4]);
+
+ if (!cdk_keydb_get_pk (ring->db, id, &pk))
+ {
+ cdk_pk_release (pk);
+ return 0;
+ }
+
+ _gnutls_debug_log ("PGP: key not found %08lX\n", (unsigned long) id[1]);
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+}
+
+/**
+ * gnutls_openpgp_keyring_import:
+ * @keyring: The structure to store the parsed key.
+ * @data: The RAW or BASE64 encoded keyring.
+ * @format: One of #gnutls_openpgp_keyring_fmt elements.
+ *
+ * This function will convert the given RAW or Base64 encoded keyring
+ * to the native #gnutls_openpgp_keyring_t format. The output will be
+ * stored in 'keyring'.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_keyring_import (gnutls_openpgp_keyring_t keyring,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ cdk_error_t err;
+ cdk_stream_t input = NULL;
+ size_t raw_len = 0;
+ opaque *raw_data = NULL;
+
+ if (data->data == NULL || data->size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ _gnutls_debug_log ("PGP: keyring import format '%s'\n",
+ format == GNUTLS_OPENPGP_FMT_RAW ? "raw" : "base64");
+
+ /* Create a new stream from the given data, decode it, and import
+ * the raw database. This to avoid using opencdk streams which are
+ * not thread safe.
+ */
+ if (format == GNUTLS_OPENPGP_FMT_BASE64)
+ {
+ size_t written = 0;
+
+ err = cdk_stream_tmp_from_mem (data->data, data->size, &input);
+ if (!err)
+ err = cdk_stream_set_armor_flag (input, 0);
+ if (err)
+ {
+ gnutls_assert ();
+ err = _gnutls_map_cdk_rc (err);
+ goto error;
+ }
+
+ raw_len = cdk_stream_get_length (input);
+ if (raw_len == 0)
+ {
+ gnutls_assert ();
+ err = GNUTLS_E_BASE64_DECODING_ERROR;
+ goto error;
+ }
+
+ raw_data = gnutls_malloc (raw_len);
+ if (raw_data == NULL)
+ {
+ gnutls_assert ();
+ err = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ do
+ {
+ err =
+ cdk_stream_read (input, raw_data + written, raw_len - written);
+
+ if (err > 0)
+ written += err;
+ }
+ while (written < raw_len && err != EOF && err > 0);
+
+ raw_len = written;
+
+ }
+ else
+ { /* RAW */
+ raw_len = data->size;
+ raw_data = data->data;
+ }
+
+ err = cdk_keydb_new (&keyring->db, CDK_DBTYPE_DATA, raw_data, raw_len);
+ if (err)
+ gnutls_assert ();
+
+ return _gnutls_map_cdk_rc (err);
+
+error:
+ gnutls_free (raw_data);
+ cdk_stream_close (input);
+
+ return err;
+}
+
+#define knode_is_pkey(node) \
+ cdk_kbnode_find_packet (node, CDK_PKT_PUBLIC_KEY)!=NULL
+
+/**
+ * gnutls_openpgp_keyring_get_crt_count:
+ * @ring: is an OpenPGP key ring
+ *
+ * This function will return the number of OpenPGP certificates
+ * present in the given keyring.
+ *
+ * Returns: the number of subkeys, or a negative value on error.
+ **/
+int
+gnutls_openpgp_keyring_get_crt_count (gnutls_openpgp_keyring_t ring)
+{
+ cdk_kbnode_t knode;
+ cdk_error_t err;
+ cdk_keydb_search_t st;
+ int ret = 0;
+
+ err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
+ if (err != CDK_Success)
+ {
+ gnutls_assert ();
+ return _gnutls_map_cdk_rc (err);
+ }
+
+ do
+ {
+ err = cdk_keydb_search (st, ring->db, &knode);
+ if (err != CDK_Error_No_Key && err != CDK_Success)
+ {
+ gnutls_assert ();
+ cdk_keydb_search_release (st);
+ return _gnutls_map_cdk_rc (err);
+ }
+
+ if (knode_is_pkey (knode))
+ ret++;
+
+ cdk_kbnode_release (knode);
+
+ }
+ while (err != CDK_Error_No_Key);
+
+ cdk_keydb_search_release (st);
+ return ret;
+}
+
+/**
+ * gnutls_openpgp_keyring_get_crt:
+ * @ring: Holds the keyring.
+ * @idx: the index of the certificate to export
+ * @cert: An uninitialized #gnutls_openpgp_crt_t structure
+ *
+ * This function will extract an OpenPGP certificate from the given
+ * keyring. If the index given is out of range
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. The
+ * returned structure needs to be deinited.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_keyring_get_crt (gnutls_openpgp_keyring_t ring,
+ unsigned int idx, gnutls_openpgp_crt_t * cert)
+{
+ cdk_kbnode_t knode;
+ cdk_error_t err;
+ int ret = 0;
+ unsigned int count = 0;
+ cdk_keydb_search_t st;
+
+ err = cdk_keydb_search_start (&st, ring->db, CDK_DBSEARCH_NEXT, NULL);
+ if (err != CDK_Success)
+ {
+ gnutls_assert ();
+ return _gnutls_map_cdk_rc (err);
+ }
+
+ do
+ {
+ err = cdk_keydb_search (st, ring->db, &knode);
+ if (err != CDK_EOF && err != CDK_Success)
+ {
+ gnutls_assert ();
+ cdk_keydb_search_release (st);
+ return _gnutls_map_cdk_rc (err);
+ }
+
+ if (idx == count && err == CDK_Success)
+ {
+ ret = gnutls_openpgp_crt_init (cert);
+ if (ret == 0)
+ (*cert)->knode = knode;
+ cdk_keydb_search_release (st);
+ return ret;
+ }
+
+ if (knode_is_pkey (knode))
+ count++;
+
+ cdk_kbnode_release (knode);
+
+ }
+ while (err != CDK_EOF);
+
+ cdk_keydb_search_release (st);
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Timo Schulz, Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include "gnutls_mpi.h"
+#include "gnutls_num.h"
+#include "gnutls_cert.h"
+#include "gnutls_datum.h"
+#include "gnutls_global.h"
+#include "gnutls_openpgp.h"
+#include "read-file.h"
+#include <gnutls_str.h>
+#include <gnutls_sig.h>
+#include <stdio.h>
+#include <time.h>
+#include <sys/stat.h>
+
+#define datum_append(x, y, z) _gnutls_datum_append_m (x, y, z, gnutls_realloc)
+
+/* Map an OpenCDK error type to a GnuTLS error type. */
+int
+_gnutls_map_cdk_rc (int rc)
+{
+ switch (rc)
+ {
+ case CDK_Success:
+ return 0;
+ case CDK_Too_Short:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ case CDK_General_Error:
+ return GNUTLS_E_INTERNAL_ERROR;
+ case CDK_File_Error:
+ return GNUTLS_E_FILE_ERROR;
+ case CDK_MPI_Error:
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ case CDK_Error_No_Key:
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ case CDK_Armor_Error:
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ case CDK_Inv_Value:
+ return GNUTLS_E_INVALID_REQUEST;
+ default:
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+}
+
+/*-
+ * _gnutls_openpgp_raw_crt_to_gcert - Converts raw OpenPGP data to GnuTLS certs
+ * @cert: the certificate to store the data.
+ * @raw: the buffer which contains the whole OpenPGP key packets.
+ *
+ * The RFC2440 (OpenPGP Message Format) data is converted to a GnuTLS
+ * specific certificate.
+ -*/
+int
+_gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * gcert,
+ const gnutls_datum_t * raw,
+ const gnutls_openpgp_keyid_t keyid)
+{
+ gnutls_openpgp_crt_t pcrt;
+ int ret;
+
+ ret = gnutls_openpgp_crt_init (&pcrt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import (pcrt, raw, GNUTLS_OPENPGP_FMT_RAW);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_openpgp_crt_deinit (pcrt);
+ return ret;
+ }
+
+ if (keyid != NULL)
+ {
+ ret = gnutls_openpgp_crt_set_preferred_key_id (pcrt, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_openpgp_crt_deinit (pcrt);
+ return ret;
+ }
+ }
+
+ ret = _gnutls_openpgp_crt_to_gcert (gcert, pcrt);
+ gnutls_openpgp_crt_deinit (pcrt);
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_openpgp_key:
+ * @res: is a #gnutls_certificate_credentials_t structure.
+ * @key: contains an openpgp public key
+ * @pkey: is an openpgp private key
+ *
+ * This function sets a certificate/private key pair in the
+ * gnutls_certificate_credentials_t structure. This function may be
+ * called more than once (in case multiple keys/certificates exist
+ * for the server).
+ *
+ * Note that this function requires that the preferred key ids have
+ * been set and be used. See gnutls_openpgp_crt_set_preferred_key_id().
+ * Otherwise the master key will be used.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_certificate_set_openpgp_key (gnutls_certificate_credentials_t res,
+ gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_privkey_t pkey)
+{
+ int ret;
+ gnutls_privkey_t privkey;
+ gnutls_cert *ccert;
+
+ /* this should be first */
+
+ ret = gnutls_privkey_init (&privkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ gnutls_privkey_import_openpgp (privkey, pkey,
+ GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
+ if (ret < 0)
+ {
+ gnutls_privkey_deinit (privkey);
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ ccert = gnutls_calloc (1, sizeof (gnutls_cert));
+ if (ccert == NULL)
+ {
+ gnutls_assert ();
+ gnutls_privkey_deinit (privkey);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = _gnutls_openpgp_crt_to_gcert (ccert, crt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ccert);
+ gnutls_privkey_deinit (privkey);
+ return ret;
+ }
+
+ ret = certificate_credentials_append_pkey (res, privkey);
+ if (ret >= 0)
+ ret = certificate_credential_append_crt_list (res, ccert, 1);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (ccert);
+ gnutls_privkey_deinit (privkey);
+ return ret;
+ }
+
+ res->ncerts++;
+
+ /* FIXME: Check if the keys match. */
+
+ return 0;
+}
+
+/*-
+ * gnutls_openpgp_get_key:
+ * @key: the destination context to save the key.
+ * @keyring: the datum struct that contains all keyring information.
+ * @attr: The attribute (keyid, fingerprint, ...).
+ * @by: What attribute is used.
+ *
+ * This function can be used to retrieve keys by different pattern
+ * from a binary or a file keyring.
+ -*/
+int
+gnutls_openpgp_get_key (gnutls_datum_t * key,
+ gnutls_openpgp_keyring_t keyring, key_attr_t by,
+ opaque * pattern)
+{
+ cdk_kbnode_t knode = NULL;
+ unsigned long keyid[2];
+ unsigned char *buf;
+ void *desc;
+ size_t len;
+ int rc = 0;
+ cdk_keydb_search_t st;
+
+ if (!key || !keyring || by == KEY_ATTR_NONE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset (key, 0, sizeof *key);
+
+ if (by == KEY_ATTR_SHORT_KEYID)
+ {
+ keyid[0] = _gnutls_read_uint32 (pattern);
+ desc = keyid;
+ }
+ else if (by == KEY_ATTR_KEYID)
+ {
+ keyid[0] = _gnutls_read_uint32 (pattern);
+ keyid[1] = _gnutls_read_uint32 (pattern + 4);
+ desc = keyid;
+ }
+ else
+ desc = pattern;
+ rc = cdk_keydb_search_start (&st, keyring->db, by, desc);
+ if (!rc)
+ rc = cdk_keydb_search (st, keyring->db, &knode);
+
+ cdk_keydb_search_release (st);
+
+ if (rc)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ goto leave;
+ }
+
+ if (!cdk_kbnode_find (knode, CDK_PKT_PUBLIC_KEY))
+ {
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ goto leave;
+ }
+
+ /* We let the function allocate the buffer to avoid
+ to call the function twice. */
+ rc = cdk_kbnode_write_to_mem_alloc (knode, &buf, &len);
+ if (!rc)
+ datum_append (key, buf, len);
+ gnutls_free (buf);
+
+leave:
+ cdk_kbnode_release (knode);
+ return rc;
+}
+
+/**
+ * gnutls_certificate_set_openpgp_key_mem:
+ * @res: the destination context to save the data.
+ * @cert: the datum that contains the public key.
+ * @key: the datum that contains the secret key.
+ * @format: the format of the keys
+ *
+ * This funtion is used to load OpenPGP keys into the GnuTLS credential
+ * structure. The datum should contain at least one valid non encrypted subkey.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ return gnutls_certificate_set_openpgp_key_mem2 (res, cert, key,
+ NULL, format);
+}
+
+/**
+ * gnutls_certificate_set_openpgp_key_file:
+ * @res: the destination context to save the data.
+ * @certfile: the file that contains the public key.
+ * @keyfile: the file that contains the secret key.
+ * @format: the format of the keys
+ *
+ * This funtion is used to load OpenPGP keys into the GnuTLS
+ * credentials structure. The file should contain at least one valid non encrypted subkey.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_certificate_set_openpgp_key_file (gnutls_certificate_credentials_t res,
+ const char *certfile,
+ const char *keyfile,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ return gnutls_certificate_set_openpgp_key_file2 (res, certfile,
+ keyfile, NULL, format);
+}
+
+static int
+get_keyid (gnutls_openpgp_keyid_t keyid, const char *str)
+{
+ size_t keyid_size = GNUTLS_OPENPGP_KEYID_SIZE;
+
+ if (strlen (str) != 16)
+ {
+ _gnutls_debug_log
+ ("The OpenPGP subkey ID has to be 16 hexadecimal characters.\n");
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (_gnutls_hex2bin (str, strlen (str), keyid, &keyid_size) < 0)
+ {
+ _gnutls_debug_log ("Error converting hex string: %s.\n", str);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_certificate_set_openpgp_key_mem2:
+ * @res: the destination context to save the data.
+ * @cert: the datum that contains the public key.
+ * @key: the datum that contains the secret key.
+ * @subkey_id: a hex encoded subkey id
+ * @format: the format of the keys
+ *
+ * This funtion is used to load OpenPGP keys into the GnuTLS
+ * credentials structure. The datum should contain at least one valid non encrypted subkey.
+ *
+ * The special keyword "auto" is also accepted as @subkey_id. In that
+ * case the gnutls_openpgp_crt_get_auth_subkey() will be used to
+ * retrieve the subkey.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_certificate_set_openpgp_key_mem2 (gnutls_certificate_credentials_t res,
+ const gnutls_datum_t * cert,
+ const gnutls_datum_t * key,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ gnutls_openpgp_privkey_t pkey;
+ gnutls_openpgp_crt_t crt;
+ int ret;
+ gnutls_openpgp_keyid_t keyid;
+
+ ret = gnutls_openpgp_privkey_init (&pkey);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_openpgp_privkey_import (pkey, key, format, NULL, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_openpgp_privkey_deinit (pkey);
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_init (&crt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_openpgp_privkey_deinit (pkey);
+ return ret;
+ }
+
+ ret = gnutls_openpgp_crt_import (crt, cert, format);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_openpgp_privkey_deinit (pkey);
+ gnutls_openpgp_crt_deinit (crt);
+ return ret;
+ }
+
+ if (subkey_id != NULL)
+ {
+ if (strcasecmp (subkey_id, "auto") == 0)
+ ret = gnutls_openpgp_crt_get_auth_subkey (crt, keyid, 1);
+ else
+ ret = get_keyid (keyid, subkey_id);
+
+ if (ret < 0)
+ gnutls_assert ();
+
+ if (ret >= 0)
+ {
+ ret = gnutls_openpgp_crt_set_preferred_key_id (crt, keyid);
+ if (ret >= 0)
+ ret = gnutls_openpgp_privkey_set_preferred_key_id (pkey, keyid);
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_openpgp_privkey_deinit (pkey);
+ gnutls_openpgp_crt_deinit (crt);
+ return ret;
+ }
+ }
+
+ ret = gnutls_certificate_set_openpgp_key (res, crt, pkey);
+
+ gnutls_openpgp_crt_deinit (crt);
+
+ return ret;
+}
+
+/**
+ * gnutls_certificate_set_openpgp_key_file2:
+ * @res: the destination context to save the data.
+ * @certfile: the file that contains the public key.
+ * @keyfile: the file that contains the secret key.
+ * @subkey_id: a hex encoded subkey id
+ * @format: the format of the keys
+ *
+ * This funtion is used to load OpenPGP keys into the GnuTLS credential
+ * structure. The file should contain at least one valid non encrypted subkey.
+ *
+ * The special keyword "auto" is also accepted as @subkey_id. In that
+ * case the gnutls_openpgp_crt_get_auth_subkey() will be used to
+ * retrieve the subkey.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_certificate_set_openpgp_key_file2 (gnutls_certificate_credentials_t
+ res, const char *certfile,
+ const char *keyfile,
+ const char *subkey_id,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ struct stat statbuf;
+ gnutls_datum_t key, cert;
+ int rc;
+ size_t size;
+
+ if (!res || !keyfile || !certfile)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (stat (certfile, &statbuf) || stat (keyfile, &statbuf))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ cert.data = read_binary_file (certfile, &size);
+ cert.size = (unsigned int) size;
+ if (cert.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ key.data = read_binary_file (keyfile, &size);
+ key.size = (unsigned int) size;
+ if (key.data == NULL)
+ {
+ gnutls_assert ();
+ free (cert.data);
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ rc =
+ gnutls_certificate_set_openpgp_key_mem2 (res, &cert, &key, subkey_id,
+ format);
+
+ free (cert.data);
+ free (key.data);
+
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ return 0;
+}
+
+
+int
+gnutls_openpgp_count_key_names (const gnutls_datum_t * cert)
+{
+ cdk_kbnode_t knode, p, ctx;
+ cdk_packet_t pkt;
+ int nuids;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ if (cdk_kbnode_read_from_mem (&knode, cert->data, cert->size))
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ctx = NULL;
+ for (nuids = 0;;)
+ {
+ p = cdk_kbnode_walk (knode, &ctx, 0);
+ if (!p)
+ break;
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype == CDK_PKT_USER_ID)
+ nuids++;
+ }
+
+ cdk_kbnode_release (knode);
+ return nuids;
+}
+
+/**
+ * gnutls_certificate_set_openpgp_keyring_file:
+ * @c: A certificate credentials structure
+ * @file: filename of the keyring.
+ * @format: format of keyring.
+ *
+ * The function is used to set keyrings that will be used internally
+ * by various OpenPGP functions. For example to find a key when it
+ * is needed for an operations. The keyring will also be used at the
+ * verification functions.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_certificate_set_openpgp_keyring_file (gnutls_certificate_credentials_t
+ c, const char *file,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ gnutls_datum_t ring;
+ size_t size;
+ int rc;
+
+ if (!c || !file)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ring.data = read_binary_file (file, &size);
+ ring.size = (unsigned int) size;
+ if (ring.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ rc =
+ gnutls_certificate_set_openpgp_keyring_mem (c, ring.data, ring.size,
+ format);
+
+ free (ring.data);
+
+ return rc;
+}
+
+/**
+ * gnutls_certificate_set_openpgp_keyring_mem:
+ * @c: A certificate credentials structure
+ * @data: buffer with keyring data.
+ * @dlen: length of data buffer.
+ * @format: the format of the keyring
+ *
+ * The function is used to set keyrings that will be used internally
+ * by various OpenPGP functions. For example to find a key when it
+ * is needed for an operations. The keyring will also be used at the
+ * verification functions.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_certificate_set_openpgp_keyring_mem (gnutls_certificate_credentials_t
+ c, const opaque * data,
+ size_t dlen,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ gnutls_datum_t ddata;
+ int rc;
+
+ ddata.data = (void *) data;
+ ddata.size = dlen;
+
+ if (!c || !data || !dlen)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ rc = gnutls_openpgp_keyring_init (&c->keyring);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = gnutls_openpgp_keyring_import (c->keyring, &ddata, format);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ gnutls_openpgp_keyring_deinit (c->keyring);
+ return rc;
+ }
+
+ return 0;
+}
+
+/*-
+ * _gnutls_openpgp_request_key - Receives a key from a database, key server etc
+ * @ret - a pointer to gnutls_datum_t structure.
+ * @cred - a gnutls_certificate_credentials_t structure.
+ * @key_fingerprint - The keyFingerprint
+ * @key_fingerprint_size - the size of the fingerprint
+ *
+ * Retrieves a key from a local database, keyring, or a key server. The
+ * return value is locally allocated.
+ *
+ -*/
+int
+_gnutls_openpgp_request_key (gnutls_session_t session, gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
+ opaque * key_fpr, int key_fpr_size)
+{
+ int rc = 0;
+
+ if (!ret || !cred || !key_fpr)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key_fpr_size != 16 && key_fpr_size != 20)
+ return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
+
+ rc = gnutls_openpgp_get_key (ret, cred->keyring, KEY_ATTR_FPR, key_fpr);
+
+ if (rc >= 0) /* key was found */
+ {
+ rc = 0;
+ goto error;
+ }
+ else
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ /* If the callback function was set, then try this one. */
+ if (session->internals.openpgp_recv_key_func != NULL)
+ {
+ rc = session->internals.openpgp_recv_key_func (session,
+ key_fpr,
+ key_fpr_size, ret);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ goto error;
+ }
+ }
+
+error:
+
+ return rc;
+}
+
+/**
+ * gnutls_openpgp_set_recv_key_function:
+ * @session: a TLS session
+ * @func: the callback
+ *
+ * This funtion will set a key retrieval function for OpenPGP keys. This
+ * callback is only useful in server side, and will be used if the peer
+ * sent a key fingerprint instead of a full key.
+ *
+ **/
+void
+gnutls_openpgp_set_recv_key_function (gnutls_session_t session,
+ gnutls_openpgp_recv_key_func func)
+{
+ session->internals.openpgp_recv_key_func = func;
+}
+
+
+/* Converts a parsed gnutls_openpgp_crt_t to a gnutls_cert structure.
+ */
+int
+_gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)
+{
+ int ret;
+ gnutls_openpgp_keyid_t keyid;
+ char err_buf[33];
+
+ memset (gcert, 0, sizeof (gnutls_cert));
+ gcert->cert_type = GNUTLS_CRT_OPENPGP;
+ gcert->sign_algo = GNUTLS_SIGN_UNKNOWN; /* N/A here */
+
+ gcert->version = gnutls_openpgp_crt_get_version (cert);
+ gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
+
+ ret = gnutls_openpgp_crt_get_preferred_key_id (cert, keyid);
+
+ if (ret == 0)
+ {
+ int idx;
+ uint32_t kid32[2];
+
+ _gnutls_debug_log
+ ("Importing Openpgp cert and using openpgp sub key: %s\n",
+ _gnutls_bin2hex (keyid, GNUTLS_OPENPGP_KEYID_SIZE, err_buf, sizeof (err_buf),
+ NULL));
+
+ KEYID_IMPORT (kid32, keyid);
+
+ idx = gnutls_openpgp_crt_get_subkey_idx (cert, keyid);
+ if (idx < 0)
+ {
+ gnutls_assert ();
+ return idx;
+ }
+
+ gcert->subject_pk_algorithm =
+ gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL);
+
+ gnutls_openpgp_crt_get_subkey_usage (cert, idx, &gcert->key_usage);
+ gcert->use_subkey = 1;
+
+ memcpy (gcert->subkey_id, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ ret =
+ _gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params,
+ &gcert->params_size);
+ }
+ else
+ {
+ _gnutls_debug_log
+ ("Importing Openpgp cert and using main openpgp key\n");
+ gcert->subject_pk_algorithm =
+ gnutls_openpgp_crt_get_pk_algorithm (cert, NULL);
+
+ gnutls_openpgp_crt_get_key_usage (cert, &gcert->key_usage);
+ ret =
+ _gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params,
+ &gcert->params_size);
+ gcert->use_subkey = 0;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ { /* copy the raw certificate */
+#define SMALL_RAW 512
+ opaque *raw;
+ size_t raw_size = SMALL_RAW;
+
+ /* initially allocate a bogus size, just in case the certificate
+ * fits in it. That way we minimize the DER encodings performed.
+ */
+ raw = gnutls_malloc (raw_size);
+ if (raw == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
+ &raw_size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ gnutls_free (raw);
+ return ret;
+ }
+
+ if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ raw = gnutls_realloc (raw, raw_size);
+ if (raw == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret =
+ gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
+ &raw_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (raw);
+ return ret;
+ }
+ }
+
+ gcert->raw.data = raw;
+ gcert->raw.size = raw_size;
+ }
+
+ return 0;
+
+}
--- /dev/null
+#include <config.h>
+
+#ifdef ENABLE_OPENPGP
+
+#ifndef GNUTLS_OPENPGP_LOCAL_H
+#define GNUTLS_OPENPGP_LOCAL_H
+
+#include <auth_cert.h>
+#include <opencdk.h>
+#include <gnutls/abstract.h>
+
+/* OpenCDK compatible */
+typedef enum
+{
+ KEY_ATTR_NONE = 0,
+ KEY_ATTR_SHORT_KEYID = 3,
+ KEY_ATTR_KEYID = 4,
+ KEY_ATTR_FPR = 5
+} key_attr_t;
+
+int gnutls_openpgp_count_key_names (const gnutls_datum_t * cert);
+
+int gnutls_openpgp_get_key (gnutls_datum_t * key,
+ gnutls_openpgp_keyring_t keyring,
+ key_attr_t by, opaque * pattern);
+
+/* internal */
+int _gnutls_openpgp_raw_crt_to_gcert (gnutls_cert * cert,
+ const gnutls_datum_t * raw,
+ const gnutls_openpgp_keyid_t);
+
+int
+_gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey_t * pkey,
+ const gnutls_datum_t * raw_key);
+
+int
+_gnutls_openpgp_request_key (gnutls_session_t,
+ gnutls_datum_t * ret,
+ const gnutls_certificate_credentials_t cred,
+ opaque * key_fpr, int key_fpr_size);
+
+int _gnutls_openpgp_verify_key (const gnutls_certificate_credentials_t,
+ const gnutls_datum_t * cert_list,
+ int cert_list_length, unsigned int *status);
+int _gnutls_openpgp_fingerprint (const gnutls_datum_t * cert,
+ unsigned char *fpr, size_t * fprlen);
+time_t _gnutls_openpgp_get_raw_key_creation_time (const gnutls_datum_t *
+ cert);
+time_t _gnutls_openpgp_get_raw_key_expiration_time (const gnutls_datum_t *
+ cert);
+
+int
+_gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+
+int
+_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
+
+#endif /*GNUTLS_OPENPGP_LOCAL_H */
+
+#endif /*ENABLE_OPENPGP */
--- /dev/null
+#ifndef OPENPGP_LOCAL_H
+#define OPENPGP_LOCAL_H
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#ifdef ENABLE_OPENPGP
+
+#include <opencdk.h>
+#include <gnutls/openpgp.h>
+
+#define KEYID_IMPORT(dst, src) { \
+ dst[0] = _gnutls_read_uint32( src); \
+ dst[1] = _gnutls_read_uint32( src+4); }
+
+/* Internal context to store the OpenPGP key. */
+typedef struct gnutls_openpgp_crt_int
+{
+ cdk_kbnode_t knode;
+ gnutls_openpgp_keyid_t preferred_keyid;
+ int preferred_set;
+} gnutls_openpgp_crt_int;
+
+/* Internal context to store the private OpenPGP key. */
+typedef struct gnutls_openpgp_privkey_int
+{
+ cdk_kbnode_t knode;
+ gnutls_openpgp_keyid_t preferred_keyid;
+ int preferred_set;
+} gnutls_openpgp_privkey_int;
+
+
+typedef struct gnutls_openpgp_keyring_int
+{
+ cdk_keydb_hd_t db;
+} gnutls_openpgp_keyring_int;
+
+int _gnutls_map_cdk_rc (int rc);
+
+int _gnutls_openpgp_export (cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size,
+ int private);
+
+int _gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert,
+ gnutls_openpgp_crt_t cert);
+
+cdk_packet_t _gnutls_get_valid_subkey (cdk_kbnode_t knode, int key_type);
+
+unsigned int _gnutls_get_pgp_key_usage (unsigned int pgp_usage);
+
+int
+_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert, uint32_t keyid[2],
+ bigint_t * params, int *params_size);
+
+int
+_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
+ uint32_t keyid[2], bigint_t * params,
+ int *params_size);
+
+cdk_packet_t _gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv);
+
+int _gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
+ bigint_t * m);
+
+int _gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv);
+
+int _gnutls_openpgp_get_algo (int cdk_algo);
+
+#endif /* ENABLE_OPENPGP */
+
+#endif /* OPENPGP_LOCAL_H */
--- /dev/null
+/*
+ * Copyright (C) 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson, Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+/* Functions for printing X.509 Certificate structures
+ */
+
+#include <gnutls_int.h>
+#include <gnutls/openpgp.h>
+#include <gnutls_errors.h>
+
+/* I18n of error codes. */
+#include "gettext.h"
+#define _(String) dgettext (PACKAGE, String)
+
+#define addf _gnutls_buffer_append_printf
+#define adds _gnutls_buffer_append_str
+
+static void
+hexdump (gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
+{
+ size_t j;
+
+ if (spc)
+ adds (str, spc);
+ for (j = 0; j < len; j++)
+ {
+ if (((j + 1) % 16) == 0)
+ {
+ addf (str, "%.2x\n", (unsigned char) data[j]);
+ if (spc && j != (len - 1))
+ adds (str, spc);
+ }
+ else if (j == (len - 1))
+ addf (str, "%.2x", (unsigned char) data[j]);
+ else
+ addf (str, "%.2x:", (unsigned char) data[j]);
+ }
+ if ((j % 16) != 0)
+ adds (str, "\n");
+}
+
+static void
+hexprint (gnutls_buffer_st * str, const char *data, size_t len)
+{
+ size_t j;
+
+ if (len == 0)
+ adds (str, "00");
+ else
+ {
+ for (j = 0; j < len; j++)
+ addf (str, "%.2x", (unsigned char) data[j]);
+ }
+}
+
+static void
+print_key_usage (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert,
+ unsigned int idx)
+{
+ unsigned int key_usage;
+ int err;
+
+ adds (str, _("\t\tKey Usage:\n"));
+
+
+ if (idx == (unsigned int) -1)
+ err = gnutls_openpgp_crt_get_key_usage (cert, &key_usage);
+ else
+ err = gnutls_openpgp_crt_get_subkey_usage (cert, idx, &key_usage);
+ if (err < 0)
+ {
+ addf (str, _("error: get_key_usage: %s\n"), gnutls_strerror (err));
+ return;
+ }
+
+ if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
+ adds (str, _("\t\t\tDigital signatures.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
+ adds (str, _("\t\t\tCommunications encipherment.\n"));
+ if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
+ adds (str, _("\t\t\tStorage data encipherment.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
+ adds (str, _("\t\t\tAuthentication.\n"));
+ if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
+ adds (str, _("\t\t\tCertificate signing.\n"));
+}
+
+/* idx == -1 indicates main key
+ * otherwise the subkey.
+ */
+static void
+print_key_id (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+{
+ gnutls_openpgp_keyid_t id;
+ int err;
+
+ if (idx < 0)
+ err = gnutls_openpgp_crt_get_key_id (cert, id);
+ else
+ err = gnutls_openpgp_crt_get_subkey_id (cert, idx, id);
+
+ if (err < 0)
+ addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
+ else
+ {
+ adds (str, _("\tID (hex): "));
+ hexprint (str, id, sizeof (id));
+ addf (str, "\n");
+ }
+}
+
+/* idx == -1 indicates main key
+ * otherwise the subkey.
+ */
+static void
+print_key_fingerprint (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+{
+ char fpr[128];
+ size_t fpr_size = sizeof (fpr);
+ int err;
+
+ err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
+ if (err < 0)
+ addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
+ else
+ {
+ adds (str, _("\tFingerprint (hex): "));
+ hexprint (str, fpr, fpr_size);
+ addf (str, "\n");
+ }
+}
+
+static void
+print_key_revoked (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+{
+ int err;
+
+ if (idx < 0)
+ err = gnutls_openpgp_crt_get_revoked_status (cert);
+ else
+ err = gnutls_openpgp_crt_get_subkey_revoked_status (cert, idx);
+
+ if (err != 0)
+ adds (str, _("\tRevoked: True\n"));
+ else
+ adds (str, _("\tRevoked: False\n"));
+}
+
+static void
+print_key_times (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+{
+ time_t tim;
+
+ adds (str, _("\tTime stamps:\n"));
+
+ if (idx == -1)
+ tim = gnutls_openpgp_crt_get_creation_time (cert);
+ else
+ tim = gnutls_openpgp_crt_get_subkey_creation_time (cert, idx);
+
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %e %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tCreation: %s\n"), s);
+ }
+
+ if (idx == -1)
+ tim = gnutls_openpgp_crt_get_expiration_time (cert);
+ else
+ tim = gnutls_openpgp_crt_get_subkey_expiration_time (cert, idx);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (tim == 0)
+ {
+ adds (str, _("\t\tExpiration: Never\n"));
+ }
+ else
+ {
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %e %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tExpiration: %s\n"), s);
+ }
+ }
+}
+
+static void
+print_key_info (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert, int idx)
+{
+ int err;
+ unsigned int bits;
+
+ if (idx == -1)
+ err = gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
+ else
+ err = gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, &bits);
+
+ if (err < 0)
+ addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
+ else
+ {
+ const char *name = gnutls_pk_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+
+ addf (str, _("\tPublic Key Algorithm: %s\n"), name);
+ addf (str, _("\tKey Security Level: %s\n"),
+ gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
+ (err, bits)));
+
+ switch (err)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ if (idx == -1)
+ err = gnutls_openpgp_crt_get_pk_rsa_raw (cert, &m, &e);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_rsa_raw (cert, idx, &m, &e);
+
+ if (err < 0)
+ addf (str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tModulus (bits %d):\n"), bits);
+ hexdump (str, m.data, m.size, "\t\t\t");
+ adds (str, _("\t\tExponent:\n"));
+ hexdump (str, e.data, e.size, "\t\t\t");
+
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ if (idx == -1)
+ err = gnutls_openpgp_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
+ else
+ err =
+ gnutls_openpgp_crt_get_subkey_pk_dsa_raw (cert, idx, &p, &q,
+ &g, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tPublic key (bits %d):\n"), bits);
+ hexdump (str, y.data, y.size, "\t\t\t");
+ adds (str, _("\t\tP:\n"));
+ hexdump (str, p.data, p.size, "\t\t\t");
+ adds (str, _("\t\tQ:\n"));
+ hexdump (str, q.data, q.size, "\t\t\t");
+ adds (str, _("\t\tG:\n"));
+ hexdump (str, g.data, g.size, "\t\t\t");
+
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+ }
+}
+
+static void
+print_cert (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+{
+ int i, subkeys;
+ int err;
+
+ print_key_revoked (str, cert, -1);
+
+ /* Version. */
+ {
+ int version = gnutls_openpgp_crt_get_version (cert);
+ if (version < 0)
+ addf (str, "error: get_version: %s\n", gnutls_strerror (version));
+ else
+ addf (str, _("\tVersion: %d\n"), version);
+ }
+
+ /* ID. */
+ print_key_id (str, cert, -1);
+
+ print_key_fingerprint (str, cert);
+
+ /* Names. */
+ i = 0;
+ do
+ {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "error: get_name: %s\n", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
+ if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
+ err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "error: get_name: %s\n", gnutls_strerror (err));
+ else if (err >= 0)
+ addf (str, _("\tName[%d]: %s\n"), i, dn);
+ else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, _("\tRevoked Name[%d]: %s\n"), i, dn);
+
+ gnutls_free (dn);
+ }
+ }
+
+ i++;
+ }
+ while (err >= 0);
+
+ print_key_times (str, cert, -1);
+
+ print_key_info (str, cert, -1);
+ print_key_usage (str, cert, -1);
+
+ subkeys = gnutls_openpgp_crt_get_subkey_count (cert);
+ if (subkeys < 0)
+ return;
+
+ for (i = 0; i < subkeys; i++)
+ {
+ addf (str, _("\n\tSubkey[%d]:\n"), i);
+
+ print_key_revoked (str, cert, i);
+ print_key_id (str, cert, i);
+ print_key_times (str, cert, i);
+ print_key_info (str, cert, i);
+ print_key_usage (str, cert, i);
+ }
+
+}
+
+static void
+print_oneline (gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
+{
+ int err, i;
+
+ i = 0;
+ do
+ {
+ char *dn;
+ size_t dn_size = 0;
+
+ err = gnutls_openpgp_crt_get_name (cert, i, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
+ && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ && err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "unknown name (%s), ", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "unknown name (%s), ",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_openpgp_crt_get_name (cert, i, dn, &dn_size);
+ if (err < 0 && err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE &&
+ err != GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, "unknown name (%s), ", gnutls_strerror (err));
+ else if (err >= 0)
+ addf (str, _("name[%d]: %s, "), i, dn);
+ else if (err == GNUTLS_E_OPENPGP_UID_REVOKED)
+ addf (str, _("revoked name[%d]: %s, "), i, dn);
+
+ gnutls_free (dn);
+ }
+ }
+
+ i++;
+ }
+ while (err >= 0);
+
+ {
+ char fpr[128];
+ size_t fpr_size = sizeof (fpr);
+ int err;
+
+ err = gnutls_openpgp_crt_get_fingerprint (cert, fpr, &fpr_size);
+ if (err < 0)
+ addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
+ else
+ {
+ adds (str, _("fingerprint: "));
+ hexprint (str, fpr, fpr_size);
+ addf (str, ", ");
+ }
+ }
+
+ {
+ time_t tim;
+
+ tim = gnutls_openpgp_crt_get_creation_time (cert);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
+ else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
+ addf (str, "error: strftime (%ld), ", (unsigned long) tim);
+ else
+ addf (str, _("created: %s, "), s);
+ }
+
+ tim = gnutls_openpgp_crt_get_expiration_time (cert);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (tim == 0)
+ adds (str, _("never expires, "));
+ else
+ {
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld), ", (unsigned long) tim);
+ else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
+ addf (str, "error: strftime (%ld), ", (unsigned long) tim);
+ else
+ addf (str, _("expires: %s, "), s);
+ }
+ }
+ }
+
+ {
+ unsigned int bits = 0;
+ gnutls_pk_algorithm_t algo =
+ gnutls_openpgp_crt_get_pk_algorithm (cert, &bits);
+ const char *algostr = gnutls_pk_algorithm_get_name (algo);
+
+ if (algostr)
+ addf (str, _("key algorithm %s (%d bits)"), algostr, bits);
+ else
+ addf (str, _("unknown key algorithm (%d)"), algo);
+ }
+}
+
+/**
+ * gnutls_openpgp_crt_print:
+ * @cert: The structure to be printed
+ * @format: Indicate the format to use
+ * @out: Newly allocated datum with zero terminated string.
+ *
+ * This function will pretty print an OpenPGP certificate, suitable
+ * for display to a human.
+ *
+ * The format should be zero for future compatibility.
+ *
+ * The output @out needs to be deallocate using gnutls_free().
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_print (gnutls_openpgp_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
+{
+ gnutls_buffer_st str;
+
+ _gnutls_buffer_init (&str);
+
+ if (format == GNUTLS_CRT_PRINT_ONELINE)
+ print_oneline (&str, cert);
+ else
+ {
+ _gnutls_buffer_append_str (&str,
+ _("OpenPGP Certificate Information:\n"));
+ print_cert (&str, cert);
+ }
+
+ _gnutls_buffer_append_data (&str, "\0", 1);
+
+ out->data = str.data;
+ out->size = strlen (str.data);
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Timo Schulz, Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+/* Functions on OpenPGP key parsing
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <openpgp_int.h>
+#include <gnutls_str.h>
+#include <gnutls_num.h>
+#include <x509/common.h>
+
+/**
+ * gnutls_openpgp_crt_init:
+ * @key: The structure to be initialized
+ *
+ * This function will initialize an OpenPGP key structure.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_init (gnutls_openpgp_crt_t * key)
+{
+ *key = gnutls_calloc (1, sizeof (gnutls_openpgp_crt_int));
+
+ if (*key)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+/**
+ * gnutls_openpgp_crt_deinit:
+ * @key: The structure to be initialized
+ *
+ * This function will deinitialize a key structure.
+ **/
+void
+gnutls_openpgp_crt_deinit (gnutls_openpgp_crt_t key)
+{
+ if (!key)
+ return;
+
+ if (key->knode)
+ {
+ cdk_kbnode_release (key->knode);
+ key->knode = NULL;
+ }
+
+ gnutls_free (key);
+}
+
+/**
+ * gnutls_openpgp_crt_import:
+ * @key: The structure to store the parsed key.
+ * @data: The RAW or BASE64 encoded key.
+ * @format: One of gnutls_openpgp_crt_fmt_t elements.
+ *
+ * This function will convert the given RAW or Base64 encoded key to
+ * the native #gnutls_openpgp_crt_t format. The output will be stored
+ * in 'key'.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_import (gnutls_openpgp_crt_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format)
+{
+ cdk_stream_t inp;
+ cdk_packet_t pkt;
+ int rc;
+
+ if (data->data == NULL || data->size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_RAW)
+ {
+ rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
+ if (rc)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+ else
+ {
+ rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
+ if (rc)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+ if (cdk_armor_filter_use (inp))
+ rc = cdk_stream_set_armor_flag (inp, 0);
+ if (!rc)
+ rc = cdk_keydb_get_keyblock (inp, &key->knode);
+ cdk_stream_close (inp);
+ if (rc)
+ {
+ if (rc == CDK_Inv_Packet)
+ rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ else
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ /* Test if the import was successful. */
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ return 0;
+}
+
+/* internal version of export
+ */
+int
+_gnutls_openpgp_export (cdk_kbnode_t node,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data,
+ size_t * output_data_size, int private)
+{
+ size_t input_data_size = *output_data_size;
+ size_t calc_size;
+ int rc;
+
+ rc = cdk_kbnode_write_to_mem (node, output_data, output_data_size);
+ if (rc)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+
+ /* If the caller uses output_data == NULL then return what he expects.
+ */
+ if (!output_data)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_BASE64)
+ {
+ unsigned char *in = gnutls_calloc (1, *output_data_size);
+ memcpy (in, output_data, *output_data_size);
+
+ /* Calculate the size of the encoded data and check if the provided
+ buffer is large enough. */
+ rc = cdk_armor_encode_buffer (in, *output_data_size,
+ NULL, 0, &calc_size,
+ private ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
+ if (rc || calc_size > input_data_size)
+ {
+ gnutls_free (in);
+ *output_data_size = calc_size;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ rc = cdk_armor_encode_buffer (in, *output_data_size,
+ output_data, input_data_size, &calc_size,
+ private ? CDK_ARMOR_SECKEY :
+ CDK_ARMOR_PUBKEY);
+ gnutls_free (in);
+ *output_data_size = calc_size;
+
+ if (rc)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_openpgp_crt_export:
+ * @key: Holds the key.
+ * @format: One of gnutls_openpgp_crt_fmt_t elements.
+ * @output_data: will contain the key base64 encoded or raw
+ * @output_data_size: holds the size of output_data (and will
+ * be replaced by the actual size of parameters)
+ *
+ * This function will convert the given key to RAW or Base64 format.
+ * If the buffer provided is not long enough to hold the output, then
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_export (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ void *output_data, size_t * output_data_size)
+{
+ return _gnutls_openpgp_export (key->knode, format, output_data,
+ output_data_size, 0);
+}
+
+/**
+ * gnutls_openpgp_crt_get_fingerprint:
+ * @key: the raw data that contains the OpenPGP public key.
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get key fingerprint. Depending on the algorithm, the fingerprint
+ * can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned. Otherwise, an error code.
+ **/
+int
+gnutls_openpgp_crt_get_fingerprint (gnutls_openpgp_crt_t key,
+ void *fpr, size_t * fprlen)
+{
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *fprlen = 0;
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ pk = pkt->pkt.public_key;
+ *fprlen = 20;
+
+ /* FIXME: Check if the draft allows old PGP keys. */
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+ cdk_pk_get_fingerprint (pk, fpr);
+
+ return 0;
+}
+
+static int
+_gnutls_openpgp_count_key_names (gnutls_openpgp_crt_t key)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int nuids;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ctx = NULL;
+ nuids = 0;
+ while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype == CDK_PKT_USER_ID)
+ nuids++;
+ }
+
+ return nuids;
+}
+
+
+/**
+ * gnutls_openpgp_crt_get_name:
+ * @key: the structure that contains the OpenPGP public key.
+ * @idx: the index of the ID to extract
+ * @buf: a pointer to a structure to hold the name, may be %NULL
+ * to only get the @sizeof_buf.
+ * @sizeof_buf: holds the maximum size of @buf, on return hold the
+ * actual/required size of @buf.
+ *
+ * Extracts the userID from the parsed OpenPGP key.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, and if the index of the ID
+ * does not exist %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE, or an
+ * error code.
+ **/
+int
+gnutls_openpgp_crt_get_name (gnutls_openpgp_crt_t key,
+ int idx, char *buf, size_t * sizeof_buf)
+{
+ cdk_kbnode_t ctx = NULL, p;
+ cdk_packet_t pkt = NULL;
+ cdk_pkt_userid_t uid = NULL;
+ int pos = 0;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (idx < 0 || idx >= _gnutls_openpgp_count_key_names (key))
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ pos = 0;
+ while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype == CDK_PKT_USER_ID)
+ {
+ if (pos == idx)
+ break;
+ pos++;
+ }
+ }
+
+ if (!pkt)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ uid = pkt->pkt.user_id;
+ if (uid->len >= *sizeof_buf)
+ {
+ gnutls_assert ();
+ *sizeof_buf = uid->len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (buf)
+ {
+ memcpy (buf, uid->name, uid->len);
+ buf[uid->len] = '\0'; /* make sure it's a string */
+ }
+ *sizeof_buf = uid->len + 1;
+
+ if (uid->is_revoked)
+ return GNUTLS_E_OPENPGP_UID_REVOKED;
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_get_pk_algorithm:
+ * @key: is an OpenPGP key
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of an OpenPGP
+ * certificate.
+ *
+ * If bits is non null, it should have enough size to hold the parameters
+ * size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public exponent.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or GNUTLS_PK_UNKNOWN on error.
+ **/
+gnutls_pk_algorithm_t
+gnutls_openpgp_crt_get_pk_algorithm (gnutls_openpgp_crt_t key,
+ unsigned int *bits)
+{
+ cdk_packet_t pkt;
+ int algo;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ algo = 0;
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ {
+ if (bits)
+ *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
+ algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
+ }
+
+ return algo;
+}
+
+
+/**
+ * gnutls_openpgp_crt_get_version:
+ * @key: the structure that contains the OpenPGP public key.
+ *
+ * Extract the version of the OpenPGP key.
+ *
+ * Returns: the version number is returned, or a negative value on errors.
+ **/
+int
+gnutls_openpgp_crt_get_version (gnutls_openpgp_crt_t key)
+{
+ cdk_packet_t pkt;
+ int version;
+
+ if (!key)
+ return -1;
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ version = pkt->pkt.public_key->version;
+ else
+ version = 0;
+
+ return version;
+}
+
+
+/**
+ * gnutls_openpgp_crt_get_creation_time:
+ * @key: the structure that contains the OpenPGP public key.
+ *
+ * Get key creation time.
+ *
+ * Returns: the timestamp when the OpenPGP key was created.
+ **/
+time_t
+gnutls_openpgp_crt_get_creation_time (gnutls_openpgp_crt_t key)
+{
+ cdk_packet_t pkt;
+ time_t timestamp;
+
+ if (!key)
+ return (time_t) - 1;
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ timestamp = pkt->pkt.public_key->timestamp;
+ else
+ timestamp = 0;
+
+ return timestamp;
+}
+
+
+/**
+ * gnutls_openpgp_crt_get_expiration_time:
+ * @key: the structure that contains the OpenPGP public key.
+ *
+ * Get key expiration time. A value of '0' means that the key doesn't
+ * expire at all.
+ *
+ * Returns: the time when the OpenPGP key expires.
+ **/
+time_t
+gnutls_openpgp_crt_get_expiration_time (gnutls_openpgp_crt_t key)
+{
+ cdk_packet_t pkt;
+ time_t expiredate;
+
+ if (!key)
+ return (time_t) - 1;
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (pkt)
+ expiredate = pkt->pkt.public_key->expiredate;
+ else
+ expiredate = 0;
+
+ return expiredate;
+}
+
+/**
+ * gnutls_openpgp_crt_get_key_id:
+ * @key: the structure that contains the OpenPGP public key.
+ * @keyid: the buffer to save the keyid.
+ *
+ * Get key id string.
+ *
+ * Returns: the 64-bit keyID of the OpenPGP key.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_key_id (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid)
+{
+ cdk_packet_t pkt;
+ uint32_t kid[2];
+
+ if (!key || !keyid)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ cdk_pk_get_keyid (pkt->pkt.public_key, kid);
+ _gnutls_write_uint32 (kid[0], keyid);
+ _gnutls_write_uint32 (kid[1], keyid + 4);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_get_revoked_status:
+ * @key: the structure that contains the OpenPGP public key.
+ *
+ * Get revocation status of key.
+ *
+ * Returns: true (1) if the key has been revoked, or false (0) if it
+ * has not.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_revoked_status (gnutls_openpgp_crt_t key)
+{
+ cdk_packet_t pkt;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ if (pkt->pkt.public_key->is_revoked != 0)
+ return 1;
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_check_hostname:
+ * @key: should contain a #gnutls_openpgp_crt_t structure
+ * @hostname: A null terminated string that contains a DNS name
+ *
+ * This function will check if the given key's owner matches the
+ * given hostname. This is a basic implementation of the matching
+ * described in RFC2818 (HTTPS), which takes into account wildcards.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_check_hostname (gnutls_openpgp_crt_t key,
+ const char *hostname)
+{
+ char dnsname[MAX_CN];
+ size_t dnsnamesize;
+ int ret = 0;
+ int i;
+
+ /* Check through all included names. */
+ for (i = 0; !(ret < 0); i++)
+ {
+ dnsnamesize = sizeof (dnsname);
+ ret = gnutls_openpgp_crt_get_name (key, i, dnsname, &dnsnamesize);
+
+ if (ret == 0)
+ {
+ /* Length returned by gnutls_openpgp_crt_get_name includes
+ the terminating zero. */
+ dnsnamesize--;
+
+ if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ return 1;
+ }
+ }
+
+ /* not found a matching name */
+ return 0;
+}
+
+unsigned int
+_gnutls_get_pgp_key_usage (unsigned int cdk_usage)
+{
+ unsigned int usage = 0;
+
+ if (cdk_usage & CDK_KEY_USG_CERT_SIGN)
+ usage |= GNUTLS_KEY_KEY_CERT_SIGN;
+ if (cdk_usage & CDK_KEY_USG_DATA_SIGN)
+ usage |= GNUTLS_KEY_DIGITAL_SIGNATURE;
+ if (cdk_usage & CDK_KEY_USG_COMM_ENCR)
+ usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ if (cdk_usage & CDK_KEY_USG_STORAGE_ENCR)
+ usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ if (cdk_usage & CDK_KEY_USG_AUTH)
+ usage |= GNUTLS_KEY_KEY_AGREEMENT;
+
+ return usage;
+}
+
+/**
+ * gnutls_openpgp_crt_get_key_usage:
+ * @key: should contain a gnutls_openpgp_crt_t structure
+ * @key_usage: where the key usage bits will be stored
+ *
+ * This function will return certificate's key usage, by checking the
+ * key algorithm. The key usage value will ORed values of the:
+ * %GNUTLS_KEY_DIGITAL_SIGNATURE, %GNUTLS_KEY_KEY_ENCIPHERMENT.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ */
+int
+gnutls_openpgp_crt_get_key_usage (gnutls_openpgp_crt_t key,
+ unsigned int *key_usage)
+{
+ cdk_packet_t pkt;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_PUBLIC_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_count:
+ * @key: is an OpenPGP key
+ *
+ * This function will return the number of subkeys present in the
+ * given OpenPGP certificate.
+ *
+ * Returns: the number of subkeys, or a negative value on error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_subkey_count (gnutls_openpgp_crt_t key)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int subkeys;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)
+ subkeys++;
+ }
+
+ return subkeys;
+}
+
+/* returns the subkey with the given index */
+static cdk_packet_t
+_get_public_subkey (gnutls_openpgp_crt_t key, unsigned int indx)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ unsigned int subkeys;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY && indx == subkeys++)
+ return pkt;
+ }
+
+ return NULL;
+}
+
+/* returns the key with the given keyid. It can be either key or subkey.
+ * depending on what requested:
+ * pkt->pkt.secret_key;
+ * pkt->pkt.public_key;
+ */
+cdk_packet_t
+_gnutls_openpgp_find_key (cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ uint32_t local_keyid[2];
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+
+ if ((priv == 0
+ && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY
+ || pkt->pkttype == CDK_PKT_PUBLIC_KEY)) || (priv != 0
+ && (pkt->pkttype ==
+ CDK_PKT_SECRET_SUBKEY
+ || pkt->pkttype
+ ==
+ CDK_PKT_SECRET_KEY)))
+ {
+ if (priv == 0)
+ cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
+ else
+ cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
+
+ if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
+ {
+ return pkt;
+ }
+ }
+ }
+
+ gnutls_assert ();
+ return NULL;
+}
+
+/* returns the key with the given keyid
+ * depending on what requested:
+ * pkt->pkt.secret_key;
+ * pkt->pkt.public_key;
+ */
+int
+_gnutls_openpgp_find_subkey_idx (cdk_kbnode_t knode, uint32_t keyid[2],
+ unsigned int priv)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int i = 0;
+ uint32_t local_keyid[2];
+
+ _gnutls_hard_log ("Looking keyid: %x.%x\n", keyid[0], keyid[1]);
+
+ ctx = NULL;
+ while ((p = cdk_kbnode_walk (knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+
+ if ((priv == 0 && (pkt->pkttype == CDK_PKT_PUBLIC_SUBKEY)) ||
+ (priv != 0 && (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)))
+ {
+ if (priv == 0)
+ cdk_pk_get_keyid (pkt->pkt.public_key, local_keyid);
+ else
+ cdk_pk_get_keyid (pkt->pkt.secret_key->pk, local_keyid);
+
+ _gnutls_hard_log ("Found keyid: %x.%x\n", local_keyid[0],
+ local_keyid[1]);
+ if (local_keyid[0] == keyid[0] && local_keyid[1] == keyid[1])
+ {
+ return i;
+ }
+ i++;
+ }
+ }
+
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_revoked_status:
+ * @key: the structure that contains the OpenPGP public key.
+ * @idx: is the subkey index
+ *
+ * Get subkey revocation status. A negative value indicates an error.
+ *
+ * Returns: true (1) if the key has been revoked, or false (0) if it
+ * has not.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_subkey_revoked_status (gnutls_openpgp_crt_t key,
+ unsigned int idx)
+{
+ cdk_packet_t pkt;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = _get_public_subkey (key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ if (pkt->pkt.public_key->is_revoked != 0)
+ return 1;
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_pk_algorithm:
+ * @key: is an OpenPGP key
+ * @idx: is the subkey index
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of a subkey of an OpenPGP
+ * certificate.
+ *
+ * If bits is non null, it should have enough size to hold the
+ * parameters size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public exponent.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or GNUTLS_PK_UNKNOWN on error.
+ *
+ * Since: 2.4.0
+ **/
+gnutls_pk_algorithm_t
+gnutls_openpgp_crt_get_subkey_pk_algorithm (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *bits)
+{
+ cdk_packet_t pkt;
+ int algo;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ pkt = _get_public_subkey (key, idx);
+
+ algo = 0;
+ if (pkt)
+ {
+ if (bits)
+ *bits = cdk_pk_get_nbits (pkt->pkt.public_key);
+ algo = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
+ }
+
+ return algo;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_creation_time:
+ * @key: the structure that contains the OpenPGP public key.
+ * @idx: the subkey index
+ *
+ * Get subkey creation time.
+ *
+ * Returns: the timestamp when the OpenPGP sub-key was created.
+ *
+ * Since: 2.4.0
+ **/
+time_t
+gnutls_openpgp_crt_get_subkey_creation_time (gnutls_openpgp_crt_t key,
+ unsigned int idx)
+{
+ cdk_packet_t pkt;
+ time_t timestamp;
+
+ if (!key)
+ return (time_t) - 1;
+
+ pkt = _get_public_subkey (key, idx);
+ if (pkt)
+ timestamp = pkt->pkt.public_key->timestamp;
+ else
+ timestamp = 0;
+
+ return timestamp;
+}
+
+
+/**
+ * gnutls_openpgp_crt_get_subkey_expiration_time:
+ * @key: the structure that contains the OpenPGP public key.
+ * @idx: the subkey index
+ *
+ * Get subkey expiration time. A value of '0' means that the key
+ * doesn't expire at all.
+ *
+ * Returns: the time when the OpenPGP key expires.
+ *
+ * Since: 2.4.0
+ **/
+time_t
+gnutls_openpgp_crt_get_subkey_expiration_time (gnutls_openpgp_crt_t key,
+ unsigned int idx)
+{
+ cdk_packet_t pkt;
+ time_t expiredate;
+
+ if (!key)
+ return (time_t) - 1;
+
+ pkt = _get_public_subkey (key, idx);
+ if (pkt)
+ expiredate = pkt->pkt.public_key->expiredate;
+ else
+ expiredate = 0;
+
+ return expiredate;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_id:
+ * @key: the structure that contains the OpenPGP public key.
+ * @idx: the subkey index
+ * @keyid: the buffer to save the keyid.
+ *
+ * Get the subkey's key-id.
+ *
+ * Returns: the 64-bit keyID of the OpenPGP key.
+ **/
+int
+gnutls_openpgp_crt_get_subkey_id (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
+{
+ cdk_packet_t pkt;
+ uint32_t kid[2];
+
+ if (!key || !keyid)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = _get_public_subkey (key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ cdk_pk_get_keyid (pkt->pkt.public_key, kid);
+ _gnutls_write_uint32 (kid[0], keyid);
+ _gnutls_write_uint32 (kid[1], keyid + 4);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_fingerprint:
+ * @key: the raw data that contains the OpenPGP public key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get key fingerprint of a subkey. Depending on the algorithm, the
+ * fingerprint can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned. Otherwise, an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_subkey_fingerprint (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
+{
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *fprlen = 0;
+
+ pkt = _get_public_subkey (key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ pk = pkt->pkt.public_key;
+ *fprlen = 20;
+
+ /* FIXME: Check if the draft allows old PGP keys. */
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+ cdk_pk_get_fingerprint (pk, fpr);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_idx:
+ * @key: the structure that contains the OpenPGP public key.
+ * @keyid: the keyid.
+ *
+ * Get subkey's index.
+ *
+ * Returns: the index of the subkey or a negative error value.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_subkey_idx (gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t keyid)
+{
+ int ret;
+ uint32_t kid[2];
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT (kid, keyid);
+ ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 0);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_usage:
+ * @key: should contain a gnutls_openpgp_crt_t structure
+ * @idx: the subkey index
+ * @key_usage: where the key usage bits will be stored
+ *
+ * This function will return certificate's key usage, by checking the
+ * key algorithm. The key usage value will ORed values of
+ * %GNUTLS_KEY_DIGITAL_SIGNATURE or %GNUTLS_KEY_KEY_ENCIPHERMENT.
+ *
+ * A negative value may be returned in case of parsing error.
+ *
+ * Returns: key usage value.
+ *
+ * Since: 2.4.0
+ */
+int
+gnutls_openpgp_crt_get_subkey_usage (gnutls_openpgp_crt_t key,
+ unsigned int idx,
+ unsigned int *key_usage)
+{
+ cdk_packet_t pkt;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = _get_public_subkey (key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+
+ *key_usage = _gnutls_get_pgp_key_usage (pkt->pkt.public_key->pubkey_usage);
+
+ return 0;
+}
+
+int
+_gnutls_read_pgp_mpi (cdk_packet_t pkt, unsigned int priv, size_t idx,
+ bigint_t * m)
+{
+ size_t buf_size = 512;
+ opaque *buf = gnutls_malloc (buf_size);
+ int err;
+ unsigned int max_pub_params = 0;
+
+ if (priv != 0)
+ max_pub_params = cdk_pk_get_npkey (pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (buf == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* FIXME: Note that opencdk doesn't like the buf to be NULL.
+ */
+ if (priv == 0)
+ err =
+ cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
+ NULL);
+ else
+ {
+ if (idx < max_pub_params)
+ err =
+ cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
+ &buf_size, NULL);
+ else
+ {
+ err =
+ cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params, buf,
+ buf_size, &buf_size, NULL);
+ }
+ }
+
+ if (err == CDK_Too_Short)
+ {
+ buf = gnutls_realloc_fast (buf, buf_size);
+ if (buf == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (priv == 0)
+ err =
+ cdk_pk_get_mpi (pkt->pkt.public_key, idx, buf, buf_size, &buf_size,
+ NULL);
+ else
+ {
+ if (idx < max_pub_params)
+ err =
+ cdk_pk_get_mpi (pkt->pkt.secret_key->pk, idx, buf, buf_size,
+ &buf_size, NULL);
+ else
+ {
+ err =
+ cdk_sk_get_mpi (pkt->pkt.secret_key, idx - max_pub_params,
+ buf, buf_size, &buf_size, NULL);
+ }
+ }
+ }
+
+ if (err != CDK_Success)
+ {
+ gnutls_assert ();
+ gnutls_free (buf);
+ return _gnutls_map_cdk_rc (err);
+ }
+
+ err = _gnutls_mpi_scan (m, buf, buf_size);
+ gnutls_free (buf);
+
+ if (err < 0)
+ {
+ gnutls_assert ();
+ return err;
+ }
+
+ return 0;
+}
+
+
+/* Extracts DSA and RSA parameters from a certificate.
+ */
+int
+_gnutls_openpgp_crt_get_mpis (gnutls_openpgp_crt_t cert,
+ uint32_t * keyid /* [2] */ ,
+ bigint_t * params, int *params_size)
+{
+ int result, i;
+ int pk_algorithm, local_params;
+ cdk_packet_t pkt;
+
+ if (keyid == NULL)
+ pkt = cdk_kbnode_find_packet (cert->knode, CDK_PKT_PUBLIC_KEY);
+ else
+ pkt = _gnutls_openpgp_find_key (cert->knode, keyid, 0);
+
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
+
+ switch (pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ local_params = RSA_PUBLIC_PARAMS;
+ break;
+ case GNUTLS_PK_DSA:
+ local_params = DSA_PUBLIC_PARAMS;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ if (*params_size < local_params)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ *params_size = local_params;
+
+ for (i = 0; i < local_params; i++)
+ {
+ result = _gnutls_read_pgp_mpi (pkt, 0, i, ¶ms[i]);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
+
+ return 0;
+
+error:
+ {
+ int j;
+ for (j = 0; j < i; j++)
+ _gnutls_mpi_release (¶ms[j]);
+ }
+
+ return result;
+}
+
+/* The internal version of export
+ */
+static int
+_get_pk_rsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * m, gnutls_datum_t * e)
+{
+ int pk_algorithm, ret, i;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT (kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0);
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint (params[0], m);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[1], e);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return ret;
+}
+
+static int
+_get_pk_dsa_raw (gnutls_openpgp_crt_t crt, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
+{
+ int pk_algorithm, ret, i;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT (kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key (crt->knode, kid32, 0);
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm = _gnutls_openpgp_get_algo (pkt->pkt.public_key->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_DSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_crt_get_mpis (crt, kid32, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint (params[0], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint (params[1], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint (params[2], g);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint (params[3], y);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return ret;
+}
+
+
+/**
+ * gnutls_openpgp_crt_get_pk_rsa_raw:
+ * @crt: Holds the certificate
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ *
+ * This function will export the RSA public key's parameters found in
+ * the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_pk_rsa_raw (gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * m, gnutls_datum_t * e)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_crt_get_key_id (crt, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_pk_rsa_raw (crt, keyid, m, e);
+}
+
+/**
+ * gnutls_openpgp_crt_get_pk_dsa_raw:
+ * @crt: Holds the certificate
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ *
+ * This function will export the DSA public key's parameters found in
+ * the given certificate. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_pk_dsa_raw (gnutls_openpgp_crt_t crt,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_crt_get_key_id (crt, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_pk_dsa_raw (crt, keyid, p, q, g, y);
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_pk_rsa_raw:
+ * @crt: Holds the certificate
+ * @idx: Is the subkey index
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ *
+ * This function will export the RSA public key's parameters found in
+ * the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_subkey_pk_rsa_raw (gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_pk_rsa_raw (crt, keyid, m, e);
+}
+
+/**
+ * gnutls_openpgp_crt_get_subkey_pk_dsa_raw:
+ * @crt: Holds the certificate
+ * @idx: Is the subkey index
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ *
+ * This function will export the DSA public key's parameters found in
+ * the given certificate. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_crt_get_subkey_pk_dsa_raw (gnutls_openpgp_crt_t crt,
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_crt_get_subkey_id (crt, idx, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_pk_dsa_raw (crt, keyid, p, q, g, y);
+}
+
+/**
+ * gnutls_openpgp_crt_get_preferred_key_id:
+ * @key: the structure that contains the OpenPGP public key.
+ * @keyid: the struct to save the keyid.
+ *
+ * Get preferred key id. If it hasn't been set it returns
+ * %GNUTLS_E_INVALID_REQUEST.
+ *
+ * Returns: the 64-bit preferred keyID of the OpenPGP key.
+ **/
+int
+gnutls_openpgp_crt_get_preferred_key_id (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyid_t keyid)
+{
+ if (!key->preferred_set)
+ return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
+ if (!key || !keyid)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_set_preferred_key_id:
+ * @key: the structure that contains the OpenPGP public key.
+ * @keyid: the selected keyid
+ *
+ * This allows setting a preferred key id for the given certificate.
+ * This key will be used by functions that involve key handling.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_openpgp_crt_set_preferred_key_id (gnutls_openpgp_crt_t key,
+ const gnutls_openpgp_keyid_t keyid)
+{
+ int ret;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* check if the id is valid */
+ ret = gnutls_openpgp_crt_get_subkey_idx (key, keyid);
+ if (ret < 0)
+ {
+ _gnutls_x509_log ("the requested subkey does not exist\n");
+ gnutls_assert ();
+ return ret;
+ }
+
+ key->preferred_set = 1;
+ memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_crt_get_auth_subkey:
+ * @crt: the structure that contains the OpenPGP public key.
+ * @keyid: the struct to save the keyid.
+ * @flag: Non zero indicates that a valid subkey is always returned.
+ *
+ * Returns the 64-bit keyID of the first valid OpenPGP subkey marked
+ * for authentication. If flag is non zero and no authentication
+ * subkey exists, then a valid subkey will be returned even if it is
+ * not marked for authentication.
+ * Returns the 64-bit keyID of the first valid OpenPGP subkey marked
+ * for authentication. If flag is non zero and no authentication
+ * subkey exists, then a valid subkey will be returned even if it is
+ * not marked for authentication.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_get_auth_subkey (gnutls_openpgp_crt_t crt,
+ gnutls_openpgp_keyid_t keyid,
+ unsigned int flag)
+{
+ int ret, subkeys, i;
+ unsigned int usage;
+ unsigned int keyid_init = 0;
+
+ subkeys = gnutls_openpgp_crt_get_subkey_count (crt);
+ if (subkeys <= 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_SUBKEY_ERROR;
+ }
+
+ /* Try to find a subkey with the authentication flag set.
+ * if none exists use the last one found
+ */
+ for (i = 0; i < subkeys; i++)
+ {
+ ret = gnutls_openpgp_crt_get_subkey_pk_algorithm(crt, i, NULL);
+ if (ret == GNUTLS_PK_UNKNOWN)
+ continue;
+
+ ret = gnutls_openpgp_crt_get_subkey_revoked_status (crt, i);
+ if (ret != 0) /* it is revoked. ignore it */
+ continue;
+
+ if (keyid_init == 0)
+ { /* keep the first valid subkey */
+ ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ keyid_init = 1;
+ }
+
+ ret = gnutls_openpgp_crt_get_subkey_usage (crt, i, &usage);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (usage & GNUTLS_KEY_KEY_AGREEMENT)
+ {
+ ret = gnutls_openpgp_crt_get_subkey_id (crt, i, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ return 0;
+ }
+ }
+
+ if (flag && keyid_init)
+ return 0;
+ else
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+}
--- /dev/null
+/*
+ * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Timo Schulz, Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+/* Functions on OpenPGP key parsing
+ */
+
+#include <gnutls_int.h>
+#include <openpgp_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_openpgp.h>
+#include <gnutls_num.h>
+
+/**
+ * gnutls_openpgp_crt_verify_ring:
+ * @key: the structure that holds the key.
+ * @keyring: holds the keyring to check against
+ * @flags: unused (should be 0)
+ * @verify: will hold the certificate verification output.
+ *
+ * Verify all signatures in the key, using the given set of keys
+ * (keyring).
+ *
+ * The key verification output will be put in @verify and will be one
+ * or more of the #gnutls_certificate_status_t enumerated elements
+ * bitwise or'd.
+ *
+ * %GNUTLS_CERT_INVALID: A signature on the key is invalid.
+ *
+ * %GNUTLS_CERT_REVOKED: The key has been revoked.
+ *
+ * Note that this function does not verify using any "web of trust".
+ * You may use GnuPG for that purpose, or any other external PGP
+ * application.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_verify_ring (gnutls_openpgp_crt_t key,
+ gnutls_openpgp_keyring_t keyring,
+ unsigned int flags, unsigned int *verify)
+{
+ gnutls_openpgp_keyid_t id;
+ cdk_error_t rc;
+ int status;
+
+ if (!key || !keyring)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+ }
+
+ *verify = 0;
+
+ rc = cdk_pk_check_sigs (key->knode, keyring->db, &status);
+ if (rc == CDK_Error_No_Key)
+ {
+ rc = GNUTLS_E_NO_CERTIFICATE_FOUND;
+ gnutls_assert ();
+ return rc;
+ }
+ else if (rc != CDK_Success)
+ {
+ _gnutls_x509_log ("cdk_pk_check_sigs: error %d\n", rc);
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+ _gnutls_x509_log ("status: %x\n", status);
+
+ if (status & CDK_KEY_INVALID)
+ *verify |= GNUTLS_CERT_INVALID;
+ if (status & CDK_KEY_REVOKED)
+ *verify |= GNUTLS_CERT_REVOKED;
+ if (status & CDK_KEY_NOSIGNER)
+ *verify |= GNUTLS_CERT_SIGNER_NOT_FOUND;
+
+ /* Check if the key is included in the ring. */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ {
+ rc = gnutls_openpgp_crt_get_key_id (key, id);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = gnutls_openpgp_keyring_check_id (keyring, id, 0);
+ /* If it exists in the keyring don't treat it as unknown. */
+ if (rc == 0 && *verify & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ *verify ^= GNUTLS_CERT_SIGNER_NOT_FOUND;
+ }
+
+ return 0;
+}
+
+
+/**
+ * gnutls_openpgp_crt_verify_self:
+ * @key: the structure that holds the key.
+ * @flags: unused (should be 0)
+ * @verify: will hold the key verification output.
+ *
+ * Verifies the self signature in the key. The key verification
+ * output will be put in @verify and will be one or more of the
+ * gnutls_certificate_status_t enumerated elements bitwise or'd.
+ *
+ * %GNUTLS_CERT_INVALID: The self signature on the key is invalid.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_crt_verify_self (gnutls_openpgp_crt_t key,
+ unsigned int flags, unsigned int *verify)
+{
+ int status;
+ cdk_error_t rc;
+
+ rc = cdk_pk_check_self_sig (key->knode, &status);
+ if (rc || status != CDK_KEY_VALID)
+ *verify |= GNUTLS_CERT_INVALID;
+ else
+ *verify = 0;
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+/* Functions on OpenPGP privkey parsing
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <openpgp_int.h>
+#include <gnutls_openpgp.h>
+#include <gnutls_cert.h>
+#include <gnutls_sig.h>
+
+/**
+ * gnutls_openpgp_privkey_init:
+ * @key: The structure to be initialized
+ *
+ * This function will initialize an OpenPGP key structure.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_privkey_init (gnutls_openpgp_privkey_t * key)
+{
+ *key = gnutls_calloc (1, sizeof (gnutls_openpgp_privkey_int));
+
+ if (*key)
+ return 0; /* success */
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+/**
+ * gnutls_openpgp_privkey_deinit:
+ * @key: The structure to be initialized
+ *
+ * This function will deinitialize a key structure.
+ **/
+void
+gnutls_openpgp_privkey_deinit (gnutls_openpgp_privkey_t key)
+{
+ if (!key)
+ return;
+
+ if (key->knode)
+ {
+ cdk_kbnode_release (key->knode);
+ key->knode = NULL;
+ }
+
+ gnutls_free (key);
+}
+
+/**
+ * gnutls_openpgp_privkey_sec_param:
+ * @key: a key structure
+ *
+ * This function will return the security parameter appropriate with
+ * this private key.
+ *
+ * Returns: On success, a valid security parameter is returned otherwise
+ * %GNUTLS_SEC_PARAM_UNKNOWN is returned.
+ **/
+gnutls_sec_param_t
+gnutls_openpgp_privkey_sec_param (gnutls_openpgp_privkey_t key)
+{
+ gnutls_pk_algorithm_t algo;
+ unsigned int bits;
+
+ algo = gnutls_openpgp_privkey_get_pk_algorithm (key, &bits);
+ if (algo == GNUTLS_PK_UNKNOWN)
+ {
+ gnutls_assert ();
+ return GNUTLS_SEC_PARAM_UNKNOWN;
+ }
+
+ return gnutls_pk_bits_to_sec_param (algo, bits);
+}
+
+/**
+ * gnutls_openpgp_privkey_import:
+ * @key: The structure to store the parsed key.
+ * @data: The RAW or BASE64 encoded key.
+ * @format: One of #gnutls_openpgp_crt_fmt_t elements.
+ * @password: not used for now
+ * @flags: should be zero
+ *
+ * This function will convert the given RAW or Base64 encoded key to
+ * the native gnutls_openpgp_privkey_t format. The output will be
+ * stored in 'key'.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ **/
+int
+gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags)
+{
+ cdk_stream_t inp;
+ cdk_packet_t pkt;
+ int rc;
+
+ if (data->data == NULL || data->size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ if (format == GNUTLS_OPENPGP_FMT_RAW)
+ {
+ rc = cdk_kbnode_read_from_mem (&key->knode, data->data, data->size);
+ if (rc != 0)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+ else
+ {
+ rc = cdk_stream_tmp_from_mem (data->data, data->size, &inp);
+ if (rc != 0)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+
+ if (cdk_armor_filter_use (inp))
+ {
+ rc = cdk_stream_set_armor_flag (inp, 0);
+ if (rc != 0)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ cdk_stream_close (inp);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ rc = cdk_keydb_get_keyblock (inp, &key->knode);
+ cdk_stream_close (inp);
+
+ if (rc != 0)
+ {
+ rc = _gnutls_map_cdk_rc (rc);
+ gnutls_assert ();
+ return rc;
+ }
+ }
+
+ /* Test if the import was successful. */
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_privkey_export:
+ * @key: Holds the key.
+ * @format: One of gnutls_openpgp_crt_fmt_t elements.
+ * @password: the password that will be used to encrypt the key. (unused for now)
+ * @flags: zero for future compatibility
+ * @output_data: will contain the key base64 encoded or raw
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will convert the given key to RAW or Base64 format.
+ * If the buffer provided is not long enough to hold the output, then
+ * GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_export (gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_crt_fmt_t format,
+ const char *password, unsigned int flags,
+ void *output_data, size_t * output_data_size)
+{
+ /* FIXME for now we do not export encrypted keys */
+ return _gnutls_openpgp_export (key->knode, format, output_data,
+ output_data_size, 1);
+}
+
+
+/**
+ * gnutls_openpgp_privkey_get_pk_algorithm:
+ * @key: is an OpenPGP key
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of an OpenPGP
+ * certificate.
+ *
+ * If bits is non null, it should have enough size to hold the parameters
+ * size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public exponent.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ *
+ * Since: 2.4.0
+ **/
+gnutls_pk_algorithm_t
+gnutls_openpgp_privkey_get_pk_algorithm (gnutls_openpgp_privkey_t key,
+ unsigned int *bits)
+{
+ cdk_packet_t pkt;
+ int algo;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ algo = 0;
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
+ if (pkt)
+ {
+ if (bits)
+ *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
+ algo = _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
+ }
+
+ return algo;
+}
+
+int
+_gnutls_openpgp_get_algo (int cdk_algo)
+{
+ int algo;
+
+ if (is_RSA (cdk_algo))
+ algo = GNUTLS_PK_RSA;
+ else if (is_DSA (cdk_algo))
+ algo = GNUTLS_PK_DSA;
+ else
+ {
+ _gnutls_x509_log ("Unknown OpenPGP algorithm %d\n", cdk_algo);
+ algo = GNUTLS_PK_UNKNOWN;
+ }
+
+ return algo;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_revoked_status:
+ * @key: the structure that contains the OpenPGP private key.
+ *
+ * Get revocation status of key.
+ *
+ * Returns: true (1) if the key has been revoked, or false (0) if it
+ * has not, or a negative value indicates an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_revoked_status (gnutls_openpgp_privkey_t key)
+{
+ cdk_packet_t pkt;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ if (pkt->pkt.secret_key->is_revoked != 0)
+ return 1;
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_fingerprint:
+ * @key: the raw data that contains the OpenPGP secret key.
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get the fingerprint of the OpenPGP key. Depends on the
+ * algorithm, the fingerprint can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_fingerprint (gnutls_openpgp_privkey_t key,
+ void *fpr, size_t * fprlen)
+{
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *fprlen = 0;
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk = pkt->pkt.secret_key->pk;
+ *fprlen = 20;
+
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+
+ cdk_pk_get_fingerprint (pk, fpr);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_key_id:
+ * @key: the structure that contains the OpenPGP secret key.
+ * @keyid: the buffer to save the keyid.
+ *
+ * Get key-id.
+ *
+ * Returns: the 64-bit keyID of the OpenPGP key.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_key_id (gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t keyid)
+{
+ cdk_packet_t pkt;
+ uint32_t kid[2];
+
+ if (!key || !keyid)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
+ _gnutls_write_uint32 (kid[0], keyid);
+ _gnutls_write_uint32 (kid[1], keyid + 4);
+
+ return 0;
+}
+
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_count:
+ * @key: is an OpenPGP key
+ *
+ * This function will return the number of subkeys present in the
+ * given OpenPGP certificate.
+ *
+ * Returns: the number of subkeys, or a negative value on error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_count (gnutls_openpgp_privkey_t key)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ int subkeys;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY)
+ subkeys++;
+ }
+
+ return subkeys;
+}
+
+/* returns the subkey with the given index */
+static cdk_packet_t
+_get_secret_subkey (gnutls_openpgp_privkey_t key, unsigned int indx)
+{
+ cdk_kbnode_t p, ctx;
+ cdk_packet_t pkt;
+ unsigned int subkeys;
+
+ ctx = NULL;
+ subkeys = 0;
+ while ((p = cdk_kbnode_walk (key->knode, &ctx, 0)))
+ {
+ pkt = cdk_kbnode_get_packet (p);
+ if (pkt->pkttype == CDK_PKT_SECRET_SUBKEY && indx == subkeys++)
+ return pkt;
+ }
+
+ return NULL;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_revoked_status:
+ * @key: the structure that contains the OpenPGP private key.
+ * @idx: is the subkey index
+ *
+ * Get revocation status of key.
+ *
+ * Returns: true (1) if the key has been revoked, or false (0) if it
+ * has not, or a negative value indicates an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_revoked_status (gnutls_openpgp_privkey_t
+ key, unsigned int idx)
+{
+ cdk_packet_t pkt;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = _get_secret_subkey (key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ if (pkt->pkt.secret_key->is_revoked != 0)
+ return 1;
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_pk_algorithm:
+ * @key: is an OpenPGP key
+ * @idx: is the subkey index
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of a subkey of an OpenPGP
+ * certificate.
+ *
+ * If bits is non null, it should have enough size to hold the parameters
+ * size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public exponent.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ *
+ * Since: 2.4.0
+ **/
+gnutls_pk_algorithm_t
+gnutls_openpgp_privkey_get_subkey_pk_algorithm (gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ unsigned int *bits)
+{
+ cdk_packet_t pkt;
+ int algo;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_PK_UNKNOWN;
+ }
+
+ pkt = _get_secret_subkey (key, idx);
+
+ algo = 0;
+ if (pkt)
+ {
+ if (bits)
+ *bits = cdk_pk_get_nbits (pkt->pkt.secret_key->pk);
+ algo = pkt->pkt.secret_key->pubkey_algo;
+ if (is_RSA (algo))
+ algo = GNUTLS_PK_RSA;
+ else if (is_DSA (algo))
+ algo = GNUTLS_PK_DSA;
+ else
+ algo = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ return algo;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_idx:
+ * @key: the structure that contains the OpenPGP private key.
+ * @keyid: the keyid.
+ *
+ * Get index of subkey.
+ *
+ * Returns: the index of the subkey or a negative error value.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_idx (gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t keyid)
+{
+ int ret;
+ uint32_t kid[2];
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT (kid, keyid);
+ ret = _gnutls_openpgp_find_subkey_idx (key->knode, kid, 1);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_creation_time:
+ * @key: the structure that contains the OpenPGP private key.
+ * @idx: the subkey index
+ *
+ * Get subkey creation time.
+ *
+ * Returns: the timestamp when the OpenPGP key was created.
+ *
+ * Since: 2.4.0
+ **/
+time_t
+gnutls_openpgp_privkey_get_subkey_creation_time (gnutls_openpgp_privkey_t key,
+ unsigned int idx)
+{
+ cdk_packet_t pkt;
+ time_t timestamp;
+
+ if (!key)
+ return (time_t) - 1;
+
+ pkt = _get_secret_subkey (key, idx);
+ if (pkt)
+ timestamp = pkt->pkt.secret_key->pk->timestamp;
+ else
+ timestamp = 0;
+
+ return timestamp;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_expiration_time:
+ * @key: the structure that contains the OpenPGP private key.
+ * @idx: the subkey index
+ *
+ * Get subkey expiration time. A value of '0' means that the key
+ * doesn't expire at all.
+ *
+ * Returns: the time when the OpenPGP key expires.
+ *
+ * Since: 2.4.0
+ **/
+time_t
+gnutls_openpgp_privkey_get_subkey_expiration_time (gnutls_openpgp_privkey_t
+ key, unsigned int idx)
+{
+ cdk_packet_t pkt;
+ time_t expiredate;
+
+ if (!key)
+ return (time_t) - 1;
+
+ pkt = _get_secret_subkey (key, idx);
+ if (pkt)
+ expiredate = pkt->pkt.secret_key->expiredate;
+ else
+ expiredate = 0;
+
+ return expiredate;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_id:
+ * @key: the structure that contains the OpenPGP secret key.
+ * @idx: the subkey index
+ * @keyid: the buffer to save the keyid.
+ *
+ * Get the key-id for the subkey.
+ *
+ * Returns: the 64-bit keyID of the OpenPGP key.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_id (gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ gnutls_openpgp_keyid_t keyid)
+{
+ cdk_packet_t pkt;
+ uint32_t kid[2];
+
+ if (!key || !keyid)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ pkt = _get_secret_subkey (key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+ cdk_sk_get_keyid (pkt->pkt.secret_key, kid);
+ _gnutls_write_uint32 (kid[0], keyid);
+ _gnutls_write_uint32 (kid[1], keyid + 4);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_privkey_get_subkey_fingerprint:
+ * @key: the raw data that contains the OpenPGP secret key.
+ * @idx: the subkey index
+ * @fpr: the buffer to save the fingerprint, must hold at least 20 bytes.
+ * @fprlen: the integer to save the length of the fingerprint.
+ *
+ * Get the fingerprint of an OpenPGP subkey. Depends on the
+ * algorithm, the fingerprint can be 16 or 20 bytes.
+ *
+ * Returns: On success, 0 is returned, or an error code.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_get_subkey_fingerprint (gnutls_openpgp_privkey_t key,
+ unsigned int idx,
+ void *fpr, size_t * fprlen)
+{
+ cdk_packet_t pkt;
+ cdk_pkt_pubkey_t pk = NULL;
+
+ if (!fpr || !fprlen)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *fprlen = 0;
+
+ pkt = _get_secret_subkey (key, idx);
+ if (!pkt)
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+
+
+ pk = pkt->pkt.secret_key->pk;
+ *fprlen = 20;
+
+ if (is_RSA (pk->pubkey_algo) && pk->version < 4)
+ *fprlen = 16;
+
+ cdk_pk_get_fingerprint (pk, fpr);
+
+ return 0;
+}
+
+/* Extracts DSA and RSA parameters from a certificate.
+ */
+int
+_gnutls_openpgp_privkey_get_mpis (gnutls_openpgp_privkey_t pkey,
+ uint32_t * keyid /*[2] */ ,
+ bigint_t * params, int *params_size)
+{
+ int result, i;
+ int pk_algorithm;
+ gnutls_pk_params_st pk_params;
+ cdk_packet_t pkt;
+
+ memset (&pk_params, 0, sizeof (pk_params));
+
+ if (keyid == NULL)
+ pkt = cdk_kbnode_find_packet (pkey->knode, CDK_PKT_SECRET_KEY);
+ else
+ pkt = _gnutls_openpgp_find_key (pkey->knode, keyid, 1);
+
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
+
+ switch (pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ /* openpgp does not hold all parameters as in PKCS #1
+ */
+ pk_params.params_nr = RSA_PRIVATE_PARAMS - 2;
+ break;
+ case GNUTLS_PK_DSA:
+ pk_params.params_nr = DSA_PRIVATE_PARAMS;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+ for (i = 0; i < pk_params.params_nr; i++)
+ {
+ result = _gnutls_read_pgp_mpi (pkt, 1, i, &pk_params.params[i]);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
+
+ /* fixup will generate exp1 and exp2 that are not
+ * available here.
+ */
+ result = _gnutls_pk_fixup (pk_algorithm, GNUTLS_IMPORT, &pk_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if (*params_size < pk_params.params_nr)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ *params_size = pk_params.params_nr;
+ for (i = 0; i < pk_params.params_nr; i++)
+ params[i] = pk_params.params[i];
+
+ return 0;
+
+error:
+ {
+ int j;
+ for (j = 0; j < i; j++)
+ _gnutls_mpi_release (&pk_params.params[j]);
+ }
+
+ return result;
+}
+
+/* The internal version of export
+ */
+static int
+_get_sk_rsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
+{
+ int pk_algorithm, ret, i;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ bigint_t params[MAX_PRIV_PARAMS_SIZE];
+ int params_size = MAX_PRIV_PARAMS_SIZE;
+
+ if (pkey == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT (kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint (params[0], m);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[1], e);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[2], d);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ _gnutls_free_datum (e);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[3], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ _gnutls_free_datum (e);
+ _gnutls_free_datum (d);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[4], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ _gnutls_free_datum (e);
+ _gnutls_free_datum (d);
+ _gnutls_free_datum (p);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[5], u);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (q);
+ _gnutls_free_datum (m);
+ _gnutls_free_datum (e);
+ _gnutls_free_datum (d);
+ _gnutls_free_datum (p);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return ret;
+}
+
+static int
+_get_sk_dsa_raw (gnutls_openpgp_privkey_t pkey, gnutls_openpgp_keyid_t keyid,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x)
+{
+ int pk_algorithm, ret, i;
+ cdk_packet_t pkt;
+ uint32_t kid32[2];
+ bigint_t params[MAX_PRIV_PARAMS_SIZE];
+ int params_size = MAX_PRIV_PARAMS_SIZE;
+
+ if (pkey == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ KEYID_IMPORT (kid32, keyid);
+
+ pkt = _gnutls_openpgp_find_key (pkey->knode, kid32, 1);
+ if (pkt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+ }
+
+ pk_algorithm =
+ _gnutls_openpgp_get_algo (pkt->pkt.secret_key->pk->pubkey_algo);
+
+ if (pk_algorithm != GNUTLS_PK_DSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_openpgp_privkey_get_mpis (pkey, kid32, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint (params[0], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint (params[1], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint (params[2], g);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint (params[3], y);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[4], x);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (y);
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return ret;
+}
+
+
+/**
+ * gnutls_openpgp_privkey_export_rsa_raw:
+ * @pkey: Holds the certificate
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ * @d: will hold the private exponent
+ * @p: will hold the first prime (p)
+ * @q: will hold the second prime (q)
+ * @u: will hold the coefficient
+ *
+ * This function will export the RSA private key's parameters found in
+ * the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_export_rsa_raw (gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u);
+}
+
+/**
+ * gnutls_openpgp_privkey_export_dsa_raw:
+ * @pkey: Holds the certificate
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ * @x: will hold the x
+ *
+ * This function will export the DSA private key's parameters found in
+ * the given certificate. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_export_dsa_raw (gnutls_openpgp_privkey_t pkey,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_privkey_get_key_id (pkey, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x);
+}
+
+/**
+ * gnutls_openpgp_privkey_export_subkey_rsa_raw:
+ * @pkey: Holds the certificate
+ * @idx: Is the subkey index
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ * @d: will hold the private exponent
+ * @p: will hold the first prime (p)
+ * @q: will hold the second prime (q)
+ * @u: will hold the coefficient
+ *
+ * This function will export the RSA private key's parameters found in
+ * the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_export_subkey_rsa_raw (gnutls_openpgp_privkey_t pkey,
+ unsigned int idx,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e,
+ gnutls_datum_t * d,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * u)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_sk_rsa_raw (pkey, keyid, m, e, d, p, q, u);
+}
+
+/**
+ * gnutls_openpgp_privkey_export_subkey_dsa_raw:
+ * @pkey: Holds the certificate
+ * @idx: Is the subkey index
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ * @x: will hold the x
+ *
+ * This function will export the DSA private key's parameters found
+ * in the given certificate. The new parameters will be allocated
+ * using gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_openpgp_privkey_export_subkey_dsa_raw (gnutls_openpgp_privkey_t pkey,
+ unsigned int idx,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y,
+ gnutls_datum_t * x)
+{
+ gnutls_openpgp_keyid_t keyid;
+ int ret;
+
+ ret = gnutls_openpgp_privkey_get_subkey_id (pkey, idx, keyid);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return _get_sk_dsa_raw (pkey, keyid, p, q, g, y, x);
+}
+
+/**
+ * gnutls_openpgp_privkey_get_preferred_key_id:
+ * @key: the structure that contains the OpenPGP public key.
+ * @keyid: the struct to save the keyid.
+ *
+ * Get the preferred key-id for the key.
+ *
+ * Returns: the 64-bit preferred keyID of the OpenPGP key, or if it
+ * hasn't been set it returns %GNUTLS_E_INVALID_REQUEST.
+ **/
+int
+gnutls_openpgp_privkey_get_preferred_key_id (gnutls_openpgp_privkey_t key,
+ gnutls_openpgp_keyid_t keyid)
+{
+ if (!key->preferred_set)
+ return gnutls_assert_val(GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR);
+
+ if (!key || !keyid)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memcpy (keyid, key->preferred_keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_privkey_set_preferred_key_id:
+ * @key: the structure that contains the OpenPGP public key.
+ * @keyid: the selected keyid
+ *
+ * This allows setting a preferred key id for the given certificate.
+ * This key will be used by functions that involve key handling.
+ *
+ * Returns: On success, 0 is returned, or an error code.
+ **/
+int
+gnutls_openpgp_privkey_set_preferred_key_id (gnutls_openpgp_privkey_t key,
+ const gnutls_openpgp_keyid_t
+ keyid)
+{
+ int ret;
+
+ if (!key)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* check if the id is valid */
+ ret = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+ if (ret < 0)
+ {
+ _gnutls_x509_log ("the requested subkey does not exist\n");
+ gnutls_assert ();
+ return ret;
+ }
+
+ key->preferred_set = 1;
+ memcpy (key->preferred_keyid, keyid, GNUTLS_OPENPGP_KEYID_SIZE);
+
+ return 0;
+}
+
+/**
+ * gnutls_openpgp_privkey_sign_hash:
+ * @key: Holds the key
+ * @hash: holds the data to be signed
+ * @signature: will contain newly allocated signature
+ *
+ * This function will sign the given hash using the private key. You
+ * should use gnutls_openpgp_privkey_set_preferred_key_id() before
+ * calling this function to set the subkey to use.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Deprecated: Use gnutls_privkey_sign_hash() instead.
+ */
+int
+gnutls_openpgp_privkey_sign_hash (gnutls_openpgp_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+{
+ int result, i;
+ bigint_t params[MAX_PRIV_PARAMS_SIZE];
+ int params_size = MAX_PRIV_PARAMS_SIZE;
+ int pk_algorithm;
+ gnutls_openpgp_keyid_t keyid;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+ if (result == 0)
+ {
+ uint32_t kid[2];
+ int idx;
+
+ KEYID_IMPORT (kid, keyid);
+
+ idx = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+ pk_algorithm =
+ gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, idx, NULL);
+ result =
+ _gnutls_openpgp_privkey_get_mpis (key, kid, params, ¶ms_size);
+ }
+ else
+ {
+ pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+ result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
+ params, ¶ms_size);
+ }
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+
+ result =
+ _gnutls_soft_sign (pk_algorithm, params, params_size, hash, signature);
+
+ for (i = 0; i < params_size; i++)
+ _gnutls_mpi_release (¶ms[i]);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/*-
+ * _gnutls_openpgp_privkey_decrypt_data:
+ * @key: Holds the key
+ * @flags: zero for now
+ * @ciphertext: holds the data to be decrypted
+ * @plaintext: will contain newly allocated plaintext
+ *
+ * This function will sign the given hash using the private key. You
+ * should use gnutls_openpgp_privkey_set_preferred_key_id() before
+ * calling this function to set the subkey to use.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_openpgp_privkey_decrypt_data (gnutls_openpgp_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
+{
+ int result, i;
+ bigint_t params[MAX_PRIV_PARAMS_SIZE];
+ int params_size = MAX_PRIV_PARAMS_SIZE;
+ int pk_algorithm;
+ gnutls_openpgp_keyid_t keyid;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_openpgp_privkey_get_preferred_key_id (key, keyid);
+ if (result == 0)
+ {
+ uint32_t kid[2];
+
+ KEYID_IMPORT (kid, keyid);
+ result = _gnutls_openpgp_privkey_get_mpis (key, kid,
+ params, ¶ms_size);
+
+ i = gnutls_openpgp_privkey_get_subkey_idx (key, keyid);
+
+ pk_algorithm = gnutls_openpgp_privkey_get_subkey_pk_algorithm (key, i, NULL);
+ }
+ else
+ {
+ pk_algorithm = gnutls_openpgp_privkey_get_pk_algorithm (key, NULL);
+
+ result = _gnutls_openpgp_privkey_get_mpis (key, NULL,
+ params, ¶ms_size);
+
+ }
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (pk_algorithm != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ _gnutls_pkcs1_rsa_decrypt (plaintext, ciphertext, params, params_size, 2);
+
+ for (i = 0; i < params_size; i++)
+ _gnutls_mpi_release (¶ms[i]);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2010
+ * Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include "dlopen.h"
+
+#ifdef _WIN32
+
+#include <windows.h>
+
+void *
+dlopen (const char *filename, int flag)
+{
+ return LoadLibrary (filename);
+}
+
+
+void *
+dlsym (void *handle, const char *symbol)
+{
+ return GetProcAddress ((HINSTANCE) handle, symbol);
+}
+
+int
+dlclose (void *handle)
+{
+ FreeLibrary ((HINSTANCE) handle);
+}
+
+#endif
--- /dev/null
+#ifndef DLOPEN_H
+#define DLOPEN_H
+
+#include "config.h"
+
+#ifdef _WIN32
+
+#define RTLD_LOCAL 0
+#define RTLD_NOW 1
+
+void *dlopen (const char *filename, int flag);
+void *dlsym (void *handle, const char *symbol);
+int dlclose (void *handle);
+
+#else
+
+#include <dlfcn.h>
+
+#endif
+
+#endif
--- /dev/null
+/*
+ pakchois PKCS#11 interface -- error mapping
+ Copyright (C) 2008, Joe Orton <joe@manyfish.co.uk>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ MA 02111-1307, USA
+*/
+
+/*
+ This code is directly derived from the scute.org PKCS#11 cryptoki
+ interface, which is:
+
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.
+*/
+
+#include "config.h"
+
+#include "pakchois.h"
+
+#ifdef ENABLE_NLS
+#include <libintl.h>
+#define _(x) dgettext(PACKAGE_NAME, x)
+#else
+#define _(x) x
+#endif
+
+const char *
+pakchois_error (ck_rv_t rv)
+{
+ if (rv >= CKR_VENDOR_DEFINED)
+ {
+ return _("Vendor defined error");
+ }
+
+ switch (rv)
+ {
+ case CKR_OK:
+ return _("OK");
+ case CKR_CANCEL:
+ return _("Cancel");
+ case CKR_HOST_MEMORY:
+ return _("Host memory");
+ case CKR_SLOT_ID_INVALID:
+ return _("Slot id invalid");
+ case CKR_GENERAL_ERROR:
+ return _("General error");
+ case CKR_FUNCTION_FAILED:
+ return _("Function failed");
+ case CKR_ARGUMENTS_BAD:
+ return _("Arguments bad");
+ case CKR_NO_EVENT:
+ return _("No event");
+ case CKR_NEED_TO_CREATE_THREADS:
+ return _("Need to create threads");
+ case CKR_CANT_LOCK:
+ return _("Can't lock");
+ case CKR_ATTRIBUTE_READ_ONLY:
+ return _("Attribute read only");
+ case CKR_ATTRIBUTE_SENSITIVE:
+ return _("Attribute sensitive");
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ return _("Attribute type invalid");
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return _("Attribute value invalid");
+ case CKR_DATA_INVALID:
+ return _("Data invalid");
+ case CKR_DATA_LEN_RANGE:
+ return _("Data len range");
+ case CKR_DEVICE_ERROR:
+ return _("Device error");
+ case CKR_DEVICE_MEMORY:
+ return _("Device memory");
+ case CKR_DEVICE_REMOVED:
+ return _("Device removed");
+ case CKR_ENCRYPTED_DATA_INVALID:
+ return _("Encrypted data invalid");
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ return _("Encrypted data len range");
+ case CKR_FUNCTION_CANCELED:
+ return _("Function canceled");
+ case CKR_FUNCTION_NOT_PARALLEL:
+ return _("Function not parallel");
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ return _("Function not supported");
+ case CKR_KEY_HANDLE_INVALID:
+ return _("Key handle invalid");
+ case CKR_KEY_SIZE_RANGE:
+ return _("Key size range");
+ case CKR_KEY_TYPE_INCONSISTENT:
+ return _("Key type inconsistent");
+ case CKR_KEY_NOT_NEEDED:
+ return _("Key not needed");
+ case CKR_KEY_CHANGED:
+ return _("Key changed");
+ case CKR_KEY_NEEDED:
+ return _("Key needed");
+ case CKR_KEY_INDIGESTIBLE:
+ return _("Key indigestible");
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ return _("Key function not permitted");
+ case CKR_KEY_NOT_WRAPPABLE:
+ return _("Key not wrappable");
+ case CKR_KEY_UNEXTRACTABLE:
+ return _("Key unextractable");
+ case CKR_MECHANISM_INVALID:
+ return _("Mechanism invalid");
+ case CKR_MECHANISM_PARAM_INVALID:
+ return _("Mechanism param invalid");
+ case CKR_OBJECT_HANDLE_INVALID:
+ return _("Object handle invalid");
+ case CKR_OPERATION_ACTIVE:
+ return _("Operation active");
+ case CKR_OPERATION_NOT_INITIALIZED:
+ return _("Operation not initialized");
+ case CKR_PIN_INCORRECT:
+ return _("PIN incorrect");
+ case CKR_PIN_INVALID:
+ return _("PIN invalid");
+ case CKR_PIN_LEN_RANGE:
+ return _("PIN len range");
+ case CKR_PIN_EXPIRED:
+ return _("PIN expired");
+ case CKR_PIN_LOCKED:
+ return _("PIN locked");
+ case CKR_SESSION_CLOSED:
+ return _("Session closed");
+ case CKR_SESSION_COUNT:
+ return _("Session count");
+ case CKR_SESSION_HANDLE_INVALID:
+ return _("Session handle invalid");
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ return _("Session parallel not supported");
+ case CKR_SESSION_READ_ONLY:
+ return _("Session read only");
+ case CKR_SESSION_EXISTS:
+ return _("Session exists");
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ return _("Session read only exists");
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return _("Session read write so exists");
+ case CKR_SIGNATURE_INVALID:
+ return _("Signature invalid");
+ case CKR_SIGNATURE_LEN_RANGE:
+ return _("Signature length range");
+ case CKR_TEMPLATE_INCOMPLETE:
+ return _("Template incomplete");
+ case CKR_TEMPLATE_INCONSISTENT:
+ return _("Template inconsistent");
+ case CKR_TOKEN_NOT_PRESENT:
+ return _("Token not present");
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ return _("Token not recognized");
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return _("Token write protected");
+ case CKR_UNWRAPPING_KEY_HANDLE_INVALID:
+ return _("Unwrapping key handle invalid");
+ case CKR_UNWRAPPING_KEY_SIZE_RANGE:
+ return _("Unwrapping key size range");
+ case CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT:
+ return _("Unwrapping key type inconsistent");
+ case CKR_USER_ALREADY_LOGGED_IN:
+ return _("User already logged in");
+ case CKR_USER_NOT_LOGGED_IN:
+ return _("User not logged in");
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ return _("User PIN not initialized");
+ case CKR_USER_TYPE_INVALID:
+ return _("User type invalid");
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ return _("Another user already logged in");
+ case CKR_USER_TOO_MANY_TYPES:
+ return _("User too many types");
+ case CKR_WRAPPED_KEY_INVALID:
+ return _("Wrapped key invalid");
+ case CKR_WRAPPED_KEY_LEN_RANGE:
+ return _("Wrapped key length range");
+ case CKR_WRAPPING_KEY_HANDLE_INVALID:
+ return _("Wrapping key handle invalid");
+ case CKR_WRAPPING_KEY_SIZE_RANGE:
+ return _("Wrapping key size range");
+ case CKR_WRAPPING_KEY_TYPE_INCONSISTENT:
+ return _("Wrapping key type inconsistent");
+ case CKR_RANDOM_SEED_NOT_SUPPORTED:
+ return _("Random seed not supported");
+ case CKR_RANDOM_NO_RNG:
+ return _("Random no rng");
+ case CKR_DOMAIN_PARAMS_INVALID:
+ return _("Domain params invalid");
+ case CKR_BUFFER_TOO_SMALL:
+ return _("Buffer too small");
+ case CKR_SAVED_STATE_INVALID:
+ return _("Saved state invalid");
+ case CKR_INFORMATION_SENSITIVE:
+ return _("Information sensitive");
+ case CKR_STATE_UNSAVEABLE:
+ return _("State unsaveable");
+ case CKR_CRYPTOKI_NOT_INITIALIZED:
+ return _("Cryptoki not initialized");
+ case CKR_CRYPTOKI_ALREADY_INITIALIZED:
+ return _("Cryptoki already initialized");
+ case CKR_MUTEX_BAD:
+ return _("Mutex bad");
+ case CKR_MUTEX_NOT_LOCKED:
+ return _("Mutex not locked");
+ case CKR_FUNCTION_REJECTED:
+ return _("Function rejected");
+ default:
+ break;
+ }
+
+ return _("Unknown error");
+}
--- /dev/null
+/*
+ pakchois PKCS#11 interface
+ Copyright (C) 2008, Joe Orton <joe@manyfish.co.uk>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ MA 02111-1307, USA
+*/
+
+/*
+ The interface is directly derived from the scute.org PKCS#11
+ cryptoki interface, which is:
+
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.
+*/
+
+#include "config.h"
+
+#include <limits.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include "../locks.h"
+#include "../system.h"
+#include "dlopen.h"
+
+#ifdef HAVE_WORDEXP
+#include <wordexp.h>
+#endif
+#include "pakchois.h"
+
+struct provider
+{
+ dev_t dev;
+ ino_t ino;
+ char *name;
+ void *handle;
+ void *mutex;
+ const struct ck_function_list *fns;
+ unsigned int refcount;
+ unsigned int finalize:1; /* whether to finalize this one */
+ struct provider *next, **prevref;
+ void *reserved;
+};
+
+struct pakchois_module_s
+{
+ struct slot *slots;
+ struct provider *provider;
+};
+
+static void *provider_mutex = NULL;
+
+/* List of loaded providers; any modification to the list or any
+ * individual module must performed whilst holding this mutex. */
+static struct provider *provider_list;
+
+struct pakchois_session_s
+{
+ pakchois_module_t *module;
+ ck_session_handle_t id;
+ pakchois_notify_t notify;
+ void *notify_data;
+ /* Doubly-linked list. Either prevref = &previous->next or else
+ * prevref = &slot->sessions for the list head. */
+ pakchois_session_t **prevref;
+ pakchois_session_t *next;
+};
+
+struct slot
+{
+ ck_slot_id_t id;
+ pakchois_session_t *sessions;
+ struct slot *next;
+};
+
+#define DIR_DELIMITER '/'
+
+static char *
+pkcs11ize (const char *name)
+{
+ int len;
+ char *oname;
+ char *base;
+ char *suffix;
+
+ oname = strdup (name);
+ if (oname == NULL)
+ {
+ return NULL;
+ }
+
+ /* basename has too many ifs to use */
+ base = strrchr (oname, DIR_DELIMITER);
+ if (base == NULL)
+ {
+ base = oname;
+ }
+ else
+ {
+ base++;
+ }
+
+ suffix = strchr (base, '.');
+ if (suffix != NULL)
+ {
+ if (strncmp (suffix, ".so", 3) == 0)
+ {
+ suffix[0] = 0; /* null terminate before . */
+ }
+ }
+
+ /* check and remove for -p11 or -pkcs11 */
+ suffix = base;
+ while ((suffix = strchr (suffix, '-')) != NULL)
+ {
+ if (strncasecmp (suffix, "-p11", 4) == 0 ||
+ strncasecmp (suffix, "-pkcs11", 7) == 0)
+ {
+ suffix[0] = 0;
+ break;
+ }
+ suffix++;
+ }
+
+ len = strlen (base);
+
+ memmove (oname, base, len);
+ oname[len] = 0;
+
+ return oname;
+}
+
+static const char *suffix_prefixes[][2] = {
+ {"lib", "pk11.so"},
+ {"", "-pkcs11.so"},
+ {"", ".so"},
+ {"lib", ".so"},
+ {NULL, NULL}
+};
+
+#define CALL(name, args) (mod->provider->fns->C_ ## name) args
+#define CALLS(name, args) (sess->module->provider->fns->C_ ## name) args
+#define CALLS1(n, a) CALLS(n, (sess->id, a))
+#define CALLS2(n, a, b) CALLS(n, (sess->id, a, b))
+#define CALLS3(n, a, b, c) CALLS(n, (sess->id, a, b, c))
+#define CALLS4(n, a, b, c, d) CALLS(n, (sess->id, a, b, c, d))
+#define CALLS5(n, a, b, c, d, e) CALLS(n, (sess->id, a, b, c, d, e))
+#define CALLS7(n, a, b, c, d, e, f, g) CALLS(n, (sess->id, a, b, c, d, e, f, g))
+
+#ifndef PAKCHOIS_MODPATH
+#define PAKCHOIS_MODPATH "/lib:/usr/lib"
+#endif
+
+/* Returns an allocated name of the real module as well
+ * as it's inode and device numbers.
+ */
+static char *
+find_pkcs11_module_name (const char *hint, dev_t * dev, ino_t * ino)
+{
+ char module_path[] = PAKCHOIS_MODPATH;
+ char *next = module_path;
+ struct stat st;
+
+ while (next)
+ {
+ char *dir = next, *sep = strchr (next, ':');
+ unsigned i;
+
+ if (sep)
+ {
+ *sep++ = '\0';
+ next = sep;
+ }
+ else
+ {
+ next = NULL;
+ }
+
+ for (i = 0; suffix_prefixes[i][0]; i++)
+ {
+ char path[PATH_MAX];
+
+ snprintf (path, sizeof path, "%s/%s%s%s", dir,
+ suffix_prefixes[i][0], hint, suffix_prefixes[i][1]);
+
+ if (stat (path, &st) < 0)
+ continue;
+
+ *dev = st.st_dev;
+ *ino = st.st_ino;
+
+ return strdup (path);
+ }
+ }
+
+ return NULL;
+}
+
+/* Expands the given filename and returns an allocated
+ * string, if the expanded file exists. In that case
+ * dev and ino are filled in as well.
+ */
+static char *
+find_real_module_name (const char *name, dev_t * dev, ino_t * ino)
+{
+ char *exname = NULL;
+ struct stat st;
+#ifdef HAVE_WORDEXP
+ int len;
+ wordexp_t we;
+
+ len = wordexp (name, &we, 0);
+ if (len == 0)
+ { /* success */
+ if (we.we_wordc > 0)
+ { /* we care about the 1st */
+ exname = strdup (we.we_wordv[0]);
+ }
+ wordfree (&we);
+ }
+#endif
+
+ if (exname == NULL)
+ exname = strdup (name);
+
+ /* find file information */
+ if (exname != NULL)
+ {
+ if (stat (exname, &st) >= 0)
+ {
+ *dev = st.st_dev;
+ *ino = st.st_ino;
+ }
+ else
+ {
+ free (exname);
+ return NULL;
+ }
+ }
+
+ return exname;
+}
+
+static struct provider *
+find_provider (dev_t dev, ino_t ino)
+{
+ struct provider *p;
+
+ for (p = provider_list; p; p = p->next)
+ {
+ if (dev == p->dev && ino == p->ino)
+ {
+ return p;
+ }
+ }
+
+ return NULL;
+}
+
+/* The provider list must be locked when calling it
+ */
+static ck_rv_t
+load_pkcs11_module (struct provider **provider,
+ const char *name, dev_t dev, ino_t ino, void *reserved)
+{
+ struct provider *prov;
+ CK_C_GetFunctionList gfl;
+ struct ck_c_initialize_args args;
+ struct ck_function_list *fns;
+ void *h;
+ ck_rv_t rv;
+
+ /* try the plain name first */
+ h = dlopen (name, RTLD_LOCAL | RTLD_NOW);
+ if (h == NULL)
+ {
+ return CKR_GENERAL_ERROR;
+ }
+
+ gfl = dlsym (h, "C_GetFunctionList");
+ if (!gfl)
+ {
+ rv = CKR_GENERAL_ERROR;
+ goto fail_dso;
+ }
+
+ prov = malloc (sizeof *prov);
+ if (prov == NULL)
+ {
+ rv = CKR_HOST_MEMORY;
+ goto fail_dso;
+ }
+
+ if (gnutls_mutex_init (&prov->mutex))
+ {
+ rv = CKR_CANT_LOCK;
+ goto fail_ctx;
+ }
+
+ rv = gfl (&fns);
+ if (rv != CKR_OK)
+ {
+ goto fail_ctx;
+ }
+
+ prov->dev = dev;
+ prov->ino = ino;
+ prov->name = pkcs11ize (name);
+ prov->handle = h;
+ prov->fns = fns;
+ prov->refcount = 1;
+ prov->reserved = reserved;
+
+ /* Require OS locking, the only sane option. */
+ memset (&args, 0, sizeof args);
+ args.flags = CKF_OS_LOCKING_OK;
+ args.reserved = reserved;
+
+ rv = fns->C_Initialize (&args);
+ if (rv != CKR_OK && rv != CKR_CRYPTOKI_ALREADY_INITIALIZED)
+ {
+ goto fail_ctx;
+ }
+
+ /* no need to finalize if someone else has
+ * initialized the library before us.
+ */
+ if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
+ prov->finalize = 0;
+ else
+ prov->finalize = 1;
+
+ prov->next = provider_list;
+ prov->prevref = &provider_list;
+ if (prov->next)
+ {
+ prov->next->prevref = &prov->next;
+ }
+ provider_list = prov;
+
+ *provider = prov;
+ return CKR_OK;
+
+fail_ctx:
+ free (prov);
+fail_dso:
+ dlclose (h);
+
+ return rv;
+}
+
+/* Will load a provider using the given name. If real_name is zero
+ * name is used as a hint to find library otherwise it is used as
+ * absolute name.
+ */
+static ck_rv_t
+load_provider (struct provider **provider, const char *name,
+ void *reserved, int real_name)
+{
+ ck_rv_t rv;
+ char *cname = NULL;
+ dev_t dev;
+ ino_t ino;
+
+ if (gnutls_mutex_lock (&provider_mutex) != 0)
+ {
+ return CKR_CANT_LOCK;
+ }
+
+ if (real_name)
+ {
+ cname = find_real_module_name (name, &dev, &ino);
+ }
+ else
+ {
+ cname = find_pkcs11_module_name (name, &dev, &ino);
+ }
+
+ if (cname == NULL)
+ {
+ rv = CKR_ARGUMENTS_BAD;
+ goto fail_locked;
+ }
+
+ *provider = find_provider (dev, ino);
+ if (*provider)
+ {
+ (*provider)->refcount++;
+ free (cname);
+ gnutls_mutex_unlock (&provider_mutex);
+ return CKR_OK;
+ }
+
+ rv = load_pkcs11_module (provider, cname, dev, ino, reserved);
+ if (rv != CKR_OK)
+ {
+ goto fail_ndup;
+ }
+
+ rv = CKR_OK;
+
+fail_ndup:
+ free (cname);
+fail_locked:
+ gnutls_mutex_unlock (&provider_mutex);
+ return rv;
+}
+
+static void
+providers_reinit (void)
+{
+ struct ck_c_initialize_args args;
+ ck_rv_t rv;
+ struct provider *p;
+
+ assert (gnutls_mutex_lock (&provider_mutex) == 0);
+
+ memset (&args, 0, sizeof args);
+ args.flags = CKF_OS_LOCKING_OK;
+
+ for (p = provider_list; p; p = p->next)
+ {
+ args.reserved = p->reserved;
+ rv = p->fns->C_Initialize (&args);
+ assert (rv == CKR_OK); /* what can we do? */
+ }
+
+ gnutls_mutex_unlock (&provider_mutex);
+}
+
+static ck_rv_t
+load_module (pakchois_module_t ** module, const char *name,
+ void *reserved, unsigned int real_name)
+{
+ ck_rv_t rv;
+ pakchois_module_t *pm = malloc (sizeof *pm);
+ static int forkinit = 0;
+
+ if (!pm)
+ {
+ return CKR_HOST_MEMORY;
+ }
+
+ if (provider_mutex == NULL)
+ {
+ gnutls_mutex_init (&provider_mutex);
+ }
+
+ assert (gnutls_mutex_lock (&provider_mutex) == 0);
+
+ if (forkinit == 0)
+ {
+ _gnutls_atfork (NULL, NULL, providers_reinit);
+ forkinit++;
+ }
+
+ gnutls_mutex_unlock (&provider_mutex);
+
+ rv = load_provider (&pm->provider, name, reserved, real_name);
+ if (rv)
+ {
+ return rv;
+ }
+
+ *module = pm;
+ pm->slots = NULL;
+
+ return CKR_OK;
+}
+
+ck_rv_t
+pakchois_module_load (pakchois_module_t ** module, const char *name)
+{
+ return load_module (module, name, NULL, 0);
+}
+
+ck_rv_t
+pakchois_module_load_abs (pakchois_module_t ** module, const char *name)
+{
+ return load_module (module, name, NULL, 1);
+}
+
+ck_rv_t
+pakchois_module_nssload (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix, const char *secmod_db)
+{
+ char buf[256];
+
+ snprintf (buf, sizeof buf,
+ "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
+ directory, cert_prefix ? cert_prefix : "",
+ key_prefix ? key_prefix : "",
+ secmod_db ? secmod_db : "secmod.db");
+
+ return load_module (module, name, buf, 0);
+}
+
+ck_rv_t
+pakchois_module_nssload_abs (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix, const char *secmod_db)
+{
+ char buf[256];
+
+ snprintf (buf, sizeof buf,
+ "configdir='%s' certPrefix='%s' keyPrefix='%s' secmod='%s'",
+ directory, cert_prefix ? cert_prefix : "",
+ key_prefix ? key_prefix : "",
+ secmod_db ? secmod_db : "secmod.db");
+
+ return load_module (module, name, buf, 1);
+}
+
+/* Unreference a provider structure and destoy if, if necessary. Must
+ * be called WIHTOUT the provider mutex held. */
+static void
+provider_unref (struct provider *prov)
+{
+ assert (gnutls_mutex_lock (&provider_mutex) == 0);
+
+ if (--prov->refcount == 0)
+ {
+ if (prov->finalize)
+ prov->fns->C_Finalize (NULL);
+ dlclose (prov->handle);
+ *prov->prevref = prov->next;
+ if (prov->next)
+ {
+ prov->next->prevref = prov->prevref;
+ }
+ free (prov->name);
+ free (prov);
+ }
+ gnutls_mutex_unlock (&provider_mutex);
+}
+
+void
+pakchois_module_destroy (pakchois_module_t * mod)
+{
+ provider_unref (mod->provider);
+
+ while (mod->slots)
+ {
+ struct slot *slot = mod->slots;
+ pakchois_close_all_sessions (mod, slot->id);
+ mod->slots = slot->next;
+ free (slot);
+ }
+
+ free (mod);
+}
+
+#ifdef __GNUC__
+static void pakchois_destructor (void) __attribute__ ((destructor));
+
+static void
+pakchois_destructor (void)
+{
+ if (provider_mutex != NULL)
+ gnutls_mutex_deinit (&provider_mutex);
+}
+#else
+#warning need destructor support
+#endif
+
+ck_rv_t
+pakchois_get_info (pakchois_module_t * mod, struct ck_info *info)
+{
+ return CALL (GetInfo, (info));
+}
+
+ck_rv_t
+pakchois_get_slot_list (pakchois_module_t * mod,
+ unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count)
+{
+ return CALL (GetSlotList, (token_present, slot_list, count));
+}
+
+ck_rv_t
+pakchois_get_slot_info (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, struct ck_slot_info * info)
+{
+ return CALL (GetSlotInfo, (slot_id, info));
+}
+
+ck_rv_t
+pakchois_get_token_info (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, struct ck_token_info * info)
+{
+ return CALL (GetTokenInfo, (slot_id, info));
+}
+
+ck_rv_t
+pakchois_wait_for_slot_event (pakchois_module_t * mod,
+ ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved)
+{
+ ck_rv_t rv;
+
+ if (gnutls_mutex_lock (&mod->provider->mutex))
+ {
+ return CKR_CANT_LOCK;
+ }
+
+ rv = CALL (WaitForSlotEvent, (flags, slot, reserved));
+ gnutls_mutex_unlock (&mod->provider->mutex);
+ return rv;
+}
+
+ck_rv_t
+pakchois_get_mechanism_list (pakchois_module_t * mod,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count)
+{
+ return CALL (GetMechanismList, (slot_id, mechanism_list, count));
+}
+
+ck_rv_t
+pakchois_get_mechanism_info (pakchois_module_t * mod,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t type,
+ struct ck_mechanism_info * info)
+{
+ return CALL (GetMechanismInfo, (slot_id, type, info));
+}
+
+ck_rv_t
+pakchois_init_token (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label)
+{
+ return CALL (InitToken, (slot_id, pin, pin_len, label));
+}
+
+ck_rv_t
+pakchois_init_pin (pakchois_session_t * sess, unsigned char *pin,
+ unsigned long pin_len)
+{
+ return CALLS2 (InitPIN, pin, pin_len);
+}
+
+ck_rv_t
+pakchois_set_pin (pakchois_session_t * sess, unsigned char *old_pin,
+ unsigned long old_len, unsigned char *new_pin,
+ unsigned long new_len)
+{
+ return CALLS4 (SetPIN, old_pin, old_len, new_pin, new_len);
+}
+
+static ck_rv_t
+notify_thunk (ck_session_handle_t session,
+ ck_notification_t event, void *application)
+{
+ pakchois_session_t *sess = application;
+
+ return sess->notify (sess, event, sess->notify_data);
+}
+
+static struct slot *
+find_slot (pakchois_module_t * mod, ck_slot_id_t id)
+{
+ struct slot *slot;
+
+ for (slot = mod->slots; slot; slot = slot->next)
+ if (slot->id == id)
+ return slot;
+
+ return NULL;
+}
+
+static struct slot *
+find_or_create_slot (pakchois_module_t * mod, ck_slot_id_t id)
+{
+ struct slot *slot = find_slot (mod, id);
+
+ if (slot)
+ {
+ return slot;
+ }
+
+ slot = malloc (sizeof *slot);
+ if (!slot)
+ {
+ return NULL;
+ }
+
+ slot->id = id;
+ slot->sessions = NULL;
+ slot->next = mod->slots;
+ mod->slots = slot;
+
+ return slot;
+}
+
+static ck_rv_t
+insert_session (pakchois_module_t * mod,
+ pakchois_session_t * session, ck_slot_id_t id)
+{
+ struct slot *slot = find_or_create_slot (mod, id);
+
+ if (!slot)
+ {
+ return CKR_HOST_MEMORY;
+ }
+
+ session->prevref = &slot->sessions;
+ session->next = slot->sessions;
+ if (session->next)
+ {
+ session->next->prevref = session->prevref;
+ }
+ slot->sessions = session;
+
+ return CKR_OK;
+}
+
+ck_rv_t
+pakchois_open_session (pakchois_module_t * mod,
+ ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, pakchois_notify_t notify,
+ pakchois_session_t ** session)
+{
+ ck_session_handle_t sh;
+ pakchois_session_t *sess;
+ ck_rv_t rv;
+
+ sess = calloc (1, sizeof *sess);
+ if (sess == NULL)
+ {
+ return CKR_HOST_MEMORY;
+ }
+
+ rv = CALL (OpenSession, (slot_id, flags, sess, notify_thunk, &sh));
+ if (rv != CKR_OK)
+ {
+ free (sess);
+ return rv;
+ }
+
+ *session = sess;
+ sess->module = mod;
+ sess->id = sh;
+
+ return insert_session (mod, sess, slot_id);
+}
+
+ck_rv_t
+pakchois_close_session (pakchois_session_t * sess)
+{
+ /* PKCS#11 says that all bets are off on failure, so destroy the
+ * session object and just return the error code. */
+ ck_rv_t rv = CALLS (CloseSession, (sess->id));
+ *sess->prevref = sess->next;
+ if (sess->next)
+ {
+ sess->next->prevref = sess->prevref;
+ }
+ free (sess);
+ return rv;
+}
+
+ck_rv_t
+pakchois_close_all_sessions (pakchois_module_t * mod, ck_slot_id_t slot_id)
+{
+ struct slot *slot;
+ ck_rv_t rv, frv = CKR_OK;
+
+ slot = find_slot (mod, slot_id);
+
+ if (!slot)
+ {
+ return CKR_SLOT_ID_INVALID;
+ }
+
+ while (slot->sessions)
+ {
+ rv = pakchois_close_session (slot->sessions);
+ if (rv != CKR_OK)
+ {
+ frv = rv;
+ }
+ }
+
+ return frv;
+}
+
+ck_rv_t
+pakchois_get_session_info (pakchois_session_t * sess,
+ struct ck_session_info * info)
+{
+ return CALLS1 (GetSessionInfo, info);
+}
+
+ck_rv_t
+pakchois_get_operation_state (pakchois_session_t * sess,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len)
+{
+ return CALLS2 (GetOperationState, operation_state, operation_state_len);
+}
+
+ck_rv_t
+pakchois_set_operation_state (pakchois_session_t * sess,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key)
+{
+ return CALLS4 (SetOperationState, operation_state,
+ operation_state_len, encryption_key, authentiation_key);
+}
+
+ck_rv_t
+pakchois_login (pakchois_session_t * sess, ck_user_type_t user_type,
+ unsigned char *pin, unsigned long pin_len)
+{
+ return CALLS3 (Login, user_type, pin, pin_len);
+}
+
+ck_rv_t
+pakchois_logout (pakchois_session_t * sess)
+{
+ return CALLS (Logout, (sess->id));
+}
+
+ck_rv_t
+pakchois_create_object (pakchois_session_t * sess,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object)
+{
+ return CALLS3 (CreateObject, templ, count, object);
+}
+
+ck_rv_t
+pakchois_copy_object (pakchois_session_t * sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * new_object)
+{
+ return CALLS4 (CopyObject, object, templ, count, new_object);
+}
+
+ck_rv_t
+pakchois_destroy_object (pakchois_session_t * sess, ck_object_handle_t object)
+{
+ return CALLS1 (DestroyObject, object);
+}
+
+ck_rv_t
+pakchois_get_object_size (pakchois_session_t * sess,
+ ck_object_handle_t object, unsigned long *size)
+{
+ return CALLS2 (GetObjectSize, object, size);
+}
+
+ck_rv_t
+pakchois_get_attribute_value (pakchois_session_t * sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
+{
+ return CALLS3 (GetAttributeValue, object, templ, count);
+}
+
+ck_rv_t
+pakchois_set_attribute_value (pakchois_session_t * sess,
+ ck_object_handle_t object,
+ struct ck_attribute * templ,
+ unsigned long count)
+{
+ return CALLS3 (SetAttributeValue, object, templ, count);
+}
+
+ck_rv_t
+pakchois_find_objects_init (pakchois_session_t * sess,
+ struct ck_attribute * templ, unsigned long count)
+{
+ return CALLS2 (FindObjectsInit, templ, count);
+}
+
+ck_rv_t
+pakchois_find_objects (pakchois_session_t * sess,
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count)
+{
+ return CALLS3 (FindObjects, object, max_object_count, object_count);
+}
+
+ck_rv_t
+pakchois_find_objects_final (pakchois_session_t * sess)
+{
+ return CALLS (FindObjectsFinal, (sess->id));
+}
+
+ck_rv_t
+pakchois_encrypt_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
+{
+ return CALLS2 (EncryptInit, mechanism, key);
+}
+
+ck_rv_t
+pakchois_encrypt (pakchois_session_t * sess,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len)
+{
+ return CALLS4 (Encrypt, data, data_len, encrypted_data, encrypted_data_len);
+}
+
+ck_rv_t
+pakchois_encrypt_update (pakchois_session_t * sess,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
+{
+ return CALLS4 (EncryptUpdate, part, part_len,
+ encrypted_part, encrypted_part_len);
+}
+
+ck_rv_t
+pakchois_encrypt_final (pakchois_session_t * sess,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len)
+{
+ return CALLS2 (EncryptFinal, last_encrypted_part, last_encrypted_part_len);
+}
+
+ck_rv_t
+pakchois_decrypt_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
+{
+ return CALLS2 (DecryptInit, mechanism, key);
+}
+
+ck_rv_t
+pakchois_decrypt (pakchois_session_t * sess,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len)
+{
+ return CALLS4 (Decrypt, encrypted_data, encrypted_data_len, data, data_len);
+}
+
+ck_rv_t
+pakchois_decrypt_update (pakchois_session_t * sess,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
+{
+ return CALLS4 (DecryptUpdate, encrypted_part, encrypted_part_len,
+ part, part_len);
+}
+
+ck_rv_t
+pakchois_decrypt_final (pakchois_session_t * sess,
+ unsigned char *last_part,
+ unsigned long *last_part_len)
+{
+ return CALLS2 (DecryptFinal, last_part, last_part_len);
+}
+
+ck_rv_t
+pakchois_digest_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism)
+{
+ return CALLS1 (DigestInit, mechanism);
+}
+
+ck_rv_t
+pakchois_digest (pakchois_session_t * sess, unsigned char *data,
+ unsigned long data_len, unsigned char *digest,
+ unsigned long *digest_len)
+{
+ return CALLS4 (Digest, data, data_len, digest, digest_len);
+}
+
+ck_rv_t
+pakchois_digest_update (pakchois_session_t * sess,
+ unsigned char *part, unsigned long part_len)
+{
+ return CALLS2 (DigestUpdate, part, part_len);
+}
+
+ck_rv_t
+pakchois_digest_key (pakchois_session_t * sess, ck_object_handle_t key)
+{
+ return CALLS1 (DigestKey, key);
+}
+
+ck_rv_t
+pakchois_digest_final (pakchois_session_t * sess,
+ unsigned char *digest, unsigned long *digest_len)
+{
+ return CALLS2 (DigestFinal, digest, digest_len);
+}
+
+ck_rv_t
+pakchois_sign_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
+{
+ return CALLS2 (SignInit, mechanism, key);
+}
+
+ck_rv_t
+pakchois_sign (pakchois_session_t * sess, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long *signature_len)
+{
+ return CALLS4 (Sign, data, data_len, signature, signature_len);
+}
+
+ck_rv_t
+pakchois_sign_update (pakchois_session_t * sess,
+ unsigned char *part, unsigned long part_len)
+{
+ return CALLS2 (SignUpdate, part, part_len);
+}
+
+ck_rv_t
+pakchois_sign_final (pakchois_session_t * sess,
+ unsigned char *signature, unsigned long *signature_len)
+{
+ return CALLS2 (SignFinal, signature, signature_len);
+}
+
+ck_rv_t
+pakchois_sign_recover_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
+{
+ return CALLS2 (SignRecoverInit, mechanism, key);
+}
+
+ck_rv_t
+pakchois_sign_recover (pakchois_session_t * sess,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature, unsigned long *signature_len)
+{
+ return CALLS4 (SignRecover, data, data_len, signature, signature_len);
+}
+
+ck_rv_t
+pakchois_verify_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism, ck_object_handle_t key)
+{
+ return CALLS2 (VerifyInit, mechanism, key);
+}
+
+ck_rv_t
+pakchois_verify (pakchois_session_t * sess, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long signature_len)
+{
+ return CALLS4 (Verify, data, data_len, signature, signature_len);
+}
+
+ck_rv_t
+pakchois_verify_update (pakchois_session_t * sess,
+ unsigned char *part, unsigned long part_len)
+{
+ return CALLS2 (VerifyUpdate, part, part_len);
+}
+
+ck_rv_t
+pakchois_verify_final (pakchois_session_t * sess,
+ unsigned char *signature, unsigned long signature_len)
+{
+ return CALLS2 (VerifyFinal, signature, signature_len);
+}
+
+ck_rv_t
+pakchois_verify_recover_init (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key)
+{
+ return CALLS2 (VerifyRecoverInit, mechanism, key);
+}
+
+ck_rv_t
+pakchois_verify_recover (pakchois_session_t * sess,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data, unsigned long *data_len)
+{
+ return CALLS4 (VerifyRecover, signature, signature_len, data, data_len);
+}
+
+ck_rv_t
+pakchois_digest_encrypt_update (pakchois_session_t * sess,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
+{
+ return CALLS4 (DigestEncryptUpdate, part, part_len,
+ encrypted_part, encrypted_part_len);
+}
+
+ck_rv_t
+pakchois_decrypt_digest_update (pakchois_session_t * sess,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
+{
+ return CALLS4 (DecryptDigestUpdate, encrypted_part,
+ encrypted_part_len, part, part_len);
+}
+
+ck_rv_t
+pakchois_sign_encrypt_update (pakchois_session_t * sess,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len)
+{
+ return CALLS4 (SignEncryptUpdate, part, part_len,
+ encrypted_part, encrypted_part_len);
+}
+
+ck_rv_t
+pakchois_decrypt_verify_update (pakchois_session_t * sess,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len)
+{
+ return CALLS4 (DecryptVerifyUpdate, encrypted_part,
+ encrypted_part_len, part, part_len);
+}
+
+ck_rv_t
+pakchois_generate_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * key)
+{
+ return CALLS4 (GenerateKey, mechanism, templ, count, key);
+}
+
+ck_rv_t
+pakchois_generate_key_pair (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute *
+ public_key_template,
+ unsigned long
+ public_key_attribute_count,
+ struct ck_attribute *
+ private_key_template,
+ unsigned long
+ private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key)
+{
+ return CALLS7 (GenerateKeyPair, mechanism,
+ public_key_template, public_key_attribute_count,
+ private_key_template, private_key_attribute_count,
+ public_key, private_key);
+}
+
+ck_rv_t
+pakchois_wrap_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key, unsigned long *wrapped_key_len)
+{
+ return CALLS5 (WrapKey, mechanism, wrapping_key,
+ key, wrapped_key, wrapped_key_len);
+}
+
+ck_rv_t
+pakchois_unwrap_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute * templ,
+ unsigned long attribute_count, ck_object_handle_t * key)
+{
+ return CALLS7 (UnwrapKey, mechanism, unwrapping_key,
+ wrapped_key, wrapped_key_len, templ, attribute_count, key);
+}
+
+ck_rv_t
+pakchois_derive_key (pakchois_session_t * sess,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute * templ,
+ unsigned long attribute_count, ck_object_handle_t * key)
+{
+ return CALLS5 (DeriveKey, mechanism, base_key, templ, attribute_count, key);
+}
+
+
+ck_rv_t
+pakchois_seed_random (pakchois_session_t * sess,
+ unsigned char *seed, unsigned long seed_len)
+{
+ return CALLS2 (SeedRandom, seed, seed_len);
+}
+
+ck_rv_t
+pakchois_generate_random (pakchois_session_t * sess,
+ unsigned char *random_data,
+ unsigned long random_len)
+{
+ return CALLS2 (GenerateRandom, random_data, random_len);
+}
--- /dev/null
+/*
+ pakchois PKCS#11 interface
+ Copyright (C) 2008, Joe Orton <joe@manyfish.co.uk>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Library General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Library General Public License for more details.
+
+ You should have received a copy of the GNU Library General Public
+ License along with this library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ MA 02111-1307, USA
+
+*/
+
+/*
+ This interface is directly derived from the scute.org PKCS#11
+ cryptoki interface, which is:
+
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE.
+*/
+
+#ifndef PAKCHOIS_H
+#define PAKCHOIS_H
+
+#define CRYPTOKI_GNU
+
+#include "pakchois11.h"
+
+/* API version: major is bumped for any backwards-incompatible
+ * changes. minor is bumped for any new interfaces. Note that the API
+ * is versioned independent of the project release version. */
+#define PAKCHOIS_API_MAJOR (0)
+#define PAKCHOIS_API_MINOR (2)
+
+/* API version history (note that API versions do not map directly to
+ the project version!):
+
+ 0.1: Initial release
+ 0.2: Addition of pakchois_error()
+ Concurrent access guarantee added for pakchois_module_load()
+ Thread-safety guarantee added for pakchois_wait_for_slot_event()
+*/
+
+typedef struct pakchois_module_s pakchois_module_t;
+typedef struct pakchois_session_s pakchois_session_t;
+
+/* Load a PKCS#11 module by name (for example "opensc" or
+ * "gnome-keyring"). Returns CKR_OK on success. Any module of given
+ * name may be safely loaded multiple times within an application; the
+ * underlying PKCS#11 provider will be loaded only once. */
+ck_rv_t pakchois_module_load (pakchois_module_t ** module, const char *name);
+
+/* Load a PKCS#11 module by absolute file name (for example "/lib/opensc-pkcs.so"
+ * Returns CKR_OK on success. Any module of given name may be safely loaded
+ * multiple times within an application; the underlying PKCS#11 provider will
+ * be loaded only once. */
+ck_rv_t pakchois_module_load_abs (pakchois_module_t ** module,
+ const char *name);
+
+/* Load an NSS "softokn" which violates the PKCS#11 standard in
+ * initialization, with given name (e.g. "softokn3"). The directory
+ * in which the NSS database resides must be specified; the other
+ * arguments may be NULL to use defaults. Returns CKR_OK on
+ * success. */
+ck_rv_t pakchois_module_nssload (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix,
+ const char *secmod_db);
+
+ck_rv_t pakchois_module_nssload_abs (pakchois_module_t ** module,
+ const char *name,
+ const char *directory,
+ const char *cert_prefix,
+ const char *key_prefix,
+ const char *secmod_db);
+
+/* Destroy a PKCS#11 module. */
+void pakchois_module_destroy (pakchois_module_t * module);
+
+/* Return the error string corresponding to the given return value.
+ * Never returns NULL. */
+const char *pakchois_error (ck_rv_t rv);
+
+/* All following interfaces model the PKCS#11 equivalents, without the
+ camel-cased naming convention. The PKCS#11 specification has
+ detailed interface descriptions:
+
+ http://www.rsa.com/rsalabs/node.asp?id=2133
+
+ The differences between this interface and PKCS#11 are:
+
+ 1. some interfaces take a module pointer as first argument
+
+ 2. session handlers are represented as opaque objects
+
+ 3. the notify callback type has changed accordingly
+
+ 4. the C_Initialize, C_Finalize, and C_GetFunctionList interfaces
+ are not exposed (these are called internally by
+ pakchois_module_load and pakchois_module_destroy)
+
+ 5. pakchois_wait_for_slot_event() is thread-safe against other
+ callers of pakchois_wait_for_slot_event(); the call to the
+ underlying provider's WaitForSlotEvent function is protected by a
+ mutex.
+
+ 6. pakchois_close_all_sessions() only closes sessions associated
+ with the given module instance; any sessions opened by other users
+ of the underlying provider are unaffected.
+
+ If a module object is used concurrently from separate threads,
+ undefined behaviour results. If a session object is used
+ concurrently from separate threads, undefined behavioure results.
+
+*/
+ck_rv_t pakchois_get_info (pakchois_module_t * module, struct ck_info *info);
+
+ck_rv_t pakchois_get_slot_list (pakchois_module_t * module,
+ unsigned char token_present,
+ ck_slot_id_t * slot_list,
+ unsigned long *count);
+
+ck_rv_t pakchois_get_slot_info (pakchois_module_t * module,
+ ck_slot_id_t slot_id,
+ struct ck_slot_info *info);
+
+ck_rv_t pakchois_get_token_info (pakchois_module_t * module,
+ ck_slot_id_t slot_id,
+ struct ck_token_info *info);
+
+ck_rv_t pakchois_wait_for_slot_event (pakchois_module_t * module,
+ ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved);
+
+ck_rv_t pakchois_get_mechanism_list (pakchois_module_t * module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count);
+
+ck_rv_t pakchois_get_mechanism_info (pakchois_module_t * module,
+ ck_slot_id_t slot_id,
+ ck_mechanism_type_t type,
+ struct ck_mechanism_info *info);
+
+ck_rv_t pakchois_init_token (pakchois_module_t * module,
+ ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label);
+
+ck_rv_t pakchois_init_pin (pakchois_session_t * session, unsigned char *pin,
+ unsigned long pin_len);
+
+ck_rv_t pakchois_set_pin (pakchois_session_t * session,
+ unsigned char *old_pin, unsigned long old_len,
+ unsigned char *new_pin, unsigned long new_len);
+
+typedef ck_rv_t (*pakchois_notify_t) (pakchois_session_t * sess,
+ ck_notification_t event,
+ void *application);
+
+ck_rv_t pakchois_open_session (pakchois_module_t * module,
+ ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, pakchois_notify_t notify,
+ pakchois_session_t ** session);
+
+ck_rv_t pakchois_close_session (pakchois_session_t * session);
+
+ck_rv_t pakchois_close_all_sessions (pakchois_module_t * module,
+ ck_slot_id_t slot_id);
+
+ck_rv_t pakchois_get_session_info (pakchois_session_t * session,
+ struct ck_session_info *info);
+ck_rv_t pakchois_get_operation_state (pakchois_session_t * session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len);
+ck_rv_t pakchois_set_operation_state (pakchois_session_t * session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key);
+
+ck_rv_t pakchois_login (pakchois_session_t * session,
+ ck_user_type_t user_type, unsigned char *pin,
+ unsigned long pin_len);
+ck_rv_t pakchois_logout (pakchois_session_t * session);
+
+ck_rv_t pakchois_create_object (pakchois_session_t * session,
+ struct ck_attribute *templ,
+ unsigned long count,
+ ck_object_handle_t * object);
+ck_rv_t pakchois_copy_object (pakchois_session_t * session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ, unsigned long count,
+ ck_object_handle_t * new_object);
+ck_rv_t pakchois_destroy_object (pakchois_session_t * session,
+ ck_object_handle_t object);
+ck_rv_t pakchois_get_object_size (pakchois_session_t * session,
+ ck_object_handle_t object,
+ unsigned long *size);
+
+ck_rv_t pakchois_get_attribute_value (pakchois_session_t * session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
+ck_rv_t pakchois_set_attribute_value (pakchois_session_t * session,
+ ck_object_handle_t object,
+ struct ck_attribute *templ,
+ unsigned long count);
+ck_rv_t pakchois_find_objects_init (pakchois_session_t * session,
+ struct ck_attribute *templ,
+ unsigned long count);
+ck_rv_t pakchois_find_objects (pakchois_session_t * session,
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count);
+ck_rv_t pakchois_find_objects_final (pakchois_session_t * session);
+
+ck_rv_t pakchois_encrypt_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_encrypt (pakchois_session_t * session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len);
+ck_rv_t pakchois_encrypt_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
+ck_rv_t pakchois_encrypt_final (pakchois_session_t * session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len);
+
+ck_rv_t pakchois_decrypt_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_decrypt (pakchois_session_t * session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len);
+ck_rv_t pakchois_decrypt_update (pakchois_session_t * session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
+ck_rv_t pakchois_decrypt_final (pakchois_session_t * session,
+ unsigned char *last_part,
+ unsigned long *last_part_len);
+ck_rv_t pakchois_digest_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism);
+ck_rv_t pakchois_digest (pakchois_session_t * session, unsigned char *data,
+ unsigned long data_len, unsigned char *digest,
+ unsigned long *digest_len);
+ck_rv_t pakchois_digest_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len);
+ck_rv_t pakchois_digest_key (pakchois_session_t * session,
+ ck_object_handle_t key);
+ck_rv_t pakchois_digest_final (pakchois_session_t * session,
+ unsigned char *digest,
+ unsigned long *digest_len);
+
+ck_rv_t pakchois_sign_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_sign (pakchois_session_t * session, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long *signature_len);
+ck_rv_t pakchois_sign_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len);
+ck_rv_t pakchois_sign_final (pakchois_session_t * session,
+ unsigned char *signature,
+ unsigned long *signature_len);
+ck_rv_t pakchois_sign_recover_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_sign_recover (pakchois_session_t * session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len);
+
+ck_rv_t pakchois_verify_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_verify (pakchois_session_t * session, unsigned char *data,
+ unsigned long data_len, unsigned char *signature,
+ unsigned long signature_len);
+ck_rv_t pakchois_verify_update (pakchois_session_t * session,
+ unsigned char *part, unsigned long part_len);
+ck_rv_t pakchois_verify_final (pakchois_session_t * session,
+ unsigned char *signature,
+ unsigned long signature_len);
+ck_rv_t pakchois_verify_recover_init (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t key);
+ck_rv_t pakchois_verify_recover (pakchois_session_t * session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data,
+ unsigned long *data_len);
+
+ck_rv_t pakchois_digest_encrypt_update (pakchois_session_t * session,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
+ck_rv_t pakchois_decrypt_digest_update (pakchois_session_t * session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
+ck_rv_t pakchois_sign_encrypt_update (pakchois_session_t * session,
+ unsigned char *part,
+ unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len);
+ck_rv_t pakchois_decrypt_verify_update (pakchois_session_t * session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part,
+ unsigned long *part_len);
+
+ck_rv_t pakchois_generate_key (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *templ,
+ unsigned long count, ck_object_handle_t * key);
+ck_rv_t pakchois_generate_key_pair (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ struct ck_attribute *public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute *private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key);
+
+ck_rv_t pakchois_wrap_key (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key, unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len);
+ck_rv_t pakchois_unwrap_key (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key);
+ck_rv_t pakchois_derive_key (pakchois_session_t * session,
+ struct ck_mechanism *mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute *templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key);
+
+ck_rv_t pakchois_seed_random (pakchois_session_t * session,
+ unsigned char *seed, unsigned long seed_len);
+ck_rv_t pakchois_generate_random (pakchois_session_t * session,
+ unsigned char *random_data,
+ unsigned long random_len);
+
+#endif /* PAKCHOIS_H */
--- /dev/null
+/* pkcs11.h
+ Copyright 2006, 2007 g10 Code GmbH
+ Copyright 2006 Andreas Jellinghaus
+
+ This file is free software; as a special exception the author gives
+ unlimited permission to copy and/or distribute it, with or without
+ modifications, as long as this notice is preserved.
+
+ This file is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even
+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. */
+
+/* Please submit changes back to the Scute project at
+ http://www.scute.org/ (or send them to marcus@g10code.com), so that
+ they can be picked up by other projects from there as well. */
+
+/* This file is a modified implementation of the PKCS #11 standard by
+ RSA Security Inc. It is mostly a drop-in replacement, with the
+ following change:
+
+ This header file does not require any macro definitions by the user
+ (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros
+ for you (if useful, some are missing, let me know if you need
+ more).
+
+ There is an additional API available that does comply better to the
+ GNU coding standard. It can be switched on by defining
+ CRYPTOKI_GNU before including this header file. For this, the
+ following changes are made to the specification:
+
+ All structure types are changed to a "struct ck_foo" where CK_FOO
+ is the type name in PKCS #11.
+
+ All non-structure types are changed to ck_foo_t where CK_FOO is the
+ lowercase version of the type name in PKCS #11. The basic types
+ (CK_ULONG et al.) are removed without substitute.
+
+ All members of structures are modified in the following way: Type
+ indication prefixes are removed, and underscore characters are
+ inserted before words. Then the result is lowercased.
+
+ Note that function names are still in the original case, as they
+ need for ABI compatibility.
+
+ CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use
+ <stdbool.h>.
+
+ If CRYPTOKI_COMPAT is defined before including this header file,
+ then none of the API changes above take place, and the API is the
+ one defined by the PKCS #11 standard. */
+
+#ifndef PKCS11_H
+#define PKCS11_H 1
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+
+/* The version of cryptoki we implement. The revision is changed with
+ each modification of this file. If you do not use the "official"
+ version of this file, please consider deleting the revision macro
+ (you may use a macro with a different name to keep track of your
+ versions). */
+#define CRYPTOKI_VERSION_MAJOR 2
+#define CRYPTOKI_VERSION_MINOR 20
+#define CRYPTOKI_VERSION_REVISION 6
+
+
+/* Compatibility interface is default, unless CRYPTOKI_GNU is
+ given. */
+#ifndef CRYPTOKI_GNU
+#ifndef CRYPTOKI_COMPAT
+#define CRYPTOKI_COMPAT 1
+#endif
+#endif
+
+/* System dependencies. */
+
+#if defined _WIN32 || defined CRYPTOKI_FORCE_WIN32
+
+/* There is a matching pop below. */
+#pragma pack(push, cryptoki, 1)
+
+#ifdef CRYPTOKI_EXPORTS
+#define CK_SPEC __declspec(dllexport)
+#else
+#define CK_SPEC __declspec(dllimport)
+#endif
+
+#else
+
+#define CK_SPEC
+
+#endif
+\f
+
+#ifdef CRYPTOKI_COMPAT
+ /* If we are in compatibility mode, switch all exposed names to the
+ PKCS #11 variant. There are corresponding #undefs below. */
+
+#define ck_flags_t CK_FLAGS
+#define ck_version _CK_VERSION
+
+#define ck_info _CK_INFO
+#define cryptoki_version cryptokiVersion
+#define manufacturer_id manufacturerID
+#define library_description libraryDescription
+#define library_version libraryVersion
+
+#define ck_notification_t CK_NOTIFICATION
+#define ck_slot_id_t CK_SLOT_ID
+
+#define ck_slot_info _CK_SLOT_INFO
+#define slot_description slotDescription
+#define hardware_version hardwareVersion
+#define firmware_version firmwareVersion
+
+#define ck_token_info _CK_TOKEN_INFO
+#define serial_number serialNumber
+#define max_session_count ulMaxSessionCount
+#define session_count ulSessionCount
+#define max_rw_session_count ulMaxRwSessionCount
+#define rw_session_count ulRwSessionCount
+#define max_pin_len ulMaxPinLen
+#define min_pin_len ulMinPinLen
+#define total_public_memory ulTotalPublicMemory
+#define free_public_memory ulFreePublicMemory
+#define total_private_memory ulTotalPrivateMemory
+#define free_private_memory ulFreePrivateMemory
+#define utc_time utcTime
+
+#define ck_session_handle_t CK_SESSION_HANDLE
+#define ck_user_type_t CK_USER_TYPE
+#define ck_state_t CK_STATE
+
+#define ck_session_info _CK_SESSION_INFO
+#define slot_id slotID
+#define device_error ulDeviceError
+
+#define ck_object_handle_t CK_OBJECT_HANDLE
+#define ck_object_class_t CK_OBJECT_CLASS
+#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE
+#define ck_key_type_t CK_KEY_TYPE
+#define ck_certificate_type_t CK_CERTIFICATE_TYPE
+#define ck_attribute_type_t CK_ATTRIBUTE_TYPE
+
+#define ck_attribute _CK_ATTRIBUTE
+#define value pValue
+#define value_len ulValueLen
+
+#define ck_date _CK_DATE
+
+#define ck_mechanism_type_t CK_MECHANISM_TYPE
+
+#define ck_mechanism _CK_MECHANISM
+#define parameter pParameter
+#define parameter_len ulParameterLen
+
+#define ck_mechanism_info _CK_MECHANISM_INFO
+#define min_key_size ulMinKeySize
+#define max_key_size ulMaxKeySize
+
+#define ck_rv_t CK_RV
+#define ck_notify_t CK_NOTIFY
+
+#define ck_function_list _CK_FUNCTION_LIST
+
+#define ck_createmutex_t CK_CREATEMUTEX
+#define ck_destroymutex_t CK_DESTROYMUTEX
+#define ck_lockmutex_t CK_LOCKMUTEX
+#define ck_unlockmutex_t CK_UNLOCKMUTEX
+
+#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS
+#define create_mutex CreateMutex
+#define destroy_mutex DestroyMutex
+#define lock_mutex LockMutex
+#define unlock_mutex UnlockMutex
+#define reserved pReserved
+
+#endif /* CRYPTOKI_COMPAT */
+\f
+
+
+ typedef unsigned long ck_flags_t;
+
+ struct ck_version
+ {
+ unsigned char major;
+ unsigned char minor;
+ };
+
+
+ struct ck_info
+ {
+ struct ck_version cryptoki_version;
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ unsigned char library_description[32];
+ struct ck_version library_version;
+ };
+
+
+ typedef unsigned long ck_notification_t;
+
+#define CKN_SURRENDER (0)
+
+
+ typedef unsigned long ck_slot_id_t;
+
+
+ struct ck_slot_info
+ {
+ unsigned char slot_description[64];
+ unsigned char manufacturer_id[32];
+ ck_flags_t flags;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ };
+
+
+#define CKF_TOKEN_PRESENT (1 << 0)
+#define CKF_REMOVABLE_DEVICE (1 << 1)
+#define CKF_HW_SLOT (1 << 2)
+#define CKF_ARRAY_ATTRIBUTE (1 << 30)
+
+
+ struct ck_token_info
+ {
+ unsigned char label[32];
+ unsigned char manufacturer_id[32];
+ unsigned char model[16];
+ unsigned char serial_number[16];
+ ck_flags_t flags;
+ unsigned long max_session_count;
+ unsigned long session_count;
+ unsigned long max_rw_session_count;
+ unsigned long rw_session_count;
+ unsigned long max_pin_len;
+ unsigned long min_pin_len;
+ unsigned long total_public_memory;
+ unsigned long free_public_memory;
+ unsigned long total_private_memory;
+ unsigned long free_private_memory;
+ struct ck_version hardware_version;
+ struct ck_version firmware_version;
+ unsigned char utc_time[16];
+ };
+
+
+#define CKF_RNG (1 << 0)
+#define CKF_WRITE_PROTECTED (1 << 1)
+#define CKF_LOGIN_REQUIRED (1 << 2)
+#define CKF_USER_PIN_INITIALIZED (1 << 3)
+#define CKF_RESTORE_KEY_NOT_NEEDED (1 << 5)
+#define CKF_CLOCK_ON_TOKEN (1 << 6)
+#define CKF_PROTECTED_AUTHENTICATION_PATH (1 << 8)
+#define CKF_DUAL_CRYPTO_OPERATIONS (1 << 9)
+#define CKF_TOKEN_INITIALIZED (1 << 10)
+#define CKF_SECONDARY_AUTHENTICATION (1 << 11)
+#define CKF_USER_PIN_COUNT_LOW (1 << 16)
+#define CKF_USER_PIN_FINAL_TRY (1 << 17)
+#define CKF_USER_PIN_LOCKED (1 << 18)
+#define CKF_USER_PIN_TO_BE_CHANGED (1 << 19)
+#define CKF_SO_PIN_COUNT_LOW (1 << 20)
+#define CKF_SO_PIN_FINAL_TRY (1 << 21)
+#define CKF_SO_PIN_LOCKED (1 << 22)
+#define CKF_SO_PIN_TO_BE_CHANGED (1 << 23)
+
+#define CK_UNAVAILABLE_INFORMATION ((unsigned long) -1)
+#define CK_EFFECTIVELY_INFINITE (0)
+
+
+ typedef unsigned long ck_session_handle_t;
+
+#define CK_INVALID_HANDLE (0)
+
+
+ typedef unsigned long ck_user_type_t;
+
+#define CKU_SO (0)
+#define CKU_USER (1)
+#define CKU_CONTEXT_SPECIFIC (2)
+
+
+ typedef unsigned long ck_state_t;
+
+#define CKS_RO_PUBLIC_SESSION (0)
+#define CKS_RO_USER_FUNCTIONS (1)
+#define CKS_RW_PUBLIC_SESSION (2)
+#define CKS_RW_USER_FUNCTIONS (3)
+#define CKS_RW_SO_FUNCTIONS (4)
+
+
+ struct ck_session_info
+ {
+ ck_slot_id_t slot_id;
+ ck_state_t state;
+ ck_flags_t flags;
+ unsigned long device_error;
+ };
+
+#define CKF_RW_SESSION (1 << 1)
+#define CKF_SERIAL_SESSION (1 << 2)
+
+
+ typedef unsigned long ck_object_handle_t;
+
+
+ typedef unsigned long ck_object_class_t;
+
+#define CKO_DATA (0)
+#define CKO_CERTIFICATE (1)
+#define CKO_PUBLIC_KEY (2)
+#define CKO_PRIVATE_KEY (3)
+#define CKO_SECRET_KEY (4)
+#define CKO_HW_FEATURE (5)
+#define CKO_DOMAIN_PARAMETERS (6)
+#define CKO_MECHANISM (7)
+#define CKO_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+ typedef unsigned long ck_hw_feature_type_t;
+
+#define CKH_MONOTONIC_COUNTER (1)
+#define CKH_CLOCK (2)
+#define CKH_USER_INTERFACE (3)
+#define CKH_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+ typedef unsigned long ck_key_type_t;
+
+#define CKK_RSA (0)
+#define CKK_DSA (1)
+#define CKK_DH (2)
+#define CKK_ECDSA (3)
+#define CKK_EC (3)
+#define CKK_X9_42_DH (4)
+#define CKK_KEA (5)
+#define CKK_GENERIC_SECRET (0x10)
+#define CKK_RC2 (0x11)
+#define CKK_RC4 (0x12)
+#define CKK_DES (0x13)
+#define CKK_DES2 (0x14)
+#define CKK_DES3 (0x15)
+#define CKK_CAST (0x16)
+#define CKK_CAST3 (0x17)
+#define CKK_CAST128 (0x18)
+#define CKK_RC5 (0x19)
+#define CKK_IDEA (0x1a)
+#define CKK_SKIPJACK (0x1b)
+#define CKK_BATON (0x1c)
+#define CKK_JUNIPER (0x1d)
+#define CKK_CDMF (0x1e)
+#define CKK_AES (0x1f)
+#define CKK_BLOWFISH (0x20)
+#define CKK_TWOFISH (0x21)
+#define CKK_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+ typedef unsigned long ck_certificate_type_t;
+
+#define CKC_X_509 (0)
+#define CKC_X_509_ATTR_CERT (1)
+#define CKC_WTLS (2)
+#define CKC_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+ typedef unsigned long ck_attribute_type_t;
+
+#define CKA_CLASS (0)
+#define CKA_TOKEN (1)
+#define CKA_PRIVATE (2)
+#define CKA_LABEL (3)
+#define CKA_APPLICATION (0x10)
+#define CKA_VALUE (0x11)
+#define CKA_OBJECT_ID (0x12)
+#define CKA_CERTIFICATE_TYPE (0x80)
+#define CKA_ISSUER (0x81)
+#define CKA_SERIAL_NUMBER (0x82)
+#define CKA_AC_ISSUER (0x83)
+#define CKA_OWNER (0x84)
+#define CKA_ATTR_TYPES (0x85)
+#define CKA_TRUSTED (0x86)
+#define CKA_CERTIFICATE_CATEGORY (0x87)
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88)
+#define CKA_URL (0x89)
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8a)
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8b)
+#define CKA_CHECK_VALUE (0x90)
+#define CKA_KEY_TYPE (0x100)
+#define CKA_SUBJECT (0x101)
+#define CKA_ID (0x102)
+#define CKA_SENSITIVE (0x103)
+#define CKA_ENCRYPT (0x104)
+#define CKA_DECRYPT (0x105)
+#define CKA_WRAP (0x106)
+#define CKA_UNWRAP (0x107)
+#define CKA_SIGN (0x108)
+#define CKA_SIGN_RECOVER (0x109)
+#define CKA_VERIFY (0x10a)
+#define CKA_VERIFY_RECOVER (0x10b)
+#define CKA_DERIVE (0x10c)
+#define CKA_START_DATE (0x110)
+#define CKA_END_DATE (0x111)
+#define CKA_MODULUS (0x120)
+#define CKA_MODULUS_BITS (0x121)
+#define CKA_PUBLIC_EXPONENT (0x122)
+#define CKA_PRIVATE_EXPONENT (0x123)
+#define CKA_PRIME_1 (0x124)
+#define CKA_PRIME_2 (0x125)
+#define CKA_EXPONENT_1 (0x126)
+#define CKA_EXPONENT_2 (0x127)
+#define CKA_COEFFICIENT (0x128)
+#define CKA_PRIME (0x130)
+#define CKA_SUBPRIME (0x131)
+#define CKA_BASE (0x132)
+#define CKA_PRIME_BITS (0x133)
+#define CKA_SUB_PRIME_BITS (0x134)
+#define CKA_VALUE_BITS (0x160)
+#define CKA_VALUE_LEN (0x161)
+#define CKA_EXTRACTABLE (0x162)
+#define CKA_LOCAL (0x163)
+#define CKA_NEVER_EXTRACTABLE (0x164)
+#define CKA_ALWAYS_SENSITIVE (0x165)
+#define CKA_KEY_GEN_MECHANISM (0x166)
+#define CKA_MODIFIABLE (0x170)
+#define CKA_ECDSA_PARAMS (0x180)
+#define CKA_EC_PARAMS (0x180)
+#define CKA_EC_POINT (0x181)
+#define CKA_SECONDARY_AUTH (0x200)
+#define CKA_AUTH_PIN_FLAGS (0x201)
+#define CKA_ALWAYS_AUTHENTICATE (0x202)
+#define CKA_WRAP_WITH_TRUSTED (0x210)
+#define CKA_HW_FEATURE_TYPE (0x300)
+#define CKA_RESET_ON_INIT (0x301)
+#define CKA_HAS_RESET (0x302)
+#define CKA_PIXEL_X (0x400)
+#define CKA_PIXEL_Y (0x401)
+#define CKA_RESOLUTION (0x402)
+#define CKA_CHAR_ROWS (0x403)
+#define CKA_CHAR_COLUMNS (0x404)
+#define CKA_COLOR (0x405)
+#define CKA_BITS_PER_PIXEL (0x406)
+#define CKA_CHAR_SETS (0x480)
+#define CKA_ENCODING_METHODS (0x481)
+#define CKA_MIME_TYPES (0x482)
+#define CKA_MECHANISM_TYPE (0x500)
+#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501)
+#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502)
+#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503)
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211)
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212)
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600)
+#define CKA_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+
+ struct ck_attribute
+ {
+ ck_attribute_type_t type;
+ void *value;
+ unsigned long value_len;
+ };
+
+
+ struct ck_date
+ {
+ unsigned char year[4];
+ unsigned char month[2];
+ unsigned char day[2];
+ };
+
+
+ typedef unsigned long ck_mechanism_type_t;
+
+#define CKM_RSA_PKCS_KEY_PAIR_GEN (0)
+#define CKM_RSA_PKCS (1)
+#define CKM_RSA_9796 (2)
+#define CKM_RSA_X_509 (3)
+#define CKM_MD2_RSA_PKCS (4)
+#define CKM_MD5_RSA_PKCS (5)
+#define CKM_SHA1_RSA_PKCS (6)
+#define CKM_RIPEMD128_RSA_PKCS (7)
+#define CKM_RIPEMD160_RSA_PKCS (8)
+#define CKM_RSA_PKCS_OAEP (9)
+#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xa)
+#define CKM_RSA_X9_31 (0xb)
+#define CKM_SHA1_RSA_X9_31 (0xc)
+#define CKM_RSA_PKCS_PSS (0xd)
+#define CKM_SHA1_RSA_PKCS_PSS (0xe)
+#define CKM_DSA_KEY_PAIR_GEN (0x10)
+#define CKM_DSA (0x11)
+#define CKM_DSA_SHA1 (0x12)
+#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20)
+#define CKM_DH_PKCS_DERIVE (0x21)
+#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30)
+#define CKM_X9_42_DH_DERIVE (0x31)
+#define CKM_X9_42_DH_HYBRID_DERIVE (0x32)
+#define CKM_X9_42_MQV_DERIVE (0x33)
+#define CKM_SHA256_RSA_PKCS (0x40)
+#define CKM_SHA384_RSA_PKCS (0x41)
+#define CKM_SHA512_RSA_PKCS (0x42)
+#define CKM_SHA256_RSA_PKCS_PSS (0x43)
+#define CKM_SHA384_RSA_PKCS_PSS (0x44)
+#define CKM_SHA512_RSA_PKCS_PSS (0x45)
+#define CKM_RC2_KEY_GEN (0x100)
+#define CKM_RC2_ECB (0x101)
+#define CKM_RC2_CBC (0x102)
+#define CKM_RC2_MAC (0x103)
+#define CKM_RC2_MAC_GENERAL (0x104)
+#define CKM_RC2_CBC_PAD (0x105)
+#define CKM_RC4_KEY_GEN (0x110)
+#define CKM_RC4 (0x111)
+#define CKM_DES_KEY_GEN (0x120)
+#define CKM_DES_ECB (0x121)
+#define CKM_DES_CBC (0x122)
+#define CKM_DES_MAC (0x123)
+#define CKM_DES_MAC_GENERAL (0x124)
+#define CKM_DES_CBC_PAD (0x125)
+#define CKM_DES2_KEY_GEN (0x130)
+#define CKM_DES3_KEY_GEN (0x131)
+#define CKM_DES3_ECB (0x132)
+#define CKM_DES3_CBC (0x133)
+#define CKM_DES3_MAC (0x134)
+#define CKM_DES3_MAC_GENERAL (0x135)
+#define CKM_DES3_CBC_PAD (0x136)
+#define CKM_CDMF_KEY_GEN (0x140)
+#define CKM_CDMF_ECB (0x141)
+#define CKM_CDMF_CBC (0x142)
+#define CKM_CDMF_MAC (0x143)
+#define CKM_CDMF_MAC_GENERAL (0x144)
+#define CKM_CDMF_CBC_PAD (0x145)
+#define CKM_MD2 (0x200)
+#define CKM_MD2_HMAC (0x201)
+#define CKM_MD2_HMAC_GENERAL (0x202)
+#define CKM_MD5 (0x210)
+#define CKM_MD5_HMAC (0x211)
+#define CKM_MD5_HMAC_GENERAL (0x212)
+#define CKM_SHA_1 (0x220)
+#define CKM_SHA_1_HMAC (0x221)
+#define CKM_SHA_1_HMAC_GENERAL (0x222)
+#define CKM_RIPEMD128 (0x230)
+#define CKM_RIPEMD128_HMAC (0x231)
+#define CKM_RIPEMD128_HMAC_GENERAL (0x232)
+#define CKM_RIPEMD160 (0x240)
+#define CKM_RIPEMD160_HMAC (0x241)
+#define CKM_RIPEMD160_HMAC_GENERAL (0x242)
+#define CKM_SHA256 (0x250)
+#define CKM_SHA256_HMAC (0x251)
+#define CKM_SHA256_HMAC_GENERAL (0x252)
+#define CKM_SHA384 (0x260)
+#define CKM_SHA384_HMAC (0x261)
+#define CKM_SHA384_HMAC_GENERAL (0x262)
+#define CKM_SHA512 (0x270)
+#define CKM_SHA512_HMAC (0x271)
+#define CKM_SHA512_HMAC_GENERAL (0x272)
+#define CKM_CAST_KEY_GEN (0x300)
+#define CKM_CAST_ECB (0x301)
+#define CKM_CAST_CBC (0x302)
+#define CKM_CAST_MAC (0x303)
+#define CKM_CAST_MAC_GENERAL (0x304)
+#define CKM_CAST_CBC_PAD (0x305)
+#define CKM_CAST3_KEY_GEN (0x310)
+#define CKM_CAST3_ECB (0x311)
+#define CKM_CAST3_CBC (0x312)
+#define CKM_CAST3_MAC (0x313)
+#define CKM_CAST3_MAC_GENERAL (0x314)
+#define CKM_CAST3_CBC_PAD (0x315)
+#define CKM_CAST5_KEY_GEN (0x320)
+#define CKM_CAST128_KEY_GEN (0x320)
+#define CKM_CAST5_ECB (0x321)
+#define CKM_CAST128_ECB (0x321)
+#define CKM_CAST5_CBC (0x322)
+#define CKM_CAST128_CBC (0x322)
+#define CKM_CAST5_MAC (0x323)
+#define CKM_CAST128_MAC (0x323)
+#define CKM_CAST5_MAC_GENERAL (0x324)
+#define CKM_CAST128_MAC_GENERAL (0x324)
+#define CKM_CAST5_CBC_PAD (0x325)
+#define CKM_CAST128_CBC_PAD (0x325)
+#define CKM_RC5_KEY_GEN (0x330)
+#define CKM_RC5_ECB (0x331)
+#define CKM_RC5_CBC (0x332)
+#define CKM_RC5_MAC (0x333)
+#define CKM_RC5_MAC_GENERAL (0x334)
+#define CKM_RC5_CBC_PAD (0x335)
+#define CKM_IDEA_KEY_GEN (0x340)
+#define CKM_IDEA_ECB (0x341)
+#define CKM_IDEA_CBC (0x342)
+#define CKM_IDEA_MAC (0x343)
+#define CKM_IDEA_MAC_GENERAL (0x344)
+#define CKM_IDEA_CBC_PAD (0x345)
+#define CKM_GENERIC_SECRET_KEY_GEN (0x350)
+#define CKM_CONCATENATE_BASE_AND_KEY (0x360)
+#define CKM_CONCATENATE_BASE_AND_DATA (0x362)
+#define CKM_CONCATENATE_DATA_AND_BASE (0x363)
+#define CKM_XOR_BASE_AND_DATA (0x364)
+#define CKM_EXTRACT_KEY_FROM_KEY (0x365)
+#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370)
+#define CKM_SSL3_MASTER_KEY_DERIVE (0x371)
+#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372)
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373)
+#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374)
+#define CKM_TLS_MASTER_KEY_DERIVE (0x375)
+#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376)
+#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377)
+#define CKM_SSL3_MD5_MAC (0x380)
+#define CKM_SSL3_SHA1_MAC (0x381)
+#define CKM_MD5_KEY_DERIVATION (0x390)
+#define CKM_MD2_KEY_DERIVATION (0x391)
+#define CKM_SHA1_KEY_DERIVATION (0x392)
+#define CKM_PBE_MD2_DES_CBC (0x3a0)
+#define CKM_PBE_MD5_DES_CBC (0x3a1)
+#define CKM_PBE_MD5_CAST_CBC (0x3a2)
+#define CKM_PBE_MD5_CAST3_CBC (0x3a3)
+#define CKM_PBE_MD5_CAST5_CBC (0x3a4)
+#define CKM_PBE_MD5_CAST128_CBC (0x3a4)
+#define CKM_PBE_SHA1_CAST5_CBC (0x3a5)
+#define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
+#define CKM_PBE_SHA1_RC4_128 (0x3a6)
+#define CKM_PBE_SHA1_RC4_40 (0x3a7)
+#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
+#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
+#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
+#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
+#define CKM_PKCS5_PBKD2 (0x3b0)
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0)
+#define CKM_KEY_WRAP_LYNKS (0x400)
+#define CKM_KEY_WRAP_SET_OAEP (0x401)
+#define CKM_SKIPJACK_KEY_GEN (0x1000)
+#define CKM_SKIPJACK_ECB64 (0x1001)
+#define CKM_SKIPJACK_CBC64 (0x1002)
+#define CKM_SKIPJACK_OFB64 (0x1003)
+#define CKM_SKIPJACK_CFB64 (0x1004)
+#define CKM_SKIPJACK_CFB32 (0x1005)
+#define CKM_SKIPJACK_CFB16 (0x1006)
+#define CKM_SKIPJACK_CFB8 (0x1007)
+#define CKM_SKIPJACK_WRAP (0x1008)
+#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009)
+#define CKM_SKIPJACK_RELAYX (0x100a)
+#define CKM_KEA_KEY_PAIR_GEN (0x1010)
+#define CKM_KEA_KEY_DERIVE (0x1011)
+#define CKM_FORTEZZA_TIMESTAMP (0x1020)
+#define CKM_BATON_KEY_GEN (0x1030)
+#define CKM_BATON_ECB128 (0x1031)
+#define CKM_BATON_ECB96 (0x1032)
+#define CKM_BATON_CBC128 (0x1033)
+#define CKM_BATON_COUNTER (0x1034)
+#define CKM_BATON_SHUFFLE (0x1035)
+#define CKM_BATON_WRAP (0x1036)
+#define CKM_ECDSA_KEY_PAIR_GEN (0x1040)
+#define CKM_EC_KEY_PAIR_GEN (0x1040)
+#define CKM_ECDSA (0x1041)
+#define CKM_ECDSA_SHA1 (0x1042)
+#define CKM_ECDH1_DERIVE (0x1050)
+#define CKM_ECDH1_COFACTOR_DERIVE (0x1051)
+#define CKM_ECMQV_DERIVE (0x1052)
+#define CKM_JUNIPER_KEY_GEN (0x1060)
+#define CKM_JUNIPER_ECB128 (0x1061)
+#define CKM_JUNIPER_CBC128 (0x1062)
+#define CKM_JUNIPER_COUNTER (0x1063)
+#define CKM_JUNIPER_SHUFFLE (0x1064)
+#define CKM_JUNIPER_WRAP (0x1065)
+#define CKM_FASTHASH (0x1070)
+#define CKM_AES_KEY_GEN (0x1080)
+#define CKM_AES_ECB (0x1081)
+#define CKM_AES_CBC (0x1082)
+#define CKM_AES_MAC (0x1083)
+#define CKM_AES_MAC_GENERAL (0x1084)
+#define CKM_AES_CBC_PAD (0x1085)
+#define CKM_DSA_PARAMETER_GEN (0x2000)
+#define CKM_DH_PKCS_PARAMETER_GEN (0x2001)
+#define CKM_X9_42_DH_PARAMETER_GEN (0x2002)
+#define CKM_VENDOR_DEFINED ((unsigned long) (1 << 31))
+
+/* Ammendments */
+#define CKM_SHA224 (0x255)
+#define CKM_SHA224_HMAC (0x256)
+#define CKM_SHA224_HMAC_GENERAL (0x257)
+#define CKM_SHA224_RSA_PKCS (0x46)
+#define CKM_SHA224_RSA_PKCS_PSS (0x47)
+#define CKM_SHA224_KEY_DERIVATION (0x396)
+
+#define CKM_CAMELLIA_KEY_GEN (0x550)
+#define CKM_CAMELLIA_ECB (0x551)
+#define CKM_CAMELLIA_CBC (0x552)
+#define CKM_CAMELLIA_MAC (0x553)
+#define CKM_CAMELLIA_MAC_GENERAL (0x554)
+#define CKM_CAMELLIA_CBC_PAD (0x555)
+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556)
+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557)
+
+
+ struct ck_mechanism
+ {
+ ck_mechanism_type_t mechanism;
+ void *parameter;
+ unsigned long parameter_len;
+ };
+
+
+ struct ck_mechanism_info
+ {
+ unsigned long min_key_size;
+ unsigned long max_key_size;
+ ck_flags_t flags;
+ };
+
+#define CKF_HW (1 << 0)
+#define CKF_ENCRYPT (1 << 8)
+#define CKF_DECRYPT (1 << 9)
+#define CKF_DIGEST (1 << 10)
+#define CKF_SIGN (1 << 11)
+#define CKF_SIGN_RECOVER (1 << 12)
+#define CKF_VERIFY (1 << 13)
+#define CKF_VERIFY_RECOVER (1 << 14)
+#define CKF_GENERATE (1 << 15)
+#define CKF_GENERATE_KEY_PAIR (1 << 16)
+#define CKF_WRAP (1 << 17)
+#define CKF_UNWRAP (1 << 18)
+#define CKF_DERIVE (1 << 19)
+#define CKF_EXTENSION ((unsigned long) (1 << 31))
+
+
+/* Flags for C_WaitForSlotEvent. */
+#define CKF_DONT_BLOCK (1)
+
+
+ typedef unsigned long ck_rv_t;
+
+
+ typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session,
+ ck_notification_t event, void *application);
+
+/* Forward reference. */
+ struct ck_function_list;
+
+#define _CK_DECLARE_FUNCTION(name, args) \
+typedef ck_rv_t (*CK_ ## name) args; \
+ck_rv_t CK_SPEC name args
+
+ _CK_DECLARE_FUNCTION (C_Initialize, (void *init_args));
+ _CK_DECLARE_FUNCTION (C_Finalize, (void *reserved));
+ _CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info * info));
+ _CK_DECLARE_FUNCTION (C_GetFunctionList,
+ (struct ck_function_list ** function_list));
+
+ _CK_DECLARE_FUNCTION (C_GetSlotList,
+ (unsigned char token_present,
+ ck_slot_id_t * slot_list, unsigned long *count));
+ _CK_DECLARE_FUNCTION (C_GetSlotInfo,
+ (ck_slot_id_t slot_id, struct ck_slot_info * info));
+ _CK_DECLARE_FUNCTION (C_GetTokenInfo,
+ (ck_slot_id_t slot_id,
+ struct ck_token_info * info));
+ _CK_DECLARE_FUNCTION (C_WaitForSlotEvent,
+ (ck_flags_t flags, ck_slot_id_t * slot,
+ void *reserved));
+ _CK_DECLARE_FUNCTION (C_GetMechanismList,
+ (ck_slot_id_t slot_id,
+ ck_mechanism_type_t * mechanism_list,
+ unsigned long *count));
+ _CK_DECLARE_FUNCTION (C_GetMechanismInfo,
+ (ck_slot_id_t slot_id, ck_mechanism_type_t type,
+ struct ck_mechanism_info * info));
+ _CK_DECLARE_FUNCTION (C_InitToken,
+ (ck_slot_id_t slot_id, unsigned char *pin,
+ unsigned long pin_len, unsigned char *label));
+ _CK_DECLARE_FUNCTION (C_InitPIN,
+ (ck_session_handle_t session, unsigned char *pin,
+ unsigned long pin_len));
+ _CK_DECLARE_FUNCTION (C_SetPIN,
+ (ck_session_handle_t session,
+ unsigned char *old_pin, unsigned long old_len,
+ unsigned char *new_pin, unsigned long new_len));
+
+ _CK_DECLARE_FUNCTION (C_OpenSession,
+ (ck_slot_id_t slot_id, ck_flags_t flags,
+ void *application, ck_notify_t notify,
+ ck_session_handle_t * session));
+ _CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session));
+ _CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id));
+ _CK_DECLARE_FUNCTION (C_GetSessionInfo,
+ (ck_session_handle_t session,
+ struct ck_session_info * info));
+ _CK_DECLARE_FUNCTION (C_GetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long *operation_state_len));
+ _CK_DECLARE_FUNCTION (C_SetOperationState,
+ (ck_session_handle_t session,
+ unsigned char *operation_state,
+ unsigned long operation_state_len,
+ ck_object_handle_t encryption_key,
+ ck_object_handle_t authentiation_key));
+ _CK_DECLARE_FUNCTION (C_Login,
+ (ck_session_handle_t session,
+ ck_user_type_t user_type, unsigned char *pin,
+ unsigned long pin_len));
+ _CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session));
+
+ _CK_DECLARE_FUNCTION (C_CreateObject,
+ (ck_session_handle_t session,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * object));
+ _CK_DECLARE_FUNCTION (C_CopyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count,
+ ck_object_handle_t * new_object));
+ _CK_DECLARE_FUNCTION (C_DestroyObject,
+ (ck_session_handle_t session,
+ ck_object_handle_t object));
+ _CK_DECLARE_FUNCTION (C_GetObjectSize,
+ (ck_session_handle_t session,
+ ck_object_handle_t object, unsigned long *size));
+ _CK_DECLARE_FUNCTION (C_GetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count));
+ _CK_DECLARE_FUNCTION (C_SetAttributeValue,
+ (ck_session_handle_t session,
+ ck_object_handle_t object,
+ struct ck_attribute * templ, unsigned long count));
+ _CK_DECLARE_FUNCTION (C_FindObjectsInit,
+ (ck_session_handle_t session,
+ struct ck_attribute * templ, unsigned long count));
+ _CK_DECLARE_FUNCTION (C_FindObjects,
+ (ck_session_handle_t session,
+ ck_object_handle_t * object,
+ unsigned long max_object_count,
+ unsigned long *object_count));
+ _CK_DECLARE_FUNCTION (C_FindObjectsFinal, (ck_session_handle_t session));
+
+ _CK_DECLARE_FUNCTION (C_EncryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Encrypt,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *encrypted_data,
+ unsigned long *encrypted_data_len));
+ _CK_DECLARE_FUNCTION (C_EncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+ _CK_DECLARE_FUNCTION (C_EncryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_encrypted_part,
+ unsigned long *last_encrypted_part_len));
+
+ _CK_DECLARE_FUNCTION (C_DecryptInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Decrypt,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_data,
+ unsigned long encrypted_data_len,
+ unsigned char *data, unsigned long *data_len));
+ _CK_DECLARE_FUNCTION (C_DecryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+ _CK_DECLARE_FUNCTION (C_DecryptFinal,
+ (ck_session_handle_t session,
+ unsigned char *last_part,
+ unsigned long *last_part_len));
+
+ _CK_DECLARE_FUNCTION (C_DigestInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism));
+ _CK_DECLARE_FUNCTION (C_Digest,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *digest, unsigned long *digest_len));
+ _CK_DECLARE_FUNCTION (C_DigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+ _CK_DECLARE_FUNCTION (C_DigestKey,
+ (ck_session_handle_t session,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_DigestFinal,
+ (ck_session_handle_t session, unsigned char *digest,
+ unsigned long *digest_len));
+
+ _CK_DECLARE_FUNCTION (C_SignInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Sign,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+ _CK_DECLARE_FUNCTION (C_SignUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+ _CK_DECLARE_FUNCTION (C_SignFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long *signature_len));
+ _CK_DECLARE_FUNCTION (C_SignRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_SignRecover,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long *signature_len));
+
+ _CK_DECLARE_FUNCTION (C_VerifyInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_Verify,
+ (ck_session_handle_t session,
+ unsigned char *data, unsigned long data_len,
+ unsigned char *signature,
+ unsigned long signature_len));
+ _CK_DECLARE_FUNCTION (C_VerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len));
+ _CK_DECLARE_FUNCTION (C_VerifyFinal,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len));
+ _CK_DECLARE_FUNCTION (C_VerifyRecoverInit,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t key));
+ _CK_DECLARE_FUNCTION (C_VerifyRecover,
+ (ck_session_handle_t session,
+ unsigned char *signature,
+ unsigned long signature_len,
+ unsigned char *data, unsigned long *data_len));
+
+ _CK_DECLARE_FUNCTION (C_DigestEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+ _CK_DECLARE_FUNCTION (C_DecryptDigestUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+ _CK_DECLARE_FUNCTION (C_SignEncryptUpdate,
+ (ck_session_handle_t session,
+ unsigned char *part, unsigned long part_len,
+ unsigned char *encrypted_part,
+ unsigned long *encrypted_part_len));
+ _CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate,
+ (ck_session_handle_t session,
+ unsigned char *encrypted_part,
+ unsigned long encrypted_part_len,
+ unsigned char *part, unsigned long *part_len));
+
+ _CK_DECLARE_FUNCTION (C_GenerateKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * templ,
+ unsigned long count, ck_object_handle_t * key));
+ _CK_DECLARE_FUNCTION (C_GenerateKeyPair,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ struct ck_attribute * public_key_template,
+ unsigned long public_key_attribute_count,
+ struct ck_attribute * private_key_template,
+ unsigned long private_key_attribute_count,
+ ck_object_handle_t * public_key,
+ ck_object_handle_t * private_key));
+ _CK_DECLARE_FUNCTION (C_WrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t wrapping_key,
+ ck_object_handle_t key,
+ unsigned char *wrapped_key,
+ unsigned long *wrapped_key_len));
+ _CK_DECLARE_FUNCTION (C_UnwrapKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t unwrapping_key,
+ unsigned char *wrapped_key,
+ unsigned long wrapped_key_len,
+ struct ck_attribute * templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key));
+ _CK_DECLARE_FUNCTION (C_DeriveKey,
+ (ck_session_handle_t session,
+ struct ck_mechanism * mechanism,
+ ck_object_handle_t base_key,
+ struct ck_attribute * templ,
+ unsigned long attribute_count,
+ ck_object_handle_t * key));
+
+ _CK_DECLARE_FUNCTION (C_SeedRandom,
+ (ck_session_handle_t session, unsigned char *seed,
+ unsigned long seed_len));
+ _CK_DECLARE_FUNCTION (C_GenerateRandom,
+ (ck_session_handle_t session,
+ unsigned char *random_data,
+ unsigned long random_len));
+
+ _CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session));
+ _CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session));
+
+
+ struct ck_function_list
+ {
+ struct ck_version version;
+ CK_C_Initialize C_Initialize;
+ CK_C_Finalize C_Finalize;
+ CK_C_GetInfo C_GetInfo;
+ CK_C_GetFunctionList C_GetFunctionList;
+ CK_C_GetSlotList C_GetSlotList;
+ CK_C_GetSlotInfo C_GetSlotInfo;
+ CK_C_GetTokenInfo C_GetTokenInfo;
+ CK_C_GetMechanismList C_GetMechanismList;
+ CK_C_GetMechanismInfo C_GetMechanismInfo;
+ CK_C_InitToken C_InitToken;
+ CK_C_InitPIN C_InitPIN;
+ CK_C_SetPIN C_SetPIN;
+ CK_C_OpenSession C_OpenSession;
+ CK_C_CloseSession C_CloseSession;
+ CK_C_CloseAllSessions C_CloseAllSessions;
+ CK_C_GetSessionInfo C_GetSessionInfo;
+ CK_C_GetOperationState C_GetOperationState;
+ CK_C_SetOperationState C_SetOperationState;
+ CK_C_Login C_Login;
+ CK_C_Logout C_Logout;
+ CK_C_CreateObject C_CreateObject;
+ CK_C_CopyObject C_CopyObject;
+ CK_C_DestroyObject C_DestroyObject;
+ CK_C_GetObjectSize C_GetObjectSize;
+ CK_C_GetAttributeValue C_GetAttributeValue;
+ CK_C_SetAttributeValue C_SetAttributeValue;
+ CK_C_FindObjectsInit C_FindObjectsInit;
+ CK_C_FindObjects C_FindObjects;
+ CK_C_FindObjectsFinal C_FindObjectsFinal;
+ CK_C_EncryptInit C_EncryptInit;
+ CK_C_Encrypt C_Encrypt;
+ CK_C_EncryptUpdate C_EncryptUpdate;
+ CK_C_EncryptFinal C_EncryptFinal;
+ CK_C_DecryptInit C_DecryptInit;
+ CK_C_Decrypt C_Decrypt;
+ CK_C_DecryptUpdate C_DecryptUpdate;
+ CK_C_DecryptFinal C_DecryptFinal;
+ CK_C_DigestInit C_DigestInit;
+ CK_C_Digest C_Digest;
+ CK_C_DigestUpdate C_DigestUpdate;
+ CK_C_DigestKey C_DigestKey;
+ CK_C_DigestFinal C_DigestFinal;
+ CK_C_SignInit C_SignInit;
+ CK_C_Sign C_Sign;
+ CK_C_SignUpdate C_SignUpdate;
+ CK_C_SignFinal C_SignFinal;
+ CK_C_SignRecoverInit C_SignRecoverInit;
+ CK_C_SignRecover C_SignRecover;
+ CK_C_VerifyInit C_VerifyInit;
+ CK_C_Verify C_Verify;
+ CK_C_VerifyUpdate C_VerifyUpdate;
+ CK_C_VerifyFinal C_VerifyFinal;
+ CK_C_VerifyRecoverInit C_VerifyRecoverInit;
+ CK_C_VerifyRecover C_VerifyRecover;
+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate;
+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate;
+ CK_C_SignEncryptUpdate C_SignEncryptUpdate;
+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate;
+ CK_C_GenerateKey C_GenerateKey;
+ CK_C_GenerateKeyPair C_GenerateKeyPair;
+ CK_C_WrapKey C_WrapKey;
+ CK_C_UnwrapKey C_UnwrapKey;
+ CK_C_DeriveKey C_DeriveKey;
+ CK_C_SeedRandom C_SeedRandom;
+ CK_C_GenerateRandom C_GenerateRandom;
+ CK_C_GetFunctionStatus C_GetFunctionStatus;
+ CK_C_CancelFunction C_CancelFunction;
+ CK_C_WaitForSlotEvent C_WaitForSlotEvent;
+ };
+
+
+ typedef ck_rv_t (*ck_createmutex_t) (void **mutex);
+ typedef ck_rv_t (*ck_destroymutex_t) (void *mutex);
+ typedef ck_rv_t (*ck_lockmutex_t) (void *mutex);
+ typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex);
+
+
+ struct ck_c_initialize_args
+ {
+ ck_createmutex_t create_mutex;
+ ck_destroymutex_t destroy_mutex;
+ ck_lockmutex_t lock_mutex;
+ ck_unlockmutex_t unlock_mutex;
+ ck_flags_t flags;
+ void *reserved;
+ };
+
+
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1 << 0)
+#define CKF_OS_LOCKING_OK (1 << 1)
+
+#define CKR_OK (0)
+#define CKR_CANCEL (1)
+#define CKR_HOST_MEMORY (2)
+#define CKR_SLOT_ID_INVALID (3)
+#define CKR_GENERAL_ERROR (5)
+#define CKR_FUNCTION_FAILED (6)
+#define CKR_ARGUMENTS_BAD (7)
+#define CKR_NO_EVENT (8)
+#define CKR_NEED_TO_CREATE_THREADS (9)
+#define CKR_CANT_LOCK (0xa)
+#define CKR_ATTRIBUTE_READ_ONLY (0x10)
+#define CKR_ATTRIBUTE_SENSITIVE (0x11)
+#define CKR_ATTRIBUTE_TYPE_INVALID (0x12)
+#define CKR_ATTRIBUTE_VALUE_INVALID (0x13)
+#define CKR_DATA_INVALID (0x20)
+#define CKR_DATA_LEN_RANGE (0x21)
+#define CKR_DEVICE_ERROR (0x30)
+#define CKR_DEVICE_MEMORY (0x31)
+#define CKR_DEVICE_REMOVED (0x32)
+#define CKR_ENCRYPTED_DATA_INVALID (0x40)
+#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41)
+#define CKR_FUNCTION_CANCELED (0x50)
+#define CKR_FUNCTION_NOT_PARALLEL (0x51)
+#define CKR_FUNCTION_NOT_SUPPORTED (0x54)
+#define CKR_KEY_HANDLE_INVALID (0x60)
+#define CKR_KEY_SIZE_RANGE (0x62)
+#define CKR_KEY_TYPE_INCONSISTENT (0x63)
+#define CKR_KEY_NOT_NEEDED (0x64)
+#define CKR_KEY_CHANGED (0x65)
+#define CKR_KEY_NEEDED (0x66)
+#define CKR_KEY_INDIGESTIBLE (0x67)
+#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68)
+#define CKR_KEY_NOT_WRAPPABLE (0x69)
+#define CKR_KEY_UNEXTRACTABLE (0x6a)
+#define CKR_MECHANISM_INVALID (0x70)
+#define CKR_MECHANISM_PARAM_INVALID (0x71)
+#define CKR_OBJECT_HANDLE_INVALID (0x82)
+#define CKR_OPERATION_ACTIVE (0x90)
+#define CKR_OPERATION_NOT_INITIALIZED (0x91)
+#define CKR_PIN_INCORRECT (0xa0)
+#define CKR_PIN_INVALID (0xa1)
+#define CKR_PIN_LEN_RANGE (0xa2)
+#define CKR_PIN_EXPIRED (0xa3)
+#define CKR_PIN_LOCKED (0xa4)
+#define CKR_SESSION_CLOSED (0xb0)
+#define CKR_SESSION_COUNT (0xb1)
+#define CKR_SESSION_HANDLE_INVALID (0xb3)
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4)
+#define CKR_SESSION_READ_ONLY (0xb5)
+#define CKR_SESSION_EXISTS (0xb6)
+#define CKR_SESSION_READ_ONLY_EXISTS (0xb7)
+#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8)
+#define CKR_SIGNATURE_INVALID (0xc0)
+#define CKR_SIGNATURE_LEN_RANGE (0xc1)
+#define CKR_TEMPLATE_INCOMPLETE (0xd0)
+#define CKR_TEMPLATE_INCONSISTENT (0xd1)
+#define CKR_TOKEN_NOT_PRESENT (0xe0)
+#define CKR_TOKEN_NOT_RECOGNIZED (0xe1)
+#define CKR_TOKEN_WRITE_PROTECTED (0xe2)
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0)
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1)
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2)
+#define CKR_USER_ALREADY_LOGGED_IN (0x100)
+#define CKR_USER_NOT_LOGGED_IN (0x101)
+#define CKR_USER_PIN_NOT_INITIALIZED (0x102)
+#define CKR_USER_TYPE_INVALID (0x103)
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104)
+#define CKR_USER_TOO_MANY_TYPES (0x105)
+#define CKR_WRAPPED_KEY_INVALID (0x110)
+#define CKR_WRAPPED_KEY_LEN_RANGE (0x112)
+#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113)
+#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114)
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115)
+#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120)
+#define CKR_RANDOM_NO_RNG (0x121)
+#define CKR_DOMAIN_PARAMS_INVALID (0x130)
+#define CKR_BUFFER_TOO_SMALL (0x150)
+#define CKR_SAVED_STATE_INVALID (0x160)
+#define CKR_INFORMATION_SENSITIVE (0x170)
+#define CKR_STATE_UNSAVEABLE (0x180)
+#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190)
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191)
+#define CKR_MUTEX_BAD (0x1a0)
+#define CKR_MUTEX_NOT_LOCKED (0x1a1)
+#define CKR_FUNCTION_REJECTED (0x200)
+#define CKR_VENDOR_DEFINED ((unsigned long) (1 << 31))
+\f
+
+
+/* Compatibility layer. */
+
+#ifdef CRYPTOKI_COMPAT
+
+#undef CK_DEFINE_FUNCTION
+#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name
+
+/* For NULL. */
+#include <stddef.h>
+
+ typedef unsigned char CK_BYTE;
+ typedef unsigned char CK_CHAR;
+ typedef unsigned char CK_UTF8CHAR;
+ typedef unsigned char CK_BBOOL;
+ typedef unsigned long int CK_ULONG;
+ typedef long int CK_LONG;
+ typedef CK_BYTE *CK_BYTE_PTR;
+ typedef CK_CHAR *CK_CHAR_PTR;
+ typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR;
+ typedef CK_ULONG *CK_ULONG_PTR;
+ typedef void *CK_VOID_PTR;
+ typedef void **CK_VOID_PTR_PTR;
+#define CK_FALSE 0
+#define CK_TRUE 1
+#ifndef CK_DISABLE_TRUE_FALSE
+#ifndef FALSE
+#define FALSE 0
+#endif
+#ifndef TRUE
+#define TRUE 1
+#endif
+#endif
+
+ typedef struct ck_version CK_VERSION;
+ typedef struct ck_version *CK_VERSION_PTR;
+
+ typedef struct ck_info CK_INFO;
+ typedef struct ck_info *CK_INFO_PTR;
+
+ typedef ck_slot_id_t *CK_SLOT_ID_PTR;
+
+ typedef struct ck_slot_info CK_SLOT_INFO;
+ typedef struct ck_slot_info *CK_SLOT_INFO_PTR;
+
+ typedef struct ck_token_info CK_TOKEN_INFO;
+ typedef struct ck_token_info *CK_TOKEN_INFO_PTR;
+
+ typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR;
+
+ typedef struct ck_session_info CK_SESSION_INFO;
+ typedef struct ck_session_info *CK_SESSION_INFO_PTR;
+
+ typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR;
+
+ typedef ck_object_class_t *CK_OBJECT_CLASS_PTR;
+
+ typedef struct ck_attribute CK_ATTRIBUTE;
+ typedef struct ck_attribute *CK_ATTRIBUTE_PTR;
+
+ typedef struct ck_date CK_DATE;
+ typedef struct ck_date *CK_DATE_PTR;
+
+ typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR;
+
+ typedef struct ck_mechanism CK_MECHANISM;
+ typedef struct ck_mechanism *CK_MECHANISM_PTR;
+
+ typedef struct ck_mechanism_info CK_MECHANISM_INFO;
+ typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR;
+
+ typedef struct ck_function_list CK_FUNCTION_LIST;
+ typedef struct ck_function_list *CK_FUNCTION_LIST_PTR;
+ typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR;
+
+ typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS;
+ typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR;
+
+#define NULL_PTR NULL
+
+/* Delete the helper macros defined at the top of the file. */
+#undef ck_flags_t
+#undef ck_version
+
+#undef ck_info
+#undef cryptoki_version
+#undef manufacturer_id
+#undef library_description
+#undef library_version
+
+#undef ck_notification_t
+#undef ck_slot_id_t
+
+#undef ck_slot_info
+#undef slot_description
+#undef hardware_version
+#undef firmware_version
+
+#undef ck_token_info
+#undef serial_number
+#undef max_session_count
+#undef session_count
+#undef max_rw_session_count
+#undef rw_session_count
+#undef max_pin_len
+#undef min_pin_len
+#undef total_public_memory
+#undef free_public_memory
+#undef total_private_memory
+#undef free_private_memory
+#undef utc_time
+
+#undef ck_session_handle_t
+#undef ck_user_type_t
+#undef ck_state_t
+
+#undef ck_session_info
+#undef slot_id
+#undef device_error
+
+#undef ck_object_handle_t
+#undef ck_object_class_t
+#undef ck_hw_feature_type_t
+#undef ck_key_type_t
+#undef ck_certificate_type_t
+#undef ck_attribute_type_t
+
+#undef ck_attribute
+#undef value
+#undef value_len
+
+#undef ck_date
+
+#undef ck_mechanism_type_t
+
+#undef ck_mechanism
+#undef parameter
+#undef parameter_len
+
+#undef ck_mechanism_info
+#undef min_key_size
+#undef max_key_size
+
+#undef ck_rv_t
+#undef ck_notify_t
+
+#undef ck_function_list
+
+#undef ck_createmutex_t
+#undef ck_destroymutex_t
+#undef ck_lockmutex_t
+#undef ck_unlockmutex_t
+
+#undef ck_c_initialize_args
+#undef create_mutex
+#undef destroy_mutex
+#undef lock_mutex
+#undef unlock_mutex
+#undef reserved
+
+#endif /* CRYPTOKI_COMPAT */
+\f
+
+/* System dependencies. */
+#if defined _WIN32 || defined CRYPTOKI_FORCE_WIN32
+#pragma pack(pop, cryptoki)
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PKCS11_H */
--- /dev/null
+/*
+ * GnuTLS PKCS#11 support
+ * Copyright (C) 2010 Free Software Foundation
+ * Copyright (C) 2008, Joe Orton <joe@manyfish.co.uk>
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * Inspired and some parts (pkcs11_login) based on neon PKCS #11 support
+ * by Joe Orton. More ideas came from the pkcs11-helper library by
+ * Alon Bar-Lev.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA
+*/
+
+#include <gnutls_int.h>
+#include <gnutls/pkcs11.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <pkcs11_int.h>
+
+#define MAX_PROVIDERS 16
+
+static void terminate_string (unsigned char *str, size_t len);
+
+/* XXX: try to eliminate this */
+#define MAX_CERT_SIZE 8*1024
+
+struct gnutls_pkcs11_provider_s
+{
+ pakchois_module_t *module;
+ unsigned long nslots;
+ ck_slot_id_t *slots;
+ struct ck_info info;
+};
+
+struct flags_find_data_st
+{
+ struct pkcs11_url_info info;
+ unsigned int slot_flags;
+};
+
+struct url_find_data_st
+{
+ gnutls_pkcs11_obj_t crt;
+};
+
+struct crt_find_data_st
+{
+ gnutls_pkcs11_obj_t *p_list;
+ unsigned int *n_list;
+ unsigned int current;
+ gnutls_pkcs11_obj_attr_t flags;
+ struct pkcs11_url_info info;
+};
+
+
+static struct gnutls_pkcs11_provider_s providers[MAX_PROVIDERS];
+static int active_providers = 0;
+
+static gnutls_pkcs11_pin_callback_t pin_func;
+static void *pin_data;
+
+gnutls_pkcs11_token_callback_t token_func;
+void *token_data;
+
+int
+pkcs11_rv_to_err (ck_rv_t rv)
+{
+ switch (rv)
+ {
+ case CKR_OK:
+ return 0;
+ case CKR_HOST_MEMORY:
+ return GNUTLS_E_MEMORY_ERROR;
+ case CKR_SLOT_ID_INVALID:
+ return GNUTLS_E_PKCS11_SLOT_ERROR;
+ case CKR_ARGUMENTS_BAD:
+ case CKR_MECHANISM_PARAM_INVALID:
+ return GNUTLS_E_INVALID_REQUEST;
+ case CKR_NEED_TO_CREATE_THREADS:
+ case CKR_CANT_LOCK:
+ case CKR_FUNCTION_NOT_PARALLEL:
+ case CKR_MUTEX_BAD:
+ case CKR_MUTEX_NOT_LOCKED:
+ return GNUTLS_E_LOCKING_ERROR;
+ case CKR_ATTRIBUTE_READ_ONLY:
+ case CKR_ATTRIBUTE_SENSITIVE:
+ case CKR_ATTRIBUTE_TYPE_INVALID:
+ case CKR_ATTRIBUTE_VALUE_INVALID:
+ return GNUTLS_E_PKCS11_ATTRIBUTE_ERROR;
+ case CKR_DEVICE_ERROR:
+ case CKR_DEVICE_MEMORY:
+ case CKR_DEVICE_REMOVED:
+ return GNUTLS_E_PKCS11_DEVICE_ERROR;
+ case CKR_DATA_INVALID:
+ case CKR_DATA_LEN_RANGE:
+ case CKR_ENCRYPTED_DATA_INVALID:
+ case CKR_ENCRYPTED_DATA_LEN_RANGE:
+ case CKR_OBJECT_HANDLE_INVALID:
+ return GNUTLS_E_PKCS11_DATA_ERROR;
+ case CKR_FUNCTION_NOT_SUPPORTED:
+ case CKR_MECHANISM_INVALID:
+ return GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR;
+ case CKR_KEY_HANDLE_INVALID:
+ case CKR_KEY_SIZE_RANGE:
+ case CKR_KEY_TYPE_INCONSISTENT:
+ case CKR_KEY_NOT_NEEDED:
+ case CKR_KEY_CHANGED:
+ case CKR_KEY_NEEDED:
+ case CKR_KEY_INDIGESTIBLE:
+ case CKR_KEY_FUNCTION_NOT_PERMITTED:
+ case CKR_KEY_NOT_WRAPPABLE:
+ case CKR_KEY_UNEXTRACTABLE:
+ return GNUTLS_E_PKCS11_KEY_ERROR;
+ case CKR_PIN_INCORRECT:
+ case CKR_PIN_INVALID:
+ case CKR_PIN_LEN_RANGE:
+ return GNUTLS_E_PKCS11_PIN_ERROR;
+ case CKR_PIN_EXPIRED:
+ return GNUTLS_E_PKCS11_PIN_EXPIRED;
+ case CKR_PIN_LOCKED:
+ return GNUTLS_E_PKCS11_PIN_LOCKED;
+ case CKR_SESSION_CLOSED:
+ case CKR_SESSION_COUNT:
+ case CKR_SESSION_HANDLE_INVALID:
+ case CKR_SESSION_PARALLEL_NOT_SUPPORTED:
+ case CKR_SESSION_READ_ONLY:
+ case CKR_SESSION_EXISTS:
+ case CKR_SESSION_READ_ONLY_EXISTS:
+ case CKR_SESSION_READ_WRITE_SO_EXISTS:
+ return GNUTLS_E_PKCS11_SESSION_ERROR;
+ case CKR_SIGNATURE_INVALID:
+ case CKR_SIGNATURE_LEN_RANGE:
+ return GNUTLS_E_PKCS11_SIGNATURE_ERROR;
+ case CKR_TOKEN_NOT_PRESENT:
+ case CKR_TOKEN_NOT_RECOGNIZED:
+ case CKR_TOKEN_WRITE_PROTECTED:
+ return GNUTLS_E_PKCS11_TOKEN_ERROR;
+ case CKR_USER_ALREADY_LOGGED_IN:
+ case CKR_USER_NOT_LOGGED_IN:
+ case CKR_USER_PIN_NOT_INITIALIZED:
+ case CKR_USER_TYPE_INVALID:
+ case CKR_USER_ANOTHER_ALREADY_LOGGED_IN:
+ case CKR_USER_TOO_MANY_TYPES:
+ return GNUTLS_E_PKCS11_USER_ERROR;
+ case CKR_BUFFER_TOO_SMALL:
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ default:
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+}
+
+/* Fake scan */
+void
+pkcs11_rescan_slots (void)
+{
+ unsigned long slots;
+
+ pakchois_get_slot_list (providers[active_providers - 1].module, 0,
+ NULL, &slots);
+}
+
+/**
+ * gnutls_pkcs11_add_provider:
+ * @name: The filename of the module
+ * @params: should be NULL
+ *
+ * This function will load and add a PKCS 11 module to the module
+ * list used in gnutls. After this function is called the module will
+ * be used for PKCS 11 operations.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_add_provider (const char *name, const char *params)
+{
+
+ if (active_providers >= MAX_PROVIDERS)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CONSTRAINT_ERROR;
+ }
+
+ active_providers++;
+ if (pakchois_module_load_abs
+ (&providers[active_providers - 1].module, name) != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("p11: Cannot load provider %s\n", name);
+ active_providers--;
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+ }
+
+ /* cache the number of slots in this module */
+ if (pakchois_get_slot_list
+ (providers[active_providers - 1].module, 0, NULL,
+ &providers[active_providers - 1].nslots) != CKR_OK)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ providers[active_providers - 1].slots =
+ gnutls_malloc (sizeof (*providers[active_providers - 1].slots) *
+ providers[active_providers - 1].nslots);
+ if (providers[active_providers - 1].slots == NULL)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ if (pakchois_get_slot_list
+ (providers[active_providers - 1].module, 0,
+ providers[active_providers - 1].slots,
+ &providers[active_providers - 1].nslots) != CKR_OK)
+ {
+ gnutls_assert ();
+ gnutls_free (providers[active_providers - 1].slots);
+ goto fail;
+ }
+
+ memset (&providers[active_providers - 1].info, 0,
+ sizeof (providers[active_providers - 1].info));
+ pakchois_get_info (providers[active_providers - 1].module,
+ &providers[active_providers - 1].info);
+
+ terminate_string (providers[active_providers - 1].info.manufacturer_id,
+ sizeof (providers[active_providers - 1].
+ info.manufacturer_id));
+ terminate_string (providers[active_providers - 1].info.library_description,
+ sizeof (providers[active_providers - 1].
+ info.library_description));
+
+ _gnutls_debug_log ("p11: loaded provider '%s' with %d slots\n",
+ name, (int) providers[active_providers - 1].nslots);
+
+ return 0;
+
+fail:
+ pakchois_module_destroy (providers[active_providers - 1].module);
+ active_providers--;
+ return GNUTLS_E_PKCS11_LOAD_ERROR;
+
+}
+
+
+/**
+ * gnutls_pkcs11_obj_get_info:
+ * @crt: should contain a #gnutls_pkcs11_obj_t structure
+ * @itype: Denotes the type of information requested
+ * @output: where output will be stored
+ * @output_size: contains the maximum size of the output and will be overwritten with actual
+ *
+ * This function will return information about the PKCS 11 certificatesuch
+ * as the label, id as well as token information where the key is stored. When
+ * output is text it returns null terminated string although %output_size contains
+ * the size of the actual data only.
+ *
+ * Returns: zero on success or a negative value on error.
+ **/
+int
+gnutls_pkcs11_obj_get_info (gnutls_pkcs11_obj_t crt,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
+{
+ return pkcs11_get_info (&crt->info, itype, output, output_size);
+}
+
+int
+pkcs11_get_info (struct pkcs11_url_info *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size)
+{
+ const char *str = NULL;
+ size_t len;
+
+ switch (itype)
+ {
+ case GNUTLS_PKCS11_OBJ_ID:
+ if (*output_size < info->certid_raw_size)
+ {
+ *output_size = info->certid_raw_size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ if (output)
+ memcpy (output, info->certid_raw, info->certid_raw_size);
+ *output_size = info->certid_raw_size;
+
+ return 0;
+ case GNUTLS_PKCS11_OBJ_ID_HEX:
+ str = info->id;
+ break;
+ case GNUTLS_PKCS11_OBJ_LABEL:
+ str = info->label;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_LABEL:
+ str = info->token;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_SERIAL:
+ str = info->serial;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MANUFACTURER:
+ str = info->manufacturer;
+ break;
+ case GNUTLS_PKCS11_OBJ_TOKEN_MODEL:
+ str = info->model;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_DESCRIPTION:
+ str = info->lib_desc;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_VERSION:
+ str = info->lib_version;
+ break;
+ case GNUTLS_PKCS11_OBJ_LIBRARY_MANUFACTURER:
+ str = info->lib_manufacturer;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = strlen (str);
+
+ if (len + 1 > *output_size)
+ {
+ *output_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ strcpy (output, str);
+
+ *output_size = len;
+
+ return 0;
+}
+
+static int init = 0;
+
+
+/**
+ * gnutls_pkcs11_init:
+ * @flags: GNUTLS_PKCS11_FLAG_MANUAL or GNUTLS_PKCS11_FLAG_AUTO
+ * @configfile: either NULL or the location of a configuration file
+ *
+ * This function will initialize the PKCS 11 subsystem in gnutls. It will
+ * read a configuration file if %GNUTLS_PKCS11_FLAG_AUTO is used or allow
+ * you to independently load PKCS 11 modules using gnutls_pkcs11_add_provider()
+ * if %GNUTLS_PKCS11_FLAG_MANUAL is specified.
+ *
+ * Normally you don't need to call this function since it is being called
+ * by gnutls_global_init(). Otherwise you must call it before it.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_init (unsigned int flags, const char *configfile)
+{
+ int ret;
+
+ if (init != 0)
+ {
+ init++;
+ return 0;
+ }
+ init++;
+
+ if (flags == GNUTLS_PKCS11_FLAG_MANUAL)
+ return 0;
+ else
+ {
+ FILE *fp;
+ char line[512];
+ const char *library;
+
+ if (configfile == NULL)
+ configfile = "/etc/gnutls/pkcs11.conf";
+
+ fp = fopen (configfile, "r");
+ if (fp == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot load %s\n", configfile);
+ return GNUTLS_E_FILE_ERROR;
+ }
+
+ while (fgets (line, sizeof (line), fp) != NULL)
+ {
+ if (strncmp (line, "load", sizeof ("load") - 1) == 0)
+ {
+ char *p;
+ p = strchr (line, '=');
+ if (p == NULL)
+ continue;
+
+ library = ++p;
+
+ p = strchr (line, '\n');
+ if (p != NULL)
+ {
+ *p = 0;
+ }
+
+ ret = gnutls_pkcs11_add_provider (library, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Cannot load provider: %s\n", library);
+ continue;
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs11_deinit:
+ *
+ * This function will deinitialize the PKCS 11 subsystem in gnutls.
+ *
+ **/
+void
+gnutls_pkcs11_deinit (void)
+{
+ int i;
+
+ init--;
+ if (init > 0)
+ return;
+ if (init < 0)
+ {
+ init = 0;
+ return;
+ }
+
+ for (i = 0; i < active_providers; i++)
+ {
+ pakchois_module_destroy (providers[i].module);
+ }
+ active_providers = 0;
+}
+
+/**
+ * gnutls_pkcs11_set_pin_function:
+ * @fn: The PIN callback
+ * @userdata: data to be supplied to callback
+ *
+ * This function will set a callback function to be used when a PIN
+ * is required for PKCS 11 operations.
+ *
+ * Callback for PKCS#11 PIN entry. The callback provides the PIN code
+ * to unlock the token with label 'token_label', specified by the URL
+ * 'token_url'.
+ *
+ * The PIN code, as a NUL-terminated ASCII string, should be copied
+ * into the 'pin' buffer (of maximum size pin_max), and
+ * return 0 to indicate success. Alternatively, the callback may
+ * return a negative gnutls error code to indicate failure and cancel
+ * PIN entry (in which case, the contents of the 'pin' parameter are ignored).
+ *
+ * When a PIN is required, the callback will be invoked repeatedly
+ * (and indefinitely) until either the returned PIN code is correct,
+ * the callback returns failure, or the token refuses login (e.g. when
+ * the token is locked due to too many incorrect PINs!). For the
+ * first such invocation, the 'attempt' counter will have value zero;
+ * it will increase by one for each subsequent attempt.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+void
+gnutls_pkcs11_set_pin_function (gnutls_pkcs11_pin_callback_t fn,
+ void *userdata)
+{
+ pin_func = fn;
+ pin_data = userdata;
+}
+
+/**
+ * gnutls_pkcs11_set_token_function:
+ * @fn: The token callback
+ * @userdata: data to be supplied to callback
+ *
+ * This function will set a callback function to be used when a token
+ * needs to be inserted to continue PKCS 11 operations.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+void
+gnutls_pkcs11_set_token_function (gnutls_pkcs11_token_callback_t fn,
+ void *userdata)
+{
+ token_func = fn;
+ token_data = userdata;
+}
+
+static int
+unescape_string (char *output, const char *input, size_t * size,
+ char terminator)
+{
+ gnutls_buffer_st str;
+ int ret = 0;
+ char *p;
+ int len;
+
+ _gnutls_buffer_init (&str);
+
+ /* find terminator */
+ p = strchr (input, terminator);
+ if (p != NULL)
+ len = p - input;
+ else
+ len = strlen (input);
+
+ ret = _gnutls_buffer_append_data (&str, input, len);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_unescape (&str);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_buffer_append_data (&str, "", 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_buffer_pop_data (&str, output, size);
+
+ _gnutls_buffer_clear (&str);
+
+ return ret;
+}
+
+int
+pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info)
+{
+ int ret;
+ char *p1, *p2;
+ size_t l;
+
+ memset (info, 0, sizeof (*info));
+
+ if (strstr (url, "pkcs11:") == NULL)
+ {
+ ret = GNUTLS_E_PARSING_ERROR;
+ goto cleanup;
+ }
+
+ if ((p1 = strstr (url, "library-manufacturer=")) != NULL)
+ {
+ p1 += sizeof ("library-manufacturer=") - 1;
+ l = sizeof (info->lib_manufacturer);
+
+ ret = unescape_string (info->lib_manufacturer, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, "library-description=")) != NULL)
+ {
+ p1 += sizeof ("library-description=") - 1;
+ l = sizeof (info->lib_desc);
+
+ ret = unescape_string (info->lib_desc, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, "library-version=")) != NULL)
+ {
+ p1 += sizeof ("library-version=") - 1;
+ l = sizeof (info->lib_version);
+
+ ret = unescape_string (info->lib_version, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, ";manufacturer=")) != NULL ||
+ (p1 = strstr (url, ":manufacturer=")) != NULL)
+ {
+
+ p1 += sizeof (";manufacturer=") - 1;
+ l = sizeof (info->manufacturer);
+
+ ret = unescape_string (info->manufacturer, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, "token=")) != NULL)
+ {
+ p1 += sizeof ("token=") - 1;
+ l = sizeof (info->token);
+
+ ret = unescape_string (info->token, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, "object=")) != NULL)
+ {
+ p1 += sizeof ("object=") - 1;
+ l = sizeof (info->label);
+
+ ret = unescape_string (info->label, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, "serial=")) != NULL)
+ {
+ p1 += sizeof ("serial=") - 1;
+ l = sizeof (info->serial);
+
+ ret = unescape_string (info->serial, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, "model=")) != NULL)
+ {
+ p1 += sizeof ("model=") - 1;
+ l = sizeof (info->model);
+
+ ret = unescape_string (info->model, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if ((p1 = strstr (url, "objecttype=")) != NULL)
+ {
+ p1 += sizeof ("objecttype=") - 1;
+ l = sizeof (info->model);
+
+ ret = unescape_string (info->type, p1, &l, ';');
+ if (ret < 0)
+ {
+ goto cleanup;
+ }
+ }
+
+ if (((p1 = strstr (url, ";id=")) != NULL)
+ || ((p1 = strstr (url, ":id=")) != NULL))
+ {
+ p1 += sizeof (";id=") - 1;
+
+ if ((p2 = strchr (p1, ';')) == NULL)
+ {
+ l = strlen (p1);
+ }
+ else
+ {
+ l = p2 - p1;
+ }
+
+ if (l > sizeof (info->id) - 1)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PARSING_ERROR;
+ }
+
+ memcpy (info->id, p1, l);
+ info->id[l] = 0;
+
+ /* convert to raw */
+ info->certid_raw_size = sizeof (info->certid_raw);
+ ret =
+ _gnutls_hex2bin (info->id, strlen (info->id),
+ info->certid_raw, &info->certid_raw_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+
+ ret = 0;
+
+cleanup:
+
+ return ret;
+
+}
+
+#define INVALID_CHARS "\\/\"'%&#@!?$* <>{}[]()`|:;,.+-"
+
+static int
+append (gnutls_buffer_st * dest, const char *tname,
+ const char *p11name, int init)
+{
+ gnutls_buffer_st tmpstr;
+ int ret;
+
+ _gnutls_buffer_init (&tmpstr);
+ if ((ret = _gnutls_buffer_append_str (&tmpstr, tname)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_buffer_escape (&tmpstr, INVALID_CHARS);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((ret = _gnutls_buffer_append_data (&tmpstr, "", 1)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((ret =
+ _gnutls_buffer_append_printf (dest, "%s%s=%s",
+ (init != 0) ? ";" : "", p11name,
+ tmpstr.data)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_buffer_clear (&tmpstr);
+
+ return ret;
+
+}
+
+
+int
+pkcs11_info_to_url (const struct pkcs11_url_info *info,
+ gnutls_pkcs11_url_type_t detailed, char **url)
+{
+ gnutls_buffer_st str;
+ int init = 0;
+ int ret;
+
+ _gnutls_buffer_init (&str);
+
+ _gnutls_buffer_append_str (&str, "pkcs11:");
+
+ if (info->token[0])
+ {
+ ret = append (&str, info->token, "token", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->serial[0])
+ {
+ ret = append (&str, info->serial, "serial", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->model[0])
+ {
+ ret = append (&str, info->model, "model", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+
+ if (info->manufacturer[0])
+ {
+ ret = append (&str, info->manufacturer, "manufacturer", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->label[0])
+ {
+ ret = append (&str, info->label, "object", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->type[0])
+ {
+ ret = append (&str, info->type, "objecttype", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (detailed > GNUTLS_PKCS11_URL_GENERIC)
+ {
+ if (info->lib_manufacturer[0])
+ {
+ ret =
+ append (&str, info->lib_manufacturer, "library-manufacturer",
+ init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+
+ if (info->lib_desc[0])
+ {
+ ret = append (&str, info->lib_desc, "library-description", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+ }
+
+ if (detailed > GNUTLS_PKCS11_URL_LIB)
+ {
+ if (info->lib_version[0])
+ {
+ ret = append (&str, info->lib_version, "library-version", init);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ init = 1;
+ }
+ }
+
+ if (info->id[0] != 0)
+ {
+ ret = _gnutls_buffer_append_printf (&str, ";id=%s", info->id);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ _gnutls_buffer_append_data (&str, "", 1);
+
+ *url = str.data;
+
+ return 0;
+
+cleanup:
+ _gnutls_buffer_clear (&str);
+ return ret;
+}
+
+/**
+ * gnutls_pkcs11_obj_init:
+ * @obj: The structure to be initialized
+ *
+ * This function will initialize a pkcs11 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_obj_init (gnutls_pkcs11_obj_t * obj)
+{
+ *obj = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_obj_st));
+ if (*obj == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs11_obj_deinit:
+ * @obj: The structure to be initialized
+ *
+ * This function will deinitialize a certificate structure.
+ **/
+void
+gnutls_pkcs11_obj_deinit (gnutls_pkcs11_obj_t obj)
+{
+ _gnutls_free_datum (&obj->raw);
+ free (obj);
+}
+
+/**
+ * gnutls_pkcs11_obj_export:
+ * @obj: Holds the object
+ * @output_data: will contain a certificate PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the pkcs11 object data. It is normal
+ * for PKCS #11 data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * will be returned.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN CERTIFICATE".
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_pkcs11_obj_export (gnutls_pkcs11_obj_t obj,
+ void *output_data, size_t * output_data_size)
+{
+ if (obj == NULL || obj->raw.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (output_data == NULL || *output_data_size < obj->raw.size)
+ {
+ *output_data_size = obj->raw.size;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *output_data_size = obj->raw.size;
+
+ memcpy (output_data, obj->raw.data, obj->raw.size);
+ return 0;
+}
+
+static void
+terminate_string (unsigned char *str, size_t len)
+{
+ unsigned char *ptr = str + len - 1;
+
+ while ((*ptr == ' ' || *ptr == '\t' || *ptr == '\0') && ptr >= str)
+ ptr--;
+
+ if (ptr == str - 1)
+ str[0] = '\0';
+ else if (ptr == str + len - 1)
+ str[len - 1] = '\0';
+ else
+ ptr[1] = '\0';
+}
+
+int
+pkcs11_find_object (pakchois_session_t ** _pks,
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, unsigned int flags)
+{
+ int ret;
+ pakchois_session_t *pks;
+ ck_object_handle_t obj;
+ ck_object_class_t class;
+ struct ck_attribute a[4];
+ int a_vals = 0;
+ unsigned long count;
+ ck_rv_t rv;
+
+ class = pkcs11_strtype_to_class (info->type);
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = pkcs11_open_session (&pks, info, flags & SESSION_LOGIN);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof class;
+ a_vals++;
+
+ if (info->certid_raw_size > 0)
+ {
+ a[a_vals].type = CKA_ID;
+ a[a_vals].value = info->certid_raw;
+ a[a_vals].value_len = info->certid_raw_size;
+ a_vals++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, a_vals);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err (rv);
+ goto fail;
+ }
+
+ if (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ *_obj = obj;
+ *_pks = pks;
+ pakchois_find_objects_final (pks);
+ return 0;
+
+ }
+
+ pakchois_find_objects_final (pks);
+fail:
+ pakchois_close_session (pks);
+
+ return ret;
+}
+
+static void
+fix_strings (struct token_info *info)
+{
+ terminate_string (info->tinfo.manufacturer_id,
+ sizeof info->tinfo.manufacturer_id);
+ terminate_string (info->tinfo.label, sizeof info->tinfo.label);
+ terminate_string (info->tinfo.model, sizeof info->tinfo.model);
+ terminate_string (info->tinfo.serial_number,
+ sizeof info->tinfo.serial_number);
+ terminate_string (info->sinfo.slot_description,
+ sizeof info->sinfo.slot_description);
+}
+
+int
+pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot,
+ struct pkcs11_url_info *info, struct token_info *_tinfo)
+{
+ int x, z;
+
+ for (x = 0; x < active_providers; x++)
+ {
+ for (z = 0; z < providers[x].nslots; z++)
+ {
+ struct token_info tinfo;
+
+ if (pakchois_get_token_info
+ (providers[x].module, providers[x].slots[z],
+ &tinfo.tinfo) != CKR_OK)
+ {
+ continue;
+ }
+ tinfo.sid = providers[x].slots[z];
+ tinfo.prov = &providers[x];
+
+ if (pakchois_get_slot_info
+ (providers[x].module, providers[x].slots[z],
+ &tinfo.sinfo) != CKR_OK)
+ {
+ continue;
+ }
+
+ /* XXX make wrapper for token_info? */
+ fix_strings (&tinfo);
+
+ if (pkcs11_token_matches_info (info, &tinfo.tinfo,
+ &providers[x].info) < 0)
+ {
+ continue;
+ }
+
+ /* ok found */
+ *module = providers[x].module;
+ *slot = providers[x].slots[z];
+
+ if (_tinfo != NULL)
+ memcpy (_tinfo, &tinfo, sizeof (tinfo));
+
+ return 0;
+ }
+ }
+
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+}
+
+int
+pkcs11_open_session (pakchois_session_t ** _pks,
+ struct pkcs11_url_info *info, unsigned int flags)
+{
+ ck_rv_t rv;
+ int ret;
+ pakchois_session_t *pks = NULL;
+ pakchois_module_t *module;
+ ck_slot_id_t slot;
+ struct token_info tinfo;
+
+ ret = pkcs11_find_slot (&module, &slot, info, &tinfo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ rv = pakchois_open_session (module,
+ slot,
+ ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ return pkcs11_rv_to_err (rv);
+ }
+
+ if (flags & SESSION_LOGIN)
+ {
+ ret = pkcs11_login (pks, &tinfo, (flags & SESSION_SO) ? 1 : 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ pakchois_close_session (pks);
+ return ret;
+ }
+ }
+
+ /* ok found */
+ *_pks = pks;
+ return 0;
+}
+
+
+int
+_pkcs11_traverse_tokens (find_func_t find_func, void *input,
+ unsigned int flags)
+{
+ ck_rv_t rv;
+ int found = 0, x, z, ret;
+ pakchois_session_t *pks = NULL;
+
+ for (x = 0; x < active_providers; x++)
+ {
+ for (z = 0; z < providers[x].nslots; z++)
+ {
+ struct token_info info;
+
+ ret = GNUTLS_E_PKCS11_ERROR;
+
+ if (pakchois_get_token_info
+ (providers[x].module, providers[x].slots[z],
+ &info.tinfo) != CKR_OK)
+ {
+ continue;
+ }
+ info.sid = providers[x].slots[z];
+ info.prov = &providers[x];
+
+ if (pakchois_get_slot_info
+ (providers[x].module, providers[x].slots[z],
+ &info.sinfo) != CKR_OK)
+ {
+ continue;
+ }
+
+ /* XXX make wrapper for token_info? */
+ fix_strings (&info);
+
+ rv = pakchois_open_session (providers[x].module,
+ providers[x].slots[z],
+ ((flags & SESSION_WRITE)
+ ? CKF_RW_SESSION : 0) |
+ CKF_SERIAL_SESSION, NULL, NULL, &pks);
+ if (rv != CKR_OK)
+ {
+ continue;
+ }
+
+ if (flags & SESSION_LOGIN)
+ {
+ ret = pkcs11_login (pks, &info, (flags & SESSION_SO) ? 1 : 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ ret = find_func (pks, &info, &providers[x].info, input);
+
+ if (ret == 0)
+ {
+ found = 1;
+ goto finish;
+ }
+ else
+ {
+ pakchois_close_session (pks);
+ pks = NULL;
+ }
+ }
+ }
+
+finish:
+ /* final call */
+
+ if (found == 0)
+ {
+ ret = find_func (pks, NULL, NULL, input);
+ }
+ else
+ {
+ ret = 0;
+ }
+
+ if (pks != NULL)
+ {
+ pakchois_close_session (pks);
+ }
+
+ return ret;
+}
+
+static const char *
+pkcs11_obj_type_to_str (gnutls_pkcs11_obj_type_t type)
+{
+ switch (type)
+ {
+ case GNUTLS_PKCS11_OBJ_X509_CRT:
+ return "cert";
+ case GNUTLS_PKCS11_OBJ_PUBKEY:
+ return "public";
+ case GNUTLS_PKCS11_OBJ_PRIVKEY:
+ return "private";
+ case GNUTLS_PKCS11_OBJ_SECRET_KEY:
+ return "secretkey";
+ case GNUTLS_PKCS11_OBJ_DATA:
+ return "data";
+ case GNUTLS_PKCS11_OBJ_UNKNOWN:
+ default:
+ return "unknown";
+ }
+}
+
+/* imports a raw certificate from a token to a pkcs11_obj_t structure.
+ */
+static int
+pkcs11_obj_import (unsigned int class, gnutls_pkcs11_obj_t obj,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo, struct ck_info *lib_info)
+{
+ char *s;
+ int ret;
+
+ switch (class)
+ {
+ case CKO_CERTIFICATE:
+ obj->type = GNUTLS_PKCS11_OBJ_X509_CRT;
+ break;
+ case CKO_PUBLIC_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PUBKEY;
+ break;
+ case CKO_PRIVATE_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_PRIVKEY;
+ break;
+ case CKO_SECRET_KEY:
+ obj->type = GNUTLS_PKCS11_OBJ_SECRET_KEY;
+ break;
+ case CKO_DATA:
+ obj->type = GNUTLS_PKCS11_OBJ_DATA;
+ break;
+ default:
+ obj->type = GNUTLS_PKCS11_OBJ_UNKNOWN;
+ }
+
+ if (obj->type != GNUTLS_PKCS11_OBJ_UNKNOWN)
+ strcpy (obj->info.type, pkcs11_obj_type_to_str (obj->type));
+
+ if (data && data->data)
+ {
+ ret = _gnutls_set_datum (&obj->raw, data->data, data->size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+
+ terminate_string (tinfo->manufacturer_id, sizeof tinfo->manufacturer_id);
+ terminate_string (tinfo->label, sizeof tinfo->label);
+ terminate_string (tinfo->model, sizeof tinfo->model);
+ terminate_string (tinfo->serial_number, sizeof tinfo->serial_number);
+
+ /* write data */
+ snprintf (obj->info.manufacturer, sizeof (obj->info.manufacturer),
+ "%s", tinfo->manufacturer_id);
+ snprintf (obj->info.token, sizeof (obj->info.token), "%s", tinfo->label);
+ snprintf (obj->info.model, sizeof (obj->info.model), "%s", tinfo->model);
+ snprintf (obj->info.serial, sizeof (obj->info.serial), "%s",
+ tinfo->serial_number);
+
+ snprintf (obj->info.lib_manufacturer, sizeof (obj->info.lib_manufacturer),
+ "%s", lib_info->manufacturer_id);
+ snprintf (obj->info.lib_desc, sizeof (obj->info.lib_desc), "%s",
+ lib_info->library_description);
+ snprintf (obj->info.lib_version, sizeof (obj->info.lib_version), "%u.%u",
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
+
+
+
+ if (label && label->data)
+ {
+ memcpy (obj->info.label, label->data, label->size);
+ obj->info.label[label->size] = 0;
+ }
+
+ if (id && id->data)
+ {
+ s = _gnutls_bin2hex (id->data, id->size, obj->info.id,
+ sizeof (obj->info.id), ":");
+ if (s == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ memmove (obj->info.certid_raw, id->data, id->size);
+ obj->info.certid_raw_size = id->size;
+ }
+
+ return 0;
+}
+
+static int
+pkcs11_obj_import_pubkey (pakchois_session_t * pks,
+ ck_object_handle_t obj,
+ gnutls_pkcs11_obj_t crt,
+ const gnutls_datum_t * id,
+ const gnutls_datum_t * label,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
+{
+
+ struct ck_attribute a[4];
+ ck_key_type_t key_type;
+ opaque tmp1[2048];
+ opaque tmp2[2048];
+ int ret;
+ unsigned int tval;
+
+ a[0].type = CKA_KEY_TYPE;
+ a[0].value = &key_type;
+ a[0].value_len = sizeof (key_type);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ switch (key_type)
+ {
+ case CKK_RSA:
+ a[0].type = CKA_MODULUS;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_PUBLIC_EXPONENT;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+
+ ret =
+ _gnutls_set_datum (&crt->pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [1], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ crt->pk_algorithm = GNUTLS_PK_RSA;
+ break;
+ case CKK_DSA:
+ a[0].type = CKA_PRIME;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_SUBPRIME;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ ret =
+ _gnutls_set_datum (&crt->pubkey[0],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [1], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[0]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+
+ a[0].type = CKA_BASE;
+ a[0].value = tmp1;
+ a[0].value_len = sizeof (tmp1);
+ a[1].type = CKA_VALUE;
+ a[1].value = tmp2;
+ a[1].value_len = sizeof (tmp2);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ ret =
+ _gnutls_set_datum (&crt->pubkey[2],
+ a[0].value, a[0].value_len);
+
+ if (ret >= 0)
+ ret =
+ _gnutls_set_datum (&crt->pubkey
+ [3], a[1].value, a[1].value_len);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&crt->pubkey[0]);
+ _gnutls_free_datum (&crt->pubkey[1]);
+ _gnutls_free_datum (&crt->pubkey[2]);
+ _gnutls_free_datum (&crt->pubkey[3]);
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PKCS11_ERROR;
+ }
+ crt->pk_algorithm = GNUTLS_PK_RSA;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+ }
+
+ /* read key usage flags */
+ a[0].type = CKA_ENCRYPT;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_DATA_ENCIPHERMENT;
+ }
+ }
+
+ a[0].type = CKA_VERIFY;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_VERIFY_RECOVER;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_DIGITAL_SIGNATURE |
+ GNUTLS_KEY_KEY_CERT_SIGN | GNUTLS_KEY_CRL_SIGN
+ | GNUTLS_KEY_NON_REPUDIATION;
+ }
+ }
+
+ a[0].type = CKA_DERIVE;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_KEY_AGREEMENT;
+ }
+ }
+
+ a[0].type = CKA_WRAP;
+ a[0].value = &tval;
+ a[0].value_len = sizeof (tval);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ if (tval != 0)
+ {
+ crt->key_usage |= GNUTLS_KEY_KEY_ENCIPHERMENT;
+ }
+ }
+
+ return pkcs11_obj_import (CKO_PUBLIC_KEY, crt, NULL, id, label,
+ tinfo, lib_info);
+}
+
+ck_object_class_t
+pkcs11_strtype_to_class (const char *type)
+{
+ ck_object_class_t class;
+
+ if (strcmp (type, "cert") == 0)
+ {
+ class = CKO_CERTIFICATE;
+ }
+ else if (strcmp (type, "public") == 0)
+ {
+ class = CKO_PUBLIC_KEY;
+ }
+ else if (strcmp (type, "private") == 0)
+ {
+ class = CKO_PRIVATE_KEY;
+ }
+ else if (strcmp (type, "secretkey") == 0)
+ {
+ class = CKO_SECRET_KEY;
+ }
+ else if (strcmp (type, "data") == 0)
+ {
+ class = CKO_DATA;
+ }
+ else
+ {
+ class = -1;
+ }
+
+ return class;
+}
+
+
+static int
+find_obj_url (pakchois_session_t * pks, struct token_info *info,
+ struct ck_info *lib_info, void *input)
+{
+ struct url_find_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class = -1;
+ ck_certificate_type_t type = -1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+ opaque *cert_data = NULL;
+ char label_tmp[PKCS11_LABEL_SIZE];
+
+ if (info == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info
+ (&find_data->crt->info, &info->tinfo, lib_info) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (find_data->crt->info.type[0] != 0)
+ {
+ class = pkcs11_strtype_to_class (find_data->crt->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ /* search the token for the id */
+
+ cert_data = gnutls_malloc (MAX_CERT_SIZE);
+ if (cert_data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with given class and type */
+
+ a[0].type = CKA_ID;
+ a[0].value = find_data->crt->info.certid_raw;
+ a[0].value_len = find_data->crt->info.certid_raw_size;
+
+ a_vals = 1;
+
+ if (class != -1)
+ {
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof class;
+ a_vals++;
+ }
+
+ if (type != -1)
+ {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, a_vals);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ a[1].type = CKA_LABEL;
+ a[1].value = label_tmp;
+ a[1].value_len = sizeof (label_tmp);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 2) == CKR_OK)
+ {
+ gnutls_datum_t id = { find_data->crt->info.certid_raw,
+ find_data->crt->info.certid_raw_size
+ };
+ gnutls_datum_t data = { a[0].value, a[0].value_len };
+ gnutls_datum_t label = { a[1].value, a[1].value_len };
+
+ if (class == CKO_PUBLIC_KEY)
+ {
+ ret =
+ pkcs11_obj_import_pubkey (pks, obj,
+ find_data->crt,
+ &id, &label,
+ &info->tinfo, lib_info);
+ }
+ else
+ {
+ ret =
+ pkcs11_obj_import (class,
+ find_data->crt,
+ &data, &id, &label,
+ &info->tinfo, lib_info);
+ }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ found = 1;
+ break;
+ }
+ else
+ {
+ _gnutls_debug_log ("pk11: Skipped cert, missing attrs.\n");
+ }
+ }
+
+ if (found == 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ else
+ {
+ ret = 0;
+ }
+
+cleanup:
+ gnutls_free (cert_data);
+ pakchois_find_objects_final (pks);
+
+ return ret;
+}
+
+unsigned int
+pkcs11_obj_flags_to_int (unsigned int flags)
+{
+ unsigned int ret_flags = 0;
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_LOGIN)
+ ret_flags |= SESSION_LOGIN;
+
+ return ret_flags;
+}
+
+/**
+ * gnutls_pkcs11_privkey_import_url:
+ * @cert: The structure to store the parsed certificate
+ * @url: a PKCS 11 url identifying the key
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will "import" a PKCS 11 URL identifying a certificate
+ * key to the #gnutls_pkcs11_obj_t structure. This does not involve any
+ * parsing (such as X.509 or OpenPGP) since the #gnutls_pkcs11_obj_t is
+ * format agnostic. Only data are transferred.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_obj_import_url (gnutls_pkcs11_obj_t cert, const char *url,
+ unsigned int flags)
+{
+ int ret;
+ struct url_find_data_st find_data;
+
+ /* fill in the find data structure */
+ find_data.crt = cert;
+
+ ret = pkcs11_url_to_info (url, &cert->info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens (find_obj_url, &find_data,
+ pkcs11_obj_flags_to_int (flags));
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+struct token_num
+{
+ struct pkcs11_url_info info;
+ unsigned int seq; /* which one we are looking for */
+ unsigned int current; /* which one are we now */
+};
+
+static int
+find_token_num (pakchois_session_t * pks,
+ struct token_info *tinfo,
+ struct ck_info *lib_info, void *input)
+{
+ struct token_num *find_data = input;
+
+ if (tinfo == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (find_data->current == find_data->seq)
+ {
+ strcpy (find_data->info.manufacturer, tinfo->tinfo.manufacturer_id);
+ strcpy (find_data->info.token, tinfo->tinfo.label);
+ strcpy (find_data->info.model, tinfo->tinfo.model);
+ strcpy (find_data->info.serial, tinfo->tinfo.serial_number);
+
+ strcpy (find_data->info.lib_manufacturer, lib_info->manufacturer_id);
+ strcpy (find_data->info.lib_desc, lib_info->library_description);
+ snprintf (find_data->info.lib_version,
+ sizeof (find_data->info.lib_version), "%u.%u",
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
+
+ return 0;
+ }
+
+ find_data->current++;
+ /* search the token for the id */
+
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* non zero is enough */
+}
+
+/**
+ * gnutls_pkcs11_token_get_url:
+ * @seq: sequence number starting from 0
+ * @detailed: non zero if a detailed URL is required
+ * @url: will contain an allocated url
+ *
+ * This function will return the URL for each token available
+ * in system. The url has to be released using gnutls_free()
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * if the sequence number exceeds the available tokens, otherwise a negative error value.
+ **/
+
+int
+gnutls_pkcs11_token_get_url (unsigned int seq,
+ gnutls_pkcs11_url_type_t detailed, char **url)
+{
+ int ret;
+ struct token_num tn;
+
+ memset (&tn, 0, sizeof (tn));
+ tn.seq = seq;
+
+ ret = _pkcs11_traverse_tokens (find_token_num, &tn, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = pkcs11_info_to_url (&tn.info, detailed, url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_pkcs11_token_get_info:
+ * @url: should contain a PKCS 11 URL
+ * @ttype: Denotes the type of information requested
+ * @output: where output will be stored
+ * @output_size: contains the maximum size of the output and will be overwritten with actual
+ *
+ * This function will return information about the PKCS 11 token such
+ * as the label, id as well as token information where the key is stored.
+ *
+ * Returns: zero on success or a negative value on error.
+ **/
+int
+gnutls_pkcs11_token_get_info (const char *url,
+ gnutls_pkcs11_token_info_t ttype,
+ void *output, size_t * output_size)
+{
+ const char *str;
+ size_t len;
+ struct pkcs11_url_info info;
+ int ret;
+
+ ret = pkcs11_url_to_info (url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ switch (ttype)
+ {
+ case GNUTLS_PKCS11_TOKEN_LABEL:
+ str = info.token;
+ break;
+ case GNUTLS_PKCS11_TOKEN_SERIAL:
+ str = info.serial;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MANUFACTURER:
+ str = info.manufacturer;
+ break;
+ case GNUTLS_PKCS11_TOKEN_MODEL:
+ str = info.model;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = strlen (str);
+
+ if (len + 1 > *output_size)
+ {
+ *output_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ strcpy (output, str);
+
+ *output_size = len;
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs11_obj_export_url:
+ * @obj: Holds the PKCS 11 certificate
+ * @detailed: non zero if a detailed URL is required
+ * @url: will contain an allocated url
+ *
+ * This function will export a URL identifying the given certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_obj_export_url (gnutls_pkcs11_obj_t obj,
+ gnutls_pkcs11_url_type_t detailed, char **url)
+{
+ int ret;
+
+ ret = pkcs11_info_to_url (&obj->info, detailed, url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs11_obj_get_type:
+ * @certificate: Holds the PKCS 11 certificate
+ *
+ * This function will return the type of the certificate being
+ * stored in the structure.
+ *
+ * Returns: The type of the certificate.
+ **/
+gnutls_pkcs11_obj_type_t
+gnutls_pkcs11_obj_get_type (gnutls_pkcs11_obj_t obj)
+{
+ return obj->type;
+}
+
+struct pkey_list
+{
+ gnutls_buffer_st *key_ids;
+ size_t key_ids_size;
+};
+
+int
+pkcs11_login (pakchois_session_t * pks, const struct token_info *info, int so)
+{
+ int attempt = 0, ret;
+ ck_rv_t rv;
+ char *token_url;
+ int pin_len;
+ struct pkcs11_url_info uinfo;
+
+
+ if (so == 0 && (info->tinfo.flags & CKF_LOGIN_REQUIRED) == 0)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: No login required.\n");
+ return 0;
+ }
+
+ memset (&uinfo, 0, sizeof (uinfo));
+ strcpy (uinfo.manufacturer, info->tinfo.manufacturer_id);
+ strcpy (uinfo.token, info->tinfo.label);
+ strcpy (uinfo.model, info->tinfo.model);
+ strcpy (uinfo.serial, info->tinfo.serial_number);
+ ret = pkcs11_info_to_url (&uinfo, 1, &token_url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* For a token with a "protected" (out-of-band) authentication
+ * path, calling login with a NULL username is all that is
+ * required. */
+ if (info->tinfo.flags & CKF_PROTECTED_AUTHENTICATION_PATH)
+ {
+ if (pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO, NULL, 0) ==
+ CKR_OK)
+ {
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: Protected login failed.\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ /* Otherwise, PIN entry is necessary for login, so fail if there's
+ * no callback. */
+ if (!pin_func)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: No pin callback but login required.\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+
+ do
+ {
+ struct ck_token_info tinfo;
+ char pin[GNUTLS_PKCS11_MAX_PIN_LEN];
+ unsigned int flags;
+
+ /* If login has been attempted once already, check the token
+ * status again, the flags might change. */
+ if (attempt)
+ {
+ if (pakchois_get_token_info
+ (info->prov->module, info->sid, &tinfo) != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: GetTokenInfo failed\n");
+ ret = GNUTLS_E_PKCS11_ERROR;
+ goto cleanup;
+ }
+ }
+
+ flags = 0;
+ if (so == 0)
+ {
+ flags |= GNUTLS_PKCS11_PIN_USER;
+ if (tinfo.flags & CKF_USER_PIN_COUNT_LOW)
+ flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
+ if (tinfo.flags & CKF_USER_PIN_FINAL_TRY)
+ flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
+ }
+ else
+ {
+ flags |= GNUTLS_PKCS11_PIN_SO;
+ if (tinfo.flags & CKF_SO_PIN_COUNT_LOW)
+ flags |= GNUTLS_PKCS11_PIN_COUNT_LOW;
+ if (tinfo.flags & CKF_SO_PIN_FINAL_TRY)
+ flags |= GNUTLS_PKCS11_PIN_FINAL_TRY;
+ }
+
+ ret = pin_func (pin_data, attempt++,
+ (char *) token_url,
+ (char *) info->tinfo.label, flags, pin, sizeof (pin));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_PKCS11_PIN_ERROR;
+ goto cleanup;
+ }
+ pin_len = strlen (pin);
+
+ rv = pakchois_login (pks, (so == 0) ? CKU_USER : CKU_SO,
+ (unsigned char *) pin, pin_len);
+
+ /* Try to scrub the pin off the stack. Clever compilers will
+ * probably optimize this away, oh well. */
+ memset (pin, 0, sizeof pin);
+ }
+ while (rv == CKR_PIN_INCORRECT);
+
+ _gnutls_debug_log ("pk11: Login result = %lu\n", rv);
+
+
+ ret = (rv == CKR_OK
+ || rv == CKR_USER_ALREADY_LOGGED_IN) ? 0 : pkcs11_rv_to_err (rv);
+
+cleanup:
+ gnutls_free (token_url);
+ return ret;
+}
+
+static int
+find_privkeys (pakchois_session_t * pks, struct token_info *info,
+ struct pkey_list *list)
+{
+ struct ck_attribute a[3];
+ ck_object_class_t class;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, current;
+ char certid_tmp[PKCS11_ID_SIZE];
+
+ class = CKO_PRIVATE_KEY;
+
+ /* Find an object with private key class and a certificate ID
+ * which matches the certificate. */
+ /* FIXME: also match the cert subject. */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pakchois_find_objects_init (pks, a, 1);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ return pkcs11_rv_to_err (rv);
+ }
+
+ list->key_ids_size = 0;
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ list->key_ids_size++;
+ }
+
+ pakchois_find_objects_final (pks);
+
+ if (list->key_ids_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ list->key_ids =
+ gnutls_malloc (sizeof (gnutls_buffer_st) * list->key_ids_size);
+ if (list->key_ids == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* actual search */
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ rv = pakchois_find_objects_init (pks, a, 1);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ return pkcs11_rv_to_err (rv);
+ }
+
+ current = 0;
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof (certid_tmp);
+
+ _gnutls_buffer_init (&list->key_ids[current]);
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ _gnutls_buffer_append_data (&list->key_ids[current],
+ a[0].value, a[0].value_len);
+ current++;
+ }
+
+ if (current > list->key_ids_size)
+ break;
+ }
+
+ pakchois_find_objects_final (pks);
+
+ list->key_ids_size = current - 1;
+
+ return 0;
+}
+
+/* Recover certificate list from tokens */
+
+
+static int
+find_objs (pakchois_session_t * pks, struct token_info *info,
+ struct ck_info *lib_info, void *input)
+{
+ struct crt_find_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class = -1;
+ ck_certificate_type_t type = -1;
+ unsigned int trusted;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count;
+ opaque *cert_data;
+ char certid_tmp[PKCS11_ID_SIZE];
+ char label_tmp[PKCS11_LABEL_SIZE];
+ int ret, i;
+ struct pkey_list plist; /* private key holder */
+ int tot_values = 0;
+
+ if (info == NULL)
+ { /* final call */
+ if (find_data->current <= *find_data->n_list)
+ ret = 0;
+ else
+ ret = GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ *find_data->n_list = find_data->current;
+
+ return ret;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) <
+ 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (find_data->info.type[0] != 0)
+ {
+ class = pkcs11_strtype_to_class (find_data->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+ else
+ type = -1;
+
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+
+ memset (&plist, 0, sizeof (plist));
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ ret = find_privkeys (pks, info, &plist);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (plist.key_ids_size == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ }
+
+ cert_data = gnutls_malloc (MAX_CERT_SIZE);
+ if (cert_data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* Find objects with cert class and X.509 cert type. */
+
+ tot_values = 0;
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_ALL
+ || find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_TRUSTED)
+ {
+ class = CKO_CERTIFICATE;
+ type = CKC_X_509;
+ trusted = 1;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+
+ a[tot_values].type = CKA_TRUSTED;
+ a[tot_values].value = &trusted;
+ a[tot_values].value_len = sizeof trusted;
+ tot_values++;
+
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PUBKEY)
+ {
+ class = CKO_PUBLIC_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_PRIVKEY)
+ {
+ class = CKO_PRIVATE_KEY;
+
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ else if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
+ {
+ if (class != -1)
+ {
+ a[tot_values].type = CKA_CLASS;
+ a[tot_values].value = &class;
+ a[tot_values].value_len = sizeof class;
+ tot_values++;
+ }
+ if (type != -1)
+ {
+ a[tot_values].type = CKA_CERTIFICATE_TYPE;
+ a[tot_values].value = &type;
+ a[tot_values].value_len = sizeof type;
+ tot_values++;
+ }
+ }
+ else
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto fail;
+ }
+
+ if (find_data->info.certid_raw_size != 0)
+ {
+ a[tot_values].type = CKA_ID;
+ a[tot_values].value = find_data->info.certid_raw;
+ a[tot_values].value_len = find_data->info.certid_raw_size;
+ tot_values++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, tot_values);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ return pkcs11_rv_to_err (rv);
+ }
+
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ gnutls_datum_t label, id, value;
+
+ a[0].type = CKA_LABEL;
+ a[0].value = label_tmp;
+ a[0].value_len = sizeof label_tmp;
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ label.data = a[0].value;
+ label.size = a[0].value_len;
+ }
+ else
+ {
+ label.data = NULL;
+ label.size = 0;
+ }
+
+ a[0].type = CKA_ID;
+ a[0].value = certid_tmp;
+ a[0].value_len = sizeof certid_tmp;
+
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ id.data = a[0].value;
+ id.size = a[0].value_len;
+ }
+ else
+ {
+ id.data = NULL;
+ id.size = 0;
+ }
+
+ a[0].type = CKA_VALUE;
+ a[0].value = cert_data;
+ a[0].value_len = MAX_CERT_SIZE;
+ if (pakchois_get_attribute_value (pks, obj, a, 1) == CKR_OK)
+ {
+ value.data = a[0].value;
+ value.size = a[0].value_len;
+ }
+ else
+ {
+ value.data = NULL;
+ value.size = 0;
+ }
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_ALL)
+ {
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof class;
+
+ pakchois_get_attribute_value (pks, obj, a, 1);
+ }
+
+ if (find_data->flags == GNUTLS_PKCS11_OBJ_ATTR_CRT_WITH_PRIVKEY)
+ {
+ for (i = 0; i < plist.key_ids_size; i++)
+ {
+ if (plist.key_ids[i].length !=
+ a[1].value_len
+ || memcmp (plist.key_ids[i].data,
+ a[1].value, a[1].value_len) != 0)
+ {
+ /* not found */
+ continue;
+ }
+ }
+ }
+
+ if (find_data->current < *find_data->n_list)
+ {
+ ret =
+ gnutls_pkcs11_obj_init (&find_data->p_list[find_data->current]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ if (class == CKO_PUBLIC_KEY)
+ {
+ ret =
+ pkcs11_obj_import_pubkey (pks, obj,
+ find_data->p_list
+ [find_data->current],
+ &id, &label,
+ &info->tinfo, lib_info);
+ }
+ else
+ {
+ ret =
+ pkcs11_obj_import (class,
+ find_data->p_list
+ [find_data->current],
+ &value, &id, &label,
+ &info->tinfo, lib_info);
+ }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+ }
+
+ find_data->current++;
+
+ }
+
+ gnutls_free (cert_data);
+ pakchois_find_objects_final (pks);
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; /* continue until all tokens have been checked */
+
+fail:
+ gnutls_free (cert_data);
+ pakchois_find_objects_final (pks);
+ if (plist.key_ids != NULL)
+ {
+ for (i = 0; i < plist.key_ids_size; i++)
+ {
+ _gnutls_buffer_clear (&plist.key_ids[i]);
+ }
+ gnutls_free (plist.key_ids);
+ }
+ for (i = 0; i < find_data->current; i++)
+ {
+ gnutls_pkcs11_obj_deinit (find_data->p_list[i]);
+ }
+ find_data->current = 0;
+
+ return ret;
+}
+
+/**
+ * gnutls_pkcs11_obj_list_import_url:
+ * @p_list: An uninitialized object list (may be NULL)
+ * @n_list: initially should hold the maximum size of the list. Will contain the actual size.
+ * @url: A PKCS 11 url identifying a set of objects
+ * @attrs: Attributes of type #gnutls_pkcs11_obj_attr_t that can be used to limit output
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will initialize and set values to an object list
+ * by using all objects identified by a PKCS 11 URL.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_obj_list_import_url (gnutls_pkcs11_obj_t * p_list,
+ unsigned int *n_list,
+ const char *url,
+ gnutls_pkcs11_obj_attr_t attrs,
+ unsigned int flags)
+{
+ int ret;
+ struct crt_find_data_st find_data;
+
+ /* fill in the find data structure */
+ find_data.p_list = p_list;
+ find_data.n_list = n_list;
+ find_data.flags = attrs;
+ find_data.current = 0;
+
+ if (url == NULL || url[0] == 0)
+ {
+ url = "pkcs11:";
+ }
+
+ ret = pkcs11_url_to_info (url, &find_data.info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens (find_objs, &find_data,
+ pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_import_pkcs11_url:
+ * @crt: A certificate of type #gnutls_x509_crt_t
+ * @url: A PKCS 11 url
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will import a PKCS 11 certificate directly from a token
+ * without involving the #gnutls_pkcs11_obj_t structure. This function will
+ * fail if the certificate stored is not of X.509 type.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_import_pkcs11_url (gnutls_x509_crt_t crt,
+ const char *url, unsigned int flags)
+{
+ gnutls_pkcs11_obj_t pcrt;
+ int ret;
+
+ ret = gnutls_pkcs11_obj_init (&pcrt);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs11_obj_import_url (pcrt, url, flags);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import (crt, &pcrt->raw, GNUTLS_X509_FMT_DER);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+cleanup:
+
+ gnutls_pkcs11_obj_deinit (pcrt);
+
+ return ret;
+}
+
+
+/**
+ * gnutls_x509_crt_import_pkcs11:
+ * @crt: A certificate of type #gnutls_x509_crt_t
+ * @pkcs11_crt: A PKCS 11 object that contains a certificate
+ *
+ * This function will import a PKCS 11 certificate to a #gnutls_x509_crt_t
+ * structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_import_pkcs11 (gnutls_x509_crt_t crt,
+ gnutls_pkcs11_obj_t pkcs11_crt)
+{
+ return gnutls_x509_crt_import (crt, &pkcs11_crt->raw, GNUTLS_X509_FMT_DER);
+}
+
+/**
+ * gnutls_x509_crt_list_import_pkcs11:
+ * @certs: A list of certificates of type #gnutls_x509_crt_t
+ * @cert_max: The maximum size of the list
+ * @objs: A list of PKCS 11 objects
+ * @flags: 0 for now
+ *
+ * This function will import a PKCS 11 certificate list to a list of
+ * #gnutls_x509_crt_t structure. These must not be initialized.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_list_import_pkcs11 (gnutls_x509_crt_t * certs,
+ unsigned int cert_max,
+ gnutls_pkcs11_obj_t * const objs,
+ unsigned int flags)
+{
+ int i, j;
+ int ret;
+
+ for (i = 0; i < cert_max; i++)
+ {
+ ret = gnutls_x509_crt_init (&certs[i]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_import_pkcs11 (certs[i], objs[i]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+
+ return 0;
+
+cleanup:
+ for (j = 0; j < i; j++)
+ {
+ gnutls_x509_crt_deinit (certs[j]);
+ }
+
+ return ret;
+}
+
+static int
+find_flags (pakchois_session_t * pks, struct token_info *info,
+ struct ck_info *lib_info, void *input)
+{
+ struct flags_find_data_st *find_data = input;
+
+ if (info == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) <
+ 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* found token! */
+
+ find_data->slot_flags = info->sinfo.flags;
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs11_token_get_flags:
+ * @url: should contain a PKCS 11 URL
+ * @flags: The output flags (GNUTLS_PKCS11_TOKEN_*)
+ *
+ * This function will return information about the PKCS 11 token flags.
+ *
+ * Returns: zero on success or a negative value on error.
+ **/
+int
+gnutls_pkcs11_token_get_flags (const char *url, unsigned int *flags)
+{
+ struct flags_find_data_st find_data;
+ int ret;
+
+ ret = pkcs11_url_to_info (url, &find_data.info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _pkcs11_traverse_tokens (find_flags, &find_data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ *flags = 0;
+ if (find_data.slot_flags & CKF_HW_SLOT)
+ *flags |= GNUTLS_PKCS11_TOKEN_HW;
+
+ return 0;
+
+}
+
+
+/**
+ * gnutls_pkcs11_token_get_mechanism:
+ * @url: should contain a PKCS 11 URL
+ * @idx: The index of the mechanism
+ * @mechanism: The PKCS #11 mechanism ID
+ *
+ * This function will return the names of the supported mechanisms
+ * by the token. It should be called with an increasing index until
+ * it return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.
+ *
+ * Returns: zero on success or a negative value on error.
+ **/
+int
+gnutls_pkcs11_token_get_mechanism (const char *url, int idx,
+ unsigned long *mechanism)
+{
+ int ret;
+ ck_rv_t rv;
+ pakchois_module_t *module;
+ ck_slot_id_t slot;
+ struct token_info tinfo;
+ struct pkcs11_url_info info;
+ unsigned long count;
+ ck_mechanism_type_t mlist[400];
+
+ ret = pkcs11_url_to_info (url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ ret = pkcs11_find_slot (&module, &slot, &info, &tinfo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ count = sizeof (mlist) / sizeof (mlist[0]);
+ rv = pakchois_get_mechanism_list (module, slot, mlist, &count);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ return pkcs11_rv_to_err (rv);
+ }
+
+ if (idx >= count)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ *mechanism = mlist[idx];
+
+ return 0;
+
+}
+
+
+const char *
+gnutls_pkcs11_type_get_name (gnutls_pkcs11_obj_type_t type)
+{
+ switch (type)
+ {
+ case GNUTLS_PKCS11_OBJ_X509_CRT:
+ return "X.509 Certificate";
+ case GNUTLS_PKCS11_OBJ_PUBKEY:
+ return "Public key";
+ case GNUTLS_PKCS11_OBJ_PRIVKEY:
+ return "Private key";
+ case GNUTLS_PKCS11_OBJ_SECRET_KEY:
+ return "Secret key";
+ case GNUTLS_PKCS11_OBJ_DATA:
+ return "Data";
+ case GNUTLS_PKCS11_OBJ_UNKNOWN:
+ default:
+ return "Unknown";
+ }
+}
+
+int
+pkcs11_token_matches_info (struct pkcs11_url_info *info,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info)
+{
+ if (info->manufacturer[0] != 0)
+ {
+ if (strcmp (info->manufacturer, tinfo->manufacturer_id) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->token[0] != 0)
+ {
+ if (strcmp (info->token, tinfo->label) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->model[0] != 0)
+ {
+ if (strcmp (info->model, tinfo->model) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->serial[0] != 0)
+ {
+ if (strcmp (info->serial, tinfo->serial_number) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->lib_manufacturer[0] != 0)
+ {
+ if (strcmp (info->lib_manufacturer, lib_info->manufacturer_id) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->lib_desc[0] != 0)
+ {
+ if (strcmp (info->lib_desc, lib_info->library_description) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (info->lib_version[0] != 0)
+ {
+ char version[16];
+
+ snprintf (version, sizeof (version), "%u.%u",
+ (unsigned int) lib_info->library_version.major,
+ (unsigned int) lib_info->library_version.minor);
+ if (strcmp (info->lib_version, version) != 0)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ return 0;
+}
--- /dev/null
+#ifndef PKCS11_INT_H
+#define PKCS11_INT_H
+
+#include <pakchois/pakchois.h>
+#include <gnutls/pkcs11.h>
+
+#define PKCS11_ID_SIZE 128
+#define PKCS11_LABEL_SIZE 128
+
+struct token_info
+{
+ struct ck_token_info tinfo;
+ struct ck_slot_info sinfo;
+ ck_slot_id_t sid;
+ struct gnutls_pkcs11_provider_s *prov;
+};
+
+struct pkcs11_url_info
+{
+ /* everything here is null terminated strings */
+ opaque id[PKCS11_ID_SIZE * 3 + 1]; /* hex with delimiters */
+ opaque type[16]; /* cert/key etc. */
+
+ opaque lib_manufacturer[sizeof
+ (((struct ck_info *) NULL)->manufacturer_id) + 1];
+ opaque lib_desc[sizeof
+ (((struct ck_info *) NULL)->library_description) + 1];
+ opaque lib_version[12];
+
+ opaque manufacturer[sizeof
+ (((struct ck_token_info *) NULL)->manufacturer_id) + 1];
+ opaque token[sizeof (((struct ck_token_info *) NULL)->label) + 1];
+ opaque serial[sizeof (((struct ck_token_info *) NULL)->serial_number) + 1];
+ opaque model[sizeof (((struct ck_token_info *) NULL)->model) + 1];
+ opaque label[PKCS11_LABEL_SIZE + 1];
+
+ opaque certid_raw[PKCS11_ID_SIZE]; /* same as ID but raw */
+ size_t certid_raw_size;
+};
+
+struct gnutls_pkcs11_obj_st
+{
+ gnutls_datum_t raw;
+ gnutls_pkcs11_obj_type_t type;
+ struct pkcs11_url_info info;
+
+ /* only when pubkey */
+ gnutls_datum_t pubkey[MAX_PUBLIC_PARAMS_SIZE];
+ gnutls_pk_algorithm pk_algorithm;
+ unsigned int key_usage;
+};
+
+/* thus function is called for every token in the traverse_tokens
+ * function. Once everything is traversed it is called with NULL tinfo.
+ * It should return 0 if found what it was looking for.
+ */
+typedef int (*find_func_t) (pakchois_session_t * pks,
+ struct token_info * tinfo, struct ck_info *,
+ void *input);
+
+int pkcs11_rv_to_err (ck_rv_t rv);
+int pkcs11_url_to_info (const char *url, struct pkcs11_url_info *info);
+int
+pkcs11_find_slot (pakchois_module_t ** module, ck_slot_id_t * slot,
+ struct pkcs11_url_info *info, struct token_info *_tinfo);
+
+int pkcs11_get_info (struct pkcs11_url_info *info,
+ gnutls_pkcs11_obj_info_t itype, void *output,
+ size_t * output_size);
+int pkcs11_login (pakchois_session_t * pks,
+ const struct token_info *info, int admin);
+
+extern gnutls_pkcs11_token_callback_t token_func;
+extern void *token_data;
+
+void pkcs11_rescan_slots (void);
+int pkcs11_info_to_url (const struct pkcs11_url_info *info,
+ gnutls_pkcs11_url_type_t detailed, char **url);
+
+#define SESSION_WRITE (1<<0)
+#define SESSION_LOGIN (1<<1)
+#define SESSION_SO (1<<2) /* security officer session */
+int pkcs11_open_session (pakchois_session_t ** _pks,
+ struct pkcs11_url_info *info, unsigned int flags);
+int _pkcs11_traverse_tokens (find_func_t find_func, void *input,
+ unsigned int flags);
+ck_object_class_t pkcs11_strtype_to_class (const char *type);
+
+int pkcs11_token_matches_info (struct pkcs11_url_info *info,
+ struct ck_token_info *tinfo,
+ struct ck_info *lib_info);
+
+/* flags are SESSION_* */
+int pkcs11_find_object (pakchois_session_t ** _pks,
+ ck_object_handle_t * _obj,
+ struct pkcs11_url_info *info, unsigned int flags);
+
+unsigned int pkcs11_obj_flags_to_int (unsigned int flags);
+
+int
+_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature);
+
+int
+_gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext);
+
+#endif
--- /dev/null
+/*
+ * GnuTLS PKCS#11 support
+ * Copyright (C) 2010 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA
+*/
+
+#include <gnutls_int.h>
+#include <pakchois/pakchois.h>
+#include <gnutls/pkcs11.h>
+#include <stdio.h>
+#include <stdbool.h>
+#include <string.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <pkcs11_int.h>
+#include <gnutls_sig.h>
+
+struct gnutls_pkcs11_privkey_st
+{
+ gnutls_pk_algorithm_t pk_algorithm;
+ unsigned int flags;
+ struct pkcs11_url_info info;
+};
+
+/**
+ * gnutls_pkcs11_privkey_init:
+ * @key: The structure to be initialized
+ *
+ * This function will initialize an private key structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_privkey_init (gnutls_pkcs11_privkey_t * key)
+{
+ *key = gnutls_calloc (1, sizeof (struct gnutls_pkcs11_privkey_st));
+ if (*key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs11_privkey_deinit:
+ * @key: The structure to be initialized
+ *
+ * This function will deinitialize a private key structure.
+ **/
+void
+gnutls_pkcs11_privkey_deinit (gnutls_pkcs11_privkey_t key)
+{
+ gnutls_free (key);
+}
+
+/**
+ * gnutls_pkcs11_privkey_get_pk_algorithm:
+ * @key: should contain a #gnutls_pkcs11_privkey_t structure
+ *
+ * This function will return the public key algorithm of a private
+ * key.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ **/
+int
+gnutls_pkcs11_privkey_get_pk_algorithm (gnutls_pkcs11_privkey_t key,
+ unsigned int *bits)
+{
+ if (bits)
+ *bits = 0; /* FIXME */
+ return key->pk_algorithm;
+}
+
+/**
+ * gnutls_pkcs11_privkey_get_info:
+ * @pkey: should contain a #gnutls_pkcs11_privkey_t structure
+ * @itype: Denotes the type of information requested
+ * @output: where output will be stored
+ * @output_size: contains the maximum size of the output and will be overwritten with actual
+ *
+ * This function will return information about the PKCS 11 private key such
+ * as the label, id as well as token information where the key is stored. When
+ * output is text it returns null terminated string although #output_size contains
+ * the size of the actual data only.
+ *
+ * Returns: zero on success or a negative value on error.
+ **/
+int
+gnutls_pkcs11_privkey_get_info (gnutls_pkcs11_privkey_t pkey,
+ gnutls_pkcs11_obj_info_t itype,
+ void *output, size_t * output_size)
+{
+ return pkcs11_get_info (&pkey->info, itype, output, output_size);
+}
+
+
+#define FIND_OBJECT(pks, obj, key) \
+ do { \
+ int retries = 0; \
+ int rret; \
+ ret = pkcs11_find_object (&pks, &obj, &key->info, \
+ SESSION_LOGIN); \
+ if (ret < 0) { \
+ rret = token_func(token_data, key->info.token, retries++); \
+ if (rret == 0) continue; \
+ gnutls_assert(); \
+ return ret; \
+ } \
+ } while (ret < 0);
+
+/*-
+ * _gnutls_pkcs11_privkey_sign_hash:
+ * @key: Holds the key
+ * @hash: holds the data to be signed (should be output of a hash)
+ * @signature: will contain the signature allocated with gnutls_malloc()
+ *
+ * This function will sign the given data using a signature algorithm
+ * supported by the private key. It is assumed that the given data
+ * are the output of a hash function.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_pkcs11_privkey_sign_hash (gnutls_pkcs11_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+{
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ unsigned long siglen;
+ pakchois_session_t *pks;
+ ck_object_handle_t obj;
+
+ FIND_OBJECT (pks, obj, key);
+
+ mech.mechanism =
+ key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pakchois_sign_init (pks, &mech, obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the signature must be: */
+ rv = pakchois_sign (pks, hash->data, hash->size, NULL, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ signature->data = gnutls_malloc (siglen);
+ signature->size = siglen;
+
+ rv = pakchois_sign (pks, hash->data, hash->size, signature->data, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_free (signature->data);
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ signature->size = siglen;
+
+ ret = 0;
+
+cleanup:
+ pakchois_close_session (pks);
+
+ return ret;
+}
+
+/**
+ * gnutls_pkcs11_privkey_import_url:
+ * @pkey: The structure to store the parsed key
+ * @url: a PKCS 11 url identifying the key
+ * @flags: sequence of GNUTLS_PKCS_PRIVKEY_*
+ *
+ * This function will "import" a PKCS 11 URL identifying a private
+ * key to the #gnutls_pkcs11_privkey_t structure. In reality since
+ * in most cases keys cannot be exported, the private key structure
+ * is being associated with the available operations on the token.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_privkey_import_url (gnutls_pkcs11_privkey_t pkey,
+ const char *url, unsigned int flags)
+{
+ int ret;
+
+ ret = pkcs11_url_to_info (url, &pkey->info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ pkey->flags = flags;
+
+ if (pkey->info.type[0] != 0 && strcmp (pkey->info.type, "private") != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (pkey->info.id[0] == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ return 0;
+}
+
+/*-
+ * _gnutls_pkcs11_privkey_decrypt_data:
+ * @key: Holds the key
+ * @flags: should be 0 for now
+ * @ciphertext: holds the data to be signed
+ * @plaintext: will contain the plaintext, allocated with gnutls_malloc()
+ *
+ * This function will decrypt the given data using the public key algorithm
+ * supported by the private key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_pkcs11_privkey_decrypt_data (gnutls_pkcs11_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * ciphertext,
+ gnutls_datum_t * plaintext)
+{
+ ck_rv_t rv;
+ int ret;
+ struct ck_mechanism mech;
+ unsigned long siglen;
+ pakchois_session_t *pks;
+ ck_object_handle_t obj;
+
+ FIND_OBJECT (pks, obj, key);
+
+ mech.mechanism =
+ key->pk_algorithm == GNUTLS_PK_DSA ? CKM_DSA : CKM_RSA_PKCS;
+ mech.parameter = NULL;
+ mech.parameter_len = 0;
+
+ /* Initialize signing operation; using the private key discovered
+ * earlier. */
+ rv = pakchois_decrypt_init (pks, &mech, obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* Work out how long the plaintext must be: */
+ rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size,
+ NULL, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ plaintext->data = gnutls_malloc (siglen);
+ plaintext->size = siglen;
+
+ rv = pakchois_decrypt (pks, ciphertext->data, ciphertext->size,
+ plaintext->data, &siglen);
+ if (rv != CKR_OK)
+ {
+ gnutls_free (plaintext->data);
+ gnutls_assert ();
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ plaintext->size = siglen;
+
+ ret = 0;
+
+cleanup:
+ pakchois_close_session (pks);
+
+ return ret;
+}
+
+/**
+ * gnutls_pkcs11_privkey_export_url:
+ * @key: Holds the PKCS 11 key
+ * @detailed: non zero if a detailed URL is required
+ * @url: will contain an allocated url
+ *
+ * This function will export a URL identifying the given key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_privkey_export_url (gnutls_pkcs11_privkey_t key,
+ gnutls_pkcs11_url_type_t detailed,
+ char **url)
+{
+ int ret;
+
+ ret = pkcs11_info_to_url (&key->info, detailed, url);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * GnuTLS PKCS#11 support
+ * Copyright (C) 2010 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA
+*/
+
+#include <gnutls_int.h>
+#include <gnutls/pkcs11.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <pkcs11_int.h>
+#include <random.h>
+
+/**
+ * gnutls_pkcs11_copy_secret_key:
+ * @token_url: A PKCS #11 URL specifying a token
+ * @key: The raw key
+ * @label: A name to be used for the stored data
+ * @key_usage: One of GNUTLS_KEY_*
+ * @flags: One of GNUTLS_PKCS11_OBJ_FLAG_*
+ *
+ * This function will copy a raw secret (symmetric) key into a PKCS #11
+ * token specified by a URL. The key can be marked as sensitive or not.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_copy_secret_key (const char *token_url, gnutls_datum_t * key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags
+ /* GNUTLS_PKCS11_OBJ_FLAG_* */ )
+{
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ struct ck_attribute a[12];
+ ck_object_class_t class = CKO_SECRET_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t keytype = CKK_GENERIC_SECRET;
+ unsigned int tval = 1;
+ int a_val;
+ opaque id[16];
+
+ ret = pkcs11_url_to_info (token_url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* generate a unique ID */
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE, id, sizeof (id));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session (&pks, &info,
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof (class);
+ a[1].type = CKA_VALUE;
+ a[1].value = key->data;
+ a[1].value_len = key->size;
+ a[2].type = CKA_TOKEN;
+ a[2].value = &tval;
+ a[2].value_len = sizeof (tval);
+ a[3].type = CKA_PRIVATE;
+ a[3].value = &tval;
+ a[3].value_len = sizeof (tval);
+ a[4].type = CKA_KEY_TYPE;
+ a[4].value = &keytype;
+ a[4].value_len = sizeof (keytype);
+ a[5].type = CKA_ID;
+ a[5].value = id;
+ a[5].value_len = sizeof (id);
+
+ a_val = 6;
+
+ if (label)
+ {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen (label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
+ tval = 1;
+ else
+ tval = 0;
+
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+
+ rv = pakchois_create_object (pks, a, a_val, &obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ ret = 0;
+
+cleanup:
+ pakchois_close_session (pks);
+
+ return ret;
+
+}
--- /dev/null
+/*
+ * GnuTLS PKCS#11 support
+ * Copyright (C) 2010 Free Software Foundation
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Library General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Library General Public License for more details.
+ *
+ * You should have received a copy of the GNU Library General Public
+ * License along with this library; if not, write to the Free
+ * Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
+ * MA 02111-1307, USA
+*/
+
+#include <gnutls_int.h>
+#include <gnutls/pkcs11.h>
+#include <stdio.h>
+#include <string.h>
+#include <gnutls_errors.h>
+#include <gnutls_datum.h>
+#include <pkcs11_int.h>
+
+/**
+ * gnutls_pkcs11_copy_x509_crt:
+ * @token_url: A PKCS #11 URL specifying a token
+ * @crt: A certificate
+ * @label: A name to be used for the stored data
+ * @flags: One of GNUTLS_PKCS11_OBJ_FLAG_*
+ *
+ * This function will copy a certificate into a PKCS #11 token specified by
+ * a URL. The certificate can be marked as trusted or not.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_copy_x509_crt (const char *token_url,
+ gnutls_x509_crt_t crt, const char *label,
+ unsigned int flags)
+{
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t der_size, id_size;
+ opaque *der = NULL;
+ opaque id[20];
+ struct ck_attribute a[8];
+ ck_object_class_t class = CKO_CERTIFICATE;
+ ck_certificate_type_t type = CKC_X_509;
+ ck_object_handle_t obj;
+ unsigned int tval = 1;
+ int a_val;
+
+ ret = pkcs11_url_to_info (token_url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ pkcs11_open_session (&pks, &info,
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, NULL, &der_size);
+ if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ der = gnutls_malloc (der_size);
+ if (der == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_DER, der, &der_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ id_size = sizeof (id);
+ ret = gnutls_x509_crt_get_key_id (crt, 0, id, &id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* FIXME: copy key usage flags */
+
+ a[0].type = CKA_CLASS;
+ a[0].value = &class;
+ a[0].value_len = sizeof (class);
+ a[1].type = CKA_ID;
+ a[1].value = id;
+ a[1].value_len = id_size;
+ a[2].type = CKA_VALUE;
+ a[2].value = der;
+ a[2].value_len = der_size;
+ a[3].type = CKA_TOKEN;
+ a[3].value = &tval;
+ a[3].value_len = sizeof (tval);
+ a[4].type = CKA_CERTIFICATE_TYPE;
+ a[4].value = &type;
+ a[4].value_len = sizeof (type);
+
+ a_val = 5;
+
+ if (label)
+ {
+ a[a_val].type = CKA_LABEL;
+ a[a_val].value = (void *) label;
+ a[a_val].value_len = strlen (label);
+ a_val++;
+ }
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED)
+ {
+ a[a_val].type = CKA_TRUSTED;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+ }
+
+ rv = pakchois_create_object (pks, a, a_val, &obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ ret = 0;
+
+cleanup:
+ gnutls_free (der);
+ pakchois_close_session (pks);
+
+ return ret;
+
+}
+
+/**
+ * gnutls_pkcs11_copy_x509_privkey:
+ * @token_url: A PKCS #11 URL specifying a token
+ * @key: A private key
+ * @label: A name to be used for the stored data
+ * @key_usage: One of GNUTLS_KEY_*
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will copy a private key into a PKCS #11 token specified by
+ * a URL. It is highly recommended flags to contain %GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE
+ * unless there is a strong reason not to.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_copy_x509_privkey (const char *token_url,
+ gnutls_x509_privkey_t key,
+ const char *label,
+ unsigned int key_usage, unsigned int flags)
+{
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ size_t id_size;
+ opaque id[20];
+ struct ck_attribute a[16];
+ ck_object_class_t class = CKO_PRIVATE_KEY;
+ ck_object_handle_t obj;
+ ck_key_type_t type;
+ unsigned int tval = 1;
+ int a_val;
+ gnutls_pk_algorithm_t pk;
+ gnutls_datum_t p, q, g, y, x;
+ gnutls_datum_t m, e, d, u, exp1, exp2;
+
+
+ ret = pkcs11_url_to_info (token_url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ id_size = sizeof (id);
+ ret = gnutls_x509_privkey_get_key_id (key, 0, id, &id_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret =
+ pkcs11_open_session (&pks, &info,
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* FIXME: copy key usage flags */
+ a_val = 0;
+ a[a_val].type = CKA_CLASS;
+ a[a_val].value = &class;
+ a[a_val].value_len = sizeof (class);
+ a_val++;
+
+ a[a_val].type = CKA_ID;
+ a[a_val].value = id;
+ a[a_val].value_len = id_size;
+ a_val++;
+
+ a[a_val].type = CKA_KEY_TYPE;
+ a[a_val].value = &type;
+ a[a_val].value_len = sizeof (type);
+ a_val++;
+
+ a[a_val].type = CKA_TOKEN;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+
+ a[a_val].type = CKA_PRIVATE;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+
+ if (flags & GNUTLS_PKCS11_OBJ_FLAG_MARK_SENSITIVE)
+ tval = 1;
+ else
+ tval = 0;
+
+ a[a_val].type = CKA_SENSITIVE;
+ a[a_val].value = &tval;
+ a[a_val].value_len = sizeof (tval);
+ a_val++;
+
+ pk = gnutls_x509_privkey_get_pk_algorithm (key);
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ {
+
+ ret =
+ gnutls_x509_privkey_export_rsa_raw2 (key, &m,
+ &e, &d, &p,
+ &q, &u, &exp1, &exp2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ type = CKK_RSA;
+
+ a[a_val].type = CKA_MODULUS;
+ a[a_val].value = m.data;
+ a[a_val].value_len = m.size;
+ a_val++;
+
+ a[a_val].type = CKA_PUBLIC_EXPONENT;
+ a[a_val].value = e.data;
+ a[a_val].value_len = e.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIVATE_EXPONENT;
+ a[a_val].value = d.data;
+ a[a_val].value_len = d.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_1;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_PRIME_2;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_COEFFICIENT;
+ a[a_val].value = u.data;
+ a[a_val].value_len = u.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_1;
+ a[a_val].value = exp1.data;
+ a[a_val].value_len = exp1.size;
+ a_val++;
+
+ a[a_val].type = CKA_EXPONENT_2;
+ a[a_val].value = exp2.data;
+ a[a_val].value_len = exp2.size;
+ a_val++;
+
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ ret = gnutls_x509_privkey_export_dsa_raw (key, &p, &q, &g, &y, &x);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ type = CKK_DSA;
+
+ a[a_val].type = CKA_PRIME;
+ a[a_val].value = p.data;
+ a[a_val].value_len = p.size;
+ a_val++;
+
+ a[a_val].type = CKA_SUBPRIME;
+ a[a_val].value = q.data;
+ a[a_val].value_len = q.size;
+ a_val++;
+
+ a[a_val].type = CKA_BASE;
+ a[a_val].value = g.data;
+ a[a_val].value_len = g.size;
+ a_val++;
+
+ a[a_val].type = CKA_VALUE;
+ a[a_val].value = x.data;
+ a[a_val].value_len = x.size;
+ a_val++;
+
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ rv = pakchois_create_object (pks, a, a_val, &obj);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ /* generated!
+ */
+
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ gnutls_free (d.data);
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (u.data);
+ gnutls_free (exp1.data);
+ gnutls_free (exp2.data);
+ break;
+ }
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+ gnutls_free (x.data);
+ break;
+ }
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ pakchois_close_session (pks);
+
+ return ret;
+
+}
+
+struct delete_data_st
+{
+ struct pkcs11_url_info info;
+ unsigned int deleted; /* how many */
+};
+
+static int
+delete_obj_url (pakchois_session_t * pks,
+ struct token_info *info,
+ struct ck_info *lib_info, void *input)
+{
+ struct delete_data_st *find_data = input;
+ struct ck_attribute a[4];
+ ck_object_class_t class;
+ ck_certificate_type_t type = -1;
+ ck_rv_t rv;
+ ck_object_handle_t obj;
+ unsigned long count, a_vals;
+ int found = 0, ret;
+
+
+ if (info == NULL)
+ { /* we don't support multiple calls */
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ /* do not bother reading the token if basic fields do not match
+ */
+ if (pkcs11_token_matches_info (&find_data->info, &info->tinfo, lib_info) <
+ 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ class = CKO_CERTIFICATE; /* default */
+
+ if (find_data->info.type[0] != 0)
+ {
+ class = pkcs11_strtype_to_class (find_data->info.type);
+ if (class == CKO_CERTIFICATE)
+ type = CKC_X_509;
+
+ if (class == -1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ a_vals = 0;
+
+ /* Find objects with given class and type */
+ if (find_data->info.certid_raw_size > 0)
+ {
+ a[a_vals].type = CKA_ID;
+ a[a_vals].value = find_data->info.certid_raw;
+ a[a_vals].value_len = find_data->info.certid_raw_size;
+ a_vals++;
+ }
+
+ if (class != -1)
+ {
+ a[a_vals].type = CKA_CLASS;
+ a[a_vals].value = &class;
+ a[a_vals].value_len = sizeof class;
+ a_vals++;
+ }
+
+ if (type != -1)
+ {
+ a[a_vals].type = CKA_CERTIFICATE_TYPE;
+ a[a_vals].value = &type;
+ a[a_vals].value_len = sizeof type;
+ a_vals++;
+ }
+
+ if (find_data->info.label[0] != 0)
+ {
+ a[a_vals].type = CKA_LABEL;
+ a[a_vals].value = find_data->info.label;
+ a[a_vals].value_len = strlen (find_data->info.label);
+ a_vals++;
+ }
+
+ rv = pakchois_find_objects_init (pks, a, a_vals);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pk11: FindObjectsInit failed.\n");
+ ret = pkcs11_rv_to_err (rv);
+ goto cleanup;
+ }
+
+ while (pakchois_find_objects (pks, &obj, 1, &count) == CKR_OK && count == 1)
+ {
+ rv = pakchois_destroy_object (pks, obj);
+ if (rv != CKR_OK)
+ {
+ _gnutls_debug_log
+ ("pkcs11: Cannot destroy object: %s\n", pakchois_error (rv));
+ }
+ else
+ {
+ find_data->deleted++;
+ }
+
+ found = 1;
+ }
+
+ if (found == 0)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ else
+ {
+ ret = 0;
+ }
+
+cleanup:
+ pakchois_find_objects_final (pks);
+
+ return ret;
+}
+
+
+/**
+ * gnutls_pkcs11_delete_url:
+ * @object_url: The URL of the object to delete.
+ * @flags: One of GNUTLS_PKCS11_OBJ_* flags
+ *
+ * This function will delete objects matching the given URL.
+ *
+ * Returns: On success, the number of objects deleted is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_delete_url (const char *object_url, unsigned int flags)
+{
+ int ret;
+ struct delete_data_st find_data;
+
+ memset (&find_data, 0, sizeof (find_data));
+
+ ret = pkcs11_url_to_info (object_url, &find_data.info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _pkcs11_traverse_tokens (delete_obj_url, &find_data,
+ SESSION_WRITE | pkcs11_obj_flags_to_int (flags));
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return find_data.deleted;
+
+}
+
+/**
+ * gnutls_pkcs11_token_init:
+ * @token_url: A PKCS #11 URL specifying a token
+ * @so_pin: Security Officer's PIN
+ * @label: A name to be used for the token
+ *
+ * This function will initialize (format) a token. If the token is
+ * at a factory defaults state the security officer's PIN given will be
+ * set to be the default. Otherwise it should match the officer's PIN.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_token_init (const char *token_url,
+ const char *so_pin, const char *label)
+{
+ int ret;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ pakchois_module_t *module;
+ ck_slot_id_t slot;
+ char flabel[32];
+
+ ret = pkcs11_url_to_info (token_url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = pkcs11_find_slot (&module, &slot, &info, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* so it seems memset has other uses than zeroing! */
+ memset (flabel, ' ', sizeof (flabel));
+ if (label != NULL)
+ memcpy (flabel, label, strlen (label));
+
+ rv =
+ pakchois_init_token (module, slot, (char *) so_pin, strlen (so_pin),
+ flabel);
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ return pkcs11_rv_to_err (rv);
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_pkcs11_token_set_pin:
+ * @token_url: A PKCS #11 URL specifying a token
+ * @oldpin: old user's PIN
+ * @newpin: new user's PIN
+ * @flags: one of gnutls_pkcs11_pin_flag_t
+ *
+ * This function will modify or set a user's PIN for the given token.
+ * If it is called to set a user pin for first time the oldpin must
+ * be NULL.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs11_token_set_pin (const char *token_url,
+ const char *oldpin,
+ const char *newpin, unsigned int flags)
+{
+ int ret;
+ pakchois_session_t *pks;
+ struct pkcs11_url_info info;
+ ck_rv_t rv;
+ unsigned int ses_flags;
+
+ ret = pkcs11_url_to_info (token_url, &info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (((flags & GNUTLS_PKCS11_PIN_USER) && oldpin == NULL) ||
+ (flags & GNUTLS_PKCS11_PIN_SO))
+ ses_flags = SESSION_WRITE | SESSION_LOGIN | SESSION_SO;
+ else
+ ses_flags = SESSION_WRITE | SESSION_LOGIN;
+
+ ret = pkcs11_open_session (&pks, &info, ses_flags);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (oldpin == NULL)
+ {
+ rv = pakchois_init_pin (pks, (char *) newpin, strlen (newpin));
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto finish;
+ }
+ }
+ else
+ {
+ rv = pakchois_set_pin (pks,
+ (char *) oldpin, strlen (oldpin),
+ (char *) newpin, strlen (newpin));
+ if (rv != CKR_OK)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("pkcs11: %s\n", pakchois_error (rv));
+ ret = pkcs11_rv_to_err (rv);
+ goto finish;
+ }
+ }
+
+ ret = 0;
+
+finish:
+ pakchois_close_session (pks);
+ return ret;
+
+}
--- /dev/null
+
+PKIX1 { }
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- This contains both PKIX1Implicit88 and RFC2630 ASN.1 modules.
+
+id-pkix OBJECT IDENTIFIER ::=
+ { iso(1) identified-organization(3) dod(6) internet(1)
+ security(5) mechanisms(5) pkix(7) }
+
+-- ISO arc for standard certificate and CRL extensions
+
+-- authority key identifier OID and syntax
+
+AuthorityKeyIdentifier ::= SEQUENCE {
+ keyIdentifier [0] KeyIdentifier OPTIONAL,
+ authorityCertIssuer [1] GeneralNames OPTIONAL,
+ authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
+ -- authorityCertIssuer and authorityCertSerialNumber shall both
+ -- be present or both be absgent
+
+KeyIdentifier ::= OCTET STRING
+
+-- subject key identifier OID and syntax
+
+SubjectKeyIdentifier ::= KeyIdentifier
+
+-- key usage extension OID and syntax
+
+KeyUsage ::= BIT STRING
+
+-- Directory string type --
+
+DirectoryString ::= CHOICE {
+ teletexString TeletexString (SIZE (1..MAX)),
+ printableString PrintableString (SIZE (1..MAX)),
+ universalString UniversalString (SIZE (1..MAX)),
+ utf8String UTF8String (SIZE (1..MAX)),
+ bmpString BMPString (SIZE(1..MAX)),
+ -- IA5String is added here to handle old UID encoded as ia5String --
+ -- See tests/userid/ for more information. It shouldn't be here, --
+ -- so if it causes problems, considering dropping it. --
+ ia5String IA5String (SIZE(1..MAX)) }
+
+SubjectAltName ::= GeneralNames
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+ otherName [0] AnotherName,
+ rfc822Name [1] IA5String,
+ dNSName [2] IA5String,
+ x400Address [3] ANY,
+-- Changed to work with the libtasn1 parser.
+ directoryName [4] EXPLICIT RDNSequence, --Name,
+ ediPartyName [5] ANY, --EDIPartyName replaced by ANY to save memory
+ uniformResourceIdentifier [6] IA5String,
+ iPAddress [7] OCTET STRING,
+ registeredID [8] OBJECT IDENTIFIER }
+
+-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+AnotherName ::= SEQUENCE {
+ type-id OBJECT IDENTIFIER,
+ value [0] EXPLICIT ANY DEFINED BY type-id }
+
+-- issuer alternative name extension OID and syntax
+
+IssuerAltName ::= GeneralNames
+
+-- basic constraints extension OID and syntax
+
+BasicConstraints ::= SEQUENCE {
+ cA BOOLEAN DEFAULT FALSE,
+ pathLenConstraint INTEGER (0..MAX) OPTIONAL }
+
+-- CRL distribution points extension OID and syntax
+
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+DistributionPoint ::= SEQUENCE {
+ distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL,
+ reasons [1] ReasonFlags OPTIONAL,
+ cRLIssuer [2] GeneralNames OPTIONAL
+}
+
+DistributionPointName ::= CHOICE {
+ fullName [0] GeneralNames,
+ nameRelativeToCRLIssuer [1] RelativeDistinguishedName
+}
+
+ReasonFlags ::= BIT STRING
+
+-- extended key usage extension OID and syntax
+
+ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+KeyPurposeId ::= OBJECT IDENTIFIER
+
+-- CRL number extension OID and syntax
+
+CRLNumber ::= INTEGER (0..MAX)
+
+-- certificate issuer CRL entry extension OID and syntax
+
+CertificateIssuer ::= GeneralNames
+
+-- --------------------------------------
+-- EXPLICIT
+-- --------------------------------------
+
+-- UNIVERSAL Types defined in '93 and '98 ASN.1
+-- but required by this specification
+
+NumericString ::= [UNIVERSAL 18] IMPLICIT OCTET STRING
+
+IA5String ::= [UNIVERSAL 22] IMPLICIT OCTET STRING
+
+TeletexString ::= [UNIVERSAL 20] IMPLICIT OCTET STRING
+
+PrintableString ::= [UNIVERSAL 19] IMPLICIT OCTET STRING
+
+UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
+ -- UniversalString is defined in ASN.1:1993
+
+BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
+ -- BMPString is the subtype of UniversalString and models
+ -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
+
+UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+ -- The content of this type conforms to RFC 2279.
+
+
+-- attribute data types --
+
+Attribute ::= SEQUENCE {
+ type AttributeType,
+ values SET OF AttributeValue
+ -- at least one value is required --
+}
+
+AttributeType ::= OBJECT IDENTIFIER
+
+AttributeValue ::= ANY DEFINED BY type
+
+AttributeTypeAndValue ::= SEQUENCE {
+ type AttributeType,
+ value AttributeValue }
+
+-- suggested naming attributes: Definition of the following
+-- information object set may be augmented to meet local
+-- requirements. Note that deleting members of the set may
+-- prevent interoperability with conforming implementations.
+-- presented in pairs: the AttributeType followed by the
+-- type definition for the corresponding AttributeValue
+
+-- Arc for standard naming attributes
+id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
+
+-- Attributes of type NameDirectoryString
+
+-- gnutls: Note that the Object ID (id-at*) is being set just before the
+-- actual definition. This is done in order for asn1_find_structure_from_oid
+-- to work (locate structure from OID).
+-- Maybe this is inefficient and memory consuming. Should we replace with
+-- a table that maps OIDs to structures?
+
+PostalAddress ::= SEQUENCE OF DirectoryString
+
+ -- Legacy attributes
+
+emailAddress AttributeType ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 1 }
+
+Pkcs9email ::= IA5String (SIZE (1..ub-emailaddress-length))
+
+-- naming data types --
+
+Name ::= CHOICE { -- only one possibility for now --
+ rdnSequence RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::= RDNSequence
+
+RelativeDistinguishedName ::=
+ SET SIZE (1 .. MAX) OF AttributeTypeAndValue
+
+
+
+-- --------------------------------------------------------
+-- certificate and CRL specific structures begin here
+-- --------------------------------------------------------
+
+Certificate ::= SEQUENCE {
+ tbsCertificate TBSCertificate,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING }
+
+TBSCertificate ::= SEQUENCE {
+ version [0] EXPLICIT Version DEFAULT v1,
+ serialNumber CertificateSerialNumber,
+ signature AlgorithmIdentifier,
+ issuer Name,
+ validity Validity,
+ subject Name,
+ subjectPublicKeyInfo SubjectPublicKeyInfo,
+ issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+ subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
+ -- If present, version shall be v2 or v3
+ extensions [3] EXPLICIT Extensions OPTIONAL
+ -- If present, version shall be v3 --
+}
+
+Version ::= INTEGER { v1(0), v2(1), v3(2) }
+
+CertificateSerialNumber ::= INTEGER
+
+Validity ::= SEQUENCE {
+ notBefore Time,
+ notAfter Time }
+
+Time ::= CHOICE {
+ utcTime UTCTime,
+ generalTime GeneralizedTime }
+
+UniqueIdentifier ::= BIT STRING
+
+SubjectPublicKeyInfo ::= SEQUENCE {
+ algorithm AlgorithmIdentifier,
+ subjectPublicKey BIT STRING }
+
+Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
+
+Extension ::= SEQUENCE {
+ extnID OBJECT IDENTIFIER,
+ critical BOOLEAN DEFAULT FALSE,
+ extnValue OCTET STRING }
+
+
+-- ------------------------------------------
+-- CRL structures
+-- ------------------------------------------
+
+CertificateList ::= SEQUENCE {
+ tbsCertList TBSCertList,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING }
+
+TBSCertList ::= SEQUENCE {
+ version Version OPTIONAL,
+ -- if present, shall be v2
+ signature AlgorithmIdentifier,
+ issuer Name,
+ thisUpdate Time,
+ nextUpdate Time OPTIONAL,
+ revokedCertificates SEQUENCE OF SEQUENCE {
+ userCertificate CertificateSerialNumber,
+ revocationDate Time,
+ crlEntryExtensions Extensions OPTIONAL
+ -- if present, shall be v2
+ } OPTIONAL,
+ crlExtensions [0] EXPLICIT Extensions OPTIONAL
+ -- if present, shall be v2 --
+}
+
+-- Version, Time, CertificateSerialNumber, and Extensions were
+-- defined earlier for use in the certificate structure
+
+AlgorithmIdentifier ::= SEQUENCE {
+ algorithm OBJECT IDENTIFIER,
+ parameters ANY DEFINED BY algorithm OPTIONAL }
+ -- contains a value of the type
+ -- registered for use with the
+ -- algorithm object identifier value
+
+-- Algorithm OIDs and parameter structures
+
+Dss-Sig-Value ::= SEQUENCE {
+ r INTEGER,
+ s INTEGER
+}
+
+DomainParameters ::= SEQUENCE {
+ p INTEGER, -- odd prime, p=jq +1
+ g INTEGER, -- generator, g
+ q INTEGER, -- factor of p-1
+ j INTEGER OPTIONAL, -- subgroup factor, j>= 2
+ validationParms ValidationParms OPTIONAL }
+
+ValidationParms ::= SEQUENCE {
+ seed BIT STRING,
+ pgenCounter INTEGER }
+
+Dss-Parms ::= SEQUENCE {
+ p INTEGER,
+ q INTEGER,
+ g INTEGER }
+
+-- x400 address syntax starts here
+-- OR Names
+
+CountryName ::= [APPLICATION 1] CHOICE {
+ x121-dcc-code NumericString
+ (SIZE (ub-country-name-numeric-length)),
+ iso-3166-alpha2-code PrintableString
+ (SIZE (ub-country-name-alpha-length)) }
+
+OrganizationName ::= PrintableString
+ (SIZE (1..ub-organization-name-length))
+-- see also teletex-organization-name
+
+NumericUserIdentifier ::= NumericString
+ (SIZE (1..ub-numeric-user-id-length))
+
+-- see also teletex-personal-name
+
+OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+ OF OrganizationalUnitName
+-- see also teletex-organizational-unit-names
+
+OrganizationalUnitName ::= PrintableString (SIZE
+ (1..ub-organizational-unit-name-length))
+
+-- Extension types and attribute values
+--
+
+CommonName ::= PrintableString
+
+-- END of PKIX1Implicit88
+
+
+-- BEGIN of RFC2630
+
+-- Cryptographic Message Syntax
+
+pkcs-7-ContentInfo ::= SEQUENCE {
+ contentType pkcs-7-ContentType,
+ content [0] EXPLICIT ANY DEFINED BY contentType }
+
+pkcs-7-DigestInfo ::= SEQUENCE {
+ digestAlgorithm pkcs-7-DigestAlgorithmIdentifier,
+ digest pkcs-7-Digest
+}
+
+pkcs-7-Digest ::= OCTET STRING
+
+pkcs-7-ContentType ::= OBJECT IDENTIFIER
+
+pkcs-7-SignedData ::= SEQUENCE {
+ version pkcs-7-CMSVersion,
+ digestAlgorithms pkcs-7-DigestAlgorithmIdentifiers,
+ encapContentInfo pkcs-7-EncapsulatedContentInfo,
+ certificates [0] IMPLICIT pkcs-7-CertificateSet OPTIONAL,
+ crls [1] IMPLICIT pkcs-7-CertificateRevocationLists OPTIONAL,
+ signerInfos pkcs-7-SignerInfos
+}
+
+pkcs-7-CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4) }
+
+pkcs-7-DigestAlgorithmIdentifiers ::= SET OF pkcs-7-DigestAlgorithmIdentifier
+
+pkcs-7-DigestAlgorithmIdentifier ::= AlgorithmIdentifier
+
+pkcs-7-EncapsulatedContentInfo ::= SEQUENCE {
+ eContentType pkcs-7-ContentType,
+ eContent [0] EXPLICIT OCTET STRING OPTIONAL }
+
+-- We don't use CertificateList here since we only want
+-- to read the raw data.
+pkcs-7-CertificateRevocationLists ::= SET OF ANY
+
+pkcs-7-CertificateChoices ::= CHOICE {
+-- Although the paper uses Certificate type, we
+-- don't use it since, we don't need to parse it.
+-- We only need to read and store it.
+ certificate ANY
+}
+
+pkcs-7-CertificateSet ::= SET OF pkcs-7-CertificateChoices
+
+pkcs-7-SignerInfos ::= SET OF ANY -- this is not correct but we don't use it
+ -- anyway
+
+
+-- BEGIN of RFC2986
+
+-- Certificate requests
+pkcs-10-CertificationRequestInfo ::= SEQUENCE {
+ version INTEGER { v1(0) },
+ subject Name,
+ subjectPKInfo SubjectPublicKeyInfo,
+ attributes [0] Attributes
+}
+
+Attributes ::= SET OF Attribute
+
+pkcs-10-CertificationRequest ::= SEQUENCE {
+ certificationRequestInfo pkcs-10-CertificationRequestInfo,
+ signatureAlgorithm AlgorithmIdentifier,
+ signature BIT STRING
+}
+
+-- stuff from PKCS#9
+
+pkcs-9-at-challengePassword OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 7}
+
+pkcs-9-challengePassword ::= CHOICE {
+ printableString PrintableString,
+ utf8String UTF8String }
+
+pkcs-9-localKeyId ::= OCTET STRING
+
+-- PKCS #8 stuff
+
+-- Private-key information syntax
+
+pkcs-8-PrivateKeyInfo ::= SEQUENCE {
+ version pkcs-8-Version,
+ privateKeyAlgorithm AlgorithmIdentifier,
+ privateKey pkcs-8-PrivateKey,
+ attributes [0] Attributes OPTIONAL }
+
+pkcs-8-Version ::= INTEGER {v1(0)}
+
+pkcs-8-PrivateKey ::= OCTET STRING
+
+pkcs-8-Attributes ::= SET OF Attribute
+
+-- Encrypted private-key information syntax
+
+pkcs-8-EncryptedPrivateKeyInfo ::= SEQUENCE {
+ encryptionAlgorithm AlgorithmIdentifier,
+ encryptedData pkcs-8-EncryptedData
+}
+
+pkcs-8-EncryptedData ::= OCTET STRING
+
+-- PKCS #5 stuff
+
+pkcs-5-des-EDE3-CBC-params ::= OCTET STRING (SIZE(8))
+pkcs-5-aes128-CBC-params ::= OCTET STRING (SIZE(16))
+pkcs-5-aes192-CBC-params ::= OCTET STRING (SIZE(16))
+pkcs-5-aes256-CBC-params ::= OCTET STRING (SIZE(16))
+
+pkcs-5-PBES2-params ::= SEQUENCE {
+ keyDerivationFunc AlgorithmIdentifier,
+ encryptionScheme AlgorithmIdentifier }
+
+-- PBKDF2
+
+-- pkcs-5-algid-hmacWithSHA1 AlgorithmIdentifier ::=
+-- {algorithm pkcs-5-id-hmacWithSHA1, parameters NULL : NULL}
+
+pkcs-5-PBKDF2-params ::= SEQUENCE {
+ salt CHOICE {
+ specified OCTET STRING,
+ otherSource AlgorithmIdentifier
+ },
+ iterationCount INTEGER (1..MAX),
+ keyLength INTEGER (1..MAX) OPTIONAL,
+ prf AlgorithmIdentifier OPTIONAL -- DEFAULT pkcs-5-id-hmacWithSHA1
+}
+
+-- PKCS #12 stuff
+
+pkcs-12-PFX ::= SEQUENCE {
+ version INTEGER {v3(3)},
+ authSafe pkcs-7-ContentInfo,
+ macData pkcs-12-MacData OPTIONAL
+}
+
+pkcs-12-PbeParams ::= SEQUENCE {
+ salt OCTET STRING,
+ iterations INTEGER
+}
+
+pkcs-12-MacData ::= SEQUENCE {
+ mac pkcs-7-DigestInfo,
+ macSalt OCTET STRING,
+ iterations INTEGER DEFAULT 1
+-- Note: The default is for historical reasons and its use is
+-- deprecated. A higher value, like 1024 is recommended.
+}
+
+pkcs-12-AuthenticatedSafe ::= SEQUENCE OF pkcs-7-ContentInfo
+ -- Data if unencrypted
+ -- EncryptedData if password-encrypted
+ -- EnvelopedData if public key-encrypted
+
+pkcs-12-SafeContents ::= SEQUENCE OF pkcs-12-SafeBag
+
+pkcs-12-SafeBag ::= SEQUENCE {
+ bagId OBJECT IDENTIFIER,
+ bagValue [0] EXPLICIT ANY DEFINED BY badId,
+ bagAttributes SET OF pkcs-12-PKCS12Attribute OPTIONAL
+}
+
+-- Bag types
+
+pkcs-12-KeyBag ::= pkcs-8-PrivateKeyInfo
+
+-- Shrouded KeyBag
+
+pkcs-12-PKCS8ShroudedKeyBag ::= pkcs-8-EncryptedPrivateKeyInfo
+
+-- CertBag
+
+pkcs-12-CertBag ::= SEQUENCE {
+ certId OBJECT IDENTIFIER,
+ certValue [0] EXPLICIT ANY DEFINED BY certId
+}
+
+-- x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-certTypes 1}}
+-- DER-encoded X.509 certificate stored in OCTET STRING
+
+pkcs-12-CRLBag ::= SEQUENCE {
+ crlId OBJECT IDENTIFIER,
+ crlValue [0] EXPLICIT ANY DEFINED BY crlId
+}
+
+pkcs-12-SecretBag ::= SEQUENCE {
+ secretTypeId OBJECT IDENTIFIER,
+ secretValue [0] EXPLICIT ANY DEFINED BY secretTypeId
+}
+
+-- x509CRL BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {pkcs-9-crlTypes 1}}
+-- DER-encoded X.509 CRL stored in OCTET STRING
+
+pkcs-12-PKCS12Attribute ::= Attribute
+
+-- PKCS #7 stuff (needed in PKCS 12)
+
+pkcs-7-Data ::= OCTET STRING
+
+pkcs-7-EncryptedData ::= SEQUENCE {
+ version pkcs-7-CMSVersion,
+ encryptedContentInfo pkcs-7-EncryptedContentInfo,
+ unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
+
+pkcs-7-EncryptedContentInfo ::= SEQUENCE {
+ contentType pkcs-7-ContentType,
+ contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
+ encryptedContent [0] IMPLICIT pkcs-7-EncryptedContent OPTIONAL }
+
+pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+
+pkcs-7-EncryptedContent ::= OCTET STRING
+
+pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
+
+-- rfc3820
+
+ProxyCertInfo ::= SEQUENCE {
+ pCPathLenConstraint INTEGER (0..MAX) OPTIONAL,
+ proxyPolicy ProxyPolicy }
+
+ProxyPolicy ::= SEQUENCE {
+ policyLanguage OBJECT IDENTIFIER,
+ policy OCTET STRING OPTIONAL }
+
+END
--- /dev/null
+#if HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <libtasn1.h>
+
+const ASN1_ARRAY_TYPE pkix_asn1_tab[] = {
+ { "PKIX1", 536875024, NULL },
+ { NULL, 1073741836, NULL },
+ { "id-pkix", 1879048204, NULL },
+ { "iso", 1073741825, "1"},
+ { "identified-organization", 1073741825, "3"},
+ { "dod", 1073741825, "6"},
+ { "internet", 1073741825, "1"},
+ { "security", 1073741825, "5"},
+ { "mechanisms", 1073741825, "5"},
+ { "pkix", 1, "7"},
+ { "AuthorityKeyIdentifier", 1610612741, NULL },
+ { "keyIdentifier", 1610637314, "KeyIdentifier"},
+ { NULL, 4104, "0"},
+ { "authorityCertIssuer", 1610637314, "GeneralNames"},
+ { NULL, 4104, "1"},
+ { "authorityCertSerialNumber", 536895490, "CertificateSerialNumber"},
+ { NULL, 4104, "2"},
+ { "KeyIdentifier", 1073741831, NULL },
+ { "SubjectKeyIdentifier", 1073741826, "KeyIdentifier"},
+ { "KeyUsage", 1073741830, NULL },
+ { "DirectoryString", 1610612754, NULL },
+ { "teletexString", 1612709890, "TeletexString"},
+ { "MAX", 524298, "1"},
+ { "printableString", 1612709890, "PrintableString"},
+ { "MAX", 524298, "1"},
+ { "universalString", 1612709890, "UniversalString"},
+ { "MAX", 524298, "1"},
+ { "utf8String", 1612709890, "UTF8String"},
+ { "MAX", 524298, "1"},
+ { "bmpString", 1612709890, "BMPString"},
+ { "MAX", 524298, "1"},
+ { "ia5String", 538968066, "IA5String"},
+ { "MAX", 524298, "1"},
+ { "SubjectAltName", 1073741826, "GeneralNames"},
+ { "GeneralNames", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "GeneralName"},
+ { "GeneralName", 1610612754, NULL },
+ { "otherName", 1610620930, "AnotherName"},
+ { NULL, 4104, "0"},
+ { "rfc822Name", 1610620930, "IA5String"},
+ { NULL, 4104, "1"},
+ { "dNSName", 1610620930, "IA5String"},
+ { NULL, 4104, "2"},
+ { "x400Address", 1610620941, NULL },
+ { NULL, 4104, "3"},
+ { "directoryName", 1610620930, "RDNSequence"},
+ { NULL, 2056, "4"},
+ { "ediPartyName", 1610620941, NULL },
+ { NULL, 4104, "5"},
+ { "uniformResourceIdentifier", 1610620930, "IA5String"},
+ { NULL, 4104, "6"},
+ { "iPAddress", 1610620935, NULL },
+ { NULL, 4104, "7"},
+ { "registeredID", 536879116, NULL },
+ { NULL, 4104, "8"},
+ { "AnotherName", 1610612741, NULL },
+ { "type-id", 1073741836, NULL },
+ { "value", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "type-id", 1, NULL },
+ { "IssuerAltName", 1073741826, "GeneralNames"},
+ { "BasicConstraints", 1610612741, NULL },
+ { "cA", 1610645508, NULL },
+ { NULL, 131081, NULL },
+ { "pathLenConstraint", 537411587, NULL },
+ { "0", 10, "MAX"},
+ { "CRLDistributionPoints", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "DistributionPoint"},
+ { "DistributionPoint", 1610612741, NULL },
+ { "distributionPoint", 1610637314, "DistributionPointName"},
+ { NULL, 2056, "0"},
+ { "reasons", 1610637314, "ReasonFlags"},
+ { NULL, 4104, "1"},
+ { "cRLIssuer", 536895490, "GeneralNames"},
+ { NULL, 4104, "2"},
+ { "DistributionPointName", 1610612754, NULL },
+ { "fullName", 1610620930, "GeneralNames"},
+ { NULL, 4104, "0"},
+ { "nameRelativeToCRLIssuer", 536879106, "RelativeDistinguishedName"},
+ { NULL, 4104, "1"},
+ { "ReasonFlags", 1073741830, NULL },
+ { "ExtKeyUsageSyntax", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "KeyPurposeId"},
+ { "KeyPurposeId", 1073741836, NULL },
+ { "CRLNumber", 1611137027, NULL },
+ { "0", 10, "MAX"},
+ { "CertificateIssuer", 1073741826, "GeneralNames"},
+ { "NumericString", 1610620935, NULL },
+ { NULL, 4360, "18"},
+ { "IA5String", 1610620935, NULL },
+ { NULL, 4360, "22"},
+ { "TeletexString", 1610620935, NULL },
+ { NULL, 4360, "20"},
+ { "PrintableString", 1610620935, NULL },
+ { NULL, 4360, "19"},
+ { "UniversalString", 1610620935, NULL },
+ { NULL, 4360, "28"},
+ { "BMPString", 1610620935, NULL },
+ { NULL, 4360, "30"},
+ { "UTF8String", 1610620935, NULL },
+ { NULL, 4360, "12"},
+ { "Attribute", 1610612741, NULL },
+ { "type", 1073741826, "AttributeType"},
+ { "values", 536870927, NULL },
+ { NULL, 2, "AttributeValue"},
+ { "AttributeType", 1073741836, NULL },
+ { "AttributeValue", 1614807053, NULL },
+ { "type", 1, NULL },
+ { "AttributeTypeAndValue", 1610612741, NULL },
+ { "type", 1073741826, "AttributeType"},
+ { "value", 2, "AttributeValue"},
+ { "id-at", 1879048204, NULL },
+ { "joint-iso-ccitt", 1073741825, "2"},
+ { "ds", 1073741825, "5"},
+ { NULL, 1, "4"},
+ { "PostalAddress", 1610612747, NULL },
+ { NULL, 2, "DirectoryString"},
+ { "emailAddress", 1880096780, "AttributeType"},
+ { "iso", 1073741825, "1"},
+ { "member-body", 1073741825, "2"},
+ { "us", 1073741825, "840"},
+ { "rsadsi", 1073741825, "113549"},
+ { "pkcs", 1073741825, "1"},
+ { NULL, 1073741825, "9"},
+ { NULL, 1, "1"},
+ { "Pkcs9email", 1612709890, "IA5String"},
+ { "ub-emailaddress-length", 524298, "1"},
+ { "Name", 1610612754, NULL },
+ { "rdnSequence", 2, "RDNSequence"},
+ { "RDNSequence", 1610612747, NULL },
+ { NULL, 2, "RelativeDistinguishedName"},
+ { "DistinguishedName", 1073741826, "RDNSequence"},
+ { "RelativeDistinguishedName", 1612709903, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "AttributeTypeAndValue"},
+ { "Certificate", 1610612741, NULL },
+ { "tbsCertificate", 1073741826, "TBSCertificate"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 6, NULL },
+ { "TBSCertificate", 1610612741, NULL },
+ { "version", 1610653698, "Version"},
+ { NULL, 1073741833, "v1"},
+ { NULL, 2056, "0"},
+ { "serialNumber", 1073741826, "CertificateSerialNumber"},
+ { "signature", 1073741826, "AlgorithmIdentifier"},
+ { "issuer", 1073741826, "Name"},
+ { "validity", 1073741826, "Validity"},
+ { "subject", 1073741826, "Name"},
+ { "subjectPublicKeyInfo", 1073741826, "SubjectPublicKeyInfo"},
+ { "issuerUniqueID", 1610637314, "UniqueIdentifier"},
+ { NULL, 4104, "1"},
+ { "subjectUniqueID", 1610637314, "UniqueIdentifier"},
+ { NULL, 4104, "2"},
+ { "extensions", 536895490, "Extensions"},
+ { NULL, 2056, "3"},
+ { "Version", 1610874883, NULL },
+ { "v1", 1073741825, "0"},
+ { "v2", 1073741825, "1"},
+ { "v3", 1, "2"},
+ { "CertificateSerialNumber", 1073741827, NULL },
+ { "Validity", 1610612741, NULL },
+ { "notBefore", 1073741826, "Time"},
+ { "notAfter", 2, "Time"},
+ { "Time", 1610612754, NULL },
+ { "utcTime", 1090519057, NULL },
+ { "generalTime", 8388625, NULL },
+ { "UniqueIdentifier", 1073741830, NULL },
+ { "SubjectPublicKeyInfo", 1610612741, NULL },
+ { "algorithm", 1073741826, "AlgorithmIdentifier"},
+ { "subjectPublicKey", 6, NULL },
+ { "Extensions", 1612709899, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "Extension"},
+ { "Extension", 1610612741, NULL },
+ { "extnID", 1073741836, NULL },
+ { "critical", 1610645508, NULL },
+ { NULL, 131081, NULL },
+ { "extnValue", 7, NULL },
+ { "CertificateList", 1610612741, NULL },
+ { "tbsCertList", 1073741826, "TBSCertList"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 6, NULL },
+ { "TBSCertList", 1610612741, NULL },
+ { "version", 1073758210, "Version"},
+ { "signature", 1073741826, "AlgorithmIdentifier"},
+ { "issuer", 1073741826, "Name"},
+ { "thisUpdate", 1073741826, "Time"},
+ { "nextUpdate", 1073758210, "Time"},
+ { "revokedCertificates", 1610629131, NULL },
+ { NULL, 536870917, NULL },
+ { "userCertificate", 1073741826, "CertificateSerialNumber"},
+ { "revocationDate", 1073741826, "Time"},
+ { "crlEntryExtensions", 16386, "Extensions"},
+ { "crlExtensions", 536895490, "Extensions"},
+ { NULL, 2056, "0"},
+ { "AlgorithmIdentifier", 1610612741, NULL },
+ { "algorithm", 1073741836, NULL },
+ { "parameters", 541081613, NULL },
+ { "algorithm", 1, NULL },
+ { "Dss-Sig-Value", 1610612741, NULL },
+ { "r", 1073741827, NULL },
+ { "s", 3, NULL },
+ { "DomainParameters", 1610612741, NULL },
+ { "p", 1073741827, NULL },
+ { "g", 1073741827, NULL },
+ { "q", 1073741827, NULL },
+ { "j", 1073758211, NULL },
+ { "validationParms", 16386, "ValidationParms"},
+ { "ValidationParms", 1610612741, NULL },
+ { "seed", 1073741830, NULL },
+ { "pgenCounter", 3, NULL },
+ { "Dss-Parms", 1610612741, NULL },
+ { "p", 1073741827, NULL },
+ { "q", 1073741827, NULL },
+ { "g", 3, NULL },
+ { "CountryName", 1610620946, NULL },
+ { NULL, 1073746952, "1"},
+ { "x121-dcc-code", 1612709890, "NumericString"},
+ { NULL, 1048586, "ub-country-name-numeric-length"},
+ { "iso-3166-alpha2-code", 538968066, "PrintableString"},
+ { NULL, 1048586, "ub-country-name-alpha-length"},
+ { "OrganizationName", 1612709890, "PrintableString"},
+ { "ub-organization-name-length", 524298, "1"},
+ { "NumericUserIdentifier", 1612709890, "NumericString"},
+ { "ub-numeric-user-id-length", 524298, "1"},
+ { "OrganizationalUnitNames", 1612709899, NULL },
+ { "ub-organizational-units", 1074266122, "1"},
+ { NULL, 2, "OrganizationalUnitName"},
+ { "OrganizationalUnitName", 1612709890, "PrintableString"},
+ { "ub-organizational-unit-name-length", 524298, "1"},
+ { "CommonName", 1073741826, "PrintableString"},
+ { "pkcs-7-ContentInfo", 1610612741, NULL },
+ { "contentType", 1073741826, "pkcs-7-ContentType"},
+ { "content", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "contentType", 1, NULL },
+ { "pkcs-7-DigestInfo", 1610612741, NULL },
+ { "digestAlgorithm", 1073741826, "pkcs-7-DigestAlgorithmIdentifier"},
+ { "digest", 2, "pkcs-7-Digest"},
+ { "pkcs-7-Digest", 1073741831, NULL },
+ { "pkcs-7-ContentType", 1073741836, NULL },
+ { "pkcs-7-SignedData", 1610612741, NULL },
+ { "version", 1073741826, "pkcs-7-CMSVersion"},
+ { "digestAlgorithms", 1073741826, "pkcs-7-DigestAlgorithmIdentifiers"},
+ { "encapContentInfo", 1073741826, "pkcs-7-EncapsulatedContentInfo"},
+ { "certificates", 1610637314, "pkcs-7-CertificateSet"},
+ { NULL, 4104, "0"},
+ { "crls", 1610637314, "pkcs-7-CertificateRevocationLists"},
+ { NULL, 4104, "1"},
+ { "signerInfos", 2, "pkcs-7-SignerInfos"},
+ { "pkcs-7-CMSVersion", 1610874883, NULL },
+ { "v0", 1073741825, "0"},
+ { "v1", 1073741825, "1"},
+ { "v2", 1073741825, "2"},
+ { "v3", 1073741825, "3"},
+ { "v4", 1, "4"},
+ { "pkcs-7-DigestAlgorithmIdentifiers", 1610612751, NULL },
+ { NULL, 2, "pkcs-7-DigestAlgorithmIdentifier"},
+ { "pkcs-7-DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ { "pkcs-7-EncapsulatedContentInfo", 1610612741, NULL },
+ { "eContentType", 1073741826, "pkcs-7-ContentType"},
+ { "eContent", 536895495, NULL },
+ { NULL, 2056, "0"},
+ { "pkcs-7-CertificateRevocationLists", 1610612751, NULL },
+ { NULL, 13, NULL },
+ { "pkcs-7-CertificateChoices", 1610612754, NULL },
+ { "certificate", 13, NULL },
+ { "pkcs-7-CertificateSet", 1610612751, NULL },
+ { NULL, 2, "pkcs-7-CertificateChoices"},
+ { "pkcs-7-SignerInfos", 1610612751, NULL },
+ { NULL, 13, NULL },
+ { "pkcs-10-CertificationRequestInfo", 1610612741, NULL },
+ { "version", 1610874883, NULL },
+ { "v1", 1, "0"},
+ { "subject", 1073741826, "Name"},
+ { "subjectPKInfo", 1073741826, "SubjectPublicKeyInfo"},
+ { "attributes", 536879106, "Attributes"},
+ { NULL, 4104, "0"},
+ { "Attributes", 1610612751, NULL },
+ { NULL, 2, "Attribute"},
+ { "pkcs-10-CertificationRequest", 1610612741, NULL },
+ { "certificationRequestInfo", 1073741826, "pkcs-10-CertificationRequestInfo"},
+ { "signatureAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "signature", 6, NULL },
+ { "pkcs-9-at-challengePassword", 1879048204, NULL },
+ { "iso", 1073741825, "1"},
+ { "member-body", 1073741825, "2"},
+ { "us", 1073741825, "840"},
+ { "rsadsi", 1073741825, "113549"},
+ { "pkcs", 1073741825, "1"},
+ { NULL, 1073741825, "9"},
+ { NULL, 1, "7"},
+ { "pkcs-9-challengePassword", 1610612754, NULL },
+ { "printableString", 1073741826, "PrintableString"},
+ { "utf8String", 2, "UTF8String"},
+ { "pkcs-9-localKeyId", 1073741831, NULL },
+ { "pkcs-8-PrivateKeyInfo", 1610612741, NULL },
+ { "version", 1073741826, "pkcs-8-Version"},
+ { "privateKeyAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "privateKey", 1073741826, "pkcs-8-PrivateKey"},
+ { "attributes", 536895490, "Attributes"},
+ { NULL, 4104, "0"},
+ { "pkcs-8-Version", 1610874883, NULL },
+ { "v1", 1, "0"},
+ { "pkcs-8-PrivateKey", 1073741831, NULL },
+ { "pkcs-8-Attributes", 1610612751, NULL },
+ { NULL, 2, "Attribute"},
+ { "pkcs-8-EncryptedPrivateKeyInfo", 1610612741, NULL },
+ { "encryptionAlgorithm", 1073741826, "AlgorithmIdentifier"},
+ { "encryptedData", 2, "pkcs-8-EncryptedData"},
+ { "pkcs-8-EncryptedData", 1073741831, NULL },
+ { "pkcs-5-des-EDE3-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "8"},
+ { "pkcs-5-aes128-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "16"},
+ { "pkcs-5-aes192-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "16"},
+ { "pkcs-5-aes256-CBC-params", 1612709895, NULL },
+ { NULL, 1048586, "16"},
+ { "pkcs-5-PBES2-params", 1610612741, NULL },
+ { "keyDerivationFunc", 1073741826, "AlgorithmIdentifier"},
+ { "encryptionScheme", 2, "AlgorithmIdentifier"},
+ { "pkcs-5-PBKDF2-params", 1610612741, NULL },
+ { "salt", 1610612754, NULL },
+ { "specified", 1073741831, NULL },
+ { "otherSource", 2, "AlgorithmIdentifier"},
+ { "iterationCount", 1611137027, NULL },
+ { "1", 10, "MAX"},
+ { "keyLength", 1611153411, NULL },
+ { "1", 10, "MAX"},
+ { "prf", 16386, "AlgorithmIdentifier"},
+ { "pkcs-12-PFX", 1610612741, NULL },
+ { "version", 1610874883, NULL },
+ { "v3", 1, "3"},
+ { "authSafe", 1073741826, "pkcs-7-ContentInfo"},
+ { "macData", 16386, "pkcs-12-MacData"},
+ { "pkcs-12-PbeParams", 1610612741, NULL },
+ { "salt", 1073741831, NULL },
+ { "iterations", 3, NULL },
+ { "pkcs-12-MacData", 1610612741, NULL },
+ { "mac", 1073741826, "pkcs-7-DigestInfo"},
+ { "macSalt", 1073741831, NULL },
+ { "iterations", 536903683, NULL },
+ { NULL, 9, "1"},
+ { "pkcs-12-AuthenticatedSafe", 1610612747, NULL },
+ { NULL, 2, "pkcs-7-ContentInfo"},
+ { "pkcs-12-SafeContents", 1610612747, NULL },
+ { NULL, 2, "pkcs-12-SafeBag"},
+ { "pkcs-12-SafeBag", 1610612741, NULL },
+ { "bagId", 1073741836, NULL },
+ { "bagValue", 1614815245, NULL },
+ { NULL, 1073743880, "0"},
+ { "badId", 1, NULL },
+ { "bagAttributes", 536887311, NULL },
+ { NULL, 2, "pkcs-12-PKCS12Attribute"},
+ { "pkcs-12-KeyBag", 1073741826, "pkcs-8-PrivateKeyInfo"},
+ { "pkcs-12-PKCS8ShroudedKeyBag", 1073741826, "pkcs-8-EncryptedPrivateKeyInfo"},
+ { "pkcs-12-CertBag", 1610612741, NULL },
+ { "certId", 1073741836, NULL },
+ { "certValue", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "certId", 1, NULL },
+ { "pkcs-12-CRLBag", 1610612741, NULL },
+ { "crlId", 1073741836, NULL },
+ { "crlValue", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "crlId", 1, NULL },
+ { "pkcs-12-SecretBag", 1610612741, NULL },
+ { "secretTypeId", 1073741836, NULL },
+ { "secretValue", 541073421, NULL },
+ { NULL, 1073743880, "0"},
+ { "secretTypeId", 1, NULL },
+ { "pkcs-12-PKCS12Attribute", 1073741826, "Attribute"},
+ { "pkcs-7-Data", 1073741831, NULL },
+ { "pkcs-7-EncryptedData", 1610612741, NULL },
+ { "version", 1073741826, "pkcs-7-CMSVersion"},
+ { "encryptedContentInfo", 1073741826, "pkcs-7-EncryptedContentInfo"},
+ { "unprotectedAttrs", 536895490, "pkcs-7-UnprotectedAttributes"},
+ { NULL, 4104, "1"},
+ { "pkcs-7-EncryptedContentInfo", 1610612741, NULL },
+ { "contentType", 1073741826, "pkcs-7-ContentType"},
+ { "contentEncryptionAlgorithm", 1073741826, "pkcs-7-ContentEncryptionAlgorithmIdentifier"},
+ { "encryptedContent", 536895490, "pkcs-7-EncryptedContent"},
+ { NULL, 4104, "0"},
+ { "pkcs-7-ContentEncryptionAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
+ { "pkcs-7-EncryptedContent", 1073741831, NULL },
+ { "pkcs-7-UnprotectedAttributes", 1612709903, NULL },
+ { "MAX", 1074266122, "1"},
+ { NULL, 2, "Attribute"},
+ { "ProxyCertInfo", 1610612741, NULL },
+ { "pCPathLenConstraint", 1611153411, NULL },
+ { "0", 10, "MAX"},
+ { "proxyPolicy", 2, "ProxyPolicy"},
+ { "ProxyPolicy", 536870917, NULL },
+ { "policyLanguage", 1073741836, NULL },
+ { "policy", 16391, NULL },
+ { NULL, 0, NULL }
+};
--- /dev/null
+en@boldquot
+en@quot
+cs
+de
+fr
+it
+ms
+nl
+pl
+sv
+vi
+zh_CN
--- /dev/null
+# Makefile for PO directory in any package using GNU gettext.
+# Copyright (C) 1995-1997, 2000-2007 by Ulrich Drepper <drepper@gnu.ai.mit.edu>
+#
+# This file can be copied and used freely without restrictions. It can
+# be used in projects which are not available under the GNU General Public
+# License but which still want to provide support for the GNU gettext
+# functionality.
+# Please note that the actual code of GNU gettext is covered by the GNU
+# General Public License and is *not* in the public domain.
+#
+# Origin: gettext-0.17
+GETTEXT_MACRO_VERSION = 0.17
+
+PACKAGE = @PACKAGE@
+VERSION = @VERSION@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+
+SHELL = /bin/sh
+@SET_MAKE@
+
+srcdir = @srcdir@
+top_srcdir = @top_srcdir@
+VPATH = @srcdir@
+
+prefix = @prefix@
+exec_prefix = @exec_prefix@
+datarootdir = @datarootdir@
+datadir = @datadir@
+localedir = @localedir@
+gettextsrcdir = $(datadir)/gettext/po
+
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+
+# We use $(mkdir_p).
+# In automake <= 1.9.x, $(mkdir_p) is defined either as "mkdir -p --" or as
+# "$(mkinstalldirs)" or as "$(install_sh) -d". For these automake versions,
+# @install_sh@ does not start with $(SHELL), so we add it.
+# In automake >= 1.10, @mkdir_p@ is derived from ${MKDIR_P}, which is defined
+# either as "/path/to/mkdir -p" or ".../install-sh -c -d". For these automake
+# versions, $(mkinstalldirs) and $(install_sh) are unused.
+mkinstalldirs = $(SHELL) @install_sh@ -d
+install_sh = $(SHELL) @install_sh@
+MKDIR_P = @MKDIR_P@
+mkdir_p = @mkdir_p@
+
+GMSGFMT_ = @GMSGFMT@
+GMSGFMT_no = @GMSGFMT@
+GMSGFMT_yes = @GMSGFMT_015@
+GMSGFMT = $(GMSGFMT_$(USE_MSGCTXT))
+MSGFMT_ = @MSGFMT@
+MSGFMT_no = @MSGFMT@
+MSGFMT_yes = @MSGFMT_015@
+MSGFMT = $(MSGFMT_$(USE_MSGCTXT))
+XGETTEXT_ = @XGETTEXT@
+XGETTEXT_no = @XGETTEXT@
+XGETTEXT_yes = @XGETTEXT_015@
+XGETTEXT = $(XGETTEXT_$(USE_MSGCTXT))
+MSGMERGE = msgmerge
+MSGMERGE_UPDATE = @MSGMERGE@ --update
+MSGINIT = msginit
+MSGCONV = msgconv
+MSGFILTER = msgfilter
+
+POFILES = @POFILES@
+GMOFILES = @GMOFILES@
+UPDATEPOFILES = @UPDATEPOFILES@
+DUMMYPOFILES = @DUMMYPOFILES@
+DISTFILES.common = Makefile.in.in remove-potcdate.sin \
+$(DISTFILES.common.extra1) $(DISTFILES.common.extra2) $(DISTFILES.common.extra3)
+DISTFILES = $(DISTFILES.common) Makevars POTFILES.in \
+$(POFILES) $(GMOFILES) \
+$(DISTFILES.extra1) $(DISTFILES.extra2) $(DISTFILES.extra3)
+
+POTFILES = \
+
+CATALOGS = @CATALOGS@
+
+# Makevars gets inserted here. (Don't remove this line!)
+
+.SUFFIXES:
+.SUFFIXES: .po .gmo .mo .sed .sin .nop .po-create .po-update
+
+.po.mo:
+ @echo "$(MSGFMT) -c -o $@ $<"; \
+ $(MSGFMT) -c -o t-$@ $< && mv t-$@ $@
+
+.po.gmo:
+ @lang=`echo $* | sed -e 's,.*/,,'`; \
+ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
+ echo "$${cdcmd}rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o $${lang}.gmo $${lang}.po"; \
+ cd $(srcdir) && rm -f $${lang}.gmo && $(GMSGFMT) -c --statistics -o t-$${lang}.gmo $${lang}.po && mv t-$${lang}.gmo $${lang}.gmo
+
+.sin.sed:
+ sed -e '/^#/d' $< > t-$@
+ mv t-$@ $@
+
+
+all: check-macro-version all-@USE_NLS@
+
+all-yes: stamp-po
+all-no:
+
+# Ensure that the gettext macros and this Makefile.in.in are in sync.
+check-macro-version:
+ @test "$(GETTEXT_MACRO_VERSION)" = "@GETTEXT_MACRO_VERSION@" \
+ || { echo "*** error: gettext infrastructure mismatch: using a Makefile.in.in from gettext version $(GETTEXT_MACRO_VERSION) but the autoconf macros are from gettext version @GETTEXT_MACRO_VERSION@" 1>&2; \
+ exit 1; \
+ }
+
+# $(srcdir)/$(DOMAIN).pot is only created when needed. When xgettext finds no
+# internationalized messages, no $(srcdir)/$(DOMAIN).pot is created (because
+# we don't want to bother translators with empty POT files). We assume that
+# LINGUAS is empty in this case, i.e. $(POFILES) and $(GMOFILES) are empty.
+# In this case, stamp-po is a nop (i.e. a phony target).
+
+# stamp-po is a timestamp denoting the last time at which the CATALOGS have
+# been loosely updated. Its purpose is that when a developer or translator
+# checks out the package via CVS, and the $(DOMAIN).pot file is not in CVS,
+# "make" will update the $(DOMAIN).pot and the $(CATALOGS), but subsequent
+# invocations of "make" will do nothing. This timestamp would not be necessary
+# if updating the $(CATALOGS) would always touch them; however, the rule for
+# $(POFILES) has been designed to not touch files that don't need to be
+# changed.
+stamp-po: $(srcdir)/$(DOMAIN).pot
+ test ! -f $(srcdir)/$(DOMAIN).pot || \
+ test -z "$(GMOFILES)" || $(MAKE) $(GMOFILES)
+ @test ! -f $(srcdir)/$(DOMAIN).pot || { \
+ echo "touch stamp-po" && \
+ echo timestamp > stamp-poT && \
+ mv stamp-poT stamp-po; \
+ }
+
+# Note: Target 'all' must not depend on target '$(DOMAIN).pot-update',
+# otherwise packages like GCC can not be built if only parts of the source
+# have been downloaded.
+
+# This target rebuilds $(DOMAIN).pot; it is an expensive operation.
+# Note that $(DOMAIN).pot is not touched if it doesn't need to be changed.
+$(DOMAIN).pot-update: $(POTFILES) $(srcdir)/POTFILES.in remove-potcdate.sed
+ if LC_ALL=C grep 'GNU @PACKAGE@' $(top_srcdir)/* 2>/dev/null | grep -v 'libtool:' >/dev/null; then \
+ package_gnu='GNU '; \
+ else \
+ package_gnu=''; \
+ fi; \
+ if test -n '$(MSGID_BUGS_ADDRESS)' || test '$(PACKAGE_BUGREPORT)' = '@'PACKAGE_BUGREPORT'@'; then \
+ msgid_bugs_address='$(MSGID_BUGS_ADDRESS)'; \
+ else \
+ msgid_bugs_address='$(PACKAGE_BUGREPORT)'; \
+ fi; \
+ case `$(XGETTEXT) --version | sed 1q | sed -e 's,^[^0-9]*,,'` in \
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-5] | 0.1[0-5].* | 0.16 | 0.16.[0-1]*) \
+ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
+ --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \
+ --files-from=$(srcdir)/POTFILES.in \
+ --copyright-holder='$(COPYRIGHT_HOLDER)' \
+ --msgid-bugs-address="$$msgid_bugs_address" \
+ ;; \
+ *) \
+ $(XGETTEXT) --default-domain=$(DOMAIN) --directory=$(top_srcdir) \
+ --add-comments=TRANSLATORS: $(XGETTEXT_OPTIONS) @XGETTEXT_EXTRA_OPTIONS@ \
+ --files-from=$(srcdir)/POTFILES.in \
+ --copyright-holder='$(COPYRIGHT_HOLDER)' \
+ --package-name="$${package_gnu}@PACKAGE@" \
+ --package-version='@VERSION@' \
+ --msgid-bugs-address="$$msgid_bugs_address" \
+ ;; \
+ esac
+ test ! -f $(DOMAIN).po || { \
+ if test -f $(srcdir)/$(DOMAIN).pot; then \
+ sed -f remove-potcdate.sed < $(srcdir)/$(DOMAIN).pot > $(DOMAIN).1po && \
+ sed -f remove-potcdate.sed < $(DOMAIN).po > $(DOMAIN).2po && \
+ if cmp $(DOMAIN).1po $(DOMAIN).2po >/dev/null 2>&1; then \
+ rm -f $(DOMAIN).1po $(DOMAIN).2po $(DOMAIN).po; \
+ else \
+ rm -f $(DOMAIN).1po $(DOMAIN).2po $(srcdir)/$(DOMAIN).pot && \
+ mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
+ fi; \
+ else \
+ mv $(DOMAIN).po $(srcdir)/$(DOMAIN).pot; \
+ fi; \
+ }
+
+# This rule has no dependencies: we don't need to update $(DOMAIN).pot at
+# every "make" invocation, only create it when it is missing.
+# Only "make $(DOMAIN).pot-update" or "make dist" will force an update.
+$(srcdir)/$(DOMAIN).pot:
+ $(MAKE) $(DOMAIN).pot-update
+
+# This target rebuilds a PO file if $(DOMAIN).pot has changed.
+# Note that a PO file is not touched if it doesn't need to be changed.
+$(POFILES): $(srcdir)/$(DOMAIN).pot
+ @lang=`echo $@ | sed -e 's,.*/,,' -e 's/\.po$$//'`; \
+ if test -f "$(srcdir)/$${lang}.po"; then \
+ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
+ echo "$${cdcmd}$(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot"; \
+ cd $(srcdir) && $(MSGMERGE_UPDATE) $${lang}.po $(DOMAIN).pot; \
+ else \
+ $(MAKE) $${lang}.po-create; \
+ fi
+
+
+install: install-exec install-data
+install-exec:
+install-data: install-data-@USE_NLS@
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \
+ for file in $(DISTFILES.common) Makevars.template; do \
+ $(INSTALL_DATA) $(srcdir)/$$file \
+ $(DESTDIR)$(gettextsrcdir)/$$file; \
+ done; \
+ for file in Makevars; do \
+ rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \
+ done; \
+ else \
+ : ; \
+ fi
+install-data-no: all
+install-data-yes: all
+ $(mkdir_p) $(DESTDIR)$(datadir)
+ @catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
+ dir=$(localedir)/$$lang/LC_MESSAGES; \
+ $(mkdir_p) $(DESTDIR)$$dir; \
+ if test -r $$cat; then realcat=$$cat; else realcat=$(srcdir)/$$cat; fi; \
+ $(INSTALL_DATA) $$realcat $(DESTDIR)$$dir/$(DOMAIN).mo; \
+ echo "installing $$realcat as $(DESTDIR)$$dir/$(DOMAIN).mo"; \
+ for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \
+ if test -n "$$lc"; then \
+ if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \
+ link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \
+ mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \
+ for file in *; do \
+ if test -f $$file; then \
+ ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \
+ fi; \
+ done); \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ else \
+ if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \
+ :; \
+ else \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ fi; \
+ fi; \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
+ ln -s ../LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \
+ ln $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo 2>/dev/null || \
+ cp -p $(DESTDIR)$(localedir)/$$lang/LC_MESSAGES/$(DOMAIN).mo $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
+ echo "installing $$realcat link as $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo"; \
+ fi; \
+ done; \
+ done
+
+install-strip: install
+
+installdirs: installdirs-exec installdirs-data
+installdirs-exec:
+installdirs-data: installdirs-data-@USE_NLS@
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ $(mkdir_p) $(DESTDIR)$(gettextsrcdir); \
+ else \
+ : ; \
+ fi
+installdirs-data-no:
+installdirs-data-yes:
+ $(mkdir_p) $(DESTDIR)$(datadir)
+ @catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
+ dir=$(localedir)/$$lang/LC_MESSAGES; \
+ $(mkdir_p) $(DESTDIR)$$dir; \
+ for lc in '' $(EXTRA_LOCALE_CATEGORIES); do \
+ if test -n "$$lc"; then \
+ if (cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc 2>/dev/null) | grep ' -> ' >/dev/null; then \
+ link=`cd $(DESTDIR)$(localedir)/$$lang && LC_ALL=C ls -l -d $$lc | sed -e 's/^.* -> //'`; \
+ mv $(DESTDIR)$(localedir)/$$lang/$$lc $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ (cd $(DESTDIR)$(localedir)/$$lang/$$lc.old && \
+ for file in *; do \
+ if test -f $$file; then \
+ ln -s ../$$link/$$file $(DESTDIR)$(localedir)/$$lang/$$lc/$$file; \
+ fi; \
+ done); \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc.old; \
+ else \
+ if test -d $(DESTDIR)$(localedir)/$$lang/$$lc; then \
+ :; \
+ else \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ mkdir $(DESTDIR)$(localedir)/$$lang/$$lc; \
+ fi; \
+ fi; \
+ fi; \
+ done; \
+ done
+
+# Define this as empty until I found a useful application.
+installcheck:
+
+uninstall: uninstall-exec uninstall-data
+uninstall-exec:
+uninstall-data: uninstall-data-@USE_NLS@
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ for file in $(DISTFILES.common) Makevars.template; do \
+ rm -f $(DESTDIR)$(gettextsrcdir)/$$file; \
+ done; \
+ else \
+ : ; \
+ fi
+uninstall-data-no:
+uninstall-data-yes:
+ catalogs='$(CATALOGS)'; \
+ for cat in $$catalogs; do \
+ cat=`basename $$cat`; \
+ lang=`echo $$cat | sed -e 's/\.gmo$$//'`; \
+ for lc in LC_MESSAGES $(EXTRA_LOCALE_CATEGORIES); do \
+ rm -f $(DESTDIR)$(localedir)/$$lang/$$lc/$(DOMAIN).mo; \
+ done; \
+ done
+
+check: all
+
+info dvi ps pdf html tags TAGS ctags CTAGS ID:
+
+mostlyclean:
+ rm -f remove-potcdate.sed
+ rm -f stamp-poT
+ rm -f core core.* $(DOMAIN).po $(DOMAIN).1po $(DOMAIN).2po *.new.po
+ rm -fr *.o
+
+clean: mostlyclean
+
+distclean: clean
+ rm -f Makefile Makefile.in POTFILES *.mo
+
+maintainer-clean: distclean
+ @echo "This command is intended for maintainers to use;"
+ @echo "it deletes files that may require special tools to rebuild."
+ rm -f stamp-po $(GMOFILES)
+
+distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
+dist distdir:
+ $(MAKE) update-po
+ @$(MAKE) dist2
+# This is a separate target because 'update-po' must be executed before.
+dist2: stamp-po $(DISTFILES)
+ dists="$(DISTFILES)"; \
+ if test "$(PACKAGE)" = "gettext-tools"; then \
+ dists="$$dists Makevars.template"; \
+ fi; \
+ if test -f $(srcdir)/$(DOMAIN).pot; then \
+ dists="$$dists $(DOMAIN).pot stamp-po"; \
+ fi; \
+ if test -f $(srcdir)/ChangeLog; then \
+ dists="$$dists ChangeLog"; \
+ fi; \
+ for i in 0 1 2 3 4 5 6 7 8 9; do \
+ if test -f $(srcdir)/ChangeLog.$$i; then \
+ dists="$$dists ChangeLog.$$i"; \
+ fi; \
+ done; \
+ if test -f $(srcdir)/LINGUAS; then dists="$$dists LINGUAS"; fi; \
+ for file in $$dists; do \
+ if test -f $$file; then \
+ cp -p $$file $(distdir) || exit 1; \
+ else \
+ cp -p $(srcdir)/$$file $(distdir) || exit 1; \
+ fi; \
+ done
+
+update-po: Makefile
+ $(MAKE) $(DOMAIN).pot-update
+ test -z "$(UPDATEPOFILES)" || $(MAKE) $(UPDATEPOFILES)
+ $(MAKE) update-gmo
+
+# General rule for creating PO files.
+
+.nop.po-create:
+ @lang=`echo $@ | sed -e 's/\.po-create$$//'`; \
+ echo "File $$lang.po does not exist. If you are a translator, you can create it through 'msginit'." 1>&2; \
+ exit 1
+
+# General rule for updating PO files.
+
+.nop.po-update:
+ @lang=`echo $@ | sed -e 's/\.po-update$$//'`; \
+ if test "$(PACKAGE)" = "gettext-tools"; then PATH=`pwd`/../src:$$PATH; fi; \
+ tmpdir=`pwd`; \
+ echo "$$lang:"; \
+ test "$(srcdir)" = . && cdcmd="" || cdcmd="cd $(srcdir) && "; \
+ echo "$${cdcmd}$(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$lang.new.po"; \
+ cd $(srcdir); \
+ if $(MSGMERGE) $$lang.po $(DOMAIN).pot -o $$tmpdir/$$lang.new.po; then \
+ if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
+ rm -f $$tmpdir/$$lang.new.po; \
+ else \
+ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
+ :; \
+ else \
+ echo "msgmerge for $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
+ exit 1; \
+ fi; \
+ fi; \
+ else \
+ echo "msgmerge for $$lang.po failed!" 1>&2; \
+ rm -f $$tmpdir/$$lang.new.po; \
+ fi
+
+$(DUMMYPOFILES):
+
+update-gmo: Makefile $(GMOFILES)
+ @:
+
+Makefile: Makefile.in.in Makevars $(top_builddir)/config.status @POMAKEFILEDEPS@
+ cd $(top_builddir) \
+ && $(SHELL) ./config.status $(subdir)/$@.in po-directories
+
+force:
+
+# Tell versions [3.59,3.63) of GNU make not to export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+# Makefile variables for PO directory in any package using GNU gettext.
+
+# Usually the message domain is the same as the package name.
+DOMAIN = $(PACKAGE)26
+
+# These two variables depend on the location of this directory.
+subdir = po
+top_builddir = ..
+
+# These options get passed to xgettext.
+XGETTEXT_OPTIONS = --keyword=_ --keyword=N_
+
+# This is the copyright holder that gets inserted into the header of the
+# $(DOMAIN).pot file. Set this to the copyright holder of the surrounding
+# package. (Note that the msgstr strings, extracted from the package's
+# sources, belong to the copyright holder of the package.) Translators are
+# expected to transfer the copyright for their translations to this person
+# or entity, or to disclaim their copyright. The empty string stands for
+# the public domain; in this case the translators are expected to disclaim
+# their copyright.
+COPYRIGHT_HOLDER = Free Software Foundation, Inc.
+
+# This is the email address or URL to which the translators shall report
+# bugs in the untranslated strings:
+# - Strings which are not entire sentences, see the maintainer guidelines
+# in the GNU gettext documentation, section 'Preparing Strings'.
+# - Strings which use unclear terms or require additional context to be
+# understood.
+# - Strings which make invalid assumptions about notation of date, time or
+# money.
+# - Pluralisation problems.
+# - Incorrect English spelling.
+# - Incorrect formatting.
+# It can be your email address, or a mailing list address where translators
+# can write to without being subscribed, or the URL of a web page through
+# which the translators can contact you.
+MSGID_BUGS_ADDRESS = bug-gnutls@gnu.org
+
+# This is the list of locale categories, beyond LC_MESSAGES, for which the
+# message catalogs shall be used. It is usually empty.
+EXTRA_LOCALE_CATEGORIES =
--- /dev/null
+# List of source files which contain translatable strings.
+gnutls_errors.c
+gnutls_alert.c
+x509/output.c
+openpgp/output.c
--- /dev/null
+# Special Makefile rules for English message catalogs with quotation marks.
+
+DISTFILES.common.extra1 = quot.sed boldquot.sed en@quot.header en@boldquot.header insert-header.sin Rules-quot
+
+.SUFFIXES: .insert-header .po-update-en
+
+en@quot.po-create:
+ $(MAKE) en@quot.po-update
+en@boldquot.po-create:
+ $(MAKE) en@boldquot.po-update
+
+en@quot.po-update: en@quot.po-update-en
+en@boldquot.po-update: en@boldquot.po-update-en
+
+.insert-header.po-update-en:
+ @lang=`echo $@ | sed -e 's/\.po-update-en$$//'`; \
+ if test "$(PACKAGE)" = "gettext"; then PATH=`pwd`/../src:$$PATH; GETTEXTLIBDIR=`cd $(top_srcdir)/src && pwd`; export GETTEXTLIBDIR; fi; \
+ tmpdir=`pwd`; \
+ echo "$$lang:"; \
+ ll=`echo $$lang | sed -e 's/@.*//'`; \
+ LC_ALL=C; export LC_ALL; \
+ cd $(srcdir); \
+ if $(MSGINIT) -i $(DOMAIN).pot --no-translator -l $$ll -o - 2>/dev/null | sed -f $$tmpdir/$$lang.insert-header | $(MSGCONV) -t UTF-8 | $(MSGFILTER) sed -f `echo $$lang | sed -e 's/.*@//'`.sed 2>/dev/null > $$tmpdir/$$lang.new.po; then \
+ if cmp $$lang.po $$tmpdir/$$lang.new.po >/dev/null 2>&1; then \
+ rm -f $$tmpdir/$$lang.new.po; \
+ else \
+ if mv -f $$tmpdir/$$lang.new.po $$lang.po; then \
+ :; \
+ else \
+ echo "creation of $$lang.po failed: cannot move $$tmpdir/$$lang.new.po to $$lang.po" 1>&2; \
+ exit 1; \
+ fi; \
+ fi; \
+ else \
+ echo "creation of $$lang.po failed!" 1>&2; \
+ rm -f $$tmpdir/$$lang.new.po; \
+ fi
+
+en@quot.insert-header: insert-header.sin
+ sed -e '/^#/d' -e 's/HEADER/en@quot.header/g' $(srcdir)/insert-header.sin > en@quot.insert-header
+
+en@boldquot.insert-header: insert-header.sin
+ sed -e '/^#/d' -e 's/HEADER/en@boldquot.header/g' $(srcdir)/insert-header.sin > en@boldquot.insert-header
+
+mostlyclean: mostlyclean-quot
+mostlyclean-quot:
+ rm -f *.insert-header
--- /dev/null
+s/"\([^"]*\)"/“\1”/g
+s/`\([^`']*\)'/‘\1’/g
+s/ '\([^`']*\)' / ‘\1’ /g
+s/ '\([^`']*\)'$/ ‘\1’/g
+s/^'\([^`']*\)' /‘\1’ /g
+s/“”/""/g
+s/“/“\e[1m/g
+s/”/\e[0m”/g
+s/‘/‘\e[1m/g
+s/’/\e[0m’/g
--- /dev/null
+# Czech translation of libgnutls.
+# Copyright (C) 2009 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Petr Pisar <petr.pisar@atlas.cz>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.8.5\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2009-12-27 17:23+0100\n"
+"Last-Translator: Petr Pisar <petr.pisar@atlas.cz>\n"
+"Language-Team: Czech <translation-team-cs@lists.sourceforge.net>\n"
+"Language: cs\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Úspěch."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Nezdařilo se vyjednat seznam podporovaných šifer."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Tento druh šifry není podporován."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Certifikát a daný klíč se k sobě nehodí."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Nezdařilo se vyjednat podporovanou kompresní metodu."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "Narazil jsem na neznámý algoritmus veřejného klíče."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Byl vyjednán algoritmus, který není povolen."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Byl přijat packet s velkou TLS strukturou."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "Byl přijat packet s neplatnou verzí struktury."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Diffieho-Hellmanovo prvočíslo poslané serverem není přijatelné (není dost "
+"dlouhé)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Byl přijat TLS packet s neočekávanou délkou."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "Zadaná relace byla z nějakého důvodu zneplatněna."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "Vnitřní chyba GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "Přijato neplatné rozšíření TLS."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Bylo přijato nepřekonatelné upozornění TLS."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Byl přijat neočekávaný TLS packet."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "Bylo přijato varovné upozornění TLS."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Při výpočtu packetu TLS Finished došlo k chybě."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "Druhá strana neposlala žádný certifikát."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Kryptografický algoritmus s nižší prioritou je již přítomen."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Nebyly nalezeny žádné dočasné parametry RSA."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Nebyly nalezeny žádné dočasné parametry DH."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Byl přijat neočekávaný packet zahajující TLS."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Prohlížení velkého celého čísla selhalo."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Velké celé číslo nebylo možné exportovat."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Dešifrování selhalo."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Šifrování selhalo."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Dešifrovaní veřejného klíče selhalo."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Šifrování veřejného klíče selhalo."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Podepisování veřejného klíče selhalo."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Podpis veřejného klíče se nepodařilo ověřit."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Dekomprese packetu s TLS strukturou selhala."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Komprese packetu s TLS strukturou selhala."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Vnitřní chyba při alokaci paměti."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "Byla požadována neimplementovaná nebo zakázaná vlastnost."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Na takový požadavek chybí prokázání totožnosti."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Chyba v souboru s hesly."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Chybná výplň v PKCS1 packetu."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "Požadovaná relace vypršela."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Hašování selhalo."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Chyba při dekódování Base64."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Neočekávaná Base64 hlavička (chyba)."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Chyba kódování do Base64."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Chyba při rozebírání souboru s hesly."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "Požadovaná data nebyla dostupná."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Chyba v pull funkci."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Chyba v push funkci."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr ""
+"Bylo dosaženo horní meze pořadového čísla packetu se strukturou. Zírám!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Chyba v certifikátu."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Neznámé alternativní jméno subjektu v X.509 certifikátu."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Nepodporované kritické rozšíření v X.509 certifikátu."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Bylo zaznamenáno použití klíče v rozporu s pravidly."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Zdroj je dočasně nedostupný, zkusí se znovu."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Funkce byla přerušena."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Druhá strana požádala o znovuzahájení relace."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "Byla přijata aplikační data TLS, zatímco měla přijít data zahájení."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Chyba databázovém jádře."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Tento druh certifikátu není podporován."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Zadaný paměťový buffer je pro uložení parametrů příliš malý."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "Požadavek je neplatný."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "Byl přijat neplatný parametr."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Chyba při čtení souboru."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "ASN1 parser: Prvek nebyl nalezen."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "ASN1 parser: Identifikátor nebyl nalezen."
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "ASN1 parser: Chyba při rozebírání DER."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "ASN1 parser: Hodnota nebyla nalezena."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "ASN1 parser: Obecná chyba při rozebírání."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "ASN1 parser: Hodnota není platná."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "ASN1 parser: Chyba ve ZNAČCE."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "ASN1 parser: chyba v implicitní značce"
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "ASN1 parser: Chyba v typu „ANY“."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "ASN1 parser: Chyba syntaxe."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "ASN1 parser: Přetečení při rozebírání DER."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Bylo přijato příliš mnoho packetů s prázdnou strukturou."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Inicializace GnuTLS-extra selhala."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr "Verze knihovny GnuTLS se neshoduje s verzí knihovny GnuTLS-extra."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "Verze knihovny gcrypt je příliš stará."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "Verze knihovny tasn1 je příliš stará."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "ID OpenPGP uživatele bylo odvoláno."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Chyba při načítání souboru s klíči. "
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Inicializace LZO selhala."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Inicializace LZO selhala."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Žádné podporované kompresní algoritmy nebyly nalezeny."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Žádné podporované režimy šifer nebyly nalezeny."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Nebylo možné získat OpenPGP klíč."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Nebylo možné najít OpenPGP podklíč."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Znovuvyjednání není dovoleno"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Znovuvyjednání není dovoleno"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Zadané SRP uživatelské jméno je neplatné."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Zadané SRP uživatelské jméno je neplatné."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "OpenPGP otisk není podporován."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Tento druh certifikátu není podporován."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Certifikát má nepodporované atributy."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "Tento OID není podporován."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Hašovací algoritmus není znám."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Typ obsahu struktury PKCS není znám."
+
+# „Bag“ překládá jako „kufřík“ Klíma
+# <http://crypto-world.info/klima/2001/chip-2001-04-176-178.pdf>. Jedná se
+# o prvek struktury PFX.
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Typ kufříku ve struktuře PKCS není znám."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Zadané heslo obsahuje neplatné znaky."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "MAC (autentizační kód zprávy) se nepodařilo ověřit."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Některé hranice omezení byly dosaženy."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Nezdařilo se získat náhodná data."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Přijata TLS/IA zpráva Intermediate Phase Finished"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Přijata TLS/IA zpráva Final Phase Finished"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Kontrolní součet fáze TLS/IA se nepodařilo ověřit"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Zadaný algoritmus nebo protokol není znám."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"Zahajovací data jsou příliš velká (DoS?), zkontrolujte "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "Požadovaná data nebyla dostupná."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Chyba v souboru s hesly."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(neznámý chybový kód)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Oznámení o uzavření"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Neočekávaná zpráva"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Chybný MAC zprávy"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Dešifrování selhalo"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Přetečení struktury"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Dekomprese selhala"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Zahájení (handshake) selhalo"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Certifikát je špatný"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Certifikát není podporován"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Certifikát byl odvolán"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Certifikát vypršel"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Neznámý certifikát"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Neplatný parametr"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "Autorita není známa"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Přístup byl zamítnut"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Chyba dekódování"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Chyba dešifrování"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Omezení na export"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Chyba ve verzi protokolu"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Nedostatečné zabezpečení"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Uživatel zrušen"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Vnitřní chyba"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Znovuvyjednání není dovoleno"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Zadaný certifikát nebylo možné získat"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "Bylo odesláno nepodporované rozšíření"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "Odeslané jméno serveru nebylo rozpoznáno"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "SRP/PSK jméno uživatele chybí nebo není známo"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Vyjednávání vnitřní aplikace (IA) selhalo"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Ověření vnitřní aplikace (IA) selhalo"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tOmezení délky cesty: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tJazyk politiky: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolitika:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tHexavýpis: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tDigitální podpis.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tNepopiratelnost.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tŠifrování klíčů.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tŠifrování dat.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tDohodnutí klíče.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tPodepisování certifikátu.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tPodepisování CRL.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tPouze šifrování klíčů.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tPouze dešifrování klíčů.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr "pozor: distribuční místo CRL obsahuje znak NULL, bude nahrazen „!“\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tTLS WWW server.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tTLS WWW klient.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tPodepisování kódu.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tOchrana e-mailu.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tČasové razítkování.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tPodepisování OCSP.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tJakýkoliv účel.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tCertifikační autorita (CA): NE\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tCertifikační autorita (CA): ANO\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tOmezení délky cesty: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+#, fuzzy
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "pozor: SAN obsahuje znak NULL, bude nahrazen „!“\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tXMPP adresa: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\tOID dalšíhoJména: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\tdalšíJméno v DER: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\tdalšíJméno v ASCII: "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tRozšíření:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tZákladní omezení (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "kritické"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "není kritické"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tIdentifikátor klíče subjektu (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tIdentifikátor klíče autority (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tUžití klíče (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tÚčel klíče (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tAlternativní jméno subjektu (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tAlternativní jméno subjektu (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tMísta distribuce CRL (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tInformace o zástupném certifikátu (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tNeznámé rozšíření %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tHexavýpis: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVerze: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tSériové číslo (hex): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tVydavatel: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tPlatnost:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tNe před: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tNe po: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tSubjekt: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "není známo"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tAlgoritmus veřejného klíče subjektu: %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "%s\t\t\tCertifikační autorita (CA): ANO\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModul (%d bitů:)\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tMocnitel (%d bitů):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tVeřejný klíč (%d bitů):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tAlgoritmus podpisu: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"varování: podepsáno vadným podpisovým algoritmem, kterým lze falšovat.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tPodpis:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tMD5 otisk:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tSHA-1 otisk:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tID veřejného klíče:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "podepsáno pomocí %s (rozbito!), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "podepsáno pomocí %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Informace X.509 certifikátu:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Další Informace:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVerze: 1 (implicitní)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tData aktualizací:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tVydáno: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tDalší v: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tRozšíření:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tČíslo CRL (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tIdentifikátor klíče autority (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tNeznámé rozšíření %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tHexavýpis: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tOdvolané certifikáty (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tŽádné odvolané certifikáty.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tSériové číslo (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tOdvoláno v: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Informace o seznamu odvolaných X.509 certifikátů (CRL):\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tMocnitel:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tAtributy:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tHeslo výzvy: %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tNeznámý atribut %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Informace PKCS #10 žádosti o certifikát:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tUžití klíče:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "chyba: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tDigitální podpisy.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tŠifrování komunikace.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tŠifrování uložených dat.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tAutentizace.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tPodepisování certifikátu.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tOtisk (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tOdvolán: Ano\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tOdvolán: Ne\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tČasová razítka:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tVytvoření: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tVypršení: Nikdy\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tVypršení: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tAlgoritmus veřejného klíče: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tJméno[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tOdvolané jméno[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tPodklíč[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "jméno[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "odvolané jméno[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "otisk: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "vytvořen: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "platnost nikdy nevyprší, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "platnost vyprší: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "algoritmus klíče %s (%d bitů)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "neznámý algoritmus klíče (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Informace o OpenPGP certifikátu:\n"
--- /dev/null
+# German gnutls translation.
+# Copyright (C) 2006 Free Software Foundation, Inc.
+# This file is distributed under the same license as the gnutls package.
+# Jens Seidel <jensseidel@users.sf.net>, 2006.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnutls 1.4.0\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2006-12-12 09:37+0100\n"
+"Last-Translator: Michael Piefel <piefel@informatik.hu-berlin.de>\n"
+"Language-Team: German <translation-team-de@lists.sourceforge.net>\n"
+"Language: de\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Erfolg."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Konnte keine unterstützte Code-Suite aushandeln."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Der Code-Typ wird nicht unterstützt."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Das Zertifikat und der gegebene Schlüssel passen nicht zueinander."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Konnte keine unterstützte Kompressionsmethode aushandeln."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "Ein unbekannter öffentlicher-Schlüssel-Algorithmus trat auf."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Ein nicht aktivierter Algorithmus wurde ausgehandelt."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Ein großes TLS-Datensatzpaket wurde empfangen."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "Ein Datensatzpaket mit illegaler Version wurde empfangen."
+
+#: gnutls_errors.c:73
+#, fuzzy
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Die Diffie-Hellman-Primzahl, die vom Server gesendet wurde, ist nicht "
+"akzeptabel (nicht lang genug)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Ein TLS-Paket mit unerwarteter Länge wurde empfangen."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "Die angegebene Sitzung wurde aus irgendwelchen Gründen ungültig."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "Interner GnuTLS-Fehler."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "Eine illegale TLS-Erweiterung wurde empfangen."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Ein fataler TLS-Alarm wurde empfangen."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Ein unerwartetes TLS-Paket wurde empfangen."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "Eine TLS-Warnmeldung wurde empfangen."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Ein Fehler trat bei der fertiggestellten TLS-Paketberechnung auf."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "Die Gegenstelle sendete kein Zertifikat."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr ""
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Es wurden keine temporären RSA-Parameter gefunden."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Es wurden keine temporären DH-Parameter gefunden."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Ein unerwartetes TLS-Handshake-Paket wurde empfangen."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Das Lesen einer großen Ganzzahl schlug fehl."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Konnte keine große Ganzzahl exportieren."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Die Entschlüsselung schlug fehl."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Die Verschlüsselung schlug fehl."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Die Entschlüsselung mittels öffentlichem Schlüssel schlug fehl."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Die Verschlüsselung mittels öffentlichem Schlüssel schlug fehl."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Das Signieren mittels öffentlichem Schlüssel schlug fehl."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr ""
+"Die Verifizierung der Signatur mittels öffentlichem Schlüssel schlug fehl."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Die Dekomprimierung des TLS-Datensatzpakets schlug fehl."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Die Komprimierung des TLS-Datensatzpakets schlug fehl."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Interner Fehler bei Speicheranfoderung."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr ""
+"Eine nicht implementierte oder deaktivierte Eigenschaft wurde abgefragt."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Unzureichende Berechtigungsnachweise für diese Anfrage."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Fehler in Passwortdatei."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Falsche Auffüllung in PKCS1-Paket."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "Die abgefragte Sitzung ist ausgelaufen."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Hashing schlug fehl."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Base64-Entschlüsselungsfehler."
+
+#: gnutls_errors.c:139
+#, fuzzy
+msgid "Base64 unexpected header error."
+msgstr "Base64-Entschlüsselungsfehler."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Base64-Verschlüsselungsfehler."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Lesefehler in Passwortdatei."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "Die abgefragten Daten waren nicht verfügbar."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Fehler in der Pull-Funktion."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Fehler in der Push-Funktion."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr "Das obere Limit der Datensatzpaketsequenznummern wurde erreicht. Huch!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Fehler im Zertifikat."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Unbekannter Betreffalternativenname im X.509-Zertifikat."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Nicht unterstützte kritische Erweiterung im X.509-Zertifikat."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Schlüsselverwendungsverletzung im Zertifikat wurde entdeckt."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr ""
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Funktion wurde unterbrochen."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Neuer Handshake wurde von der Gegenstelle gefordert."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr ""
+"TLS-Anwendungsdaten wurden empfangen, während Handshake-Daten erwartet "
+"wurden."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Fehler im Datenbank-Backend."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Der Zertifikattyp wird nicht unterstützt."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Der verfügbare Speicherpuffer ist zu kurz, um Parameter aufzunehmen."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "Die Anfrage ist ungültig."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "Ein illegaler Parameter wurde empfangen."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Fehler beim Dateilesen."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "ASN1-Parser: Element wurde nicht gefunden."
+
+# FIXME: full stop is missing
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "ASN1-Parser: Identifikator wurde nicht gefunden."
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "ASN1-Parser: Fehler im DER-Parsen."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "ASN1-Parser: Wert wurde nicht gefunden."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "ASN1-Parser: Allgemeiner Verarbeitungsfehler."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "ASN1-Parser: Wert ist nicht gültig."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "ASN1-Parser: Fehler in TAG."
+
+# FIXME: capitalisation, full stop
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "ASN1-Parser: Fehler in implizitem Tag."
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "ASN1-Parser: Fehler im Typ 'ANY'."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "ASN1-Parser: Syntaxfehler."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "ASN1-Parser: Überlauf beim DER-Parsen."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Zu viele leere Datensatzpakete wurden empfangen."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Die Initialisierung von GnuTLS-extra schlug fehl."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"Die Version der GnuTLS-Bibliothek stimmt nicht mit der Version der GnuTLS-"
+"extra-Bibliothek überein."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "Die Version der Bibliothek gcrypt ist zu alt."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "Die Version der Bibliothek tasn1 ist zu alt."
+
+#: gnutls_errors.c:214
+#, fuzzy
+msgid "The OpenPGP User ID is revoked."
+msgstr "Der OpenPGP-Fingerabdruck wird nicht unterstützt."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Fehler beim Laden des Schlüsselrings."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Die Initialisierung von LZO schlug fehl."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Die Initialisierung von LZO schlug fehl."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Keine unterstützten Kompressionsalgorithmen wurden gefunden."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Keine unterstützten Code-Suites wurden gefunden."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Konnte OpenPGP-Schlüssel nicht bekommen."
+
+#: gnutls_errors.c:230
+#, fuzzy
+msgid "Could not find OpenPGP subkey."
+msgstr "Konnte OpenPGP-Schlüssel nicht bekommen."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Die Entschlüsselung schlug fehl."
+
+#: gnutls_errors.c:234
+msgid "Unsafe renegotiation denied."
+msgstr ""
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Der angegebene SRP-Benutzername ist illegal."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Der angegebene SRP-Benutzername ist illegal."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "Der OpenPGP-Fingerabdruck wird nicht unterstützt."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Der Zertifikattyp wird nicht unterstützt."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Das Zertifikat hat nichtunterstützte Attribute."
+
+# CHECKME
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "OID wird nicht unterstützt."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Der Hash-Algorithmus ist unbekannt."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Der Inhaltstyp der PKCS-Struktur ist unbekannt."
+
+# CHECKME
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Der Verpackungstyp der PKCS-Struktur ist unbekannt."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Das angegebene Passwort enthält ungültige Zeichen."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "Die Überprüfung des Authentifizierungscodes der Nachricht schlug fehl."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Einige beschränkende Limits wurden erreicht."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Konnte keine zufälligen Daten erhalten."
+
+# FIXME: missing fullstops in next three msgid's
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Empfing eine »TLS/IA Intermediate Phase Finished«-Mitteilung"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Empfing eine »TLS/IA Final Phase Finished«-Mitteilung"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Verifizierung der TLS/IA-Phasenprüfsumme schlug fehl"
+
+#: gnutls_errors.c:272
+#, fuzzy
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Der Hash-Algorithmus ist unbekannt."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "Die abgefragten Daten waren nicht verfügbar."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Fehler in Passwortdatei."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr ""
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr ""
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr ""
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr ""
+
+#: gnutls_alert.c:46
+#, fuzzy
+msgid "Decryption failed"
+msgstr "Die Entschlüsselung schlug fehl."
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr ""
+
+#: gnutls_alert.c:48
+#, fuzzy
+msgid "Decompression failed"
+msgstr "Die Entschlüsselung schlug fehl."
+
+#: gnutls_alert.c:49
+#, fuzzy
+msgid "Handshake failed"
+msgstr "Hashing schlug fehl."
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr ""
+
+#: gnutls_alert.c:51
+#, fuzzy
+msgid "Certificate is not supported"
+msgstr "Der Zertifikattyp wird nicht unterstützt."
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr ""
+
+#: gnutls_alert.c:53
+#, fuzzy
+msgid "Certificate is expired"
+msgstr "Der Zertifikattyp wird nicht unterstützt."
+
+#: gnutls_alert.c:54
+#, fuzzy
+msgid "Unknown certificate"
+msgstr "Fehler im Zertifikat."
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr ""
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr ""
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr ""
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr ""
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr ""
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr ""
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr ""
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr ""
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr ""
+
+#: gnutls_alert.c:64
+#, fuzzy
+msgid "Internal error"
+msgstr "Interner GnuTLS-Fehler."
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr ""
+
+#: gnutls_alert.c:67
+#, fuzzy
+msgid "Could not retrieve the specified certificate"
+msgstr "Konnte keine unterstützte Code-Suite aushandeln."
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr ""
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr ""
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr ""
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr ""
+
+#: gnutls_alert.c:76
+#, fuzzy
+msgid "Inner application verification failed"
+msgstr "Die Überprüfung des Authentifizierungscodes der Nachricht schlug fehl."
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr ""
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr ""
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr ""
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr ""
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr ""
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr ""
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr ""
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr ""
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr ""
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr ""
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr ""
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr ""
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr ""
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr ""
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr ""
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr ""
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr ""
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr ""
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr ""
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr ""
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr ""
+
+#: x509/output.c:588 x509/output.c:678
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr ""
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr ""
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr ""
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr ""
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr ""
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr ""
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr ""
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr ""
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr ""
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr ""
+
+#: x509/output.c:922
+#, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr ""
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr ""
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr ""
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr ""
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr ""
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr ""
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr ""
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr ""
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr ""
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr ""
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr ""
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr ""
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr ""
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr ""
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr ""
+
+#: x509/output.c:1163
+#, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr ""
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr ""
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr ""
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr ""
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr ""
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr ""
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr ""
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr ""
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr ""
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr ""
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr ""
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr ""
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr ""
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr ""
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr ""
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr ""
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr ""
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr ""
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr ""
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr ""
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr ""
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr ""
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr ""
+
+#: x509/output.c:1783
+#, fuzzy
+msgid "\tNo revoked certificates.\n"
+msgstr "Fehler im Zertifikat."
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr ""
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr ""
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr ""
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr ""
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr ""
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr ""
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr ""
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr ""
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr ""
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr ""
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr ""
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr ""
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr ""
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr ""
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr ""
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr ""
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr ""
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr ""
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr ""
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr ""
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr ""
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr ""
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr ""
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr ""
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr ""
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr ""
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr ""
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr ""
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr ""
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr ""
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr ""
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr ""
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr ""
+
+#: openpgp/output.c:496
+#, fuzzy, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "Ein unbekannter öffentlicher-Schlüssel-Algorithmus trat auf."
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr ""
+
+#~ msgid ""
+#~ "The specified GnuPG TrustDB version is not supported. TrustDB v4 is "
+#~ "supported."
+#~ msgstr ""
+#~ "Die angegebene Version von GnuPG-TrustDB wird nicht unterstützt. TrustDB "
+#~ "Version 4 wird unterstützt."
--- /dev/null
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
+# This catalog furthermore displays the text between the quotation marks in
+# bold face, assuming the VT100/XTerm escape sequences.
+#
--- /dev/null
+# English translations for libgnutls package.
+# Copyright (C) 2011 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Automatically generated, 2011.
+#
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
+# This catalog furthermore displays the text between the quotation marks in
+# bold face, assuming the VT100/XTerm escape sequences.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.11.7\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2011-03-21 16:38+0100\n"
+"Last-Translator: Automatically generated\n"
+"Language-Team: none\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Success."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Could not negotiate a supported cipher suite."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "The cipher type is unsupported."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "The certificate and the given key do not match."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Could not negotiate a supported compression method."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "An unknown public key algorithm was encountered."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "An algorithm that is not enabled was negotiated."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "A large TLS record packet was received."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "A record packet with illegal version was received."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "A TLS packet with unexpected length was received."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "The specified session has been invalidated for some reason."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "GnuTLS internal error."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "An illegal TLS extension was received."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "A TLS fatal alert has been received."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "An unexpected TLS packet was received."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "A TLS warning alert has been received."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "An error was encountered at the TLS Finished packet calculation."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "The peer did not send any certificate."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr "The given DSA key is incompatible with the selected TLS protocol."
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "There is already a crypto algorithm with lower priority."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "No temporary RSA parameters were found."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "No temporary DH parameters were found."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "An unexpected TLS handshake packet was received."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "The scanning of a large integer has failed."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Could not export a large integer."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Decryption has failed."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Encryption has failed."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Public key decryption has failed."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Public key encryption has failed."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Public key signing has failed."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Public key signature verification has failed."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Decompression of the TLS record packet has failed."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Compression of the TLS record packet has failed."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Internal error in memory allocation."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "An unimplemented or disabled feature has been requested."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Insufficient credentials for that request."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Error in password file."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Wrong padding in PKCS1 packet."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "The requested session has expired."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Hashing has failed."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Base64 decoding error."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Base64 unexpected header error."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Base64 encoding error."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Parsing error in password file."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "The requested data were not available."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Error in the pull function."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Error in the push function."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Error in the certificate."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Unknown Subject Alternative name in X.509 certificate."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Unsupported critical extension in X.509 certificate."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Key usage violation in certificate has been detected."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Resource temporarily unavailable, try again."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Function was interrupted."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Rehandshake was requested by the peer."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "TLS Application data were received, while expecting handshake data."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Error in Database backend."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "The certificate type is not supported."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "The given memory buffer is too short to hold parameters."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "The request is invalid."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "An illegal parameter has been received."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Error while reading file."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "ASN1 parser: Element was not found."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "ASN1 parser: Identifier was not found"
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "ASN1 parser: Error in DER parsing."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "ASN1 parser: Value was not found."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "ASN1 parser: Generic parsing error."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "ASN1 parser: Value is not valid."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "ASN1 parser: Error in TAG."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "ASN1 parser: error in implicit tag"
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "ASN1 parser: Error in type 'ANY'."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "ASN1 parser: Syntax error."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "ASN1 parser: Overflow in DER parsing."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Too many empty record packets have been received."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "The initialization of GnuTLS-extra has failed."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "The gcrypt library version is too old."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "The tasn1 library version is too old."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "The OpenPGP User ID is revoked."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr "The OpenPGP key has not a preferred key set."
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Error loading the keyring."
+
+#: gnutls_errors.c:220
+msgid "The initialization of crypto backend has failed."
+msgstr "The initialization of crypto backend has failed."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "The initialization of LZO has failed."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "No supported compression algorithms have been found."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "No supported cipher suites have been found."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Could not get OpenPGP key."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Could not find OpenPGP subkey."
+
+#: gnutls_errors.c:232
+msgid "Safe renegotiation failed."
+msgstr "Safe renegotiation failed."
+
+#: gnutls_errors.c:234
+msgid "Unsafe renegotiation denied."
+msgstr "Unsafe renegotiation denied."
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "The SRP username supplied is illegal."
+
+#: gnutls_errors.c:239
+msgid "The SRP username supplied is unknown."
+msgstr "The SRP username supplied is unknown."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "The OpenPGP fingerprint is not supported."
+
+#: gnutls_errors.c:244
+msgid "The signature algorithm is not supported."
+msgstr "The signature algorithm is not supported."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "The certificate has unsupported attributes."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "The OID is not supported."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "The hash algorithm is unknown."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "The PKCS structure's content type is unknown."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "The PKCS structure's bag type is unknown."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "The given password contains invalid characters."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "The Message Authentication Code verification failed."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Some constraint limits were reached."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Failed to acquire random data."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Received a TLS/IA Intermediate Phase Finished message"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Received a TLS/IA Final Phase Finished message"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Verifying TLS/IA phase checksum failed"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "The specified algorithm or protocol is unknown."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr "Error opening /dev/crypto"
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr "Error interfacing with /dev/crypto"
+
+#: gnutls_errors.c:285
+msgid "Channel binding data not available"
+msgstr "Channel binding data not available"
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr "PKCS #11 error."
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr "PKCS #11 initialization error."
+
+#: gnutls_errors.c:292
+msgid "Error in parsing."
+msgstr "Error in parsing."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr "PKCS #11 error in PIN."
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr "PKCS #11 PIN should be saved."
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr "PKCS #11 error in slot"
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr "Thread locking error"
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr "PKCS #11 error in attribute"
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr "PKCS #11 error in device"
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr "PKCS #11 error in data"
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr "PKCS #11 unsupported feature"
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr "PKCS #11 error in key"
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr "PKCS #11 PIN expired"
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr "PKCS #11 PIN locked"
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr "PKCS #11 error in session"
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr "PKCS #11 error in signature"
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr "PKCS #11 error in token"
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr "PKCS #11 user error"
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(unknown error code)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Close notify"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Unexpected message"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Bad record MAC"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Decryption failed"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Record overflow"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Decompression failed"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Handshake failed"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Certificate is bad"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Certificate is not supported"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Certificate was revoked"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Certificate is expired"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Unknown certificate"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Illegal parameter"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "CA is unknown"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Access was denied"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Decode error"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Decrypt error"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Export restriction"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Error in protocol version"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Insufficient security"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "User canceled"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Internal error"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "No renegotiation is allowed"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Could not retrieve the specified certificate"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "An unsupported extension was sent"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "The server name sent was not recognized"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "The SRP/PSK username is missing or not known"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Inner application negotiation failed"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Inner application verification failed"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tPath Length Constraint: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tPolicy Language: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tHexdump: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tDigital signature.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tNon repudiation.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tKey encipherment.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tData encipherment.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tKey agreement.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tCertificate signing.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tCRL signing.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tKey encipher only.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tKey decipher only.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"warning: distributionPoint contains an embedded NUL, replacing with ‘\e[1m!\e"
+"[0m’\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tTLS WWW Server.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tTLS WWW Client.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tCode signing.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tEmail protection.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tTime stamping.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tOCSP signing.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr "%s\t\t\tIpsec IKE.\n"
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tAny purpose.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tCertificate Authority (CA): FALSE\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tCertificate Authority (CA): TRUE\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tPath Length Constraint: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "warning: altname contains an embedded NUL, replacing with ‘\e[1m!\e[0m’\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tXMPP Address: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\totherName OID: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\totherName DER: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\totherName ASCII: "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tExtensions:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tBasic Constraints (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "critical"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "not critical"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tSubject Key Identifier (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tAuthority Key Identifier (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tKey Usage (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tKey Purpose (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tSubject Alternative Name (%s):\n"
+
+#: x509/output.c:922
+#, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tIssuer Alternative Name (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tCRL Distribution points (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tProxy Certificate Information (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tUnknown extension %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tHexdump: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVersion: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tSerial Number (hex): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tIssuer: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tValidity:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tNot Before: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tNot After: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tSubject: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "unknown"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tSubject Public Key Algorithm: %s\n"
+
+#: x509/output.c:1163
+#, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "\tCertificate Security Level: %s\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModulus (bits %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tExponent (bits %d):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tPublic key (bits %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tSignature Algorithm: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tSignature:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tPublic Key Id:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "signed using %s (broken!), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "signed using %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "X.509 Certificate Information:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Other Information:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVersion: 1 (default)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tUpdate dates:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tIssued: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tNext at: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tExtensions:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tCRL Number (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tAuthority Key Identifier (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tUnknown extension %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tHexdump: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tRevoked certificates (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tNo revoked certificates.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tSerial Number (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tRevoked at: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "X.509 Certificate Revocation List Information:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tExponent:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tAttributes:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tChallenge password: %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tUnknown attribute %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "PKCS #10 Certificate Request Information:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tKey Usage:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "error: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tDigital signatures.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tCommunications encipherment.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tStorage data encipherment.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tAuthentication.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tCertificate signing.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tFingerprint (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tRevoked: True\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tRevoked: False\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tTime stamps:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tCreation: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tExpiration: Never\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tExpiration: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tPublic Key Algorithm: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr "\tKey Security Level: %s\n"
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tName[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tRevoked Name[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tSubkey[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "name[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "revoked name[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "fingerprint: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "created: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "never expires, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "expires: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "key algorithm %s (%d bits)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "unknown key algorithm (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "OpenPGP Certificate Information:\n"
--- /dev/null
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
--- /dev/null
+# English translations for libgnutls package.
+# Copyright (C) 2011 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Automatically generated, 2011.
+#
+# All this catalog "translates" are quotation characters.
+# The msgids must be ASCII and therefore cannot contain real quotation
+# characters, only substitutes like grave accent (0x60), apostrophe (0x27)
+# and double quote (0x22). These substitutes look strange; see
+# http://www.cl.cam.ac.uk/~mgk25/ucs/quotes.html
+#
+# This catalog translates grave accent (0x60) and apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019).
+# It also translates pairs of apostrophe (0x27) to
+# left single quotation mark (U+2018) and right single quotation mark (U+2019)
+# and pairs of quotation mark (0x22) to
+# left double quotation mark (U+201C) and right double quotation mark (U+201D).
+#
+# When output to an UTF-8 terminal, the quotation characters appear perfectly.
+# When output to an ISO-8859-1 terminal, the single quotation marks are
+# transliterated to apostrophes (by iconv in glibc 2.2 or newer) or to
+# grave/acute accent (by libiconv), and the double quotation marks are
+# transliterated to 0x22.
+# When output to an ASCII terminal, the single quotation marks are
+# transliterated to apostrophes, and the double quotation marks are
+# transliterated to 0x22.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.11.7\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2011-03-21 16:38+0100\n"
+"Last-Translator: Automatically generated\n"
+"Language-Team: none\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Success."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Could not negotiate a supported cipher suite."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "The cipher type is unsupported."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "The certificate and the given key do not match."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Could not negotiate a supported compression method."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "An unknown public key algorithm was encountered."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "An algorithm that is not enabled was negotiated."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "A large TLS record packet was received."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "A record packet with illegal version was received."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "A TLS packet with unexpected length was received."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "The specified session has been invalidated for some reason."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "GnuTLS internal error."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "An illegal TLS extension was received."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "A TLS fatal alert has been received."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "An unexpected TLS packet was received."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "A TLS warning alert has been received."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "An error was encountered at the TLS Finished packet calculation."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "The peer did not send any certificate."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr "The given DSA key is incompatible with the selected TLS protocol."
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "There is already a crypto algorithm with lower priority."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "No temporary RSA parameters were found."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "No temporary DH parameters were found."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "An unexpected TLS handshake packet was received."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "The scanning of a large integer has failed."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Could not export a large integer."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Decryption has failed."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Encryption has failed."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Public key decryption has failed."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Public key encryption has failed."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Public key signing has failed."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Public key signature verification has failed."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Decompression of the TLS record packet has failed."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Compression of the TLS record packet has failed."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Internal error in memory allocation."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "An unimplemented or disabled feature has been requested."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Insufficient credentials for that request."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Error in password file."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Wrong padding in PKCS1 packet."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "The requested session has expired."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Hashing has failed."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Base64 decoding error."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Base64 unexpected header error."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Base64 encoding error."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Parsing error in password file."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "The requested data were not available."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Error in the pull function."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Error in the push function."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Error in the certificate."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Unknown Subject Alternative name in X.509 certificate."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Unsupported critical extension in X.509 certificate."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Key usage violation in certificate has been detected."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Resource temporarily unavailable, try again."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Function was interrupted."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Rehandshake was requested by the peer."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "TLS Application data were received, while expecting handshake data."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Error in Database backend."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "The certificate type is not supported."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "The given memory buffer is too short to hold parameters."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "The request is invalid."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "An illegal parameter has been received."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Error while reading file."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "ASN1 parser: Element was not found."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "ASN1 parser: Identifier was not found"
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "ASN1 parser: Error in DER parsing."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "ASN1 parser: Value was not found."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "ASN1 parser: Generic parsing error."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "ASN1 parser: Value is not valid."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "ASN1 parser: Error in TAG."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "ASN1 parser: error in implicit tag"
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "ASN1 parser: Error in type 'ANY'."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "ASN1 parser: Syntax error."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "ASN1 parser: Overflow in DER parsing."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Too many empty record packets have been received."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "The initialization of GnuTLS-extra has failed."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "The gcrypt library version is too old."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "The tasn1 library version is too old."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "The OpenPGP User ID is revoked."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr "The OpenPGP key has not a preferred key set."
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Error loading the keyring."
+
+#: gnutls_errors.c:220
+msgid "The initialization of crypto backend has failed."
+msgstr "The initialization of crypto backend has failed."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "The initialization of LZO has failed."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "No supported compression algorithms have been found."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "No supported cipher suites have been found."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Could not get OpenPGP key."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Could not find OpenPGP subkey."
+
+#: gnutls_errors.c:232
+msgid "Safe renegotiation failed."
+msgstr "Safe renegotiation failed."
+
+#: gnutls_errors.c:234
+msgid "Unsafe renegotiation denied."
+msgstr "Unsafe renegotiation denied."
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "The SRP username supplied is illegal."
+
+#: gnutls_errors.c:239
+msgid "The SRP username supplied is unknown."
+msgstr "The SRP username supplied is unknown."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "The OpenPGP fingerprint is not supported."
+
+#: gnutls_errors.c:244
+msgid "The signature algorithm is not supported."
+msgstr "The signature algorithm is not supported."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "The certificate has unsupported attributes."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "The OID is not supported."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "The hash algorithm is unknown."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "The PKCS structure's content type is unknown."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "The PKCS structure's bag type is unknown."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "The given password contains invalid characters."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "The Message Authentication Code verification failed."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Some constraint limits were reached."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Failed to acquire random data."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Received a TLS/IA Intermediate Phase Finished message"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Received a TLS/IA Final Phase Finished message"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Verifying TLS/IA phase checksum failed"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "The specified algorithm or protocol is unknown."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr "Error opening /dev/crypto"
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr "Error interfacing with /dev/crypto"
+
+#: gnutls_errors.c:285
+msgid "Channel binding data not available"
+msgstr "Channel binding data not available"
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr "PKCS #11 error."
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr "PKCS #11 initialization error."
+
+#: gnutls_errors.c:292
+msgid "Error in parsing."
+msgstr "Error in parsing."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr "PKCS #11 error in PIN."
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr "PKCS #11 PIN should be saved."
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr "PKCS #11 error in slot"
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr "Thread locking error"
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr "PKCS #11 error in attribute"
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr "PKCS #11 error in device"
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr "PKCS #11 error in data"
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr "PKCS #11 unsupported feature"
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr "PKCS #11 error in key"
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr "PKCS #11 PIN expired"
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr "PKCS #11 PIN locked"
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr "PKCS #11 error in session"
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr "PKCS #11 error in signature"
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr "PKCS #11 error in token"
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr "PKCS #11 user error"
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(unknown error code)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Close notify"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Unexpected message"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Bad record MAC"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Decryption failed"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Record overflow"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Decompression failed"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Handshake failed"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Certificate is bad"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Certificate is not supported"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Certificate was revoked"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Certificate is expired"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Unknown certificate"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Illegal parameter"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "CA is unknown"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Access was denied"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Decode error"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Decrypt error"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Export restriction"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Error in protocol version"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Insufficient security"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "User canceled"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Internal error"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "No renegotiation is allowed"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Could not retrieve the specified certificate"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "An unsupported extension was sent"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "The server name sent was not recognized"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "The SRP/PSK username is missing or not known"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Inner application negotiation failed"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Inner application verification failed"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tPath Length Constraint: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tPolicy Language: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tHexdump: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tDigital signature.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tNon repudiation.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tKey encipherment.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tData encipherment.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tKey agreement.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tCertificate signing.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tCRL signing.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tKey encipher only.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tKey decipher only.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"warning: distributionPoint contains an embedded NUL, replacing with ‘!’\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tTLS WWW Server.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tTLS WWW Client.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tCode signing.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tEmail protection.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tTime stamping.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tOCSP signing.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr "%s\t\t\tIpsec IKE.\n"
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tAny purpose.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tCertificate Authority (CA): FALSE\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tCertificate Authority (CA): TRUE\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tPath Length Constraint: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "warning: altname contains an embedded NUL, replacing with ‘!’\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tXMPP Address: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\totherName OID: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\totherName DER: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\totherName ASCII: "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tExtensions:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tBasic Constraints (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "critical"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "not critical"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tSubject Key Identifier (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tAuthority Key Identifier (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tKey Usage (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tKey Purpose (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tSubject Alternative Name (%s):\n"
+
+#: x509/output.c:922
+#, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tIssuer Alternative Name (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tCRL Distribution points (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tProxy Certificate Information (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tUnknown extension %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tHexdump: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVersion: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tSerial Number (hex): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tIssuer: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tValidity:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tNot Before: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tNot After: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tSubject: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "unknown"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tSubject Public Key Algorithm: %s\n"
+
+#: x509/output.c:1163
+#, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "\tCertificate Security Level: %s\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModulus (bits %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tExponent (bits %d):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tPublic key (bits %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tSignature Algorithm: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tSignature:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tPublic Key Id:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "signed using %s (broken!), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "signed using %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "X.509 Certificate Information:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Other Information:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVersion: 1 (default)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tUpdate dates:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tIssued: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tNext at: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tExtensions:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tCRL Number (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tAuthority Key Identifier (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tUnknown extension %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tHexdump: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tRevoked certificates (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tNo revoked certificates.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tSerial Number (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tRevoked at: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "X.509 Certificate Revocation List Information:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tExponent:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tAttributes:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tChallenge password: %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tUnknown attribute %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "PKCS #10 Certificate Request Information:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tKey Usage:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "error: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tDigital signatures.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tCommunications encipherment.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tStorage data encipherment.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tAuthentication.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tCertificate signing.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tFingerprint (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tRevoked: True\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tRevoked: False\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tTime stamps:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tCreation: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tExpiration: Never\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tExpiration: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tPublic Key Algorithm: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr "\tKey Security Level: %s\n"
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tName[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tRevoked Name[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tSubkey[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "name[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "revoked name[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "fingerprint: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "created: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "never expires, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "expires: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "key algorithm %s (%d bits)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "unknown key algorithm (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "OpenPGP Certificate Information:\n"
--- /dev/null
+# translation of libgnutls to French
+# Copyright (C) 2008 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Nicolas Provost <nprovost@quadriv.com>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.8.5\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2009-12-29 21:15+0100\n"
+"Last-Translator: Nicolas Provost <nprovost@quadriv.com>\n"
+"Language-Team: French <traduc@traduc.org>\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=iso-8859-1\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Succès."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Impossible de négocier une méthode de chiffrement."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Algorithme de chiffrement non supporté."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Le certificat ne correspond pas avec la clef fournie."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Echec lors de la négociation d'une méthode de compression."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "Algorithme de clef publique inconnu."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Un algorithme non encore opérationnel a été négocié."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Un paquet TLS volumineux de données applicatives a été reçu."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr ""
+"Un paquet de données contenant un numéro de version incorrect a été reçu."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Le nombre de Diffie-Hellman envoyé par le serveur n'est pas suffisamment "
+"grand."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Un paquet TLS de longueur incorrecte a été reçu."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "La session courante a été invalidée pour une raison non précisée."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "Erreur interne GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "Une extension TLS incorrecte a été reçue."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Une alerte TLS fatale a été reçue."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Un paquet TLS incorrect a été reçu."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "Un avertissement TLS a été reçu."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr ""
+"Erreur durant la préparation du paquet TLS de fin d'établissement de session "
+"(\"TLS Finished\")."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "La machine distante n'a pas envoyé de certificat."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr ""
+"Un algorithme de chiffrement de priorité inférieure a déjà été sélectionné."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Paramètres temporaires RSA non trouvés."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Paramètres temporaires DH non trouvés."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Un paquet de négociation (handshake) TLS incorrect a été reçu."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Echec lors de la recherche d'un grand entier."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Impossible de transmettre un grand nombre entier."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Le décryptage a échoué."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Le chiffrement a échoué."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Le déchiffrement a échoué (clef publique)."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Le chiffrement a échoué (clef publique)."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Echec de la signature (clef publique)."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Echec lors de la vérification de la signature (clef publique)."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr ""
+"Echec de la décompression d'un paquet TLS de données applicatives (\"TLS "
+"Record\")."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr ""
+"Echec de la compression d'un paquet TLS de données applicatives (\"TLS Record"
+"\")."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Erreur interne d'allocation mémoire."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "Une fonctionnalité non supportée a été demandée."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Droits insuffisants pour satisfaire cette demande."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Erreur dans le fichier de mots de passe."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Bourrage (padding) PKCS1 incorrect."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "La session a expiré."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Le calcul d'empreinte (hash) a échoué."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Erreur de décodage Base64."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Erreur au niveau de l'entête Base64."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Erreur d'encodage Base64."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Erreur d'analyse du fichier de mots de passe."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "Les données demandées ne sont pas disponibles."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Erreur au niveau de la fonction \"pull\"."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Erreur au niveau de la fonction \"push\"."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr ""
+"La valeur maximale des numéros de séquence des paquets de données "
+"applicatives \"TLS Record\" a été atteinte !"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Erreur dans le certificat."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr ""
+"L'entrée \"Subject Alternative Name\" (autre nom du sujet) du certificat "
+"X509 est vide."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Une extension critique du certificat X509 n'est pas supportée."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Utilisation de la clef d'un certificat pour un usage non prévu."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Ressource temporairement indisponible, réessayer."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Interruption de fonction."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Une renégociation a été demandée par la machine distante."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr ""
+"Des données applicatives TLS ont été reçues alors que des données de "
+"négociation étaient attendues."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Erreur dans la structure de la base de données."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Ce type de certificat n'est pas supporté."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr ""
+"Le tampon mémoire donné est trop petit pour contenir tous les paramètres."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "Requête incorrecte."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "Un paramètre incorrect a été reçu."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Erreur de lecture de fichier."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "Element manquant durant l'analyse ASN1."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "Identifiant non trouvé durant l'analyse ASN1."
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "Erreur de décodage DER durant l'analyse ASN1."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "Valeur non trouvée durant l'analyse ASN1."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "Erreur durant l'analyse ASN1."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "Valeur incorrecte détectée durant l'analyse ASN1."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "Erreur d'étiquette (tag) détectée durant l'analyse ASN1."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "Erreur d'étiquette (tag implicite) détectée durant l'analyse ASN1."
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "Erreur dans un type \"ANY\" détectée lors de l'analyse ASN1."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "Erreur de syntaxe détectée lors de l'analyse ASN1."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "Dépassement de capacité lors du décodage DER durant l'analyse ASN1."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr ""
+"Trop de paquets de données applicatives (\"TLS Record\") vides ont été reçus."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Echec de l'initialisation de GnuTLS-extra."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"La version de la librairie GnuTLS ne correspond pas à celle de la librairie "
+"GnuTLS-extra."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "La version utilisée de la librairie gcrypt est trop ancienne."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "La version utilisée de la librairie tasn1 est trop ancienne."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "L'identifiant d'utilisateur OpenPGP (User ID) est révoqué."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Erreur durant le chargement du trousseau de clefs."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Echec de l'initialisation de LZO."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Echec de l'initialisation de LZO."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Aucun algorithme de compression n'est disponible."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Aucune méthode de chiffrement n'est disponible."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Impossible d'obtenir la clef OpenPGP."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Impossible de trouver la sous-clef OpenPGP."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Renégociation interdite"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Renégociation interdite"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Le nom d'utilisateur SRP communiqué est illicite."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Le nom d'utilisateur SRP communiqué est illicite."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "Cette empreinte OpenPGP n'est pas supportée."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Ce type de certificat n'est pas supporté."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Le certificat possède des attributs non supportés."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "Identifiant OID non supporté."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Algorithme d'empreinte (hash) inconnu."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Type de structure PKCS inconnu."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Type de conteneur (bag) PKCS inconnu."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Le mot de passe fourni comporte des caractères invalides."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "Echec de la vérification du code d'authentification du message (MAC)."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Certaines valeurs limites ont été atteintes."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Impossible de générer une valeur aléatoire."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr ""
+"Un message signalant l'avant-dernière étape de l'échange de données et clefs "
+"complémentaires (\"TLS/IA Intermediate Phase Finished\") a été reçu."
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr ""
+"Un message signalant la fin de l'échange de données et clefs complémentaires "
+"(\"TLS/IA Final Phase Finished\") a été reçu."
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr ""
+"Echec de la vérification de la somme de contrôle durant la phase \"TLS/IA"
+"\" (échange complémentaire de données et clefs)."
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "L'algorithme ou le protocole demandé est inconnu."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"La taille des données de négociation (handshake) est trop grande (déni de "
+"service ?). Contrôlez gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "Les données demandées ne sont pas disponibles."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Erreur dans le fichier de mots de passe."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(code d'erreur inconnu)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Notification de fermeture"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Message inattendu"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Mauvais bloc MAC"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Le décryptage a échoué"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Dépassement de taille d'enregistrement"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Echec de décompression"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Echec de négociation"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Mauvais certificat"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Ce certificat n'est pas supporté"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Le certificat est révoqué"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Le certificat a expiré"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Certificat inconnu"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Paramètre illégal"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "Autorité racine CA inconnue"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Accès refusé"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Erreur de décodage"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Erreur de déchiffrage"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Restriction à l'export"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Erreur de version de protocole"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Sécurité insuffisante"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Annulation par l'utilisateur"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Erreur interne"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Renégociation interdite"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Impossible d'obtenir le certificat spécifié"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "Une extension non supportée a été transmise"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "Le nom de serveur transmis n'est pas reconnu"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "Le nom d'utilisateur SRP/PSK est absent ou inconnu"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Echec de négociation interne à l'application"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "La vérification interne à l'application a échoué"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr ""
+"\t\t\tProfondeur de chemin de certificats (Path Length Constraint): %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tTermes de politique d'utilisation: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolitique-d'utilisation:\n"
+"\t\t\t\tASCII:"
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tCode-hexadécimal :"
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tSignature électronique.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tNon répudiation.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tChiffrement de clef.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tChiffrement de données.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tValidation de clef.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tSignature de certificat.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tSignature de liste de révocation (CRL).\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tChiffrement de clef seulement.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tDéchiffrement de clef seulement.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"attention : le point de distribution contient un caractère NUL, remplacé par "
+"'!'\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tServeur web TLS.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tClient web TLS.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tSignature de code.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tProtection d'email.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tHorodatage.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tSignature OCSP.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tToutes utilisations.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tCertificat autorité (CA): NON\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tCertificat autorité (CA): OUI\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr ""
+"%s\t\t\tProfondeur de chemin de certificats (Path Length Constraint): %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+#, fuzzy
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "attention : le champ SAN contient un caractère NUL, remplacé par '!'\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tAdresse XMPP: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\tautre nom OID: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\tautre Nom DER: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\tautreNom ASCII:"
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tExtensions:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tContraintes de base (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "critique"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "non critique"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tIdentifiant de clef du sujet (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tIdentifiant de la clef de l'autorité (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tUsages possibles de la clef (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tUtilisation prévue de la clef (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tAutre nom du sujet (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tAutre nom du sujet (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tPoints de distribution des listes de révocation (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tDétails du certificat du proxy (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tExtension inconnue %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tCode hexadécimal: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVersion: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tNuméro de série (hexadécimal): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tEmetteur: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tValidité:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tPas avant: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tPas après: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tSujet: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "inconnu"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tAlgorithme de clef publique du sujet: %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "%s\t\t\tCertificat autorité (CA): OUI\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModule (bits %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tExposant (bits %d):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tClef publique (bits %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tAlgorithme de signature: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"attention : signé en utilisant un algorithme de signature déjà \"cassé"
+"\" (faible) potentiellement corruptible.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tSignature:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tEmpreinte MD5:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tEmpreinte SHA-1:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tId de clef publique:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "signé avec %s (cassé !),"
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "signé avec %s,"
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Détail du certificat X509:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Autres informations :\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVersion: 1 (défaut)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tDates de mise à jour:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tEmis: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tProchainement: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tExtensions:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tNuméro de liste de révoc. CRL (%s):"
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tIdentifiant de la clef de l'autorité (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tExtension inconnue %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tCode hexadécimal: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tCertificats révoqués (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tCertificats non révoqués.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tNuméro de série (hexa): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tRévoqué le : %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Détails sur la liste de révocation du certificat X509 : \n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tExposant:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tAttributs:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tMot de passe \"challenge\": %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tAttribut inconnu %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Informations de requête de certificat PKCS10 :\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tUsages possibles de la clef :\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "Erreur: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tSignatures électroniques.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tChiffrement de communications.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tChiffrement de stockage de données.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tAuthentification.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tSignature de certificat.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hexa) :"
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tEmpreinte (hexa) : "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tRévoqué: oui\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tRévoqué: non\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tHorodatage:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tCréation: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tExpiration: jamais\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tExpiration: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tAlgorithme de clef publique: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tNom[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tNom révoqué[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tSous-clef[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "nom[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "nom révoqué[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "empreinte: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "créé: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "n'expire jamais, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "expire: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "algorithme de clé %s (%d bits)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "algorithme de clef inconnu (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Détails du certificat OpenPGP :\n"
--- /dev/null
+# Sed script that inserts the file called HEADER before the header entry.
+#
+# At each occurrence of a line starting with "msgid ", we execute the following
+# commands. At the first occurrence, insert the file. At the following
+# occurrences, do nothing. The distinction between the first and the following
+# occurrences is achieved by looking at the hold space.
+/^msgid /{
+x
+# Test if the hold space is empty.
+s/m/m/
+ta
+# Yes it was empty. First occurrence. Read the file.
+r HEADER
+# Output the file's contents by reading the next line. But don't lose the
+# current line while doing this.
+g
+N
+bb
+:a
+# The hold space was nonempty. Following occurrences. Do nothing.
+x
+:b
+}
--- /dev/null
+# Italian translation for libgnutls.
+# Copyright (C) 2010 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Sergio Zanchetta <primes2h@ubuntu.com>, 2010.
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls-2.8.5\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2010-03-26 10:40+0100\n"
+"Last-Translator: Sergio Zanchetta <primes2h@ubuntu.com>\n"
+"Language-Team: Italian <tp@lists.linux.it>\n"
+"Language: it\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Successo."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Impossibile negoziare una suite supportata di cifrari."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Il tipo di cifrario non è supportato."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Il certificato e la chiave fornita non corrispondono."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Impossibile negoziare un metodo di compressione supportato."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "È stato trovato un algoritmo a chiave pubblica sconosciuto."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "È stato negoziato un algoritmo non abilitato."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "È stato ricevuto un grande pacchetto di record TLS."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "È stato ricevuto un pacchetto di record con versione non valida."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Il numero primo di Diffie-Hellman inviato dal server non è accettabile (non "
+"è abbastanza lungo)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "È stato ricevuto un pacchetto TLS di lunghezza inattesa."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "La sessione specificata è stata invalidata per qualche motivo."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "Errore interno di GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "È stata ricevuta una estensione TLS non lecita."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "È stato ricevuto un segnale di allarme critico TLS."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "È stato ricevuto un pacchetto TLS inatteso."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "È stato ricevuto un segnale di avviso TLS."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "È stato rilevato un errore nel calcolo del pacchetto TLS Finished."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "Il peer non ha inviato alcun certificato."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Esiste già un algoritmo di cifratura con priorità più bassa."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Non è stato trovato alcun parametro RSA temporaneo."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Non è stato trovato alcun parametro DH temporaneo."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "È stato ricevuto un pacchetto di handshake TLS inatteso."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "La scansione di un intero large non è riuscita."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Impossibile esportare un intero large."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Decifrazione non riuscita."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Cifratura non riuscita."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Decifrazione della chiave pubblica non riuscita."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Cifratura della chiave pubblica non riuscita."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Firma della chiave pubblica non riuscita."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Verifica della firma della chiave pubblica non riuscita."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Decompressione del pacchetto di record TLS non riuscita."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Compressione del pacchetto di record TLS non riuscita."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Errore interno nell'allocazione di memoria."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "È stata richiesta una funzione non implementata o disabilitata."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Credenziali non sufficienti per quella richiesta."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Errore nel file di password."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Riempimento non corretto nel pacchetto PKCS1."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "La sessione richiesta è scaduta."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "L'hash non è riuscito."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Errore nella decodifica base64."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Errore inatteso nell'header base64."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Errore nella codifica base64."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Errore di analisi nel file di password."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "I dati richiesti non erano disponibili."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Errore nella funzione pull."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Errore nella funzione push."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr ""
+"È stato raggiunto il limite superiore nel numero di pacchetti di record "
+"sequenziali."
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Errore nel certificato."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Nome alternativo del soggetto sconosciuto nel certificato X.509."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Estensione critica non supportata nel certificato X.509."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr ""
+"È stata rilevata una violazione nell'utilizzo della chiave nel certificato."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Risorsa temporaneamente non disponibile, riprovare."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "La funzione è stata interrotta."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Il peer ha richiesto nuovamente l'handshake."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr ""
+"Sono stati ricevuti dati TLS Application, mentre erano attesi dati handshake."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Errore nel backend del database."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Il tipo di certificato non è supportato."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Il buffer di memoria fornito è troppo corto per contenere i parametri."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "La richiesta non è valida."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "È stato ricevuto un parametro non lecito."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Errore nella lettura del file."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "Analizzatore ASN1: elemento non trovato."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "Analizzatore ASN1: l'identificativo non è stato trovato."
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "Analizzatore ASN1: errore nell'analisi DER."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "Analizzatore ASN1: valore non trovato."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "Analizzatore ASN1: errore generico di analisi."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "Analizzatore ASN1: valore non valido."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "Analizzatore ASN1: errore nel TAG."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "Analizzatore ASN1: errore nel tag implicito."
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "Analizzatore ASN1: errore nel tipo \"ANY\"."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "Analizzatore ASN1: errore di sintassi."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "Analizzatore ASN1: overflow nell'analisi DER."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Sono stati ricevuti troppi pacchetti di record vuoti."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "L'inizializzazione di GnuTLS-extra non è riuscita."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"La versione della libreria GnuTLS non corrisponde a quella della libreria "
+"GnuTLS-extra."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "Versione troppo vecchia della libreria gcrypt."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "Versione troppo vecchia della libreria tasn1."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "L'ID utente OpenPGP è revocato."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Errore nel caricare il portachiavi."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "L'inizializzazione di LZO non è riuscita."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "L'inizializzazione di LZO non è riuscita."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Non è stato trovato alcun algoritmo di compressione supportato."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Non è stata trovata alcuna suite di cifratura supportata."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Impossibile ottenere la chiave OpenPGP."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Impossibile trovare la sottochiave OpenPGP."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Non è permessa alcuna rinegoziazione"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Non è permessa alcuna rinegoziazione"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Il nome utente SRP fornito non è lecito."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Il nome utente SRP fornito non è lecito."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "L'impronta digitale OpenPGP non è supportata."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Il tipo di certificato non è supportato."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Il certificato contiene attributi non supportati."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "L'OID non è supportato."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "L'algoritmo di hash è sconosciuto."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Il tipo di contenuto della struttura PKCS è sconosciuto."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Il tipo di contenitore della struttura PKCS è sconosciuto."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "La password fornita contiene caratteri non validi."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr ""
+"La verifica del codice di autenticazione dei messaggi (MAC) non è riuscita."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Sono stati raggiunti alcuni valori limite sui vincoli."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Acquisizione di dati casuali non riuscita."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Ricevuto un messaggio di fine della fase intermedia TLS/IA"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Ricevuto un messaggio di fine della fase finale TLS/IA"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Verifica del codice di controllo nella fase TLS/IA non riuscita"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "L'algoritmo o il protocollo specificato è sconosciuto."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"La dimensione dei dati di handshake è troppo grande (DoS?), controllare "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "I dati richiesti non erano disponibili."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Errore nel file di password."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(codice di errore sconosciuto)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Notifica di chiusura"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Messaggio inatteso"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Record con MAC errato"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Decifrazione non riuscita"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Overflow del record"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Decompressione non riuscita"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Handshake non riuscito"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Il certificato non è valido"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Il certificato non è supportato"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Il certificato è stato revocato"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Il certificato è scaduto"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Certificato sconosciuto"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Parametro non lecito"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "La CA è sconosciuta"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "L'accesso è stato negato"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Errore di decodifica"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Errore di decifrazione"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Limite all'esportazione"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Errore nella versione del protocollo"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Sicurezza insufficiente"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Annullato dall'utente"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Errore interno"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Non è permessa alcuna rinegoziazione"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Impossibile recuperare il certificato specificato"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "È stata inviata una estensione non supportata"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "Il nome server inviato non è stato riconosciuto"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "Il nome utente SRP/PSK è mancante o sconosciuto"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Negoziazione dell'applicazione interna non riuscita"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Verifica dell'applicazione interna non riuscita"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tVincolo sulla lunghezza del percorso: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tLingua della politica: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolitica:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tDump esadecimale: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tFirma digitale.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tNon ripudio.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tCifratura della chiave.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tCifratura dei dati.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tAccordo sulla chiave.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tFirma del certificato.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tFirma della CRL.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tSolo cifratura della chiave.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tSolo decifratura della chiave.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"attenzione: distributionPoint contiene un NUL incorporato, sostituzione con "
+"\"!\"\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tServer WWW TLS.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tClient WWW TLS.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tFirma del codice.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tProtezione email.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tMarcatura temporale.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tFirma OCSP.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tQualsiasi scopo.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tAutorità di certificazione (CA): FALSO\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tAutorità di certificazione (CA): VERO\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tVincolo sulla lunghezza del percorso: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+#, fuzzy
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "attenzione: SAN contiene un NUL incorporato, sostituzione con \"!\"\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tIndirizzo XMPP: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\tOID di otherName: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\tDER di otherName: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\tASCII di otherName: "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tEstensioni:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tVincoli di base (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "critico"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "non critico"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tIdentificativo di chiave del soggetto (SKI) (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tIdentificativo di chiave dell'autorità (AKI) (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tUso della chiave (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tScopo della chiave (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tNome alternativo del soggetto (SAN) (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tNome alternativo del soggetto (SAN) (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tPunti di distribuzione CRL (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tInformazioni sul certificato proxy (PC) (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tEstensione sconosciuta %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tDump esadecimale: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVersione: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tNumero seriale (hex): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tEmittente: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tValidità:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tNon prima: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tNon dopo: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tSoggetto: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "sconosciuto"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tAlgoritmo a chiave pubblica del soggetto (SPK): %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "%s\t\t\tAutorità di certificazione (CA): VERO\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModulo (bit %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tEsponente (bit %d):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tChiave pubblica (bit %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tAlgoritmo di firma: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"attenzione: è stato firmato usando un algoritmo di firma difettoso che può "
+"essere contraffatto.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tFirma:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tImpronta digitale MD5:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tImpronta digitale SHA-1:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tId della chiave pubblica:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "firmato usando %s (difettoso), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "firmato usando %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Informazioni sul certificato X.509:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Altre informazioni:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVersione: 1 (predefinita)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tDate di aggiornamento:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tRilasciato il: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tProssimo il: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tEstensioni:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tNumero CRL (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tIdentificativo di chiave dell'autorità (AKI) (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tEstensione sconosciuta %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tDump esadecimale: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tCertificati revocati (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tNessun certificato revocato.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tNumero seriale (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tRevocato a: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Informazioni sull'elenco di revoca del certificato (CRL) X.509:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tEsponente:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tAttributi:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tChallenge password: %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tAttributo sconosciuto %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Informazioni sulla richiesta di certificato (CR) PKCS #10:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tUso della chiave:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "errore: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tFirma digitale.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tCifratura delle comunicazioni.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tCifratura dei dati di memorizzazione.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tAutenticazione.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tFirma del certificato.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tImpronta digitale (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tRevocato: vero\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tRevocato: falso\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tMarche temporali:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tCreazione: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tScadenza: mai\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tScadenza: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tAlgoritmo di chiave pubblica: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tNome[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tNome revocato[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tSottochiave[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "nome[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "nome revocato[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "impronta digitale: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "creata il: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "senza scadenza,"
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "scade il: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "algoritmo della chiave %s (%d bit)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "algoritmo di chiave sconosciuto (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Informazioni sul certificato OpenPGP:\n"
--- /dev/null
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) YEAR Free Software Foundation, Inc.
+# This file is distributed under the same license as the PACKAGE package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.11.7\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-21 16:38+0100\n"
+"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=CHARSET\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr ""
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr ""
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr ""
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr ""
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr ""
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr ""
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr ""
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr ""
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr ""
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr ""
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr ""
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr ""
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr ""
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr ""
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr ""
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr ""
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr ""
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr ""
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr ""
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr ""
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr ""
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr ""
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr ""
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr ""
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr ""
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr ""
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr ""
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr ""
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr ""
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr ""
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr ""
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr ""
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr ""
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr ""
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr ""
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr ""
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr ""
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr ""
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr ""
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr ""
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr ""
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr ""
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr ""
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr ""
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr ""
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr ""
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr ""
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr ""
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr ""
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr ""
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr ""
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr ""
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr ""
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr ""
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr ""
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr ""
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr ""
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr ""
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr ""
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr ""
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr ""
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr ""
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr ""
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr ""
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr ""
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr ""
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr ""
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr ""
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr ""
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr ""
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr ""
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr ""
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr ""
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr ""
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr ""
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr ""
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr ""
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr ""
+
+#: gnutls_errors.c:220
+msgid "The initialization of crypto backend has failed."
+msgstr ""
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr ""
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr ""
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr ""
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr ""
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr ""
+
+#: gnutls_errors.c:232
+msgid "Safe renegotiation failed."
+msgstr ""
+
+#: gnutls_errors.c:234
+msgid "Unsafe renegotiation denied."
+msgstr ""
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr ""
+
+#: gnutls_errors.c:239
+msgid "The SRP username supplied is unknown."
+msgstr ""
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr ""
+
+#: gnutls_errors.c:244
+msgid "The signature algorithm is not supported."
+msgstr ""
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr ""
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr ""
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr ""
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr ""
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr ""
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr ""
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr ""
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr ""
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr ""
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr ""
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr ""
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr ""
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr ""
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+msgid "Channel binding data not available"
+msgstr ""
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+msgid "Error in parsing."
+msgstr ""
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr ""
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr ""
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr ""
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr ""
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr ""
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr ""
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr ""
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr ""
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr ""
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr ""
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr ""
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr ""
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr ""
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr ""
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr ""
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr ""
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr ""
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr ""
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr ""
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr ""
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr ""
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr ""
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr ""
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr ""
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr ""
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr ""
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr ""
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr ""
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr ""
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr ""
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr ""
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr ""
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr ""
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr ""
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr ""
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr ""
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr ""
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr ""
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr ""
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr ""
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr ""
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr ""
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr ""
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr ""
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr ""
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr ""
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr ""
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr ""
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr ""
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr ""
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr ""
+
+#: x509/output.c:588 x509/output.c:678
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr ""
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr ""
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr ""
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr ""
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr ""
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr ""
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr ""
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr ""
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr ""
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr ""
+
+#: x509/output.c:922
+#, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr ""
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr ""
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr ""
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr ""
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr ""
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr ""
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr ""
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr ""
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr ""
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr ""
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr ""
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr ""
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr ""
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr ""
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr ""
+
+#: x509/output.c:1163
+#, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr ""
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr ""
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr ""
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr ""
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr ""
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr ""
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr ""
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr ""
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr ""
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr ""
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr ""
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr ""
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr ""
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr ""
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr ""
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr ""
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr ""
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr ""
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr ""
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr ""
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr ""
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr ""
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr ""
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr ""
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr ""
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr ""
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr ""
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr ""
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr ""
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr ""
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr ""
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr ""
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr ""
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr ""
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr ""
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr ""
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr ""
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr ""
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr ""
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr ""
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr ""
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr ""
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr ""
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr ""
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr ""
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr ""
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr ""
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr ""
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr ""
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr ""
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr ""
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr ""
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr ""
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr ""
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr ""
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr ""
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr ""
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr ""
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr ""
--- /dev/null
+# gnutls Bahasa Melayu (Malay) (ms)
+# Copyright (C) 2006, 2007, 2008 Free Software Foundation, Inc.
+# This file is distributed under the same license as the gnutls package.
+# Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>, 2006, 2007, 2008.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: gnutls 2.5.7\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2008-11-01 00:39+0800\n"
+"Last-Translator: Sharuzzaman Ahmat Raslan <sharuzzaman@myrealbox.com>\n"
+"Language-Team: Malay <translation-team-ms@lists.sourceforge.net>\n"
+"Language: ms\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Berjaya."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Tidak dapat merunding sut cipher yang disokong."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Jenis cipher tidak disokong."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Sijil dan kekunci diberi tidak sepadan."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Tidak dapat merunding kaedah mampatan disokong."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "Algoritma kekunci awam tidak diketahui dijumpai."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Algoritma yang tidak dihidupkan telah dirundingkan."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Paket rekod TLS besar telah diterima."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "Paket rekod dengan versi tidak sah telah diterima."
+
+#: gnutls_errors.c:73
+#, fuzzy
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Perdana Diffie Hellman yang dihantar oleh pelayan tidak boleh diterima "
+"(tidak cukup panjang)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Paket TLS dengan panjang tidak dijangka telah diterima."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "Sesi yang dinyatakan telah dinyahsahkan atas sebab tertentu."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "Ralat dalaman GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "Sambungan TLS tidak sah telah diterima."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Amaran teruk TLS telah diterima."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Paket TLS tidak dijangka telah diterima."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "Arahan amaran telah diterima."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Ralat ditemui pada pengiraan paket Selesai TLS"
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "Rakan tidak menghantar sebarang sijil."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Telah terdapat algoritma kripto dengan keutamaan rendah."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Tiada parameter RSA sementara telah dijumpai."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Tiada parameter DH sementara telah dijumpai."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Paket handshake TLS tidak dijangka telah diterima."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Pengesanan integer besar telah gagal."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Tidak dapat mengeksport integer besar."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Nyahenkripsi telah gagal."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Enkripsi telah gagal."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Nyahenkripsi kekunci awam telah gagal."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Enkripsi kekunci awam telah gagal."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Tandatangan kekunci awam telah gagal."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Pengesahan tandatangan kekunci awam telah gagal."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Nyahmampatan paket rekod TLS telah gagal."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Mampatan paket rekod TLS telah gagal."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Ralat dalaman dalam pengumpukan memori."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "Ciri tidak disediakan atau dimatikan telah diminta."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Akuan tidak mencukupi untuk permintaan tersebut."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Ralat dalam fail katalaluan."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Pelapik salah dalam paket PKCS1."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "Sesi diminta telah tamat tempoh."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Menghash telah gagal."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Ralat menyahkod base64."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Ralat pengepala tidak dijangka base64."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Ralat mengenkod base64."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Ralat huraian dalam fail katalaluan."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "Data yang diminta tiada."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Ralat dalam fungsi tarik."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Ralat dalam fungsi tolak."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr "Had atas nombor jujukan paket rakaman telah dicapai. Wow!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Ralat dalam sijil."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Nama Subjek Alternatif tidak diketahu dalam sijil X.509."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Sambungan kritikal tidak disokong dalam sijil X.509."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Pelanggaran penggunaan kekunci dalam sijik telah dikesan."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr ""
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Fungsi telah dibatalkan."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Rehandshake diminta oleh peer."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "Data Aplikasi TLS telah diterima, semasa menjangka data handshake."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Ralat dalam backend Pengkalan Data."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Jenis sijil tidak disokong."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Buffer memori yang diberikan terlalu pendek untuk memegang parameter."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "Permintaan tidak sah."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "Parameter tidak sah telah diterima."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Ralat apabila membaca fail."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "Penghurai ASN1: Elemen tidak dijumpai."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "Penghurai ASN1: Pengenalan tidak dijumpai"
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "Penghurai ASN1: Ralat dalam huraian DER."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "Penghurai ASN1: Nilai tidak dijumpai."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "Penghurai ASN1: Ralat menghurai generik."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "Penghurai ASN1: Nilai tidak sah."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "Penghurai ASN1: Ralat dalam TAG."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "Penghurai ASN1: ralat dalam tag tersirat"
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "Penghurai ASN1: Ralat dalam jenis 'ANY'."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "Penghurai ASN1: Ralat sintaks."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "Penghurai ASN1: Limpahan dalam penghuraian DER."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Terlalu banyak paket rekod kosong telah diterima."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Pemulaan GnuTLS-extra telah gagal."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr "Versi pustaka GnuTLS tidak sepadan dengan versi pustaka GnuTLS-extra."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "Versi pustaka gcrypt terlalu lama."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "Versi pustaka tasn1 terlalu lama."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "ID Pengguna OpenPGP telah dibatalkan."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Ralat memuatkan cecincin kunci."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Pemulaan LZO telah gagal."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Pemulaan LZO telah gagal."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Tiada algoritma pemampat yang disokong dijumpai."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Tiada sut cipher yang disokong dijumpai."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Tidak dapat memperoleh kekunci OpenPGP."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Tidak dapat mencari subkekunci OpenPGP."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Tiada perbincangan semula dibenarkan"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Tiada perbincangan semula dibenarkan"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Namapengguna SRP yang diberikan tidak sah."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Namapengguna SRP yang diberikan tidak sah."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "Cap jari OpenPGP tidak disokong."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Jenis sijil tidak disokong."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Sijil tidak mempunyai ciri disokong."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "OID tidak disokong."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Algoritma hash tidak diketahui."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Jenis kandungan struktur PKCS tidak diketahui."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Jenis beg struktur PKCS tidak diketahui."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Katalaluan diberikan mengandungi aksara tidak sah."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "Pengesahan Message Authentication Code gagal."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Beberapa had kekangan telah dicapai."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Gagal untuk mendapatkan data rawak."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Menerima mesej TLS/IA Intermediate Phase Finished"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Menerima mesej TLS/IA Final Phase Finished"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Pengesahan checksum fasa TLS/IA gagal"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Algoritma atau protokol dinyataka tidak diketahui."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"Saiz data jabat tangan terlalu besar (DoS?), periksa "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "Data yang diminta tiada."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Ralat dalam fail katalaluan."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(kod ralat tidak diketahui)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Pemberitahuan tutup"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Mesej tidak dijangka"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Rekod MAC buruk"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Nyahenkripsi gagal"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Rekod melimpah"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Nyahmampatan gagal"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Jabat tangan gagal"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Sijil buruk"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Sijil tidak disokong"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Sijil telah dibatalkan"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Sijil tamat tempoh"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Sijil tidak diketahui"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Parameter tidak sah"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "CA tidak diketahui"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Akses telah dihalang"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Ralat decode"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Ralat decrypt"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Halangan eksport"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Ralat dalam versi protokol"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Sekuriti tidak mencukupi"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Pengguna membatalkan"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Ralat dalaman"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Tiada perbincangan semula dibenarkan"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Tidak dapat mendapatkan sijil dinyatakan"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "Sambungan tidak disokong telah dihantar"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "Nama pelayan dihantar tidak dikenali"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "Nama pengguna SRP/PSK tiada atau tidak diketahui"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Perbincangan aplikasi dalaman gagal"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Pengesahan aplikasi dalaman gagal"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tKekangan Panjang Laluan: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tBahasa Polisi: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolisi:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\tLambakan Hex: "
+
+#: x509/output.c:302
+#, fuzzy, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "\t\t\tTandatangan digital.\n"
+
+#: x509/output.c:304
+#, fuzzy, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "\t\t\tTidak ditolak.\n"
+
+#: x509/output.c:306
+#, fuzzy, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "\t\t\tPenyulitan kekunci.\n"
+
+#: x509/output.c:308
+#, fuzzy, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "\t\t\tPenyulitan data.\n"
+
+#: x509/output.c:310
+#, fuzzy, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "\t\t\tPersetujuan kekunci.\n"
+
+#: x509/output.c:312
+#, fuzzy, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "\t\t\tMenandatangan sijil.\n"
+
+#: x509/output.c:314
+#, fuzzy, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "\t\t\tMenandatangan CRL.\n"
+
+#: x509/output.c:316
+#, fuzzy, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "\t\t\tEncipher kekunci sahaja.\n"
+
+#: x509/output.c:318
+#, fuzzy, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "\t\t\tDecipher kekunci sahaja.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:462
+#, fuzzy, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "\t\t\tPelayan WWW TLS.\n"
+
+#: x509/output.c:464
+#, fuzzy, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "\t\t\tKlien WWW TLS.\n"
+
+#: x509/output.c:466
+#, fuzzy, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "\t\t\tMenandatangan kod.\n"
+
+#: x509/output.c:468
+#, fuzzy, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "\t\t\tPerlindungan emel.\n"
+
+#: x509/output.c:470
+#, fuzzy, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "\t\t\tCap waktu.\n"
+
+#: x509/output.c:472
+#, fuzzy, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "\t\t\tMenandatangan OCSP.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, fuzzy, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "\t\t\tSebarang tujuan.\n"
+
+#: x509/output.c:509
+#, fuzzy, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "\t\t\tPihak Berkuasa Sijil (CA): SALAH\n"
+
+#: x509/output.c:511
+#, fuzzy, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "\t\t\tPenguasa Sijil (CA): BENAR\n"
+
+#: x509/output.c:514
+#, fuzzy, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tKekangan Panjang Laluan: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:684
+#, fuzzy, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "\t\t\tAlamat XMPP: %.*s\n"
+
+#: x509/output.c:689
+#, fuzzy, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "\t\t\tnamaLain OID: %.*s\n"
+
+#: x509/output.c:691
+#, fuzzy, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "\t\t\tnamaLain DER:"
+
+#: x509/output.c:693
+#, fuzzy, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"\t\t\tnamaLain ASCII:"
+
+#: x509/output.c:817
+#, fuzzy, c-format
+msgid "%s\tExtensions:\n"
+msgstr "\tSambungan:\n"
+
+#: x509/output.c:827
+#, fuzzy, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "\t\tKekangan Asas (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "kritikal"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "tidak kritikal"
+
+#: x509/output.c:842
+#, fuzzy, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "\t\tSubjek Kekunci Pengenalan (%s):\n"
+
+#: x509/output.c:859
+#, fuzzy, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tPengesahan Kekunci Pengenalan (%s):\n"
+
+#: x509/output.c:875
+#, fuzzy, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "\t\tPenggunaan Kekunci (%s):\n"
+
+#: x509/output.c:890
+#, fuzzy, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "\t\tTujuan Kekunci (%s):\n"
+
+#: x509/output.c:907
+#, fuzzy, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "\t\tNama Alternatif Subjek (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "\t\tNama Alternatif Subjek (%s):\n"
+
+#: x509/output.c:937
+#, fuzzy, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "\t\tTitik Edaran CRL (%s):\n"
+
+#: x509/output.c:955
+#, fuzzy, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "\t\tMaklumat Sijil Proksi (%s):\n"
+
+#: x509/output.c:968
+#, fuzzy, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tSambungan tidak diketahui %s (%s):\n"
+
+#: x509/output.c:1015
+#, fuzzy, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, fuzzy, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "\t\t\tLambakan Hex: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVersi: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tNombor Siri (hex):"
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tPengeluar: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tKesahan:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tTidak Sebelum: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tTidak Selepas: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tSubjek: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "tidak diketahui"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tAlgoritma Kekunci Awam Subjek: %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "\t\t\tPenguasa Sijil (CA): BENAR\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModulus (%d bit):\n"
+
+#: x509/output.c:1182
+#, fuzzy, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tEksponen:\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tKekunci awam (%d bit):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tAlgoritma tandatangan: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"amaran: ditandatangan menggunakan algoritma tandatangan rosak yang boleh "
+"dipalsukan.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tTandatangan:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tCap jari MD5:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tCap jari SHA-1:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tId Kekunci Awam:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr ""
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr ""
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Maklumat Sijil X.509:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Maklumat Lain:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVersi: 1 (default)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tTarikh kemaskini:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tDikeluarkan: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tSeterusnya pada: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tSambungan:\n"
+
+#: x509/output.c:1695
+#, fuzzy, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tNombor Siri (hex): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tPengesahan Kekunci Pengenalan (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tSambungan tidak diketahui %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tLambakan Hex: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tSijil dibatalkan (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tTiada sijil dibatalkan.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tNombor Siri (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tDibatalkan pada: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Maklumat Senarai Pembatalan Sijil X.509:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tEksponen:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr ""
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr ""
+
+#: x509/output.c:2103
+#, fuzzy, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tSambungan tidak diketahui %s (%s):\n"
+
+#: x509/output.c:2208
+#, fuzzy
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Maklumat Sijil X.509:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tPenggunaan Kekunci:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "ralat: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tTandatangan digital.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tPenyulitan komunikasi.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tPenyulitan data simpanan.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tPengesahan.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tMenandatangan sijil.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tCapjari (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tDibatalkan: Betul\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tDibatalkan: Salah\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tCap waktu:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tPenciptaan: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tTamat tempoh: Tiada\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tTamat tempoh: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tAlgoritma Kekunci Awam: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tNama[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tNama Dibatalkan[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tSubkekunci[%d]:\n"
+
+#: openpgp/output.c:422
+#, fuzzy, c-format
+msgid "name[%d]: %s, "
+msgstr "\tNama[%d]: %s\n"
+
+#: openpgp/output.c:424
+#, fuzzy, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "\tNama Dibatalkan[%d]: %s\n"
+
+#: openpgp/output.c:444
+#, fuzzy
+msgid "fingerprint: "
+msgstr ""
+"\tCap jari MD5:\n"
+"\t\t"
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr ""
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr ""
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr ""
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr ""
+
+#: openpgp/output.c:496
+#, fuzzy, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "Algoritma kekunci awam tidak diketahui dijumpai."
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Maklumat Sijil OpenPGP:\n"
--- /dev/null
+# Dutch translations for libgnutls.
+# Copyright (C) 2010 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+#
+# Benno Schulenberg <benno@vertaalt.nl>, 2007, 2008, 2010.
+# Erwin Poeze <erwin.poeze@gmail.com>, 2009, 2010.
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls-2.8.5\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2010-05-02 17:07+0200\n"
+"Last-Translator: Benno Schulenberg <benno@vertaalt.nl>\n"
+"Language-Team: Dutch <vertaling@vrijschrift.org>\n"
+"Language: nl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+"X-Generator: Lokalize 1.0\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Gelukt."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Kan geen gemeenschappelijke coderingsmethode overeenkomen."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "De coderingsmethode wordt niet ondersteund."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Het certificaat en de gegeven sleutel passen niet bij elkaar."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Kan geen gemeenschappelijke compressiemethode overeenkomen."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "Onbekend versleutelingsalgoritme gevonden."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Er werd een uitgeschakeld algoritme overeengekomen."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Er werd een groot TLS-datapakket ontvangen."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "Er werd een datapakket met een ongedige versie ontvangen."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Het door de server toegezonden Diffie-Hellman-priemgetal is niet acceptabel "
+"(niet lang genoeg)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Er werd een TLS-pakket met een onverwachte lengte ontvangen."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "De aangegeven sessie is om een of andere reden ongeldig geworden."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "**Interne fout** in GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "Er werd een ongeldige TLS-uitbreiding ontvangen."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Er werd een ernstig TLS-alarm ontvangen."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Er werd een onverwacht TLS-pakket ontvangen."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "Er is een TLS-waarschuwing ontvangen."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Er is een fout opgetreden tijdens de TLS-pakketeinde-berekening."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "De andere computer heeft geen certificaat gestuurd."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Er is al een encryptie-algoritme met een lagere prioriteit."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Er zijn geen tijdelijke RSA-parameters gevonden."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Er zijn geen tijdelijke DH-parameters gevonden."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Er werd een onverwacht TLS-handshake-pakket ontvangen."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Het lezen van een groot geheel getal is mislukt."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Het exporteren van een groot geheel getal is mislukt."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Ontsleuteling is mislukt."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Versleuteling is mislukt."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Ontsleuteling met publieke sleutel is mislukt."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Versleuteling met publieke sleutel is mislukt."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Ondertekenen met publieke sleutel is mislukt."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Controle van ondertekening met publieke sleutel is mislukt."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Decompressie van het TLS-datapakket is mislukt."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Compressie van het TLS-datapakket is mislukt."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "**Interne fout** bij reserveren van geheugen."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "Er werd een uitgeschakelde of ongeïmplementeerde functie gevraagd."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Onvoldoende rechten voor dat verzoek."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Fout in wachtwoordenbestand."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Onjuiste opvulbytes in PKCS1-pakket."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "De gevraagde sessie is verlopen."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Hashen is mislukt."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Base64-decoderingsfout."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Onverwachte fout in base64-kopregel."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Base64-coderingsfout."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Fout in de indeling van wachtwoordenbestand."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "De gevraagde gegevens zijn niet beschikbaar."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Fout in de 'pull'-functie."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Fout in de 'push'-functie."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr "Het hoogste volgnummer voor datapakketten is bereikt. Wauw!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Fout in het certificaat."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Onbekende naam van toegevoegd onderwerp in X.509-certificaat."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Niet-ondersteunde kritieke uitbreiding in X.509-certificaat."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr ""
+"Er is een overtreding van het sleutelgebruik in het certificaat "
+"geconstateerd."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Bron is tijdelijk niet beschikbaar; probeer het later nogmaals."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Functie werd onderbroken."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "De andere computer heeft om een hernieuwde handshake gevraagd."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr ""
+"Er werd TLS-toepassingsdata ontvangen, terwijl handshake-gegevens verwacht "
+"werden."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Fout in databank-backend."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Het certificaattype wordt niet ondersteund."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Beschikbare buffer is te klein voor de gegeven parameters."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "Het verzoek is ongeldig."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "Er werd een ongeoorloofde parameter ontvangen."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Fout tijdens lezen van bestand."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "ASN1-parser: Element niet gevonden."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "ASN1-parser: Naam niet gevonden."
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "ASN1-parser: Fout in ontleden van DER."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "ASN1-parser: Waarde niet gevonden."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "ASN1-parser: Algemene ontledingsfout."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "ASN1-parser: Waarde is ongeldig."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "ASN1-parser: Fout in TAG."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "ASN1-parser: Fout in impliete tag."
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "ASN1-parser: Fout in type 'ANY'."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "ASN1-parser: Syntaxfout."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "ASN1-parser: Overloop in DER-ontleding."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Er zijn te veel lege datapakketten ontvangen."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Het initialiseren van GnuTLS-extra is mislukt."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"De versies van de GnuTLS- en GnuTLS-extra-bibliotheken komen niet overeen."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "De versie van de gcrypt-bibliotheek is te oud."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "De versie van de tasn1-bibliotheek is te oud."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "Het OpenPGP-gebruikers-ID is ingetrokken."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Fout tijdens laden van de sleutelring."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Het initialiseren van LZO is mislukt."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Het initialiseren van LZO is mislukt."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Er is geen ondersteund compressie-algoritme gevonden."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Er is geen ondersteund encryptie-algoritme gevonden."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Kan OpenPGP-sleutel niet verkrijgen."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Kan OpenPGP-subsleutel niet vinden."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Heronderhandeling is niet toegestaan"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Heronderhandeling is niet toegestaan"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "De gegeven SRP-gebruikersnaam is ongeldig."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "De gegeven SRP-gebruikersnaam is ongeldig."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "De OpenPGP-vingerafdruk wordt niet ondersteund."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Het certificaattype wordt niet ondersteund."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Het certificaat heeft niet-ondersteunde eigenschappen."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "Het OID wordt niet ondersteund."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Onbekend hash-algoritme."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Onbekend inhoudstype van PKCS-structuur."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Onbekend buideltype van PKCS-structuur."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Het opgegeven wachtwoord bevat ongeldige tekens."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "Verificatie van berichtauthenticatiecode is mislukt."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Sommige beperkingsgrenzen werden bereikt."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Kan geen willekeurige bits verkrijgen."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "TLS/IA-tussenfasebeëindigingsbericht ontvangen"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "TLS/IA-eindfasebeëindigingsbericht ontvangen"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Verificatie van TLS/IA-fasecontrolesom is mislukt"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Het opgegeven algoritme of protocol is onbekend."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"De gegevensgrootte van de handshake is te groot (DoS-aanval?); controleer "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "De gevraagde gegevens zijn niet beschikbaar."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Fout in wachtwoordenbestand."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(onbekende foutcode)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Afsluitingsbericht"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Onverwacht bericht"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Record met ongeldige MAC"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Ontsleuteling is mislukt"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Recordoverloop"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Decompressie is mislukt"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Handshake is mislukt"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Certificaat is ongeldig"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Certificaat wordt niet ondersteund"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Certificaat is ingetrokken"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Certificaat is verlopen"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Onbekend certificaat"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Ongeldige parameter"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "CA is onbekend"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Toegang werd geweigerd"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Decoderingsfout"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Ontsleutelingsfout"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Exportbeperking"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Fout in protocolversie"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Onvoldoende veiligheid"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Door gebruiker geannuleerd"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "**Interne fout**"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Heronderhandeling is niet toegestaan"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Kan het opgegeven certificaat niet ophalen"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "Een niet-ondersteunde uitbreiding werd toegezonden"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "De toegezonden servernaam werd niet herkend"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "De SRP/PSK-gebruikersnaam ontbreekt of is onbekend"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Inwendige programmaonderhandeling is mislukt"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Inwendige programmaverificatie is mislukt"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tPadlengtebeperking: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tBeleidstaal: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tBeleid:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tHexdump: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tDigitale ondertekening.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tNiet-herroeping.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tSleutel-encryptie.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tData-encryptie.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tSleutelovereenstemming.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tCertificaatondertekening.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tCRL-ondertekening.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tAlleen sleutel-encryptie.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tAlleen sleutel-decryptie.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"Waarschuwing: distributiepunt bevat een NUL-waarde, wordt vervangen door "
+"'!'\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tTLS WWW-server.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tTLS WWW-cliënt.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tCode-ondertekening.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tE-mailbescherming.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tTijdsstempels.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tOCSP-ondertekening.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tElk doel.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tCertificaatautoriteit (CA): ONWAAR\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tCertificaatautoriteit (CA): WAAR\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tPadlengtebeperking: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+#, fuzzy
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "Waarschuwing: SAN bevat een NUL-waarde, wordt vervangen door '!'\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tXMPP-adres: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\tAndere naam (OID): %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\tAndere naam (DER): "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\tAndere naam (ASCII): "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tUitbreidingen:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tFundamentele beperkingen (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "kritiek"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "niet kritiek"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tOnderwerps-ID van sleutel (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tAutoriteits-ID van sleutel (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tGebruik van sleutel (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tDoel van sleutel (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tToegevoegde onderwerpen (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tToegevoegde onderwerpen (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tCRL-distributiepunten (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tInformatie over proxy-certificaat (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tOnbekende uitbreiding %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tHexdump: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVersie: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tSerienummer (hex): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tUitgever: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tGeldigheid:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tNiet vóór: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tNiet na: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tOnderwerp: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "onbekend"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tAlgoritme van publieke sleutel: %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "%s\t\t\tCertificaatautoriteit (CA): WAAR\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModulus (bits %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tExponent (bits %d):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tPublieke sleutel (bits %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tOndertekeningsalgoritme: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr "Waarschuwing: ondertekend met een algoritme dat vervalst kan worden.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tOndertekening:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tMD5-vingerafdruk:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tSHA-1-vingerafdruk:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tID van publieke sleutel:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "ondertekend met %s (beschadigd!), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "ondertekend met %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Informatie over X.509-certificaten:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Andere informatie:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVersie: 1 (standaard)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tBijwerkingsdata:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tUitgegeven: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tVolgende op: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tUitbreidingen:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tCRL-nummer (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tAutoriteits-ID van sleutel (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tOnbekende uitbreiding %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tHexdump: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tIngetrokken certificaten (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tGeen ingetrokken certificaten.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tSerienummer (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tIngetrokken op: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Informatie over ingetrokken X.509-certificaten:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tExponent:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tEigenschappen:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tTest-wachtwoord: %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tOnbekende eigenschap %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Informatie over PKCS #10-certificaatverzoek:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tGebruik van sleutel:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "fout in get_key_usage(): %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tDigitale ondertekeningen.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tEncryptie van communicatie.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tEncryptie van opgeslagen data.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tAuthenticatie.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tCertificaatondertekening.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tVingerafdruk (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tIngetrokken: Ja\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tIngetrokken: Nee\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tTijdsstempels:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tAangemaakt op: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tVervaldatum: Nooit\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tVervaldatum: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tAlgoritme van publieke sleutel: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tNaam[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tIngetrokken naam[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tSubsleutel[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "naam[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "ingetrokken naam[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "vingerafdruk: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "aangemaakt: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "verloopt nooit, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "verloopt: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "versleutelingsalgoritme %s (%d bits)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "onbekend versleutelingsalgoritme (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Informatie over OpenPGP-certificaten:\n"
--- /dev/null
+# Polish translation for gnutls.
+# Copyright (C) 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Jakub Bogusz <qboosh@pld-linux.org>, 2006-2010.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls-2.8.5\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2010-01-04 15:09+0100\n"
+"Last-Translator: Jakub Bogusz <qboosh@pld-linux.org>\n"
+"Language-Team: Polish <translation-team-pl@lists.sourceforge.net>\n"
+"Language: pl\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=ISO-8859-2\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Sukces."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Nie uda³o siê wynegocjowaæ obs³ugiwanego zestawu certyfikatów."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Ten typ certyfikatu nie jest obs³ugiwany."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Certyfikat i dany klucz nie pasuj± do siebie."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Nie uda³o siê wynegocjowaæ obs³ugiwanej metody kompresji."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "Napotkano nieznany algorytm klucza publicznego."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Wynegocjowano algorytm, który nie zosta³ w³±czony."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Odebrano du¿y pakiet rekordu TLS."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "Odebrano pakiet rekordu o niedozwolonej wersji."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Liczba pierwsza Diffie Hellmana wys³ana przez serwer jest nieakceptowalna "
+"(zbyt ma³a)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Odebrano pakiet TLS o nieoczekiwanej d³ugo¶ci."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "Podana sesja zosta³a z jakiego¶ powodu uniewa¿niona."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "B³±d wewnêtrzny GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "Odebrano niedozwolone rozszerzenie TLS."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Odebrano krytyczny alarm TLS."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Odebrano nieoczekiwany pakiet TLS."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "Odebrano ostrzegawczy alarm TLS."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Wykryto b³±d przy obliczaniu pakietu TLS Finished."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "Druga strona nie wys³a³a ¿adnego certyfikatu."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Istnieje ju¿ algorytm kryptograficzny z ni¿szym priorytetem."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Nie znaleziono parametrów tymczasowych RSA."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Nie znaleziono parametrów tymczasowych DH."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Odebrano nieoczekiwany pakiet nawi±zania TLS."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Poszukiwanie du¿ej liczby ca³kowitej nie powiod³o siê."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Nie uda³o siê wyeksportowaæ du¿ej liczby ca³kowitej."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Odszyfrowywanie nie powiod³o siê."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Szyfrowanie nie powiod³o siê."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Odszyfrowywanie z kluczem publicznym nie powiod³o siê."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Szyfrowanie z kluczem publicznym nie powiod³o siê."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Podpisywanie z kluczem publicznym nie powiod³o siê."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Sprawdzenie podpisu z kluczem publicznym nie powiod³o siê."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Dekompresja pakietu rekordu TLS nie powiod³a siê."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Kompresja pakietu rekordu TLS nie powiod³a siê."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "B³±d wewnêtrzny przy przydzielaniu pamiêci."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "Za¿±dano niezaimplementowanej lub wy³±czonej opcji."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Niewystarczaj±ce uprawnienia dla tego ¿±dania."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "B³±d w pliku hase³."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "B³êdne wyrównanie w pakiecie PKCS1."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "¯±dana sesja wygas³a."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Funkcja skrótu nie powiod³a siê."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "B³±d dekodowania base64."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Nieoczekiwany b³±d nag³ówka base64."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "B³±d kodowania base64."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "B³±d przetwarzania pliku hase³."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "¯±dane dane nie by³y dostêpne."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "B³±d w funkcji pull."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "B³±d w funkcji push."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr ""
+"Osi±gniêto górne ograniczenie numerów sekwencyjnych pakietów rekordów. Wow!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "B³±d w certyfikacie."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Nieznana nazwa Subject Alternative w certyfikacie X.509."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Nieobs³ugiwane rozszerzenie krytyczne w certyfikacie X.509."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Wykryto naruszenie u¿ycia klucza w certyfikacie."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Zasoby chwilowo niedostêpne, proszê spróbowaæ ponownie."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Funkcja zosta³a przerwana."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Druga strona za¿±da³a ponownego nawi±zania sesji."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "Odebrano dane aplikacji TLS, ale oczekiwano na nawi±zanie sesji."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "B³±d w backendzie bazy danych."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Ten typ certyfikatu nie jest obs³ugiwany."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Przekazany bufor pamiêci jest zbyt ma³y do przechowania parametrów."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "¯±danie jest nieprawid³owe."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "Odebrano niedozwolony parametr."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "B³±d podczas odczytu pliku."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "Analiza ASN1: Nie znaleziono elementu."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "Analiza ASN1: Nie znaleziono identyfikatora."
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "Analiza ASN1: B³±d przy analizie DER."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "Analiza ASN1: Nie znaleziono warto¶ci."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "Analiza ASN1: Ogólny b³±d przetwarzania."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "Analiza ASN1: Warto¶æ nie jest prawid³owa."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "Analiza ASN1: B³±d w znaczniku."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "Analiza ASN1: b³±d w domy¶lnym znaczniku."
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "Analiza ASN1: B³±d w typie 'ANY'."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "Analiza ASN1: B³±d sk³adni."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "Analiza ASN1: Przepe³nienie przy analizie DER."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Odebrano zbyt du¿o pustych pakietów rekordów."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Inicjalizacja GnuTLS-extra nie powiod³a siê."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"Wersja biblioteki GnuTLS nie zgadza siê z wersj± biblioteki GnuTLS-extra."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "Wersja biblioteki gcrypt jest zbyt stara."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "Wersja biblioteki tasn1 jest zbyt stara."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "Identyfikator u¿ytkownika OpenPGP jest uniewa¿niony."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "B³±d przy wczytywaniu zbioru kluczy."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Inicjalizacja LZO nie powiod³a siê."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Inicjalizacja LZO nie powiod³a siê."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Nie znaleziono obs³ugiwanego algorytmu kompresji."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Nie znaleziono obs³ugiwanego zestawu certyfikatów."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Nie uda³o siê uzyskaæ klucza OpenPGP."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Nie uda³o siê odnale¼æ podklucza OpenPGP."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Renegocjacja niedozwolona"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Renegocjacja niedozwolona"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Podana nazwa u¿ytkownika SRP nie jest dozwolona."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Podana nazwa u¿ytkownika SRP nie jest dozwolona."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "Odcisk klucza OpenPGP nie jest obs³ugiwany."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Ten typ certyfikatu nie jest obs³ugiwany."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Certyfikat ma nieobs³ugiwane atrybuty."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "OID nie jest obs³ugiwany."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Algorytm skrótu jest nieznany."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Typ zawarto¶ci struktury PKCS jest nieznany."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Typ opakowania struktury PKCS jest nieznany."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Podane has³o zawiera nieprawid³owe znaki."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "Sprawdzenie kodu autentyczno¶ci wiadomo¶ci (MAC) nie powiod³o siê."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Osi±gniêto niektóre ograniczenia."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Nie uda³o siê pozyskaæ danych losowych."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Odebrano wiadomo¶æ TLS/IA Intermediate Phase Finished"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Odebrano wiadomo¶æ TLS/IA Final Phase Finished"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Sprawdzenie sumy kontrolnej frazy TLS/IA nie powiod³o siê"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Podany algorytm lub protokó³ jest nieznany."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"Rozmiar danych nawi±zania jest zbyt du¿y (DoS?), proszê sprawdziæ "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "¯±dane dane nie by³y dostêpne."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "B³±d w pliku hase³."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(nieznany kod b³êdu)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Powiadomienie o zamkniêciu"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Nieoczekiwany komunikat"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "B³êdny MAC rekordu"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Odszyfrowywanie nie powiod³o siê"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Przepe³nienie rekordu"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Dekompresja nie powiod³a siê"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Nawi±zanie komunikacji nie powiod³o siê"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "B³êdny certyfikat"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Nieobs³ugiwany certyfikat"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Certyfikat zosta³ anulowany"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Certyfikat wygas³"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Nieznany certyfikat"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Niedozwolony parametr"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "Nieznane CA"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Dostêp zabroniony"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "B³±d dekodowania"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "B³±d odszyfrowywania"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Ograniczenia eksportowe"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "B³±d w wersji protoko³u"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Niewystarczaj±ce bezpieczeñstwo"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Anulowane przez u¿ytkownika"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "B³±d wewnêtrzny"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Renegocjacja niedozwolona"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Nie uda³o siê pobraæ wskazanego certyfikatu"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "Wys³ano nieobs³ugiwane rozszerzenie"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "Nierozpoznana wys³ana nazwa serwera"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "Brak lub nieznana nazwa u¿ytkownika SRP/PSK"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Negocjacja w ramach aplikacji nie powiod³a siê"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Weryfikacja w ramach aplikacji nie powiod³a siê"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tOgraniczenie d³ugo¶ci ¶cie¿ki: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tJêzyk polityki: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolityka:\n"
+"\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tZrzut hex: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tPodpis cyfrowy.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tBez odmowy.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tSzyfrowanie klucza.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tSzyfrowanie danych.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tUzgodnienie klucza.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tPodpisanie certyfikatu.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tPodpisanie CRL.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tTylko szyfrowanie klucza.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tTylko deszyfrowanie klucza.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr "uwaga: distributionPoint zawiera znak NUL, zast±piono znakiem '!'\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tSerwer WWW TLS.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tKlient WWW TLS.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tPodpisywanie kodu.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tOchrona poczty elektronicznej.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tOznaczanie czasu.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tPodpisywanie OCSP.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tDowolne zastosowanie.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tCA: NIE\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tCA: TAK\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tOgraniczenie d³ugo¶ci ¶cie¿ki: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+#, fuzzy
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "warning: SAN zawiera znak NUL, zast±piono znakiem '!'\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tAdres XMPP: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\tOID otherName: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\tDER otherName: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\tASCII otherName: "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tRozszerzenia:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tOgraniczenia podstawowe (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "krytyczny"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "niekrytyczny"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tIdentyfikator klucza przedmiotu (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tIdentyfikator klucza autorytetu (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tU¿ycie klucza (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tPrzeznaczenie klucza (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tAlternatywna nazwa przedmiotu (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tAlternatywna nazwa przedmiotu (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tPunkty rozprowadzania CRL (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tInformacja o certyfikacie proxy (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tNieznane rozszerzenie %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tZrzut hex: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tWersja: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tNumer seryjny (hex): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tWystawca: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tWa¿no¶æ:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tNie wcze¶niej ni¿: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tNie pó¼niej ni¿: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tPrzedmiot: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "nieznany"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tAlgorytm klucza publicznego: %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "%s\t\t\tCA: TAK\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tReszta (bitów: %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tWyk³adnik (bitów: %d):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tKlucz publiczny (bitów: %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tAlgorytm podpisu: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"uwaga: podpisano z³amanym algorytmem podpisu, który mo¿e byæ podrobiony.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tPodpis:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tOdcisk MD5:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tOdcisk SHA-1:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tIdentyfikator klucza publicznego:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "podpisano przy u¿yciu %s (uszkodzonego!), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "podpisano przy u¿yciu %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Informacja o certyfikacie X.509:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Inne informacje:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tWersja: 1 (domy¶lna)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tDaty uaktualnieñ:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tWystawiono: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tNastêpnie: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tRozszerzenia:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tNumer CRL (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tIdentyfikator klucza autorytetu (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tNieznane rozszerzenie %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tZrzut hex: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tUniewa¿nione certyfikaty (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tBrak uniewa¿nionych certyfikatów.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tNumer seryjny (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tUniewa¿niono: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Informacja o li¶cie uniewa¿nieñ certyfikatów X.509:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tWyk³adnik:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tAtrybuty:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tHas³o wyzwania: %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tNieznane rozszerzenie %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Informacja o ¿±daniu certyfikatu PKCS #10:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tU¿ycie klucza:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "b³±d: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tPodpisy cyfrowe.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tSzyfrowanie komunikacji.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tSzyfrowanie przechowywanych danych.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tUwierzytelnianie.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tPodpisanie certyfikatu.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tOdcisk (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tUniewa¿niony: tak\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tUniewa¿niony: nie\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tOznaczenia czasu:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tUtworzenie: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tWyga¶niêcie: nigdy\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tWyga¶niêcie: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tAlgorytm klucza publicznego: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tNazwa[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tNazwa uniewa¿niona[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tPodklucz[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "nazwa[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "nazwa uniewa¿niona[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "odcisk: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "utworzono: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "nigdy nie wygasa, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "wygasa: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "algorytm klucza publicznego %s (bitów: %d)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "nieznany algorytm klucza publicznego (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Informacja o certyfikacie OpenPGP:\n"
--- /dev/null
+s/"\([^"]*\)"/“\1”/g
+s/`\([^`']*\)'/‘\1’/g
+s/ '\([^`']*\)' / ‘\1’ /g
+s/ '\([^`']*\)'$/ ‘\1’/g
+s/^'\([^`']*\)' /‘\1’ /g
+s/“”/""/g
--- /dev/null
+# Sed script that remove the POT-Creation-Date line in the header entry
+# from a POT file.
+#
+# The distinction between the first and the following occurrences of the
+# pattern is achieved by looking at the hold space.
+/^"POT-Creation-Date: .*"$/{
+x
+# Test if the hold space is empty.
+s/P/P/
+ta
+# Yes it was empty. First occurrence. Remove the line.
+g
+d
+bb
+:a
+# The hold space was nonempty. Following occurrences. Do nothing.
+x
+:b
+}
--- /dev/null
+# Swedish translation of libgnutls.
+# Copyright (C) 2007, 2008, 2009 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Daniel Nylander <po@danielnylander.se>, 2006, 2007, 2008, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.8.5\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2009-12-27 18:01+0100\n"
+"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
+"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
+"Language: sv\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=utf-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Lyckades."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Kunde inte förhandla fram en krypteringssvit som stöds."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Krypteringstypen stöds inte."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Certifikatet och den angivna nyckeln stämmer inte överens."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Kunde inte förhandla fram en stödd komprimeringsmetod."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "En okänd publik nyckel-algoritm påträffades."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "En algoritm som inte är aktiverad blev förhandlad."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Ett stort TLS-journalpaket togs emot."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "Ett journalpaket med otillåten version togs emot."
+
+# Stort?
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Diffie-Hellman-primtalet som skickades av servern är inte acceptabelt (inte "
+"tillräckligt långt)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Ett TLS-paket med oväntad längd togs emot."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "Angiven session har av någon anledning blivit ogiltigförklarad."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "Internt fel i GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "En otillåten TLS-utökning togs emot."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Ett ödesdigert TLS-larm togs emot."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Ett oväntat TLS-paket togs emot."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "En TLS-varning har tagits emot."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Ett fel påträffades vid beräkning av TLS Finished-paketet."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "Motparten skickade inget certifikat."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Det finns redan en krypteringsalgoritm med lägre prioritet."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Inga temporära RSA-parametrar hittades."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Inga temporära DH-parametrar hittades."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Ett oväntat TLS-handskakningspaket togs emot."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Avsökningen av ett stort heltal misslyckades."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Kunde inte exportera ett stort heltal."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Dekryptering misslyckades."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Kryptering misslyckades."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Dekryptering av publik nyckel misslyckades."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Kryptering av publik nyckel misslyckades."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Signering av publik nyckel misslyckades."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Validering av av publika nyckelns signatur misslyckades."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Dekomprimering av TLS-journalpaketet har misslyckades."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Komprimering av TLS-journalpaketet har misslyckades."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Internt fel i minnesallokering."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "En icke implementerad eller inaktiverad funktion begärdes."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Otillräckliga rättigheter för begäran."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Fel i lösenordsfil."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Fel utfyllnad i PKCS1-paket."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "Den begärda sessionen har tagit slut."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Hashning misslyckades."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Base64-avkodningsfel."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Oväntat fel i Base64-huvud."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Base64-kodningsfel."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Tolkningsfel i lösenordsfil."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "Begärt data var inte tillgängligt."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Fel i inhämtningsfunktionen."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Fel i utsändningsfunktionen."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr "Den övre gränsen för sekvensnummer för journalpaket har nåtts. Wow!"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Fel i certifikatet."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Okänt alternativt namn för innehavare i X.509-certifikat."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "Icke stödd kritisk utökning i X.509-certifikat."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Överträdelse av nyckelanvändning i certifikat har upptäckts."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Resursen är temporärt otillgänglig, försök igen."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Funktionen avbröts."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Upprepad handskakning begärdes av motparten."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "TLS-programdata togs emot när handskakningsdata förväntades."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Fel i databasbakänden."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Certifikattypen stöds inte."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Den angivna minnesbufferten är för liten för att lagra parametrar."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "Begäran är ogiltig."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "En otillåten parameter har tagits emot."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Fel vid läsning av fil."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "ASN1-tolkare: Elementet hittades inte."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "ASN1-tolkare: Identifieraren hittades inte"
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "ASN1-tolkare: Fel i DER-tolkning."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "ASN1-tolkare: Värdet hittades inte."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "ASN1-tolkare: Allmänt tolkningsfel."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "ASN1-tolkare: Värdet är inte giltigt."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "ASN1-tolkare: Fel i TAG."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "ASN1-tolkare: fel i implicit tag"
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "ASN1-tolkare: Fel i typen \"ANY\"."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "ASN1-tolkare: Syntaxfel."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "ASN1-tolkare: Överflöde i DER-tolkning."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "För många tom journalpaket har tagits emot."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Initieringen av GnuTLS-extra har misslyckats."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"Versionen av GnuTLS-biblioteket stämmer inte överens med versionen av GnuTLS-"
+"extra-biblioteket."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "Versionen av gcrypt-biblioteket är för gammal."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "Versionen av tasn1-biblioteket är för gammal."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "OpenPGP-användaridentiteten är spärrad."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Fel vid inläsning av nyckelringen."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Initiering av LZO misslyckades."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Initiering av LZO misslyckades."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Inga stödda komprimeringsalgoritmer har hittats."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Inga stödda krypteringssviter har hittats."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Kunde inte hämta OpenPGP-nyckel."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Kunde inte hitta OpenPGP-undernyckel."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Ingen återförhandling tillåts"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Ingen återförhandling tillåts"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Det angivna SRP-användarnamnet är inte tillåtet."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Det angivna SRP-användarnamnet är inte tillåtet."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "OpenPGP-fingeravtrycket stöds inte."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Certifikattypen stöds inte."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Certifikatet har attribut som inte stöds."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "OID:n stöds inte."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Hashalgoritmen är okänd."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "PKCS-strukturens innehållstyp är okänd."
+
+# Hjälp!
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "PKCS-strukturens väsktyp är okänd."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Det angivna lösenordet innehåller ogiltiga tecken."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "Validering av meddelandeautentiseringskoden (MAC) misslyckades."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Vissa begränsningar nåddes."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Misslyckades med att få tag på slumpmässigt data."
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Tog emot ett TLS/IA Intermediate Phase Finished-meddelande"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Tog emot ett TLS/IA Final Phase Finished-meddelande"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Validering av kontrollsumma för TLS/IA-fas misslyckades"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Angivna algoritmen eller protokollet är okänt."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"Datastorleken för handskakningen är för stor (DoS?), kontrollera "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "Begärt data var inte tillgängligt."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Fel i lösenordsfil."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(okänd felkod)"
+
+# SSL_shutdown() shuts down an active TLS/SSL connection. It sends the ``close notify'' shutdown alert to the peer.
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Stängningsnotifiering"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Oväntat meddelande"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "Felaktig MAC-post"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Dekryptering misslyckades"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Överflöde i post"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Dekomprimering misslyckades"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Handskakning misslyckades"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Certifikatet är felaktigt"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Certifikatet stöds inte"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Certifikatet var spärrat"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Certifikatet har gått ut"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Okänt certifikat"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Otillåten parameter"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "Certifikatutfärdare är okänd"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Åtkomst nekades"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Avkodningsfel"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Dekrypteringsfel"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Exportbegränsning"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Fel i protokollversion"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Otillräcklig säkerhet"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Användaren avbröt"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Internt fel"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Ingen återförhandling tillåts"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Kunde inte hämta angivet certifikat"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "En utökning skickades som inte stöds"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "Servernamnet som skickades kändes inte igen"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "SRP/PSK-användarnamn saknas eller är inte känt"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Förhandling för inre program misslyckades"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Validering av inre program misslyckades"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tBegränsning för sökvägslängd: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tPolicyspråk: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tHexdump: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tDigital signatur.\n"
+
+# Klassisk term inom digitala certifikat.
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tOförnekbarhet.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tNyckelkryptering.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tDatakryptering.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tNyckelförhandling.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tCertifikatsignering.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tCRL-signering.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tEndast nyckelkryptering.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tEndast nyckeldekryptering.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"varning: distributionPoint innehåller en inbäddad NUL, ersätter med \"!\"\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tTLS WWW-server.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tTLS WWW-klient.\n"
+
+# Källkodssignering?
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tKodsignering.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tE-postskydd.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tTidsstämpling.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tOCSP-signering.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tValfritt syfte.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tCertifikatutfärdare (CA): FALSKT\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tCertifikatutfärdare (CA): SANT\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tBegränsning för sökvägslängd: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+#, fuzzy
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr "varning: SAN innehåller en inbäddad NUL, ersätter med \"!\"\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tXMPP-adress: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\totherName OID: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\totherName DER: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\totherName ASCII: "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tTillägg:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tAllmänna begränsningar (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "kritisk"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "ej kritisk"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\t\tInnehavarens nyckelidentifierare (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tUtfärdarens nyckelidentifierare (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tNyckelanvändning (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tNyckelsyfte (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tInnehavarens alternativa namn (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tInnehavarens alternativa namn (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tCRL-distributionspunkter (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tInformation om proxycertifikat (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tOkänt tillägg %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tHexdump: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tVersion: %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tSerienummer (hex): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tUtfärdare: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tGiltighet:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tInte före: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tInte efter: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tInnehavare: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "okänd"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tAlgoritm för innehavarens publika nyckel: %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "%s\t\t\tCertifikatutfärdare (CA): SANT\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tModulus (bitar %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tExponent (bitar %d):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tPublik nyckel (bitar %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tSignaturalgoritm: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr "varning: signerad med en trasig signaturalgoritm som kan förfalskas.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tSignatur:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tMD5-fingeravtryck:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tSHA-1-fingeravtryck:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tPublik nyckel-identitet:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "signerat med %s (trasig!), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "signerat med %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Information om X.509-certifikat:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Övrig information:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tVersion: 1 (standard)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tUppdateringsdatum:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tUtfärdat: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tNästa den: %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tTillägg:\n"
+
+# Nummer? Antal?
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tCRL-nummer (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tUtfärdarens nyckelidentifierare (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tOkänt tillägg %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tHexdump: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tSpärrade certifikat (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tInga spärrade certifikat.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tSerienummer (hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tSpärrat den: %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Information om spärrlista för X.509-certifikat:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tExponent:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tAttribut:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tMotsvarslösenord: %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tOkänt attribut %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Information om begäran av PKCS #10-certifikat:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tNyckelanvändning:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "fel: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tDigitala signaturer.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tKommunikationskryptering.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tKryptering för datalagring.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tAutentisering.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tCertifikatsignering.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tIdentitet (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tFingeravtryck (hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tSpärrat: Sant\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tSpärrat: Falskt\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tTidsstämplar:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tSkapat den: %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tUtgångsdatum: Aldrig\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tUtgångsdatum: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tAlgoritm för publik nyckel: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tNamn[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tSpärrat namn[%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tUndernyckel[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "namn[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "spärrat namn[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "fingeravtryck: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "skapat: %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "går aldrig ut, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "går ut: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "nyckelalgoritm %s (%d bitar)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "okänd nyckelalgoritm (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Information om OpenPGP-certifikat:\n"
+
+#~ msgid ""
+#~ "The specified GnuPG TrustDB version is not supported. TrustDB v4 is "
+#~ "supported."
+#~ msgstr "Den angivna GnuPG TrustDB-versionen stöds inte. TrustDB v4 stöds."
+
+#~ msgid "\t\t\tPolicy Language: %.*s\n"
+#~ msgstr "\t\t\tPolicyspråk: %.*s\n"
--- /dev/null
+# Vietnamese translation for LibGnuTLS.
+# Copyright © 2010 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Clytie Siddall <clytie@riverland.net.au>, 2008-2010.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.8.5\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2010-02-11 21:58+0930\n"
+"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
+"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n"
+"Language: vi\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=1; plural=0;\n"
+"X-Generator: LocFactoryEditor 1.8\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "Thành công."
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "Không thể thỏa thuận một bộ ứng dụng mật mã được hỗ trợ."
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "Loại mật mã không được hỗ trợ."
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "Chứng nhận và khoá đã cho không tương ứng với nhau."
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "Không thể thỏa thuận một phương pháp nén được hỗ trợ."
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "Gặp một thuật toán khoá công không rõ."
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "Đã thỏa thuận một thuật toán chưa được hiệu lực."
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "Nhận được một gói tin mục ghi TLS lớn."
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "Nhận được một gói tin mục ghi có phiên bản cấm."
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+"Máy phục vụ đã gửi một nguyên tố Diffie Hellman không thích hợp (quá ngắn)."
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "Nhận được một gói tin TLS có chiều dài bất thường."
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "Buổi hợp đã ghi rõ cũng bị tắt vì lý do nào."
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "Lỗi nội bộ GnuTLS."
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "Nhận được một phần mở rộng TLS cấm."
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "Nhận được một cảnh giác nghiêm trọng TLS."
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "Nhận được một gói tin TLS bất thường."
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "Nhận được một cảnh giác báo trước TLS."
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "Gặp lỗi trong phép tính gói tin đã kết thúc TLS."
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "Đồng đẳng chưa gửi chứng nhận."
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "Đã có một thuật toán mật mã có mức ưu tiên thấp hơn."
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "Không tìm thấy tham số RSA tạm thời."
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "Không tìm thấy tham số DH tạm thời."
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "Nhận được một gói tin thiết lập quan hệ TLS bất thường."
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "Lỗi quét một số nguyên lớn."
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "Không thể xuất một số nguyên lớn."
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "Lỗi giải mật mã."
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "Lỗi mật mã hoá."
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "Lỗi giải mật mã khoá công."
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "Lỗi mật mã hoá khoá công."
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "Lỗi ký khoá công."
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "Lỗi thẩm tra chữ ký khoá công."
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "Lỗi giải nén gói tin mục ghi TLS."
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "Lỗi nén gói tin mục ghi TLS."
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "Gặp lỗi nội bộ trong khi cấp phát bộ nhớ."
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "Đã yêu cầu một tính năng bị tắt hoặc chưa được thực hiện."
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "Không đủ thông tin xác thực cho yêu cầu đó."
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "Gặp lỗi trong tập tin mật khẩu."
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "Sai đệm gói tin PKCS1."
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "Đã yêu cầu một buổi hợp đã hết hạn."
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "Lỗi chuyển đổi chuỗi sang một mẫu duy nhất."
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Lỗi giải mã Base64."
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr "Lỗi phần đầu bất thường Base64."
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Lỗi mã hoá Base64."
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "Lỗi phân tích ngữ pháp trong tập tin mật khẩu."
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "Đã yêu cầu dữ liệu không sẵn sàng."
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "Gặp lỗi trong hàm pull."
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "Gặp lỗi trong hàm push."
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr "Mới tới giới hạn trên của số thứ tự gói tin mục ghi !"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "Gặp lỗi trong chứng nhận."
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "Không rõ tên Người dân Xen kẽ trong chứng nhận X.509."
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr ""
+"Gặp phần mở rộng nghiêm trọng không được hỗ trợ trong chứng nhận X.509."
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "Đã phát hiện sự vi phạm cách sử dụng khoá trong chứng nhận."
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "Tài nguyên tạm thời không sẵn sàng, hãy thử lại."
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "Hàm đã bị gián đoạn."
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "Đồng đẳng đã yêu cầu thiết lập lại quan hệ."
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "Nhận được dữ liệu Ứng dụng TLS, còn đợi dữ liệu thiết lập quan hệ."
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "Gặp lỗi trong hậu phương cơ sở dữ liệu."
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "Loại chứng nhận không được hỗ trợ."
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "Đã đưa ra một vùng đệm bộ nhớ quá ngắn để chứa các tham số."
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "Yêu cầu không hợp lệ."
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "Nhận được một tham số cấm."
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "Gặp lỗi khi đọc tập tin."
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "Bộ phân tích ASN1: không tìm thấy phần tử."
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "Bộ phân tích ASN1: không tìm thấy đồ nhận diện."
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "Bộ phân tích ASN1: gặp lỗi khi phân tích ngữ cảnh DER."
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "Bộ phân tích ASN1: không tìm thấy giá trị."
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "Bộ phân tích ASN1: lỗi phân tích ngữ cảnh chung."
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "Bộ phân tích ASN1: giá trị không hợp lệ."
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "Bộ phân tích ASN1: gặp lỗi trong TAG (thẻ)."
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "Bộ phân tích ASN1: gặp lỗi trong thẻ dứt khoát."
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "Bộ phân tích ASN1: gặp lỗi trong loại « ANY » (bất kỳ)."
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "Bộ phân tích ASN1: lỗi cú pháp."
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "Bộ phân tích ASN1: tràn sự phân tích ngữ cảnh DER."
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "Nhận được quá nhiều gói tin mục ghi trống."
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "Lỗi sơ khởi GnuTLS-extra."
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr ""
+"Phiên bản thư viện GnuTLS không tương ứng với phiên bản thư viện GnuTLS-"
+"extra."
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "Phiên bản thư viện gcrypt quá cũ."
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "Phiên bản thư viện tasn1 quá cũ."
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "Mã số người dùng OpenPGP bị thu hồi."
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "Gặp lỗi khi nạp vòng khoá."
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "Lỗi sơ khởi LZO."
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "Lỗi sơ khởi LZO."
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "Không tìm thấy thuật toán nén được hỗ trợ."
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "Không tìm thấy bộ ứng dụng mật mã được hỗ trợ."
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "Không thể lấy khoá OpenPGP."
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr "Không tìm thấy khoá phụ OpenPGP."
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "Không cho phép thỏa thuận lại"
+
+#: gnutls_errors.c:234
+#, fuzzy
+msgid "Unsafe renegotiation denied."
+msgstr "Không cho phép thỏa thuận lại"
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "Đã cung cấp một tên người dùng SRP cấm."
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "Đã cung cấp một tên người dùng SRP cấm."
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "Dấu tay OpenPGP không phải được hỗ trợ."
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "Loại chứng nhận không được hỗ trợ."
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "Chứng nhận có thuộc tính không được hỗ trợ."
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "IOD không được hỗ trợ."
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "Không rõ thuật toán chuyển đổi chuỗi sang mẫu duy nhất (hash)."
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "Không rõ loại nội dung của cấu trúc PKCS."
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "Không rõ loại bao của cấu trúc PKCS."
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "Đã đưa ra một mật khẩu chứa ký tự không hợp lệ."
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "Lỗi thẩm tra Mã Xác Thực Thông Điệp."
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "Đã tới một số giới hạn ràng buộc."
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "Lỗi lấy dữ liệu ngẫu nhiên. "
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "Nhận được một thông điệp Giải đoạn TLS/IA Trung gian đã Kết thúc."
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "Nhận được một thông điệp Giải đoạn TLS/IA Cuối cùng đã Kết thúc."
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "Lỗi thẩm tra tổng kiểm của giải đoạn TLS/IA."
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "Không rõ thuật toán hoặc giao thức đã ghi rõ."
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+"Dữ liệu thiết lập quan hệ có kích cỡ quá lớn (DoS?), hãy kiểm tra lại "
+"gnutls_handshake_set_max_packet_length()."
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "Đã yêu cầu dữ liệu không sẵn sàng."
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "Gặp lỗi trong tập tin mật khẩu."
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(không rõ mã lỗi)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr "Đóng thông báo"
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "Thông điệp bất thường"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr "MAC mục ghi sai"
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "Lỗi giải mật mã"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "Tràn mục ghi"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "Lỗi giải nén"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "Lỗi thiết lập quan hệ"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "Chứng nhận sai"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "Chứng nhận không được hỗ trợ"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "Chứng nhận bị thu hồi"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "Chứng nhận đã hết hạn"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "Không nhận ra chứng nhận"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "Tham số không được phép"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "Không nhận ra nhà cầm quyền cấp chứng nhận (CA)"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "Truy cập bị từ chối"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "Lỗi giải mã"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "Lỗi giải mật mã"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "Giới hạn xuất khẩu"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "Lỗi trong phiên bản giao thức"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "Không đủ bảo mật"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "Người dùng đã thôi"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "Lỗi nội bộ"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr "Không cho phép thỏa thuận lại"
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr "Không thể lấy chứng nhận đã xác định"
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "Đã gửi một phần mở rộng không được hỗ trợ"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "Đã gửi một tên máy phục vụ không được nhận ra"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "Tên người dùng SRP/PSK bị thiếu hay không được nhận ra"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr "Lỗi thỏa thuận ứng dụng bên trong"
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "Không thẩm tra được ứng dụng bên trong"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\tRàng buộc Chiều dài Đường dẫn: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\tNgôn ngữ Chính sách: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\tChính sách:\n"
+"\t\t\t\tASCII: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\tĐổ thập lục: "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\tChữ ký dạng số.\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr "%s\t\t\tKhông từ chối.\n"
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr "%s\t\t\tMật mã hoá khoá.\n"
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr "%s\t\t\tMật mã hoá dữ liệu.\n"
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr "%s\t\t\tChấp thuận khoá.\n"
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\tKý chứng nhận.\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tKý CRL.\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr "%s\t\t\tChỉ mật mã hoá khoá.\n"
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr "%s\t\t\tChỉ giải mật mã khoá.\n"
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"cảnh báo : distributionPoint (điểm phân phối) chứa một NUL nhúng thì thay "
+"thế bằng một dấu chấm than « ! »\n"
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tTrình phục vụ WWW TLS.\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tỨng dụng khách WWW TLS.\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr "%s\t\t\tKý mã.\n"
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tBảo vệ thư điện tử.\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\tGhi thời gian.\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tKý OCSP.\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr "%s\t\t\tBất cứ mục đích nào.\n"
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr "%s\t\t\tNhà cầm quyền chứng nhận (CA): SAI\n"
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr "%s\t\t\tNhà cầm quyền chứng nhận (CA): ĐÚNG\n"
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\tRàng buộc Chiều dài Đường dẫn: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+#, fuzzy
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+"cảnh báo : SAN chứa một NUL nhúng thì thay thế bằng một dấu chấm than « ! »\n"
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tĐịa chỉ XMPP: %.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr "%s\t\t\tOID tên khác: %.*s\n"
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr "%s\t\t\tDER tên khác: "
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+"\n"
+"%s\t\t\tASCII tên khác: "
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\tPhần mở rộng:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\tRàng buộc Cơ bản (%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "tới hạn"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "không tới hạn"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr "%s\tĐồ nhận diện Khoá Người dân (%s):\n"
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr "%s\t\tĐồ nhận diện Khoá Nhà cầm quyền (%s):\n"
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr "%s\t\tSử dụng Khoá (%s):\n"
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr "%s\t\tMục đích Khoá (%s):\n"
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr "%s\t\tTên Xen kẽ Người dân (%s):\n"
+
+#: x509/output.c:922
+#, fuzzy, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr "%s\t\tTên Xen kẽ Người dân (%s):\n"
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr "%s\t\tĐiểm phân phối CRL (%s):\n"
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\tThông tin Chứng nhận Ủy nhiệm (%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\tPhần mở rộng không được nhận ra %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr "%s\t\t\tĐổ thập lục: "
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\tPhiên bản %d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\tSố sản xuất (thập lục): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\tNhà cấp: %s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\tHợp lệ:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\tKhông phải trước: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\tKhông phải sau : %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\tNgười dân: %s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "không rõ"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\tThuật toán Khoá Công Người dân: %s\n"
+
+#: x509/output.c:1163
+#, fuzzy, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr "%s\t\t\tNhà cầm quyền chứng nhận (CA): ĐÚNG\n"
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\tGiá trị tuyệt đối (%d bit):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr "\t\tMũ (%d bit):\n"
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\tKhoá công (%d bit):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\tThuật toán Chữ ký: %s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr ""
+"cảnh báo : đã ký dùng một thuật toán chữ ký bị hỏng có thể bị giả mạo.\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\tChữ ký:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tDấu tay MD5:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tDấu tay SHA1:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\tMã số Khoá Công:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr "đã ký dùng %s (bị hỏng !), "
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr "đã ký dùng %s, "
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "Thông tin Chứng nhận X.509:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "Thông tin khác:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\tPhiên bản: 1 (mặc định)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\tNgày cập nhật:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\tCấp: %s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\tLần sau vào : %s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\tPhần mở rộng:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tSố CRL (%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\tĐồ nhận diện Khoá Nhà cầm quyền (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\tPhần mở rộng không được nhận ra %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\tĐổ thập lục: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\tChứng nhận bị thu hồi (%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\tKhông có chứng nhận bị thu hồi.\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\tSố sản xuất (thập lục): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\tThu hồi vào : %s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "Danh sách Thu hồi Chứng nhận X.509:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\tMũ :\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr "\tThuộc tính:\n"
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr "\t\tMật khẩu yêu cầu : %s\n"
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr "\t\tKhông nhận ra thuộc tính %s:\n"
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr "Thông tin Yêu cầu Chứng nhận PKCS #10:\n"
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr "\t\tSử dụng Khoá:\n"
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "lỗi: get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\tChữ ký thuật số.\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr "\t\t\tMật mã hoá giao thông.\n"
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr "\t\t\tMật mã hoá dữ liệu lưu trữ.\n"
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\tXác thực.\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\tKý chứng nhận.\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tMã số (thập lục): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\tDấu tay (thập lục):"
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\tThu hồi: Đúng\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\tThu hồi: Sai\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\tNhãn thời gian.\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\tTạo : %s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\tHết hạn: Không bao giờ\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\tHết hạn: %s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\tThuật toán Khoá Công: %s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\tTên[%d]: %s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\tTên bị thu hồi [%d]: %s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+"\n"
+"\tKhoá phụ[%d]:\n"
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "tên[%d]: %s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr "tên bị thu hồi[%d]: %s, "
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "dấu tay: "
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "tạo : %s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "không bao giờ hết hạn, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "hết hạn: %s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr "thuật toán khoá %s (%d bit)"
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr "không nhận ra thuật toán khoá (%d)"
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "Thông tin chứng nhận OpenPGP:\n"
--- /dev/null
+# Simplified Chinese translation for libgnutls
+# Copyright (C) 2009 Free Software Foundation, Inc.
+# This file is distributed under the same license as the libgnutls package.
+# Tao Wei <weitao1979@gmail.com>, 2008.
+# Aron Xu <happyaron.xu@gmail.com>, 2009.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: libgnutls 2.8.1\n"
+"Report-Msgid-Bugs-To: bug-gnutls@gnu.org\n"
+"POT-Creation-Date: 2011-03-31 19:54+0900\n"
+"PO-Revision-Date: 2009-11-09 19:16+0800\n"
+"Last-Translator: Aron Xu <happyaron.xu@gmail.com>\n"
+"Language-Team: Chinese (simplified) <i18n-zh@googlegroups.com>\n"
+"Language: zh_CN\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#: gnutls_errors.c:54
+msgid "Success."
+msgstr "成功。"
+
+#: gnutls_errors.c:55
+msgid "Could not negotiate a supported cipher suite."
+msgstr "无法协商受支持的密码算法。"
+
+#: gnutls_errors.c:57
+msgid "The cipher type is unsupported."
+msgstr "密码类型不支持。"
+
+#: gnutls_errors.c:59
+msgid "The certificate and the given key do not match."
+msgstr "证书与密钥不匹配。"
+
+#: gnutls_errors.c:61
+msgid "Could not negotiate a supported compression method."
+msgstr "无法协商支持的压缩方法。"
+
+#: gnutls_errors.c:63
+msgid "An unknown public key algorithm was encountered."
+msgstr "遇到未知的公钥算法。"
+
+#: gnutls_errors.c:66
+msgid "An algorithm that is not enabled was negotiated."
+msgstr "协商的算法未启用。"
+
+#: gnutls_errors.c:68
+msgid "A large TLS record packet was received."
+msgstr "收到大 TLS 记录数据包。"
+
+#: gnutls_errors.c:70
+msgid "A record packet with illegal version was received."
+msgstr "收到的记录包版本非法。"
+
+#: gnutls_errors.c:73
+msgid ""
+"The Diffie-Hellman prime sent by the server is not acceptable (not long "
+"enough)."
+msgstr ""
+
+#: gnutls_errors.c:75
+msgid "A TLS packet with unexpected length was received."
+msgstr "收到了意外长度的 TLS 数据包。"
+
+#: gnutls_errors.c:78
+msgid "The specified session has been invalidated for some reason."
+msgstr "指定的会话已因故失效。"
+
+#: gnutls_errors.c:81
+msgid "GnuTLS internal error."
+msgstr "GnuTLS 内部错误。"
+
+#: gnutls_errors.c:82
+msgid "An illegal TLS extension was received."
+msgstr "收到一个非法的 TLS 扩展包。"
+
+#: gnutls_errors.c:84
+msgid "A TLS fatal alert has been received."
+msgstr "收到一个 TLS 致命错误警告。"
+
+#: gnutls_errors.c:86
+msgid "An unexpected TLS packet was received."
+msgstr "收到一个意外的 TLS 数据包。"
+
+#: gnutls_errors.c:88
+msgid "A TLS warning alert has been received."
+msgstr "收到一个 TLS 警告信息。"
+
+#: gnutls_errors.c:91
+msgid "An error was encountered at the TLS Finished packet calculation."
+msgstr "在完成 TLS 数据包计算时出错。"
+
+#: gnutls_errors.c:93
+msgid "The peer did not send any certificate."
+msgstr "对方未发送任何证书。"
+
+#: gnutls_errors.c:95
+msgid "The given DSA key is incompatible with the selected TLS protocol."
+msgstr ""
+
+#: gnutls_errors.c:98
+msgid "There is already a crypto algorithm with lower priority."
+msgstr "已经有一个低优先级的加密算法。"
+
+#: gnutls_errors.c:101
+msgid "No temporary RSA parameters were found."
+msgstr "未发现 RSA 临时参数。"
+
+#: gnutls_errors.c:103
+msgid "No temporary DH parameters were found."
+msgstr "未发现临时 DH 参数。"
+
+#: gnutls_errors.c:105
+msgid "An unexpected TLS handshake packet was received."
+msgstr "收到意外的 TLS 握手数据包。"
+
+#: gnutls_errors.c:107
+msgid "The scanning of a large integer has failed."
+msgstr "大整数扫描失败。"
+
+#: gnutls_errors.c:109
+msgid "Could not export a large integer."
+msgstr "无法输出大整数。"
+
+#: gnutls_errors.c:111
+msgid "Decryption has failed."
+msgstr "解密失败。"
+
+#: gnutls_errors.c:112
+msgid "Encryption has failed."
+msgstr "加密失败。"
+
+#: gnutls_errors.c:113
+msgid "Public key decryption has failed."
+msgstr "公钥解密失败。"
+
+#: gnutls_errors.c:115
+msgid "Public key encryption has failed."
+msgstr "公钥加密失败。"
+
+#: gnutls_errors.c:117
+msgid "Public key signing has failed."
+msgstr "公钥签名失败。"
+
+#: gnutls_errors.c:119
+msgid "Public key signature verification has failed."
+msgstr "公钥签名验证失败。"
+
+#: gnutls_errors.c:121
+msgid "Decompression of the TLS record packet has failed."
+msgstr "TLS 记录数据包解压缩失败。"
+
+#: gnutls_errors.c:123
+msgid "Compression of the TLS record packet has failed."
+msgstr "TLS 记录数据包压缩失败。"
+
+#: gnutls_errors.c:126
+msgid "Internal error in memory allocation."
+msgstr "在分配内存时发生内部错误。"
+
+#: gnutls_errors.c:128
+msgid "An unimplemented or disabled feature has been requested."
+msgstr "所请求的特性尚未实现或已被禁用。"
+
+#: gnutls_errors.c:130
+msgid "Insufficient credentials for that request."
+msgstr "此请求的信任凭证不足。"
+
+#: gnutls_errors.c:132
+msgid "Error in password file."
+msgstr "密码文件错误。"
+
+#: gnutls_errors.c:133
+msgid "Wrong padding in PKCS1 packet."
+msgstr "PKC51 数据包填充错误。"
+
+#: gnutls_errors.c:135
+msgid "The requested session has expired."
+msgstr "请求的会话已过期。"
+
+#: gnutls_errors.c:136
+msgid "Hashing has failed."
+msgstr "散列运算失败。"
+
+#: gnutls_errors.c:137
+msgid "Base64 decoding error."
+msgstr "Base64 解码出错。"
+
+#: gnutls_errors.c:139
+msgid "Base64 unexpected header error."
+msgstr ""
+
+#: gnutls_errors.c:142
+msgid "Base64 encoding error."
+msgstr "Base64 编码出错。"
+
+#: gnutls_errors.c:144
+msgid "Parsing error in password file."
+msgstr "密码文件解析出错。"
+
+#: gnutls_errors.c:146
+msgid "The requested data were not available."
+msgstr "请求的数据不可用。"
+
+#: gnutls_errors.c:148
+msgid "Error in the pull function."
+msgstr "在 pull 函数中出错。"
+
+#: gnutls_errors.c:149
+msgid "Error in the push function."
+msgstr "在 push 函数中出错。"
+
+#: gnutls_errors.c:151
+msgid ""
+"The upper limit of record packet sequence numbers has been reached. Wow!"
+msgstr "哦!记录数据包序列的上限值已到。"
+
+#: gnutls_errors.c:153
+msgid "Error in the certificate."
+msgstr "证书出错。"
+
+#: gnutls_errors.c:155
+msgid "Unknown Subject Alternative name in X.509 certificate."
+msgstr "X.509 证书中含有未知的主体代用名。"
+
+#: gnutls_errors.c:158
+msgid "Unsupported critical extension in X.509 certificate."
+msgstr "X.509 证书中含有不支持的关键性扩展。"
+
+#: gnutls_errors.c:160
+msgid "Key usage violation in certificate has been detected."
+msgstr "在证书中检测到违规的密钥用法。"
+
+#: gnutls_errors.c:162
+msgid "Resource temporarily unavailable, try again."
+msgstr "资源临时不可用,请重试。"
+
+#: gnutls_errors.c:164
+msgid "Function was interrupted."
+msgstr "函数被中断。"
+
+#: gnutls_errors.c:165
+msgid "Rehandshake was requested by the peer."
+msgstr "按对方请求重新握手。"
+
+#: gnutls_errors.c:168
+msgid "TLS Application data were received, while expecting handshake data."
+msgstr "在期望接收 TLS 握手数据时接收到应用数据。"
+
+#: gnutls_errors.c:170
+msgid "Error in Database backend."
+msgstr "数据库后端出错。"
+
+#: gnutls_errors.c:171
+msgid "The certificate type is not supported."
+msgstr "不支持的证书类型。"
+
+#: gnutls_errors.c:173
+msgid "The given memory buffer is too short to hold parameters."
+msgstr "给待处理参数预留的内存缓冲区过短。"
+
+#: gnutls_errors.c:175
+msgid "The request is invalid."
+msgstr "请求无效。"
+
+#: gnutls_errors.c:176
+msgid "An illegal parameter has been received."
+msgstr "收到一个非法参数。"
+
+#: gnutls_errors.c:178
+msgid "Error while reading file."
+msgstr "读取文件时出错。"
+
+#: gnutls_errors.c:180
+msgid "ASN1 parser: Element was not found."
+msgstr "ASN1 解析器:找不到元素。"
+
+#: gnutls_errors.c:182
+msgid "ASN1 parser: Identifier was not found"
+msgstr "ASN1 解析器:找不到标识。"
+
+#: gnutls_errors.c:184
+msgid "ASN1 parser: Error in DER parsing."
+msgstr "ASN1 解析器:DER 解析时出错。"
+
+#: gnutls_errors.c:186
+msgid "ASN1 parser: Value was not found."
+msgstr "ASN1 解析器:找不到值。"
+
+#: gnutls_errors.c:188
+msgid "ASN1 parser: Generic parsing error."
+msgstr "ASN1 解析器:常规解析中出错。"
+
+#: gnutls_errors.c:190
+msgid "ASN1 parser: Value is not valid."
+msgstr "ASN1 解析器:无效的值。"
+
+#: gnutls_errors.c:192
+msgid "ASN1 parser: Error in TAG."
+msgstr "ASN1 解析器:标签中出错。"
+
+#: gnutls_errors.c:193
+msgid "ASN1 parser: error in implicit tag"
+msgstr "ASN1 解析器:隐式标签中出错。"
+
+#: gnutls_errors.c:195
+msgid "ASN1 parser: Error in type 'ANY'."
+msgstr "ASN1 解析器:‘ANY’类型中出错。"
+
+#: gnutls_errors.c:197
+msgid "ASN1 parser: Syntax error."
+msgstr "ASN1 解析器:语法出错。"
+
+#: gnutls_errors.c:199
+msgid "ASN1 parser: Overflow in DER parsing."
+msgstr "ASN1 解析器:DER 解析中出现溢出。"
+
+#: gnutls_errors.c:202
+msgid "Too many empty record packets have been received."
+msgstr "收到了过多的空记录包。"
+
+#: gnutls_errors.c:204
+msgid "The initialization of GnuTLS-extra has failed."
+msgstr "GnuTLS-extra 初始化失败。"
+
+#: gnutls_errors.c:207
+msgid ""
+"The GnuTLS library version does not match the GnuTLS-extra library version."
+msgstr "GnuTLS 和 GnuTLS-extra 的库版本不相吻合。"
+
+#: gnutls_errors.c:209
+msgid "The gcrypt library version is too old."
+msgstr "gcrypt 库的版本过旧。"
+
+#: gnutls_errors.c:212
+msgid "The tasn1 library version is too old."
+msgstr "tasn1 库的版本过旧。"
+
+#: gnutls_errors.c:214
+msgid "The OpenPGP User ID is revoked."
+msgstr "OpenPGP 用户 ID 已吊销。"
+
+#: gnutls_errors.c:216
+msgid "The OpenPGP key has not a preferred key set."
+msgstr ""
+
+#: gnutls_errors.c:218
+msgid "Error loading the keyring."
+msgstr "载入密钥环时出错。"
+
+#: gnutls_errors.c:220
+#, fuzzy
+msgid "The initialization of crypto backend has failed."
+msgstr "LZO 算法初始化失败。"
+
+#: gnutls_errors.c:222
+msgid "The initialization of LZO has failed."
+msgstr "LZO 算法初始化失败。"
+
+#: gnutls_errors.c:224
+msgid "No supported compression algorithms have been found."
+msgstr "找不到支持的压缩算法。"
+
+#: gnutls_errors.c:226
+msgid "No supported cipher suites have been found."
+msgstr "找不到支持的密码机制。"
+
+#: gnutls_errors.c:228
+msgid "Could not get OpenPGP key."
+msgstr "无法获得 OpenPGP 密钥。"
+
+#: gnutls_errors.c:230
+msgid "Could not find OpenPGP subkey."
+msgstr ""
+
+#: gnutls_errors.c:232
+#, fuzzy
+msgid "Safe renegotiation failed."
+msgstr "解密失败"
+
+#: gnutls_errors.c:234
+msgid "Unsafe renegotiation denied."
+msgstr ""
+
+#: gnutls_errors.c:237
+msgid "The SRP username supplied is illegal."
+msgstr "提供的 SRP 用户名非法。"
+
+#: gnutls_errors.c:239
+#, fuzzy
+msgid "The SRP username supplied is unknown."
+msgstr "提供的 SRP 用户名非法。"
+
+#: gnutls_errors.c:242
+msgid "The OpenPGP fingerprint is not supported."
+msgstr "不支持 OpenPGP 指纹。"
+
+#: gnutls_errors.c:244
+#, fuzzy
+msgid "The signature algorithm is not supported."
+msgstr "不支持的证书类型。"
+
+#: gnutls_errors.c:246
+msgid "The certificate has unsupported attributes."
+msgstr "证书中含有不支持的属性。"
+
+#: gnutls_errors.c:248
+msgid "The OID is not supported."
+msgstr "不支持 OID。"
+
+#: gnutls_errors.c:250
+msgid "The hash algorithm is unknown."
+msgstr "未知的散列算法。"
+
+#: gnutls_errors.c:252
+msgid "The PKCS structure's content type is unknown."
+msgstr "未知的 PKCS 内容类型结构。"
+
+#: gnutls_errors.c:254
+msgid "The PKCS structure's bag type is unknown."
+msgstr "未知的 PKCS 包类型结构。"
+
+#: gnutls_errors.c:256
+msgid "The given password contains invalid characters."
+msgstr "给出的密码中包含无效字符。"
+
+#: gnutls_errors.c:258
+msgid "The Message Authentication Code verification failed."
+msgstr "消息认证代码确认失败。"
+
+#: gnutls_errors.c:260
+msgid "Some constraint limits were reached."
+msgstr "已达到某些约束限定。"
+
+#: gnutls_errors.c:262
+msgid "Failed to acquire random data."
+msgstr "获取随机数据失败。"
+
+#: gnutls_errors.c:265
+msgid "Received a TLS/IA Intermediate Phase Finished message"
+msgstr "收到 TLS/IA 中间相位完成信息。"
+
+#: gnutls_errors.c:267
+msgid "Received a TLS/IA Final Phase Finished message"
+msgstr "收到 TLS/IA 末尾相位完成信息。"
+
+#: gnutls_errors.c:269
+msgid "Verifying TLS/IA phase checksum failed"
+msgstr "校验 TLS/IA 相位和失败。"
+
+#: gnutls_errors.c:272
+msgid "The specified algorithm or protocol is unknown."
+msgstr "指定的算法或协议未知。"
+
+#: gnutls_errors.c:275
+msgid ""
+"The handshake data size is too large (DoS?), check "
+"gnutls_handshake_set_max_packet_length()."
+msgstr ""
+
+#: gnutls_errors.c:279
+msgid "Error opening /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:282
+msgid "Error interfacing with /dev/crypto"
+msgstr ""
+
+#: gnutls_errors.c:285
+#, fuzzy
+msgid "Channel binding data not available"
+msgstr "请求的数据不可用。"
+
+#: gnutls_errors.c:288
+msgid "PKCS #11 error."
+msgstr ""
+
+#: gnutls_errors.c:290
+msgid "PKCS #11 initialization error."
+msgstr ""
+
+#: gnutls_errors.c:292
+#, fuzzy
+msgid "Error in parsing."
+msgstr "密码文件错误。"
+
+#: gnutls_errors.c:294
+msgid "PKCS #11 error in PIN."
+msgstr ""
+
+#: gnutls_errors.c:296
+msgid "PKCS #11 PIN should be saved."
+msgstr ""
+
+#: gnutls_errors.c:298
+msgid "PKCS #11 error in slot"
+msgstr ""
+
+#: gnutls_errors.c:300
+msgid "Thread locking error"
+msgstr ""
+
+#: gnutls_errors.c:302
+msgid "PKCS #11 error in attribute"
+msgstr ""
+
+#: gnutls_errors.c:304
+msgid "PKCS #11 error in device"
+msgstr ""
+
+#: gnutls_errors.c:306
+msgid "PKCS #11 error in data"
+msgstr ""
+
+#: gnutls_errors.c:308
+msgid "PKCS #11 unsupported feature"
+msgstr ""
+
+#: gnutls_errors.c:310
+msgid "PKCS #11 error in key"
+msgstr ""
+
+#: gnutls_errors.c:312
+msgid "PKCS #11 PIN expired"
+msgstr ""
+
+#: gnutls_errors.c:314
+msgid "PKCS #11 PIN locked"
+msgstr ""
+
+#: gnutls_errors.c:316
+msgid "PKCS #11 error in session"
+msgstr ""
+
+#: gnutls_errors.c:318
+msgid "PKCS #11 error in signature"
+msgstr ""
+
+#: gnutls_errors.c:320
+msgid "PKCS #11 error in token"
+msgstr ""
+
+#: gnutls_errors.c:322
+msgid "PKCS #11 user error"
+msgstr ""
+
+#: gnutls_errors.c:409
+msgid "(unknown error code)"
+msgstr "(未知错误代码)"
+
+#: gnutls_alert.c:43
+msgid "Close notify"
+msgstr ""
+
+#: gnutls_alert.c:44
+msgid "Unexpected message"
+msgstr "未预料的消息"
+
+#: gnutls_alert.c:45
+msgid "Bad record MAC"
+msgstr ""
+
+#: gnutls_alert.c:46
+msgid "Decryption failed"
+msgstr "解密失败"
+
+#: gnutls_alert.c:47
+msgid "Record overflow"
+msgstr "记录溢出"
+
+#: gnutls_alert.c:48
+msgid "Decompression failed"
+msgstr "解压缩失败"
+
+#: gnutls_alert.c:49
+msgid "Handshake failed"
+msgstr "握手失败"
+
+#: gnutls_alert.c:50
+msgid "Certificate is bad"
+msgstr "证书无效"
+
+#: gnutls_alert.c:51
+msgid "Certificate is not supported"
+msgstr "证书不被支持"
+
+#: gnutls_alert.c:52
+msgid "Certificate was revoked"
+msgstr "证书已吊销"
+
+#: gnutls_alert.c:53
+msgid "Certificate is expired"
+msgstr "证书过期"
+
+#: gnutls_alert.c:54
+msgid "Unknown certificate"
+msgstr "未知证书"
+
+#: gnutls_alert.c:55
+msgid "Illegal parameter"
+msgstr "非法参数"
+
+#: gnutls_alert.c:56
+msgid "CA is unknown"
+msgstr "未知 CA"
+
+#: gnutls_alert.c:57
+msgid "Access was denied"
+msgstr "访问被拒绝"
+
+#: gnutls_alert.c:58
+msgid "Decode error"
+msgstr "解码错误"
+
+#: gnutls_alert.c:59
+msgid "Decrypt error"
+msgstr "解密出错"
+
+#: gnutls_alert.c:60
+msgid "Export restriction"
+msgstr "导出受限"
+
+#: gnutls_alert.c:61
+msgid "Error in protocol version"
+msgstr "协议版本出错"
+
+#: gnutls_alert.c:62
+msgid "Insufficient security"
+msgstr "不够安全"
+
+#: gnutls_alert.c:63
+msgid "User canceled"
+msgstr "用户已取消"
+
+#: gnutls_alert.c:64
+msgid "Internal error"
+msgstr "内部错误"
+
+#: gnutls_alert.c:65
+msgid "No renegotiation is allowed"
+msgstr ""
+
+#: gnutls_alert.c:67
+msgid "Could not retrieve the specified certificate"
+msgstr ""
+
+#: gnutls_alert.c:68
+msgid "An unsupported extension was sent"
+msgstr "发送了一个不支持的扩展"
+
+#: gnutls_alert.c:70
+msgid "The server name sent was not recognized"
+msgstr "发送的服务器名未被识别"
+
+#: gnutls_alert.c:72
+msgid "The SRP/PSK username is missing or not known"
+msgstr "SRP/PSK 用户名丢失或未知"
+
+#: gnutls_alert.c:74
+msgid "Inner application negotiation failed"
+msgstr ""
+
+#: gnutls_alert.c:76
+msgid "Inner application verification failed"
+msgstr "内部应用程序验证失败"
+
+#: x509/output.c:157
+#, c-format
+msgid "\t\t\tPath Length Constraint: %d\n"
+msgstr "\t\t\t路径长度常数: %d\n"
+
+#: x509/output.c:158
+#, c-format
+msgid "\t\t\tPolicy Language: %s"
+msgstr "\t\t\t策略语言: %s"
+
+#: x509/output.c:167
+msgid ""
+"\t\t\tPolicy:\n"
+"\t\t\t\tASCII: "
+msgstr ""
+"\t\t\t策略:\n"
+"\t\t\t\tASCII:: "
+
+#: x509/output.c:169
+msgid ""
+"\n"
+"\t\t\t\tHexdump: "
+msgstr ""
+"\n"
+"\t\t\t\t十六进制输出 "
+
+#: x509/output.c:302
+#, c-format
+msgid "%s\t\t\tDigital signature.\n"
+msgstr "%s\t\t\t数字签名。\n"
+
+#: x509/output.c:304
+#, c-format
+msgid "%s\t\t\tNon repudiation.\n"
+msgstr ""
+
+#: x509/output.c:306
+#, c-format
+msgid "%s\t\t\tKey encipherment.\n"
+msgstr ""
+
+#: x509/output.c:308
+#, c-format
+msgid "%s\t\t\tData encipherment.\n"
+msgstr ""
+
+#: x509/output.c:310
+#, c-format
+msgid "%s\t\t\tKey agreement.\n"
+msgstr ""
+
+#: x509/output.c:312
+#, c-format
+msgid "%s\t\t\tCertificate signing.\n"
+msgstr "%s\t\t\t证书签名。\n"
+
+#: x509/output.c:314
+#, c-format
+msgid "%s\t\t\tCRL signing.\n"
+msgstr "%s\t\t\tCRL 签名。\n"
+
+#: x509/output.c:316
+#, c-format
+msgid "%s\t\t\tKey encipher only.\n"
+msgstr ""
+
+#: x509/output.c:318
+#, c-format
+msgid "%s\t\t\tKey decipher only.\n"
+msgstr ""
+
+#: x509/output.c:369
+msgid ""
+"warning: distributionPoint contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:462
+#, c-format
+msgid "%s\t\t\tTLS WWW Server.\n"
+msgstr "%s\t\t\tTLS WWW 服务器。\n"
+
+#: x509/output.c:464
+#, c-format
+msgid "%s\t\t\tTLS WWW Client.\n"
+msgstr "%s\t\t\tTLS WWW 客户端。\n"
+
+#: x509/output.c:466
+#, c-format
+msgid "%s\t\t\tCode signing.\n"
+msgstr ""
+
+#: x509/output.c:468
+#, c-format
+msgid "%s\t\t\tEmail protection.\n"
+msgstr "%s\t\t\tEmail 保护。\n"
+
+#: x509/output.c:470
+#, c-format
+msgid "%s\t\t\tTime stamping.\n"
+msgstr "%s\t\t\t时间戳。\n"
+
+#: x509/output.c:472
+#, c-format
+msgid "%s\t\t\tOCSP signing.\n"
+msgstr "%s\t\t\tOCSP 签名。\n"
+
+#: x509/output.c:474
+#, c-format
+msgid "%s\t\t\tIpsec IKE.\n"
+msgstr ""
+
+#: x509/output.c:476
+#, c-format
+msgid "%s\t\t\tAny purpose.\n"
+msgstr ""
+
+#: x509/output.c:509
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): FALSE\n"
+msgstr ""
+
+#: x509/output.c:511
+#, c-format
+msgid "%s\t\t\tCertificate Authority (CA): TRUE\n"
+msgstr ""
+
+#: x509/output.c:514
+#, c-format
+msgid "%s\t\t\tPath Length Constraint: %d\n"
+msgstr "%s\t\t\t路径长度限制: %d\n"
+
+#: x509/output.c:588 x509/output.c:678
+msgid "warning: altname contains an embedded NUL, replacing with '!'\n"
+msgstr ""
+
+#: x509/output.c:684
+#, c-format
+msgid "%s\t\t\tXMPP Address: %.*s\n"
+msgstr "%s\t\t\tXMPP 地址:%.*s\n"
+
+#: x509/output.c:689
+#, c-format
+msgid "%s\t\t\totherName OID: %.*s\n"
+msgstr ""
+
+#: x509/output.c:691
+#, c-format
+msgid "%s\t\t\totherName DER: "
+msgstr ""
+
+#: x509/output.c:693
+#, c-format
+msgid ""
+"\n"
+"%s\t\t\totherName ASCII: "
+msgstr ""
+
+#: x509/output.c:817
+#, c-format
+msgid "%s\tExtensions:\n"
+msgstr "%s\t扩展:\n"
+
+#: x509/output.c:827
+#, c-format
+msgid "%s\t\tBasic Constraints (%s):\n"
+msgstr "%s\t\t基本限制(%s):\n"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "critical"
+msgstr "关键"
+
+#: x509/output.c:828 x509/output.c:843 x509/output.c:860 x509/output.c:876
+#: x509/output.c:891 x509/output.c:908 x509/output.c:923 x509/output.c:938
+#: x509/output.c:956 x509/output.c:969 x509/output.c:1696 x509/output.c:1719
+#: x509/output.c:1732
+msgid "not critical"
+msgstr "非关键"
+
+#: x509/output.c:842
+#, c-format
+msgid "%s\t\tSubject Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:859
+#, c-format
+msgid "%s\t\tAuthority Key Identifier (%s):\n"
+msgstr ""
+
+#: x509/output.c:875
+#, c-format
+msgid "%s\t\tKey Usage (%s):\n"
+msgstr ""
+
+#: x509/output.c:890
+#, c-format
+msgid "%s\t\tKey Purpose (%s):\n"
+msgstr ""
+
+#: x509/output.c:907
+#, c-format
+msgid "%s\t\tSubject Alternative Name (%s):\n"
+msgstr ""
+
+#: x509/output.c:922
+#, c-format
+msgid "%s\t\tIssuer Alternative Name (%s):\n"
+msgstr ""
+
+#: x509/output.c:937
+#, c-format
+msgid "%s\t\tCRL Distribution points (%s):\n"
+msgstr ""
+
+#: x509/output.c:955
+#, c-format
+msgid "%s\t\tProxy Certificate Information (%s):\n"
+msgstr "%s\t\t代理证书信息(%s):\n"
+
+#: x509/output.c:968
+#, c-format
+msgid "%s\t\tUnknown extension %s (%s):\n"
+msgstr "%s\t\t未知扩展 %s (%s):\n"
+
+#: x509/output.c:1015
+#, c-format
+msgid "%s\t\t\tASCII: "
+msgstr "%s\t\t\tASCII: "
+
+#: x509/output.c:1019
+#, c-format
+msgid "%s\t\t\tHexdump: "
+msgstr ""
+
+#: x509/output.c:1037 x509/output.c:1584 x509/output.c:1914
+#: openpgp/output.c:326
+#, c-format
+msgid "\tVersion: %d\n"
+msgstr "\t版本:%d\n"
+
+#: x509/output.c:1051
+msgid "\tSerial Number (hex): "
+msgstr "\t序列号(16进制): "
+
+#: x509/output.c:1080 x509/output.c:1610
+#, c-format
+msgid "\tIssuer: %s\n"
+msgstr "\t发行者:%s\n"
+
+#: x509/output.c:1090
+msgid "\tValidity:\n"
+msgstr "\t有效性:\n"
+
+#: x509/output.c:1103
+#, c-format
+msgid "\t\tNot Before: %s\n"
+msgstr "\t\t不早于: %s\n"
+
+#: x509/output.c:1117
+#, c-format
+msgid "\t\tNot After: %s\n"
+msgstr "\t\t不晚于: %s\n"
+
+#: x509/output.c:1142 x509/output.c:1938
+#, c-format
+msgid "\tSubject: %s\n"
+msgstr "\t主题:%s\n"
+
+#: x509/output.c:1160 x509/output.c:1253 x509/output.c:1423 x509/output.c:1831
+#: x509/output.c:1956 openpgp/output.c:238
+msgid "unknown"
+msgstr "未知"
+
+#: x509/output.c:1162 x509/output.c:1958
+#, c-format
+msgid "\tSubject Public Key Algorithm: %s\n"
+msgstr "\t主公钥算法: %s\n"
+
+#: x509/output.c:1163
+#, c-format
+msgid "\tCertificate Security Level: %s\n"
+msgstr ""
+
+#: x509/output.c:1180 x509/output.c:1971 openpgp/output.c:262
+#, c-format
+msgid "\t\tModulus (bits %d):\n"
+msgstr "\t\t模块(位 %d):\n"
+
+#: x509/output.c:1182
+#, c-format
+msgid "\t\tExponent (bits %d):\n"
+msgstr ""
+
+#: x509/output.c:1202 x509/output.c:1993 openpgp/output.c:289
+#, c-format
+msgid "\t\tPublic key (bits %d):\n"
+msgstr "\t\t公钥 (位 %d):\n"
+
+#: x509/output.c:1204 x509/output.c:1995 openpgp/output.c:291
+msgid "\t\tP:\n"
+msgstr "\t\tP:\n"
+
+#: x509/output.c:1206 x509/output.c:1997 openpgp/output.c:293
+msgid "\t\tQ:\n"
+msgstr "\t\tQ:\n"
+
+#: x509/output.c:1208 x509/output.c:1999 openpgp/output.c:295
+msgid "\t\tG:\n"
+msgstr "\t\tG:\n"
+
+#: x509/output.c:1254 x509/output.c:1832
+#, c-format
+msgid "\tSignature Algorithm: %s\n"
+msgstr "\t签名算法:%s\n"
+
+#: x509/output.c:1258 x509/output.c:1836
+msgid ""
+"warning: signed using a broken signature algorithm that can be forged.\n"
+msgstr "警告:使用可伪造的签名算法进行了签名。\n"
+
+#: x509/output.c:1285 x509/output.c:1863
+msgid "\tSignature:\n"
+msgstr "\t签名:\n"
+
+#: x509/output.c:1308
+msgid ""
+"\tMD5 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tMD5 指纹:\n"
+"\t\t"
+
+#: x509/output.c:1310
+msgid ""
+"\tSHA-1 fingerprint:\n"
+"\t\t"
+msgstr ""
+"\tSHA-1 指纹:\n"
+"\t\t"
+
+#: x509/output.c:1329 x509/output.c:2175
+msgid ""
+"\tPublic Key Id:\n"
+"\t\t"
+msgstr ""
+"\t公钥 Id:\n"
+"\t\t"
+
+#: x509/output.c:1425
+#, c-format
+msgid "signed using %s (broken!), "
+msgstr ""
+
+#: x509/output.c:1427
+#, c-format
+msgid "signed using %s, "
+msgstr ""
+
+#: x509/output.c:1540
+msgid "X.509 Certificate Information:\n"
+msgstr "X.509 证书信息:\n"
+
+#: x509/output.c:1544 x509/output.c:2212
+msgid "Other Information:\n"
+msgstr "其它信息:\n"
+
+#: x509/output.c:1580
+msgid "\tVersion: 1 (default)\n"
+msgstr "\t版本:1 (默认)\n"
+
+#: x509/output.c:1620
+msgid "\tUpdate dates:\n"
+msgstr "\t更新日期:\n"
+
+#: x509/output.c:1633
+#, c-format
+msgid "\t\tIssued: %s\n"
+msgstr "\t\t发行:%s\n"
+
+#: x509/output.c:1649
+#, c-format
+msgid "\t\tNext at: %s\n"
+msgstr "\t\t下一个位于:%s\n"
+
+#: x509/output.c:1680
+msgid "\tExtensions:\n"
+msgstr "\t扩展:\n"
+
+#: x509/output.c:1695
+#, c-format
+msgid "\t\tCRL Number (%s): "
+msgstr "\t\tCRL 号(%s): "
+
+#: x509/output.c:1718
+#, c-format
+msgid "\t\tAuthority Key Identifier (%s):\n"
+msgstr "\t\t授权密钥识别器 (%s):\n"
+
+#: x509/output.c:1731
+#, c-format
+msgid "\t\tUnknown extension %s (%s):\n"
+msgstr "\t\t未知扩展 %s (%s):\n"
+
+#: x509/output.c:1761 x509/output.c:2131
+msgid "\t\t\tASCII: "
+msgstr "\t\t\tASCII: "
+
+#: x509/output.c:1765 x509/output.c:2135
+msgid "\t\t\tHexdump: "
+msgstr "\t\t\t十六进制转储: "
+
+#: x509/output.c:1781
+#, c-format
+msgid "\tRevoked certificates (%d):\n"
+msgstr "\t撤销的证书(%d):\n"
+
+#: x509/output.c:1783
+msgid "\tNo revoked certificates.\n"
+msgstr "\t没有撤销的证书。\n"
+
+#: x509/output.c:1802
+msgid "\t\tSerial Number (hex): "
+msgstr "\t\t序列号(hex): "
+
+#: x509/output.c:1811
+#, c-format
+msgid "\t\tRevoked at: %s\n"
+msgstr "\t\t撤销于:%s\n"
+
+#: x509/output.c:1894
+msgid "X.509 Certificate Revocation List Information:\n"
+msgstr "X.509 证书撤销列表信息:\n"
+
+#: x509/output.c:1973 openpgp/output.c:264
+msgid "\t\tExponent:\n"
+msgstr "\t\t说明:\n"
+
+#: x509/output.c:2040
+msgid "\tAttributes:\n"
+msgstr ""
+
+#: x509/output.c:2092
+#, c-format
+msgid "\t\tChallenge password: %s\n"
+msgstr ""
+
+#: x509/output.c:2103
+#, c-format
+msgid "\t\tUnknown attribute %s:\n"
+msgstr ""
+
+#: x509/output.c:2208
+msgid "PKCS #10 Certificate Request Information:\n"
+msgstr ""
+
+#: openpgp/output.c:85
+msgid "\t\tKey Usage:\n"
+msgstr ""
+
+#: openpgp/output.c:94
+#, c-format
+msgid "error: get_key_usage: %s\n"
+msgstr "错误:get_key_usage: %s\n"
+
+#: openpgp/output.c:99
+msgid "\t\t\tDigital signatures.\n"
+msgstr "\t\t\t数字签名。\n"
+
+#: openpgp/output.c:101
+msgid "\t\t\tCommunications encipherment.\n"
+msgstr ""
+
+#: openpgp/output.c:103
+msgid "\t\t\tStorage data encipherment.\n"
+msgstr ""
+
+#: openpgp/output.c:105
+msgid "\t\t\tAuthentication.\n"
+msgstr "\t\t\t认证。\n"
+
+#: openpgp/output.c:107
+msgid "\t\t\tCertificate signing.\n"
+msgstr "\t\t\t证书签名。\n"
+
+#: openpgp/output.c:128
+msgid "\tID (hex): "
+msgstr "\tID (hex): "
+
+#: openpgp/output.c:149
+msgid "\tFingerprint (hex): "
+msgstr "\t指纹(hex): "
+
+#: openpgp/output.c:166
+msgid "\tRevoked: True\n"
+msgstr "\t是否被撤销:是\n"
+
+#: openpgp/output.c:168
+msgid "\tRevoked: False\n"
+msgstr "\t是否被撤销:没有\n"
+
+#: openpgp/output.c:176
+msgid "\tTime stamps:\n"
+msgstr "\t时间戳:\n"
+
+#: openpgp/output.c:193
+#, c-format
+msgid "\t\tCreation: %s\n"
+msgstr "\t\t创建于:%s\n"
+
+#: openpgp/output.c:207
+msgid "\t\tExpiration: Never\n"
+msgstr "\t\t过期:永不过期\n"
+
+#: openpgp/output.c:216
+#, c-format
+msgid "\t\tExpiration: %s\n"
+msgstr "\t\t过期:%s\n"
+
+#: openpgp/output.c:240
+#, c-format
+msgid "\tPublic Key Algorithm: %s\n"
+msgstr "\t公钥算法:%s\n"
+
+#: openpgp/output.c:241
+#, c-format
+msgid "\tKey Security Level: %s\n"
+msgstr ""
+
+#: openpgp/output.c:359
+#, c-format
+msgid "\tName[%d]: %s\n"
+msgstr "\t名字[%d]:%s\n"
+
+#: openpgp/output.c:361
+#, c-format
+msgid "\tRevoked Name[%d]: %s\n"
+msgstr "\t吊销名称[%d]:%s\n"
+
+#: openpgp/output.c:382
+#, c-format
+msgid ""
+"\n"
+"\tSubkey[%d]:\n"
+msgstr ""
+
+#: openpgp/output.c:422
+#, c-format
+msgid "name[%d]: %s, "
+msgstr "名称[%d]:%s, "
+
+#: openpgp/output.c:424
+#, c-format
+msgid "revoked name[%d]: %s, "
+msgstr ""
+
+#: openpgp/output.c:444
+msgid "fingerprint: "
+msgstr "指纹:"
+
+#: openpgp/output.c:464
+#, c-format
+msgid "created: %s, "
+msgstr "已创建:%s, "
+
+#: openpgp/output.c:474
+msgid "never expires, "
+msgstr "永不过期, "
+
+#: openpgp/output.c:482
+#, c-format
+msgid "expires: %s, "
+msgstr "过期:%s, "
+
+#: openpgp/output.c:494
+#, c-format
+msgid "key algorithm %s (%d bits)"
+msgstr ""
+
+#: openpgp/output.c:496
+#, c-format
+msgid "unknown key algorithm (%d)"
+msgstr ""
+
+#: openpgp/output.c:529
+msgid "OpenPGP Certificate Information:\n"
+msgstr "OpenPGP 证书信息:\n"
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file handles all the internal functions that cope with random data.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <random.h>
+
+static void *rnd_ctx;
+
+int
+_gnutls_rnd_init (void)
+{
+ if (_gnutls_rnd_ops.init != NULL)
+ {
+ if (_gnutls_rnd_ops.init (&rnd_ctx) < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
+ }
+
+ return 0;
+}
+
+void
+_gnutls_rnd_deinit (void)
+{
+ if (_gnutls_rnd_ops.deinit != NULL)
+ {
+ _gnutls_rnd_ops.deinit (rnd_ctx);
+ }
+
+ return;
+}
+
+/**
+ * gnutls_rnd:
+ * @level: a security level
+ * @data: place to store random bytes
+ * @len: The requested size
+ *
+ * This function will generate random data and store it
+ * to output buffer.
+ *
+ * Returns: Zero or a negative value on error.
+ *
+ **/
+
+int
+gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len)
+{
+ if (len > 0)
+ {
+ return _gnutls_rnd_ops.rnd (rnd_ctx, level, data, len);
+ }
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2008, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef RANDOM_H
+#define RANDOM_H
+
+#include <gnutls/crypto.h>
+
+extern int crypto_rnd_prio;
+extern gnutls_crypto_rnd_st _gnutls_rnd_ops;
+
+int _gnutls_rnd (gnutls_rnd_level_t level, void *data, size_t len);
+#define _gnutls_rnd gnutls_rnd
+void _gnutls_rnd_deinit (void);
+int _gnutls_rnd_init (void);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2010 Free Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <system.h>
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+
+#include <errno.h>
+
+#ifdef _WIN32
+#include <windows.h>
+
+#else
+#ifdef HAVE_PTHREAD_LOCKS
+#include <pthread.h>
+#endif
+#endif
+
+/* We need to disable gnulib's replacement wrappers to get native
+ Windows interfaces. */
+#undef recv
+#undef send
+
+/* System specific function wrappers.
+ */
+
+/* wrappers for write() and writev()
+ */
+#ifdef _WIN32
+
+int
+system_errno (gnutls_transport_ptr)
+{
+ int tmperr = WSAGetLastError ();
+ int ret = 0;
+ switch (tmperr)
+ {
+ case WSAEWOULDBLOCK:
+ ret = EAGAIN;
+ break;
+ case WSAEINTR:
+ ret = EINTR;
+ break;
+ default:
+ ret = EIO;
+ break;
+ }
+ WSASetLastError (tmperr);
+
+ return ret;
+}
+
+ssize_t
+system_write (gnutls_transport_ptr ptr, const void *data, size_t data_size)
+{
+ return send (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
+}
+#else /* POSIX */
+int
+system_errno (gnutls_transport_ptr ptr)
+{
+ return errno;
+}
+
+ssize_t
+system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
+ int iovec_cnt)
+{
+ return writev (GNUTLS_POINTER_TO_INT (ptr), (struct iovec *) iovec,
+ iovec_cnt);
+
+}
+#endif
+
+ssize_t
+system_read (gnutls_transport_ptr ptr, void *data, size_t data_size)
+{
+ return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, 0);
+}
+
+ssize_t
+system_read_peek (gnutls_transport_ptr ptr, void *data, size_t data_size)
+{
+ return recv (GNUTLS_POINTER_TO_INT (ptr), data, data_size, MSG_PEEK);
+}
+
+/* Thread stuff */
+
+#ifdef HAVE_WIN32_LOCKS
+
+
+/* FIXME: win32 locks are untested */
+static int
+gnutls_system_mutex_init (void **priv)
+{
+ CRITICAL_SECTION *lock = malloc (sizeof (CRITICAL_SECTION));
+ int ret;
+
+ if (lock == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ InitializeCriticalSection (lock);
+
+ *priv = lock;
+
+ return 0;
+}
+
+static int
+gnutls_system_mutex_deinit (void **priv)
+{
+ DeleteCriticalSection ((CRITICAL_SECTION *) * priv);
+ free (*priv);
+
+ return 0;
+}
+
+static int
+gnutls_system_mutex_lock (void **priv)
+{
+ EnterCriticalSection ((CRITICAL_SECTION *) * priv);
+ return 0;
+}
+
+static int
+gnutls_system_mutex_unlock (void **priv)
+{
+ LeaveCriticalSection ((CRITICAL_SECTION *) * priv);
+ return 0;
+}
+
+int
+_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void))
+{
+ return 0;
+}
+
+
+#endif /* WIN32_LOCKS */
+
+#ifdef HAVE_PTHREAD_LOCKS
+
+static int
+gnutls_system_mutex_init (void **priv)
+{
+ pthread_mutex_t *lock = malloc (sizeof (pthread_mutex_t));
+ int ret;
+
+ if (lock == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = pthread_mutex_init (lock, NULL);
+ if (ret)
+ {
+ free (lock);
+ gnutls_assert ();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
+
+ *priv = lock;
+
+ return 0;
+}
+
+static int
+gnutls_system_mutex_deinit (void **priv)
+{
+ pthread_mutex_destroy ((pthread_mutex_t *) * priv);
+ free (*priv);
+ return 0;
+}
+
+static int
+gnutls_system_mutex_lock (void **priv)
+{
+ if (pthread_mutex_lock ((pthread_mutex_t *) * priv))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
+
+ return 0;
+}
+
+static int
+gnutls_system_mutex_unlock (void **priv)
+{
+ if (pthread_mutex_unlock ((pthread_mutex_t *) * priv))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_LOCKING_ERROR;
+ }
+
+ return 0;
+}
+
+int
+_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void))
+{
+ return pthread_atfork (prepare, parent, child);
+}
+
+#endif /* PTHREAD_LOCKS */
+
+#ifdef HAVE_NO_LOCKS
+
+static int
+gnutls_system_mutex_init (void **priv)
+{
+ return 0;
+}
+
+static int
+gnutls_system_mutex_deinit (void **priv)
+{
+ return 0;
+}
+
+static int
+gnutls_system_mutex_lock (void **priv)
+{
+ return 0;
+}
+
+static int
+gnutls_system_mutex_unlock (void **priv)
+{
+ return 0;
+}
+
+int
+_gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void))
+{
+ return 0;
+}
+
+#endif /* NO_LOCKS */
+
+mutex_init_func gnutls_mutex_init = gnutls_system_mutex_init;
+mutex_deinit_func gnutls_mutex_deinit = gnutls_system_mutex_deinit;
+mutex_lock_func gnutls_mutex_lock = gnutls_system_mutex_lock;
+mutex_unlock_func gnutls_mutex_unlock = gnutls_system_mutex_unlock;
--- /dev/null
+#ifndef SYSTEM_H
+#define SYSTEM_H
+
+#include <gnutls_int.h>
+
+#ifndef _WIN32
+#include <sys/uio.h> /* for writev */
+#endif
+
+int system_errno (gnutls_transport_ptr);
+
+#ifdef _WIN32
+ssize_t system_write (gnutls_transport_ptr ptr, const void *data,
+ size_t data_size);
+#else
+#define HAVE_WRITEV
+ssize_t system_writev (gnutls_transport_ptr ptr, const giovec_t * iovec,
+ int iovec_cnt);
+#endif
+ssize_t system_read (gnutls_transport_ptr ptr, void *data, size_t data_size);
+ssize_t system_read_peek (gnutls_transport_ptr ptr, void *data,
+ size_t data_size);
+
+#ifdef _WIN32
+#define HAVE_WIN32_LOCKS
+#else
+#ifdef HAVE_LIBPTHREAD
+#define HAVE_PTHREAD_LOCKS
+#else
+#define HAVE_NO_LOCKS
+#endif
+#endif
+
+int _gnutls_atfork (void (*prepare) (void), void (*parent) (void),
+ void (*child) (void));
+
+#endif /* SYSTEM_H */
--- /dev/null
+## Process this file with automake to produce Makefile.in
+# Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+# Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+# USA
+
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = \
+ -I$(srcdir)/../gl \
+ -I$(builddir)/../gl \
+ -I$(srcdir)/../includes \
+ -I$(builddir)/../includes \
+ -I$(srcdir)/.. \
+ $(LIBOPENCDK_CFLAGS)
+
+if ENABLE_MINITASN1
+AM_CPPFLAGS += -I$(srcdir)/../minitasn1
+endif
+
+noinst_LTLIBRARIES = libgnutls_x509.la
+
+libgnutls_x509_la_SOURCES = \
+ common.c \
+ common.h \
+ crl.c \
+ crl_write.c \
+ crq.c \
+ dn.c \
+ extensions.c \
+ mpi.c \
+ output.c \
+ pbkdf2-sha1.c \
+ pbkdf2-sha1.h \
+ pkcs12.c \
+ pkcs12_bag.c \
+ pkcs12_encr.c \
+ pkcs7.c \
+ privkey.c \
+ privkey_pkcs8.c \
+ rfc2818_hostname.c \
+ sign.c \
+ verify.c \
+ x509.c \
+ x509_int.h \
+ x509_write.c
--- /dev/null
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+# Software Foundation, Inc.
+#
+# This file is part of GnuTLS.
+#
+# The GnuTLS is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 2.1 of
+# the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+# USA
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@ENABLE_MINITASN1_TRUE@am__append_1 = -I$(srcdir)/../minitasn1
+subdir = x509
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/gl/m4/extensions.m4 \
+ $(top_srcdir)/gl/m4/gnulib-comp.m4 $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/hooks.m4 $(top_srcdir)/m4/iconv.m4 \
+ $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/lib-ld.m4 \
+ $(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
+ $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
+ $(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+LTLIBRARIES = $(noinst_LTLIBRARIES)
+libgnutls_x509_la_LIBADD =
+am_libgnutls_x509_la_OBJECTS = common.lo crl.lo crl_write.lo crq.lo \
+ dn.lo extensions.lo mpi.lo output.lo pbkdf2-sha1.lo pkcs12.lo \
+ pkcs12_bag.lo pkcs12_encr.lo pkcs7.lo privkey.lo \
+ privkey_pkcs8.lo rfc2818_hostname.lo sign.lo verify.lo x509.lo \
+ x509_write.lo
+libgnutls_x509_la_OBJECTS = $(am_libgnutls_x509_la_OBJECTS)
+AM_V_lt = $(am__v_lt_$(V))
+am__v_lt_ = $(am__v_lt_$(AM_DEFAULT_VERBOSITY))
+am__v_lt_0 = --silent
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
+ $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
+ $(AM_CFLAGS) $(CFLAGS)
+AM_V_CC = $(am__v_CC_$(V))
+am__v_CC_ = $(am__v_CC_$(AM_DEFAULT_VERBOSITY))
+am__v_CC_0 = @echo " CC " $@;
+AM_V_at = $(am__v_at_$(V))
+am__v_at_ = $(am__v_at_$(AM_DEFAULT_VERBOSITY))
+am__v_at_0 = @
+CCLD = $(CC)
+LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(AM_LDFLAGS) $(LDFLAGS) -o $@
+AM_V_CCLD = $(am__v_CCLD_$(V))
+am__v_CCLD_ = $(am__v_CCLD_$(AM_DEFAULT_VERBOSITY))
+am__v_CCLD_0 = @echo " CCLD " $@;
+AM_V_GEN = $(am__v_GEN_$(V))
+am__v_GEN_ = $(am__v_GEN_$(AM_DEFAULT_VERBOSITY))
+am__v_GEN_0 = @echo " GEN " $@;
+SOURCES = $(libgnutls_x509_la_SOURCES)
+DIST_SOURCES = $(libgnutls_x509_la_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CXX_LT_AGE = @CXX_LT_AGE@
+CXX_LT_CURRENT = @CXX_LT_CURRENT@
+CXX_LT_REVISION = @CXX_LT_REVISION@
+CYGPATH_W = @CYGPATH_W@
+DEFINE_SSIZE_T = @DEFINE_SSIZE_T@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLL_VERSION = @DLL_VERSION@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@
+GREP = @GREP@
+HAVE_LIBGCRYPT = @HAVE_LIBGCRYPT@
+HAVE_LIBNETTLE = @HAVE_LIBNETTLE@
+HAVE_LIBPAKCHOIS = @HAVE_LIBPAKCHOIS@
+HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@
+HAVE_LIBTASN1 = @HAVE_LIBTASN1@
+HAVE_LIBZ = @HAVE_LIBZ@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBGCRYPT = @LIBGCRYPT@
+LIBGCRYPT_PREFIX = @LIBGCRYPT_PREFIX@
+LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@
+LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBNETTLE = @LIBNETTLE@
+LIBNETTLE_PREFIX = @LIBNETTLE_PREFIX@
+LIBOBJS = @LIBOBJS@
+LIBPAKCHOIS = @LIBPAKCHOIS@
+LIBPAKCHOIS_PREFIX = @LIBPAKCHOIS_PREFIX@
+LIBPTHREAD = @LIBPTHREAD@
+LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@
+LIBS = @LIBS@
+LIBTASN1 = @LIBTASN1@
+LIBTASN1_PREFIX = @LIBTASN1_PREFIX@
+LIBTOOL = @LIBTOOL@
+LIBZ = @LIBZ@
+LIBZ_PREFIX = @LIBZ_PREFIX@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBGCRYPT = @LTLIBGCRYPT@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBNETTLE = @LTLIBNETTLE@
+LTLIBOBJS = @LTLIBOBJS@
+LTLIBPAKCHOIS = @LTLIBPAKCHOIS@
+LTLIBPTHREAD = @LTLIBPTHREAD@
+LTLIBTASN1 = @LTLIBTASN1@
+LTLIBZ = @LTLIBZ@
+LT_AGE = @LT_AGE@
+LT_CURRENT = @LT_CURRENT@
+LT_REVISION = @LT_REVISION@
+LT_SSL_AGE = @LT_SSL_AGE@
+LT_SSL_CURRENT = @LT_SSL_CURRENT@
+LT_SSL_REVISION = @LT_SSL_REVISION@
+LZO_LIBS = @LZO_LIBS@
+MAJOR_VERSION = @MAJOR_VERSION@
+MAKEINFO = @MAKEINFO@
+MINOR_VERSION = @MINOR_VERSION@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NETTLE_LIBS = @NETTLE_LIBS@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NUMBER_VERSION = @NUMBER_VERSION@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATCH_VERSION = @PATCH_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+WARN_CFLAGS = @WARN_CFLAGS@
+WERROR_CFLAGS = @WERROR_CFLAGS@
+WSTACK_CFLAGS = @WSTACK_CFLAGS@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+AM_CFLAGS = $(WERROR_CFLAGS) $(WSTACK_CFLAGS) $(WARN_CFLAGS)
+AM_CPPFLAGS = -I$(srcdir)/../gl -I$(builddir)/../gl \
+ -I$(srcdir)/../includes -I$(builddir)/../includes \
+ -I$(srcdir)/.. $(LIBOPENCDK_CFLAGS) $(am__append_1)
+noinst_LTLIBRARIES = libgnutls_x509.la
+libgnutls_x509_la_SOURCES = \
+ common.c \
+ common.h \
+ crl.c \
+ crl_write.c \
+ crq.c \
+ dn.c \
+ extensions.c \
+ mpi.c \
+ output.c \
+ pbkdf2-sha1.c \
+ pbkdf2-sha1.h \
+ pkcs12.c \
+ pkcs12_bag.c \
+ pkcs12_encr.c \
+ pkcs7.c \
+ privkey.c \
+ privkey_pkcs8.c \
+ rfc2818_hostname.c \
+ sign.c \
+ verify.c \
+ x509.c \
+ x509_int.h \
+ x509_write.c
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign x509/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign x509/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+clean-noinstLTLIBRARIES:
+ -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
+ @list='$(noinst_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libgnutls_x509.la: $(libgnutls_x509_la_OBJECTS) $(libgnutls_x509_la_DEPENDENCIES)
+ $(AM_V_CCLD)$(LINK) $(libgnutls_x509_la_OBJECTS) $(libgnutls_x509_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crl_write.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crq.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/extensions.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpi.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/output.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pbkdf2-sha1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs12.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs12_bag.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs12_encr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privkey_pkcs8.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rfc2818_hostname.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sign.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509_write.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(AM_V_CC)$(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@am__fastdepCC_FALSE@ $(AM_V_CC) @AM_BACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool clean-noinstLTLIBRARIES ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <libtasn1.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <gnutls_str.h>
+#include <gnutls_x509.h>
+#include <gnutls_num.h>
+#include <x509_b64.h>
+#include "x509_int.h"
+#include <common.h>
+#include <time.h>
+
+struct oid2string
+{
+ const char *oid;
+ const char *ldap_desc;
+ int choice; /* of type DirectoryString */
+ int printable;
+ const char *asn_desc; /* description in the pkix file */
+};
+
+/* This list contains all the OIDs that may be
+ * contained in a rdnSequence and are printable.
+ */
+static const struct oid2string _oid2str[] = {
+ /* PKIX
+ */
+ {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1, "PKIX1.GeneralizedTime"},
+ {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1, "PKIX1.DirectoryString"},
+ {"1.3.6.1.5.5.7.9.3", "gender", 0, 1, "PKIX1.PrintableString"},
+ {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1,
+ "PKIX1.PrintableString"},
+ {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1, "PKIX1.PrintableString"},
+
+ {"2.5.4.6", "C", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.9", "STREET", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.12", "T", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.10", "O", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.11", "OU", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.3", "CN", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.7", "L", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.8", "ST", 1, 1, "PKIX1.DirectoryString"},
+
+ {"2.5.4.5", "serialNumber", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.20", "telephoneNumber", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.4", "surName", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.43", "initials", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.44", "generationQualifier", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.42", "givenName", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.65", "pseudonym", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.46", "dnQualifier", 0, 1, "PKIX1.PrintableString"},
+ {"2.5.4.17", "postalCode", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.41", "Name", 1, 1, "PKIX1.DirectoryString"},
+ {"2.5.4.15", "businessCategory", 1, 1, "PKIX1.DirectoryString"},
+
+ {"0.9.2342.19200300.100.1.25", "DC", 0, 1, "PKIX1.IA5String"},
+ {"0.9.2342.19200300.100.1.1", "UID", 1, 1, "PKIX1.DirectoryString"},
+
+ /* Extended validation
+ */
+ {"1.3.6.1.4.1.311.60.2.1.1", "jurisdictionOfIncorporationLocalityName", 1,
+ 1, "PKIX1.DirectoryString"},
+ {"1.3.6.1.4.1.311.60.2.1.2",
+ "jurisdictionOfIncorporationStateOrProvinceName", 1, 1,
+ "PKIX1.DirectoryString"},
+ {"1.3.6.1.4.1.311.60.2.1.3", "jurisdictionOfIncorporationCountryName", 0, 1,
+ "PKIX1.PrintableString"},
+
+ /* PKCS #9
+ */
+ {"1.2.840.113549.1.9.1", "EMAIL", 0, 1, "PKIX1.IA5String"},
+ {"1.2.840.113549.1.9.7", NULL, 1, 1, "PKIX1.pkcs-9-challengePassword"},
+
+ /* friendly name */
+ {"1.2.840.113549.1.9.20", NULL, 0, 1, "PKIX1.BMPString"},
+ /* local key id */
+ {"1.2.840.113549.1.9.21", NULL, 0, 1, "PKIX1.pkcs-9-localKeyId"},
+
+ /* rfc3920 section 5.1.1 */
+ {"1.3.6.1.5.5.7.8.5", "XmppAddr", 0, 1, "PKIX1.UTF8String"},
+
+ {NULL, NULL, 0, 0, ""}
+};
+
+/* Returns 1 if the data defined by the OID are printable.
+ */
+int
+_gnutls_x509_oid_data_printable (const char *oid)
+{
+ int i = 0;
+
+ do
+ {
+ if (strcmp (_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].printable;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_dn_oid_known:
+ * @oid: holds an Object Identifier in a null terminated string
+ *
+ * This function will inform about known DN OIDs. This is useful since
+ * functions like gnutls_x509_crt_set_dn_by_oid() use the information
+ * on known OIDs to properly encode their input. Object Identifiers
+ * that are not known are not encoded by these functions, and their
+ * input is stored directly into the ASN.1 structure. In that case of
+ * unknown OIDs, you have the responsibility of DER encoding your
+ * data.
+ *
+ * Returns: 1 on known OIDs and 0 otherwise.
+ **/
+int
+gnutls_x509_dn_oid_known (const char *oid)
+{
+ int i = 0;
+
+ do
+ {
+ if (strcmp (_oid2str[i].oid, oid) == 0)
+ return 1;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return 0;
+}
+
+/* Returns 1 if the data defined by the OID are of a choice
+ * type.
+ */
+int
+_gnutls_x509_oid_data_choice (const char *oid)
+{
+ int i = 0;
+
+ do
+ {
+ if (strcmp (_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].choice;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return 0;
+}
+
+const char *
+_gnutls_x509_oid2ldap_string (const char *oid)
+{
+ int i = 0;
+
+ do
+ {
+ if (strcmp (_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].ldap_desc;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return NULL;
+}
+
+const char *
+_gnutls_x509_oid2asn_string (const char *oid)
+{
+ int i = 0;
+
+ do
+ {
+ if (strcmp (_oid2str[i].oid, oid) == 0)
+ return _oid2str[i].asn_desc;
+ i++;
+ }
+ while (_oid2str[i].oid != NULL);
+
+ return NULL;
+}
+
+
+/* This function will convert an attribute value, specified by the OID,
+ * to a string. The result will be a null terminated string.
+ *
+ * res may be null. This will just return the res_size, needed to
+ * hold the string.
+ */
+int
+_gnutls_x509_oid_data2string (const char *oid, void *value,
+ int value_size, char *res, size_t * res_size)
+{
+ char str[MAX_STRING_LEN], tmpname[128];
+ const char *ANAME = NULL;
+ int CHOICE = -1, len = -1, result;
+ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY;
+ char asn1_err[ASN1_MAX_ERROR_DESCRIPTION_SIZE] = "";
+
+ if (value == NULL || value_size <= 0 || res_size == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (_gnutls_x509_oid_data_printable (oid) == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ANAME = _gnutls_x509_oid2asn_string (oid);
+ CHOICE = _gnutls_x509_oid_data_choice (oid);
+
+ if (ANAME == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (), ANAME,
+ &tmpasn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if ((result =
+ asn1_der_decoding (&tmpasn, value, value_size,
+ asn1_err)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("asn1_der_decoding: %s:%s\n", str, asn1_err);
+ asn1_delete_structure (&tmpasn);
+ return _gnutls_asn2err (result);
+ }
+
+ /* If this is a choice then we read the choice. Otherwise it
+ * is the value;
+ */
+ len = sizeof (str) - 1;
+ if ((result = asn1_read_value (tmpasn, "", str, &len)) != ASN1_SUCCESS)
+ { /* CHOICE */
+ gnutls_assert ();
+ asn1_delete_structure (&tmpasn);
+ return _gnutls_asn2err (result);
+ }
+
+ if (CHOICE == 0)
+ {
+ str[len] = 0;
+
+ /* Refuse to deal with strings containing NULs. */
+ if (strlen (str) != len)
+ return GNUTLS_E_ASN1_DER_ERROR;
+
+ if (res)
+ _gnutls_str_cpy (res, *res_size, str);
+ *res_size = len;
+
+ asn1_delete_structure (&tmpasn);
+ }
+ else
+ { /* CHOICE */
+ int non_printable = 0, teletex = 0;
+ str[len] = 0;
+
+ /* Note that we do not support strings other than
+ * UTF-8 (thus ASCII as well).
+ */
+ if (strcmp (str, "printableString") != 0 &&
+ strcmp (str, "ia5String") != 0 && strcmp (str, "utf8String") != 0)
+ {
+ non_printable = 1;
+ }
+ if (strcmp (str, "teletexString") == 0)
+ teletex = 1;
+
+
+ _gnutls_str_cpy (tmpname, sizeof (tmpname), str);
+
+ len = sizeof (str) - 1;
+ if ((result =
+ asn1_read_value (tmpasn, tmpname, str, &len)) != ASN1_SUCCESS)
+ {
+ asn1_delete_structure (&tmpasn);
+ return _gnutls_asn2err (result);
+ }
+
+ asn1_delete_structure (&tmpasn);
+
+ if (teletex != 0)
+ {
+ int ascii = 0, i;
+ /* HACK: if the teletex string contains only ascii
+ * characters then treat it as printable.
+ */
+ for (i = 0; i < len; i++)
+ if (!isascii (str[i]))
+ ascii = 1;
+
+ if (ascii == 0)
+ non_printable = 0;
+ }
+
+ if (non_printable == 0)
+ {
+ str[len] = 0;
+
+ /* Refuse to deal with strings containing NULs. */
+ if (strlen (str) != len)
+ return GNUTLS_E_ASN1_DER_ERROR;
+
+ if (res)
+ _gnutls_str_cpy (res, *res_size, str);
+ *res_size = len;
+ }
+ else
+ {
+ result = _gnutls_x509_data2hex (str, len, res, res_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+/* Converts a data string to an LDAP rfc2253 hex string
+ * something like '#01020304'
+ */
+int
+_gnutls_x509_data2hex (const opaque * data, size_t data_size,
+ opaque * out, size_t * sizeof_out)
+{
+ char *res;
+ char escaped[MAX_STRING_LEN];
+ unsigned int size;
+
+ if (2 * data_size + 1 > MAX_STRING_LEN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ res = _gnutls_bin2hex (data, data_size, escaped, sizeof (escaped), NULL);
+ if (!res)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ size = strlen (res) + 1;
+ if (size + 1 > *sizeof_out)
+ {
+ *sizeof_out = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ *sizeof_out = size; /* -1 for the null +1 for the '#' */
+
+ if (out)
+ {
+ strcpy (out, "#");
+ strcat (out, res);
+ }
+
+ return 0;
+}
+
+
+/* TIME functions
+ * Convertions between generalized or UTC time to time_t
+ *
+ */
+
+/* This is an emulations of the struct tm.
+ * Since we do not use libc's functions, we don't need to
+ * depend on the libc structure.
+ */
+typedef struct fake_tm
+{
+ int tm_mon;
+ int tm_year; /* FULL year - ie 1971 */
+ int tm_mday;
+ int tm_hour;
+ int tm_min;
+ int tm_sec;
+} fake_tm;
+
+/* The mktime_utc function is due to Russ Allbery (rra@stanford.edu),
+ * who placed it under public domain:
+ */
+
+/* The number of days in each month.
+ */
+static const int MONTHDAYS[] = {
+ 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
+};
+
+ /* Whether a given year is a leap year. */
+#define ISLEAP(year) \
+ (((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0))
+
+/*
+ ** Given a struct tm representing a calendar time in UTC, convert it to
+ ** seconds since epoch. Returns (time_t) -1 if the time is not
+ ** convertable. Note that this function does not canonicalize the provided
+ ** struct tm, nor does it allow out of range values or years before 1970.
+ */
+static time_t
+mktime_utc (const struct fake_tm *tm)
+{
+ time_t result = 0;
+ int i;
+
+/* We do allow some ill-formed dates, but we don't do anything special
+ * with them and our callers really shouldn't pass them to us. Do
+ * explicitly disallow the ones that would cause invalid array accesses
+ * or other algorithm problems.
+ */
+ if (tm->tm_mon < 0 || tm->tm_mon > 11 || tm->tm_year < 1970)
+ return (time_t) - 1;
+
+/* Convert to a time_t.
+ */
+ for (i = 1970; i < tm->tm_year; i++)
+ result += 365 + ISLEAP (i);
+ for (i = 0; i < tm->tm_mon; i++)
+ result += MONTHDAYS[i];
+ if (tm->tm_mon > 1 && ISLEAP (tm->tm_year))
+ result++;
+ result = 24 * (result + tm->tm_mday - 1) + tm->tm_hour;
+ result = 60 * result + tm->tm_min;
+ result = 60 * result + tm->tm_sec;
+ return result;
+}
+
+
+/* this one will parse dates of the form:
+ * month|day|hour|minute|sec* (2 chars each)
+ * and year is given. Returns a time_t date.
+ */
+static time_t
+_gnutls_x509_time2gtime (const char *ttime, int year)
+{
+ char xx[4];
+ struct fake_tm etime;
+ time_t ret;
+
+ if (strlen (ttime) < 8)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ etime.tm_year = year;
+
+ /* In order to work with 32 bit
+ * time_t.
+ */
+ if (sizeof (time_t) <= 4 && etime.tm_year >= 2038)
+ return (time_t) 2145914603; /* 2037-12-31 23:23:23 */
+
+ if (etime.tm_year < 1970)
+ return (time_t) 0;
+
+ xx[2] = 0;
+
+/* get the month
+ */
+ memcpy (xx, ttime, 2); /* month */
+ etime.tm_mon = atoi (xx) - 1;
+ ttime += 2;
+
+/* get the day
+ */
+ memcpy (xx, ttime, 2); /* day */
+ etime.tm_mday = atoi (xx);
+ ttime += 2;
+
+/* get the hour
+ */
+ memcpy (xx, ttime, 2); /* hour */
+ etime.tm_hour = atoi (xx);
+ ttime += 2;
+
+/* get the minutes
+ */
+ memcpy (xx, ttime, 2); /* minutes */
+ etime.tm_min = atoi (xx);
+ ttime += 2;
+
+ if (strlen (ttime) >= 2)
+ {
+ memcpy (xx, ttime, 2);
+ etime.tm_sec = atoi (xx);
+ ttime += 2;
+ }
+ else
+ etime.tm_sec = 0;
+
+ ret = mktime_utc (&etime);
+
+ return ret;
+}
+
+
+/* returns a time_t value that contains the given time.
+ * The given time is expressed as:
+ * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
+ *
+ * (seconds are optional)
+ */
+static time_t
+_gnutls_x509_utcTime2gtime (const char *ttime)
+{
+ char xx[3];
+ int year;
+
+ if (strlen (ttime) < 10)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+ xx[2] = 0;
+/* get the year
+ */
+ memcpy (xx, ttime, 2); /* year */
+ year = atoi (xx);
+ ttime += 2;
+
+ if (year > 49)
+ year += 1900;
+ else
+ year += 2000;
+
+ return _gnutls_x509_time2gtime (ttime, year);
+}
+
+/* returns a time value that contains the given time.
+ * The given time is expressed as:
+ * YEAR(2)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)
+ */
+static int
+_gnutls_x509_gtime2utcTime (time_t gtime, char *str_time, int str_time_size)
+{
+ size_t ret;
+ struct tm _tm;
+
+ if (!gmtime_r (>ime, &_tm))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ ret = strftime (str_time, str_time_size, "%y%m%d%H%M%SZ", &_tm);
+ if (!ret)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+
+ return 0;
+
+}
+
+/* returns a time_t value that contains the given time.
+ * The given time is expressed as:
+ * YEAR(4)|MONTH(2)|DAY(2)|HOUR(2)|MIN(2)|SEC(2)*
+ */
+static time_t
+_gnutls_x509_generalTime2gtime (const char *ttime)
+{
+ char xx[5];
+ int year;
+
+ if (strlen (ttime) < 12)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ if (strchr (ttime, 'Z') == 0)
+ {
+ gnutls_assert ();
+ /* sorry we don't support it yet
+ */
+ return (time_t) - 1;
+ }
+ xx[4] = 0;
+
+/* get the year
+ */
+ memcpy (xx, ttime, 4); /* year */
+ year = atoi (xx);
+ ttime += 4;
+
+ return _gnutls_x509_time2gtime (ttime, year);
+
+}
+
+/* Extracts the time in time_t from the ASN1_TYPE given. When should
+ * be something like "tbsCertList.thisUpdate".
+ */
+#define MAX_TIME 64
+time_t
+_gnutls_x509_get_time (ASN1_TYPE c2, const char *when)
+{
+ char ttime[MAX_TIME];
+ char name[128];
+ time_t c_time = (time_t) - 1;
+ int len, result;
+
+ _gnutls_str_cpy (name, sizeof (name), when);
+
+ len = sizeof (ttime) - 1;
+ if ((result = asn1_read_value (c2, name, ttime, &len)) < 0)
+ {
+ gnutls_assert ();
+ return (time_t) (-1);
+ }
+
+ /* CHOICE */
+ if (strcmp (ttime, "generalTime") == 0)
+ {
+
+ _gnutls_str_cat (name, sizeof (name), ".generalTime");
+ len = sizeof (ttime) - 1;
+ result = asn1_read_value (c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ c_time = _gnutls_x509_generalTime2gtime (ttime);
+ }
+ else
+ { /* UTCTIME */
+
+ _gnutls_str_cat (name, sizeof (name), ".utcTime");
+ len = sizeof (ttime) - 1;
+ result = asn1_read_value (c2, name, ttime, &len);
+ if (result == ASN1_SUCCESS)
+ c_time = _gnutls_x509_utcTime2gtime (ttime);
+ }
+
+ /* We cannot handle dates after 2031 in 32 bit machines.
+ * a time_t of 64bits has to be used.
+ */
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return (time_t) (-1);
+ }
+ return c_time;
+}
+
+/* Sets the time in time_t in the ASN1_TYPE given. Where should
+ * be something like "tbsCertList.thisUpdate".
+ */
+int
+_gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim)
+{
+ char str_time[MAX_TIME];
+ char name[128];
+ int result, len;
+
+ _gnutls_str_cpy (name, sizeof (name), where);
+
+ if ((result = asn1_write_value (c2, name, "utcTime", 1)) < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_gtime2utcTime (tim, str_time, sizeof (str_time));
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ _gnutls_str_cat (name, sizeof (name), ".utcTime");
+
+ len = strlen (str_time);
+ result = asn1_write_value (c2, name, str_time, len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+
+gnutls_x509_subject_alt_name_t
+_gnutls_x509_san_find_type (char *str_type)
+{
+ if (strcmp (str_type, "dNSName") == 0)
+ return GNUTLS_SAN_DNSNAME;
+ if (strcmp (str_type, "rfc822Name") == 0)
+ return GNUTLS_SAN_RFC822NAME;
+ if (strcmp (str_type, "uniformResourceIdentifier") == 0)
+ return GNUTLS_SAN_URI;
+ if (strcmp (str_type, "iPAddress") == 0)
+ return GNUTLS_SAN_IPADDRESS;
+ if (strcmp (str_type, "otherName") == 0)
+ return GNUTLS_SAN_OTHERNAME;
+ if (strcmp (str_type, "directoryName") == 0)
+ return GNUTLS_SAN_DN;
+ return (gnutls_x509_subject_alt_name_t) - 1;
+}
+
+/* A generic export function. Will export the given ASN.1 encoded data
+ * to PEM or DER raw data.
+ */
+int
+_gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size)
+{
+ int result, len;
+
+ if (format == GNUTLS_X509_FMT_DER)
+ {
+
+ if (output_data == NULL)
+ *output_data_size = 0;
+
+ len = *output_data_size;
+
+ if ((result =
+ asn1_der_coding (asn1_data, name, output_data, &len,
+ NULL)) != ASN1_SUCCESS)
+ {
+ *output_data_size = len;
+ if (result == ASN1_MEM_ERROR)
+ {
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ *output_data_size = len;
+
+ }
+ else
+ { /* PEM */
+ opaque *out;
+ gnutls_datum_t tmp;
+
+ result = _gnutls_x509_der_encode (asn1_data, name, &tmp, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_fbase64_encode (pem_header, tmp.data, tmp.size, &out);
+
+ _gnutls_free_datum (&tmp);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (result == 0)
+ { /* oooops */
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if ((unsigned) result > *output_data_size)
+ {
+ gnutls_assert ();
+ gnutls_free (out);
+ *output_data_size = result;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *output_data_size = result;
+
+ if (output_data)
+ {
+ memcpy (output_data, out, result);
+
+ /* do not include the null character into output size.
+ */
+ *output_data_size = result - 1;
+ }
+ gnutls_free (out);
+
+ }
+
+ return 0;
+}
+
+int
+_gnutls_x509_export_int (ASN1_TYPE asn1_data,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size)
+{
+ return _gnutls_x509_export_int_named (asn1_data, "",
+ format, pem_header, output_data,
+ output_data_size);
+}
+
+/* Decodes an octet string. Leave string_type null for a normal
+ * octet string. Otherwise put something like BMPString, PrintableString
+ * etc.
+ */
+int
+_gnutls_x509_decode_octet_string (const char *string_type,
+ const opaque * der, size_t der_size,
+ opaque * output, size_t * output_size)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, tmp_output_size;
+ char strname[64];
+
+ if (string_type == NULL)
+ _gnutls_str_cpy (strname, sizeof (strname), "PKIX1.pkcs-7-Data");
+ else
+ {
+ _gnutls_str_cpy (strname, sizeof (strname), "PKIX1.");
+ _gnutls_str_cat (strname, sizeof (strname), string_type);
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), strname, &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding (&c2, der, der_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ tmp_output_size = *output_size;
+ result = asn1_read_value (c2, "", output, &tmp_output_size);
+ *output_size = tmp_output_size;
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+
+ return result;
+}
+
+
+/* Reads a value from an ASN1 tree, and puts the output
+ * in an allocated variable in the given datum.
+ * flags == 0 do nothing with the DER output
+ * flags == 1 parse the DER output as OCTET STRING
+ * flags == 2 the value is a BIT STRING
+ */
+int
+_gnutls_x509_read_value (ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret, int flags)
+{
+ int len = 0, result;
+ size_t slen;
+ opaque *tmp = NULL;
+
+ result = asn1_read_value (c, root, NULL, &len);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ return result;
+ }
+
+ if (flags == 2)
+ len /= 8;
+
+ tmp = gnutls_malloc (len);
+ if (tmp == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value (c, root, tmp, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (flags == 2)
+ len /= 8;
+
+ /* Extract the OCTET STRING.
+ */
+
+ if (flags == 1)
+ {
+ slen = len;
+ result = _gnutls_x509_decode_octet_string (NULL, tmp, slen, tmp, &slen);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ len = slen;
+ }
+
+ ret->data = tmp;
+ ret->size = len;
+
+ return 0;
+
+cleanup:
+ gnutls_free (tmp);
+ return result;
+
+}
+
+/* DER Encodes the src ASN1_TYPE and stores it to
+ * the given datum. If str is non null then the data are encoded as
+ * an OCTET STRING.
+ */
+int
+_gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * res, int str)
+{
+ int size, result;
+ int asize;
+ opaque *data = NULL;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ size = 0;
+ result = asn1_der_coding (src, src_name, NULL, &size, NULL);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* allocate data for the der
+ */
+
+ if (str)
+ size += 16; /* for later to include the octet tags */
+ asize = size;
+
+ data = gnutls_malloc (size);
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_der_coding (src, src_name, data, &size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (str)
+ {
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value (c2, "", data, size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_der_coding (c2, "", data, &asize, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ size = asize;
+
+ asn1_delete_structure (&c2);
+ }
+
+ res->data = data;
+ res->size = size;
+ return 0;
+
+cleanup:
+ gnutls_free (data);
+ asn1_delete_structure (&c2);
+ return result;
+
+}
+
+/* DER Encodes the src ASN1_TYPE and stores it to
+ * dest in dest_name. Useful to encode something and store it
+ * as OCTET. If str is non null then the data are encoded as
+ * an OCTET STRING.
+ */
+int
+_gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
+ ASN1_TYPE dest, const char *dest_name,
+ int str)
+{
+ int result;
+ gnutls_datum_t encoded;
+
+ result = _gnutls_x509_der_encode (src, src_name, &encoded, str);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Write the data.
+ */
+ result = asn1_write_value (dest, dest_name, encoded.data, encoded.size);
+
+ _gnutls_free_datum (&encoded);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/* Writes the value of the datum in the given ASN1_TYPE. If str is non
+ * zero it encodes it as OCTET STRING.
+ */
+int
+_gnutls_x509_write_value (ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data, int str)
+{
+ int result;
+ int asize;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_datum_t val = { NULL, 0 };
+
+ asize = data->size + 16;
+
+ if (str)
+ {
+ /* Convert it to OCTET STRING
+ */
+ val.data = gnutls_malloc (asize);
+ if (val.data == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-7-Data", &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value (c2, "", data->data, data->size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode (c2, "", &val, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ }
+ else
+ {
+ val.data = data->data;
+ val.size = data->size;
+ }
+
+ /* Write the data.
+ */
+ result = asn1_write_value (c, root, val.data, val.size);
+
+ if (val.data != data->data)
+ _gnutls_free_datum (&val);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+
+cleanup:
+ if (val.data != data->data)
+ _gnutls_free_datum (&val);
+ return result;
+}
+
+void
+_asnstr_append_name (char *name, size_t name_size, const char *part1,
+ const char *part2)
+{
+ if (part1[0] != 0)
+ {
+ _gnutls_str_cpy (name, name_size, part1);
+ _gnutls_str_cat (name, name_size, part2);
+ }
+ else
+ _gnutls_str_cpy (name, name_size, part2 + 1 /* remove initial dot */ );
+}
+
+
+/* Encodes and copies the private key parameters into a
+ * subjectPublicKeyInfo structure.
+ *
+ */
+int
+_gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm, bigint_t * params,
+ int params_size)
+{
+ const char *pk;
+ gnutls_datum_t der = { NULL, 0 };
+ int result;
+ char name[128];
+
+ pk = _gnutls_x509_pk_to_oid (pk_algorithm);
+ if (pk == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ }
+
+ /* write the OID
+ */
+ _asnstr_append_name (name, sizeof (name), dst_name, ".algorithm.algorithm");
+
+ result = asn1_write_value (dst, name, pk, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (pk_algorithm == GNUTLS_PK_RSA)
+ {
+ /* disable parameters, which are not used in RSA.
+ */
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".algorithm.parameters");
+
+ result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_write_rsa_params (params, params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Write the DER parameters. (in bits)
+ */
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".subjectPublicKey");
+ result = asn1_write_value (dst, name, der.data, der.size * 8);
+
+ _gnutls_free_datum (&der);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+ }
+ else if (pk_algorithm == GNUTLS_PK_DSA)
+ {
+
+ result = _gnutls_x509_write_dsa_params (params, params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Write the DER parameters.
+ */
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".algorithm.parameters");
+ result = asn1_write_value (dst, name, der.data, der.size);
+
+ _gnutls_free_datum (&der);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ _asnstr_append_name (name, sizeof (name), dst_name,
+ ".subjectPublicKey");
+ result = asn1_write_value (dst, name, der.data, der.size * 8);
+
+ _gnutls_free_datum (&der);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ }
+ else
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+
+ return 0;
+}
+
+/* Reads and returns the PK algorithm of the given certificate-like
+ * ASN.1 structure. src_name should be something like "tbsCertificate.subjectPublicKeyInfo".
+ */
+int
+_gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
+ unsigned int *bits)
+{
+ int result;
+ opaque *str = NULL;
+ int algo;
+ char oid[64];
+ int len;
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ char name[128];
+
+
+ _asnstr_append_name (name, sizeof (name), src_name, ".algorithm.algorithm");
+ len = sizeof (oid);
+ result = asn1_read_value (src, name, oid, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ algo = _gnutls_x509_oid2pk_algorithm (oid);
+ if (algo == GNUTLS_PK_UNKNOWN)
+ {
+ _gnutls_x509_log
+ ("%s: unknown public key algorithm: %s\n", __func__, oid);
+ }
+
+ if (bits == NULL)
+ {
+ return algo;
+ }
+
+ /* Now read the parameters' bits
+ */
+ _asnstr_append_name (name, sizeof (name), src_name, ".subjectPublicKey");
+
+ len = 0;
+ result = asn1_read_value (src, name, NULL, &len);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (len % 8 != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ len /= 8;
+
+ str = gnutls_malloc (len);
+ if (str == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ _asnstr_append_name (name, sizeof (name), src_name, ".subjectPublicKey");
+
+ result = asn1_read_value (src, name, str, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (str);
+ return _gnutls_asn2err (result);
+ }
+
+ len /= 8;
+
+ switch (algo)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ if ((result = _gnutls_x509_read_rsa_params (str, len, params)) < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ bits[0] = _gnutls_mpi_get_nbits (params[0]);
+
+ _gnutls_mpi_release (¶ms[0]);
+ _gnutls_mpi_release (¶ms[1]);
+ }
+ break;
+ case GNUTLS_PK_DSA:
+ {
+
+ if ((result = _gnutls_x509_read_dsa_pubkey (str, len, params)) < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ bits[0] = _gnutls_mpi_get_nbits (params[3]);
+
+ _gnutls_mpi_release (¶ms[3]);
+ }
+ break;
+ }
+
+ gnutls_free (str);
+ return algo;
+}
+
+/* Reads the DER signed data from the certificate and allocates space and
+ * returns them into signed_data.
+ */
+int
+_gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signed_data)
+{
+ gnutls_datum_t der;
+ int start, end, result;
+
+ result = _gnutls_x509_der_encode (src, "", &der, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Get the signed data
+ */
+ result = asn1_der_decoding_startEnd (src, der.data, der.size,
+ src_name, &start, &end);
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_set_datum (signed_data, &der.data[start], end - start + 1);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ _gnutls_free_datum (&der);
+
+ return result;
+}
+
+/* Reads the DER signature from the certificate and allocates space and
+ * returns them into signed_data.
+ */
+int
+_gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signature)
+{
+ int bits, result, len;
+
+ signature->data = NULL;
+ signature->size = 0;
+
+ /* Read the signature
+ */
+ bits = 0;
+ result = asn1_read_value (src, src_name, NULL, &bits);
+
+ if (result != ASN1_MEM_ERROR)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if (bits % 8 != 0)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_CERTIFICATE_ERROR;
+ goto cleanup;
+ }
+
+ len = bits / 8;
+
+ signature->data = gnutls_malloc (len);
+ if (signature->data == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ return result;
+ }
+
+ /* read the bit string of the signature
+ */
+ bits = len;
+ result = asn1_read_value (src, src_name, signature->data, &bits);
+
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ signature->size = len;
+
+ return 0;
+
+cleanup:
+ return result;
+}
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <gnutls_algorithms.h>
+
+#define MAX_STRING_LEN 512
+
+#define GNUTLS_XML_SHOW_ALL 1
+
+#define PEM_CRL "X509 CRL"
+#define PEM_X509_CERT "X509 CERTIFICATE"
+#define PEM_X509_CERT2 "CERTIFICATE"
+#define PEM_PKCS7 "PKCS7"
+#define PEM_PKCS12 "PKCS12"
+
+/* public key algorithm's OIDs
+ */
+#define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1"
+#define PK_X509_RSA_OID "2.5.8.1.1"
+#define PK_DSA_OID "1.2.840.10040.4.1"
+#define PK_GOST_R3410_94_OID "1.2.643.2.2.20"
+#define PK_GOST_R3410_2001_OID "1.2.643.2.2.19"
+
+/* signature OIDs
+ */
+#define SIG_DSA_SHA1_OID "1.2.840.10040.4.3"
+/* those two from draft-ietf-pkix-sha2-dsa-ecdsa-06 */
+#define SIG_DSA_SHA224_OID "2.16.840.1.101.3.4.3.1"
+#define SIG_DSA_SHA256_OID "2.16.840.1.101.3.4.3.2"
+
+#define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4"
+#define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2"
+#define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5"
+#define SIG_RSA_SHA224_OID "1.2.840.113549.1.1.14"
+#define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11"
+#define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12"
+#define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13"
+#define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2"
+#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4"
+#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3"
+
+#define ASN1_NULL "\x05\x00"
+#define ASN1_NULL_SIZE 2
+
+int _gnutls_x509_set_time (ASN1_TYPE c2, const char *where, time_t tim);
+
+int _gnutls_x509_decode_octet_string (const char *string_type,
+ const opaque * der, size_t der_size,
+ opaque * output, size_t * output_size);
+int _gnutls_x509_oid_data2string (const char *OID, void *value,
+ int value_size, char *res,
+ size_t * res_size);
+int _gnutls_x509_data2hex (const opaque * data, size_t data_size,
+ opaque * out, size_t * sizeof_out);
+
+const char *_gnutls_x509_oid2asn_string (const char *oid);
+
+const char *_gnutls_x509_oid2ldap_string (const char *OID);
+
+int _gnutls_x509_oid_data_choice (const char *OID);
+int _gnutls_x509_oid_data_printable (const char *OID);
+
+time_t _gnutls_x509_get_time (ASN1_TYPE c2, const char *when);
+
+gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type (char *str_type);
+
+int _gnutls_x509_der_encode_and_copy (ASN1_TYPE src, const char *src_name,
+ ASN1_TYPE dest, const char *dest_name,
+ int str);
+int _gnutls_x509_der_encode (ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * res, int str);
+
+int _gnutls_x509_export_int (ASN1_TYPE asn1_data,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+int _gnutls_x509_export_int_named (ASN1_TYPE asn1_data, const char *name,
+ gnutls_x509_crt_fmt_t format,
+ const char *pem_header,
+ unsigned char *output_data,
+ size_t * output_data_size);
+
+int _gnutls_x509_read_value (ASN1_TYPE c, const char *root,
+ gnutls_datum_t * ret, int str);
+int _gnutls_x509_write_value (ASN1_TYPE c, const char *root,
+ const gnutls_datum_t * data, int str);
+
+int _gnutls_x509_encode_and_write_attribute (const char *given_oid,
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *data,
+ int sizeof_data, int multi);
+int _gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
+ const char *where, char *oid,
+ int oid_size,
+ gnutls_datum_t * value, int multi,
+ int octet);
+
+int _gnutls_x509_get_pk_algorithm (ASN1_TYPE src, const char *src_name,
+ unsigned int *bits);
+
+int _gnutls_x509_encode_and_copy_PKI_params (ASN1_TYPE dst,
+ const char *dst_name,
+ gnutls_pk_algorithm_t
+ pk_algorithm, bigint_t * params,
+ int params_size);
+int _gnutls_asn1_copy_node (ASN1_TYPE * dst, const char *dst_name,
+ ASN1_TYPE src, const char *src_name);
+
+int _gnutls_x509_get_signed_data (ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signed_data);
+int _gnutls_x509_get_signature (ASN1_TYPE src, const char *src_name,
+ gnutls_datum_t * signature);
+
+gnutls_digest_algorithm_t _gnutls_dsa_q_to_hash (bigint_t q);
+
+int _gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
+ bigint_t * params, int *params_size);
+
+int _gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params,
+ int params_size, unsigned char *output_data,
+ size_t * output_data_size);
+
+void _asnstr_append_name (char *name, size_t name_size, const char *part1,
+ const char *part2);
+
+int pubkey_verify_sig (const gnutls_datum_t * tbs,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
+ int issuer_params_size);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <libtasn1.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <common.h>
+#include <x509_b64.h>
+#include <x509_int.h>
+
+/**
+ * gnutls_x509_crl_init:
+ * @crl: The structure to be initialized
+ *
+ * This function will initialize a CRL structure. CRL stands for
+ * Certificate Revocation List. A revocation list usually contains
+ * lists of certificate serial numbers that have been revoked by an
+ * Authority. The revocation lists are always signed with the
+ * authority's private key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_init (gnutls_x509_crl_t * crl)
+{
+ *crl = gnutls_calloc (1, sizeof (gnutls_x509_crl_int));
+
+ if (*crl)
+ {
+ int result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.CertificateList",
+ &(*crl)->crl);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (*crl);
+ return _gnutls_asn2err (result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+/**
+ * gnutls_x509_crl_deinit:
+ * @crl: The structure to be initialized
+ *
+ * This function will deinitialize a CRL structure.
+ **/
+void
+gnutls_x509_crl_deinit (gnutls_x509_crl_t crl)
+{
+ if (!crl)
+ return;
+
+ if (crl->crl)
+ asn1_delete_structure (&crl->crl);
+
+ gnutls_free (crl);
+}
+
+/**
+ * gnutls_x509_crl_import:
+ * @crl: The structure to store the parsed CRL.
+ * @data: The DER or PEM encoded CRL.
+ * @format: One of DER or PEM
+ *
+ * This function will convert the given DER or PEM encoded CRL
+ * to the native #gnutls_x509_crl_t format. The output will be stored in 'crl'.
+ *
+ * If the CRL is PEM encoded it should have a header of "X509 CRL".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_import (gnutls_x509_crl_t crl,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* If the CRL is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ result = _gnutls_fbase64_decode (PEM_CRL, data->data, data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+
+ result = asn1_der_decoding (&crl->crl, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+
+ return 0;
+
+cleanup:
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
+}
+
+
+/**
+ * gnutls_x509_crl_get_issuer_dn:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @buf: a pointer to a structure to hold the peer's name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will copy the name of the CRL issuer in the provided
+ * buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC2253. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * If buf is %NULL then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the sizeof_buf will be updated
+ * with the required size, and 0 on success.
+ *
+ **/
+int
+gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf,
+ size_t * sizeof_buf)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn (crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ buf, sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crl_get_issuer_dn_by_oid:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
+ * @raw_flag: If non zero returns the raw DER data of the DN part.
+ * @buf: a pointer to a structure to hold the peer's name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will extract the part of the name of the CRL issuer
+ * specified by the given OID. The output will be encoded as described
+ * in RFC2253. The output string will be ASCII or UTF-8 encoded,
+ * depending on the certificate data.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * If raw flag is zero, this function will only return known OIDs as
+ * text. Other OIDs will be DER encoded, as described in RFC2253 -- in
+ * hex format with a '\#' prefix. You can check about known OIDs
+ * using gnutls_x509_dn_oid_known().
+ *
+ * If buf is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the sizeof_buf will be updated
+ * with the required size, and 0 on success.
+ **/
+int
+gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn_oid (crl->crl,
+ "tbsCertList.issuer.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crl_get_dn_oid:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @indx: Specifies which DN OID to send. Use zero to get the first one.
+ * @oid: a pointer to a structure to hold the name (may be null)
+ * @sizeof_oid: initially holds the size of 'oid'
+ *
+ * This function will extract the requested OID of the name of the CRL
+ * issuer, specified by the given index.
+ *
+ * If oid is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the sizeof_oid will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl,
+ int indx, void *oid, size_t * sizeof_oid)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid (crl->crl,
+ "tbsCertList.issuer.rdnSequence", indx,
+ oid, sizeof_oid);
+}
+
+
+/**
+ * gnutls_x509_crl_get_signature_algorithm:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ *
+ * This function will return a value of the #gnutls_sign_algorithm_t
+ * enumeration that is the signature algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl)
+{
+ int result;
+ gnutls_datum_t sa;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
+
+ result =
+ _gnutls_x509_read_value (crl->crl, "signatureAlgorithm.algorithm",
+ &sa, 0);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_oid2sign_algorithm ((const char *) sa.data);
+
+ _gnutls_free_datum (&sa);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crl_get_signature:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @sig: a pointer where the signature part will be copied (may be null).
+ * @sizeof_sig: initially holds the size of @sig
+ *
+ * This function will extract the signature field of a CRL.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. and a negative value on error.
+ **/
+int
+gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
+ char *sig, size_t * sizeof_sig)
+{
+ int result;
+ int bits;
+ unsigned int len;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bits = 0;
+ result = asn1_read_value (crl->crl, "signature", NULL, &bits);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (bits % 8 != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ len = bits / 8;
+
+ if (*sizeof_sig < len)
+ {
+ *sizeof_sig = bits / 8;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ result = asn1_read_value (crl->crl, "signature", sig, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_get_version:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ *
+ * This function will return the version of the specified CRL.
+ *
+ * Returns: The version number, or a negative value on error.
+ **/
+int
+gnutls_x509_crl_get_version (gnutls_x509_crl_t crl)
+{
+ opaque version[8];
+ int len, result;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof (version);
+ if ((result =
+ asn1_read_value (crl->crl, "tbsCertList.version", version,
+ &len)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return (int) version[0] + 1;
+}
+
+/**
+ * gnutls_x509_crl_get_this_update:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ *
+ * This function will return the time this CRL was issued.
+ *
+ * Returns: when the CRL was issued, or (time_t)-1 on error.
+ **/
+time_t
+gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ return _gnutls_x509_get_time (crl->crl, "tbsCertList.thisUpdate");
+}
+
+/**
+ * gnutls_x509_crl_get_next_update:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ *
+ * This function will return the time the next CRL will be issued.
+ * This field is optional in a CRL so it might be normal to get an
+ * error instead.
+ *
+ * Returns: when the next CRL will be issued, or (time_t)-1 on error.
+ **/
+time_t
+gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ return _gnutls_x509_get_time (crl->crl, "tbsCertList.nextUpdate");
+}
+
+/**
+ * gnutls_x509_crl_get_crt_count:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ *
+ * This function will return the number of revoked certificates in the
+ * given CRL.
+ *
+ * Returns: number of certificates, a negative value on failure.
+ **/
+int
+gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl)
+{
+
+ int count, result;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ asn1_number_of_elements (crl->crl,
+ "tbsCertList.revokedCertificates", &count);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return 0; /* no certificates */
+ }
+
+ return count;
+}
+
+/**
+ * gnutls_x509_crl_get_crt_serial:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @indx: the index of the certificate to extract (starting from 0)
+ * @serial: where the serial number will be copied
+ * @serial_size: initially holds the size of serial
+ * @t: if non null, will hold the time this certificate was revoked
+ *
+ * This function will retrieve the serial number of the specified, by
+ * the index, revoked certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. and a negative value on error.
+ **/
+int
+gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
+ unsigned char *serial,
+ size_t * serial_size, time_t * t)
+{
+
+ int result, _serial_size;
+ char serial_name[ASN1_MAX_NAME_SIZE];
+ char date_name[ASN1_MAX_NAME_SIZE];
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf (serial_name, sizeof (serial_name),
+ "tbsCertList.revokedCertificates.?%u.userCertificate", indx + 1);
+ snprintf (date_name, sizeof (date_name),
+ "tbsCertList.revokedCertificates.?%u.revocationDate", indx + 1);
+
+ _serial_size = *serial_size;
+ result = asn1_read_value (crl->crl, serial_name, serial, &_serial_size);
+
+ *serial_size = _serial_size;
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return _gnutls_asn2err (result);
+ }
+
+ if (t)
+ {
+ *t = _gnutls_x509_get_time (crl->crl, date_name);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_get_raw_issuer_dn:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @dn: will hold the starting point of the DN
+ *
+ * This function will return a pointer to the DER encoded DN structure
+ * and the length.
+ *
+ * Returns: a negative value on error, and zero on success.
+ *
+ * Since: 2.12.0
+ **/
+int
+gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len1;
+ int start1, end1;
+ gnutls_datum_t crl_signed_data;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* get the issuer of 'crl'
+ */
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertList",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding (&c2, crl_signed_data.data, crl_signed_data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding_startEnd (c2, crl_signed_data.data,
+ crl_signed_data.size, "issuer",
+ &start1, &end1);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ len1 = end1 - start1 + 1;
+
+ _gnutls_set_datum (dn, &crl_signed_data.data[start1], len1);
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&c2);
+ _gnutls_free_datum (&crl_signed_data);
+ return result;
+}
+
+/**
+ * gnutls_x509_crl_export:
+ * @crl: Holds the revocation list
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a private key PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will
+ * be replaced by the actual size of parameters)
+ *
+ * This function will export the revocation list to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN X509 CRL".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. and a negative value on failure.
+ **/
+int
+gnutls_x509_crl_export (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int (crl->crl, format, PEM_CRL,
+ output_data, output_data_size);
+}
+
+/*-
+ * _gnutls_x509_crl_cpy - This function copies a gnutls_x509_crl_t structure
+ * @dest: The structure where to copy
+ * @src: The structure to be copied
+ *
+ * This function will copy an X.509 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src)
+{
+ int ret;
+ size_t der_size;
+ opaque *der;
+ gnutls_datum_t tmp;
+
+ ret = gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ der = gnutls_malloc (der_size);
+ if (der == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crl_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (der);
+ return ret;
+ }
+
+ tmp.data = der;
+ tmp.size = der_size;
+ ret = gnutls_x509_crl_import (dest, &tmp, GNUTLS_X509_FMT_DER);
+
+ gnutls_free (der);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crl_get_authority_key_id:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @ret: The place where the identifier will be copied
+ * @ret_size: Holds the size of the result field.
+ * @critical: will be non zero if the extension is marked as critical
+ * (may be null)
+ *
+ * This function will return the CRL authority's key identifier. This
+ * is obtained by the X.509 Authority Key identifier extension field
+ * (2.5.29.35). Note that this function only returns the
+ * keyIdentifier field of the extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
+{
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ if (ret)
+ memset (ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &id,
+ critical)) < 0)
+ {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&id);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, id.data, id.size, NULL);
+ _gnutls_free_datum (&id);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ len = *ret_size;
+ result = asn1_read_value (c2, "keyIdentifier", ret, &len);
+
+ *ret_size = len;
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_get_number:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @ret: The place where the number will be copied
+ * @ret_size: Holds the size of the result field.
+ * @critical: will be non zero if the extension is marked as critical
+ * (may be null)
+ *
+ * This function will return the CRL number extension. This is
+ * obtained by the CRL Number extension field (2.5.29.20).
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret,
+ size_t * ret_size, unsigned int *critical)
+{
+ int result;
+ gnutls_datum_t id;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ if (ret)
+ memset (ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &id,
+ critical)) < 0)
+ {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = _gnutls_x509_ext_extract_number (ret, ret_size, id.data, id.size);
+
+ _gnutls_free_datum (&id);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_get_extension_oid:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @indx: Specifies which extension OID to send, use zero to get the first one.
+ * @oid: a pointer to a structure to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ *
+ * This function will return the requested extension OID in the CRL.
+ * The extension OID will be stored as a string in the provided
+ * buffer.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If your have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid)
+{
+ int result;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_crl_get_extension_oid (crl, indx, oid, sizeof_oid);
+ if (result < 0)
+ {
+ return result;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crl_get_extension_info:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @indx: Specifies which extension OID to send, use zero to get the first one.
+ * @oid: a pointer to a structure to hold the OID
+ * @sizeof_oid: initially holds the maximum size of @oid, on return
+ * holds actual size of @oid.
+ * @critical: output variable with critical flag, may be NULL.
+ *
+ * This function will return the requested extension OID in the CRL,
+ * and the critical flag for it. The extension OID will be stored as
+ * a string in the provided buffer. Use
+ * gnutls_x509_crl_get_extension_data() to extract the data.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@sizeof_oid is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
+ * returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If your have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx,
+ void *oid, size_t * sizeof_oid,
+ int *critical)
+{
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!crl)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnID",
+ indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value (crl->crl, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.critical",
+ indx + 1);
+ len = sizeof (str_critical);
+ result = asn1_read_value (crl->crl, name, str_critical, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (critical)
+ {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crl_get_extension_data:
+ * @crl: should contain a #gnutls_x509_crl_t structure
+ * @indx: Specifies which extension OID to send. Use zero to get the first one.
+ * @data: a pointer to a structure to hold the data (may be null)
+ * @sizeof_data: initially holds the size of @oid
+ *
+ * This function will return the requested extension data in the CRL.
+ * The extension data will be stored as a string in the provided
+ * buffer.
+ *
+ * Use gnutls_x509_crl_get_extension_info() to extract the OID and
+ * critical flag. Use gnutls_x509_crl_get_extension_info() instead,
+ * if you want to get data indexed by the extension OID rather than
+ * sequence.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If your have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx,
+ void *data, size_t * sizeof_data)
+{
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ if (!crl)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf (name, sizeof (name), "tbsCertList.crlExtensions.?%u.extnValue",
+ indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value (crl->crl, name, data, &len);
+ *sizeof_data = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains functions to handle CRL generation.
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <common.h>
+#include <gnutls_x509.h>
+#include <x509_b64.h>
+#include <x509_int.h>
+#include <libtasn1.h>
+
+static void disable_optional_stuff (gnutls_x509_crl_t crl);
+
+/**
+ * gnutls_x509_crl_set_version:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @version: holds the version number. For CRLv1 crls must be 1.
+ *
+ * This function will set the version of the CRL. This
+ * must be one for CRL version 1, and so on. The CRLs generated
+ * by gnutls should have a version number of 2.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version)
+{
+ int result;
+ uint8_t null = version & 0xFF;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null -= 1;
+
+ result = asn1_write_value (crl->crl, "tbsCertList.version", &null, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_sign2:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
+ * @flags: must be 0
+ *
+ * This function will sign the CRL with the issuer's private key, and
+ * will copy the issuer's information into the CRL.
+ *
+ * This must be the last step in a certificate CRL since all
+ * the previously set parameters are now signed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Deprecated: Use gnutls_x509_crl_privkey_sign() instead.
+ **/
+int
+gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
+{
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crl == NULL || issuer == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init (&privkey);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ result = gnutls_x509_crl_privkey_sign (crl, issuer, privkey, dig, flags);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ result = 0;
+
+fail:
+ gnutls_privkey_deinit (privkey);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crl_sign:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ *
+ * This function is the same a gnutls_x509_crl_sign2() with no flags, and
+ * SHA1 as the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Deprecated: Use gnutls_x509_crl_privkey_sign().
+ */
+int
+gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
+{
+ return gnutls_x509_crl_sign2 (crl, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
+}
+
+/**
+ * gnutls_x509_crl_set_this_update:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @act_time: The actual time
+ *
+ * This function will set the time this CRL was issued.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_time (crl->crl, "tbsCertList.thisUpdate", act_time);
+}
+
+/**
+ * gnutls_x509_crl_set_next_update:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @exp_time: The actual time
+ *
+ * This function will set the time this CRL will be updated.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time)
+{
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time (crl->crl, "tbsCertList.nextUpdate", exp_time);
+}
+
+/**
+ * gnutls_x509_crl_set_crt_serial:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @serial: The revoked certificate's serial number
+ * @serial_size: Holds the size of the serial field.
+ * @revocation_time: The time this certificate was revoked
+ *
+ * This function will set a revoked certificate's serial number to the CRL.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
+ const void *serial, size_t serial_size,
+ time_t revocation_time)
+{
+ int ret;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ asn1_write_value (crl->crl, "tbsCertList.revokedCertificates", "NEW", 1);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ ret =
+ asn1_write_value (crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.userCertificate",
+ serial, serial_size);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ ret =
+ _gnutls_x509_set_time (crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.revocationDate",
+ revocation_time);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ asn1_write_value (crl->crl,
+ "tbsCertList.revokedCertificates.?LAST.crlEntryExtensions",
+ NULL, 0);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_set_crt:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @crt: a certificate of type #gnutls_x509_crt_t with the revoked certificate
+ * @revocation_time: The time this certificate was revoked
+ *
+ * This function will set a revoked certificate's serial number to the CRL.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt,
+ time_t revocation_time)
+{
+ int ret;
+ opaque serial[128];
+ size_t serial_size;
+
+ if (crl == NULL || crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ serial_size = sizeof (serial);
+ ret = gnutls_x509_crt_get_serial (crt, serial, &serial_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ gnutls_x509_crl_set_crt_serial (crl, serial, serial_size,
+ revocation_time);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ return 0;
+}
+
+
+/* If OPTIONAL fields have not been initialized then
+ * disable them.
+ */
+static void
+disable_optional_stuff (gnutls_x509_crl_t crl)
+{
+
+ if (crl->use_extensions == 0)
+ {
+ asn1_write_value (crl->crl, "tbsCertList.crlExtensions", NULL, 0);
+ }
+
+ return;
+}
+
+/**
+ * gnutls_x509_crl_set_authority_key_id:
+ * @crl: a CRL of type #gnutls_x509_crl_t
+ * @id: The key ID
+ * @id_size: Holds the size of the serial field.
+ *
+ * This function will set the CRL's authority key ID extension. Only
+ * the keyIdentifier field can be set with this function.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl,
+ const void *id, size_t id_size)
+{
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crl_get_extension (crl, "2.5.29.35", 0, &old_id, &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum (&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_auth_key_id (id, id_size, &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crl_set_extension (crl, "2.5.29.35", &der_data, 0);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crl->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_set_number:
+ * @crl: a CRL of type #gnutls_x509_crl_t
+ * @nr: The CRL number
+ * @nr_size: Holds the size of the nr field.
+ *
+ * This function will set the CRL's number extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crl_set_number (gnutls_x509_crl_t crl,
+ const void *nr, size_t nr_size)
+{
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (crl == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crl_get_extension (crl, "2.5.29.20", 0, &old_id, &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum (&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_number (nr, nr_size, &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crl_set_extension (crl, "2.5.29.20", &der_data, 0);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crl->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crl_privkey_sign:
+ * @crl: should contain a gnutls_x509_crl_t structure
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing.
+ * @flags: must be 0
+ *
+ * This function will sign the CRL with the issuer's private key, and
+ * will copy the issuer's information into the CRL.
+ *
+ * This must be the last step in a certificate CRL since all
+ * the previously set parameters are now signed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_privkey_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
+{
+ int result;
+
+ if (crl == NULL || issuer == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff (crl);
+
+ result = _gnutls_x509_pkix_sign (crl->crl, "tbsCertList",
+ dig, issuer, issuer_key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2008, 2009, 2010, 2011 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains functions to handle PKCS #10 certificate
+ requests, see RFC 2986.
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <common.h>
+#include <gnutls_x509.h>
+#include <x509_b64.h>
+#include "x509_int.h"
+#include <libtasn1.h>
+
+/**
+ * gnutls_x509_crq_init:
+ * @crq: The structure to be initialized
+ *
+ * This function will initialize a PKCS#10 certificate request
+ * structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_init (gnutls_x509_crq_t * crq)
+{
+ int result;
+
+ *crq = gnutls_calloc (1, sizeof (gnutls_x509_crq_int));
+ if (!*crq)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-10-CertificationRequest",
+ &((*crq)->crq));
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (*crq);
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_deinit:
+ * @crq: The structure to be initialized
+ *
+ * This function will deinitialize a PKCS#10 certificate request
+ * structure.
+ **/
+void
+gnutls_x509_crq_deinit (gnutls_x509_crq_t crq)
+{
+ if (!crq)
+ return;
+
+ if (crq->crq)
+ asn1_delete_structure (&crq->crq);
+
+ gnutls_free (crq);
+}
+
+#define PEM_CRQ "NEW CERTIFICATE REQUEST"
+#define PEM_CRQ2 "CERTIFICATE REQUEST"
+
+/**
+ * gnutls_x509_crq_import:
+ * @crq: The structure to store the parsed certificate request.
+ * @data: The DER or PEM encoded certificate.
+ * @format: One of DER or PEM
+ *
+ * This function will convert the given DER or PEM encoded certificate
+ * request to a #gnutls_x509_crq_t structure. The output will be
+ * stored in @crq.
+ *
+ * If the Certificate is PEM encoded it should have a header of "NEW
+ * CERTIFICATE REQUEST".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_import (gnutls_x509_crq_t crq,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ /* Try the first header */
+ result = _gnutls_fbase64_decode (PEM_CRQ, data->data, data->size, &out);
+
+ if (result <= 0) /* Go for the second header */
+ result =
+ _gnutls_fbase64_decode (PEM_CRQ2, data->data, data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+ result = asn1_der_decoding (&crq->crq, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
+}
+
+
+
+/**
+ * gnutls_x509_crq_get_dn:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @buf: a pointer to a structure to hold the name (may be %NULL)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will copy the name of the Certificate request subject
+ * to the provided buffer. The name will be in the form
+ * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC 2253. The output string
+ * @buf will be ASCII or UTF-8 encoded, depending on the certificate
+ * data.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ * long enough, and in that case the *@sizeof_buf will be updated with
+ * the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn (crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ buf, sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crq_get_dn_by_oid:
+ * @crq: should contain a gnutls_x509_crq_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the RDN, this specifies
+ * which to send. Use zero to get the first one.
+ * @raw_flag: If non zero returns the raw DER data of the DN part.
+ * @buf: a pointer to a structure to hold the name (may be %NULL)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will extract the part of the name of the Certificate
+ * request subject, specified by the given OID. The output will be
+ * encoded as described in RFC2253. The output string will be ASCII
+ * or UTF-8 encoded, depending on the certificate data.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * If raw flag is zero, this function will only return known OIDs as
+ * text. Other OIDs will be DER encoded, as described in RFC2253 --
+ * in hex format with a '\#' prefix. You can check about known OIDs
+ * using gnutls_x509_dn_oid_known().
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the *@sizeof_buf will be
+ * updated with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn_oid
+ (crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crq_get_dn_oid:
+ * @crq: should contain a gnutls_x509_crq_t structure
+ * @indx: Specifies which DN OID to send. Use zero to get the first one.
+ * @oid: a pointer to a structure to hold the name (may be %NULL)
+ * @sizeof_oid: initially holds the size of @oid
+ *
+ * This function will extract the requested OID of the name of the
+ * certificate request subject, specified by the given index.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the *@sizeof_oid will be
+ * updated with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq,
+ int indx, void *oid, size_t * sizeof_oid)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid (crq->crq,
+ "certificationRequestInfo.subject.rdnSequence",
+ indx, oid, sizeof_oid);
+}
+
+/* Parses an Attribute list in the asn1_struct, and searches for the
+ * given OID. The index indicates the attribute value to be returned.
+ *
+ * If raw==0 only printable data are returned, or
+ * GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE.
+ *
+ * asn1_attr_name must be a string in the form
+ * "certificationRequestInfo.attributes"
+ *
+ */
+static int
+parse_attribute (ASN1_TYPE asn1_struct,
+ const char *attr_name, const char *given_oid, int indx,
+ int raw, char *buf, size_t * sizeof_buf)
+{
+ int k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ char value[200];
+ char oid[MAX_OID_SIZE];
+ int len, printable;
+
+ k1 = 0;
+ do
+ {
+
+ k1++;
+ /* create a string like "attribute.?1"
+ */
+ if (attr_name[0] != 0)
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", attr_name, k1);
+ else
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Move to the attibute type and values
+ */
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer1);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (strcmp (oid, given_oid) == 0)
+ { /* Found the OID */
+
+ /* Read the Value
+ */
+ snprintf (tmpbuffer3, sizeof (tmpbuffer3), "%s.values.?%u",
+ tmpbuffer1, indx + 1);
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, value, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (raw == 0)
+ {
+ printable = _gnutls_x509_oid_data_printable (oid);
+ if (printable == 1)
+ {
+ if ((result =
+ _gnutls_x509_oid_data2string
+ (oid, value, len, buf, sizeof_buf)) < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ return 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE;
+ }
+ }
+ else
+ { /* raw!=0 */
+ if (*sizeof_buf >= (size_t) len && buf != NULL)
+ {
+ *sizeof_buf = len;
+ memcpy (buf, value, len);
+
+ return 0;
+ }
+ else
+ {
+ *sizeof_buf = len;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ }
+ }
+
+ }
+ while (1);
+
+ gnutls_assert ();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+cleanup:
+ return result;
+}
+
+/**
+ * gnutls_x509_crq_get_challenge_password:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @pass: will hold a zero-terminated password string
+ * @sizeof_pass: Initially holds the size of @pass.
+ *
+ * This function will return the challenge password in the request.
+ * The challenge password is intended to be used for requesting a
+ * revocation of the certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
+ char *pass, size_t * sizeof_pass)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return parse_attribute (crq->crq, "certificationRequestInfo.attributes",
+ "1.2.840.113549.1.9.7", 0, 0, pass, sizeof_pass);
+}
+
+/* This function will attempt to set the requested attribute in
+ * the given X509v3 certificate.
+ *
+ * Critical will be either 0 or 1.
+ */
+static int
+add_attribute (ASN1_TYPE asn, const char *root, const char *attribute_id,
+ const gnutls_datum_t * ext_data)
+{
+ int result;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf (name, sizeof (name), "%s", root);
+
+ /* Add a new attribute in the list.
+ */
+ result = asn1_write_value (asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ snprintf (name, sizeof (name), "%s.?LAST.type", root);
+
+ result = asn1_write_value (asn, name, attribute_id, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ snprintf (name, sizeof (name), "%s.?LAST.values", root);
+
+ result = asn1_write_value (asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ snprintf (name, sizeof (name), "%s.?LAST.values.?LAST", root);
+
+ result = _gnutls_x509_write_value (asn, name, ext_data, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* Overwrite the given attribute (using the index)
+ * index here starts from one.
+ */
+static int
+overwrite_attribute (ASN1_TYPE asn, const char *root, unsigned int indx,
+ const gnutls_datum_t * ext_data)
+{
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ int result;
+
+ snprintf (name, sizeof (name), "%s.?%u", root, indx);
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".values.?LAST");
+
+ result = _gnutls_x509_write_value (asn, name2, ext_data, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+
+ return 0;
+}
+
+static int
+set_attribute (ASN1_TYPE asn, const char *root,
+ const char *ext_id, const gnutls_datum_t * ext_data)
+{
+ int result;
+ int k, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char extnID[MAX_OID_SIZE];
+
+ /* Find the index of the given attribute.
+ */
+ k = 0;
+ do
+ {
+ k++;
+
+ snprintf (name, sizeof (name), "%s.?%u", root, k);
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name, extnID, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+
+ do
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".type");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp (extnID, ext_id) == 0)
+ {
+ /* attribute was found
+ */
+ return overwrite_attribute (asn, root, k, ext_data);
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return add_attribute (asn, root, ext_id, ext_data);
+ }
+ else
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_set_attribute_by_oid:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @oid: holds an Object Identified in zero-terminated string
+ * @buf: a pointer to a structure that holds the attribute data
+ * @sizeof_buf: holds the size of @buf
+ *
+ * This function will set the attribute in the certificate request
+ * specified by the given Object ID. The attribute must be be DER
+ * encoded.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
+ const char *oid, void *buf,
+ size_t sizeof_buf)
+{
+ gnutls_datum_t data;
+
+ data.data = buf;
+ data.size = sizeof_buf;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return set_attribute (crq->crq, "certificationRequestInfo.attributes",
+ oid, &data);
+}
+
+/**
+ * gnutls_x509_crq_get_attribute_by_oid:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @oid: holds an Object Identified in zero-terminated string
+ * @indx: In case multiple same OIDs exist in the attribute list, this
+ * specifies which to send, use zero to get the first one
+ * @buf: a pointer to a structure to hold the attribute data (may be %NULL)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will return the attribute in the certificate request
+ * specified by the given Object ID. The attribute will be DER
+ * encoded.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
+ const char *oid, int indx, void *buf,
+ size_t * sizeof_buf)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return parse_attribute (crq->crq, "certificationRequestInfo.attributes",
+ oid, indx, 1, buf, sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crq_set_dn_by_oid:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @oid: holds an Object Identifier in a zero-terminated string
+ * @raw_flag: must be 0, or 1 if the data are DER encoded
+ * @data: a pointer to the input data
+ * @sizeof_data: holds the size of @data
+ *
+ * This function will set the part of the name of the Certificate
+ * request subject, specified by the given OID. The input string
+ * should be ASCII or UTF-8 encoded.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * With this function you can only set the known OIDs. You can test
+ * for known OIDs using gnutls_x509_dn_oid_known(). For OIDs that are
+ * not known (by gnutls) you should properly DER encode your data, and
+ * call this function with raw_flag set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid,
+ unsigned int raw_flag, const void *data,
+ unsigned int sizeof_data)
+{
+ if (sizeof_data == 0 || data == NULL || crq == NULL)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid (crq->crq,
+ "certificationRequestInfo.subject", oid,
+ raw_flag, data, sizeof_data);
+}
+
+/**
+ * gnutls_x509_crq_set_version:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @version: holds the version number, for v1 Requests must be 1
+ *
+ * This function will set the version of the certificate request. For
+ * version 1 requests this must be one.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version)
+{
+ int result;
+ unsigned char null = version;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null--;
+
+ result =
+ asn1_write_value (crq->crq, "certificationRequestInfo.version", &null, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_get_version:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ *
+ * This function will return the version of the specified Certificate
+ * request.
+ *
+ * Returns: version of certificate request, or a negative value on
+ * error.
+ **/
+int
+gnutls_x509_crq_get_version (gnutls_x509_crq_t crq)
+{
+ opaque version[8];
+ int len, result;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof (version);
+ if ((result =
+ asn1_read_value (crq->crq, "certificationRequestInfo.version",
+ version, &len)) != ASN1_SUCCESS)
+ {
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return (int) version[0] + 1;
+}
+
+/**
+ * gnutls_x509_crq_set_key:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @key: holds a private key
+ *
+ * This function will set the public parameters from the given private
+ * key to the request. Only RSA keys are currently supported.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
+{
+ int result;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ key->pk_algorithm, key->params, key->params_size);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_get_key_rsa_raw:
+ * @crq: Holds the certificate
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ *
+ * This function will export the RSA public key's parameters found in
+ * the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq,
+ gnutls_datum_t * m, gnutls_datum_t * e)
+{
+ int ret;
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crq_get_pk_algorithm (crq, NULL);
+ if (ret != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crq_get_mpis (crq, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint (params[0], m);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint (params[1], e);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return ret;
+}
+
+/**
+ * gnutls_x509_crq_set_key_rsa_raw:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @m: holds the modulus
+ * @e: holds the public exponent
+ *
+ * This function will set the public parameters from the given private
+ * key to the request. Only RSA keys are currently supported.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e)
+{
+ int result, ret;
+ size_t siz = 0;
+ bigint_t temp_params[RSA_PUBLIC_PARAMS];
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ memset (temp_params, 0, sizeof (temp_params));
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz (&temp_params[0], m->data, siz))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz (&temp_params[1], e->data, siz))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MPI_SCAN_FAILED;
+ goto error;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params
+ (crq->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ GNUTLS_PK_RSA, temp_params, RSA_PUBLIC_PARAMS);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ ret = result;
+ goto error;
+ }
+
+ ret = 0;
+
+error:
+ _gnutls_mpi_release (&temp_params[0]);
+ _gnutls_mpi_release (&temp_params[1]);
+ return ret;
+}
+
+/**
+ * gnutls_x509_crq_set_challenge_password:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @pass: holds a zero-terminated password
+ *
+ * This function will set a challenge password to be used when
+ * revoking the request.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
+ const char *pass)
+{
+ int result;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Add the attribute.
+ */
+ result = asn1_write_value (crq->crq, "certificationRequestInfo.attributes",
+ "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_encode_and_write_attribute
+ ("1.2.840.113549.1.9.7", crq->crq,
+ "certificationRequestInfo.attributes.?LAST", pass, strlen (pass), 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_sign2:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @key: holds a private key
+ * @dig: The message digest to use, i.e., %GNUTLS_DIG_SHA1
+ * @flags: must be 0
+ *
+ * This function will sign the certificate request with a private key.
+ * This must be the same key as the one used in
+ * gnutls_x509_crt_set_key() since a certificate request is self
+ * signed.
+ *
+ * This must be the last step in a certificate request generation
+ * since all the previously set parameters are now signed.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ * %GNUTLS_E_ASN1_VALUE_NOT_FOUND is returned if you didn't set all
+ * information in the certificate request (e.g., the version using
+ * gnutls_x509_crq_set_version()).
+ *
+ * Deprecated: Use gnutls_x509_crq_privkey_sign() instead.
+ **/
+int
+gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
+{
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init (&privkey);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509 (privkey, key, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ result = gnutls_x509_crq_privkey_sign (crq, privkey, dig, flags);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ result = 0;
+
+fail:
+ gnutls_privkey_deinit (privkey);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crq_sign:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @key: holds a private key
+ *
+ * This function is the same a gnutls_x509_crq_sign2() with no flags,
+ * and SHA1 as the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Deprecated: Use gnutls_x509_crq_privkey_sign() instead.
+ */
+int
+gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key)
+{
+ return gnutls_x509_crq_sign2 (crq, key, GNUTLS_DIG_SHA1, 0);
+}
+
+/**
+ * gnutls_x509_crq_export:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a certificate request PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the certificate request to a PEM or DER
+ * encoded PKCS10 structure.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER will be returned and
+ * *@output_data_size will be updated.
+ *
+ * If the structure is PEM encoded, it will have a header of "BEGIN
+ * NEW CERTIFICATE REQUEST".
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_x509_crq_export (gnutls_x509_crq_t crq,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int (crq->crq, format, PEM_CRQ,
+ output_data, output_data_size);
+}
+
+/**
+ * gnutls_x509_crq_get_pk_algorithm:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @bits: if bits is non-%NULL it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of a PKCS#10
+ * certificate request.
+ *
+ * If bits is non-%NULL, it should have enough size to hold the
+ * parameters size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public exponent.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ **/
+int
+gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits)
+{
+ int result;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_get_pk_algorithm
+ (crq->crq, "certificationRequestInfo.subjectPKInfo", bits);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crq_get_attribute_info:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @indx: Specifies which attribute OID to send. Use zero to get the first one.
+ * @oid: a pointer to a structure to hold the OID
+ * @sizeof_oid: initially holds the maximum size of @oid, on return
+ * holds actual size of @oid.
+ *
+ * This function will return the requested attribute OID in the
+ * certificate, and the critical flag for it. The attribute OID will
+ * be stored as a string in the provided buffer. Use
+ * gnutls_x509_crq_get_attribute_data() to extract the data.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@sizeof_oid is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
+ * returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If your have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid)
+{
+ int result;
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!crq)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf (name, sizeof (name),
+ "certificationRequestInfo.attributes.?%u.type", indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value (crq->crq, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crq_get_attribute_data:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @indx: Specifies which attribute OID to send. Use zero to get the first one.
+ * @data: a pointer to a structure to hold the data (may be null)
+ * @sizeof_data: initially holds the size of @oid
+ *
+ * This function will return the requested attribute data in the
+ * certificate request. The attribute data will be stored as a string in the
+ * provided buffer.
+ *
+ * Use gnutls_x509_crq_get_attribute_info() to extract the OID.
+ * Use gnutls_x509_crq_get_attribute_by_oid() instead,
+ * if you want to get data indexed by the attribute OID rather than
+ * sequence.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If your have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data)
+{
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ if (!crq)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf (name, sizeof (name),
+ "certificationRequestInfo.attributes.?%u.values.?1", indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value (crq->crq, name, data, &len);
+ *sizeof_data = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_get_extension_info:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @indx: Specifies which extension OID to send. Use zero to get the first one.
+ * @oid: a pointer to a structure to hold the OID
+ * @sizeof_oid: initially holds the maximum size of @oid, on return
+ * holds actual size of @oid.
+ * @critical: output variable with critical flag, may be NULL.
+ *
+ * This function will return the requested extension OID in the
+ * certificate, and the critical flag for it. The extension OID will
+ * be stored as a string in the provided buffer. Use
+ * gnutls_x509_crq_get_extension_data() to extract the data.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@sizeof_oid is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
+ * returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If your have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx,
+ void *oid, size_t * sizeof_oid,
+ int *critical)
+{
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ char *extensions = NULL;
+ size_t extensions_size = 0;
+ ASN1_TYPE c2;
+ int len;
+
+ if (!crq)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read extensionRequest */
+ result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
+ 0, NULL, &extensions_size);
+ if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ extensions = gnutls_malloc (extensions_size);
+ if (extensions == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid (crq,
+ "1.2.840.113549.1.9.14",
+ 0, extensions,
+ &extensions_size);
+ }
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto out;
+ }
+
+ result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto out;
+ }
+
+ result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ result = _gnutls_asn2err (result);
+ goto out;
+ }
+
+ snprintf (name, sizeof (name), "?%u.extnID", indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value (c2, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ asn1_delete_structure (&c2);
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto out;
+ }
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ result = _gnutls_asn2err (result);
+ goto out;
+ }
+
+ snprintf (name, sizeof (name), "?%u.critical", indx + 1);
+ len = sizeof (str_critical);
+ result = asn1_read_value (c2, name, str_critical, &len);
+
+ asn1_delete_structure (&c2);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto out;
+ }
+
+ if (critical)
+ {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ result = 0;
+
+out:
+ gnutls_free (extensions);
+ return result;
+}
+
+/**
+ * gnutls_x509_crq_get_extension_data:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @indx: Specifies which extension OID to send. Use zero to get the first one.
+ * @data: a pointer to a structure to hold the data (may be null)
+ * @sizeof_data: initially holds the size of @oid
+ *
+ * This function will return the requested extension data in the
+ * certificate. The extension data will be stored as a string in the
+ * provided buffer.
+ *
+ * Use gnutls_x509_crq_get_extension_info() to extract the OID and
+ * critical flag. Use gnutls_x509_crq_get_extension_by_oid() instead,
+ * if you want to get data indexed by the extension OID rather than
+ * sequence.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If your have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx,
+ void *data, size_t * sizeof_data)
+{
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+ unsigned char *extensions;
+ size_t extensions_size = 0;
+ ASN1_TYPE c2;
+
+ if (!crq)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read extensionRequest */
+ result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
+ 0, NULL, &extensions_size);
+ if (result != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ if (result == 0)
+ return GNUTLS_E_INTERNAL_ERROR;
+ return result;
+ }
+
+ extensions = gnutls_malloc (extensions_size);
+ if (extensions == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
+ 0, extensions,
+ &extensions_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (extensions);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
+ gnutls_free (extensions);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ snprintf (name, sizeof (name), "?%u.extnValue", indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value (c2, name, data, &len);
+ *sizeof_data = len;
+
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_get_key_usage:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @key_usage: where the key usage bits will be stored
+ * @critical: will be non zero if the extension is marked as critical
+ *
+ * This function will return certificate's key usage, by reading the
+ * keyUsage X.509 extension (2.5.29.15). The key usage value will
+ * ORed values of the: %GNUTLS_KEY_DIGITAL_SIGNATURE,
+ * %GNUTLS_KEY_NON_REPUDIATION, %GNUTLS_KEY_KEY_ENCIPHERMENT,
+ * %GNUTLS_KEY_DATA_ENCIPHERMENT, %GNUTLS_KEY_KEY_AGREEMENT,
+ * %GNUTLS_KEY_KEY_CERT_SIGN, %GNUTLS_KEY_CRL_SIGN,
+ * %GNUTLS_KEY_ENCIPHER_ONLY, %GNUTLS_KEY_DECIPHER_ONLY.
+ *
+ * Returns: the certificate key usage, or a negative value in case of
+ * parsing error. If the certificate does not contain the keyUsage
+ * extension %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be
+ * returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq,
+ unsigned int *key_usage,
+ unsigned int *critical)
+{
+ int result;
+ uint16_t _usage;
+ opaque buf[128];
+ size_t buf_size = sizeof (buf);
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.15", 0,
+ buf, &buf_size, critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_ext_extract_keyUsage (&_usage, buf, buf_size);
+
+ *key_usage = _usage;
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_get_basic_constraints:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @critical: will be non zero if the extension is marked as critical
+ * @ca: pointer to output integer indicating CA status, may be NULL,
+ * value is 1 if the certificate CA flag is set, 0 otherwise.
+ * @pathlen: pointer to output integer indicating path length (may be
+ * NULL), non-negative values indicate a present pathLenConstraint
+ * field and the actual value, -1 indicate that the field is absent.
+ *
+ * This function will read the certificate's basic constraints, and
+ * return the certificates CA status. It reads the basicConstraints
+ * X.509 extension (2.5.29.19).
+ *
+ * Return value: If the certificate is a CA a positive value will be
+ * returned, or zero if the certificate does not have CA flag set.
+ * A negative value may be returned in case of errors. If the
+ * certificate does not contain the basicConstraints extension
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq,
+ unsigned int *critical,
+ int *ca, int *pathlen)
+{
+ int result;
+ int tmp_ca;
+ opaque buf[256];
+ size_t buf_size = sizeof (buf);
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.19", 0,
+ buf, &buf_size, critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
+ pathlen, buf, buf_size);
+ if (ca)
+ *ca = tmp_ca;
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return tmp_ca;
+}
+
+static int
+get_subject_alt_name (gnutls_x509_crq_t crq,
+ unsigned int seq, void *ret,
+ size_t * ret_size, unsigned int *ret_type,
+ unsigned int *critical, int othername_oid)
+{
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_x509_subject_alt_name_t type;
+ gnutls_datum_t dnsname = { NULL, 0 };
+ size_t dns_size = 0;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (ret)
+ memset (ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ /* Extract extension.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
+ NULL, &dns_size, critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ dnsname.size = dns_size;
+ dnsname.data = gnutls_malloc (dnsname.size);
+ if (dnsname.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
+ dnsname.data, &dns_size,
+ critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (dnsname.data);
+ return result;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.SubjectAltName", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (dnsname.data);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL);
+ gnutls_free (dnsname.data);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_parse_general_name (c2, "", seq, ret, ret_size,
+ ret_type, othername_oid);
+ asn1_delete_structure (&c2);
+ if (result < 0)
+ {
+ return result;
+ }
+
+ type = result;
+
+ return type;
+}
+
+/**
+ * gnutls_x509_crq_get_subject_alt_name:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @seq: specifies the sequence number of the alt name, 0 for the
+ * first one, 1 for the second etc.
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ * @ret_type: holds the #gnutls_x509_subject_alt_name_t name type
+ * @critical: will be non zero if the extension is marked as critical
+ * (may be null)
+ *
+ * This function will return the alternative names, contained in the
+ * given certificate. It is the same as
+ * gnutls_x509_crq_get_subject_alt_name() except for the fact that it
+ * will return the type of the alternative name in @ret_type even if
+ * the function fails for some reason (i.e. the buffer provided is
+ * not enough).
+ *
+ * Returns: the alternative subject name type on success, one of the
+ * enumerated #gnutls_x509_subject_alt_name_t. It will return
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to
+ * hold the value. In that case @ret_size will be updated with the
+ * required size. If the certificate request does not have an
+ * Alternative name with the specified sequence number then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
+{
+ return get_subject_alt_name (crq, seq, ret, ret_size, ret_type, critical,
+ 0);
+}
+
+/**
+ * gnutls_x509_crq_get_subject_alt_othername_oid:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the otherName OID will be copied to
+ * @ret_size: holds the size of ret.
+ *
+ * This function will extract the type OID of an otherName Subject
+ * Alternative Name, contained in the given certificate, and return
+ * the type as an enumerated element.
+ *
+ * This function is only useful if
+ * gnutls_x509_crq_get_subject_alt_name() returned
+ * %GNUTLS_SAN_OTHERNAME.
+ *
+ * Returns: the alternative subject name type on success, one of the
+ * enumerated gnutls_x509_subject_alt_name_t. For supported OIDs,
+ * it will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
+ * e.g. %GNUTLS_SAN_OTHERNAME_XMPP, and %GNUTLS_SAN_OTHERNAME for
+ * unknown OIDs. It will return %GNUTLS_E_SHORT_MEMORY_BUFFER if
+ * @ret_size is not large enough to hold the value. In that case
+ * @ret_size will be updated with the required size. If the
+ * certificate does not have an Alternative name with the specified
+ * sequence number and with the otherName type then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq,
+ unsigned int seq,
+ void *ret, size_t * ret_size)
+{
+ return get_subject_alt_name (crq, seq, ret, ret_size, NULL, NULL, 1);
+}
+
+/**
+ * gnutls_x509_crq_get_extension_by_oid:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the extensions, this
+ * specifies which to send. Use zero to get the first one.
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ * @critical: will be non zero if the extension is marked as critical
+ *
+ * This function will return the extension specified by the OID in
+ * the certificate. The extensions will be returned as binary data
+ * DER encoded, in the provided buffer.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative value in case of an error. If the certificate does not
+ * contain the specified extension
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq,
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf,
+ unsigned int *critical)
+{
+ int result;
+ unsigned int i;
+ char _oid[MAX_OID_SIZE];
+ size_t oid_size;
+
+ for (i = 0;; i++)
+ {
+ oid_size = sizeof (_oid);
+ result =
+ gnutls_x509_crq_get_extension_info (crq, i, _oid, &oid_size,
+ critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (strcmp (oid, _oid) == 0)
+ { /* found */
+ if (indx == 0)
+ return gnutls_x509_crq_get_extension_data (crq, i, buf,
+ sizeof_buf);
+ else
+ indx--;
+ }
+ }
+
+
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+}
+
+/**
+ * gnutls_x509_crq_set_subject_alt_name:
+ * @crq: a certificate request of type #gnutls_x509_crq_t
+ * @nt: is one of the #gnutls_x509_subject_alt_name_t enumerations
+ * @data: The data to be set
+ * @data_size: The size of data to be set
+ * @flags: %GNUTLS_FSAN_SET to clear previous data or
+ * %GNUTLS_FSAN_APPEND to append.
+ *
+ * This function will set the subject alternative name certificate
+ * extension. It can set the following types:
+ *
+ * &GNUTLS_SAN_DNSNAME: as a text string
+ *
+ * &GNUTLS_SAN_RFC822NAME: as a text string
+ *
+ * &GNUTLS_SAN_URI: as a text string
+ *
+ * &GNUTLS_SAN_IPADDRESS: as a binary IP address (4 or 16 bytes)
+ *
+ * Other values can be set as binary values with the proper DER encoding.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq,
+ gnutls_x509_subject_alt_name_t nt,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
+{
+ int result = 0;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t prev_der_data = { NULL, 0 };
+ unsigned int critical = 0;
+ size_t prev_data_size = 0;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ if (flags == GNUTLS_FSAN_APPEND)
+ {
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
+ NULL, &prev_data_size,
+ &critical);
+ prev_der_data.size = prev_data_size;
+
+ switch (result)
+ {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ /* Replacing non-existing data means the same as set data. */
+ break;
+
+ case GNUTLS_E_SUCCESS:
+ prev_der_data.data = gnutls_malloc (prev_der_data.size);
+ if (prev_der_data.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.17", 0,
+ prev_der_data.data,
+ &prev_data_size,
+ &critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (prev_der_data.data);
+ return result;
+ }
+ break;
+
+ default:
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_subject_alt_name (nt, data, data_size,
+ &prev_der_data, &der_data);
+ gnutls_free (prev_der_data.data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto finish;
+ }
+
+ result = _gnutls_x509_crq_set_extension (crq, "2.5.29.17", &der_data,
+ critical);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+
+finish:
+ return result;
+}
+
+/**
+ * gnutls_x509_crq_set_basic_constraints:
+ * @crq: a certificate request of type #gnutls_x509_crq_t
+ * @ca: true(1) or false(0) depending on the Certificate authority status.
+ * @pathLenConstraint: non-negative values indicate maximum length of path,
+ * and negative values indicate that the pathLenConstraints field should
+ * not be present.
+ *
+ * This function will set the basicConstraints certificate extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq,
+ unsigned int ca, int pathLenConstraint)
+{
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
+ &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crq_set_extension (crq, "2.5.29.19", &der_data, 1);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_set_key_usage:
+ * @crq: a certificate request of type #gnutls_x509_crq_t
+ * @usage: an ORed sequence of the GNUTLS_KEY_* elements.
+ *
+ * This function will set the keyUsage certificate extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, unsigned int usage)
+{
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_keyUsage ((uint16_t) usage, &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crq_set_extension (crq, "2.5.29.15", &der_data, 1);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_get_key_purpose_oid:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @indx: This specifies which OID to return, use zero to get the first one
+ * @oid: a pointer to a buffer to hold the OID (may be %NULL)
+ * @sizeof_oid: initially holds the size of @oid
+ * @critical: output variable with critical flag, may be %NULL.
+ *
+ * This function will extract the key purpose OIDs of the Certificate
+ * specified by the given index. These are stored in the Extended Key
+ * Usage extension (2.5.29.37). See the GNUTLS_KP_* definitions for
+ * human readable names.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the *@sizeof_oid will be
+ * updated with the required size. On success 0 is returned.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq,
+ int indx, void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
+{
+ char tmpstr[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ gnutls_datum_t prev = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t prev_size = 0;
+
+ if (oid)
+ memset (oid, 0, *sizeof_oid);
+ else
+ *sizeof_oid = 0;
+
+ /* Extract extension.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
+ NULL, &prev_size, critical);
+ prev.size = prev_size;
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ prev.data = gnutls_malloc (prev.size);
+ if (prev.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
+ prev.data, &prev_size,
+ critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (prev.data);
+ return result;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (prev.data);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, prev.data, prev.size, NULL);
+ gnutls_free (prev.data);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
+
+ len = *sizeof_oid;
+ result = asn1_read_value (c2, tmpstr, oid, &len);
+
+ *sizeof_oid = len;
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crq_set_key_purpose_oid:
+ * @crq: a certificate of type #gnutls_x509_crq_t
+ * @oid: a pointer to a zero-terminated string that holds the OID
+ * @critical: Whether this extension will be critical or not
+ *
+ * This function will set the key purpose OIDs of the Certificate.
+ * These are stored in the Extended Key Usage extension (2.5.29.37)
+ * See the GNUTLS_KP_* definitions for human readable names.
+ *
+ * Subsequent calls to this function will append OIDs to the OID list.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq,
+ const void *oid, unsigned int critical)
+{
+ int result;
+ gnutls_datum_t prev = { NULL, 0 }, der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t prev_size = 0;
+
+ /* Read existing extension, if there is one.
+ */
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
+ NULL, &prev_size, &critical);
+ prev.size = prev_size;
+
+ switch (result)
+ {
+ case GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE:
+ /* No existing extension, that's fine. */
+ break;
+
+ case GNUTLS_E_SUCCESS:
+ prev.data = gnutls_malloc (prev.size);
+ if (prev.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_by_oid (crq, "2.5.29.37", 0,
+ prev.data, &prev_size,
+ &critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (prev.data);
+ return result;
+ }
+ break;
+
+ default:
+ gnutls_assert ();
+ return result;
+ }
+
+ result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (prev.data);
+ return _gnutls_asn2err (result);
+ }
+
+ if (prev.data)
+ {
+ /* decode it.
+ */
+ result = asn1_der_decoding (&c2, prev.data, prev.size, NULL);
+ gnutls_free (prev.data);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value (c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value (c2, "?LAST", oid, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
+ asn1_delete_structure (&c2);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_crq_set_extension (crq, "2.5.29.37",
+ &der_data, critical);
+ _gnutls_free_datum (&der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+static int
+rsadsa_crq_get_key_id (gnutls_x509_crq_t crq, int pk,
+ unsigned char *output_data, size_t * output_data_size)
+{
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i, result = 0;
+ gnutls_datum_t der = { NULL, 0 };
+ digest_hd_st hd;
+
+ result = _gnutls_x509_crq_get_mpis (crq, params, ¶ms_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (pk == GNUTLS_PK_RSA)
+ {
+ result = _gnutls_x509_write_rsa_params (params, params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ else if (pk == GNUTLS_PK_DSA)
+ {
+ result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ else
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_hash (&hd, der.data, der.size);
+
+ _gnutls_hash_deinit (&hd, output_data);
+ *output_data_size = 20;
+
+ result = 0;
+
+cleanup:
+
+ _gnutls_free_datum (&der);
+
+ /* release all allocated MPIs
+ */
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return result;
+}
+
+/**
+ * gnutls_x509_crq_get_key_id:
+ * @crq: a certificate of type #gnutls_x509_crq_t
+ * @flags: should be 0 for now
+ * @output_data: will contain the key ID
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will return a unique ID the depends on the public key
+ * parameters. This ID can be used in checking whether a certificate
+ * corresponds to the given private key.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned. The output will normally be a SHA-1 hash output,
+ * which is 20 bytes.
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
+{
+ int pk, result = 0;
+ gnutls_datum_t pubkey;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*output_data_size < 20)
+ {
+ *output_data_size = 20;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ pk = gnutls_x509_crq_get_pk_algorithm (crq, NULL);
+ if (pk < 0)
+ {
+ gnutls_assert ();
+ return pk;
+ }
+
+ if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
+ {
+ /* This is for compatibility with what GnuTLS has printed for
+ RSA/DSA before the code below was added. The code below is
+ applicable to all types, and it would probably be a better
+ idea to use it for RSA/DSA too, but doing so would break
+ backwards compatibility. */
+ return rsadsa_crq_get_key_id (crq, pk, output_data, output_data_size);
+ }
+
+ pubkey.size = 0;
+ result =
+ asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo", NULL,
+ &pubkey.size, NULL);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ pubkey.data = gnutls_malloc (pubkey.size);
+ if (pubkey.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result =
+ asn1_der_coding (crq->crq, "certificationRequestInfo.subjectPKInfo",
+ pubkey.data, &pubkey.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (pubkey.data);
+ return _gnutls_asn2err (result);
+ }
+
+ result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
+ output_data, output_data_size);
+
+ gnutls_free (pubkey.data);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crq_privkey_sign:
+ * @crq: should contain a #gnutls_x509_crq_t structure
+ * @key: holds a private key
+ * @dig: The message digest to use, i.e., %GNUTLS_DIG_SHA1
+ * @flags: must be 0
+ *
+ * This function will sign the certificate request with a private key.
+ * This must be the same key as the one used in
+ * gnutls_x509_crt_set_key() since a certificate request is self
+ * signed.
+ *
+ * This must be the last step in a certificate request generation
+ * since all the previously set parameters are now signed.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ * %GNUTLS_E_ASN1_VALUE_NOT_FOUND is returned if you didn't set all
+ * information in the certificate request (e.g., the version using
+ * gnutls_x509_crq_set_version()).
+ *
+ **/
+int
+gnutls_x509_crq_privkey_sign (gnutls_x509_crq_t crq, gnutls_privkey_t key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
+{
+ int result;
+ gnutls_datum_t signature;
+ gnutls_datum_t tbs;
+
+ if (crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Make sure version field is set. */
+ if (gnutls_x509_crq_get_version (crq) == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
+ {
+ result = gnutls_x509_crq_set_version (crq, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ /* Step 1. Self sign the request.
+ */
+ result = _gnutls_x509_get_tbs (crq->crq, "certificationRequestInfo", &tbs);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = gnutls_privkey_sign_data (key, dig, 0, &tbs, &signature);
+ gnutls_free (tbs.data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. write the signature (bits)
+ */
+ result =
+ asn1_write_value (crq->crq, "signature", signature.data,
+ signature.size * 8);
+
+ _gnutls_free_datum (&signature);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Step 3. Write the signatureAlgorithm field.
+ */
+ result = _gnutls_x509_write_sig_params (crq->crq, "signatureAlgorithm",
+ gnutls_privkey_get_pk_algorithm
+ (key, NULL), dig);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <libtasn1.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <gnutls_str.h>
+#include <common.h>
+#include <gnutls_num.h>
+
+/* This file includes all the required to parse an X.509 Distriguished
+ * Name (you need a parser just to read a name in the X.509 protoocols!!!)
+ */
+
+/* Converts the given OID to an ldap acceptable string or
+ * a dotted OID.
+ */
+static const char *
+oid2ldap_string (const char *oid)
+{
+ const char *ret;
+
+ ret = _gnutls_x509_oid2ldap_string (oid);
+ if (ret)
+ return ret;
+
+ /* else return the OID in dotted format */
+ return oid;
+}
+
+/* Escapes a string following the rules from RFC2253.
+ */
+static char *
+str_escape (char *str, char *buffer, unsigned int buffer_size)
+{
+ int str_length, j, i;
+
+ if (str == NULL || buffer == NULL)
+ return NULL;
+
+ str_length = MIN (strlen (str), buffer_size - 1);
+
+ for (i = j = 0; i < str_length; i++)
+ {
+ if (str[i] == ',' || str[i] == '+' || str[i] == '"'
+ || str[i] == '\\' || str[i] == '<' || str[i] == '>'
+ || str[i] == ';')
+ buffer[j++] = '\\';
+
+ buffer[j++] = str[i];
+ }
+
+ /* null terminate the string */
+ buffer[j] = 0;
+
+ return buffer;
+}
+
+/* Parses an X509 DN in the asn1_struct, and puts the output into
+ * the string buf. The output is an LDAP encoded DN.
+ *
+ * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
+ * That is to point in the rndSequence.
+ */
+int
+_gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, char *buf,
+ size_t * sizeof_buf)
+{
+ gnutls_buffer_st out_str;
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ opaque value[MAX_STRING_LEN], *value2 = NULL;
+ char *escaped = NULL;
+ const char *ldap_desc;
+ char oid[MAX_OID_SIZE];
+ int len, printable;
+ char *string = NULL;
+ size_t sizeof_string, sizeof_escaped;
+
+ if (sizeof_buf == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*sizeof_buf > 0 && buf)
+ buf[0] = 0;
+ else
+ *sizeof_buf = 0;
+
+ _gnutls_buffer_init (&out_str);
+
+ k1 = 0;
+ do
+ {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
+ k1);
+ else
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do
+ { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
+ k2);
+ else
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
+
+ len = 0;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, NULL, &len);
+
+ value2 = gnutls_malloc (len);
+ if (value2 == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value (asn1_struct, tmpbuffer3, value2, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+#define STR_APPEND(y) if ((result=_gnutls_buffer_append_str( &out_str, y)) < 0) { \
+ gnutls_assert(); \
+ goto cleanup; \
+}
+ /* The encodings of adjoining RelativeDistinguishedNames are separated
+ * by a comma character (',' ASCII 44).
+ */
+
+ /* Where there is a multi-valued RDN, the outputs from adjoining
+ * AttributeTypeAndValues are separated by a plus ('+' ASCII 43)
+ * character.
+ */
+ if (k1 != 1)
+ { /* the first time do not append a comma */
+ if (k2 != 1)
+ { /* adjoining multi-value RDN */
+ STR_APPEND ("+");
+ }
+ else
+ {
+ STR_APPEND (",");
+ }
+ }
+
+ ldap_desc = oid2ldap_string (oid);
+ printable = _gnutls_x509_oid_data_printable (oid);
+
+ /* leading #, hex encoded value and terminating NULL */
+ sizeof_escaped = 2 * len + 2;
+
+ escaped = gnutls_malloc (sizeof_escaped);
+ if (escaped == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ sizeof_string = 2 * len + 2; /* in case it is not printable */
+
+ string = gnutls_malloc (sizeof_string);
+ if (string == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ STR_APPEND (ldap_desc);
+ STR_APPEND ("=");
+ result = 0;
+
+ if (printable)
+ result =
+ _gnutls_x509_oid_data2string (oid,
+ value2, len,
+ string, &sizeof_string);
+
+ if (!printable || result < 0)
+ result =
+ _gnutls_x509_data2hex (value2, len, string, &sizeof_string);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Found OID: '%s' with value '%s'\n",
+ oid, _gnutls_bin2hex (value2, len, escaped, sizeof_escaped,
+ NULL));
+ goto cleanup;
+ }
+ STR_APPEND (str_escape (string, escaped, sizeof_escaped));
+ gnutls_free (string);
+ string = NULL;
+
+ gnutls_free (escaped);
+ escaped = NULL;
+ gnutls_free (value2);
+ value2 = NULL;
+
+ }
+ while (1);
+
+ }
+ while (1);
+
+ if (out_str.length >= (unsigned int) *sizeof_buf)
+ {
+ gnutls_assert ();
+ *sizeof_buf = out_str.length + 1;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (buf)
+ {
+ _gnutls_buffer_pop_data (&out_str, buf, sizeof_buf);
+ buf[*sizeof_buf] = 0;
+ }
+ else
+ *sizeof_buf = out_str.length;
+
+ result = 0;
+
+cleanup:
+ gnutls_free (value2);
+ gnutls_free (string);
+ gnutls_free (escaped);
+ _gnutls_buffer_clear (&out_str);
+ return result;
+}
+
+/* Parses an X509 DN in the asn1_struct, and searches for the
+ * given OID in the DN.
+ *
+ * If raw_flag == 0, the output will be encoded in the LDAP way. (#hex for non printable)
+ * Otherwise the raw DER data are returned.
+ *
+ * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
+ * That is to point in the rndSequence.
+ *
+ * indx specifies which OID to return. Ie 0 means return the first specified
+ * OID found, 1 the second etc.
+ */
+int
+_gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ const char *given_oid, int indx,
+ unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
+{
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ opaque value[256];
+ char oid[MAX_OID_SIZE];
+ int len, printable;
+ int i = 0;
+ char *cbuf = buf;
+
+ if (cbuf == NULL)
+ *sizeof_buf = 0;
+ else
+ cbuf[0] = 0;
+
+ k1 = 0;
+ do
+ {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
+ k1);
+ else
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do
+ { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
+ k2);
+ else
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (strcmp (oid, given_oid) == 0 && indx == i++)
+ { /* Found the OID */
+
+ /* Read the Value
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".value");
+
+ len = *sizeof_buf;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, buf, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ if (result == ASN1_MEM_ERROR)
+ *sizeof_buf = len;
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (raw_flag != 0)
+ {
+ if ((unsigned) len > *sizeof_buf)
+ {
+ *sizeof_buf = len;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+ *sizeof_buf = len;
+
+ return 0;
+
+ }
+ else
+ { /* parse data. raw_flag == 0 */
+ printable = _gnutls_x509_oid_data_printable (oid);
+
+ if (printable == 1)
+ result =
+ _gnutls_x509_oid_data2string (oid, buf, len,
+ cbuf, sizeof_buf);
+ else
+ result =
+ _gnutls_x509_data2hex (buf, len, cbuf, sizeof_buf);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ return 0;
+
+ } /* raw_flag == 0 */
+ }
+ }
+ while (1);
+
+ }
+ while (1);
+
+ gnutls_assert ();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+cleanup:
+ return result;
+}
+
+
+/* Parses an X509 DN in the asn1_struct, and returns the requested
+ * DN OID.
+ *
+ * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence".
+ * That is to point in the rndSequence.
+ *
+ * indx specifies which OID to return. Ie 0 means return the first specified
+ * OID found, 1 the second etc.
+ */
+int
+_gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid)
+{
+ int k2, k1, result;
+ char tmpbuffer1[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer2[ASN1_MAX_NAME_SIZE];
+ char tmpbuffer3[ASN1_MAX_NAME_SIZE];
+ char value[256];
+ char oid[MAX_OID_SIZE];
+ int len;
+ int i = 0;
+
+ k1 = 0;
+ do
+ {
+
+ k1++;
+ /* create a string like "tbsCertList.issuer.rdnSequence.?1"
+ */
+ if (asn1_rdn_name[0] != 0)
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "%s.?%u", asn1_rdn_name,
+ k1);
+ else
+ snprintf (tmpbuffer1, sizeof (tmpbuffer1), "?%u", k1);
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer1, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ k2 = 0;
+
+ do
+ { /* Move to the attibute type and values
+ */
+ k2++;
+
+ if (tmpbuffer1[0] != 0)
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "%s.?%u", tmpbuffer1,
+ k2);
+ else
+ snprintf (tmpbuffer2, sizeof (tmpbuffer2), "?%u", k2);
+
+ /* Try to read the RelativeDistinguishedName attributes.
+ */
+
+ len = sizeof (value) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer2, value, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+ if (result != ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer3, sizeof (tmpbuffer3), tmpbuffer2);
+ _gnutls_str_cat (tmpbuffer3, sizeof (tmpbuffer3), ".type");
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer3, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ break;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (indx == i++)
+ { /* Found the OID */
+
+ len = strlen (oid) + 1;
+
+ if (*sizeof_oid < (unsigned) len)
+ {
+ *sizeof_oid = len;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy (_oid, oid, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+ }
+ while (1);
+
+ }
+ while (1);
+
+ gnutls_assert ();
+
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+cleanup:
+ return result;
+}
+
+/* This will encode and write the AttributeTypeAndValue field.
+ * 'multi' must be zero if writing an AttributeTypeAndValue, and 1 if Attribute.
+ * In all cases only one value is written.
+ */
+int
+_gnutls_x509_encode_and_write_attribute (const char *given_oid,
+ ASN1_TYPE asn1_struct,
+ const char *where,
+ const void *_data,
+ int sizeof_data, int multi)
+{
+ const char *val_name;
+ const opaque *data = _data;
+ char tmp[128];
+ ASN1_TYPE c2;
+ int result;
+
+
+ /* Find how to encode the data.
+ */
+ val_name = _gnutls_x509_oid2asn_string (given_oid);
+ if (val_name == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("Cannot find OID: %s\n", given_oid);
+ return GNUTLS_E_X509_UNSUPPORTED_OID;
+ }
+
+ result = asn1_create_element (_gnutls_get_pkix (), val_name, &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ tmp[0] = 0;
+
+ if ((result = _gnutls_x509_oid_data_choice (given_oid)) > 0)
+ {
+ const char *string_type;
+ int i;
+
+ string_type = "printableString";
+
+ /* Check if the data is plain ascii, and use
+ * the UTF8 string type if not.
+ */
+ for (i = 0; i < sizeof_data; i++)
+ {
+ if (!isascii (data[i]))
+ {
+ string_type = "utf8String";
+ break;
+ }
+ }
+
+ /* if the type is a CHOICE then write the
+ * type we'll use.
+ */
+ result = asn1_write_value (c2, "", string_type, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ _gnutls_str_cpy (tmp, sizeof (tmp), string_type);
+ }
+
+ result = asn1_write_value (c2, tmp, data, sizeof_data);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+
+ /* write the data (value)
+ */
+
+ _gnutls_str_cpy (tmp, sizeof (tmp), where);
+ _gnutls_str_cat (tmp, sizeof (tmp), ".value");
+
+ if (multi != 0)
+ { /* if not writing an AttributeTypeAndValue, but an Attribute */
+ _gnutls_str_cat (tmp, sizeof (tmp), "s"); /* values */
+
+ result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
+
+ }
+
+ result = _gnutls_x509_der_encode_and_copy (c2, "", asn1_struct, tmp, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* write the type
+ */
+ _gnutls_str_cpy (tmp, sizeof (tmp), where);
+ _gnutls_str_cat (tmp, sizeof (tmp), ".type");
+
+ result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = 0;
+
+error:
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+/* This will write the AttributeTypeAndValue field. The data must be already DER encoded.
+ * 'multi' must be zero if writing an AttributeTypeAndValue, and 1 if Attribute.
+ * In all cases only one value is written.
+ */
+static int
+_gnutls_x509_write_attribute (const char *given_oid,
+ ASN1_TYPE asn1_struct, const char *where,
+ const void *_data, int sizeof_data)
+{
+ char tmp[128];
+ int result;
+
+ /* write the data (value)
+ */
+
+ _gnutls_str_cpy (tmp, sizeof (tmp), where);
+ _gnutls_str_cat (tmp, sizeof (tmp), ".value");
+
+ result = asn1_write_value (asn1_struct, tmp, _data, sizeof_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* write the type
+ */
+ _gnutls_str_cpy (tmp, sizeof (tmp), where);
+ _gnutls_str_cat (tmp, sizeof (tmp), ".type");
+
+ result = asn1_write_value (asn1_struct, tmp, given_oid, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+
+/* Decodes an X.509 Attribute (if multi==1) or an AttributeTypeAndValue
+ * otherwise.
+ *
+ * octet_string should be non zero if we are to decode octet strings after
+ * decoding.
+ *
+ * The output is allocated and stored in value.
+ */
+int
+_gnutls_x509_decode_and_read_attribute (ASN1_TYPE asn1_struct,
+ const char *where, char *oid,
+ int oid_size, gnutls_datum_t * value,
+ int multi, int octet_string)
+{
+ char tmpbuffer[128];
+ int len, result;
+
+ /* Read the OID
+ */
+ _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
+ _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".type");
+
+ len = oid_size - 1;
+ result = asn1_read_value (asn1_struct, tmpbuffer, oid, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ return result;
+ }
+
+ /* Read the Value
+ */
+
+ _gnutls_str_cpy (tmpbuffer, sizeof (tmpbuffer), where);
+ _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), ".value");
+
+ if (multi)
+ _gnutls_str_cat (tmpbuffer, sizeof (tmpbuffer), "s.?1"); /* .values.?1 */
+
+ result =
+ _gnutls_x509_read_value (asn1_struct, tmpbuffer, value, octet_string);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+
+}
+
+/* Sets an X509 DN in the asn1_struct, and puts the given OID in the DN.
+ * The input is assumed to be raw data.
+ *
+ * asn1_rdn_name must be a string in the form "tbsCertificate.issuer".
+ * That is to point before the rndSequence.
+ *
+ */
+int
+_gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
+ const char *asn1_name, const char *given_oid,
+ int raw_flag, const char *name, int sizeof_name)
+{
+ int result;
+ char tmp[ASN1_MAX_NAME_SIZE], asn1_rdn_name[ASN1_MAX_NAME_SIZE];
+
+ if (sizeof_name == 0 || name == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* create the rdnSequence
+ */
+ result = asn1_write_value (asn1_struct, asn1_name, "rdnSequence", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ _gnutls_str_cpy (asn1_rdn_name, sizeof (asn1_rdn_name), asn1_name);
+ _gnutls_str_cat (asn1_rdn_name, sizeof (asn1_rdn_name), ".rdnSequence");
+
+ /* create a new element
+ */
+ result = asn1_write_value (asn1_struct, asn1_rdn_name, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
+ _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST");
+
+ /* create the set with only one element
+ */
+ result = asn1_write_value (asn1_struct, tmp, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+
+ /* Encode and write the data
+ */
+ _gnutls_str_cpy (tmp, sizeof (tmp), asn1_rdn_name);
+ _gnutls_str_cat (tmp, sizeof (tmp), ".?LAST.?LAST");
+
+ if (!raw_flag)
+ {
+ result =
+ _gnutls_x509_encode_and_write_attribute (given_oid,
+ asn1_struct,
+ tmp, name, sizeof_name, 0);
+ }
+ else
+ {
+ result =
+ _gnutls_x509_write_attribute (given_oid, asn1_struct,
+ tmp, name, sizeof_name);
+ }
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_dn_init:
+ * @dn: the object to be initialized
+ *
+ * This function initializes a #gnutls_x509_dn_t structure.
+ *
+ * The object returned must be deallocated using
+ * gnutls_x509_dn_deinit().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_x509_dn_init (gnutls_x509_dn_t * dn)
+{
+ int result;
+ ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ *dn = tmpdn;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_dn_import:
+ * @dn: the structure that will hold the imported DN
+ * @data: should contain a DER encoded RDN sequence
+ *
+ * This function parses an RDN sequence and stores the result to a
+ * #gnutls_x509_dn_t structure. The structure must have been initialized
+ * with gnutls_x509_dn_init(). You may use gnutls_x509_dn_get_rdn_ava() to
+ * decode the DN.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data)
+{
+ int result;
+ char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ result = asn1_der_decoding ((ASN1_TYPE *) & dn,
+ data->data, data->size, err);
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+ _gnutls_x509_log ("ASN.1 Decoding error: %s\n", err);
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_dn_deinit:
+ * @dn: a DN opaque object pointer.
+ *
+ * This function deallocates the DN object as returned by
+ * gnutls_x509_dn_import().
+ *
+ * Since: 2.4.0
+ **/
+void
+gnutls_x509_dn_deinit (gnutls_x509_dn_t dn)
+{
+ asn1_delete_structure ((ASN1_TYPE *) & dn);
+}
+
+/**
+ * gnutls_x509_rdn_get:
+ * @idn: should contain a DER encoded RDN sequence
+ * @buf: a pointer to a structure to hold the peer's name
+ * @sizeof_buf: holds the size of @buf
+ *
+ * This function will return the name of the given RDN sequence. The
+ * name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in
+ * RFC2253.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, or
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and *@sizeof_buf is
+ * updated if the provided buffer is not long enough, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_rdn_get (const gnutls_datum_t * idn,
+ char *buf, size_t * sizeof_buf)
+{
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+
+ if (sizeof_buf == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (buf)
+ buf[0] = 0;
+
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+ gnutls_assert ();
+ asn1_delete_structure (&dn);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_parse_dn (dn, "rdnSequence", buf, sizeof_buf);
+
+ asn1_delete_structure (&dn);
+ return result;
+
+}
+
+/**
+ * gnutls_x509_rdn_get_by_oid:
+ * @idn: should contain a DER encoded RDN sequence
+ * @oid: an Object Identifier
+ * @indx: In case multiple same OIDs exist in the RDN indicates which
+ * to send. Use 0 for the first one.
+ * @raw_flag: If non zero then the raw DER data are returned.
+ * @buf: a pointer to a structure to hold the peer's name
+ * @sizeof_buf: holds the size of @buf
+ *
+ * This function will return the name of the given Object identifier,
+ * of the RDN sequence. The name will be encoded using the rules
+ * from RFC2253.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, or
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and *@sizeof_buf is
+ * updated if the provided buffer is not long enough, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
+{
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+
+ if (sizeof_buf == 0)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+ gnutls_assert ();
+ asn1_delete_structure (&dn);
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ _gnutls_x509_parse_dn_oid (dn, "rdnSequence", oid, indx,
+ raw_flag, buf, sizeof_buf);
+
+ asn1_delete_structure (&dn);
+ return result;
+
+}
+
+/**
+ * gnutls_x509_rdn_get_oid:
+ * @idn: should contain a DER encoded RDN sequence
+ * @indx: Indicates which OID to return. Use 0 for the first one.
+ * @buf: a pointer to a structure to hold the peer's name OID
+ * @sizeof_buf: holds the size of @buf
+ *
+ * This function will return the specified Object identifier, of the
+ * RDN sequence.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, or
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned and *@sizeof_buf is
+ * updated if the provided buffer is not long enough, otherwise a
+ * negative error value.
+ *
+ * Since: 2.4.0
+ **/
+int
+gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
+ int indx, void *buf, size_t * sizeof_buf)
+{
+ int result;
+ ASN1_TYPE dn = ASN1_TYPE_EMPTY;
+
+ if (sizeof_buf == 0)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.Name", &dn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&dn, idn->data, idn->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ /* couldn't decode DER */
+ gnutls_assert ();
+ asn1_delete_structure (&dn);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_get_dn_oid (dn, "rdnSequence", indx, buf, sizeof_buf);
+
+ asn1_delete_structure (&dn);
+ return result;
+
+}
+
+/*
+ * Compares the DER encoded part of a DN.
+ *
+ * FIXME: use a real DN comparison algorithm.
+ *
+ * Returns 1 if the DN's match and zero if they don't match. Otherwise
+ * a negative value is returned to indicate error.
+ */
+int
+_gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
+ const gnutls_datum_t * dn2)
+{
+
+ if (dn1->size != dn2->size)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+ if (memcmp (dn1->data, dn2->data, dn2->size) != 0)
+ {
+ gnutls_assert ();
+ return 0;
+ }
+ return 1; /* they match */
+}
+
+/**
+ * gnutls_x509_dn_export:
+ * @dn: Holds the opaque DN object
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a DN PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the DN to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER
+ * will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN NAME".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_dn_export (gnutls_x509_dn_t dn,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ ASN1_TYPE asn1 = dn;
+
+ if (asn1 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int_named (asn1, "rdnSequence",
+ format, "NAME",
+ output_data, output_data_size);
+}
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that relate to the X.509 extension parsing.
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_global.h>
+#include <libtasn1.h>
+#include <common.h>
+#include <x509_int.h>
+#include <gnutls_datum.h>
+
+static int
+get_extension (ASN1_TYPE asn, const char *root,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
+{
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char str_critical[10];
+ int critical = 0;
+ char extnID[128];
+ gnutls_datum_t value;
+ int indx_counter = 0;
+
+ ret->data = NULL;
+ ret->size = 0;
+
+ k = 0;
+ do
+ {
+ k++;
+
+ snprintf (name, sizeof (name), "%s.?%u", root, k);
+
+ len = sizeof (str) - 1;
+ result = asn1_read_value (asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+
+ do
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnID");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp (extnID, extension_id) == 0 && indx == indx_counter++)
+ {
+ /* extension was found
+ */
+
+ /* read the critical status.
+ */
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".critical");
+
+ len = sizeof (str_critical);
+ result = asn1_read_value (asn, name2, str_critical, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (str_critical[0] == 'T')
+ critical = 1;
+ else
+ critical = 0;
+
+ /* read the value.
+ */
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
+
+ result = _gnutls_x509_read_value (asn, name2, &value, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ ret->data = value.data;
+ ret->size = value.size;
+
+ if (_critical)
+ *_critical = critical;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ else
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+}
+
+/* This function will attempt to return the requested extension found in
+ * the given X509v3 certificate. The return value is allocated and stored into
+ * ret.
+ *
+ * Critical will be either 0 or 1.
+ *
+ * If the extension does not exist, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
+ * be returned.
+ */
+int
+_gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
+{
+ return get_extension (cert->cert, "tbsCertificate.extensions", extension_id,
+ indx, ret, _critical);
+}
+
+int
+_gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret, unsigned int *_critical)
+{
+ return get_extension (crl->crl, "tbsCertList.crlExtensions", extension_id,
+ indx, ret, _critical);
+}
+
+
+/* This function will attempt to return the requested extension OID found in
+ * the given X509v3 certificate.
+ *
+ * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
+ * be returned.
+ */
+static int
+get_extension_oid (ASN1_TYPE asn, const char *root,
+ int indx, void *oid, size_t * sizeof_oid)
+{
+ int k, result, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char str[1024];
+ char extnID[128];
+ int indx_counter = 0;
+
+ k = 0;
+ do
+ {
+ k++;
+
+ snprintf (name, sizeof (name), "%s.?%u", root, k);
+
+ len = sizeof (str) - 1;
+ result = asn1_read_value (asn, name, str, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+
+ do
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnID");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (indx == indx_counter++)
+ {
+ len = strlen (extnID) + 1;
+
+ if (*sizeof_oid < (unsigned) len)
+ {
+ *sizeof_oid = len;
+ gnutls_assert ();
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ memcpy (oid, extnID, len);
+ *sizeof_oid = len - 1;
+
+ return 0;
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+ else
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+}
+
+/* This function will attempt to return the requested extension OID found in
+ * the given X509v3 certificate.
+ *
+ * If you have passed the last extension, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
+ * be returned.
+ */
+int
+_gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * sizeof_oid)
+{
+ return get_extension_oid (cert->cert, "tbsCertificate.extensions", indx,
+ oid, sizeof_oid);
+}
+
+int
+_gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
+ int indx, void *oid, size_t * sizeof_oid)
+{
+ return get_extension_oid (crl->crl, "tbsCertList.crlExtensions", indx, oid,
+ sizeof_oid);
+}
+
+/* This function will attempt to set the requested extension in
+ * the given X509v3 certificate.
+ *
+ * Critical will be either 0 or 1.
+ */
+static int
+add_extension (ASN1_TYPE asn, const char *root, const char *extension_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
+{
+ int result;
+ const char *str;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ snprintf (name, sizeof (name), "%s", root);
+
+ /* Add a new extension in the list.
+ */
+ result = asn1_write_value (asn, name, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (root[0] != 0)
+ snprintf (name, sizeof (name), "%s.?LAST.extnID", root);
+ else
+ snprintf (name, sizeof (name), "?LAST.extnID");
+
+ result = asn1_write_value (asn, name, extension_id, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ if (root[0] != 0)
+ snprintf (name, sizeof (name), "%s.?LAST.critical", root);
+ else
+ snprintf (name, sizeof (name), "?LAST.critical");
+
+ result = asn1_write_value (asn, name, str, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (root[0] != 0)
+ snprintf (name, sizeof (name), "%s.?LAST.extnValue", root);
+ else
+ snprintf (name, sizeof (name), "?LAST.extnValue");
+
+ result = _gnutls_x509_write_value (asn, name, ext_data, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* Overwrite the given extension (using the index)
+ * index here starts from one.
+ */
+static int
+overwrite_extension (ASN1_TYPE asn, const char *root, unsigned int indx,
+ const gnutls_datum_t * ext_data, unsigned int critical)
+{
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ const char *str;
+ int result;
+
+ if (root[0] != 0)
+ snprintf (name, sizeof (name), "%s.?%u", root, indx);
+ else
+ snprintf (name, sizeof (name), "?%u", indx);
+
+ if (critical == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".critical");
+
+ result = asn1_write_value (asn, name2, str, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnValue");
+
+ result = _gnutls_x509_write_value (asn, name2, ext_data, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+static int
+set_extension (ASN1_TYPE asn, const char *root,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data, unsigned int critical)
+{
+ int result;
+ int k, len;
+ char name[ASN1_MAX_NAME_SIZE], name2[ASN1_MAX_NAME_SIZE];
+ char extnID[128];
+
+ /* Find the index of the given extension.
+ */
+ k = 0;
+ do
+ {
+ k++;
+
+ if (root[0] != 0)
+ snprintf (name, sizeof (name), "%s.?%u", root, k);
+ else
+ snprintf (name, sizeof (name), "?%u", k);
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name, extnID, &len);
+
+ /* move to next
+ */
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ break;
+ }
+
+ do
+ {
+
+ _gnutls_str_cpy (name2, sizeof (name2), name);
+ _gnutls_str_cat (name2, sizeof (name2), ".extnID");
+
+ len = sizeof (extnID) - 1;
+ result = asn1_read_value (asn, name2, extnID, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ break;
+ }
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Handle Extension
+ */
+ if (strcmp (extnID, ext_id) == 0)
+ {
+ /* extension was found
+ */
+ return overwrite_extension (asn, root, k, ext_data, critical);
+ }
+
+
+ }
+ while (0);
+ }
+ while (1);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return add_extension (asn, root, ext_id, ext_data, critical);
+ }
+ else
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+
+ return 0;
+}
+
+/* This function will attempt to overwrite the requested extension with
+ * the given one.
+ *
+ * Critical will be either 0 or 1.
+ */
+int
+_gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
+{
+ return set_extension (cert->cert, "tbsCertificate.extensions", ext_id,
+ ext_data, critical);
+}
+
+int
+_gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
+{
+ return set_extension (crl->crl, "tbsCertList.crlExtensions", ext_id,
+ ext_data, critical);
+}
+
+#ifdef ENABLE_PKI
+int
+_gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical)
+{
+ unsigned char *extensions = NULL;
+ size_t extensions_size = 0;
+ gnutls_datum_t der;
+ ASN1_TYPE c2;
+ int result;
+
+ result = gnutls_x509_crq_get_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
+ 0, NULL, &extensions_size);
+ if (result == GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ extensions = gnutls_malloc (extensions_size);
+ if (extensions == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_attribute_by_oid (crq,
+ "1.2.840.113549.1.9.14",
+ 0, extensions,
+ &extensions_size);
+ }
+ if (result < 0)
+ {
+ if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ extensions_size = 0;
+ }
+ else
+ {
+ gnutls_assert ();
+ gnutls_free (extensions);
+ return result;
+ }
+ }
+
+ result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.Extensions", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (extensions);
+ return _gnutls_asn2err (result);
+ }
+
+ if (extensions_size > 0)
+ {
+ result = asn1_der_decoding (&c2, extensions, extensions_size, NULL);
+ gnutls_free (extensions);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+ }
+
+ result = set_extension (c2, "", ext_id, ext_data, critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode (c2, "", &der, 0);
+
+ asn1_delete_structure (&c2);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = gnutls_x509_crq_set_attribute_by_oid (crq, "1.2.840.113549.1.9.14",
+ der.data, der.size);
+ gnutls_free (der.data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+
+ return 0;
+}
+
+#endif
+
+/* Here we only extract the KeyUsage field, from the DER encoded
+ * extension.
+ */
+int
+_gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
+ opaque * extnValue, int extnValueLen)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int len, result;
+ uint8_t str[2];
+
+ str[0] = str[1] = 0;
+ *keyUsage = 0;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ len = sizeof (str);
+ result = asn1_read_value (ext, "", str, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return 0;
+ }
+
+ *keyUsage = str[0] | (str[1] << 8);
+
+ asn1_delete_structure (&ext);
+
+ return 0;
+}
+
+/* extract the basicConstraints from the DER encoded extension
+ */
+int
+_gnutls_x509_ext_extract_basicConstraints (int *CA,
+ int *pathLenConstraint,
+ opaque * extnValue,
+ int extnValueLen)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ char str[128];
+ int len, result;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ if (pathLenConstraint)
+ {
+ result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+ }
+
+ /* the default value of cA is false.
+ */
+ len = sizeof (str) - 1;
+ result = asn1_read_value (ext, "cA", str, &len);
+ if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0)
+ *CA = 1;
+ else
+ *CA = 0;
+
+ asn1_delete_structure (&ext);
+
+ return 0;
+}
+
+/* generate the basicConstraints in a DER encoded extension
+ * Use 0 or 1 (TRUE) for CA.
+ * Use negative values for pathLenConstraint to indicate that the field
+ * should not be present, >= 0 to indicate set values.
+ */
+int
+_gnutls_x509_ext_gen_basicConstraints (int CA,
+ int pathLenConstraint,
+ gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ const char *str;
+ int result;
+
+ if (CA == 0)
+ str = "FALSE";
+ else
+ str = "TRUE";
+
+ result =
+ asn1_create_element (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (ext, "cA", str, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ if (pathLenConstraint < 0)
+ {
+ result = asn1_write_value (ext, "pathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err (result);
+ }
+ else
+ result = _gnutls_x509_write_uint32 (ext, "pathLenConstraint",
+ pathLenConstraint);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ asn1_delete_structure (&ext);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* extract an INTEGER from the DER encoded extension
+ */
+int
+_gnutls_x509_ext_extract_number (opaque * number,
+ size_t * _nr_size,
+ opaque * extnValue, int extnValueLen)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ int nr_size = *_nr_size;
+
+ /* here it doesn't matter so much that we use CertificateSerialNumber. It is equal
+ * to using INTEGER.
+ */
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
+ &ext)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ /* the default value of cA is false.
+ */
+ result = asn1_read_value (ext, "", number, &nr_size);
+ if (result != ASN1_SUCCESS)
+ result = _gnutls_asn2err (result);
+ else
+ result = 0;
+
+ *_nr_size = nr_size;
+
+ asn1_delete_structure (&ext);
+
+ return result;
+}
+
+/* generate an INTEGER in a DER encoded extension
+ */
+int
+_gnutls_x509_ext_gen_number (const opaque * number, size_t nr_size,
+ gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element (_gnutls_get_pkix (), "PKIX1.CertificateSerialNumber",
+ &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (ext, "", number, nr_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ asn1_delete_structure (&ext);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* generate the keyUsage in a DER encoded extension
+ * Use an ORed SEQUENCE of GNUTLS_KEY_* for usage.
+ */
+int
+_gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ uint8_t str[2];
+
+ result = asn1_create_element (_gnutls_get_pkix (), "PKIX1.KeyUsage", &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ str[0] = usage & 0xff;
+ str[1] = usage >> 8;
+
+ result = asn1_write_value (ext, "", str, 9);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ asn1_delete_structure (&ext);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+static int
+write_new_general_name (ASN1_TYPE ext, const char *ext_name,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data, unsigned int data_size)
+{
+ const char *str;
+ int result;
+ char name[128];
+
+ result = asn1_write_value (ext, ext_name, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ switch (type)
+ {
+ case GNUTLS_SAN_DNSNAME:
+ str = "dNSName";
+ break;
+ case GNUTLS_SAN_RFC822NAME:
+ str = "rfc822Name";
+ break;
+ case GNUTLS_SAN_URI:
+ str = "uniformResourceIdentifier";
+ break;
+ case GNUTLS_SAN_IPADDRESS:
+ str = "iPAddress";
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (ext_name[0] == 0)
+ { /* no dot */
+ _gnutls_str_cpy (name, sizeof (name), "?LAST");
+ }
+ else
+ {
+ _gnutls_str_cpy (name, sizeof (name), ext_name);
+ _gnutls_str_cat (name, sizeof (name), ".?LAST");
+ }
+
+ result = asn1_write_value (ext, name, str, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ _gnutls_str_cat (name, sizeof (name), ".");
+ _gnutls_str_cat (name, sizeof (name), str);
+
+ result = asn1_write_value (ext, name, data, data_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/* Convert the given name to GeneralNames in a DER encoded extension.
+ * This is the same as subject alternative name.
+ */
+int
+_gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element (_gnutls_get_pkix (), "PKIX1.GeneralNames", &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (prev_der_ext != NULL && prev_der_ext->data != NULL
+ && prev_der_ext->size != 0)
+ {
+ result =
+ asn1_der_decoding (&ext, prev_der_ext->data, prev_der_ext->size,
+ NULL);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+ }
+
+ result = write_new_general_name (ext, "", type, data, data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return result;
+ }
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ asn1_delete_structure (&ext);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* generate the SubjectKeyID in a DER encoded extension
+ */
+int
+_gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.SubjectKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (ext, "", id, id_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ asn1_delete_structure (&ext);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/* generate the AuthorityKeyID in a DER encoded extension
+ */
+int
+_gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
+ gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.AuthorityKeyIdentifier", &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (ext, "keyIdentifier", id, id_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ asn1_write_value (ext, "authorityCertIssuer", NULL, 0);
+ asn1_write_value (ext, "authorityCertSerialNumber", NULL, 0);
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ asn1_delete_structure (&ext);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+
+/* Creates and encodes the CRL Distribution points. data_string should be a name
+ * and type holds the type of the name.
+ * reason_flags should be an or'ed sequence of GNUTLS_CRL_REASON_*.
+ *
+ */
+int
+_gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ gnutls_datum_t gnames = { NULL, 0 };
+ int result;
+ uint8_t reasons[2];
+
+ reasons[0] = reason_flags & 0xff;
+ reasons[1] = reason_flags >> 8;
+
+ result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.CRLDistributionPoints", &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value (ext, "", "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (reason_flags)
+ {
+ result = asn1_write_value (ext, "?LAST.reasons", reasons, 9);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+ }
+ else
+ {
+ result = asn1_write_value (ext, "?LAST.reasons", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+ }
+
+ result = asn1_write_value (ext, "?LAST.cRLIssuer", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* When used as type CHOICE.
+ */
+ result = asn1_write_value (ext, "?LAST.distributionPoint", "fullName", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+#if 0
+ /* only needed in old code (where defined as SEQUENCE OF) */
+ asn1_write_value (ext,
+ "?LAST.distributionPoint.nameRelativeToCRLIssuer",
+ NULL, 0);
+#endif
+
+ result =
+ write_new_general_name (ext, "?LAST.distributionPoint.fullName",
+ type, data, data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ _gnutls_free_datum (&gnames);
+ asn1_delete_structure (&ext);
+
+ return result;
+}
+
+/* extract the proxyCertInfo from the DER encoded extension
+ */
+int
+_gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ opaque * extnValue, int extnValueLen)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum_t value;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.ProxyCertInfo", &ext)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ if (pathLenConstraint)
+ {
+ result = _gnutls_x509_read_uint (ext, "pCPathLenConstraint",
+ pathLenConstraint);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ *pathLenConstraint = -1;
+ else if (result != GNUTLS_E_SUCCESS)
+ {
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+ }
+
+ result = _gnutls_x509_read_value (ext, "proxyPolicy.policyLanguage",
+ &value, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return result;
+ }
+
+ if (policyLanguage)
+ *policyLanguage = gnutls_strdup (value.data);
+
+ result = _gnutls_x509_read_value (ext, "proxyPolicy.policy", &value, 0);
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ {
+ if (policy)
+ *policy = NULL;
+ if (sizeof_policy)
+ *sizeof_policy = 0;
+ }
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return result;
+ }
+ else
+ {
+ if (policy)
+ *policy = value.data;
+ if (sizeof_policy)
+ *sizeof_policy = value.size;
+ }
+
+ asn1_delete_structure (&ext);
+
+ return 0;
+}
+
+/* generate the proxyCertInfo in a DER encoded extension
+ */
+int
+_gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext)
+{
+ ASN1_TYPE ext = ASN1_TYPE_EMPTY;
+ int result;
+
+ result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.ProxyCertInfo", &ext);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (pathLenConstraint < 0)
+ {
+ result = asn1_write_value (ext, "pCPathLenConstraint", NULL, 0);
+ if (result < 0)
+ result = _gnutls_asn2err (result);
+ }
+ else
+ result = _gnutls_x509_write_uint32 (ext, "pCPathLenConstraint",
+ pathLenConstraint);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return result;
+ }
+
+ result = asn1_write_value (ext, "proxyPolicy.policyLanguage",
+ policyLanguage, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (ext, "proxyPolicy.policy",
+ policy, sizeof_policy);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&ext);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_der_encode (ext, "", der_ext, 0);
+
+ asn1_delete_structure (&ext);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_global.h>
+#include <libtasn1.h>
+#include <gnutls_datum.h>
+#include "common.h"
+#include "x509_int.h"
+#include <gnutls_num.h>
+
+/*
+ * some x509 certificate parsing functions that relate to MPI parameter
+ * extraction. This reads the BIT STRING subjectPublicKey.
+ * Returns 2 parameters (m,e).
+ */
+int
+_gnutls_x509_read_rsa_params (opaque * der, int dersize, bigint_t * params)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&spk, der, dersize, NULL);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ return _gnutls_asn2err (result);
+ }
+
+
+ if ((result = _gnutls_x509_read_int (spk, "modulus", ¶ms[0])) < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ if ((result = _gnutls_x509_read_int (spk, "publicExponent",
+ ¶ms[1])) < 0)
+ {
+ gnutls_assert ();
+ _gnutls_mpi_release (¶ms[0]);
+ asn1_delete_structure (&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ asn1_delete_structure (&spk);
+
+ return 0;
+
+}
+
+
+/* reads p,q and g
+ * from the certificate (subjectPublicKey BIT STRING).
+ * params[0-2]
+ */
+int
+_gnutls_x509_read_dsa_params (opaque * der, int dersize, bigint_t * params)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.Dss-Parms", &spk)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&spk, der, dersize, NULL);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ return _gnutls_asn2err (result);
+ }
+
+ /* FIXME: If the parameters are not included in the certificate
+ * then the issuer's parameters should be used. This is not
+ * done yet.
+ */
+
+ /* Read p */
+
+ if ((result = _gnutls_x509_read_int (spk, "p", ¶ms[0])) < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ /* Read q */
+
+ if ((result = _gnutls_x509_read_int (spk, "q", ¶ms[1])) < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ _gnutls_mpi_release (¶ms[0]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ /* Read g */
+
+ if ((result = _gnutls_x509_read_int (spk, "g", ¶ms[2])) < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ _gnutls_mpi_release (¶ms[0]);
+ _gnutls_mpi_release (¶ms[1]);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ asn1_delete_structure (&spk);
+
+ return 0;
+
+}
+
+/* Reads an Integer from the DER encoded data
+ */
+
+int
+_gnutls_x509_read_der_int (opaque * der, int dersize, bigint_t * out)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ /* == INTEGER */
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey",
+ &spk)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&spk, der, dersize, NULL);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ return _gnutls_asn2err (result);
+ }
+
+ /* Read Y */
+
+ if ((result = _gnutls_x509_read_int (spk, "", out)) < 0)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&spk);
+ return _gnutls_asn2err (result);
+ }
+
+ asn1_delete_structure (&spk);
+
+ return 0;
+
+}
+
+/* reads DSA's Y
+ * from the certificate
+ * only sets params[3]
+ */
+int
+_gnutls_x509_read_dsa_pubkey (opaque * der, int dersize, bigint_t * params)
+{
+ return _gnutls_x509_read_der_int (der, dersize, ¶ms[3]);
+}
+
+
+/* Extracts DSA and RSA parameters from a certificate.
+ */
+int
+_gnutls_get_asn_mpis (ASN1_TYPE asn, const char *root,
+ bigint_t * params, int *params_size)
+{
+ int result;
+ char name[256];
+ gnutls_datum_t tmp = { NULL, 0 };
+ gnutls_pk_algorithm pk_algorithm;
+
+ result = _gnutls_x509_get_pk_algorithm (asn, root, NULL);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ pk_algorithm = result;
+
+ /* Read the algorithm's parameters
+ */
+ _asnstr_append_name (name, sizeof (name), root, ".subjectPublicKey");
+ result = _gnutls_x509_read_value (asn, name, &tmp, 2);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ switch (pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ /* params[0] is the modulus,
+ * params[1] is the exponent
+ */
+ if (*params_size < RSA_PUBLIC_PARAMS)
+ {
+ gnutls_assert ();
+ /* internal error. Increase the bigint_ts in params */
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_rsa_params (tmp.data, tmp.size, params)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ *params_size = RSA_PUBLIC_PARAMS;
+
+ break;
+ case GNUTLS_PK_DSA:
+ /* params[0] is p,
+ * params[1] is q,
+ * params[2] is q,
+ * params[3] is pub.
+ */
+
+ if (*params_size < DSA_PUBLIC_PARAMS)
+ {
+ gnutls_assert ();
+ /* internal error. Increase the bigint_ts in params */
+ result = GNUTLS_E_INTERNAL_ERROR;
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_dsa_pubkey (tmp.data, tmp.size, params)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* Now read the parameters
+ */
+ _gnutls_free_datum (&tmp);
+
+ _asnstr_append_name (name, sizeof (name), root,
+ ".algorithm.parameters");
+ result = _gnutls_x509_read_value (asn, name, &tmp, 0);
+
+ /* FIXME: If the parameters are not included in the certificate
+ * then the issuer's parameters should be used. This is not
+ * done yet.
+ */
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_dsa_params (tmp.data, tmp.size, params)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ *params_size = DSA_PUBLIC_PARAMS;
+
+ break;
+
+ default:
+ /* other types like DH
+ * currently not supported
+ */
+ gnutls_assert ();
+ result = GNUTLS_E_X509_CERTIFICATE_ERROR;
+ goto error;
+ }
+
+ result = 0;
+
+error:
+ _gnutls_free_datum (&tmp);
+ return result;
+}
+
+/* Extracts DSA and RSA parameters from a certificate.
+ */
+int
+_gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
+ bigint_t * params, int *params_size)
+{
+ /* Read the algorithm's OID
+ */
+ return _gnutls_get_asn_mpis (cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo", params,
+ params_size);
+}
+
+#ifdef ENABLE_PKI
+
+/* Extracts DSA and RSA parameters from a certificate.
+ */
+int
+_gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
+ bigint_t * params, int *params_size)
+{
+ /* Read the algorithm's OID
+ */
+ return _gnutls_get_asn_mpis (cert->crq,
+ "certificationRequestInfo.subjectPKInfo",
+ params, params_size);
+}
+
+#endif
+
+/*
+ * some x509 certificate functions that relate to MPI parameter
+ * setting. This writes the BIT STRING subjectPublicKey.
+ * Needs 2 parameters (m,e).
+ *
+ * Allocates the space used to store the DER data.
+ */
+int
+_gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
+ gnutls_datum_t * der)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params_size < 2)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPublicKey", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_write_int (spk, "modulus", params[0], 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int (spk, "publicExponent", params[1], 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode (spk, "", der, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ asn1_delete_structure (&spk);
+ return 0;
+
+cleanup:
+ asn1_delete_structure (&spk);
+
+ return result;
+}
+
+/*
+ * This function writes and encodes the parameters for DSS or RSA keys.
+ * This is the "signatureAlgorithm" fields.
+ */
+int
+_gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t dig)
+{
+ int result;
+ char name[128];
+ const char *pk;
+
+ _gnutls_str_cpy (name, sizeof (name), dst_name);
+ _gnutls_str_cat (name, sizeof (name), ".algorithm");
+
+ pk = _gnutls_x509_sign_to_oid (pk_algorithm, HASH2MAC (dig));
+ if (pk == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log
+ ("Cannot find OID for sign algorithm pk: %d dig: %d\n",
+ (int) pk_algorithm, (int) dig);
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* write the OID.
+ */
+ result = asn1_write_value (dst, name, pk, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+
+ _gnutls_str_cpy (name, sizeof (name), dst_name);
+ _gnutls_str_cat (name, sizeof (name), ".parameters");
+
+ if (pk_algorithm == GNUTLS_PK_RSA)
+ result = asn1_write_value (dst, name, ASN1_NULL, ASN1_NULL_SIZE);
+ else
+ result = asn1_write_value (dst, name, NULL, 0);
+
+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
+ {
+ /* Here we ignore the element not found error, since this
+ * may have been disabled before.
+ */
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/*
+ * This function writes the parameters for DSS keys.
+ * Needs 3 parameters (p,q,g).
+ *
+ * Allocates the space used to store the DER data.
+ */
+int
+_gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
+ gnutls_datum_t * der)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params_size < 3)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DSAParameters", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_write_int (spk, "p", params[0], 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int (spk, "q", params[1], 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_int (spk, "g", params[2], 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode (spk, "", der, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&spk);
+ return result;
+}
+
+/*
+ * This function writes the public parameters for DSS keys.
+ * Needs 1 parameter (y).
+ *
+ * Allocates the space used to store the DER data.
+ */
+int
+_gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
+ gnutls_datum_t * der)
+{
+ int result;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ der->data = NULL;
+ der->size = 0;
+
+ if (params_size < 3)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_INVALID_REQUEST;
+ goto cleanup;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_write_int (spk, "", params[3], 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode (spk, "", der, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&spk);
+ return result;
+}
+
+
+/* this function reads a (small) unsigned integer
+ * from asn1 structs. Combines the read and the convertion
+ * steps.
+ */
+int
+_gnutls_x509_read_uint (ASN1_TYPE node, const char *value, unsigned int *ret)
+{
+ int len, result;
+ opaque *tmpstr;
+
+ len = 0;
+ result = asn1_read_value (node, value, NULL, &len);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ tmpstr = gnutls_malloc (len);
+ if (tmpstr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value (node, value, tmpstr, &len);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (tmpstr);
+ return _gnutls_asn2err (result);
+ }
+
+ if (len == 1)
+ *ret = tmpstr[0];
+ else if (len == 2)
+ *ret = _gnutls_read_uint16 (tmpstr);
+ else if (len == 3)
+ *ret = _gnutls_read_uint24 (tmpstr);
+ else if (len == 4)
+ *ret = _gnutls_read_uint32 (tmpstr);
+ else
+ {
+ gnutls_assert ();
+ gnutls_free (tmpstr);
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ gnutls_free (tmpstr);
+
+ return 0;
+}
+
+/* Writes the specified integer into the specified node.
+ */
+int
+_gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value, uint32_t num)
+{
+ opaque tmpstr[4];
+ int result;
+
+ _gnutls_write_uint32 (num, tmpstr);
+
+ result = asn1_write_value (node, value, tmpstr, 4);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2007, 2008, 2009, 2010 Free Software Foundation, Inc.
+ *
+ * Author: Simon Josefsson
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA
+ *
+ */
+
+/* Functions for printing X.509 Certificate structures
+ */
+
+#include <gnutls_int.h>
+#include <common.h>
+#include <gnutls_x509.h>
+#include <x509_int.h>
+#include <gnutls_num.h>
+#include <gnutls_errors.h>
+#include <c-ctype.h>
+
+/* I18n of error codes. */
+#include "gettext.h"
+#define _(String) dgettext (PACKAGE, String)
+
+#define addf _gnutls_buffer_append_printf
+#define adds _gnutls_buffer_append_str
+
+#define ERROR_STR (char*) "(error)"
+
+static void
+hexdump (gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
+{
+ size_t j;
+
+ if (spc)
+ adds (str, spc);
+ for (j = 0; j < len; j++)
+ {
+ if (((j + 1) % 16) == 0)
+ {
+ addf (str, "%.2x\n", (unsigned char) data[j]);
+ if (spc && j != (len - 1))
+ adds (str, spc);
+ }
+ else if (j == (len - 1))
+ addf (str, "%.2x", (unsigned char) data[j]);
+ else
+ addf (str, "%.2x:", (unsigned char) data[j]);
+ }
+ if ((j % 16) != 0)
+ adds (str, "\n");
+}
+
+static void
+hexprint (gnutls_buffer_st * str, const char *data, size_t len)
+{
+ size_t j;
+
+ if (len == 0)
+ adds (str, "00");
+ else
+ {
+ for (j = 0; j < len; j++)
+ addf (str, "%.2x", (unsigned char) data[j]);
+ }
+}
+
+
+static void
+asciiprint (gnutls_buffer_st * str, const char *data, size_t len)
+{
+ size_t j;
+
+ for (j = 0; j < len; j++)
+ if (c_isprint (data[j]))
+ addf (str, "%c", (unsigned char) data[j]);
+ else
+ addf (str, ".");
+}
+
+static char *
+ip_to_string (void *_ip, int ip_size, char *string, int string_size)
+{
+ uint8_t *ip;
+
+ if (ip_size != 4 && ip_size != 16)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ if (ip_size == 4 && string_size < 16)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ if (ip_size == 16 && string_size < 48)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ ip = _ip;
+ switch (ip_size)
+ {
+ case 4:
+ snprintf (string, string_size, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
+ break;
+ case 16:
+ snprintf (string, string_size, "%x:%x:%x:%x:%x:%x:%x:%x",
+ (ip[0] << 8) | ip[1], (ip[2] << 8) | ip[3],
+ (ip[4] << 8) | ip[5], (ip[6] << 8) | ip[7],
+ (ip[8] << 8) | ip[9], (ip[10] << 8) | ip[11],
+ (ip[12] << 8) | ip[13], (ip[14] << 8) | ip[15]);
+ break;
+ }
+
+ return string;
+}
+
+static void
+print_proxy (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+ int pathlen;
+ char *policyLanguage;
+ char *policy;
+ size_t npolicy;
+ int err;
+
+ err = gnutls_x509_crt_get_proxy (cert, NULL,
+ &pathlen, &policyLanguage,
+ &policy, &npolicy);
+ if (err < 0)
+ {
+ addf (str, "error: get_proxy: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ if (pathlen >= 0)
+ addf (str, _("\t\t\tPath Length Constraint: %d\n"), pathlen);
+ addf (str, _("\t\t\tPolicy Language: %s"), policyLanguage);
+ if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
+ adds (str, " (id-ppl-inheritALL)\n");
+ else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
+ adds (str, " (id-ppl-independent)\n");
+ else
+ adds (str, "\n");
+ if (npolicy)
+ {
+ adds (str, _("\t\t\tPolicy:\n\t\t\t\tASCII: "));
+ asciiprint (str, policy, npolicy);
+ adds (str, _("\n\t\t\t\tHexdump: "));
+ hexprint (str, policy, npolicy);
+ adds (str, "\n");
+ }
+}
+
+static void
+print_ski (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_subject_key_id: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crt_get_subject_key_id (cert, buffer, &size, NULL);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_subject_key_id2: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ adds (str, "\t\t\t");
+ hexprint (str, buffer, size);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+}
+
+#define TYPE_CRL 1
+#define TYPE_CRT 2
+#define TYPE_CRQ 3
+
+#define TYPE_CRT_SAN TYPE_CRT
+#define TYPE_CRQ_SAN TYPE_CRQ
+#define TYPE_CRT_IAN 4
+
+typedef union
+{
+ gnutls_x509_crt_t crt;
+ gnutls_x509_crq_t crq;
+ gnutls_x509_crl_t crl;
+} cert_type_t;
+
+static void
+print_aki (gnutls_buffer_st * str, int type, cert_type_t cert)
+{
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
+ else if (type == TYPE_CRL)
+ err =
+ gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
+ else
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_authority_key_id: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_authority_key_id (cert.crt, buffer, &size, NULL);
+ else
+ err =
+ gnutls_x509_crl_get_authority_key_id (cert.crl, buffer, &size, NULL);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_authority_key_id2: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ adds (str, "\t\t\t");
+ hexprint (str, buffer, size);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+}
+
+static void
+print_key_usage (gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
+{
+ unsigned int key_usage;
+ int err;
+
+ if (type == TYPE_CRT)
+ err = gnutls_x509_crt_get_key_usage (cert.crt, &key_usage, NULL);
+ else if (type == TYPE_CRQ)
+ err = gnutls_x509_crq_get_key_usage (cert.crq, &key_usage, NULL);
+ else
+ return;
+
+ if (err < 0)
+ {
+ addf (str, "error: get_key_usage: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ if (key_usage & GNUTLS_KEY_DIGITAL_SIGNATURE)
+ addf (str, _("%s\t\t\tDigital signature.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_NON_REPUDIATION)
+ addf (str, _("%s\t\t\tNon repudiation.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_ENCIPHERMENT)
+ addf (str, _("%s\t\t\tKey encipherment.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_DATA_ENCIPHERMENT)
+ addf (str, _("%s\t\t\tData encipherment.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_AGREEMENT)
+ addf (str, _("%s\t\t\tKey agreement.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_KEY_CERT_SIGN)
+ addf (str, _("%s\t\t\tCertificate signing.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_CRL_SIGN)
+ addf (str, _("%s\t\t\tCRL signing.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_ENCIPHER_ONLY)
+ addf (str, _("%s\t\t\tKey encipher only.\n"), prefix);
+ if (key_usage & GNUTLS_KEY_DECIPHER_ONLY)
+ addf (str, _("%s\t\t\tKey decipher only.\n"), prefix);
+}
+
+#ifdef ENABLE_PKI
+
+static void
+print_crldist (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+ char *buffer = NULL;
+ size_t size;
+ char str_ip[64];
+ char *p;
+ int err;
+ int indx;
+
+ for (indx = 0;; indx++)
+ {
+ size = 0;
+ err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
+ NULL, NULL);
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_crl_dist_points: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crt_get_crl_dist_points (cert, indx, buffer, &size,
+ NULL, NULL);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_crl_dist_points2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ if ((err == GNUTLS_SAN_DNSNAME
+ || err == GNUTLS_SAN_RFC822NAME
+ || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
+ {
+ adds (str, _("warning: distributionPoint contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (buffer) < size)
+ buffer[strlen (buffer)] = '!';
+ }
+
+ switch (err)
+ {
+ case GNUTLS_SAN_DNSNAME:
+ addf (str, "\t\t\tDNSname: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf (str, "\t\t\tRFC822name: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf (str, "\t\t\tURI: %.*s\n", (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf (str, "\t\t\tIPAddress: %s\n", p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf (str, "\t\t\tdirectoryName: %.*s\n", (int) size, buffer);
+ break;
+
+ default:
+ addf (str, "error: unknown SAN\n");
+ break;
+ }
+ gnutls_free (buffer);
+ }
+}
+
+static void
+print_key_purpose (gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
+{
+ int indx;
+ char *buffer = NULL;
+ size_t size;
+ int err;
+
+ for (indx = 0;; indx++)
+ {
+ size = 0;
+ if (type == TYPE_CRT)
+ err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
+ &size, NULL);
+ else if (type == TYPE_CRQ)
+ err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
+ &size, NULL);
+ else
+ return;
+
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ return;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_key_purpose_oid: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (type == TYPE_CRT)
+ err = gnutls_x509_crt_get_key_purpose_oid (cert.crt, indx, buffer,
+ &size, NULL);
+ else
+ err = gnutls_x509_crq_get_key_purpose_oid (cert.crq, indx, buffer,
+ &size, NULL);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_key_purpose_oid2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ if (strcmp (buffer, GNUTLS_KP_TLS_WWW_SERVER) == 0)
+ addf (str, _("%s\t\t\tTLS WWW Server.\n"), prefix);
+ else if (strcmp (buffer, GNUTLS_KP_TLS_WWW_CLIENT) == 0)
+ addf (str, _("%s\t\t\tTLS WWW Client.\n"), prefix);
+ else if (strcmp (buffer, GNUTLS_KP_CODE_SIGNING) == 0)
+ addf (str, _("%s\t\t\tCode signing.\n"), prefix);
+ else if (strcmp (buffer, GNUTLS_KP_EMAIL_PROTECTION) == 0)
+ addf (str, _("%s\t\t\tEmail protection.\n"), prefix);
+ else if (strcmp (buffer, GNUTLS_KP_TIME_STAMPING) == 0)
+ addf (str, _("%s\t\t\tTime stamping.\n"), prefix);
+ else if (strcmp (buffer, GNUTLS_KP_OCSP_SIGNING) == 0)
+ addf (str, _("%s\t\t\tOCSP signing.\n"), prefix);
+ else if (strcmp (buffer, GNUTLS_KP_IPSEC_IKE) == 0)
+ addf (str, _("%s\t\t\tIpsec IKE.\n"), prefix);
+ else if (strcmp (buffer, GNUTLS_KP_ANY) == 0)
+ addf (str, _("%s\t\t\tAny purpose.\n"), prefix);
+ else
+ addf (str, "%s\t\t\t%s\n", prefix, buffer);
+
+ gnutls_free (buffer);
+ }
+}
+
+#endif
+
+static void
+print_basic (gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
+{
+ int pathlen;
+ int err;
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_basic_constraints (cert.crt, NULL, NULL, &pathlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_basic_constraints (cert.crq, NULL, NULL, &pathlen);
+ else
+ return;
+
+ if (err < 0)
+ {
+ addf (str, "error: get_basic_constraints: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ if (err == 0)
+ addf (str, _("%s\t\t\tCertificate Authority (CA): FALSE\n"), prefix);
+ else
+ addf (str, _("%s\t\t\tCertificate Authority (CA): TRUE\n"), prefix);
+
+ if (pathlen >= 0)
+ addf (str, _("%s\t\t\tPath Length Constraint: %d\n"), prefix, pathlen);
+}
+
+
+static void
+print_altname (gnutls_buffer_st * str, const char *prefix, int altname_type,
+ cert_type_t cert)
+{
+ unsigned int altname_idx;
+ char str_ip[64];
+ char *p;
+
+ for (altname_idx = 0;; altname_idx++)
+ {
+ char *buffer = NULL;
+ size_t size = 0;
+ int err;
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
+ &size, NULL);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
+ &size, NULL, NULL);
+ else if (altname_type == TYPE_CRT_IAN)
+ err =
+ gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx, buffer,
+ &size, NULL);
+ else
+ return;
+
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_subject/issuer_alt_name: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (altname_type == TYPE_CRT_SAN)
+ err =
+ gnutls_x509_crt_get_subject_alt_name (cert.crt, altname_idx, buffer,
+ &size, NULL);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err =
+ gnutls_x509_crq_get_subject_alt_name (cert.crq, altname_idx, buffer,
+ &size, NULL, NULL);
+ else if (altname_type == TYPE_CRT_IAN)
+ err = gnutls_x509_crt_get_issuer_alt_name (cert.crt, altname_idx,
+ buffer, &size, NULL);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_subject/issuer_alt_name2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ if ((err == GNUTLS_SAN_DNSNAME
+ || err == GNUTLS_SAN_RFC822NAME
+ || err == GNUTLS_SAN_URI) && strlen (buffer) != size)
+ {
+ adds (str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (buffer) < size)
+ buffer[strlen (buffer)] = '!';
+ }
+
+ switch (err)
+ {
+ case GNUTLS_SAN_DNSNAME:
+ addf (str, "%s\t\t\tDNSname: %.*s\n", prefix, (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_RFC822NAME:
+ addf (str, "%s\t\t\tRFC822name: %.*s\n", prefix, (int) size,
+ buffer);
+ break;
+
+ case GNUTLS_SAN_URI:
+ addf (str, "%s\t\t\tURI: %.*s\n", prefix, (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_IPADDRESS:
+ p = ip_to_string (buffer, size, str_ip, sizeof (str_ip));
+ if (p == NULL)
+ p = ERROR_STR;
+ addf (str, "%s\t\t\tIPAddress: %s\n", prefix, p);
+ break;
+
+ case GNUTLS_SAN_DN:
+ addf (str, "%s\t\t\tdirectoryName: %.*s\n", prefix,
+ (int) size, buffer);
+ break;
+
+ case GNUTLS_SAN_OTHERNAME:
+ {
+ char *oid = NULL;
+ size_t oidsize;
+
+ oidsize = 0;
+ if (altname_type == TYPE_CRT_SAN)
+ err = gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err = gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err = gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_free (buffer);
+ addf (str,
+ "error: get_subject/issuer_alt_othername_oid: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ oid = gnutls_malloc (oidsize);
+ if (!oid)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ if (altname_type == TYPE_CRT_SAN)
+ err = gnutls_x509_crt_get_subject_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRQ_SAN)
+ err = gnutls_x509_crq_get_subject_alt_othername_oid
+ (cert.crq, altname_idx, oid, &oidsize);
+ else if (altname_type == TYPE_CRT_IAN)
+ err = gnutls_x509_crt_get_issuer_alt_othername_oid
+ (cert.crt, altname_idx, oid, &oidsize);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ gnutls_free (oid);
+ addf (str, "error: get_subject_alt_othername_oid2: %s\n",
+ gnutls_strerror (err));
+ return;
+ }
+
+ if (err == GNUTLS_SAN_OTHERNAME_XMPP)
+ {
+ if (strlen (buffer) != size)
+ {
+ adds (str, _("warning: altname contains an embedded NUL, "
+ "replacing with '!'\n"));
+ while (strlen (buffer) < size)
+ buffer[strlen (buffer)] = '!';
+ }
+
+ addf (str, _("%s\t\t\tXMPP Address: %.*s\n"), prefix,
+ (int) size, buffer);
+ }
+ else
+ {
+ addf (str, _("%s\t\t\totherName OID: %.*s\n"), prefix,
+ (int) oidsize, oid);
+ addf (str, _("%s\t\t\totherName DER: "), prefix);
+ hexprint (str, buffer, size);
+ addf (str, _("\n%s\t\t\totherName ASCII: "), prefix);
+ asciiprint (str, buffer, size);
+ addf (str, "\n");
+ }
+ gnutls_free (oid);
+ }
+ break;
+
+ default:
+ addf (str, "error: unknown altname\n");
+ break;
+ }
+
+ gnutls_free (buffer);
+ }
+}
+
+static void
+guiddump (gnutls_buffer_st * str, const char *data, size_t len,
+ const char *spc)
+{
+ size_t j;
+
+ if (spc)
+ adds (str, spc);
+ addf (str, "{");
+ addf (str, "%.2X", (unsigned char) data[3]);
+ addf (str, "%.2X", (unsigned char) data[2]);
+ addf (str, "%.2X", (unsigned char) data[1]);
+ addf (str, "%.2X", (unsigned char) data[0]);
+ addf (str, "-");
+ addf (str, "%.2X", (unsigned char) data[5]);
+ addf (str, "%.2X", (unsigned char) data[4]);
+ addf (str, "-");
+ addf (str, "%.2X", (unsigned char) data[7]);
+ addf (str, "%.2X", (unsigned char) data[6]);
+ addf (str, "-");
+ addf (str, "%.2X", (unsigned char) data[8]);
+ addf (str, "%.2X", (unsigned char) data[9]);
+ addf (str, "-");
+ for (j = 10; j < 16; j++)
+ {
+ addf (str, "%.2X", (unsigned char) data[j]);
+ }
+ addf (str, "}\n");
+}
+
+static void
+print_unique_ids (gnutls_buffer_st * str, const gnutls_x509_crt_t cert)
+{
+ int result;
+ char buf[256]; /* if its longer, we won't bother to print it */
+ ssize_t buf_size = 256;
+
+ result = gnutls_x509_crt_get_issuer_unique_id (cert, buf, &buf_size);
+ if (result >= 0)
+ {
+ addf (str, ("\t\tIssuer Unique ID:\n"));
+ hexdump (str, buf, buf_size, "\t\t\t");
+ if (buf_size == 16)
+ { /* this could be a GUID */
+ guiddump (str, buf, buf_size, "\t\t\t");
+ }
+ }
+
+ buf_size = 256;
+ result = gnutls_x509_crt_get_subject_unique_id (cert, buf, &buf_size);
+ if (result >= 0)
+ {
+ addf (str, ("\t\tSubject Unique ID:\n"));
+ hexdump (str, buf, buf_size, "\t\t\t");
+ if (buf_size == 16)
+ { /* this could be a GUID */
+ guiddump (str, buf, buf_size, "\t\t\t");
+ }
+ }
+}
+
+static void
+print_extensions (gnutls_buffer_st * str, const char *prefix, int type,
+ cert_type_t cert)
+{
+ int i, err;
+ int san_idx = 0;
+ int ian_idx = 0;
+ int proxy_idx = 0;
+ int basic_idx = 0;
+ int keyusage_idx = 0;
+ int keypurpose_idx = 0;
+ int ski_idx = 0;
+ int aki_idx = 0;
+ int crldist_idx = 0;
+
+ for (i = 0;; i++)
+ {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof (oid);
+ int critical;
+
+ if (type == TYPE_CRT)
+ err = gnutls_x509_crt_get_extension_info (cert.crt, i,
+ oid, &sizeof_oid,
+ &critical);
+
+ else if (type == TYPE_CRQ)
+ err = gnutls_x509_crq_get_extension_info (cert.crq, i,
+ oid, &sizeof_oid,
+ &critical);
+ else
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ if (err < 0)
+ {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf (str, "error: get_extension_info: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ if (i == 0)
+ addf (str, _("%s\tExtensions:\n"), prefix);
+
+ if (strcmp (oid, "2.5.29.19") == 0)
+ {
+ if (basic_idx)
+ {
+ addf (str, "error: more than one basic constraint\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tBasic Constraints (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_basic (str, prefix, type, cert);
+
+ basic_idx++;
+ }
+ else if (strcmp (oid, "2.5.29.14") == 0)
+ {
+ if (ski_idx)
+ {
+ addf (str, "error: more than one SKI extension\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tSubject Key Identifier (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_ski (str, cert.crt);
+
+ ski_idx++;
+ }
+ else if (strcmp (oid, "2.5.29.35") == 0)
+ {
+
+ if (aki_idx)
+ {
+ addf (str, "error: more than one AKI extension\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tAuthority Key Identifier (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_aki (str, TYPE_CRT, cert);
+
+ aki_idx++;
+ }
+ else if (strcmp (oid, "2.5.29.15") == 0)
+ {
+ if (keyusage_idx)
+ {
+ addf (str, "error: more than one key usage extension\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tKey Usage (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_key_usage (str, prefix, type, cert);
+
+ keyusage_idx++;
+ }
+ else if (strcmp (oid, "2.5.29.37") == 0)
+ {
+ if (keypurpose_idx)
+ {
+ addf (str, "error: more than one key purpose extension\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tKey Purpose (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+#ifdef ENABLE_PKI
+ print_key_purpose (str, prefix, type, cert);
+#endif
+
+ keypurpose_idx++;
+ }
+ else if (strcmp (oid, "2.5.29.17") == 0)
+ {
+ if (san_idx)
+ {
+ addf (str, "error: more than one SKI extension\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tSubject Alternative Name (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_altname (str, prefix, type, cert);
+
+ san_idx++;
+ }
+ else if (strcmp (oid, "2.5.29.18") == 0)
+ {
+ if (ian_idx)
+ {
+ addf (str, "error: more than one Issuer AltName extension\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tIssuer Alternative Name (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ print_altname (str, prefix, TYPE_CRT_IAN, cert);
+
+ ian_idx++;
+ }
+ else if (strcmp (oid, "2.5.29.31") == 0)
+ {
+ if (crldist_idx)
+ {
+ addf (str, "error: more than one CRL distribution point\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tCRL Distribution points (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+#ifdef ENABLE_PKI
+ if (type == TYPE_CRT)
+ print_crldist (str, cert.crt);
+#endif
+
+ crldist_idx++;
+ }
+ else if (strcmp (oid, "1.3.6.1.5.5.7.1.14") == 0)
+ {
+ if (proxy_idx)
+ {
+ addf (str, "error: more than one proxy extension\n");
+ continue;
+ }
+
+ addf (str, _("%s\t\tProxy Certificate Information (%s):\n"), prefix,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ print_proxy (str, cert.crt);
+
+ proxy_idx++;
+ }
+ else
+ {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf (str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid,
+ critical ? _("critical") : _("not critical"));
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data (cert.crt, i, NULL, &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data (cert.crq, i, NULL, &extlen);
+ else
+ {
+ gnutls_assert ();
+ return;
+ }
+
+ if (err < 0)
+ {
+ addf (str, "error: get_extension_data: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ buffer = gnutls_malloc (extlen);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ if (type == TYPE_CRT)
+ err =
+ gnutls_x509_crt_get_extension_data (cert.crt, i, buffer,
+ &extlen);
+ else if (type == TYPE_CRQ)
+ err =
+ gnutls_x509_crq_get_extension_data (cert.crq, i, buffer,
+ &extlen);
+
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_extension_data2: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ addf (str, _("%s\t\t\tASCII: "), prefix);
+ asciiprint (str, buffer, extlen);
+ addf (str, "\n");
+
+ addf (str, _("%s\t\t\tHexdump: "), prefix);
+ hexprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+ }
+ }
+}
+
+static void
+print_cert (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
+{
+ /* Version. */
+ {
+ int version = gnutls_x509_crt_get_version (cert);
+ if (version < 0)
+ addf (str, "error: get_version: %s\n", gnutls_strerror (version));
+ else
+ addf (str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Serial. */
+ {
+ char serial[128];
+ size_t serial_size = sizeof (serial);
+ int err;
+
+ err = gnutls_x509_crt_get_serial (cert, serial, &serial_size);
+ if (err < 0)
+ addf (str, "error: get_serial: %s\n", gnutls_strerror (err));
+ else
+ {
+ adds (str, _("\tSerial Number (hex): "));
+ hexprint (str, serial, serial_size);
+ adds (str, "\n");
+ }
+ }
+
+ /* Issuer. */
+ if (!notsigned)
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror (err));
+ else
+ addf (str, _("\tIssuer: %s\n"), dn);
+ gnutls_free (dn);
+ }
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ adds (str, _("\tValidity:\n"));
+
+ tim = gnutls_x509_crt_get_activation_time (cert);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tNot Before: %s\n"), s);
+ }
+
+ tim = gnutls_x509_crt_get_expiration_time (cert);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tNot After: %s\n"), s);
+ }
+ }
+
+ /* Subject. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
+ else
+ addf (str, _("\tSubject: %s\n"), dn);
+ gnutls_free (dn);
+ }
+ }
+ }
+
+ /* SubjectPublicKeyInfo. */
+ {
+ int err;
+ unsigned int bits;
+
+ err = gnutls_x509_crt_get_pk_algorithm (cert, &bits);
+ if (err < 0)
+ addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
+ else
+ {
+ const char *name = gnutls_pk_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+
+ addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
+ addf (str, _("\tCertificate Security Level: %s\n"),
+ gnutls_sec_param_get_name (gnutls_pk_bits_to_sec_param
+ (err, bits)));
+
+#ifdef ENABLE_PKI
+ switch (err)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ err = gnutls_x509_crt_get_pk_rsa_raw (cert, &m, &e);
+ if (err < 0)
+ addf (str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tModulus (bits %d):\n"), bits);
+ hexdump (str, m.data, m.size, "\t\t\t");
+ addf (str, _("\t\tExponent (bits %d):\n"), e.size * 8);
+ hexdump (str, e.data, e.size, "\t\t\t");
+
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
+
+ }
+ break;
+
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ err = gnutls_x509_crt_get_pk_dsa_raw (cert, &p, &q, &g, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tPublic key (bits %d):\n"), bits);
+ hexdump (str, y.data, y.size, "\t\t\t");
+ adds (str, _("\t\tP:\n"));
+ hexdump (str, p.data, p.size, "\t\t\t");
+ adds (str, _("\t\tQ:\n"));
+ hexdump (str, q.data, q.size, "\t\t\t");
+ adds (str, _("\t\tG:\n"));
+ hexdump (str, g.data, g.size, "\t\t\t");
+
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+
+ }
+ }
+ break;
+
+ default:
+ break;
+ }
+#endif
+ }
+ }
+
+ print_unique_ids (str, cert);
+
+ /* Extensions. */
+ if (gnutls_x509_crt_get_version (cert) >= 3)
+ {
+ cert_type_t ccert;
+
+ ccert.crt = cert;
+ print_extensions (str, "", TYPE_CRT, ccert);
+ }
+
+ /* Signature. */
+ if (!notsigned)
+ {
+ int err;
+ size_t size = 0;
+ char *buffer = NULL;
+
+ err = gnutls_x509_crt_get_signature_algorithm (cert);
+ if (err < 0)
+ addf (str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ const char *name = gnutls_sign_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+ addf (str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+ {
+ adds (str, _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ err = gnutls_x509_crt_get_signature (cert, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crt_get_signature (cert, buffer, &size);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ adds (str, _("\tSignature:\n"));
+ hexdump (str, buffer, size, "\t\t");
+
+ gnutls_free (buffer);
+ }
+}
+
+static void
+print_fingerprint (gnutls_buffer_st * str, gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo)
+{
+ int err;
+ char buffer[MAX_HASH_SIZE];
+ size_t size = sizeof (buffer);
+
+ err = gnutls_x509_crt_get_fingerprint (cert, algo, buffer, &size);
+ if (err < 0)
+ {
+ addf (str, "error: get_fingerprint: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ if (algo == GNUTLS_DIG_MD5)
+ adds (str, _("\tMD5 fingerprint:\n\t\t"));
+ else
+ adds (str, _("\tSHA-1 fingerprint:\n\t\t"));
+ hexprint (str, buffer, size);
+ adds (str, "\n");
+}
+
+static void
+print_keyid (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+ int err;
+ char buffer[20];
+ size_t size = 20;
+
+ err = gnutls_x509_crt_get_key_id (cert, 0, buffer, &size);
+ if (err < 0)
+ {
+ addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ adds (str, _("\tPublic Key Id:\n\t\t"));
+ hexprint (str, buffer, size);
+ adds (str, "\n");
+}
+
+static void
+print_other (gnutls_buffer_st * str, gnutls_x509_crt_t cert, int notsigned)
+{
+ if (!notsigned)
+ {
+ print_fingerprint (str, cert, GNUTLS_DIG_MD5);
+ print_fingerprint (str, cert, GNUTLS_DIG_SHA1);
+ }
+ print_keyid (str, cert);
+}
+
+static void
+print_oneline (gnutls_buffer_st * str, gnutls_x509_crt_t cert)
+{
+ /* Subject. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_dn (cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf (str, "unknown subject (%s), ", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "unknown subject (%s), ",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "unknown subject (%s), ", gnutls_strerror (err));
+ else
+ addf (str, "subject `%s', ", dn);
+ gnutls_free (dn);
+ }
+ }
+ }
+
+ /* Issuer. */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crt_get_issuer_dn (cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "unknown issuer (%s), ",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crt_get_issuer_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "unknown issuer (%s), ", gnutls_strerror (err));
+ else
+ addf (str, "issuer `%s', ", dn);
+ gnutls_free (dn);
+ }
+ }
+ }
+
+ /* Key algorithm and size. */
+ {
+ int bits;
+ const char *name = gnutls_pk_algorithm_get_name
+ (gnutls_x509_crt_get_pk_algorithm (cert, &bits));
+ if (name == NULL)
+ name = "Unknown";
+ addf (str, "%s key %d bits, ", name, bits);
+ }
+
+ /* Signature Algorithm. */
+ {
+ int err;
+
+ err = gnutls_x509_crt_get_signature_algorithm (cert);
+ if (err < 0)
+ addf (str, "unknown signature algorithm (%s), ", gnutls_strerror (err));
+ else
+ {
+ const char *name = gnutls_sign_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+ if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+ addf (str, _("signed using %s (broken!), "), name);
+ else
+ addf (str, _("signed using %s, "), name);
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ tim = gnutls_x509_crt_get_activation_time (cert);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "unknown activation (%ld), ", (unsigned long) tim);
+ else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
+ addf (str, "failed activation (%ld), ", (unsigned long) tim);
+ else
+ addf (str, "activated `%s', ", s);
+ }
+
+ tim = gnutls_x509_crt_get_expiration_time (cert);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "unknown expiry (%ld), ", (unsigned long) tim);
+ else if (strftime (s, max, "%Y-%m-%d %H:%M:%S UTC", &t) == 0)
+ addf (str, "failed expiry (%ld), ", (unsigned long) tim);
+ else
+ addf (str, "expires `%s', ", s);
+ }
+ }
+
+ {
+ int pathlen;
+ char *policyLanguage;
+ int err;
+
+ err = gnutls_x509_crt_get_proxy (cert, NULL,
+ &pathlen, &policyLanguage, NULL, NULL);
+ if (err == 0)
+ {
+ addf (str, "proxy certificate (policy=");
+ if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.1") == 0)
+ addf (str, "id-ppl-inheritALL");
+ else if (strcmp (policyLanguage, "1.3.6.1.5.5.7.21.2") == 0)
+ addf (str, "id-ppl-independent");
+ else
+ addf (str, "%s", policyLanguage);
+ if (pathlen >= 0)
+ addf (str, ", pathlen=%d), ", pathlen);
+ else
+ addf (str, "), ");
+ gnutls_free (policyLanguage);
+ }
+ }
+
+ {
+ char buffer[20];
+ size_t size = sizeof (buffer);
+ int err;
+
+ err = gnutls_x509_crt_get_fingerprint (cert, GNUTLS_DIG_SHA1,
+ buffer, &size);
+ if (err < 0)
+ {
+ addf (str, "unknown fingerprint (%s)", gnutls_strerror (err));
+ }
+ else
+ {
+ addf (str, "SHA-1 fingerprint `");
+ hexprint (str, buffer, size);
+ adds (str, "'");
+ }
+ }
+
+}
+
+/**
+ * gnutls_x509_crt_print:
+ * @cert: The structure to be printed
+ * @format: Indicate the format to use
+ * @out: Newly allocated datum with zero terminated string.
+ *
+ * This function will pretty print a X.509 certificate, suitable for
+ * display to a human.
+ *
+ * If the format is %GNUTLS_CRT_PRINT_FULL then all fields of the
+ * certificate will be output, on multiple lines. The
+ * %GNUTLS_CRT_PRINT_ONELINE format will generate one line with some
+ * selected fields, which is useful for logging purposes.
+ *
+ * The output @out needs to be deallocate using gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_print (gnutls_x509_crt_t cert,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
+{
+ gnutls_buffer_st str;
+
+ if (format == GNUTLS_CRT_PRINT_FULL
+ || format == GNUTLS_CRT_PRINT_UNSIGNED_FULL)
+ {
+ _gnutls_buffer_init (&str);
+
+ _gnutls_buffer_append_str (&str, _("X.509 Certificate Information:\n"));
+
+ print_cert (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
+
+ _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+
+ print_other (&str, cert, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
+
+ _gnutls_buffer_append_data (&str, "\0", 1);
+ out->data = str.data;
+ out->size = strlen (str.data);
+ }
+ else if (format == GNUTLS_CRT_PRINT_ONELINE)
+ {
+ _gnutls_buffer_init (&str);
+
+ print_oneline (&str, cert);
+
+ _gnutls_buffer_append_data (&str, "\0", 1);
+ out->data = str.data;
+ out->size = strlen (str.data);
+ }
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+#ifdef ENABLE_PKI
+
+static void
+print_crl (gnutls_buffer_st * str, gnutls_x509_crl_t crl, int notsigned)
+{
+ /* Version. */
+ {
+ int version = gnutls_x509_crl_get_version (crl);
+ if (version == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND)
+ adds (str, _("\tVersion: 1 (default)\n"));
+ else if (version < 0)
+ addf (str, "error: get_version: %s\n", gnutls_strerror (version));
+ else
+ addf (str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Issuer. */
+ if (!notsigned)
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crl_get_issuer_dn (crl, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf (str, "error: get_issuer_dn: %s\n", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crl_get_issuer_dn (crl, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_issuer_dn: %s\n",
+ gnutls_strerror (err));
+ else
+ addf (str, _("\tIssuer: %s\n"), dn);
+ }
+ gnutls_free (dn);
+ }
+ }
+
+ /* Validity. */
+ {
+ time_t tim;
+
+ adds (str, _("\tUpdate dates:\n"));
+
+ tim = gnutls_x509_crl_get_this_update (crl);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tIssued: %s\n"), s);
+ }
+
+ tim = gnutls_x509_crl_get_next_update (crl);
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ if (tim == -1)
+ addf (str, "\t\tNo next update time.\n");
+ else if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tNext at: %s\n"), s);
+ }
+ }
+
+ /* Extensions. */
+ if (gnutls_x509_crl_get_version (crl) >= 2)
+ {
+ size_t i;
+ int err = 0;
+ int aki_idx = 0;
+ int crl_nr = 0;
+
+ for (i = 0;; i++)
+ {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof (oid);
+ int critical;
+
+ err = gnutls_x509_crl_get_extension_info (crl, i,
+ oid, &sizeof_oid,
+ &critical);
+ if (err < 0)
+ {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf (str, "error: get_extension_info: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ if (i == 0)
+ adds (str, _("\tExtensions:\n"));
+
+ if (strcmp (oid, "2.5.29.20") == 0)
+ {
+ char nr[128];
+ size_t nr_size = sizeof (nr);
+
+ if (crl_nr)
+ {
+ addf (str, "error: more than one CRL number\n");
+ continue;
+ }
+
+ err = gnutls_x509_crl_get_number (crl, nr, &nr_size, &critical);
+
+ addf (str, _("\t\tCRL Number (%s): "),
+ critical ? _("critical") : _("not critical"));
+
+ if (err < 0)
+ addf (str, "error: get_number: %s\n", gnutls_strerror (err));
+ else
+ {
+ hexprint (str, nr, nr_size);
+ addf (str, "\n");
+ }
+
+ crl_nr++;
+ }
+ else if (strcmp (oid, "2.5.29.35") == 0)
+ {
+ cert_type_t ccert;
+
+ if (aki_idx)
+ {
+ addf (str, "error: more than one AKI extension\n");
+ continue;
+ }
+
+ addf (str, _("\t\tAuthority Key Identifier (%s):\n"),
+ critical ? _("critical") : _("not critical"));
+
+ ccert.crl = crl;
+ print_aki (str, TYPE_CRL, ccert);
+
+ aki_idx++;
+ }
+ else
+ {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf (str, _("\t\tUnknown extension %s (%s):\n"), oid,
+ critical ? _("critical") : _("not critical"));
+
+ err = gnutls_x509_crl_get_extension_data (crl, i,
+ NULL, &extlen);
+ if (err < 0)
+ {
+ addf (str, "error: get_extension_data: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ buffer = gnutls_malloc (extlen);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err = gnutls_x509_crl_get_extension_data (crl, i,
+ buffer, &extlen);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_extension_data2: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ adds (str, _("\t\t\tASCII: "));
+ asciiprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ adds (str, _("\t\t\tHexdump: "));
+ hexprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+ }
+ }
+ }
+
+
+ /* Revoked certificates. */
+ {
+ int num = gnutls_x509_crl_get_crt_count (crl);
+ int j;
+
+ if (num)
+ addf (str, _("\tRevoked certificates (%d):\n"), num);
+ else
+ adds (str, _("\tNo revoked certificates.\n"));
+
+ for (j = 0; j < num; j++)
+ {
+ char serial[128];
+ size_t serial_size = sizeof (serial);
+ int err;
+ time_t tim;
+
+ err = gnutls_x509_crl_get_crt_serial (crl, j, serial,
+ &serial_size, &tim);
+ if (err < 0)
+ addf (str, "error: get_crt_serial: %s\n", gnutls_strerror (err));
+ else
+ {
+ char s[42];
+ size_t max = sizeof (s);
+ struct tm t;
+
+ adds (str, _("\t\tSerial Number (hex): "));
+ hexprint (str, serial, serial_size);
+ adds (str, "\n");
+
+ if (gmtime_r (&tim, &t) == NULL)
+ addf (str, "error: gmtime_r (%ld)\n", (unsigned long) tim);
+ else if (strftime (s, max, "%a %b %d %H:%M:%S UTC %Y", &t) == 0)
+ addf (str, "error: strftime (%ld)\n", (unsigned long) tim);
+ else
+ addf (str, _("\t\tRevoked at: %s\n"), s);
+ }
+ }
+ }
+
+ /* Signature. */
+ if (!notsigned)
+ {
+ int err;
+ size_t size = 0;
+ char *buffer = NULL;
+
+ err = gnutls_x509_crl_get_signature_algorithm (crl);
+ if (err < 0)
+ addf (str, "error: get_signature_algorithm: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ const char *name = gnutls_sign_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+ addf (str, _("\tSignature Algorithm: %s\n"), name);
+ }
+ if (err == GNUTLS_SIGN_RSA_MD5 || err == GNUTLS_SIGN_RSA_MD2)
+ {
+ adds (str, _("warning: signed using a broken signature "
+ "algorithm that can be forged.\n"));
+ }
+
+ err = gnutls_x509_crl_get_signature (crl, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_signature: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crl_get_signature (crl, buffer, &size);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_signature2: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ adds (str, _("\tSignature:\n"));
+ hexdump (str, buffer, size, "\t\t");
+
+ gnutls_free (buffer);
+ }
+}
+
+/**
+ * gnutls_x509_crl_print:
+ * @crl: The structure to be printed
+ * @format: Indicate the format to use
+ * @out: Newly allocated datum with zero terminated string.
+ *
+ * This function will pretty print a X.509 certificate revocation
+ * list, suitable for display to a human.
+ *
+ * The output @out needs to be deallocate using gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_print (gnutls_x509_crl_t crl,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
+{
+ gnutls_buffer_st str;
+
+ _gnutls_buffer_init (&str);
+
+ _gnutls_buffer_append_str
+ (&str, _("X.509 Certificate Revocation List Information:\n"));
+
+ print_crl (&str, crl, format == GNUTLS_CRT_PRINT_UNSIGNED_FULL);
+
+ _gnutls_buffer_append_data (&str, "\0", 1);
+ out->data = str.data;
+ out->size = strlen (str.data);
+
+ return 0;
+}
+
+static void
+print_crq (gnutls_buffer_st * str, gnutls_x509_crq_t cert)
+{
+ /* Version. */
+ {
+ int version = gnutls_x509_crq_get_version (cert);
+ if (version < 0)
+ addf (str, "error: get_version: %s\n", gnutls_strerror (version));
+ else
+ addf (str, _("\tVersion: %d\n"), version);
+ }
+
+ /* Subject */
+ {
+ char *dn;
+ size_t dn_size = 0;
+ int err;
+
+ err = gnutls_x509_crq_get_dn (cert, NULL, &dn_size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
+ else
+ {
+ dn = gnutls_malloc (dn_size);
+ if (!dn)
+ addf (str, "error: malloc (%d): %s\n", (int) dn_size,
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ else
+ {
+ err = gnutls_x509_crq_get_dn (cert, dn, &dn_size);
+ if (err < 0)
+ addf (str, "error: get_dn: %s\n", gnutls_strerror (err));
+ else
+ addf (str, _("\tSubject: %s\n"), dn);
+ gnutls_free (dn);
+ }
+ }
+ }
+
+ /* SubjectPublicKeyInfo. */
+ {
+ int err;
+ unsigned int bits;
+
+ err = gnutls_x509_crq_get_pk_algorithm (cert, &bits);
+ if (err < 0)
+ addf (str, "error: get_pk_algorithm: %s\n", gnutls_strerror (err));
+ else
+ {
+ const char *name = gnutls_pk_algorithm_get_name (err);
+ if (name == NULL)
+ name = _("unknown");
+
+ addf (str, _("\tSubject Public Key Algorithm: %s\n"), name);
+ switch (err)
+ {
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ err = gnutls_x509_crq_get_key_rsa_raw (cert, &m, &e);
+ if (err < 0)
+ addf (str, "error: get_pk_rsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tModulus (bits %d):\n"), bits);
+ hexdump (str, m.data, m.size, "\t\t\t");
+ adds (str, _("\t\tExponent:\n"));
+ hexdump (str, e.data, e.size, "\t\t\t");
+
+ gnutls_free (m.data);
+ gnutls_free (e.data);
+ }
+
+ }
+ break;
+#if 0 /* not implemented yet */
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ err = gnutls_x509_crq_get_key_dsa_raw (cert, &p, &q, &g, &y);
+ if (err < 0)
+ addf (str, "error: get_pk_dsa_raw: %s\n",
+ gnutls_strerror (err));
+ else
+ {
+ addf (str, _("\t\tPublic key (bits %d):\n"), bits);
+ hexdump (str, y.data, y.size, "\t\t\t");
+ addf (str, _("\t\tP:\n"));
+ hexdump (str, p.data, p.size, "\t\t\t");
+ addf (str, _("\t\tQ:\n"));
+ hexdump (str, q.data, q.size, "\t\t\t");
+ addf (str, _("\t\tG:\n"));
+ hexdump (str, g.data, g.size, "\t\t\t");
+
+ gnutls_free (p.data);
+ gnutls_free (q.data);
+ gnutls_free (g.data);
+ gnutls_free (y.data);
+
+ }
+ }
+ break;
+#endif
+ default:
+ break;
+ }
+ }
+ }
+
+ /* parse attributes */
+ {
+ size_t i;
+ int err = 0;
+ int extensions = 0;
+ int challenge = 0;
+
+ for (i = 0;; i++)
+ {
+ char oid[MAX_OID_SIZE] = "";
+ size_t sizeof_oid = sizeof (oid);
+
+ err = gnutls_x509_crq_get_attribute_info (cert, i, oid, &sizeof_oid);
+ if (err < 0)
+ {
+ if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+ addf (str, "error: get_extension_info: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ if (i == 0)
+ adds (str, _("\tAttributes:\n"));
+
+ if (strcmp (oid, "1.2.840.113549.1.9.14") == 0)
+ {
+ cert_type_t ccert;
+
+ if (extensions)
+ {
+ addf (str, "error: more than one extensionsRequest\n");
+ continue;
+ }
+
+ ccert.crq = cert;
+ print_extensions (str, "\t", TYPE_CRQ, ccert);
+
+ extensions++;
+ }
+ else if (strcmp (oid, "1.2.840.113549.1.9.7") == 0)
+ {
+ char *pass;
+ size_t size;
+
+ if (challenge)
+ {
+ adds (str,
+ "error: more than one Challenge password attribute\n");
+ continue;
+ }
+
+ err = gnutls_x509_crq_get_challenge_password (cert, NULL, &size);
+ if (err < 0)
+ {
+ addf (str, "error: get_challenge_password: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ size++;
+
+ pass = gnutls_malloc (size);
+ if (!pass)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err = gnutls_x509_crq_get_challenge_password (cert, pass, &size);
+ if (err < 0)
+ addf (str, "error: get_challenge_password: %s\n",
+ gnutls_strerror (err));
+ else
+ addf (str, _("\t\tChallenge password: %s\n"), pass);
+
+ gnutls_free (pass);
+
+ challenge++;
+ }
+ else
+ {
+ char *buffer;
+ size_t extlen = 0;
+
+ addf (str, _("\t\tUnknown attribute %s:\n"), oid);
+
+ err = gnutls_x509_crq_get_attribute_data (cert, i, NULL, &extlen);
+ if (err < 0)
+ {
+ addf (str, "error: get_attribute_data: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ buffer = gnutls_malloc (extlen);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ continue;
+ }
+
+ err = gnutls_x509_crq_get_attribute_data (cert, i,
+ buffer, &extlen);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_attribute_data2: %s\n",
+ gnutls_strerror (err));
+ continue;
+ }
+
+ adds (str, _("\t\t\tASCII: "));
+ asciiprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ adds (str, _("\t\t\tHexdump: "));
+ hexprint (str, buffer, extlen);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+ }
+ }
+ }
+}
+
+static void
+print_crq_other (gnutls_buffer_st * str, gnutls_x509_crq_t crq)
+{
+ int err;
+ size_t size = 0;
+ char *buffer = NULL;
+
+ err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
+ if (err != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ addf (str, "error: get_key_id: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ buffer = gnutls_malloc (size);
+ if (!buffer)
+ {
+ addf (str, "error: malloc: %s\n",
+ gnutls_strerror (GNUTLS_E_MEMORY_ERROR));
+ return;
+ }
+
+ err = gnutls_x509_crq_get_key_id (crq, 0, buffer, &size);
+ if (err < 0)
+ {
+ gnutls_free (buffer);
+ addf (str, "error: get_key_id2: %s\n", gnutls_strerror (err));
+ return;
+ }
+
+ adds (str, _("\tPublic Key Id:\n\t\t"));
+ hexprint (str, buffer, size);
+ adds (str, "\n");
+
+ gnutls_free (buffer);
+}
+
+/**
+ * gnutls_x509_crq_print:
+ * @crq: The structure to be printed
+ * @format: Indicate the format to use
+ * @out: Newly allocated datum with zero terminated string.
+ *
+ * This function will pretty print a certificate request, suitable for
+ * display to a human.
+ *
+ * The output @out needs to be deallocate using gnutls_free().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crq_print (gnutls_x509_crq_t crq,
+ gnutls_certificate_print_formats_t format,
+ gnutls_datum_t * out)
+{
+ gnutls_buffer_st str;
+
+ _gnutls_buffer_init (&str);
+
+ _gnutls_buffer_append_str
+ (&str, _("PKCS #10 Certificate Request Information:\n"));
+
+ print_crq (&str, crq);
+
+ _gnutls_buffer_append_str (&str, _("Other Information:\n"));
+
+ print_crq_other (&str, crq);
+
+ _gnutls_buffer_append_data (&str, "\0", 1);
+ out->data = str.data;
+ out->size = strlen (str.data);
+
+ return 0;
+}
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/* gc-pbkdf2-sha1.c --- Password-Based Key Derivation Function a'la PKCS#5
+ Copyright (C) 2002, 2003, 2004, 2005, 2006, 2008, 2010 Free Software
+ Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program; if not, write to the Free Software Foundation,
+ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
+
+/* Written by Simon Josefsson. The comments in this file are taken
+ from RFC 2898. */
+
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+#include <gnutls_errors.h>
+#include <gnutls_hash_int.h>
+#include <pbkdf2-sha1.h>
+
+/*
+ * 5.2 PBKDF2
+ *
+ * PBKDF2 applies a pseudorandom function (see Appendix B.1 for an
+ * example) to derive keys. The length of the derived key is essentially
+ * unbounded. (However, the maximum effective search space for the
+ * derived key may be limited by the structure of the underlying
+ * pseudorandom function. See Appendix B.1 for further discussion.)
+ * PBKDF2 is recommended for new applications.
+ *
+ * PBKDF2 (P, S, c, dkLen)
+ *
+ * Options: PRF underlying pseudorandom function (hLen
+ * denotes the length in octets of the
+ * pseudorandom function output)
+ *
+ * Input: P password, an octet string (ASCII or UTF-8)
+ * S salt, an octet string
+ * c iteration count, a positive integer
+ * dkLen intended length in octets of the derived
+ * key, a positive integer, at most
+ * (2^32 - 1) * hLen
+ *
+ * Output: DK derived key, a dkLen-octet string
+ */
+
+int
+_gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
+ const char *S, size_t Slen,
+ unsigned int c, char *DK, size_t dkLen)
+{
+ unsigned int hLen = 20;
+ char U[20];
+ char T[20];
+ unsigned int u;
+ unsigned int l;
+ unsigned int r;
+ unsigned int i;
+ unsigned int k;
+ int rc;
+ char *tmp;
+ size_t tmplen = Slen + 4;
+
+ if (c == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (dkLen == 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ /*
+ *
+ * Steps:
+ *
+ * 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
+ * stop.
+ */
+
+ if (dkLen > 4294967295U)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /*
+ * 2. Let l be the number of hLen-octet blocks in the derived key,
+ * rounding up, and let r be the number of octets in the last
+ * block:
+ *
+ * l = CEIL (dkLen / hLen) ,
+ * r = dkLen - (l - 1) * hLen .
+ *
+ * Here, CEIL (x) is the "ceiling" function, i.e. the smallest
+ * integer greater than, or equal to, x.
+ */
+
+ l = ((dkLen - 1) / hLen) + 1;
+ r = dkLen - (l - 1) * hLen;
+
+ /*
+ * 3. For each block of the derived key apply the function F defined
+ * below to the password P, the salt S, the iteration count c, and
+ * the block index to compute the block:
+ *
+ * T_1 = F (P, S, c, 1) ,
+ * T_2 = F (P, S, c, 2) ,
+ * ...
+ * T_l = F (P, S, c, l) ,
+ *
+ * where the function F is defined as the exclusive-or sum of the
+ * first c iterates of the underlying pseudorandom function PRF
+ * applied to the password P and the concatenation of the salt S
+ * and the block index i:
+ *
+ * F (P, S, c, i) = U_1 \xor U_2 \xor ... \xor U_c
+ *
+ * where
+ *
+ * U_1 = PRF (P, S || INT (i)) ,
+ * U_2 = PRF (P, U_1) ,
+ * ...
+ * U_c = PRF (P, U_{c-1}) .
+ *
+ * Here, INT (i) is a four-octet encoding of the integer i, most
+ * significant octet first.
+ *
+ * 4. Concatenate the blocks and extract the first dkLen octets to
+ * produce a derived key DK:
+ *
+ * DK = T_1 || T_2 || ... || T_l<0..r-1>
+ *
+ * 5. Output the derived key DK.
+ *
+ * Note. The construction of the function F follows a "belt-and-
+ * suspenders" approach. The iterates U_i are computed recursively to
+ * remove a degree of parallelism from an opponent; they are exclusive-
+ * ored together to reduce concerns about the recursion degenerating
+ * into a small set of values.
+ *
+ */
+
+ tmp = gnutls_malloc (tmplen);
+ if (tmp == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy (tmp, S, Slen);
+
+ for (i = 1; i <= l; i++)
+ {
+ memset (T, 0, hLen);
+
+ for (u = 1; u <= c; u++)
+ {
+ if (u == 1)
+ {
+ tmp[Slen + 0] = (i & 0xff000000) >> 24;
+ tmp[Slen + 1] = (i & 0x00ff0000) >> 16;
+ tmp[Slen + 2] = (i & 0x0000ff00) >> 8;
+ tmp[Slen + 3] = (i & 0x000000ff) >> 0;
+
+ rc =
+ _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, tmp, tmplen, U);
+ }
+ else
+ rc = _gnutls_hmac_fast (GNUTLS_MAC_SHA1, P, Plen, U, hLen, U);
+
+ if (rc < 0)
+ {
+ gnutls_free (tmp);
+ return rc;
+ }
+
+ for (k = 0; k < hLen; k++)
+ T[k] ^= U[k];
+ }
+
+ memcpy (DK + (i - 1) * hLen, T, i == l ? r : hLen);
+ }
+
+ gnutls_free (tmp);
+
+ return 0;
+}
--- /dev/null
+int _gnutls_pbkdf2_sha1 (const char *P, size_t Plen,
+ const char *S, size_t Slen,
+ unsigned int c, char *DK, size_t dkLen);
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2008, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that relate on PKCS12 packet parsing.
+ */
+
+#include <gnutls_int.h>
+#include <libtasn1.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <gnutls_num.h>
+#include <common.h>
+#include <x509_b64.h>
+#include "x509_int.h"
+#include <random.h>
+
+
+/* Decodes the PKCS #12 auth_safe, and returns the allocated raw data,
+ * which holds them. Returns an ASN1_TYPE of authenticatedSafe.
+ */
+static int
+_decode_pkcs12_auth_safe (ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
+ gnutls_datum_t * raw)
+{
+ char oid[MAX_OID_SIZE];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_datum_t auth_safe = { NULL, 0 };
+ int len, result;
+ char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (pkcs12, "authSafe.contentType", oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (strcmp (oid, DATA_OID) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("Unknown PKCS12 Content OID '%s'\n", oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ /* Step 1. Read the content data
+ */
+
+ result =
+ _gnutls_x509_read_value (pkcs12, "authSafe.content", &auth_safe, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Step 2. Extract the authenticatedSafe.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding (&c2, auth_safe.data, auth_safe.size, error_str);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("DER error: %s\n", error_str);
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (raw == NULL)
+ {
+ _gnutls_free_datum (&auth_safe);
+ }
+ else
+ {
+ raw->data = auth_safe.data;
+ raw->size = auth_safe.size;
+ }
+
+ if (authen_safe)
+ *authen_safe = c2;
+ else
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ _gnutls_free_datum (&auth_safe);
+ return result;
+}
+
+/**
+ * gnutls_pkcs12_init:
+ * @pkcs12: The structure to be initialized
+ *
+ * This function will initialize a PKCS12 structure. PKCS12 structures
+ * usually contain lists of X.509 Certificates and X.509 Certificate
+ * revocation lists.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12)
+{
+ *pkcs12 = gnutls_calloc (1, sizeof (gnutls_pkcs12_int));
+
+ if (*pkcs12)
+ {
+ int result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-PFX",
+ &(*pkcs12)->pkcs12);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (*pkcs12);
+ return _gnutls_asn2err (result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+/**
+ * gnutls_pkcs12_deinit:
+ * @pkcs12: The structure to be initialized
+ *
+ * This function will deinitialize a PKCS12 structure.
+ **/
+void
+gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12)
+{
+ if (!pkcs12)
+ return;
+
+ if (pkcs12->pkcs12)
+ asn1_delete_structure (&pkcs12->pkcs12);
+
+ gnutls_free (pkcs12);
+}
+
+/**
+ * gnutls_pkcs12_import:
+ * @pkcs12: The structure to store the parsed PKCS12.
+ * @data: The DER or PEM encoded PKCS12.
+ * @format: One of DER or PEM
+ * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags
+ *
+ * This function will convert the given DER or PEM encoded PKCS12
+ * to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
+ *
+ * If the PKCS12 is PEM encoded it should have a header of "PKCS12".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+ char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ if (pkcs12 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* If the PKCS12 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ result = _gnutls_fbase64_decode (PEM_PKCS12, data->data, data->size,
+ &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+ result =
+ asn1_der_decoding (&pkcs12->pkcs12, _data.data, _data.size, error_str);
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ _gnutls_x509_log ("DER error: %s\n", error_str);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+
+ return 0;
+
+cleanup:
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
+}
+
+
+/**
+ * gnutls_pkcs12_export:
+ * @pkcs12: Holds the pkcs12 structure
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a structure PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the pkcs12 structure to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
+ * will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN PKCS12".
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ if (pkcs12 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int (pkcs12->pkcs12, format, PEM_PKCS12,
+ output_data, output_data_size);
+}
+
+static int
+oid2bag (const char *oid)
+{
+ if (strcmp (oid, BAG_PKCS8_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_KEY;
+ if (strcmp (oid, BAG_PKCS8_ENCRYPTED_KEY) == 0)
+ return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY;
+ if (strcmp (oid, BAG_CERTIFICATE) == 0)
+ return GNUTLS_BAG_CERTIFICATE;
+ if (strcmp (oid, BAG_CRL) == 0)
+ return GNUTLS_BAG_CRL;
+ if (strcmp (oid, BAG_SECRET) == 0)
+ return GNUTLS_BAG_SECRET;
+
+ return GNUTLS_BAG_UNKNOWN;
+}
+
+static const char *
+bag_to_oid (int bag)
+{
+ switch (bag)
+ {
+ case GNUTLS_BAG_PKCS8_KEY:
+ return BAG_PKCS8_KEY;
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ return BAG_PKCS8_ENCRYPTED_KEY;
+ case GNUTLS_BAG_CERTIFICATE:
+ return BAG_CERTIFICATE;
+ case GNUTLS_BAG_CRL:
+ return BAG_CRL;
+ case GNUTLS_BAG_SECRET:
+ return BAG_SECRET;
+ }
+ return NULL;
+}
+
+static inline char *
+ucs2_to_ascii (char *data, int size)
+{
+ int i, j;
+
+ for (i = 0; i < size / 2; i++)
+ {
+ j = 2 * i + 1;
+ if (isascii (data[j]))
+ data[i] = data[i * 2 + 1];
+ else
+ data[i] = '?';
+ }
+ data[i] = 0;
+
+ return data;
+}
+
+/* Decodes the SafeContents, and puts the output in
+ * the given bag.
+ */
+int
+_pkcs12_decode_safe_contents (const gnutls_datum_t * content,
+ gnutls_pkcs12_bag_t bag)
+{
+ char oid[MAX_OID_SIZE], root[ASN1_MAX_NAME_SIZE];
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int len, result;
+ int bag_type;
+ gnutls_datum_t attr_val;
+ int count = 0, i, attributes, j;
+ size_t size;
+
+ /* Step 1. Extract the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding (&c2, content->data, content->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Count the number of bags
+ */
+ result = asn1_number_of_elements (c2, "", &count);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ bag->bag_elements = MIN (MAX_BAG_ELEMENTS, count);
+
+ for (i = 0; i < bag->bag_elements; i++)
+ {
+
+ snprintf (root, sizeof (root), "?%u.bagId", i + 1);
+
+ len = sizeof (oid);
+ result = asn1_read_value (c2, root, oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Read the Bag type
+ */
+ bag_type = oid2bag (oid);
+
+ if (bag_type < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Read the Bag Value
+ */
+
+ snprintf (root, sizeof (root), "?%u.bagValue", i + 1);
+
+ result = _gnutls_x509_read_value (c2, root, &bag->element[i].data, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if (bag_type == GNUTLS_BAG_CERTIFICATE || bag_type == GNUTLS_BAG_CRL
+ || bag_type == GNUTLS_BAG_SECRET)
+ {
+ gnutls_datum_t tmp = bag->element[i].data;
+
+ result =
+ _pkcs12_decode_crt_bag (bag_type, &tmp, &bag->element[i].data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum (&tmp);
+ }
+
+ /* read the bag attributes
+ */
+ snprintf (root, sizeof (root), "?%u.bagAttributes", i + 1);
+
+ result = asn1_number_of_elements (c2, root, &attributes);
+ if (result != ASN1_SUCCESS && result != ASN1_ELEMENT_NOT_FOUND)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (attributes < 0)
+ attributes = 1;
+
+ if (result != ASN1_ELEMENT_NOT_FOUND)
+ for (j = 0; j < attributes; j++)
+ {
+
+ snprintf (root, sizeof (root), "?%u.bagAttributes.?%u", i + 1,
+ j + 1);
+
+ result =
+ _gnutls_x509_decode_and_read_attribute (c2, root, oid,
+ sizeof (oid), &attr_val,
+ 1, 0);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ continue; /* continue in case we find some known attributes */
+ }
+
+ if (strcmp (oid, KEY_ID_OID) == 0)
+ {
+ size = attr_val.size;
+
+ result =
+ _gnutls_x509_decode_octet_string (NULL, attr_val.data, size,
+ attr_val.data, &size);
+ attr_val.size = size;
+ if (result < 0)
+ {
+ _gnutls_free_datum (&attr_val);
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
+ continue;
+ }
+ bag->element[i].local_key_id = attr_val;
+ }
+ else if (strcmp (oid, FRIENDLY_NAME_OID) == 0)
+ {
+ size = attr_val.size;
+ result =
+ _gnutls_x509_decode_octet_string ("BMPString",
+ attr_val.data, size,
+ attr_val.data, &size);
+ attr_val.size = size;
+ if (result < 0)
+ {
+ _gnutls_free_datum (&attr_val);
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid);
+ continue;
+ }
+ bag->element[i].friendly_name =
+ ucs2_to_ascii (attr_val.data, attr_val.size);
+ }
+ else
+ {
+ _gnutls_free_datum (&attr_val);
+ _gnutls_x509_log
+ ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid);
+ }
+ }
+
+
+ bag->element[i].type = bag_type;
+
+ }
+
+ asn1_delete_structure (&c2);
+
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+
+}
+
+
+static int
+_parse_safe_contents (ASN1_TYPE sc, const char *sc_name,
+ gnutls_pkcs12_bag_t bag)
+{
+ gnutls_datum_t content = { NULL, 0 };
+ int result;
+
+ /* Step 1. Extract the content.
+ */
+
+ result = _gnutls_x509_read_value (sc, sc_name, &content, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _pkcs12_decode_safe_contents (&content, bag);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum (&content);
+
+ return 0;
+
+cleanup:
+ _gnutls_free_datum (&content);
+ return result;
+}
+
+
+/**
+ * gnutls_pkcs12_get_bag:
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @indx: contains the index of the bag to extract
+ * @bag: An initialized bag, where the contents of the bag will be copied
+ *
+ * This function will return a Bag from the PKCS12 structure.
+ *
+ * After the last Bag has been read
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12,
+ int indx, gnutls_pkcs12_bag_t bag)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[ASN1_MAX_NAME_SIZE];
+ char oid[MAX_OID_SIZE];
+
+ if (pkcs12 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. decode the data.
+ */
+ result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Parse the AuthenticatedSafe
+ */
+
+ snprintf (root2, sizeof (root2), "?%u.contentType", indx + 1);
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (c2, root2, oid, &len);
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Not encrypted Bag
+ */
+
+ snprintf (root2, sizeof (root2), "?%u.content", indx + 1);
+
+ if (strcmp (oid, DATA_OID) == 0)
+ {
+ result = _parse_safe_contents (c2, root2, bag);
+ goto cleanup;
+ }
+
+ /* ENC_DATA_OID needs decryption */
+
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->bag_elements = 1;
+
+ result = _gnutls_x509_read_value (c2, root2, &bag->element[0].data, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+/* Creates an empty PFX structure for the PKCS12 structure.
+ */
+static int
+create_empty_pfx (ASN1_TYPE pkcs12)
+{
+ uint8_t three = 3;
+ int result;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ /* Use version 3
+ */
+ result = asn1_write_value (pkcs12, "version", &three, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Write the content type of the data
+ */
+ result = asn1_write_value (pkcs12, "authSafe.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Check if the authenticatedSafe content is empty, and encode a
+ * null one in that case.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_der_encode_and_copy (c2, "", pkcs12, "authSafe.content", 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+cleanup:
+ asn1_delete_structure (&c2);
+ return result;
+
+}
+
+/**
+ * gnutls_pkcs12_set_bag:
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @bag: An initialized bag
+ *
+ * This function will insert a Bag into the PKCS12 structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ int result;
+ int enc = 0, dum = 1;
+ char null;
+
+ if (pkcs12 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Step 1. Check if the pkcs12 structure is empty. In that
+ * case generate an empty PFX.
+ */
+ result = asn1_read_value (pkcs12->pkcs12, "authSafe.content", &null, &dum);
+ if (result == ASN1_VALUE_NOT_FOUND)
+ {
+ result = create_empty_pfx (pkcs12->pkcs12);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ /* Step 2. decode the authenticatedSafe.
+ */
+ result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, &c2, NULL);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 3. Encode the bag elements into a SafeContents
+ * structure.
+ */
+ result = _pkcs12_encode_safe_contents (bag, &safe_cont, &enc);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
+ * structure.
+ */
+ result = asn1_write_value (c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (enc)
+ result = asn1_write_value (c2, "?LAST.contentType", ENC_DATA_OID, 1);
+ else
+ result = asn1_write_value (c2, "?LAST.contentType", DATA_OID, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (enc)
+ {
+ /* Encrypted packets are written directly.
+ */
+ result =
+ asn1_write_value (c2, "?LAST.content",
+ bag->element[0].data.data,
+ bag->element[0].data.size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+ }
+ else
+ {
+ result =
+ _gnutls_x509_der_encode_and_copy (safe_cont, "", c2,
+ "?LAST.content", 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+
+ asn1_delete_structure (&safe_cont);
+
+
+ /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
+ * structure.
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy (c2, "", pkcs12->pkcs12,
+ "authSafe.content", 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+cleanup:
+ asn1_delete_structure (&c2);
+ asn1_delete_structure (&safe_cont);
+ return result;
+}
+
+/**
+ * gnutls_pkcs12_generate_mac:
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @pass: The password for the MAC
+ *
+ * This function will generate a MAC for the PKCS12 structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass)
+{
+ opaque salt[8], key[20];
+ int result;
+ const int iter = 1;
+ digest_hd_st td1;
+ gnutls_datum_t tmp = { NULL, 0 };
+ opaque sha_mac[20];
+
+ if (pkcs12 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Generate the salt.
+ */
+ result = _gnutls_rnd (GNUTLS_RND_NONCE, salt, sizeof (salt));
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Write the salt into the structure.
+ */
+ result =
+ asn1_write_value (pkcs12->pkcs12, "macData.macSalt", salt, sizeof (salt));
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* write the iterations
+ */
+
+ if (iter > 1)
+ {
+ result =
+ _gnutls_x509_write_uint32 (pkcs12->pkcs12, "macData.iterations",
+ iter);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+
+ /* Generate the key.
+ */
+ result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt, sizeof (salt),
+ iter, pass, sizeof (key), key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_hmac (&td1, tmp.data, tmp.size);
+ _gnutls_free_datum (&tmp);
+
+ _gnutls_hmac_deinit (&td1, sha_mac);
+
+
+ result =
+ asn1_write_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac,
+ sizeof (sha_mac));
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value (pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.parameters", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value (pkcs12->pkcs12,
+ "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1,
+ 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ _gnutls_free_datum (&tmp);
+ return result;
+}
+
+/**
+ * gnutls_pkcs12_verify_mac:
+ * @pkcs12: should contain a gnutls_pkcs12_t structure
+ * @pass: The password for the MAC
+ *
+ * This function will verify the MAC for the PKCS12 structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass)
+{
+ opaque key[20];
+ int result;
+ unsigned int iter;
+ int len;
+ digest_hd_st td1;
+ gnutls_datum_t tmp = { NULL, 0 }, salt =
+ {
+ NULL, 0};
+ opaque sha_mac[20];
+ opaque sha_mac_orig[20];
+
+ if (pkcs12 == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* read the iterations
+ */
+
+ result =
+ _gnutls_x509_read_uint (pkcs12->pkcs12, "macData.iterations", &iter);
+ if (result < 0)
+ {
+ iter = 1; /* the default */
+ }
+
+
+ /* Read the salt from the structure.
+ */
+ result =
+ _gnutls_x509_read_value (pkcs12->pkcs12, "macData.macSalt", &salt, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Generate the key.
+ */
+ result = _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt.data, salt.size,
+ iter, pass, sizeof (key), key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_free_datum (&salt);
+
+ /* Get the data to be MACed
+ */
+ result = _decode_pkcs12_auth_safe (pkcs12->pkcs12, NULL, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* MAC the data
+ */
+ result = _gnutls_hmac_init (&td1, GNUTLS_MAC_SHA1, key, sizeof (key));
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_hmac (&td1, tmp.data, tmp.size);
+ _gnutls_free_datum (&tmp);
+
+ _gnutls_hmac_deinit (&td1, sha_mac);
+
+ len = sizeof (sha_mac_orig);
+ result =
+ asn1_read_value (pkcs12->pkcs12, "macData.mac.digest", sha_mac_orig,
+ &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (memcmp (sha_mac_orig, sha_mac, sizeof (sha_mac)) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MAC_VERIFY_FAILED;
+ }
+
+ return 0;
+
+cleanup:
+ _gnutls_free_datum (&tmp);
+ _gnutls_free_datum (&salt);
+ return result;
+}
+
+
+static int
+write_attributes (gnutls_pkcs12_bag_t bag, int elem,
+ ASN1_TYPE c2, const char *where)
+{
+ int result;
+ char root[128];
+
+ /* If the bag attributes are empty, then write
+ * nothing to the attribute field.
+ */
+ if (bag->element[elem].friendly_name == NULL &&
+ bag->element[elem].local_key_id.data == NULL)
+ {
+ /* no attributes
+ */
+ result = asn1_write_value (c2, where, NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+ }
+
+ if (bag->element[elem].local_key_id.data != NULL)
+ {
+
+ /* Add a new Attribute
+ */
+ result = asn1_write_value (c2, where, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ _gnutls_str_cpy (root, sizeof (root), where);
+ _gnutls_str_cat (root, sizeof (root), ".?LAST");
+
+ result =
+ _gnutls_x509_encode_and_write_attribute (KEY_ID_OID, c2, root,
+ bag->
+ element[elem].local_key_id.
+ data,
+ bag->
+ element[elem].local_key_id.
+ size, 1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ if (bag->element[elem].friendly_name != NULL)
+ {
+ opaque *name;
+ int size, i;
+ const char *p;
+
+ /* Add a new Attribute
+ */
+ result = asn1_write_value (c2, where, "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* convert name to BMPString
+ */
+ size = strlen (bag->element[elem].friendly_name) * 2;
+ name = gnutls_malloc (size);
+
+ if (name == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ p = bag->element[elem].friendly_name;
+ for (i = 0; i < size; i += 2)
+ {
+ name[i] = 0;
+ name[i + 1] = *p;
+ p++;
+ }
+
+ _gnutls_str_cpy (root, sizeof (root), where);
+ _gnutls_str_cat (root, sizeof (root), ".?LAST");
+
+ result =
+ _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID, c2,
+ root, name, size, 1);
+
+ gnutls_free (name);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ return 0;
+}
+
+
+/* Encodes the bag into a SafeContents structure, and puts the output in
+ * the given datum. Enc is set to non zero if the data are encrypted;
+ */
+int
+_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * contents,
+ int *enc)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ int i;
+ const char *oid;
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED && enc)
+ {
+ *enc = 1;
+ return 0; /* ENCRYPTED BAG, do nothing. */
+ }
+ else if (enc)
+ *enc = 0;
+
+ /* Step 1. Create the SEQUENCE.
+ */
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ for (i = 0; i < bag->bag_elements; i++)
+ {
+
+ oid = bag_to_oid (bag->element[i].type);
+ if (oid == NULL)
+ {
+ gnutls_assert ();
+ continue;
+ }
+
+ result = asn1_write_value (c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Copy the bag type.
+ */
+ result = asn1_write_value (c2, "?LAST.bagId", oid, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Set empty attributes
+ */
+ result = write_attributes (bag, i, c2, "?LAST.bagAttributes");
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+
+ /* Copy the Bag Value
+ */
+
+ if (bag->element[i].type == GNUTLS_BAG_CERTIFICATE ||
+ bag->element[i].type == GNUTLS_BAG_SECRET ||
+ bag->element[i].type == GNUTLS_BAG_CRL)
+ {
+ gnutls_datum_t tmp;
+
+ /* in that case encode it to a CertBag or
+ * a CrlBag.
+ */
+
+ result =
+ _pkcs12_encode_crt_bag (bag->element[i].type,
+ &bag->element[i].data, &tmp);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_write_value (c2, "?LAST.bagValue", &tmp, 0);
+
+ _gnutls_free_datum (&tmp);
+
+ }
+ else
+ {
+
+ result = _gnutls_x509_write_value (c2, "?LAST.bagValue",
+ &bag->element[i].data, 0);
+ }
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ }
+
+ /* Encode the data and copy them into the datum
+ */
+ *contents = c2;
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+
+}
+
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that relate on PKCS12 Bag packet parsing.
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <common.h>
+#include "x509_int.h"
+
+/**
+ * gnutls_pkcs12_bag_init:
+ * @bag: The structure to be initialized
+ *
+ * This function will initialize a PKCS12 bag structure. PKCS12 Bags
+ * usually contain private keys, lists of X.509 Certificates and X.509
+ * Certificate revocation lists.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag)
+{
+ *bag = gnutls_calloc (1, sizeof (gnutls_pkcs12_bag_int));
+
+ if (*bag)
+ {
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+static inline void
+_pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag)
+{
+ int i;
+
+ for (i = 0; i < bag->bag_elements; i++)
+ {
+ _gnutls_free_datum (&bag->element[i].data);
+ _gnutls_free_datum (&bag->element[i].local_key_id);
+ gnutls_free (bag->element[i].friendly_name);
+ bag->element[i].friendly_name = NULL;
+ bag->element[i].type = 0;
+ }
+
+}
+
+
+/**
+ * gnutls_pkcs12_bag_deinit:
+ * @bag: The structure to be initialized
+ *
+ * This function will deinitialize a PKCS12 Bag structure.
+ **/
+void
+gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag)
+{
+ if (!bag)
+ return;
+
+ _pkcs12_bag_free_data (bag);
+
+ gnutls_free (bag);
+}
+
+/**
+ * gnutls_pkcs12_bag_get_type:
+ * @bag: The bag
+ * @indx: The element of the bag to get the type
+ *
+ * This function will return the bag's type.
+ *
+ * Returns: One of the #gnutls_pkcs12_bag_type_t enumerations.
+ **/
+gnutls_pkcs12_bag_type_t
+gnutls_pkcs12_bag_get_type (gnutls_pkcs12_bag_t bag, int indx)
+{
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return bag->element[indx].type;
+}
+
+/**
+ * gnutls_pkcs12_bag_get_count:
+ * @bag: The bag
+ *
+ * This function will return the number of the elements withing the bag.
+ *
+ * Returns: Number of elements in bag, or an negative error code on
+ * error.
+ **/
+int
+gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag)
+{
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return bag->bag_elements;
+}
+
+/**
+ * gnutls_pkcs12_bag_get_data:
+ * @bag: The bag
+ * @indx: The element of the bag to get the data from
+ * @data: where the bag's data will be. Should be treated as constant.
+ *
+ * This function will return the bag's data. The data is a constant
+ * that is stored into the bag. Should not be accessed after the bag
+ * is deleted.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * data)
+{
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx >= bag->bag_elements)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+
+ data->data = bag->element[indx].data.data;
+ data->size = bag->element[indx].data.size;
+
+ return 0;
+}
+
+#define X509_CERT_OID "1.2.840.113549.1.9.22.1"
+#define X509_CRL_OID "1.2.840.113549.1.9.23.1"
+#define RANDOM_NONCE_OID "1.2.840.113549.1.9.25.3"
+
+int
+_pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * in, gnutls_datum_t * out)
+{
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ switch (type)
+ {
+ case GNUTLS_BAG_CERTIFICATE:
+ if ((ret = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_read_value (c2, "certValue", out, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if ((ret = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_read_value (c2, "crlValue", out, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_SECRET:
+ if ((ret = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = asn1_der_decoding (&c2, in->data, in->size, NULL);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_read_value (c2, "secretValue", out, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+
+ default:
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+
+cleanup:
+
+ asn1_delete_structure (&c2);
+ return ret;
+}
+
+
+int
+_pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * raw, gnutls_datum_t * out)
+{
+ int ret;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ switch (type)
+ {
+ case GNUTLS_BAG_CERTIFICATE:
+ if ((ret = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-CertBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = asn1_write_value (c2, "certId", X509_CERT_OID, 1);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_write_value (c2, "certValue", raw, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_CRL:
+ if ((ret = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-CRLBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = asn1_write_value (c2, "crlId", X509_CRL_OID, 1);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_write_value (c2, "crlValue", raw, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+
+ case GNUTLS_BAG_SECRET:
+ if ((ret = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-SecretBag",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = asn1_write_value (c2, "secretTypeId", RANDOM_NONCE_OID, 1);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ ret = _gnutls_asn2err (ret);
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_write_value (c2, "secretValue", raw, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ break;
+
+ default:
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ ret = _gnutls_x509_der_encode (c2, "", out, 0);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+
+cleanup:
+
+ asn1_delete_structure (&c2);
+ return ret;
+}
+
+
+/**
+ * gnutls_pkcs12_bag_set_data:
+ * @bag: The bag
+ * @type: The data's type
+ * @data: the data to be copied.
+ *
+ * This function will insert the given data of the given type into
+ * the bag.
+ *
+ * Returns: the index of the added bag on success, or a negative
+ * value on error.
+ **/
+int
+gnutls_pkcs12_bag_set_data (gnutls_pkcs12_bag_t bag,
+ gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * data)
+{
+ int ret;
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->bag_elements == MAX_BAG_ELEMENTS - 1)
+ {
+ gnutls_assert ();
+ /* bag is full */
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ if (bag->bag_elements == 1)
+ {
+ /* A bag with a key or an encrypted bag, must have
+ * only one element.
+ */
+
+ if (bag->element[0].type == GNUTLS_BAG_PKCS8_KEY ||
+ bag->element[0].type == GNUTLS_BAG_PKCS8_ENCRYPTED_KEY ||
+ bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ ret =
+ _gnutls_set_datum (&bag->element[bag->bag_elements].data,
+ data->data, data->size);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ bag->element[bag->bag_elements].type = type;
+
+ bag->bag_elements++;
+
+ return bag->bag_elements - 1;
+}
+
+/**
+ * gnutls_pkcs12_bag_set_crt:
+ * @bag: The bag
+ * @crt: the certificate to be copied.
+ *
+ * This function will insert the given certificate into the
+ * bag. This is just a wrapper over gnutls_pkcs12_bag_set_data().
+ *
+ * Returns: the index of the added bag on success, or a negative
+ * value on failure.
+ **/
+int
+gnutls_pkcs12_bag_set_crt (gnutls_pkcs12_bag_t bag, gnutls_x509_crt_t crt)
+{
+ int ret;
+ gnutls_datum_t data;
+
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CERTIFICATE, &data);
+
+ _gnutls_free_datum (&data);
+
+ return ret;
+}
+
+/**
+ * gnutls_pkcs12_bag_set_crl:
+ * @bag: The bag
+ * @crl: the CRL to be copied.
+ *
+ * This function will insert the given CRL into the
+ * bag. This is just a wrapper over gnutls_pkcs12_bag_set_data().
+ *
+ * Returns: the index of the added bag on success, or a negative value
+ * on failure.
+ **/
+int
+gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl)
+{
+ int ret;
+ gnutls_datum_t data;
+
+
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs12_bag_set_data (bag, GNUTLS_BAG_CRL, &data);
+
+ _gnutls_free_datum (&data);
+
+ return ret;
+}
+
+/**
+ * gnutls_pkcs12_bag_set_key_id:
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @id: the ID
+ *
+ * This function will add the given key ID, to the specified, by the
+ * index, bag element. The key ID will be encoded as a 'Local key
+ * identifier' bag attribute, which is usually used to distinguish
+ * the local private key and the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. or a negative value on error.
+ **/
+int
+gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx,
+ const gnutls_datum_t * id)
+{
+ int ret;
+
+
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_set_datum (&bag->element[indx].local_key_id,
+ id->data, id->size);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs12_bag_get_key_id:
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @id: where the ID will be copied (to be treated as const)
+ *
+ * This function will return the key ID, of the specified bag element.
+ * The key ID is usually used to distinguish the local private key and
+ * the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. or a negative value on error.
+ **/
+int
+gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx,
+ gnutls_datum_t * id)
+{
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ id->data = bag->element[indx].local_key_id.data;
+ id->size = bag->element[indx].local_key_id.size;
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs12_bag_get_friendly_name:
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @name: will hold a pointer to the name (to be treated as const)
+ *
+ * This function will return the friendly name, of the specified bag
+ * element. The key ID is usually used to distinguish the local
+ * private key and the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. or a negative value on error.
+ **/
+int
+gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
+ char **name)
+{
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ *name = bag->element[indx].friendly_name;
+
+ return 0;
+}
+
+
+/**
+ * gnutls_pkcs12_bag_set_friendly_name:
+ * @bag: The bag
+ * @indx: The bag's element to add the id
+ * @name: the name
+ *
+ * This function will add the given key friendly name, to the
+ * specified, by the index, bag element. The name will be encoded as
+ * a 'Friendly name' bag attribute, which is usually used to set a
+ * user name to the local private key and the certificate pair.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. or a negative value on error.
+ **/
+int
+gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx,
+ const char *name)
+{
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (indx > bag->bag_elements - 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bag->element[indx].friendly_name = gnutls_strdup (name);
+
+ if (name == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ return 0;
+}
+
+
+/**
+ * gnutls_pkcs12_bag_decrypt:
+ * @bag: The bag
+ * @pass: The password used for encryption, must be ASCII.
+ *
+ * This function will decrypt the given encrypted bag and return 0 on
+ * success.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_pkcs12_bag_decrypt (gnutls_pkcs12_bag_t bag, const char *pass)
+{
+ int ret;
+ gnutls_datum_t dec;
+
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_pkcs7_decrypt_data (&bag->element[0].data, pass, &dec);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* decryption succeeded. Now decode the SafeContents
+ * stuff, and parse it.
+ */
+
+ _gnutls_free_datum (&bag->element[0].data);
+
+ ret = _pkcs12_decode_safe_contents (&dec, bag);
+
+ _gnutls_free_datum (&dec);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs12_bag_encrypt:
+ * @bag: The bag
+ * @pass: The password used for encryption, must be ASCII
+ * @flags: should be one of #gnutls_pkcs_encrypt_flags_t elements bitwise or'd
+ *
+ * This function will encrypt the given bag.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
+ unsigned int flags)
+{
+ int ret;
+ ASN1_TYPE safe_cont = ASN1_TYPE_EMPTY;
+ gnutls_datum_t der = { NULL, 0 };
+ gnutls_datum_t enc = { NULL, 0 };
+ schema_id id;
+
+ if (bag == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->element[0].type == GNUTLS_BAG_ENCRYPTED)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Encode the whole bag to a safe contents
+ * structure.
+ */
+ ret = _pkcs12_encode_safe_contents (bag, &safe_cont, NULL);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* DER encode the SafeContents.
+ */
+ ret = _gnutls_x509_der_encode (safe_cont, "", &der, 0);
+
+ asn1_delete_structure (&safe_cont);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (flags & GNUTLS_PKCS_PLAIN)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ id = _gnutls_pkcs_flags_to_schema (flags);
+
+ /* Now encrypt them.
+ */
+ ret = _gnutls_pkcs7_encrypt_data (id, &der, pass, &enc);
+
+ _gnutls_free_datum (&der);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* encryption succeeded.
+ */
+
+ _pkcs12_bag_free_data (bag);
+
+ bag->element[0].type = GNUTLS_BAG_ENCRYPTED;
+ bag->element[0].data = enc;
+
+ bag->bag_elements = 1;
+
+
+ return 0;
+}
+
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/* minip12.c - A mini pkcs-12 implementation (modified for gnutls)
+ *
+ * Copyright (C) 2002, 2004, 2005, 2009, 2010 Free Software Foundation,
+ * Inc.
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_mpi.h>
+#include <gnutls_errors.h>
+
+/* Returns 0 if the password is ok, or a negative error
+ * code instead.
+ */
+static int
+_pkcs12_check_pass (const char *pass, size_t plen)
+{
+ const unsigned char *p = pass;
+ unsigned int i;
+
+ for (i = 0; i < plen; i++)
+ {
+ if (isascii (p[i]))
+ continue;
+ return GNUTLS_E_INVALID_PASSWORD;
+ }
+
+ return 0;
+}
+
+/* ID should be:
+ * 3 for MAC
+ * 2 for IV
+ * 1 for encryption key
+ */
+int
+_gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ opaque * keybuf)
+{
+ int rc;
+ unsigned int i, j;
+ digest_hd_st md;
+ bigint_t num_b1 = NULL, num_ij = NULL;
+ bigint_t mpi512 = NULL;
+ unsigned int pwlen;
+ opaque hash[20], buf_b[64], buf_i[128], *p;
+ size_t cur_keylen;
+ size_t n, m;
+ const opaque buf_512[] = /* 2^64 */
+ { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+ };
+
+ cur_keylen = 0;
+
+ if (pw == NULL)
+ pwlen = 0;
+ else
+ pwlen = strlen (pw);
+
+ if (pwlen > 63 / 2)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((rc = _pkcs12_check_pass (pw, pwlen)) < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ rc = _gnutls_mpi_scan (&mpi512, buf_512, sizeof (buf_512));
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ return rc;
+ }
+
+ /* Store salt and password in BUF_I */
+ p = buf_i;
+ for (i = 0; i < 64; i++)
+ *p++ = salt[i % salt_size];
+ if (pw)
+ {
+ for (i = j = 0; i < 64; i += 2)
+ {
+ *p++ = 0;
+ *p++ = pw[j];
+ if (++j > pwlen) /* Note, that we include the trailing zero */
+ j = 0;
+ }
+ }
+ else
+ memset (p, 0, 64);
+
+ for (;;)
+ {
+ rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ for (i = 0; i < 64; i++)
+ {
+ unsigned char lid = id & 0xFF;
+ _gnutls_hash (&md, &lid, 1);
+ }
+ _gnutls_hash (&md, buf_i, pw ? 128 : 64);
+ _gnutls_hash_deinit (&md, hash);
+ for (i = 1; i < iter; i++)
+ {
+ rc = _gnutls_hash_init (&md, GNUTLS_MAC_SHA1);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ _gnutls_hash (&md, hash, 20);
+ _gnutls_hash_deinit (&md, hash);
+ }
+ for (i = 0; i < 20 && cur_keylen < req_keylen; i++)
+ keybuf[cur_keylen++] = hash[i];
+ if (cur_keylen == req_keylen)
+ {
+ rc = 0; /* ready */
+ goto cleanup;
+ }
+
+ /* need more bytes. */
+ for (i = 0; i < 64; i++)
+ buf_b[i] = hash[i % 20];
+ n = 64;
+ rc = _gnutls_mpi_scan (&num_b1, buf_b, n);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ _gnutls_mpi_add_ui (num_b1, num_b1, 1);
+ for (i = 0; i < 128; i += 64)
+ {
+ n = 64;
+ rc = _gnutls_mpi_scan (&num_ij, buf_i + i, n);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ _gnutls_mpi_addm (num_ij, num_ij, num_b1, mpi512);
+ n = 64;
+#ifndef PKCS12_BROKEN_KEYGEN
+ m = (_gnutls_mpi_get_nbits (num_ij) + 7) / 8;
+#else
+ m = n;
+#endif
+ memset (buf_i + i, 0, n - m);
+ rc = _gnutls_mpi_print (num_ij, buf_i + i + n - m, &n);
+ if (rc < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ _gnutls_mpi_release (&num_ij);
+ }
+ }
+cleanup:
+ _gnutls_mpi_release (&num_ij);
+ _gnutls_mpi_release (&num_b1);
+ _gnutls_mpi_release (&mpi512);
+
+ return rc;
+}
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that relate on PKCS7 certificate lists parsing.
+ */
+
+#include <gnutls_int.h>
+#include <libtasn1.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <common.h>
+#include <x509_b64.h>
+
+#define SIGNED_DATA_OID "1.2.840.113549.1.7.2"
+
+/* Decodes the PKCS #7 signed data, and returns an ASN1_TYPE,
+ * which holds them. If raw is non null then the raw decoded
+ * data are copied (they are locally allocated) there.
+ */
+static int
+_decode_pkcs7_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata,
+ gnutls_datum_t * raw)
+{
+ char oid[MAX_OID_SIZE];
+ ASN1_TYPE c2;
+ opaque *tmp = NULL;
+ int tmp_size, len, result;
+
+ len = sizeof (oid) - 1;
+ result = asn1_read_value (pkcs7, "contentType", oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (strcmp (oid, SIGNED_DATA_OID) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("Unknown PKCS7 Content OID '%s'\n", oid);
+ return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData", &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* the Signed-data has been created, so
+ * decode them.
+ */
+ tmp_size = 0;
+ result = asn1_read_value (pkcs7, "content", NULL, &tmp_size);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ tmp = gnutls_malloc (tmp_size);
+ if (tmp == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ result = asn1_read_value (pkcs7, "content", tmp, &tmp_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* tmp, tmp_size hold the data and the size of the CertificateSet structure
+ * actually the ANY stuff.
+ */
+
+ /* Step 1. In case of a signed structure extract certificate set.
+ */
+
+ result = asn1_der_decoding (&c2, tmp, tmp_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if (raw == NULL)
+ {
+ gnutls_free (tmp);
+ }
+ else
+ {
+ raw->data = tmp;
+ raw->size = tmp_size;
+ }
+
+ *sdata = c2;
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ gnutls_free (tmp);
+ return result;
+}
+
+/**
+ * gnutls_pkcs7_init:
+ * @pkcs7: The structure to be initialized
+ *
+ * This function will initialize a PKCS7 structure. PKCS7 structures
+ * usually contain lists of X.509 Certificates and X.509 Certificate
+ * revocation lists.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7)
+{
+ *pkcs7 = gnutls_calloc (1, sizeof (gnutls_pkcs7_int));
+
+ if (*pkcs7)
+ {
+ int result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-7-ContentInfo",
+ &(*pkcs7)->pkcs7);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (*pkcs7);
+ return _gnutls_asn2err (result);
+ }
+ return 0; /* success */
+ }
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+/**
+ * gnutls_pkcs7_deinit:
+ * @pkcs7: The structure to be initialized
+ *
+ * This function will deinitialize a PKCS7 structure.
+ **/
+void
+gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7)
+{
+ if (!pkcs7)
+ return;
+
+ if (pkcs7->pkcs7)
+ asn1_delete_structure (&pkcs7->pkcs7);
+
+ gnutls_free (pkcs7);
+}
+
+/**
+ * gnutls_pkcs7_import:
+ * @pkcs7: The structure to store the parsed PKCS7.
+ * @data: The DER or PEM encoded PKCS7.
+ * @format: One of DER or PEM
+ *
+ * This function will convert the given DER or PEM encoded PKCS7 to
+ * the native #gnutls_pkcs7_t format. The output will be stored in
+ * @pkcs7.
+ *
+ * If the PKCS7 is PEM encoded it should have a header of "PKCS7".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the PKCS7 is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ result = _gnutls_fbase64_decode (PEM_PKCS7, data->data, data->size,
+ &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+
+ result = asn1_der_decoding (&pkcs7->pkcs7, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+
+ return 0;
+
+cleanup:
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
+}
+
+/**
+ * gnutls_pkcs7_get_crt_raw:
+ * @pkcs7: should contain a gnutls_pkcs7_t structure
+ * @indx: contains the index of the certificate to extract
+ * @certificate: the contents of the certificate will be copied
+ * there (may be null)
+ * @certificate_size: should hold the size of the certificate
+ *
+ * This function will return a certificate of the PKCS7 or RFC2630
+ * certificate set.
+ *
+ * After the last certificate has been read
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. If the provided buffer is not long enough,
+ * then @certificate_size is updated and
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned.
+ **/
+int
+gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7,
+ int indx, void *certificate,
+ size_t * certificate_size)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len;
+ char root2[ASN1_MAX_NAME_SIZE];
+ char oid[MAX_OID_SIZE];
+ gnutls_datum_t tmp = { NULL, 0 };
+
+ if (certificate_size == NULL || pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Parse the CertificateSet
+ */
+
+ snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
+
+ len = sizeof (oid) - 1;
+
+ result = asn1_read_value (c2, root2, oid, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND)
+ {
+ result = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ goto cleanup;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* if 'Certificate' is the choice found:
+ */
+ if (strcmp (oid, "certificate") == 0)
+ {
+ int start, end;
+
+ result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
+ root2, &start, &end);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ end = end - start + 1;
+
+ if ((unsigned) end > *certificate_size)
+ {
+ *certificate_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (certificate)
+ memcpy (certificate, &tmp.data[start], end);
+
+ *certificate_size = end;
+
+ result = 0;
+
+ }
+ else
+ {
+ result = GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE;
+ }
+
+cleanup:
+ _gnutls_free_datum (&tmp);
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+/**
+ * gnutls_pkcs7_get_crt_count:
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ *
+ * This function will return the number of certifcates in the PKCS7
+ * or RFC2630 certificate set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Count the CertificateSet */
+
+ result = asn1_number_of_elements (c2, "certificates", &count);
+
+ asn1_delete_structure (&c2);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return 0; /* no certificates */
+ }
+
+ return count;
+
+}
+
+/**
+ * gnutls_pkcs7_export:
+ * @pkcs7: Holds the pkcs7 structure
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a structure PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the pkcs7 structure to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER
+ * will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN PKCS7".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ return _gnutls_x509_export_int (pkcs7->pkcs7, format, PEM_PKCS7,
+ output_data, output_data_size);
+}
+
+/* Creates an empty signed data structure in the pkcs7
+ * structure and returns a handle to the signed data.
+ */
+static int
+create_empty_signed_data (ASN1_TYPE pkcs7, ASN1_TYPE * sdata)
+{
+ uint8_t one = 1;
+ int result;
+
+ *sdata = ASN1_TYPE_EMPTY;
+
+ if ((result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.pkcs-7-SignedData",
+ sdata)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Use version 1
+ */
+ result = asn1_write_value (*sdata, "version", &one, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Use no digest algorithms
+ */
+
+ /* id-data */
+ result =
+ asn1_write_value (*sdata, "encapContentInfo.eContentType",
+ "1.2.840.113549.1.7.5", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value (*sdata, "encapContentInfo.eContent", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Add no certificates.
+ */
+
+ /* Add no crls.
+ */
+
+ /* Add no signerInfos.
+ */
+
+ /* Write the content type of the signed data
+ */
+ result = asn1_write_value (pkcs7, "contentType", SIGNED_DATA_OID, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ asn1_delete_structure (sdata);
+ return result;
+
+}
+
+/**
+ * gnutls_pkcs7_set_crt_raw:
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ * @crt: the DER encoded certificate to be added
+ *
+ * This function will add a certificate to the PKCS7 or RFC2630
+ * certificate set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
+ {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
+ */
+ result = create_empty_signed_data (pkcs7->pkcs7, &c2);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new certificate.
+ */
+
+ result = asn1_write_value (c2, "certificates", "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value (c2, "certificates.?LAST", "certificate", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_write_value (c2, "certificates.?LAST.certificate", crt->data,
+ crt->size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+/**
+ * gnutls_pkcs7_set_crt:
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ * @crt: the certificate to be copied.
+ *
+ * This function will add a parsed certificate to the PKCS7 or
+ * RFC2630 certificate set. This is a wrapper function over
+ * gnutls_pkcs7_set_crt_raw() .
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt)
+{
+ int ret;
+ gnutls_datum_t data;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ ret = _gnutls_x509_der_encode (crt->cert, "", &data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs7_set_crt_raw (pkcs7, &data);
+
+ _gnutls_free_datum (&data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+
+/**
+ * gnutls_pkcs7_delete_crt:
+ * @pkcs7: should contain a gnutls_pkcs7_t structure
+ * @indx: the index of the certificate to delete
+ *
+ * This function will delete a certificate from a PKCS7 or RFC2630
+ * certificate set. Index starts from 0. Returns 0 on success.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Delete the certificate.
+ */
+
+ snprintf (root2, sizeof (root2), "certificates.?%u", indx + 1);
+
+ result = asn1_write_value (c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+/* Read and write CRLs
+ */
+
+/**
+ * gnutls_pkcs7_get_crl_raw:
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ * @indx: contains the index of the crl to extract
+ * @crl: the contents of the crl will be copied there (may be null)
+ * @crl_size: should hold the size of the crl
+ *
+ * This function will return a crl of the PKCS7 or RFC2630 crl set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. If the provided buffer is not long enough,
+ * then @crl_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER is
+ * returned. After the last crl has been read
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ **/
+int
+gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
+ int indx, void *crl, size_t * crl_size)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+ gnutls_datum_t tmp = { NULL, 0 };
+ int start, end;
+
+ if (pkcs7 == NULL || crl_size == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Parse the CertificateSet
+ */
+
+ snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
+
+ /* Get the raw CRL
+ */
+ result = asn1_der_decoding_startEnd (c2, tmp.data, tmp.size,
+ root2, &start, &end);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ end = end - start + 1;
+
+ if ((unsigned) end > *crl_size)
+ {
+ *crl_size = end;
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ goto cleanup;
+ }
+
+ if (crl)
+ memcpy (crl, &tmp.data[start], end);
+
+ *crl_size = end;
+
+ result = 0;
+
+cleanup:
+ _gnutls_free_datum (&tmp);
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+/**
+ * gnutls_pkcs7_get_crl_count:
+ * @pkcs7: should contain a gnutls_pkcs7_t structure
+ *
+ * This function will return the number of certifcates in the PKCS7
+ * or RFC2630 crl set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, count;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Count the CertificateSet */
+
+ result = asn1_number_of_elements (c2, "crls", &count);
+
+ asn1_delete_structure (&c2);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return 0; /* no crls */
+ }
+
+ return count;
+
+}
+
+/**
+ * gnutls_pkcs7_set_crl_raw:
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ * @crl: the DER encoded crl to be added
+ *
+ * This function will add a crl to the PKCS7 or RFC2630 crl set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
+ if (result < 0 && result != GNUTLS_E_ASN1_VALUE_NOT_FOUND)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* If the signed data are uninitialized
+ * then create them.
+ */
+ if (result == GNUTLS_E_ASN1_VALUE_NOT_FOUND)
+ {
+ /* The pkcs7 structure is new, so create the
+ * signedData.
+ */
+ result = create_empty_signed_data (pkcs7->pkcs7, &c2);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ /* Step 2. Append the new crl.
+ */
+
+ result = asn1_write_value (c2, "crls", "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = asn1_write_value (c2, "crls.?LAST", crl->data, crl->size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+/**
+ * gnutls_pkcs7_set_crl:
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ * @crl: the DER encoded crl to be added
+ *
+ * This function will add a parsed CRL to the PKCS7 or RFC2630 crl
+ * set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl)
+{
+ int ret;
+ gnutls_datum_t data;
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ ret = _gnutls_x509_der_encode (crl->crl, "", &data, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_pkcs7_set_crl_raw (pkcs7, &data);
+
+ _gnutls_free_datum (&data);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pkcs7_delete_crl:
+ * @pkcs7: should contain a #gnutls_pkcs7_t structure
+ * @indx: the index of the crl to delete
+ *
+ * This function will delete a crl from a PKCS7 or RFC2630 crl set.
+ * Index starts from 0. Returns 0 on success.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result;
+ char root2[ASN1_MAX_NAME_SIZE];
+
+ if (pkcs7 == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ /* Step 1. Decode the signed data.
+ */
+ result = _decode_pkcs7_signed_data (pkcs7->pkcs7, &c2, NULL);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Delete the crl.
+ */
+
+ snprintf (root2, sizeof (root2), "crls.?%u", indx + 1);
+
+ result = asn1_write_value (c2, root2, NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Step 3. Replace the old content with the new
+ */
+ result =
+ _gnutls_x509_der_encode_and_copy (c2, "", pkcs7->pkcs7, "content", 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ asn1_delete_structure (&c2);
+
+ return 0;
+
+cleanup:
+ if (c2)
+ asn1_delete_structure (&c2);
+ return result;
+}
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <gnutls_rsa_export.h>
+#include <gnutls_sig.h>
+#include <common.h>
+#include <gnutls_x509.h>
+#include <x509_b64.h>
+#include <x509_int.h>
+#include <gnutls_pk.h>
+#include <gnutls_mpi.h>
+
+static int _gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params);
+
+/**
+ * gnutls_x509_privkey_init:
+ * @key: The structure to be initialized
+ *
+ * This function will initialize an private key structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_init (gnutls_x509_privkey_t * key)
+{
+ *key = gnutls_calloc (1, sizeof (gnutls_x509_privkey_int));
+
+ if (*key)
+ {
+ (*key)->key = ASN1_TYPE_EMPTY;
+ (*key)->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ return 0; /* success */
+ }
+
+ return GNUTLS_E_MEMORY_ERROR;
+}
+
+/**
+ * gnutls_x509_privkey_deinit:
+ * @key: The structure to be deinitialized
+ *
+ * This function will deinitialize a private key structure.
+ **/
+void
+gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key)
+{
+ int i;
+
+ if (!key)
+ return;
+
+ for (i = 0; i < key->params_size; i++)
+ {
+ _gnutls_mpi_release (&key->params[i]);
+ }
+
+ asn1_delete_structure (&key->key);
+ gnutls_free (key);
+}
+
+/**
+ * gnutls_x509_privkey_cpy:
+ * @dst: The destination key, which should be initialized.
+ * @src: The source key
+ *
+ * This function will copy a private key from source to destination
+ * key. Destination has to be initialized.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src)
+{
+ int i, ret;
+
+ if (!src || !dst)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ for (i = 0; i < src->params_size; i++)
+ {
+ dst->params[i] = _gnutls_mpi_copy (src->params[i]);
+ if (dst->params[i] == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ dst->params_size = src->params_size;
+ dst->pk_algorithm = src->pk_algorithm;
+ dst->crippled = src->crippled;
+
+ if (!src->crippled)
+ {
+ switch (dst->pk_algorithm)
+ {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_asn1_encode_dsa (&dst->key, dst->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_asn1_encode_rsa (&dst->key, dst->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ return 0;
+}
+
+/* Converts an RSA PKCS#1 key to
+ * an internal structure (gnutls_private_key)
+ */
+ASN1_TYPE
+_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t * raw_key,
+ gnutls_x509_privkey_t pkey)
+{
+ int result;
+ ASN1_TYPE pkey_asn;
+ gnutls_pk_params_st pk_params;
+
+ memset (&pk_params, 0, sizeof (pk_params));
+ pk_params.params_nr = RSA_PRIVATE_PARAMS;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.RSAPrivateKey",
+ &pkey_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ result = asn1_der_decoding (&pkey_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (pkey_asn, "modulus",
+ &pk_params.params[0])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_int (pkey_asn, "publicExponent",
+ &pk_params.params[1])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result =
+ _gnutls_x509_read_int (pkey_asn, "privateExponent",
+ &pk_params.params[2])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (pkey_asn, "prime1",
+ &pk_params.params[3])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (pkey_asn, "prime2",
+ &pk_params.params[4])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (pkey_asn, "coefficient",
+ &pk_params.params[5])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (pkey_asn, "exponent1",
+ &pk_params.params[6])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (pkey_asn, "exponent2",
+ &pk_params.params[7])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+
+ result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pk_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ pkey->params[0] = pk_params.params[0];
+ pkey->params[1] = pk_params.params[1];
+ pkey->params[2] = pk_params.params[2];
+ pkey->params[3] = pk_params.params[3];
+ pkey->params[4] = pk_params.params[4];
+ pkey->params[5] = pk_params.params[5];
+ pkey->params[6] = pk_params.params[6];
+ pkey->params[7] = pk_params.params[7];
+ pkey->params_size = pk_params.params_nr;
+
+ return pkey_asn;
+
+error:
+ asn1_delete_structure (&pkey_asn);
+ gnutls_pk_params_release (&pk_params);
+ return NULL;
+
+}
+
+static ASN1_TYPE
+decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey)
+{
+ int result;
+ ASN1_TYPE dsa_asn;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DSAPrivateKey",
+ &dsa_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return NULL;
+ }
+
+ result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params[0])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params[1])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params[2])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params[3])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = _gnutls_x509_read_int (dsa_asn, "priv",
+ &pkey->params[4])) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ pkey->params_size = 5;
+
+ return dsa_asn;
+
+error:
+ asn1_delete_structure (&dsa_asn);
+ _gnutls_mpi_release (&pkey->params[0]);
+ _gnutls_mpi_release (&pkey->params[1]);
+ _gnutls_mpi_release (&pkey->params[2]);
+ _gnutls_mpi_release (&pkey->params[3]);
+ _gnutls_mpi_release (&pkey->params[4]);
+ return NULL;
+
+}
+
+
+#define PEM_KEY_DSA "DSA PRIVATE KEY"
+#define PEM_KEY_RSA "RSA PRIVATE KEY"
+
+/**
+ * gnutls_x509_privkey_import:
+ * @key: The structure to store the parsed key
+ * @data: The DER or PEM encoded certificate.
+ * @format: One of DER or PEM
+ *
+ * This function will convert the given DER or PEM encoded key to the
+ * native #gnutls_x509_privkey_t format. The output will be stored in
+ * @key .
+ *
+ * If the key is PEM encoded it should have a header of "RSA PRIVATE
+ * KEY", or "DSA PRIVATE KEY".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
+
+ if (result >= 0)
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
+ &out);
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+
+ goto failover;
+ }
+
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ {
+ key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
+ if (key->key == NULL)
+ gnutls_assert ();
+ }
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ {
+ key->key = decode_dsa_key (&_data, key);
+ if (key->key == NULL)
+ gnutls_assert ();
+ }
+ else
+ {
+ /* Try decoding with both, and accept the one that
+ * succeeds.
+ */
+ key->pk_algorithm = GNUTLS_PK_RSA;
+ key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
+
+ if (key->key == NULL)
+ {
+ key->pk_algorithm = GNUTLS_PK_DSA;
+ key->key = decode_dsa_key (&_data, key);
+ if (key->key == NULL)
+ gnutls_assert ();
+ }
+ }
+
+ if (key->key == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_ASN1_DER_ERROR;
+ goto failover;
+ }
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+
+ /* The key has now been decoded.
+ */
+
+ return 0;
+
+failover:
+ /* Try PKCS #8 */
+#ifdef ENABLE_PKI
+ if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
+ {
+ _gnutls_debug_log ("Falling back to PKCS #8 key decoding\n");
+ result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
+ NULL, GNUTLS_PKCS_PLAIN);
+ }
+#endif
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+
+ return result;
+}
+
+#define FREE_RSA_PRIVATE_PARAMS for (i=0;i<RSA_PRIVATE_PARAMS;i++) \
+ _gnutls_mpi_release(&key->params[i])
+#define FREE_DSA_PRIVATE_PARAMS for (i=0;i<DSA_PRIVATE_PARAMS;i++) \
+ _gnutls_mpi_release(&key->params[i])
+
+/**
+ * gnutls_x509_privkey_import_rsa_raw:
+ * @key: The structure to store the parsed key
+ * @m: holds the modulus
+ * @e: holds the public exponent
+ * @d: holds the private exponent
+ * @p: holds the first prime (p)
+ * @q: holds the second prime (q)
+ * @u: holds the coefficient
+ *
+ * This function will convert the given RSA raw parameters to the
+ * native #gnutls_x509_privkey_t format. The output will be stored in
+ * @key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u)
+{
+ return gnutls_x509_privkey_import_rsa_raw2 (key, m, e, d, p, q, u, NULL,
+ NULL);
+}
+
+/**
+ * gnutls_x509_privkey_import_rsa_raw2:
+ * @key: The structure to store the parsed key
+ * @m: holds the modulus
+ * @e: holds the public exponent
+ * @d: holds the private exponent
+ * @p: holds the first prime (p)
+ * @q: holds the second prime (q)
+ * @u: holds the coefficient
+ * @e1: holds e1 = d mod (p-1)
+ * @e2: holds e2 = d mod (q-1)
+ *
+ * This function will convert the given RSA raw parameters to the
+ * native #gnutls_x509_privkey_t format. The output will be stored in
+ * @key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * m,
+ const gnutls_datum_t * e,
+ const gnutls_datum_t * d,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * u,
+ const gnutls_datum_t * e1,
+ const gnutls_datum_t * e2)
+{
+ int i = 0, ret;
+ size_t siz = 0;
+ gnutls_pk_params_st pk_params;
+
+ memset (&pk_params, 0, sizeof (pk_params));
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ key->params_size = 0;
+
+ siz = m->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], m->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+
+ siz = e->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], e->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+
+ siz = d->size;
+ if (_gnutls_mpi_scan_nz (&key->params[2], d->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz (&key->params[3], p->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz (&key->params[4], q->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+
+ siz = u->size;
+ if (_gnutls_mpi_scan_nz (&key->params[5], u->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+
+ if (e1 && e2)
+ {
+ siz = e1->size;
+ if (_gnutls_mpi_scan_nz (&key->params[6], e1->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+
+ siz = e2->size;
+ if (_gnutls_mpi_scan_nz (&key->params[7], e2->data, siz))
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+ key->params_size++;
+ }
+
+ for (i = 0; i < key->params_size; i++)
+ {
+ pk_params.params[i] = key->params[i];
+ }
+
+ pk_params.params_nr = key->params_size;
+
+ ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_IMPORT, &pk_params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return ret;
+ }
+
+ for (i = 0; i < pk_params.params_nr; i++)
+ {
+ key->params[i] = pk_params.params[i];
+ }
+ key->params_size = pk_params.params_nr;
+
+ if (!key->crippled)
+ {
+ ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ FREE_RSA_PRIVATE_PARAMS;
+ return ret;
+ }
+ }
+
+ key->params_size = RSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_privkey_import_dsa_raw:
+ * @key: The structure to store the parsed key
+ * @p: holds the p
+ * @q: holds the q
+ * @g: holds the g
+ * @y: holds the y
+ * @x: holds the x
+ *
+ * This function will convert the given DSA raw parameters to the
+ * native #gnutls_x509_privkey_t format. The output will be stored
+ * in @key.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * p,
+ const gnutls_datum_t * q,
+ const gnutls_datum_t * g,
+ const gnutls_datum_t * y,
+ const gnutls_datum_t * x)
+{
+ int i = 0, ret;
+ size_t siz = 0;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ siz = p->size;
+ if (_gnutls_mpi_scan_nz (&key->params[0], p->data, siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = q->size;
+ if (_gnutls_mpi_scan_nz (&key->params[1], q->data, siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = g->size;
+ if (_gnutls_mpi_scan_nz (&key->params[2], g->data, siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = y->size;
+ if (_gnutls_mpi_scan_nz (&key->params[3], y->data, siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ siz = x->size;
+ if (_gnutls_mpi_scan_nz (&key->params[4], x->data, siz))
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return GNUTLS_E_MPI_SCAN_FAILED;
+ }
+
+ if (!key->crippled)
+ {
+ ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ FREE_DSA_PRIVATE_PARAMS;
+ return ret;
+ }
+ }
+
+ key->params_size = DSA_PRIVATE_PARAMS;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ return 0;
+
+}
+
+
+/**
+ * gnutls_x509_privkey_get_pk_algorithm:
+ * @key: should contain a #gnutls_x509_privkey_t structure
+ *
+ * This function will return the public key algorithm of a private
+ * key.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ **/
+int
+gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key)
+{
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return key->pk_algorithm;
+}
+
+/**
+ * gnutls_x509_privkey_export:
+ * @key: Holds the key
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a private key PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the private key to a PKCS1 structure for
+ * RSA keys, or an integer sequence for DSA keys. The DSA keys are in
+ * the same format with the parameters used by openssl.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER
+ * will be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN RSA PRIVATE KEY".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ const char *msg;
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ msg = PEM_KEY_RSA;
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ msg = PEM_KEY_DSA;
+ else
+ msg = NULL;
+
+ if (key->crippled)
+ { /* encode the parameters on the fly.
+ */
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ }
+
+ return _gnutls_x509_export_int (key->key, format, msg,
+ output_data, output_data_size);
+}
+
+/**
+ * gnutls_x509_privkey_sec_param:
+ * @key: a key structure
+ *
+ * This function will return the security parameter appropriate with
+ * this private key.
+ *
+ * Returns: On success, a valid security parameter is returned otherwise
+ * %GNUTLS_SEC_PARAM_UNKNOWN is returned.
+ **/
+gnutls_sec_param_t
+gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key)
+{
+ int ret;
+
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_RSA, _gnutls_mpi_get_nbits (key->params[0] /*m */
+ ));
+ break;
+ case GNUTLS_PK_DSA:
+ ret = gnutls_pk_bits_to_sec_param (GNUTLS_PK_DSA, _gnutls_mpi_get_nbits (key->params[0] /*p */
+ ));
+ break;
+ default:
+ ret = GNUTLS_SEC_PARAM_UNKNOWN;
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_x509_privkey_export_rsa_raw:
+ * @key: a structure that holds the rsa parameters
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ * @d: will hold the private exponent
+ * @p: will hold the first prime (p)
+ * @q: will hold the second prime (q)
+ * @u: will hold the coefficient
+ *
+ * This function will export the RSA private key's parameters found
+ * in the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u)
+{
+
+ return gnutls_x509_privkey_export_rsa_raw2 (key, m, e, d, p, q, u, NULL,
+ NULL);
+}
+
+/**
+ * gnutls_x509_privkey_export_rsa_raw2:
+ * @key: a structure that holds the rsa parameters
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ * @d: will hold the private exponent
+ * @p: will hold the first prime (p)
+ * @q: will hold the second prime (q)
+ * @u: will hold the coefficient
+ * @e1: will hold e1 = d mod (p-1)
+ * @e2: will hold e2 = d mod (q-1)
+ *
+ * This function will export the RSA private key's parameters found
+ * in the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key,
+ gnutls_datum_t * m, gnutls_datum_t * e,
+ gnutls_datum_t * d, gnutls_datum_t * p,
+ gnutls_datum_t * q, gnutls_datum_t * u,
+ gnutls_datum_t * e1, gnutls_datum_t * e2)
+{
+ int ret;
+ gnutls_pk_params_st pk_params;
+
+ memset (&pk_params, 0, sizeof (pk_params));
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ m->data = e->data = d->data = p->data = q->data = u->data = NULL;
+ m->size = e->size = d->size = p->size = q->size = u->size = 0;
+
+ ret = _gnutls_pk_params_copy (&pk_params, key->params, RSA_PRIVATE_PARAMS);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = _gnutls_mpi_dprint_lz (pk_params.params[0], m);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* E */
+ ret = _gnutls_mpi_dprint_lz (pk_params.params[1], e);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* D */
+ ret = _gnutls_mpi_dprint_lz (pk_params.params[2], d);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz (pk_params.params[3], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz (pk_params.params[4], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* U */
+ ret = _gnutls_mpi_dprint_lz (key->params[5], u);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* E1 */
+ if (e1)
+ {
+ ret = _gnutls_mpi_dprint_lz (key->params[6], e1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
+
+ /* E2 */
+ if (e2)
+ {
+ ret = _gnutls_mpi_dprint_lz (key->params[7], e2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
+
+ gnutls_pk_params_release (&pk_params);
+
+ return 0;
+
+error:
+ _gnutls_free_datum (m);
+ _gnutls_free_datum (d);
+ _gnutls_free_datum (e);
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ gnutls_pk_params_release (&pk_params);
+
+ return ret;
+}
+
+/**
+ * gnutls_x509_privkey_export_dsa_raw:
+ * @key: a structure that holds the DSA parameters
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ * @x: will hold the x
+ *
+ * This function will export the DSA private key's parameters found
+ * in the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y,
+ gnutls_datum_t * x)
+{
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz (key->params[0], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz (key->params[1], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ return ret;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz (key->params[2], g);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ return ret;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz (key->params[3], y);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ return ret;
+ }
+
+ /* X */
+ ret = _gnutls_mpi_dprint_lz (key->params[4], x);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (y);
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ return ret;
+ }
+
+ return 0;
+}
+
+
+/* Encodes the RSA parameters into an ASN.1 RSA private key structure.
+ */
+static int
+_gnutls_asn1_encode_rsa (ASN1_TYPE * c2, bigint_t * params)
+{
+ int result;
+ opaque null = '\0';
+ gnutls_pk_params_st pk_params;
+ gnutls_datum_t m, e, d, p, q, u, exp1, exp2;
+
+ memset (&pk_params, 0, sizeof (pk_params));
+
+ memset (&m, 0, sizeof (m));
+ memset (&p, 0, sizeof (e));
+ memset (&q, 0, sizeof (d));
+ memset (&p, 0, sizeof (p));
+ memset (&q, 0, sizeof (q));
+ memset (&u, 0, sizeof (u));
+ memset (&exp1, 0, sizeof (exp1));
+ memset (&exp2, 0, sizeof (exp2));
+
+ result = _gnutls_pk_params_copy (&pk_params, params, RSA_PRIVATE_PARAMS);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_pk_fixup (GNUTLS_PK_RSA, GNUTLS_EXPORT, &pk_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* retrieve as data */
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[0], &m);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[1], &e);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[2], &d);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[3], &p);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[4], &q);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[5], &u);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[6], &exp1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_mpi_dprint_lz (pk_params.params[7], &exp2);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY)
+ {
+ asn1_delete_structure (c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.RSAPrivateKey", c2))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value (*c2, "modulus",
+ m.data, m.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "publicExponent",
+ e.data, e.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "privateExponent",
+ d.data, d.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "prime1",
+ p.data, p.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "prime2",
+ q.data, q.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "coefficient",
+ u.data, u.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "exponent1",
+ exp1.data, exp1.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "exponent2",
+ exp2.data, exp2.size)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "otherPrimeInfos",
+ NULL, 0)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+ if (result != 0)
+ asn1_delete_structure (c2);
+
+ gnutls_pk_params_release (&pk_params);
+
+ _gnutls_free_datum (&m);
+ _gnutls_free_datum (&d);
+ _gnutls_free_datum (&e);
+ _gnutls_free_datum (&p);
+ _gnutls_free_datum (&q);
+ _gnutls_free_datum (&u);
+ _gnutls_free_datum (&exp1);
+ _gnutls_free_datum (&exp2);
+
+ return result;
+}
+
+/* Encodes the DSA parameters into an ASN.1 DSAPrivateKey structure.
+ */
+int
+_gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params)
+{
+ int result, i;
+ size_t size[DSA_PRIVATE_PARAMS], total;
+ opaque *p_data, *q_data, *g_data, *x_data, *y_data;
+ opaque *all_data = NULL, *p;
+ opaque null = '\0';
+
+ /* Read all the sizes */
+ total = 0;
+ for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
+ {
+ _gnutls_mpi_print_lz (params[i], NULL, &size[i]);
+ total += size[i];
+ }
+
+ /* Encoding phase.
+ * allocate data enough to hold everything
+ */
+ all_data = gnutls_secure_malloc (total);
+ if (all_data == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto cleanup;
+ }
+
+ p = all_data;
+ p_data = p;
+ p += size[0];
+ q_data = p;
+ p += size[1];
+ g_data = p;
+ p += size[2];
+ y_data = p;
+ p += size[3];
+ x_data = p;
+
+ _gnutls_mpi_print_lz (params[0], p_data, &size[0]);
+ _gnutls_mpi_print_lz (params[1], q_data, &size[1]);
+ _gnutls_mpi_print_lz (params[2], g_data, &size[2]);
+ _gnutls_mpi_print_lz (params[3], y_data, &size[3]);
+ _gnutls_mpi_print_lz (params[4], x_data, &size[4]);
+
+ /* Ok. Now we have the data. Create the asn1 structures
+ */
+
+ /* first make sure that no previously allocated data are leaked */
+ if (*c2 != ASN1_TYPE_EMPTY)
+ {
+ asn1_delete_structure (c2);
+ *c2 = ASN1_TYPE_EMPTY;
+ }
+
+ if ((result = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPrivateKey", c2))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ /* Write PRIME
+ */
+ if ((result = asn1_write_value (*c2, "p", p_data, size[0])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "q", q_data, size[1])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "g", g_data, size[2])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "Y", y_data, size[3])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ if ((result = asn1_write_value (*c2, "priv",
+ x_data, size[4])) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ gnutls_free (all_data);
+
+ if ((result = asn1_write_value (*c2, "version", &null, 1)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ return 0;
+
+cleanup:
+ asn1_delete_structure (c2);
+ gnutls_free (all_data);
+
+ return result;
+}
+
+
+/**
+ * gnutls_x509_privkey_generate:
+ * @key: should contain a #gnutls_x509_privkey_t structure
+ * @algo: is one of RSA or DSA.
+ * @bits: the size of the modulus
+ * @flags: unused for now. Must be 0.
+ *
+ * This function will generate a random private key. Note that this
+ * function must be called on an empty private key.
+ *
+ * Do not set the number of bits directly, use gnutls_sec_param_to_pk_bits().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
+ gnutls_pk_algorithm_t algo, unsigned int bits,
+ unsigned int flags)
+{
+ int ret;
+ unsigned int params_len = MAX_PRIV_PARAMS_SIZE;
+ unsigned int i;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ switch (algo)
+ {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_dsa_generate_params (key->params, ¶ms_len, bits);
+ if (params_len != DSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (!key->crippled)
+ {
+ ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ key->params_size = params_len;
+ key->pk_algorithm = GNUTLS_PK_DSA;
+
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_rsa_generate_params (key->params, ¶ms_len, bits);
+ if (params_len != RSA_PRIVATE_PARAMS)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (!key->crippled)
+ {
+ ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+
+ key->params_size = params_len;
+ key->pk_algorithm = GNUTLS_PK_RSA;
+
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ key->params_size = 0;
+ for (i = 0; i < params_len; i++)
+ _gnutls_mpi_release (&key->params[i]);
+
+ return ret;
+}
+
+/**
+ * gnutls_x509_privkey_get_key_id:
+ * @key: Holds the key
+ * @flags: should be 0 for now
+ * @output_data: will contain the key ID
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will return a unique ID the depends on the public key
+ * parameters. This ID can be used in checking whether a certificate
+ * corresponds to the given key.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@output_data_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned. The output will normally be a SHA-1 hash output,
+ * which is 20 bytes.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
+ unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
+{
+ int result;
+ digest_hd_st hd;
+ gnutls_datum_t der = { NULL, 0 };
+
+ if (key == NULL || key->crippled)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*output_data_size < 20)
+ {
+ gnutls_assert ();
+ *output_data_size = 20;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (key->pk_algorithm == GNUTLS_PK_RSA)
+ {
+ result =
+ _gnutls_x509_write_rsa_params (key->params, key->params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ else if (key->pk_algorithm == GNUTLS_PK_DSA)
+ {
+ result =
+ _gnutls_x509_write_dsa_public_key (key->params,
+ key->params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ else
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_hash (&hd, der.data, der.size);
+
+ _gnutls_hash_deinit (&hd, output_data);
+ *output_data_size = 20;
+
+ result = 0;
+
+cleanup:
+
+ _gnutls_free_datum (&der);
+ return result;
+}
+
+
+#ifdef ENABLE_PKI
+/*-
+ * _gnutls_x509_privkey_sign_hash2:
+ * @signer: Holds the signer's key
+ * @hash_algo: The hash algorithm used
+ * @hash_data: holds the data to be signed
+ * @signature: will contain newly allocated signature
+ * @flags: zero for now
+ *
+ * This function will sign the given hashed data using a signature algorithm
+ * supported by the private key. Signature algorithms are always used
+ * together with a hash functions. Different hash functions may be
+ * used for the RSA algorithm, but only SHA-1,SHA-224 and SHA-256
+ * for the DSA keys, depending on their bit size.
+ *
+ * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
+ * the hash algorithm.
+ *
+ * The RSA algorithm is used in PKCS #1 v1.5 mode.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+static int
+_gnutls_x509_privkey_sign_hash2 (gnutls_x509_privkey_t signer,
+ gnutls_digest_algorithm_t hash_algo,
+ unsigned int flags,
+ const gnutls_datum_t * hash_data,
+ gnutls_datum_t * signature)
+{
+ int ret;
+ gnutls_datum_t digest;
+
+ digest.data = gnutls_malloc (hash_data->size);
+ if (digest.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ digest.size = hash_data->size;
+ memcpy (digest.data, hash_data->data, digest.size);
+
+ ret = pk_prepare_hash (signer->pk_algorithm, hash_algo, &digest);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_soft_sign (signer->pk_algorithm, signer->params,
+ signer->params_size, &digest, signature);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ _gnutls_free_datum (&digest);
+ return ret;
+}
+
+/**
+ * gnutls_x509_privkey_sign_hash:
+ * @key: Holds the key
+ * @hash: holds the data to be signed
+ * @signature: will contain newly allocated signature
+ *
+ * This function will sign the given hash using the private key. Do not
+ * use this function directly unless you know what it is. Typical signing
+ * requires the data to be hashed and stored in special formats
+ * (e.g. BER Digest-Info for RSA).
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Deprecated in: 2.12.0
+ */
+int
+gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * hash,
+ gnutls_datum_t * signature)
+{
+ int result;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_soft_sign (key->pk_algorithm, key->params,
+ key->params_size, hash, signature);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_privkey_sign_data:
+ * @key: Holds the key
+ * @digest: should be MD5 or SHA1
+ * @flags: should be 0 for now
+ * @data: holds the data to be signed
+ * @signature: will contain the signature
+ * @signature_size: holds the size of signature (and will be replaced
+ * by the new size)
+ *
+ * This function will sign the given data using a signature algorithm
+ * supported by the private key. Signature algorithms are always used
+ * together with a hash functions. Different hash functions may be
+ * used for the RSA algorithm, but only SHA-1 for the DSA keys.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@signature_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.
+ *
+ * Use gnutls_x509_crt_get_preferred_hash_algorithm() to determine
+ * the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Deprecated: Use gnutls_privkey_sign_data().
+ */
+int
+gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
+ gnutls_digest_algorithm_t digest,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ void *signature, size_t * signature_size)
+{
+ int result;
+ gnutls_datum_t sig = { NULL, 0 };
+ gnutls_datum_t hash;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ pk_hash_data (key->pk_algorithm, digest, key->params, data, &hash);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_privkey_sign_hash2 (key, digest, flags, &hash, signature);
+
+ _gnutls_free_datum(&hash);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (*signature_size < sig.size)
+ {
+ *signature_size = sig.size;
+ _gnutls_free_datum (&sig);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *signature_size = sig.size;
+ memcpy (signature, sig.data, sig.size);
+
+ _gnutls_free_datum (&sig);
+
+ return 0;
+}
+
+
+/**
+ * gnutls_x509_privkey_verify_data:
+ * @key: Holds the key
+ * @flags: should be 0 for now
+ * @data: holds the data to be signed
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed data, using the
+ * parameters in the private key.
+ *
+ * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
+ * is returned, and a positive code on success.
+ *
+ * Deprecated: Use gnutls_pubkey_verify_data().
+ */
+int
+gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
+ unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+{
+ int result;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_privkey_verify_signature (data, signature, key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return result;
+}
+
+/**
+ * gnutls_x509_privkey_fix:
+ * @key: Holds the key
+ *
+ * This function will recalculate the secondary parameters in a key.
+ * In RSA keys, this can be the coefficient and exponent1,2.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_fix (gnutls_x509_privkey_t key)
+{
+ int ret;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (!key->crippled)
+ asn1_delete_structure (&key->key);
+ switch (key->pk_algorithm)
+ {
+ case GNUTLS_PK_DSA:
+ ret = _gnutls_asn1_encode_dsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ case GNUTLS_PK_RSA:
+ ret = _gnutls_asn1_encode_rsa (&key->key, key->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <gnutls_rsa_export.h>
+#include <common.h>
+#include <gnutls_x509.h>
+#include <x509_b64.h>
+#include "x509_int.h"
+#include <gnutls_algorithms.h>
+#include <gnutls_num.h>
+#include <random.h>
+#include <pbkdf2-sha1.h>
+
+#define PBES2_OID "1.2.840.113549.1.5.13"
+#define PBKDF2_OID "1.2.840.113549.1.5.12"
+#define DES_EDE3_CBC_OID "1.2.840.113549.3.7"
+#define AES_128_CBC_OID "2.16.840.1.101.3.4.1.2"
+#define AES_192_CBC_OID "2.16.840.1.101.3.4.1.22"
+#define AES_256_CBC_OID "2.16.840.1.101.3.4.1.42"
+#define DES_CBC_OID "1.3.14.3.2.7"
+
+/* oid_pbeWithSHAAnd3_KeyTripleDES_CBC */
+#define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
+#define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
+#define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
+
+struct pbkdf2_params
+{
+ opaque salt[32];
+ int salt_size;
+ unsigned int iter_count;
+ unsigned int key_size;
+};
+
+struct pbe_enc_params
+{
+ gnutls_cipher_algorithm_t cipher;
+ opaque iv[MAX_CIPHER_BLOCK_SIZE];
+ int iv_size;
+};
+
+static int generate_key (schema_id schema, const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key);
+static int read_pbkdf2_params (ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbkdf2_params *params);
+static int read_pbe_enc_params (ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params);
+static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root,
+ const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data);
+static int decode_private_key_info (const gnutls_datum_t * der,
+ gnutls_x509_privkey_t pkey);
+static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params);
+static int encrypt_data (const gnutls_datum_t * plain,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted);
+
+static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
+ struct pbkdf2_params *params);
+static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *params);
+
+#define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
+#define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
+
+/* Returns a negative error code if the encryption schema in
+ * the OID is not supported. The schema ID is returned.
+ */
+static int
+check_schema (const char *oid)
+{
+
+ if (strcmp (oid, PBES2_OID) == 0)
+ return PBES2_GENERIC; /* ok */
+
+ if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
+ return PKCS12_3DES_SHA1;
+
+ if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
+ return PKCS12_ARCFOUR_SHA1;
+
+ if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
+ return PKCS12_RC2_40_SHA1;
+
+ _gnutls_x509_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
+
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+}
+
+/* Encodes a private key to the raw format PKCS #8 needs.
+ * For RSA it is a PKCS #1 DER private key and for DSA it is
+ * an ASN.1 INTEGER of the x value.
+ */
+inline static int
+_encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
+{
+ size_t size = 0;
+ opaque *data = NULL;
+ int ret;
+ ASN1_TYPE spk = ASN1_TYPE_EMPTY;
+
+ switch (pkey->pk_algorithm)
+ {
+ case GNUTLS_PK_RSA:
+ ret =
+ gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ data = gnutls_malloc (size);
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+
+ ret =
+ gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ raw->data = data;
+ raw->size = size;
+ break;
+ case GNUTLS_PK_DSA:
+ /* DSAPublicKey == INTEGER */
+ if ((ret = asn1_create_element
+ (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
+ != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ ret = _gnutls_x509_write_int (spk, "", pkey->params[4], 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ ret = _gnutls_x509_der_encode (spk, "", raw, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ asn1_delete_structure (&spk);
+ break;
+
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return 0;
+
+error:
+ gnutls_free (data);
+ asn1_delete_structure (&spk);
+ return ret;
+
+}
+
+/*
+ * Encodes a PKCS #1 private key to a PKCS #8 private key
+ * info. The output will be allocated and stored into der. Also
+ * the ASN1_TYPE of private key info will be returned.
+ */
+static int
+encode_to_private_key_info (gnutls_x509_privkey_t pkey,
+ gnutls_datum_t * der, ASN1_TYPE * pkey_info)
+{
+ int result, len;
+ opaque null = 0;
+ const char *oid;
+ gnutls_datum_t algo_params = { NULL, 0 };
+ gnutls_datum_t algo_privkey = { NULL, 0 };
+
+ if (pkey->pk_algorithm != GNUTLS_PK_RSA
+ && pkey->pk_algorithm != GNUTLS_PK_DSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_UNIMPLEMENTED_FEATURE;
+ }
+
+ if (pkey->pk_algorithm == GNUTLS_PK_RSA)
+ {
+ oid = PK_PKIX1_RSA_OID;
+ /* parameters are null
+ */
+ }
+ else
+ {
+ oid = PK_DSA_OID;
+ result =
+ _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size,
+ &algo_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ pkey_info)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Write the version.
+ */
+ result = asn1_write_value (*pkey_info, "version", &null, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* write the privateKeyAlgorithm
+ * fields. (OID+NULL data)
+ */
+ result =
+ asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result =
+ asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters",
+ algo_params.data, algo_params.size);
+ _gnutls_free_datum (&algo_params);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+
+ /* Write the raw private key
+ */
+ result = _encode_privkey (pkey, &algo_privkey);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result =
+ asn1_write_value (*pkey_info, "privateKey", algo_privkey.data,
+ algo_privkey.size);
+ _gnutls_free_datum (&algo_privkey);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Append an empty Attributes field.
+ */
+ result = asn1_write_value (*pkey_info, "attributes", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* DER Encode the generated private key info.
+ */
+ len = 0;
+ result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* allocate data for the der
+ */
+ der->size = len;
+ der->data = gnutls_malloc (len);
+ if (der->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ return 0;
+
+error:
+ asn1_delete_structure (pkey_info);
+ _gnutls_free_datum (&algo_params);
+ _gnutls_free_datum (&algo_privkey);
+ return result;
+
+}
+
+static const char *
+cipher_to_pkcs_params (int cipher, const char **oid)
+{
+ switch (cipher)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ if (oid)
+ *oid = AES_128_CBC_OID;
+ return "PKIX1.pkcs-5-aes128-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ if (oid)
+ *oid = AES_192_CBC_OID;
+ return "PKIX1.pkcs-5-aes192-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ if (oid)
+ *oid = AES_256_CBC_OID;
+ return "PKIX1.pkcs-5-aes256-CBC-params";
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (oid)
+ *oid = DES_EDE3_CBC_OID;
+ return "PKIX1.pkcs-5-des-EDE3-CBC-params";
+ break;
+ default:
+ return NULL;
+ break;
+ }
+}
+
+static int
+cipher_to_schema (int cipher)
+{
+ switch (cipher)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ return PBES2_AES_128;
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ return PBES2_AES_192;
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ return PBES2_AES_256;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ return PBES2_3DES;
+ break;
+ default:
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ break;
+ }
+}
+
+
+int
+_gnutls_pkcs_flags_to_schema (unsigned int flags)
+{
+ int schema;
+
+ if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
+ schema = PKCS12_ARCFOUR_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
+ schema = PKCS12_RC2_40_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
+ schema = PBES2_3DES;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
+ schema = PBES2_AES_128;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
+ schema = PBES2_AES_192;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
+ schema = PBES2_AES_256;
+ else
+ {
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
+ flags);
+ schema = PKCS12_3DES_SHA1;
+ }
+
+ return schema;
+}
+
+/* returns the OID corresponding to given schema
+ */
+static int
+schema_to_oid (schema_id schema, const char **str_oid)
+{
+ int result = 0;
+
+ switch (schema)
+ {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ *str_oid = PBES2_OID;
+ break;
+ case PKCS12_3DES_SHA1:
+ *str_oid = PKCS12_PBE_3DES_SHA1_OID;
+ break;
+ case PKCS12_ARCFOUR_SHA1:
+ *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
+ break;
+ default:
+ gnutls_assert ();
+ result = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ return result;
+}
+
+/* Converts a PKCS #8 private key info to
+ * a PKCS #8 EncryptedPrivateKeyInfo.
+ */
+static int
+encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
+ const char *password, ASN1_TYPE * out)
+{
+ int result;
+ gnutls_datum_t key = { NULL, 0 };
+ gnutls_datum_t tmp = { NULL, 0 };
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ const char *str_oid;
+
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ result = schema_to_oid (schema, &str_oid);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result =
+ asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result = generate_key (schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result =
+ write_schema_params (schema, pkcs8_asn,
+ "encryptionAlgorithm.parameters", &kdf_params,
+ &enc_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data (der_key, &enc_params, &key, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ _gnutls_free_datum (&tmp);
+ _gnutls_free_datum (&key);
+
+ *out = pkcs8_asn;
+
+ return 0;
+
+error:
+ _gnutls_free_datum (&key);
+ _gnutls_free_datum (&tmp);
+ asn1_delete_structure (&pkcs8_asn);
+ return result;
+}
+
+
+/**
+ * gnutls_x509_privkey_export_pkcs8:
+ * @key: Holds the key
+ * @format: the format of output params. One of PEM or DER.
+ * @password: the password that will be used to encrypt the key.
+ * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
+ * @output_data: will contain a private key PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the private key to a PKCS8 structure.
+ * Both RSA and DSA keys can be exported. For DSA keys we use
+ * PKCS #11 definitions. If the flags do not specify the encryption
+ * cipher, then the default 3DES (PBES2) will be used.
+ *
+ * The @password can be either ASCII or UTF-8 in the default PBES2
+ * encryption schemas, or ASCII for the PKCS12 schemas.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
+ * encryption is not used.
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
+ gnutls_x509_crt_fmt_t format,
+ const char *password,
+ unsigned int flags,
+ void *output_data,
+ size_t * output_data_size)
+{
+ ASN1_TYPE pkcs8_asn, pkey_info;
+ int ret;
+ gnutls_datum_t tmp;
+ schema_id schema;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Get the private key info
+ * tmp holds the DER encoding.
+ */
+ ret = encode_to_private_key_info (key, &tmp, &pkey_info);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ schema = _gnutls_pkcs_flags_to_schema (flags);
+
+ if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
+ {
+ _gnutls_free_datum (&tmp);
+
+ ret =
+ _gnutls_x509_export_int (pkey_info, format,
+ PEM_UNENCRYPTED_PKCS8,
+ output_data, output_data_size);
+
+ asn1_delete_structure (&pkey_info);
+ }
+ else
+ {
+ asn1_delete_structure (&pkey_info); /* we don't need it */
+
+ ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
+ _gnutls_free_datum (&tmp);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8,
+ output_data, output_data_size);
+
+ asn1_delete_structure (&pkcs8_asn);
+ }
+
+ return ret;
+}
+
+
+/* Read the parameters cipher, IV, salt etc using the given
+ * schema ID.
+ */
+static int
+read_pkcs_schema_params (schema_id * schema, const char *password,
+ const opaque * data, int data_size,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params)
+{
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+ int result;
+ gnutls_datum_t tmp;
+
+ switch (*schema)
+ {
+
+ case PBES2_GENERIC:
+
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Decode the parameters.
+ */
+ result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ tmp.data = (opaque *) data;
+ tmp.size = data_size;
+
+ result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ asn1_delete_structure (&pbes2_asn);
+
+ result = cipher_to_schema (enc_params->cipher);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ *schema = result;
+ return 0;
+
+ case PKCS12_3DES_SHA1:
+ case PKCS12_ARCFOUR_SHA1:
+ case PKCS12_RC2_40_SHA1:
+
+ if ((*schema) == PKCS12_3DES_SHA1)
+ {
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ enc_params->iv_size = 8;
+ }
+ else if ((*schema) == PKCS12_ARCFOUR_SHA1)
+ {
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ enc_params->iv_size = 0;
+ }
+ else if ((*schema) == PKCS12_RC2_40_SHA1)
+ {
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ enc_params->iv_size = 8;
+ }
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Decode the parameters.
+ */
+ result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = read_pkcs12_kdf_params (pbes2_asn, kdf_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if (enc_params->iv_size)
+ {
+ result =
+ _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ enc_params->iv_size,
+ enc_params->iv);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ }
+
+ asn1_delete_structure (&pbes2_asn);
+
+ return 0;
+
+ default:
+ gnutls_assert ();
+ } /* switch */
+
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+
+error:
+ asn1_delete_structure (&pbes2_asn);
+ return result;
+}
+
+
+/* Converts a PKCS #8 key to
+ * an internal structure (gnutls_private_key)
+ * (normally a PKCS #1 encoded RSA key)
+ */
+static int
+decode_pkcs8_key (const gnutls_datum_t * raw_key,
+ const char *password, gnutls_x509_privkey_t pkey)
+{
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum_t tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof (enc_oid);
+ result =
+ asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ if ((result = check_schema (enc_oid)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data,
+ raw_key->size,
+ "encryptionAlgorithm.parameters",
+ ¶ms_start, ¶ms_end);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params (&schema, password,
+ &raw_key->data[params_start],
+ params_len, &kdf_params, &enc_params);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+ result =
+ decrypt_data (schema, pkcs8_asn, "encryptedData", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ asn1_delete_structure (&pkcs8_asn);
+
+ result = decode_private_key_info (&tmp, pkey);
+ _gnutls_free_datum (&tmp);
+
+ if (result < 0)
+ {
+ /* We've gotten this far. In the real world it's almost certain
+ * that we're dealing with a good file, but wrong password.
+ * Sadly like 90% of random data is somehow valid DER for the
+ * a first small number of bytes, so no easy way to guarantee. */
+ if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_DER_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
+ result == GNUTLS_E_ASN1_GENERIC_ERROR ||
+ result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
+ result == GNUTLS_E_ASN1_TAG_ERROR ||
+ result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
+ result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
+ result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
+ result == GNUTLS_E_ASN1_DER_OVERFLOW)
+ {
+ result = GNUTLS_E_DECRYPTION_FAILED;
+ }
+
+ gnutls_assert ();
+ goto error;
+ }
+
+ return 0;
+
+error:
+ asn1_delete_structure (&pbes2_asn);
+ asn1_delete_structure (&pkcs8_asn);
+ return result;
+}
+
+/* Decodes an RSA privateKey from a PKCS8 structure.
+ */
+static int
+_decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+{
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey);
+ _gnutls_free_datum (&tmp);
+ if (pkey->key == NULL)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ return 0;
+
+error:
+ gnutls_x509_privkey_deinit (pkey);
+ return ret;
+}
+
+/* Decodes an DSA privateKey and params from a PKCS8 structure.
+ */
+static int
+_decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
+{
+ int ret;
+ gnutls_datum_t tmp;
+
+ ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = _gnutls_x509_read_der_int (tmp.data, tmp.size, &pkey->params[4]);
+ _gnutls_free_datum (&tmp);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret =
+ _gnutls_x509_read_value (pkcs8_asn, "privateKeyAlgorithm.parameters",
+ &tmp, 0);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = _gnutls_x509_read_dsa_params (tmp.data, tmp.size, pkey->params);
+ _gnutls_free_datum (&tmp);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* the public key can be generated as g^x mod p */
+ pkey->params[3] = _gnutls_mpi_alloc_like (pkey->params[0]);
+ if (pkey->params[3] == NULL)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ _gnutls_mpi_powm (pkey->params[3], pkey->params[2], pkey->params[4],
+ pkey->params[0]);
+
+ if (!pkey->crippled)
+ {
+ ret = _gnutls_asn1_encode_dsa (&pkey->key, pkey->params);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
+
+ pkey->params_size = DSA_PRIVATE_PARAMS;
+
+ return 0;
+
+error:
+ gnutls_x509_privkey_deinit (pkey);
+ return ret;
+}
+
+
+static int
+decode_private_key_info (const gnutls_datum_t * der,
+ gnutls_x509_privkey_t pkey)
+{
+ int result, len;
+ opaque oid[64];
+ ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
+
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-8-PrivateKeyInfo",
+ &pkcs8_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Check the private key algorithm OID
+ */
+ len = sizeof (oid);
+ result =
+ asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* we only support RSA and DSA private keys.
+ */
+ if (strcmp (oid, PK_PKIX1_RSA_OID) == 0)
+ pkey->pk_algorithm = GNUTLS_PK_RSA;
+ else if (strcmp (oid, PK_DSA_OID) == 0)
+ pkey->pk_algorithm = GNUTLS_PK_DSA;
+ else
+ {
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
+ result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
+ goto error;
+ }
+
+ /* Get the DER encoding of the actual private key.
+ */
+
+ if (pkey->pk_algorithm == GNUTLS_PK_RSA)
+ result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey);
+ else if (pkey->pk_algorithm == GNUTLS_PK_DSA)
+ result = _decode_pkcs8_dsa_key (pkcs8_asn, pkey);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = 0;
+
+error:
+ asn1_delete_structure (&pkcs8_asn);
+
+ return result;
+
+}
+
+/**
+ * gnutls_x509_privkey_import_pkcs8:
+ * @key: The structure to store the parsed key
+ * @data: The DER or PEM encoded key.
+ * @format: One of DER or PEM
+ * @password: the password to decrypt the key (if it is encrypted).
+ * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
+ *
+ * This function will convert the given DER or PEM encoded PKCS8 2.0
+ * encrypted key to the native gnutls_x509_privkey_t format. The
+ * output will be stored in @key. Both RSA and DSA keys can be
+ * imported, and flags can only be used to indicate an unencrypted
+ * key.
+ *
+ * The @password can be either ASCII or UTF-8 in the default PBES2
+ * encryption schemas, or ASCII for the PKCS12 schemas.
+ *
+ * If the Certificate is PEM encoded it should have a header of
+ * "ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
+ * specify the flags if the key is DER encoded, since in that case
+ * the encryption status cannot be auto-detected.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format,
+ const char *password, unsigned int flags)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ /* Try the first header
+ */
+ result =
+ _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
+ data->data, data->size, &out);
+
+ if (result < 0)
+ { /* Try the encrypted header
+ */
+ result =
+ _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+ }
+ else if (flags == 0)
+ flags |= GNUTLS_PKCS_PLAIN;
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+ if (flags & GNUTLS_PKCS_PLAIN)
+ {
+ result = decode_private_key_info (&_data, key);
+ }
+ else
+ { /* encrypted. */
+ result = decode_pkcs8_key (&_data, password, key);
+ }
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if (need_free)
+ _gnutls_free_datum (&_data);
+
+ /* The key has now been decoded.
+ */
+
+ return 0;
+
+cleanup:
+ key->pk_algorithm = GNUTLS_PK_UNKNOWN;
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
+}
+
+/* Reads the PBKDF2 parameters.
+ */
+static int
+read_pbkdf2_params (ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der, struct pbkdf2_params *params)
+{
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+
+ memset (params, 0, sizeof (params));
+
+ /* Check the key derivation algorithm
+ */
+ len = sizeof (oid);
+ result =
+ asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+ _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid);
+
+ if (strcmp (oid, PBKDF2_OID) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log
+ ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
+ "keyDerivationFunc.parameters",
+ ¶ms_start, ¶ms_end);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ asn1_der_decoding (&pbkdf2_asn, &der->data[params_start],
+ params_len, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* read the salt */
+ params->salt_size = sizeof (params->salt);
+ result =
+ asn1_read_value (pbkdf2_asn, "salt.specified", params->salt,
+ ¶ms->salt_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount",
+ ¶ms->iter_count);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
+
+ /* read the keylength, if it is set.
+ */
+ result =
+ _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", ¶ms->key_size);
+ if (result < 0)
+ {
+ params->key_size = 0;
+ }
+ _gnutls_hard_log ("keyLength: %d\n", params->key_size);
+
+ /* We don't read the PRF. We only use the default.
+ */
+
+ return 0;
+
+error:
+ asn1_delete_structure (&pbkdf2_asn);
+ return result;
+
+}
+
+/* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
+ */
+static int
+read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params)
+{
+ int result;
+
+ memset (params, 0, sizeof (params));
+
+ /* read the salt */
+ params->salt_size = sizeof (params->salt);
+ result =
+ asn1_read_value (pbes2_asn, "salt", params->salt, ¶ms->salt_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ _gnutls_hard_log ("salt.size: %d\n", params->salt_size);
+
+ /* read the iteration count
+ */
+ result =
+ _gnutls_x509_read_uint (pbes2_asn, "iterations", ¶ms->iter_count);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
+
+ params->key_size = 0;
+
+ return 0;
+
+error:
+ return result;
+
+}
+
+/* Writes the PBE parameters for PKCS-12 schemas.
+ */
+static int
+write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *kdf_params)
+{
+ int result;
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value (pbes2_asn, "salt",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ result =
+ _gnutls_x509_write_uint32 (pbes2_asn, "iterations",
+ kdf_params->iter_count);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
+
+ return 0;
+
+error:
+ return result;
+
+}
+
+
+/* Converts an OID to a gnutls cipher type.
+ */
+inline static int
+oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo)
+{
+
+ *algo = 0;
+
+ if (strcmp (oid, DES_EDE3_CBC_OID) == 0)
+ {
+ *algo = GNUTLS_CIPHER_3DES_CBC;
+ return 0;
+ }
+ else if (strcmp (oid, DES_CBC_OID) == 0)
+ {
+ *algo = GNUTLS_CIPHER_DES_CBC;
+ return 0;
+ }
+ else if (strcmp (oid, AES_128_CBC_OID) == 0)
+ {
+ *algo = GNUTLS_CIPHER_AES_128_CBC;
+ return 0;
+ }
+ else if (strcmp (oid, AES_192_CBC_OID) == 0)
+ {
+ *algo = GNUTLS_CIPHER_AES_192_CBC;
+ return 0;
+ }
+ else if (strcmp (oid, AES_256_CBC_OID) == 0)
+ {
+ *algo = GNUTLS_CIPHER_AES_256_CBC;
+ return 0;
+ }
+
+ _gnutls_x509_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+}
+
+
+
+static int
+read_pbe_enc_params (ASN1_TYPE pbes2_asn,
+ const gnutls_datum_t * der,
+ struct pbe_enc_params *params)
+{
+ int params_start, params_end;
+ int params_len, len, result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+ char oid[64];
+ const char *eparams;
+
+ memset (params, 0, sizeof (params));
+
+ /* Check the encryption algorithm
+ */
+ len = sizeof (oid);
+ result =
+ asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
+
+ if ((result = oid2cipher (oid, ¶ms->cipher)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result =
+ asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
+ "encryptionScheme.parameters",
+ ¶ms_start, ¶ms_end);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+ params_len = params_end - params_start + 1;
+
+ /* Now check the encryption parameters.
+ */
+ eparams = cipher_to_pkcs_params (params->cipher, NULL);
+ if (eparams == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ eparams, &pbe_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* read the IV */
+ params->iv_size = sizeof (params->iv);
+ result = asn1_read_value (pbe_asn, "", params->iv, ¶ms->iv_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
+
+ return 0;
+
+error:
+ asn1_delete_structure (&pbe_asn);
+ return result;
+
+}
+
+static int
+decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *root, const char *password,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * decrypted_data)
+{
+ int result;
+ int data_size;
+ opaque *data = NULL, *key = NULL;
+ gnutls_datum_t dkey, d_iv;
+ cipher_hd_st ch;
+ int ch_init = 0;
+ int key_size;
+
+ data_size = 0;
+ result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ data = gnutls_malloc (data_size);
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_read_value (pkcs8_asn, root, data, &data_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ if (kdf_params->key_size == 0)
+ {
+ key_size = gnutls_cipher_get_key_size (enc_params->cipher);
+ }
+ else
+ key_size = kdf_params->key_size;
+
+ key = gnutls_malloc (key_size);
+ if (key == NULL)
+ {
+ gnutls_assert ();
+ result = GNUTLS_E_MEMORY_ERROR;
+ goto error;
+ }
+
+ /* generate the key
+ */
+ switch (schema)
+ {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+ result = _gnutls_pbkdf2_sha1 (password, strlen (password),
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count, key, key_size);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ break;
+ default:
+ result =
+ _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ key_size, key);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
+
+ /* do the decryption.
+ */
+ dkey.data = key;
+ dkey.size = key_size;
+
+ d_iv.data = (opaque *) enc_params->iv;
+ d_iv.size = enc_params->iv_size;
+ result = _gnutls_cipher_init (&ch, enc_params->cipher, &dkey, &d_iv);
+
+ gnutls_free (key);
+ key = NULL;
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ch_init = 1;
+
+ result = _gnutls_cipher_decrypt (&ch, data, data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ decrypted_data->data = data;
+
+ if (gnutls_cipher_get_block_size (enc_params->cipher) != 1)
+ decrypted_data->size = data_size - data[data_size - 1];
+ else
+ decrypted_data->size = data_size;
+
+ _gnutls_cipher_deinit (&ch);
+
+ return 0;
+
+error:
+ gnutls_free (data);
+ gnutls_free (key);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit (&ch);
+ return result;
+}
+
+
+/* Writes the PBKDF2 parameters.
+ */
+static int
+write_pbkdf2_params (ASN1_TYPE pbes2_asn,
+ const struct pbkdf2_params *kdf_params)
+{
+ int result;
+ ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
+ opaque tmp[64];
+
+ /* Write the key derivation algorithm
+ */
+ result =
+ asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm",
+ PBKDF2_OID, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Now write the key derivation and the encryption
+ * functions.
+ */
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-5-PBKDF2-params",
+ &pbkdf2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* write the salt
+ */
+ result =
+ asn1_write_value (pbkdf2_asn, "salt.specified",
+ kdf_params->salt, kdf_params->salt_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size);
+
+ /* write the iteration count
+ */
+ _gnutls_write_uint32 (kdf_params->iter_count, tmp);
+
+ result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
+
+ /* write the keylength, if it is set.
+ */
+ result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* We write an emptry prf.
+ */
+ result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* now encode them an put the DER output
+ * in the keyDerivationFunc.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "",
+ pbes2_asn,
+ "keyDerivationFunc.parameters",
+ 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ return 0;
+
+error:
+ asn1_delete_structure (&pbkdf2_asn);
+ return result;
+
+}
+
+
+static int
+write_pbe_enc_params (ASN1_TYPE pbes2_asn,
+ const struct pbe_enc_params *params)
+{
+ int result;
+ ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
+ const char *oid, *eparams;
+
+ /* Write the encryption algorithm
+ */
+ eparams = cipher_to_pkcs_params (params->cipher, &oid);
+ if (eparams == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
+
+ /* Now check the encryption parameters.
+ */
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ eparams, &pbe_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* read the salt */
+ result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
+
+ /* now encode them an put the DER output
+ * in the encryptionScheme.parameters
+ */
+ result = _gnutls_x509_der_encode_and_copy (pbe_asn, "",
+ pbes2_asn,
+ "encryptionScheme.parameters",
+ 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ return 0;
+
+error:
+ asn1_delete_structure (&pbe_asn);
+ return result;
+
+}
+
+/* Generates a key and also stores the key parameters.
+ */
+static int
+generate_key (schema_id schema,
+ const char *password,
+ struct pbkdf2_params *kdf_params,
+ struct pbe_enc_params *enc_params, gnutls_datum_t * key)
+{
+ opaque rnd[2];
+ int ret;
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* generate salt */
+ kdf_params->salt_size =
+ MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
+
+ switch (schema)
+ {
+ case PBES2_3DES:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ break;
+ case PBES2_AES_128:
+ enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
+ break;
+ case PBES2_AES_192:
+ enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
+ break;
+ case PBES2_AES_256:
+ enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
+ break;
+ /* non PBES2 algorithms */
+ case PKCS12_ARCFOUR_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_3DES_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
+ kdf_params->salt_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_RANDOM_FAILED;
+ }
+
+ kdf_params->iter_count = 256 + rnd[0];
+ key->size = kdf_params->key_size =
+ gnutls_cipher_get_key_size (enc_params->cipher);
+
+ enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher);
+ key->data = gnutls_secure_malloc (key->size);
+ if (key->data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ /* now generate the key.
+ */
+
+ switch (schema)
+ {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+
+ ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
+ kdf_params->salt, kdf_params->salt_size,
+ kdf_params->iter_count,
+ key->data, kdf_params->key_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (enc_params->iv_size)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE,
+ enc_params->iv, enc_params->iv_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ break;
+
+ default:
+ ret =
+ _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ kdf_params->key_size, key->data);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Now generate the IV
+ */
+ if (enc_params->iv_size)
+ {
+ ret =
+ _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
+ kdf_params->salt_size,
+ kdf_params->iter_count, password,
+ enc_params->iv_size,
+ enc_params->iv);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ }
+
+
+ return 0;
+}
+
+
+/* Encodes the parameters to be written in the encryptionAlgorithm.parameters
+ * part.
+ */
+static int
+write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
+ const char *where,
+ const struct pbkdf2_params *kdf_params,
+ const struct pbe_enc_params *enc_params)
+{
+ int result;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
+
+ switch (schema)
+ {
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-5-PBES2-params",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = write_pbkdf2_params (pbes2_asn, kdf_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result = write_pbe_enc_params (pbes2_asn, enc_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
+ pkcs8_asn, where, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ asn1_delete_structure (&pbes2_asn);
+ break;
+
+ default:
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-12-PbeParams",
+ &pbes2_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
+ pkcs8_asn, where, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ asn1_delete_structure (&pbes2_asn);
+
+ }
+
+ return 0;
+
+error:
+ asn1_delete_structure (&pbes2_asn);
+ return result;
+
+}
+
+static int
+encrypt_data (const gnutls_datum_t * plain,
+ const struct pbe_enc_params *enc_params,
+ gnutls_datum_t * key, gnutls_datum_t * encrypted)
+{
+ int result;
+ int data_size;
+ opaque *data = NULL;
+ gnutls_datum_t d_iv;
+ cipher_hd_st ch;
+ int ch_init = 0;
+ opaque pad, pad_size;
+
+ pad_size = gnutls_cipher_get_block_size (enc_params->cipher);
+
+ if (pad_size == 1) /* stream */
+ pad_size = 0;
+
+ data = gnutls_malloc (plain->size + pad_size);
+ if (data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ memcpy (data, plain->data, plain->size);
+
+ if (pad_size > 0)
+ {
+ pad = pad_size - (plain->size % pad_size);
+ if (pad == 0)
+ pad = pad_size;
+ memset (&data[plain->size], pad, pad);
+ }
+ else
+ pad = 0;
+
+ data_size = plain->size + pad;
+
+ d_iv.data = (opaque *) enc_params->iv;
+ d_iv.size = enc_params->iv_size;
+ result = _gnutls_cipher_init (&ch, enc_params->cipher, key, &d_iv);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ch_init = 1;
+
+ result = _gnutls_cipher_encrypt (&ch, data, data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ encrypted->data = data;
+ encrypted->size = data_size;
+
+ _gnutls_cipher_deinit (&ch);
+
+ return 0;
+
+error:
+ gnutls_free (data);
+ if (ch_init != 0)
+ _gnutls_cipher_deinit (&ch);
+ return result;
+}
+
+/* Decrypts a PKCS #7 encryptedData. The output is allocated
+ * and stored in dec.
+ */
+int
+_gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * dec)
+{
+ int result, len;
+ char enc_oid[64];
+ gnutls_datum_t tmp;
+ ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
+ int params_start, params_end, params_len;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ schema_id schema;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Check the encryption schema OID
+ */
+ len = sizeof (enc_oid);
+ result =
+ asn1_read_value (pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ enc_oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ if ((result = check_schema (enc_oid)) < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ schema = result;
+
+ /* Get the DER encoding of the parameters.
+ */
+ result =
+ asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ ¶ms_start, ¶ms_end);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+ params_len = params_end - params_start + 1;
+
+ result =
+ read_pkcs_schema_params (&schema, password,
+ &data->data[params_start],
+ params_len, &kdf_params, &enc_params);
+ if (result < ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Parameters have been decoded. Now
+ * decrypt the EncryptedData.
+ */
+
+ result =
+ decrypt_data (schema, pkcs7_asn,
+ "encryptedContentInfo.encryptedContent", password,
+ &kdf_params, &enc_params, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ asn1_delete_structure (&pkcs7_asn);
+
+ *dec = tmp;
+
+ return 0;
+
+error:
+ asn1_delete_structure (&pbes2_asn);
+ asn1_delete_structure (&pkcs7_asn);
+ return result;
+}
+
+/* Encrypts to a PKCS #7 encryptedData. The output is allocated
+ * and stored in enc.
+ */
+int
+_gnutls_pkcs7_encrypt_data (schema_id schema,
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc)
+{
+ int result;
+ gnutls_datum_t key = { NULL, 0 };
+ gnutls_datum_t tmp = { NULL, 0 };
+ ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
+ struct pbkdf2_params kdf_params;
+ struct pbe_enc_params enc_params;
+ const char *str_oid;
+
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.pkcs-7-EncryptedData",
+ &pkcs7_asn)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Write the encryption schema OID
+ */
+ result = schema_to_oid (schema, &str_oid);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result =
+ asn1_write_value (pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ str_oid, 1);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Generate a symmetric key.
+ */
+
+ result = generate_key (schema, password, &kdf_params, &enc_params, &key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result = write_schema_params (schema, pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
+ &kdf_params, &enc_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* Parameters have been encoded. Now
+ * encrypt the Data.
+ */
+ result = encrypt_data (data, &enc_params, &key, &tmp);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ /* write the encrypted data.
+ */
+ result =
+ asn1_write_value (pkcs7_asn,
+ "encryptedContentInfo.encryptedContent", tmp.data,
+ tmp.size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ _gnutls_free_datum (&tmp);
+ _gnutls_free_datum (&key);
+
+ /* Now write the rest of the pkcs-7 stuff.
+ */
+
+ result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result =
+ asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType",
+ DATA_OID, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ /* Now encode and copy the DER stuff.
+ */
+ result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0);
+
+ asn1_delete_structure (&pkcs7_asn);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+
+error:
+ _gnutls_free_datum (&key);
+ _gnutls_free_datum (&tmp);
+ asn1_delete_structure (&pkcs7_asn);
+ return result;
+}
+
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ * Copyright (C) 2002 Andrew McDonald
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_str.h>
+#include <x509_int.h>
+#include <common.h>
+#include <gnutls_errors.h>
+
+/**
+ * gnutls_x509_crt_check_hostname:
+ * @cert: should contain an gnutls_x509_crt_t structure
+ * @hostname: A null terminated string that contains a DNS name
+ *
+ * This function will check if the given certificate's subject matches
+ * the given hostname. This is a basic implementation of the matching
+ * described in RFC2818 (HTTPS), which takes into account wildcards,
+ * and the DNSName/IPAddress subject alternative name PKIX extension.
+ *
+ * Returns: non zero for a successful match, and zero on failure.
+ **/
+int
+gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname)
+{
+
+ char dnsname[MAX_CN];
+ size_t dnsnamesize;
+ int found_dnsname = 0;
+ int ret = 0;
+ int i = 0;
+
+ /* try matching against:
+ * 1) a DNS name as an alternative name (subjectAltName) extension
+ * in the certificate
+ * 2) the common name (CN) in the certificate
+ *
+ * either of these may be of the form: *.domain.tld
+ *
+ * only try (2) if there is no subjectAltName extension of
+ * type dNSName
+ */
+
+ /* Check through all included subjectAltName extensions, comparing
+ * against all those of type dNSName.
+ */
+ for (i = 0; !(ret < 0); i++)
+ {
+
+ dnsnamesize = sizeof (dnsname);
+ ret = gnutls_x509_crt_get_subject_alt_name (cert, i,
+ dnsname, &dnsnamesize,
+ NULL);
+
+ if (ret == GNUTLS_SAN_DNSNAME)
+ {
+ found_dnsname = 1;
+ if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ {
+ return 1;
+ }
+ }
+ else if (ret == GNUTLS_SAN_IPADDRESS)
+ {
+ found_dnsname = 1; /* RFC 2818 is unclear whether the CN
+ should be compared for IP addresses
+ too, but we won't do it. */
+ if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ {
+ return 1;
+ }
+ }
+ }
+
+ if (!found_dnsname)
+ {
+ /* not got the necessary extension, use CN instead
+ */
+ dnsnamesize = sizeof (dnsname);
+ if (gnutls_x509_crt_get_dn_by_oid (cert, OID_X520_COMMON_NAME, 0,
+ 0, dnsname, &dnsnamesize) < 0)
+ {
+ /* got an error, can't find a name
+ */
+ return 0;
+ }
+
+ if (_gnutls_hostname_compare (dnsname, dnsnamesize, hostname))
+ {
+ return 1;
+ }
+ }
+
+ /* not found a matching name
+ */
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* All functions which relate to X.509 certificate signing stuff are
+ * included here
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_errors.h>
+#include <gnutls_cert.h>
+#include <libtasn1.h>
+#include <gnutls_global.h>
+#include <gnutls_num.h> /* MAX */
+#include <gnutls_sig.h>
+#include <gnutls_str.h>
+#include <gnutls_datum.h>
+#include <x509_int.h>
+#include <common.h>
+#include <gnutls/abstract.h>
+
+/* This is the same as the _gnutls_x509_sign, but this one will decode
+ * the ASN1_TYPE given, and sign the DER data. Actually used to get the DER
+ * of the TBS and sign it on the fly.
+ */
+int
+_gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
+ gnutls_datum_t * tbs)
+{
+ int result;
+ opaque *buf;
+ int buf_size;
+
+ buf_size = 0;
+ asn1_der_coding (cert, tbs_name, NULL, &buf_size, NULL);
+
+ buf = gnutls_malloc (buf_size);
+ if (buf == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding (cert, tbs_name, buf, &buf_size, NULL);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (buf);
+ return _gnutls_asn2err (result);
+ }
+
+ tbs->data = buf;
+ tbs->size = buf_size;
+
+ return 0;
+}
+
+/*-
+ * _gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key
+ * @src: should contain an ASN1_TYPE
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ *
+ * This function will sign a CRL or a certificate with the issuer's private key, and
+ * will copy the issuer's information into the CRL or certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
+ gnutls_digest_algorithm_t dig,
+ gnutls_x509_crt_t issuer, gnutls_privkey_t issuer_key)
+{
+ int result;
+ gnutls_datum_t signature;
+ gnutls_datum_t tbs;
+ char name[128];
+
+ /* Step 1. Copy the issuer's name into the certificate.
+ */
+ _gnutls_str_cpy (name, sizeof (name), src_name);
+ _gnutls_str_cat (name, sizeof (name), ".issuer");
+
+ result = asn1_copy_node (src, name, issuer->cert, "tbsCertificate.subject");
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Step 1.5. Write the signature stuff in the tbsCertificate.
+ */
+ _gnutls_str_cpy (name, sizeof (name), src_name);
+ _gnutls_str_cat (name, sizeof (name), ".signature");
+
+ result = _gnutls_x509_write_sig_params (src, name,
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* Step 2. Sign the certificate.
+ */
+ result = _gnutls_x509_get_tbs (src, src_name, &tbs);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = gnutls_privkey_sign_data (issuer_key, dig, 0, &tbs, &signature);
+ gnutls_free (tbs.data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ /* write the signature (bits)
+ */
+ result =
+ asn1_write_value (src, "signature", signature.data, signature.size * 8);
+
+ _gnutls_free_datum (&signature);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Step 3. Move up and write the AlgorithmIdentifier, which is also
+ * the same.
+ */
+
+ result = _gnutls_x509_write_sig_params (src, "signatureAlgorithm",
+ gnutls_privkey_get_pk_algorithm
+ (issuer_key, NULL), dig);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* All functions which relate to X.509 certificate verification stuff are
+ * included here
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_errors.h>
+#include <gnutls_cert.h>
+#include <libtasn1.h>
+#include <gnutls_global.h>
+#include <gnutls_num.h> /* MAX */
+#include <gnutls_sig.h>
+#include <gnutls_str.h>
+#include <gnutls_datum.h>
+#include "x509_int.h"
+#include <common.h>
+
+static int _gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output,
+ gnutls_x509_crt_t * issuer);
+
+static int is_crl_issuer (gnutls_x509_crl_t crl,
+ gnutls_x509_crt_t issuer_cert);
+
+static int _gnutls_verify_crl2 (gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output);
+
+/* Checks if two certs are identical. Return 0 on match. */
+static int
+check_if_same_cert (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2)
+{
+ gnutls_datum_t cert1bin = { NULL, 0 }, cert2bin =
+ {
+ NULL, 0};
+ int result;
+ opaque serial1[128], serial2[128];
+ size_t serial1_size, serial2_size;
+
+ serial1_size = sizeof (serial1);
+ result = gnutls_x509_crt_get_serial (cert1, serial1, &serial1_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cmp;
+ }
+
+ serial2_size = sizeof (serial2);
+ result = gnutls_x509_crt_get_serial (cert2, serial2, &serial2_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cmp;
+ }
+
+ if (serial2_size != serial1_size
+ || memcmp (serial1, serial2, serial1_size) != 0)
+ {
+ return 1;
+ }
+
+cmp:
+ result = _gnutls_x509_der_encode (cert1->cert, "", &cert1bin, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_der_encode (cert2->cert, "", &cert2bin, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ if ((cert1bin.size == cert2bin.size) &&
+ (memcmp (cert1bin.data, cert2bin.data, cert1bin.size) == 0))
+ result = 0;
+ else
+ result = 1;
+
+cleanup:
+ _gnutls_free_datum (&cert1bin);
+ _gnutls_free_datum (&cert2bin);
+ return result;
+}
+
+/* Checks if the issuer of a certificate is a
+ * Certificate Authority, or if the certificate is the same
+ * as the issuer (and therefore it doesn't need to be a CA).
+ *
+ * Returns true or false, if the issuer is a CA,
+ * or not.
+ */
+static int
+check_if_ca (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer,
+ unsigned int flags)
+{
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t issuer_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_datum_t issuer_signature = { NULL, 0 };
+ int result;
+
+ /* Check if the issuer is the same with the
+ * certificate. This is added in order for trusted
+ * certificates to be able to verify themselves.
+ */
+
+ result =
+ _gnutls_x509_get_signed_data (issuer->cert, "tbsCertificate",
+ &issuer_signed_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature (issuer->cert, "signature", &issuer_signature);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* If the subject certificate is the same as the issuer
+ * return true.
+ */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ if (cert_signed_data.size == issuer_signed_data.size)
+ {
+ if ((memcmp (cert_signed_data.data, issuer_signed_data.data,
+ cert_signed_data.size) == 0) &&
+ (cert_signature.size == issuer_signature.size) &&
+ (memcmp (cert_signature.data, issuer_signature.data,
+ cert_signature.size) == 0))
+ {
+ result = 1;
+ goto cleanup;
+ }
+ }
+
+ result = gnutls_x509_crt_get_ca_status (issuer, NULL);
+ if (result == 1)
+ {
+ result = 1;
+ goto cleanup;
+ }
+ /* Handle V1 CAs that do not have a basicConstraint, but accept
+ these certs only if the appropriate flags are set. */
+ else if ((result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) &&
+ ((flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT) ||
+ (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT) &&
+ (gnutls_x509_crt_check_issuer (issuer, issuer) == 1))))
+ {
+ gnutls_assert ();
+ result = 1;
+ goto cleanup;
+ }
+ else
+ gnutls_assert ();
+
+ result = 0;
+
+cleanup:
+ _gnutls_free_datum (&cert_signed_data);
+ _gnutls_free_datum (&issuer_signed_data);
+ _gnutls_free_datum (&cert_signature);
+ _gnutls_free_datum (&issuer_signature);
+ return result;
+}
+
+
+/* This function checks if 'certs' issuer is 'issuer_cert'.
+ * This does a straight (DER) compare of the issuer/subject fields in
+ * the given certificates.
+ *
+ * Returns 1 if they match and zero if they don't match. Otherwise
+ * a negative value is returned to indicate error.
+ */
+static int
+is_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer_cert)
+{
+ gnutls_datum_t dn1 = { NULL, 0 }, dn2 =
+ {
+ NULL, 0};
+ int ret;
+
+ ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
+
+cleanup:
+ _gnutls_free_datum (&dn1);
+ _gnutls_free_datum (&dn2);
+ return ret;
+
+}
+
+
+static inline gnutls_x509_crt_t
+find_issuer (gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+{
+ int i;
+
+ /* this is serial search.
+ */
+
+ for (i = 0; i < tcas_size; i++)
+ {
+ if (is_issuer (cert, trusted_cas[i]) == 1)
+ return trusted_cas[i];
+ }
+
+ gnutls_assert ();
+ return NULL;
+}
+
+
+
+/*
+ * Verifies the given certificate again a certificate list of
+ * trusted CAs.
+ *
+ * Returns only 0 or 1. If 1 it means that the certificate
+ * was successfuly verified.
+ *
+ * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
+ *
+ * Output will hold some extra information about the verification
+ * procedure. Issuer will hold the actual issuer from the trusted list.
+ */
+static int
+_gnutls_verify_certificate2 (gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags,
+ unsigned int *output,
+ gnutls_x509_crt_t * _issuer)
+{
+ gnutls_datum_t cert_signed_data = { NULL, 0 };
+ gnutls_datum_t cert_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer = NULL;
+ int issuer_version, result;
+
+ if (output)
+ *output = 0;
+
+ if (tcas_size >= 1)
+ issuer = find_issuer (cert, trusted_cas, tcas_size);
+ else
+ {
+ gnutls_assert ();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL)
+ {
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ gnutls_assert ();
+ return 0;
+ }
+
+ if (_issuer != NULL)
+ *_issuer = issuer;
+
+ issuer_version = gnutls_x509_crt_get_version (issuer);
+ if (issuer_version < 0)
+ {
+ gnutls_assert ();
+ return issuer_version;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN) &&
+ ((flags & GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT)
+ || issuer_version != 1))
+ {
+ if (check_if_ca (cert, issuer, flags) == 0)
+ {
+ gnutls_assert ();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+ }
+
+ result =
+ _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate",
+ &cert_signed_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_get_signature (cert->cert, "signature", &cert_signature);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_verify_signature (&cert_signed_data, NULL, &cert_signature,
+ issuer);
+ if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
+ {
+ gnutls_assert ();
+ /* error. ignore it */
+ if (output)
+ *output |= GNUTLS_CERT_INVALID;
+ result = 0;
+ }
+ else if (result < 0)
+ {
+ gnutls_assert();
+ goto cleanup;
+ }
+
+ /* If the certificate is not self signed check if the algorithms
+ * used are secure. If the certificate is self signed it doesn't
+ * really matter.
+ */
+ if (is_issuer (cert, cert) == 0)
+ {
+ int sigalg;
+
+ sigalg = gnutls_x509_crt_get_signature_algorithm (cert);
+
+ if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
+ ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
+ {
+ if (output)
+ *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+ result = 0;
+ }
+ }
+
+cleanup:
+ _gnutls_free_datum (&cert_signed_data);
+ _gnutls_free_datum (&cert_signature);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_check_issuer:
+ * @cert: is the certificate to be checked
+ * @issuer: is the certificate of a possible issuer
+ *
+ * This function will check if the given certificate was issued by the
+ * given issuer.
+ *
+ * Returns: It will return true (1) if the given certificate is issued
+ * by the given issuer, and false (0) if not. A negative value is
+ * returned in case of an error.
+ **/
+int
+gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer)
+{
+ return is_issuer (cert, issuer);
+}
+
+static unsigned int
+check_time (gnutls_x509_crt_t crt, time_t now)
+{
+ int status = 0;
+ time_t t;
+
+ t = gnutls_x509_crt_get_activation_time (crt);
+ if (t == (time_t) - 1 || now < t)
+ {
+ status |= GNUTLS_CERT_NOT_ACTIVATED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ t = gnutls_x509_crt_get_expiration_time (crt);
+ if (t == (time_t) - 1 || now > t)
+ {
+ status |= GNUTLS_CERT_EXPIRED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ return 0;
+}
+
+/* Verify X.509 certificate chain.
+ *
+ * Note that the return value is an OR of GNUTLS_CERT_* elements.
+ *
+ * This function verifies a X.509 certificate list. The certificate
+ * list should lead to a trusted certificate in order to be trusted.
+ */
+static unsigned int
+_gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
+ int clist_size,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size,
+ const gnutls_x509_crl_t * CRLs,
+ int crls_size, unsigned int flags)
+{
+ int i = 0, ret;
+ unsigned int status = 0, output;
+ time_t now = time (0);
+ gnutls_x509_crt_t issuer = NULL;
+
+ if (clist_size > 1)
+ {
+ /* Check if the last certificate in the path is self signed.
+ * In that case ignore it (a certificate is trusted only if it
+ * leads to a trusted party by us, not the server's).
+ *
+ * This prevents from verifying self signed certificates against
+ * themselves. This (although not bad) caused verification
+ * failures on some root self signed certificates that use the
+ * MD2 algorithm.
+ */
+ if (gnutls_x509_crt_check_issuer (certificate_list[clist_size - 1],
+ certificate_list[clist_size - 1]) > 0)
+ {
+ clist_size--;
+ }
+ }
+
+ /* We want to shorten the chain by removing the cert that matches
+ * one of the certs we trust and all the certs after that i.e. if
+ * cert chain is A signed-by B signed-by C signed-by D (signed-by
+ * self-signed E but already removed above), and we trust B, remove
+ * B, C and D. */
+ if (!(flags & GNUTLS_VERIFY_DO_NOT_ALLOW_SAME))
+ i = 0; /* also replace the first one */
+ else
+ i = 1; /* do not replace the first one */
+
+ for (; i < clist_size; i++)
+ {
+ int j;
+
+ for (j = 0; j < tcas_size; j++)
+ {
+ if (check_if_same_cert (certificate_list[i], trusted_cas[j]) == 0)
+ {
+ /* explicity time check for trusted CA that we remove from
+ * list. GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS
+ */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS)
+ && !(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
+ {
+ status |= check_time (trusted_cas[j], now);
+ if (status != 0)
+ {
+ return status;
+ }
+ }
+ clist_size = i;
+ break;
+ }
+ }
+ /* clist_size may have been changed which gets out of loop */
+ }
+
+ if (clist_size == 0)
+ /* The certificate is already present in the trusted certificate list.
+ * Nothing to verify. */
+ return status;
+
+ /* Verify the last certificate in the certificate path
+ * against the trusted CA certificate list.
+ *
+ * If no CAs are present returns CERT_INVALID. Thus works
+ * in self signed etc certificates.
+ */
+ ret = _gnutls_verify_certificate2 (certificate_list[clist_size - 1],
+ trusted_cas, tcas_size, flags, &output,
+ &issuer);
+ if (ret == 0)
+ {
+ /* if the last certificate in the certificate
+ * list is invalid, then the certificate is not
+ * trusted.
+ */
+ gnutls_assert ();
+ status |= output;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+
+ /* Check for revoked certificates in the chain
+ */
+#ifdef ENABLE_PKI
+ for (i = 0; i < clist_size; i++)
+ {
+ ret = gnutls_x509_crt_check_revocation (certificate_list[i],
+ CRLs, crls_size);
+ if (ret == 1)
+ { /* revoked */
+ status |= GNUTLS_CERT_REVOKED;
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+ }
+#endif
+
+
+ /* Check activation/expiration times
+ */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TIME_CHECKS))
+ {
+ /* check the time of the issuer first */
+ if (!(flags & GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS))
+ {
+ if (issuer == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ status |= check_time (issuer, now);
+ if (status != 0)
+ {
+ return status;
+ }
+ }
+
+ for (i = 0; i < clist_size; i++)
+ {
+ status |= check_time (certificate_list[i], now);
+ if (status != 0)
+ {
+ return status;
+ }
+ }
+ }
+
+ /* Verify the certificate path (chain)
+ */
+ for (i = clist_size - 1; i > 0; i--)
+ {
+ if (i - 1 < 0)
+ break;
+
+ /* note that here we disable this V1 CA flag. So that no version 1
+ * certificates can exist in a supplied chain.
+ */
+ if (!(flags & GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT))
+ flags &= ~(GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT);
+ if ((ret =
+ _gnutls_verify_certificate2 (certificate_list[i - 1],
+ &certificate_list[i], 1, flags,
+ NULL, NULL)) == 0)
+ {
+ status |= GNUTLS_CERT_INVALID;
+ return status;
+ }
+ }
+
+ return 0;
+}
+
+
+/* Reads the digest information.
+ * we use DER here, although we should use BER. It works fine
+ * anyway.
+ */
+static int
+decode_ber_digest_info (const gnutls_datum_t * info,
+ gnutls_mac_algorithm_t * hash,
+ opaque * digest, int *digest_size)
+{
+ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY;
+ int result;
+ char str[1024];
+ int len;
+
+ if ((result = asn1_create_element (_gnutls_get_gnutls_asn (),
+ "GNUTLS.DigestInfo",
+ &dinfo)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&dinfo, info->data, info->size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
+ len = sizeof (str) - 1;
+ result = asn1_read_value (dinfo, "digestAlgorithm.algorithm", str, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
+ *hash = _gnutls_x509_oid2mac_algorithm (str);
+
+ if (*hash == GNUTLS_MAC_UNKNOWN)
+ {
+
+ _gnutls_x509_log ("verify.c: HASH OID: %s\n", str);
+
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return GNUTLS_E_UNKNOWN_ALGORITHM;
+ }
+
+ len = sizeof (str) - 1;
+ result = asn1_read_value (dinfo, "digestAlgorithm.parameters", str, &len);
+ /* To avoid permitting garbage in the parameters field, either the
+ parameters field is not present, or it contains 0x05 0x00. */
+ if (!(result == ASN1_ELEMENT_NOT_FOUND ||
+ (result == ASN1_SUCCESS && len == ASN1_NULL_SIZE &&
+ memcmp (str, ASN1_NULL, ASN1_NULL_SIZE) == 0)))
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ result = asn1_read_value (dinfo, "digest", digest, digest_size);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&dinfo);
+ return _gnutls_asn2err (result);
+ }
+
+ asn1_delete_structure (&dinfo);
+
+ return 0;
+}
+
+/* if hash==MD5 then we do RSA-MD5
+ * if hash==SHA then we do RSA-SHA
+ * params[0] is modulus
+ * params[1] is public key
+ */
+static int
+_pkcs1_rsa_verify_sig (const gnutls_datum_t * text,
+ const gnutls_datum_t * prehash,
+ const gnutls_datum_t * signature, bigint_t * params,
+ int params_len)
+{
+ gnutls_mac_algorithm_t hash = GNUTLS_MAC_UNKNOWN;
+ int ret;
+ opaque digest[MAX_HASH_SIZE], md[MAX_HASH_SIZE], *cmp;
+ int digest_size;
+ digest_hd_st hd;
+ gnutls_datum_t decrypted;
+
+ ret =
+ _gnutls_pkcs1_rsa_decrypt (&decrypted, signature, params, params_len, 1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* decrypted is a BER encoded data of type DigestInfo
+ */
+
+ digest_size = sizeof (digest);
+ if ((ret =
+ decode_ber_digest_info (&decrypted, &hash, digest, &digest_size)) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&decrypted);
+ return ret;
+ }
+
+ _gnutls_free_datum (&decrypted);
+
+ if (digest_size != _gnutls_hash_get_algo_len (hash))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ASN1_GENERIC_ERROR;
+ }
+
+ if (prehash && prehash->data && prehash->size == digest_size)
+ {
+ cmp = prehash->data;
+ }
+ else
+ {
+ if (!text)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_hash_init (&hd, hash);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&hd, text->data, text->size);
+ _gnutls_hash_deinit (&hd, md);
+
+ cmp = md;
+ }
+
+ if (memcmp (cmp, digest, digest_size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 0;
+}
+
+/* Hashes input data and verifies a DSA signature.
+ */
+static int
+dsa_verify_sig (const gnutls_datum_t * text,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature, bigint_t * params,
+ int params_len)
+{
+ int ret;
+ opaque _digest[MAX_HASH_SIZE];
+ gnutls_datum_t digest;
+ digest_hd_st hd;
+ gnutls_digest_algorithm_t algo;
+
+ algo = _gnutls_dsa_q_to_hash (params[1]);
+ if (hash)
+ {
+ /* SHA1 or better allowed */
+ if (!hash->data || hash->size != _gnutls_hash_get_algo_len(algo))
+ {
+ gnutls_assert();
+ _gnutls_debug_log("Hash size (%d) does not correspond to hash %s", (int)hash->size, gnutls_mac_get_name(algo));
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ digest = *hash;
+ }
+ else
+ {
+
+ ret = _gnutls_hash_init (&hd, algo);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ _gnutls_hash (&hd, text->data, text->size);
+ _gnutls_hash_deinit (&hd, _digest);
+
+ digest.data = _digest;
+ digest.size = _gnutls_hash_get_algo_len(algo);
+ }
+
+ ret = _gnutls_dsa_verify (&digest, signature, params, params_len);
+
+ return ret;
+}
+
+/* Verifies the signature data, and returns GNUTLS_E_PK_SIG_VERIFY_FAILED if
+ * not verified, or 1 otherwise.
+ */
+int
+pubkey_verify_sig (const gnutls_datum_t * tbs,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk, bigint_t * issuer_params,
+ int issuer_params_size)
+{
+
+ switch (pk)
+ {
+ case GNUTLS_PK_RSA:
+
+ if (_pkcs1_rsa_verify_sig
+ (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+
+ case GNUTLS_PK_DSA:
+ if (dsa_verify_sig
+ (tbs, hash, signature, issuer_params, issuer_params_size) != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_PK_SIG_VERIFY_FAILED;
+ }
+
+ return 1;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ }
+}
+
+gnutls_digest_algorithm_t
+_gnutls_dsa_q_to_hash (bigint_t q)
+{
+ int bits = _gnutls_mpi_get_nbits (q);
+
+ if (bits <= 160)
+ {
+ return GNUTLS_DIG_SHA1;
+ }
+ else if (bits <= 224)
+ {
+ return GNUTLS_DIG_SHA224;
+ }
+ else
+ {
+ return GNUTLS_DIG_SHA256;
+ }
+}
+
+/* This will return the appropriate hash to verify the given signature.
+ * If signature is NULL it will return an (or the) appropriate hash for
+ * the given parameters.
+ */
+int
+_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm pk,
+ bigint_t * issuer_params,
+ unsigned int issuer_params_size)
+{
+ opaque digest[MAX_HASH_SIZE];
+ gnutls_datum_t decrypted;
+ int digest_size;
+ int ret;
+
+ switch (pk)
+ {
+ case GNUTLS_PK_DSA:
+
+ if (hash)
+ *hash = _gnutls_dsa_q_to_hash (issuer_params[1]);
+
+ ret = 0;
+ break;
+ case GNUTLS_PK_RSA:
+ if (signature == NULL)
+ { /* return a sensible algorithm */
+ if (hash)
+ *hash = GNUTLS_DIG_SHA256;
+ return 0;
+ }
+
+ ret =
+ _gnutls_pkcs1_rsa_decrypt (&decrypted, signature,
+ issuer_params, issuer_params_size, 1);
+
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ digest_size = sizeof (digest);
+ if ((ret =
+ decode_ber_digest_info (&decrypted, hash, digest,
+ &digest_size)) != 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&decrypted);
+ goto cleanup;
+ }
+
+ _gnutls_free_datum (&decrypted);
+ if (digest_size != _gnutls_hash_get_algo_len (*hash))
+ {
+ gnutls_assert ();
+ ret = GNUTLS_E_ASN1_GENERIC_ERROR;
+ goto cleanup;
+ }
+
+ ret = 0;
+ break;
+
+ default:
+ gnutls_assert ();
+ ret = GNUTLS_E_INTERNAL_ERROR;
+ }
+
+cleanup:
+
+ return ret;
+
+}
+
+/* verifies if the certificate is properly signed.
+ * returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.
+ *
+ * 'tbs' is the signed data
+ * 'signature' is the signature!
+ */
+int
+_gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer)
+{
+ bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
+ int ret, issuer_params_size, i;
+
+ /* Read the MPI parameters from the issuer's certificate.
+ */
+ issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
+ ret =
+ _gnutls_x509_crt_get_mpis (issuer, issuer_params, &issuer_params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ pubkey_verify_sig (tbs, hash, signature,
+ gnutls_x509_crt_get_pk_algorithm (issuer, NULL),
+ issuer_params, issuer_params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ /* release all allocated MPIs
+ */
+ for (i = 0; i < issuer_params_size; i++)
+ {
+ _gnutls_mpi_release (&issuer_params[i]);
+ }
+
+ return ret;
+}
+
+/* verifies if the certificate is properly signed.
+ * returns GNUTLS_E_PK_VERIFY_SIG_FAILED on failure and 1 on success.
+ *
+ * 'tbs' is the signed data
+ * 'signature' is the signature!
+ */
+int
+_gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
+ const gnutls_datum_t * signature,
+ gnutls_x509_privkey_t issuer)
+{
+ int ret;
+
+ ret = pubkey_verify_sig (tbs, NULL, signature, issuer->pk_algorithm,
+ issuer->params, issuer->params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_x509_crt_list_verify:
+ * @cert_list: is the certificate list to be verified
+ * @cert_list_length: holds the number of certificate in cert_list
+ * @CA_list: is the CA list which will be used in verification
+ * @CA_list_length: holds the number of CA certificate in CA_list
+ * @CRL_list: holds a list of CRLs.
+ * @CRL_list_length: the length of CRL list.
+ * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
+ * @verify: will hold the certificate verification output.
+ *
+ * This function will try to verify the given certificate list and
+ * return its status. If no flags are specified (0), this function
+ * will use the basicConstraints (2.5.29.19) PKIX extension. This
+ * means that only a certificate authority is allowed to sign a
+ * certificate.
+ *
+ * You must also check the peer's name in order to check if the verified
+ * certificate belongs to the actual peer.
+ *
+ * The certificate verification output will be put in @verify and will
+ * be one or more of the gnutls_certificate_status_t enumerated
+ * elements bitwise or'd. For a more detailed verification status use
+ * gnutls_x509_crt_verify() per list element.
+ *
+ * GNUTLS_CERT_INVALID: the certificate chain is not valid.
+ *
+ * GNUTLS_CERT_REVOKED: a certificate in the chain has been revoked.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
+ int cert_list_length,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length,
+ const gnutls_x509_crl_t * CRL_list,
+ int CRL_list_length, unsigned int flags,
+ unsigned int *verify)
+{
+ if (cert_list == NULL || cert_list_length == 0)
+ return GNUTLS_E_NO_CERTIFICATE_FOUND;
+
+ /* Verify certificate
+ */
+ *verify =
+ _gnutls_x509_verify_certificate (cert_list, cert_list_length,
+ CA_list, CA_list_length, CRL_list,
+ CRL_list_length, flags);
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_verify:
+ * @cert: is the certificate to be verified
+ * @CA_list: is one certificate that is considered to be trusted one
+ * @CA_list_length: holds the number of CA certificate in CA_list
+ * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
+ * @verify: will hold the certificate verification output.
+ *
+ * This function will try to verify the given certificate and return
+ * its status.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify)
+{
+ /* Verify certificate
+ */
+ *verify =
+ _gnutls_x509_verify_certificate (&cert, 1,
+ CA_list, CA_list_length, NULL, 0, flags);
+ return 0;
+}
+
+
+
+#ifdef ENABLE_PKI
+
+/**
+ * gnutls_x509_crl_check_issuer:
+ * @crl: is the CRL to be checked
+ * @issuer: is the certificate of a possible issuer
+ *
+ * This function will check if the given CRL was issued by the given
+ * issuer certificate. It will return true (1) if the given CRL was
+ * issued by the given issuer, and false (0) if not.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_check_issuer (gnutls_x509_crl_t cert,
+ gnutls_x509_crt_t issuer)
+{
+ return is_crl_issuer (cert, issuer);
+}
+
+/**
+ * gnutls_x509_crl_verify:
+ * @crl: is the crl to be verified
+ * @CA_list: is a certificate list that is considered to be trusted one
+ * @CA_list_length: holds the number of CA certificates in CA_list
+ * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
+ * @verify: will hold the crl verification output.
+ *
+ * This function will try to verify the given crl and return its status.
+ * See gnutls_x509_crt_list_verify() for a detailed description of
+ * return values.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * CA_list,
+ int CA_list_length, unsigned int flags,
+ unsigned int *verify)
+{
+ int ret;
+ /* Verify crl
+ */
+ ret = _gnutls_verify_crl2 (crl, CA_list, CA_list_length, flags, verify);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+}
+
+
+/* The same as above, but here we've got a CRL.
+ */
+static int
+is_crl_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer_cert)
+{
+ gnutls_datum_t dn1 = { NULL, 0 }, dn2 =
+ {
+ NULL, 0};
+ int ret;
+
+ ret = gnutls_x509_crl_get_raw_issuer_dn (crl, &dn1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = gnutls_x509_crt_get_raw_dn (issuer_cert, &dn2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
+
+cleanup:
+ _gnutls_free_datum (&dn1);
+ _gnutls_free_datum (&dn2);
+
+ return ret;
+}
+
+static inline gnutls_x509_crt_t
+find_crl_issuer (gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * trusted_cas, int tcas_size)
+{
+ int i;
+
+ /* this is serial search.
+ */
+
+ for (i = 0; i < tcas_size; i++)
+ {
+ if (is_crl_issuer (crl, trusted_cas[i]) == 1)
+ return trusted_cas[i];
+ }
+
+ gnutls_assert ();
+ return NULL;
+}
+
+/*
+ * Returns only 0 or 1. If 1 it means that the CRL
+ * was successfuly verified.
+ *
+ * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
+ *
+ * Output will hold information about the verification
+ * procedure.
+ */
+static int
+_gnutls_verify_crl2 (gnutls_x509_crl_t crl,
+ const gnutls_x509_crt_t * trusted_cas,
+ int tcas_size, unsigned int flags, unsigned int *output)
+{
+/* CRL is ignored for now */
+ gnutls_datum_t crl_signed_data = { NULL, 0 };
+ gnutls_datum_t crl_signature = { NULL, 0 };
+ gnutls_x509_crt_t issuer;
+ int result;
+
+ if (output)
+ *output = 0;
+
+ if (tcas_size >= 1)
+ issuer = find_crl_issuer (crl, trusted_cas, tcas_size);
+ else
+ {
+ gnutls_assert ();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ /* issuer is not in trusted certificate
+ * authorities.
+ */
+ if (issuer == NULL)
+ {
+ gnutls_assert ();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_FOUND | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+
+ if (!(flags & GNUTLS_VERIFY_DISABLE_CA_SIGN))
+ {
+ if (gnutls_x509_crt_get_ca_status (issuer, NULL) != 1)
+ {
+ gnutls_assert ();
+ if (output)
+ *output |= GNUTLS_CERT_SIGNER_NOT_CA | GNUTLS_CERT_INVALID;
+ return 0;
+ }
+ }
+
+ result =
+ _gnutls_x509_get_signed_data (crl->crl, "tbsCertList", &crl_signed_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = _gnutls_x509_get_signature (crl->crl, "signature", &crl_signature);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result =
+ _gnutls_x509_verify_signature (&crl_signed_data, NULL, &crl_signature,
+ issuer);
+ if (result == GNUTLS_E_PK_SIG_VERIFY_FAILED)
+ {
+ gnutls_assert ();
+ /* error. ignore it */
+ if (output)
+ *output |= GNUTLS_CERT_INVALID;
+ result = 0;
+ }
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ {
+ int sigalg;
+
+ sigalg = gnutls_x509_crl_get_signature_algorithm (crl);
+
+ if (((sigalg == GNUTLS_SIGN_RSA_MD2) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2)) ||
+ ((sigalg == GNUTLS_SIGN_RSA_MD5) &&
+ !(flags & GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5)))
+ {
+ if (output)
+ *output |= GNUTLS_CERT_INSECURE_ALGORITHM | GNUTLS_CERT_INVALID;
+ result = 0;
+ }
+ }
+
+cleanup:
+ _gnutls_free_datum (&crl_signed_data);
+ _gnutls_free_datum (&crl_signature);
+
+ return result;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ * Author: Nikos Mavrogiannopoulos, Simon Josefsson, Howard Chu
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions on X.509 Certificate parsing
+ */
+
+#include <gnutls_int.h>
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <common.h>
+#include <gnutls_x509.h>
+#include <x509_b64.h>
+#include <x509_int.h>
+#include <libtasn1.h>
+
+/**
+ * gnutls_x509_crt_init:
+ * @cert: The structure to be initialized
+ *
+ * This function will initialize an X.509 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_init (gnutls_x509_crt_t * cert)
+{
+ gnutls_x509_crt_t tmp = gnutls_calloc (1, sizeof (gnutls_x509_crt_int));
+ int result;
+
+ if (!tmp)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.Certificate", &tmp->cert);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (tmp);
+ return _gnutls_asn2err (result);
+ }
+
+ /* If you add anything here, be sure to check if it has to be added
+ to gnutls_x509_crt_import as well. */
+
+ *cert = tmp;
+
+ return 0; /* success */
+}
+
+/*-
+ * _gnutls_x509_crt_cpy - This function copies a gnutls_x509_crt_t structure
+ * @dest: The structure where to copy
+ * @src: The structure to be copied
+ *
+ * This function will copy an X.509 certificate structure.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ -*/
+int
+_gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src)
+{
+ int ret;
+ size_t der_size;
+ opaque *der;
+ gnutls_datum_t tmp;
+
+ ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, NULL, &der_size);
+ if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ der = gnutls_malloc (der_size);
+ if (der == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ ret = gnutls_x509_crt_export (src, GNUTLS_X509_FMT_DER, der, &der_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (der);
+ return ret;
+ }
+
+ tmp.data = der;
+ tmp.size = der_size;
+ ret = gnutls_x509_crt_import (dest, &tmp, GNUTLS_X509_FMT_DER);
+
+ gnutls_free (der);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_deinit:
+ * @cert: The structure to be deinitialized
+ *
+ * This function will deinitialize a certificate structure.
+ **/
+void
+gnutls_x509_crt_deinit (gnutls_x509_crt_t cert)
+{
+ if (!cert)
+ return;
+
+ if (cert->cert)
+ asn1_delete_structure (&cert->cert);
+
+ gnutls_free (cert);
+}
+
+/**
+ * gnutls_x509_crt_import:
+ * @cert: The structure to store the parsed certificate.
+ * @data: The DER or PEM encoded certificate.
+ * @format: One of DER or PEM
+ *
+ * This function will convert the given DER or PEM encoded Certificate
+ * to the native gnutls_x509_crt_t format. The output will be stored
+ * in @cert.
+ *
+ * If the Certificate is PEM encoded it should have a header of "X509
+ * CERTIFICATE", or "CERTIFICATE".
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_import (gnutls_x509_crt_t cert,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format)
+{
+ int result = 0, need_free = 0;
+ gnutls_datum_t _data;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ _data.data = data->data;
+ _data.size = data->size;
+
+ /* If the Certificate is in PEM format then decode it
+ */
+ if (format == GNUTLS_X509_FMT_PEM)
+ {
+ opaque *out;
+
+ /* Try the first header */
+ result =
+ _gnutls_fbase64_decode (PEM_X509_CERT2, data->data, data->size, &out);
+
+ if (result <= 0)
+ {
+ /* try for the second header */
+ result =
+ _gnutls_fbase64_decode (PEM_X509_CERT, data->data,
+ data->size, &out);
+
+ if (result <= 0)
+ {
+ if (result == 0)
+ result = GNUTLS_E_INTERNAL_ERROR;
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ _data.data = out;
+ _data.size = result;
+
+ need_free = 1;
+ }
+
+ if (cert->cert)
+ {
+ /* Any earlier asn1_der_decoding will modify the ASN.1
+ structure, so we need to replace it with a fresh
+ structure. */
+ asn1_delete_structure (&cert->cert);
+
+ result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.Certificate", &cert->cert);
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+
+ result = asn1_der_decoding (&cert->cert, _data.data, _data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ result = _gnutls_asn2err (result);
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Since we do not want to disable any extension
+ */
+ cert->use_extensions = 1;
+ if (need_free)
+ _gnutls_free_datum (&_data);
+
+ return 0;
+
+cleanup:
+ if (need_free)
+ _gnutls_free_datum (&_data);
+ return result;
+}
+
+
+/**
+ * gnutls_x509_crt_get_issuer_dn:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will copy the name of the Certificate issuer in the
+ * provided buffer. The name will be in the form
+ * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string
+ * will be ASCII or UTF-8 encoded, depending on the certificate data.
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ * long enough, and in that case the *sizeof_buf will be updated with
+ * the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
+ size_t * sizeof_buf)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn (cert->cert,
+ "tbsCertificate.issuer.rdnSequence", buf,
+ sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crt_get_issuer_dn_by_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
+ * @raw_flag: If non zero returns the raw DER data of the DN part.
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will extract the part of the name of the Certificate
+ * issuer specified by the given OID. The output, if the raw flag is not
+ * used, will be encoded as described in RFC2253. Thus a string that is
+ * ASCII or UTF-8 encoded, depending on the certificate data.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * If raw flag is zero, this function will only return known OIDs as
+ * text. Other OIDs will be DER encoded, as described in RFC2253 --
+ * in hex format with a '\#' prefix. You can check about known OIDs
+ * using gnutls_x509_dn_oid_known().
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ * long enough, and in that case the *sizeof_buf will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn_oid (cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crt_get_issuer_dn_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: This specifies which OID to return. Use zero to get the first one.
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ *
+ * This function will extract the OIDs of the name of the Certificate
+ * issuer specified by the given index.
+ *
+ * If @oid is null then only the size will be filled.
+ *
+ * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ * long enough, and in that case the *sizeof_oid will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * sizeof_oid)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid (cert->cert,
+ "tbsCertificate.issuer.rdnSequence",
+ indx, oid, sizeof_oid);
+}
+
+/**
+ * gnutls_x509_crt_get_dn:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will copy the name of the Certificate in the provided
+ * buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as
+ * described in RFC2253. The output string will be ASCII or UTF-8
+ * encoded, depending on the certificate data.
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
+ * long enough, and in that case the *sizeof_buf will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
+ size_t * sizeof_buf)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn (cert->cert,
+ "tbsCertificate.subject.rdnSequence", buf,
+ sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crt_get_dn_by_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one.
+ * @raw_flag: If non zero returns the raw DER data of the DN part.
+ * @buf: a pointer where the DN part will be copied (may be null).
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will extract the part of the name of the Certificate
+ * subject specified by the given OID. The output, if the raw flag is
+ * not used, will be encoded as described in RFC2253. Thus a string
+ * that is ASCII or UTF-8 encoded, depending on the certificate data.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * If raw flag is zero, this function will only return known OIDs as
+ * text. Other OIDs will be DER encoded, as described in RFC2253 --
+ * in hex format with a '\#' prefix. You can check about known OIDs
+ * using gnutls_x509_dn_oid_known().
+ *
+ * If @buf is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the *sizeof_buf will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid,
+ int indx, unsigned int raw_flag,
+ void *buf, size_t * sizeof_buf)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_parse_dn_oid (cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ oid, indx, raw_flag, buf, sizeof_buf);
+}
+
+/**
+ * gnutls_x509_crt_get_dn_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: This specifies which OID to return. Use zero to get the first one.
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ *
+ * This function will extract the OIDs of the name of the Certificate
+ * subject specified by the given index.
+ *
+ * If oid is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the *sizeof_oid will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * sizeof_oid)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_get_dn_oid (cert->cert,
+ "tbsCertificate.subject.rdnSequence",
+ indx, oid, sizeof_oid);
+}
+
+/**
+ * gnutls_x509_crt_get_signature_algorithm:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ *
+ * This function will return a value of the #gnutls_sign_algorithm_t
+ * enumeration that is the signature algorithm that has been used to
+ * sign this certificate.
+ *
+ * Returns: a #gnutls_sign_algorithm_t value, or a negative value on
+ * error.
+ **/
+int
+gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert)
+{
+ int result;
+ gnutls_datum_t sa;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Read the signature algorithm. Note that parameters are not
+ * read. They will be read from the issuer's certificate if needed.
+ */
+ result =
+ _gnutls_x509_read_value (cert->cert, "signatureAlgorithm.algorithm",
+ &sa, 0);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_oid2sign_algorithm (sa.data);
+
+ _gnutls_free_datum (&sa);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_get_signature:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @sig: a pointer where the signature part will be copied (may be null).
+ * @sizeof_sig: initially holds the size of @sig
+ *
+ * This function will extract the signature field of a certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. and a negative value on error.
+ **/
+int
+gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
+ char *sig, size_t * sizeof_sig)
+{
+ int result;
+ int bits, len;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ bits = 0;
+ result = asn1_read_value (cert->cert, "signature", NULL, &bits);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (bits % 8 != 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_CERTIFICATE_ERROR;
+ }
+
+ len = bits / 8;
+
+ if (*sizeof_sig < (unsigned int) len)
+ {
+ *sizeof_sig = bits / 8;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ result = asn1_read_value (cert->cert, "signature", sig, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_version:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ *
+ * This function will return the version of the specified Certificate.
+ *
+ * Returns: version of certificate, or a negative value on error.
+ **/
+int
+gnutls_x509_crt_get_version (gnutls_x509_crt_t cert)
+{
+ opaque version[8];
+ int len, result;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = sizeof (version);
+ if ((result =
+ asn1_read_value (cert->cert, "tbsCertificate.version", version,
+ &len)) != ASN1_SUCCESS)
+ {
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return 1; /* the DEFAULT version */
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return (int) version[0] + 1;
+}
+
+/**
+ * gnutls_x509_crt_get_activation_time:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ *
+ * This function will return the time this Certificate was or will be
+ * activated.
+ *
+ * Returns: activation time, or (time_t)-1 on error.
+ **/
+time_t
+gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ return _gnutls_x509_get_time (cert->cert,
+ "tbsCertificate.validity.notBefore");
+}
+
+/**
+ * gnutls_x509_crt_get_expiration_time:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ *
+ * This function will return the time this Certificate was or will be
+ * expired.
+ *
+ * Returns: expiration time, or (time_t)-1 on error.
+ **/
+time_t
+gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return (time_t) - 1;
+ }
+
+ return _gnutls_x509_get_time (cert->cert,
+ "tbsCertificate.validity.notAfter");
+}
+
+/**
+ * gnutls_x509_crt_get_serial:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @result: The place where the serial number will be copied
+ * @result_size: Holds the size of the result field.
+ *
+ * This function will return the X.509 certificate's serial number.
+ * This is obtained by the X509 Certificate serialNumber field. Serial
+ * is not always a 32 or 64bit number. Some CAs use large serial
+ * numbers, thus it may be wise to handle it as something opaque.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
+ size_t * result_size)
+{
+ int ret, len;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ len = *result_size;
+ ret =
+ asn1_read_value (cert->cert, "tbsCertificate.serialNumber", result, &len);
+ *result_size = len;
+
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_subject_key_id:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @ret: The place where the identifier will be copied
+ * @ret_size: Holds the size of the result field.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the X.509v3 certificate's subject key
+ * identifier. This is obtained by the X.509 Subject Key identifier
+ * extension field (2.5.29.14).
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret,
+ size_t * ret_size, unsigned int *critical)
+{
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ if (ret)
+ memset (ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &id,
+ critical)) < 0)
+ {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.SubjectKeyIdentifier", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&id);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, id.data, id.size, NULL);
+ _gnutls_free_datum (&id);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ len = *ret_size;
+ result = asn1_read_value (c2, "", ret, &len);
+
+ *ret_size = len;
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_authority_key_id:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @ret: The place where the identifier will be copied
+ * @ret_size: Holds the size of the result field.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the X.509v3 certificate authority's key
+ * identifier. This is obtained by the X.509 Authority Key
+ * identifier extension field (2.5.29.35). Note that this function
+ * only returns the keyIdentifier field of the extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
+{
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+
+ if (ret)
+ memset (ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &id,
+ critical)) < 0)
+ {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.AuthorityKeyIdentifier", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&id);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, id.data, id.size, NULL);
+ _gnutls_free_datum (&id);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ len = *ret_size;
+ result = asn1_read_value (c2, "keyIdentifier", ret, &len);
+
+ *ret_size = len;
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ if (result != ASN1_MEM_ERROR)
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_pk_algorithm:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @bits: if bits is non null it will hold the size of the parameters' in bits
+ *
+ * This function will return the public key algorithm of an X.509
+ * certificate.
+ *
+ * If bits is non null, it should have enough size to hold the parameters
+ * size in bits. For RSA the bits returned is the modulus.
+ * For DSA the bits returned are of the public
+ * exponent.
+ *
+ * Returns: a member of the #gnutls_pk_algorithm_t enumeration on
+ * success, or a negative value on error.
+ **/
+int
+gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits)
+{
+ int result;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result =
+ _gnutls_x509_get_pk_algorithm (cert->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ bits);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return result;
+
+}
+
+inline static int
+is_type_printable (int type)
+{
+ if (type == GNUTLS_SAN_DNSNAME || type == GNUTLS_SAN_RFC822NAME ||
+ type == GNUTLS_SAN_URI)
+ return 1;
+ else
+ return 0;
+}
+
+#define XMPP_OID "1.3.6.1.5.5.7.8.5"
+
+/* returns the type and the name on success.
+ * Type is also returned as a parameter in case of an error.
+ */
+int
+_gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid)
+{
+ unsigned int len;
+ char nptr[ASN1_MAX_NAME_SIZE];
+ int result;
+ opaque choice_type[128];
+ gnutls_x509_subject_alt_name_t type;
+
+ seq++; /* 0->1, 1->2 etc */
+
+ if (src_name[0] != 0)
+ snprintf (nptr, sizeof (nptr), "%s.?%u", src_name, seq);
+ else
+ snprintf (nptr, sizeof (nptr), "?%u", seq);
+
+ len = sizeof (choice_type);
+ result = asn1_read_value (src, nptr, choice_type, &len);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+
+ type = _gnutls_x509_san_find_type (choice_type);
+ if (type == (gnutls_x509_subject_alt_name_t) - 1)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_X509_UNKNOWN_SAN;
+ }
+
+ if (ret_type)
+ *ret_type = type;
+
+ if (type == GNUTLS_SAN_OTHERNAME)
+ {
+ if (othername_oid)
+ _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.type-id");
+ else
+ _gnutls_str_cat (nptr, sizeof (nptr), ".otherName.value");
+
+ len = *name_size;
+ result = asn1_read_value (src, nptr, name, &len);
+ *name_size = len;
+
+ if (result == ASN1_MEM_ERROR)
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (othername_oid)
+ {
+ if (len > strlen (XMPP_OID) && strcmp (name, XMPP_OID) == 0)
+ type = GNUTLS_SAN_OTHERNAME_XMPP;
+ }
+ else
+ {
+ char oid[42];
+
+ if (src_name[0] != 0)
+ snprintf (nptr, sizeof (nptr), "%s.?%u.otherName.type-id",
+ src_name, seq);
+ else
+ snprintf (nptr, sizeof (nptr), "?%u.otherName.type-id", seq);
+
+ len = sizeof (oid);
+ result = asn1_read_value (src, nptr, oid, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (len > strlen (XMPP_OID) && strcmp (oid, XMPP_OID) == 0)
+ {
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ size_t orig_name_size = *name_size;
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.XmppAddr", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, name, *name_size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ len = *name_size;
+ result = asn1_read_value (c2, "", name, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ *name_size = len + 1;
+ return _gnutls_asn2err (result);
+ }
+ asn1_delete_structure (&c2);
+
+ if (len + 1 > orig_name_size)
+ {
+ gnutls_assert ();
+ *name_size = len + 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *name_size = len;
+ /* null terminate it */
+ ((char *) name)[*name_size] = 0;
+ }
+ }
+ }
+ else if (type == GNUTLS_SAN_DN)
+ {
+ _gnutls_str_cat (nptr, sizeof (nptr), ".directoryName");
+ result = _gnutls_x509_parse_dn (src, nptr, name, name_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+ else if (othername_oid)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else
+ {
+ size_t orig_name_size = *name_size;
+
+ _gnutls_str_cat (nptr, sizeof (nptr), ".");
+ _gnutls_str_cat (nptr, sizeof (nptr), choice_type);
+
+ len = *name_size;
+ result = asn1_read_value (src, nptr, name, &len);
+ *name_size = len;
+
+ if (result == ASN1_MEM_ERROR)
+ {
+ if (is_type_printable (type))
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (is_type_printable (type))
+ {
+
+ if (len + 1 > orig_name_size)
+ {
+ gnutls_assert ();
+ (*name_size)++;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ /* null terminate it */
+ ((char *) name)[*name_size] = 0;
+ }
+
+ }
+
+ return type;
+}
+
+static int
+get_alt_name (gnutls_x509_crt_t cert, const char *extension_id,
+ unsigned int seq, void *ret,
+ size_t * ret_size, unsigned int *ret_type,
+ unsigned int *critical, int othername_oid)
+{
+ int result;
+ gnutls_datum_t dnsname;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ gnutls_x509_subject_alt_name_t type;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (ret)
+ memset (ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, extension_id, 0, &dnsname,
+ critical)) < 0)
+ {
+ return result;
+ }
+
+ if (dnsname.size == 0 || dnsname.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (strcmp ("2.5.29.17", extension_id) == 0)
+ result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.SubjectAltName", &c2);
+ else if (strcmp ("2.5.29.18", extension_id) == 0)
+ result = asn1_create_element (_gnutls_get_pkix (),
+ "PKIX1.IssuerAltName", &c2);
+ else
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INTERNAL_ERROR;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&dnsname);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, dnsname.data, dnsname.size, NULL);
+ _gnutls_free_datum (&dnsname);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ _gnutls_parse_general_name (c2, "", seq, ret, ret_size, ret_type,
+ othername_oid);
+
+ asn1_delete_structure (&c2);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ type = result;
+
+ return type;
+}
+
+/**
+ * gnutls_x509_crt_get_subject_alt_name:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function retrieves the Alternative Name (2.5.29.17), contained
+ * in the given certificate in the X509v3 Certificate Extensions.
+ *
+ * When the SAN type is otherName, it will extract the data in the
+ * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned.
+ * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get
+ * the corresponding OID and the "virtual" SAN types (e.g.,
+ * %GNUTLS_SAN_OTHERNAME_XMPP).
+ *
+ * If an otherName OID is known, the data will be decoded. Otherwise
+ * the returned data will be DER encoded, and you will have to decode
+ * it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is
+ * recognized.
+ *
+ * Returns: the alternative subject name type on success, one of the
+ * enumerated #gnutls_x509_subject_alt_name_t. It will return
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to
+ * hold the value. In that case @ret_size will be updated with the
+ * required size. If the certificate does not have an Alternative
+ * name with the specified sequence number then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ **/
+int
+gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
+{
+ return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, critical,
+ 0);
+}
+
+/**
+ * gnutls_x509_crt_get_issuer_alt_name:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function retrieves the Issuer Alternative Name (2.5.29.18),
+ * contained in the given certificate in the X509v3 Certificate
+ * Extensions.
+ *
+ * When the SAN type is otherName, it will extract the data in the
+ * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned.
+ * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get
+ * the corresponding OID and the "virtual" SAN types (e.g.,
+ * %GNUTLS_SAN_OTHERNAME_XMPP).
+ *
+ * If an otherName OID is known, the data will be decoded. Otherwise
+ * the returned data will be DER encoded, and you will have to decode
+ * it yourself. Currently, only the RFC 3920 id-on-xmppAddr Issuer
+ * AltName is recognized.
+ *
+ * Returns: the alternative issuer name type on success, one of the
+ * enumerated #gnutls_x509_subject_alt_name_t. It will return
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
+ * to hold the value. In that case @ret_size will be updated with
+ * the required size. If the certificate does not have an
+ * Alternative name with the specified sequence number then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *critical)
+{
+ return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, critical,
+ 0);
+}
+
+/**
+ * gnutls_x509_crt_get_subject_alt_name2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ * @ret_type: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the alternative names, contained in the
+ * given certificate. It is the same as
+ * gnutls_x509_crt_get_subject_alt_name() except for the fact that it
+ * will return the type of the alternative name in @ret_type even if
+ * the function fails for some reason (i.e. the buffer provided is
+ * not enough).
+ *
+ * Returns: the alternative subject name type on success, one of the
+ * enumerated #gnutls_x509_subject_alt_name_t. It will return
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
+ * to hold the value. In that case @ret_size will be updated with
+ * the required size. If the certificate does not have an
+ * Alternative name with the specified sequence number then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ **/
+int
+gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
+{
+ return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, ret_type,
+ critical, 0);
+}
+
+/**
+ * gnutls_x509_crt_get_issuer_alt_name2:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the alternative name will be copied to
+ * @ret_size: holds the size of ret.
+ * @ret_type: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t).
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function will return the alternative names, contained in the
+ * given certificate. It is the same as
+ * gnutls_x509_crt_get_issuer_alt_name() except for the fact that it
+ * will return the type of the alternative name in @ret_type even if
+ * the function fails for some reason (i.e. the buffer provided is
+ * not enough).
+ *
+ * Returns: the alternative issuer name type on success, one of the
+ * enumerated #gnutls_x509_subject_alt_name_t. It will return
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough
+ * to hold the value. In that case @ret_size will be updated with
+ * the required size. If the certificate does not have an
+ * Alternative name with the specified sequence number then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Since: 2.10.0
+ *
+ **/
+int
+gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *ret_type,
+ unsigned int *critical)
+{
+ return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, ret_type,
+ critical, 0);
+}
+
+/**
+ * gnutls_x509_crt_get_subject_alt_othername_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the otherName OID will be copied to
+ * @ret_size: holds the size of ret.
+ *
+ * This function will extract the type OID of an otherName Subject
+ * Alternative Name, contained in the given certificate, and return
+ * the type as an enumerated element.
+ *
+ * This function is only useful if
+ * gnutls_x509_crt_get_subject_alt_name() returned
+ * %GNUTLS_SAN_OTHERNAME.
+ *
+ * Returns: the alternative subject name type on success, one of the
+ * enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
+ * will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
+ * e.g. %GNUTLS_SAN_OTHERNAME_XMPP, and %GNUTLS_SAN_OTHERNAME for
+ * unknown OIDs. It will return %GNUTLS_E_SHORT_MEMORY_BUFFER if
+ * @ret_size is not large enough to hold the value. In that case
+ * @ret_size will be updated with the required size. If the
+ * certificate does not have an Alternative name with the specified
+ * sequence number and with the otherName type then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ **/
+int
+gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret, size_t * ret_size)
+{
+ return get_alt_name (cert, "2.5.29.17", seq, ret, ret_size, NULL, NULL, 1);
+}
+
+/**
+ * gnutls_x509_crt_get_issuer_alt_othername_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the otherName OID will be copied to
+ * @ret_size: holds the size of ret.
+ *
+ * This function will extract the type OID of an otherName Subject
+ * Alternative Name, contained in the given certificate, and return
+ * the type as an enumerated element.
+ *
+ * This function is only useful if
+ * gnutls_x509_crt_get_issuer_alt_name() returned
+ * %GNUTLS_SAN_OTHERNAME.
+ *
+ * Returns: the alternative issuer name type on success, one of the
+ * enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it
+ * will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types,
+ * e.g. %GNUTLS_SAN_OTHERNAME_XMPP, and %GNUTLS_SAN_OTHERNAME for
+ * unknown OIDs. It will return %GNUTLS_E_SHORT_MEMORY_BUFFER if
+ * @ret_size is not large enough to hold the value. In that case
+ * @ret_size will be updated with the required size. If the
+ * certificate does not have an Alternative name with the specified
+ * sequence number and with the otherName type then
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
+ *
+ * Since: 2.10.0
+ **/
+int
+gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert,
+ unsigned int seq,
+ void *ret, size_t * ret_size)
+{
+ return get_alt_name (cert, "2.5.29.18", seq, ret, ret_size, NULL, NULL, 1);
+}
+
+/**
+ * gnutls_x509_crt_get_basic_constraints:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @critical: will be non zero if the extension is marked as critical
+ * @ca: pointer to output integer indicating CA status, may be NULL,
+ * value is 1 if the certificate CA flag is set, 0 otherwise.
+ * @pathlen: pointer to output integer indicating path length (may be
+ * NULL), non-negative values indicate a present pathLenConstraint
+ * field and the actual value, -1 indicate that the field is absent.
+ *
+ * This function will read the certificate's basic constraints, and
+ * return the certificates CA status. It reads the basicConstraints
+ * X.509 extension (2.5.29.19).
+ *
+ * Return value: If the certificate is a CA a positive value will be
+ * returned, or zero if the certificate does not have CA flag set. A
+ * negative value may be returned in case of errors. If the
+ * certificate does not contain the basicConstraints extension
+ * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ **/
+int
+gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *ca, int *pathlen)
+{
+ int result;
+ gnutls_datum_t basicConstraints;
+ int tmp_ca;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.19", 0,
+ &basicConstraints, critical)) < 0)
+ {
+ return result;
+ }
+
+ if (basicConstraints.size == 0 || basicConstraints.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result =
+ _gnutls_x509_ext_extract_basicConstraints (&tmp_ca,
+ pathlen,
+ basicConstraints.data,
+ basicConstraints.size);
+ if (ca)
+ *ca = tmp_ca;
+ _gnutls_free_datum (&basicConstraints);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return tmp_ca;
+}
+
+/**
+ * gnutls_x509_crt_get_ca_status:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @critical: will be non zero if the extension is marked as critical
+ *
+ * This function will return certificates CA status, by reading the
+ * basicConstraints X.509 extension (2.5.29.19). If the certificate is
+ * a CA a positive value will be returned, or zero if the certificate
+ * does not have CA flag set.
+ *
+ * Use gnutls_x509_crt_get_basic_constraints() if you want to read the
+ * pathLenConstraint field too.
+ *
+ * Returns: A negative value may be returned in case of parsing error.
+ * If the certificate does not contain the basicConstraints extension
+ * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ **/
+int
+gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical)
+{
+ int ca, pathlen;
+ return gnutls_x509_crt_get_basic_constraints (cert, critical, &ca,
+ &pathlen);
+}
+
+/**
+ * gnutls_x509_crt_get_key_usage:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @key_usage: where the key usage bits will be stored
+ * @critical: will be non zero if the extension is marked as critical
+ *
+ * This function will return certificate's key usage, by reading the
+ * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed
+ * values of the: %GNUTLS_KEY_DIGITAL_SIGNATURE,
+ * %GNUTLS_KEY_NON_REPUDIATION, %GNUTLS_KEY_KEY_ENCIPHERMENT,
+ * %GNUTLS_KEY_DATA_ENCIPHERMENT, %GNUTLS_KEY_KEY_AGREEMENT,
+ * %GNUTLS_KEY_KEY_CERT_SIGN, %GNUTLS_KEY_CRL_SIGN,
+ * %GNUTLS_KEY_ENCIPHER_ONLY, %GNUTLS_KEY_DECIPHER_ONLY.
+ *
+ * Returns: the certificate key usage, or a negative value in case of
+ * parsing error. If the certificate does not contain the keyUsage
+ * extension %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be
+ * returned.
+ **/
+int
+gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
+ unsigned int *key_usage,
+ unsigned int *critical)
+{
+ int result;
+ gnutls_datum_t keyUsage;
+ uint16_t _usage;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.15", 0, &keyUsage,
+ critical)) < 0)
+ {
+ return result;
+ }
+
+ if (keyUsage.size == 0 || keyUsage.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = _gnutls_x509_ext_extract_keyUsage (&_usage, keyUsage.data,
+ keyUsage.size);
+ _gnutls_free_datum (&keyUsage);
+
+ *key_usage = _usage;
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_proxy:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @critical: will be non zero if the extension is marked as critical
+ * @pathlen: pointer to output integer indicating path length (may be
+ * NULL), non-negative values indicate a present pCPathLenConstraint
+ * field and the actual value, -1 indicate that the field is absent.
+ * @policyLanguage: output variable with OID of policy language
+ * @policy: output variable with policy data
+ * @sizeof_policy: output variable size of policy data
+ *
+ * This function will get information from a proxy certificate. It
+ * reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14).
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
+ unsigned int *critical,
+ int *pathlen,
+ char **policyLanguage,
+ char **policy, size_t * sizeof_policy)
+{
+ int result;
+ gnutls_datum_t proxyCertInfo;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, "1.3.6.1.5.5.7.1.14", 0,
+ &proxyCertInfo, critical)) < 0)
+ {
+ return result;
+ }
+
+ if (proxyCertInfo.size == 0 || proxyCertInfo.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = _gnutls_x509_ext_extract_proxyCertInfo (pathlen,
+ policyLanguage,
+ policy,
+ sizeof_policy,
+ proxyCertInfo.data,
+ proxyCertInfo.size);
+ _gnutls_free_datum (&proxyCertInfo);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_extension_by_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @oid: holds an Object Identified in null terminated string
+ * @indx: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one.
+ * @buf: a pointer to a structure to hold the name (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ * @critical: will be non zero if the extension is marked as critical
+ *
+ * This function will return the extension specified by the OID in the
+ * certificate. The extensions will be returned as binary data DER
+ * encoded, in the provided buffer.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned. If the certificate does not
+ * contain the specified extension
+ * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
+ **/
+int
+gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
+ const char *oid, int indx,
+ void *buf, size_t * sizeof_buf,
+ unsigned int *critical)
+{
+ int result;
+ gnutls_datum_t output;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, oid, indx, &output,
+ critical)) < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ if (output.size == 0 || output.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (output.size > (unsigned int) *sizeof_buf)
+ {
+ *sizeof_buf = output.size;
+ _gnutls_free_datum (&output);
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ *sizeof_buf = output.size;
+
+ if (buf)
+ memcpy (buf, output.data, output.size);
+
+ _gnutls_free_datum (&output);
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_get_extension_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: Specifies which extension OID to send. Use zero to get the first one.
+ * @oid: a pointer to a structure to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ *
+ * This function will return the requested extension OID in the certificate.
+ * The extension OID will be stored as a string in the provided buffer.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned. If you have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ **/
+int
+gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * sizeof_oid)
+{
+ int result;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_crt_get_extension_oid (cert, indx, oid, sizeof_oid);
+ if (result < 0)
+ {
+ return result;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_get_extension_info:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: Specifies which extension OID to send. Use zero to get the first one.
+ * @oid: a pointer to a structure to hold the OID
+ * @sizeof_oid: initially holds the maximum size of @oid, on return
+ * holds actual size of @oid.
+ * @critical: output variable with critical flag, may be NULL.
+ *
+ * This function will return the requested extension OID in the
+ * certificate, and the critical flag for it. The extension OID will
+ * be stored as a string in the provided buffer. Use
+ * gnutls_x509_crt_get_extension_data() to extract the data.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *@sizeof_oid is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
+ * returned.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned. If you have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ **/
+int
+gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
+ void *oid, size_t * sizeof_oid,
+ int *critical)
+{
+ int result;
+ char str_critical[10];
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+
+ if (!cert)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnID",
+ indx + 1);
+
+ len = *sizeof_oid;
+ result = asn1_read_value (cert->cert, name, oid, &len);
+ *sizeof_oid = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.critical",
+ indx + 1);
+ len = sizeof (str_critical);
+ result = asn1_read_value (cert->cert, name, str_critical, &len);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (critical)
+ {
+ if (str_critical[0] == 'T')
+ *critical = 1;
+ else
+ *critical = 0;
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_get_extension_data:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: Specifies which extension OID to send. Use zero to get the first one.
+ * @data: a pointer to a structure to hold the data (may be null)
+ * @sizeof_data: initially holds the size of @oid
+ *
+ * This function will return the requested extension data in the
+ * certificate. The extension data will be stored as a string in the
+ * provided buffer.
+ *
+ * Use gnutls_x509_crt_get_extension_info() to extract the OID and
+ * critical flag. Use gnutls_x509_crt_get_extension_by_oid() instead,
+ * if you want to get data indexed by the extension OID rather than
+ * sequence.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned. If you have reached the
+ * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
+ * will be returned.
+ **/
+int
+gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
+ void *data, size_t * sizeof_data)
+{
+ int result, len;
+ char name[ASN1_MAX_NAME_SIZE];
+
+ if (!cert)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ snprintf (name, sizeof (name), "tbsCertificate.extensions.?%u.extnValue",
+ indx + 1);
+
+ len = *sizeof_data;
+ result = asn1_read_value (cert->cert, name, data, &len);
+ *sizeof_data = len;
+
+ if (result == ASN1_ELEMENT_NOT_FOUND)
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ else if (result < 0)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+static int
+_gnutls_x509_crt_get_raw_dn2 (gnutls_x509_crt_t cert,
+ const char *whom, gnutls_datum_t * start)
+{
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ int result, len1;
+ int start1, end1;
+ gnutls_datum_t signed_data = { NULL, 0 };
+
+ /* get the issuer of 'cert'
+ */
+ if ((result =
+ asn1_create_element (_gnutls_get_pkix (), "PKIX1.TBSCertificate",
+ &c2)) != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ _gnutls_x509_get_signed_data (cert->cert, "tbsCertificate", &signed_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = asn1_der_decoding (&c2, signed_data.data, signed_data.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ result =
+ asn1_der_decoding_startEnd (c2, signed_data.data, signed_data.size,
+ whom, &start1, &end1);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto cleanup;
+ }
+
+ len1 = end1 - start1 + 1;
+
+ _gnutls_set_datum (start, &signed_data.data[start1], len1);
+
+ result = 0;
+
+cleanup:
+ asn1_delete_structure (&c2);
+ _gnutls_free_datum (&signed_data);
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_get_raw_issuer_dn:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @start: will hold the starting point of the DN
+ *
+ * This function will return a pointer to the DER encoded DN structure
+ * and the length.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.or a negative value on error.
+ *
+ **/
+int
+gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
+ gnutls_datum_t * start)
+{
+ return _gnutls_x509_crt_get_raw_dn2 (cert, "issuer", start);
+}
+
+/**
+ * gnutls_x509_crt_get_raw_dn:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @start: will hold the starting point of the DN
+ *
+ * This function will return a pointer to the DER encoded DN structure and
+ * the length.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value. or a negative value on error.
+ *
+ **/
+int
+gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, gnutls_datum_t * start)
+{
+ return _gnutls_x509_crt_get_raw_dn2 (cert, "subject", start);
+}
+
+static int
+get_dn (gnutls_x509_crt_t cert, const char *whom, gnutls_x509_dn_t * dn)
+{
+ *dn = asn1_find_node (cert->cert, whom);
+ if (!*dn)
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_subject:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: output variable with pointer to opaque DN.
+ *
+ * Return the Certificate's Subject DN as an opaque data type. You
+ * may use gnutls_x509_dn_get_rdn_ava() to decode the DN.
+ *
+ * Note that @dn should be treated as constant. Because points
+ * into the @cert object, you may not deallocate @cert
+ * and continue to access @dn.
+ *
+ * Returns: Returns 0 on success, or an error code.
+ **/
+int
+gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
+{
+ return get_dn (cert, "tbsCertificate.subject.rdnSequence", dn);
+}
+
+/**
+ * gnutls_x509_crt_get_issuer:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @dn: output variable with pointer to opaque DN
+ *
+ * Return the Certificate's Issuer DN as an opaque data type. You may
+ * use gnutls_x509_dn_get_rdn_ava() to decode the DN.
+ *
+ * Note that @dn should be treated as constant. Because points
+ * into the @cert object, you may not deallocate @cert
+ * and continue to access @dn.
+ *
+ * Returns: Returns 0 on success, or an error code.
+ **/
+int
+gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn)
+{
+ return get_dn (cert, "tbsCertificate.issuer.rdnSequence", dn);
+}
+
+/**
+ * gnutls_x509_dn_get_rdn_ava:
+ * @dn: input variable with opaque DN pointer
+ * @irdn: index of RDN
+ * @iava: index of AVA.
+ * @ava: Pointer to structure which will hold output information.
+ *
+ * Get pointers to data within the DN.
+ *
+ * Note that @ava will contain pointers into the @dn structure, so you
+ * should not modify any data or deallocate it. Note also that the DN
+ * in turn points into the original certificate structure, and thus
+ * you may not deallocate the certificate and continue to access @dn.
+ *
+ * Returns: Returns 0 on success, or an error code.
+ **/
+int
+gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn,
+ int irdn, int iava, gnutls_x509_ava_st * ava)
+{
+ ASN1_TYPE rdn, elem;
+ long len;
+ int lenlen, remlen, ret;
+ char rbuf[ASN1_MAX_NAME_SIZE];
+ unsigned char cls, *ptr;
+
+ iava++;
+ irdn++; /* 0->1, 1->2 etc */
+
+ snprintf (rbuf, sizeof (rbuf), "rdnSequence.?%d.?%d", irdn, iava);
+ rdn = asn1_find_node (dn, rbuf);
+ if (!rdn)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ snprintf (rbuf, sizeof (rbuf), "?%d.type", iava);
+ elem = asn1_find_node (rdn, rbuf);
+ if (!elem)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ ava->oid.data = elem->value;
+ ava->oid.size = elem->value_len;
+
+ snprintf (rbuf, sizeof (rbuf), "?%d.value", iava);
+ elem = asn1_find_node (rdn, rbuf);
+ if (!elem)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ASN1_ELEMENT_NOT_FOUND;
+ }
+
+ /* The value still has the previous tag's length bytes, plus the
+ * current value's tag and length bytes. Decode them.
+ */
+
+ ptr = elem->value;
+ remlen = elem->value_len;
+ len = asn1_get_length_der (ptr, remlen, &lenlen);
+ if (len < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+
+ ptr += lenlen;
+ remlen -= lenlen;
+ ret = asn1_get_tag_der (ptr, remlen, &cls, &lenlen, &ava->value_tag);
+ if (ret)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ ptr += lenlen;
+ remlen -= lenlen;
+
+ {
+ signed long tmp;
+
+ tmp = asn1_get_length_der (ptr, remlen, &lenlen);
+ if (tmp < 0)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_ASN1_DER_ERROR;
+ }
+ ava->value.size = tmp;
+ }
+ ava->value.data = ptr + lenlen;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_get_fingerprint:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @algo: is a digest algorithm
+ * @buf: a pointer to a structure to hold the fingerprint (may be null)
+ * @sizeof_buf: initially holds the size of @buf
+ *
+ * This function will calculate and copy the certificate's fingerprint
+ * in the provided buffer.
+ *
+ * If the buffer is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the *sizeof_buf will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
+ gnutls_digest_algorithm_t algo,
+ void *buf, size_t * sizeof_buf)
+{
+ opaque *cert_buf;
+ int cert_buf_size;
+ int result;
+ gnutls_datum_t tmp;
+
+ if (sizeof_buf == 0 || cert == NULL)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ cert_buf_size = 0;
+ asn1_der_coding (cert->cert, "", NULL, &cert_buf_size, NULL);
+
+ cert_buf = gnutls_malloc (cert_buf_size);
+ if (cert_buf == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding (cert->cert, "", cert_buf, &cert_buf_size, NULL);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (cert_buf);
+ return _gnutls_asn2err (result);
+ }
+
+ tmp.data = cert_buf;
+ tmp.size = cert_buf_size;
+
+ result = gnutls_fingerprint (algo, &tmp, buf, sizeof_buf);
+ gnutls_free (cert_buf);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_export:
+ * @cert: Holds the certificate
+ * @format: the format of output params. One of PEM or DER.
+ * @output_data: will contain a certificate PEM or DER encoded
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will export the certificate to DER or PEM format.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned.
+ *
+ * If the structure is PEM encoded, it will have a header
+ * of "BEGIN CERTIFICATE".
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_x509_crt_export (gnutls_x509_crt_t cert,
+ gnutls_x509_crt_fmt_t format, void *output_data,
+ size_t * output_data_size)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_export_int (cert->cert, format, "CERTIFICATE",
+ output_data, output_data_size);
+}
+
+int
+_gnutls_get_key_id (gnutls_pk_algorithm_t pk, bigint_t * params,
+ int params_size, unsigned char *output_data,
+ size_t * output_data_size)
+{
+ int result = 0;
+ gnutls_datum_t der = { NULL, 0 };
+ digest_hd_st hd;
+
+ if (output_data == NULL || *output_data_size < 20)
+ {
+ gnutls_assert ();
+ *output_data_size = 20;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ if (pk == GNUTLS_PK_RSA)
+ {
+ result = _gnutls_x509_write_rsa_params (params, params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ else if (pk == GNUTLS_PK_DSA)
+ {
+ result = _gnutls_x509_write_dsa_public_key (params, params_size, &der);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+ }
+ else
+ return GNUTLS_E_INTERNAL_ERROR;
+
+ result = _gnutls_hash_init (&hd, GNUTLS_MAC_SHA1);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ _gnutls_hash (&hd, der.data, der.size);
+
+ _gnutls_hash_deinit (&hd, output_data);
+ *output_data_size = 20;
+
+ result = 0;
+
+cleanup:
+
+ _gnutls_free_datum (&der);
+ return result;
+}
+
+
+static int
+rsadsa_get_key_id (gnutls_x509_crt_t crt, int pk,
+ unsigned char *output_data, size_t * output_data_size)
+{
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i, result = 0;
+
+ result = _gnutls_x509_crt_get_mpis (crt, params, ¶ms_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result =
+ _gnutls_get_key_id (pk, params, params_size, output_data,
+ output_data_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ result = 0;
+
+cleanup:
+
+ /* release all allocated MPIs
+ */
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_get_key_id:
+ * @crt: Holds the certificate
+ * @flags: should be 0 for now
+ * @output_data: will contain the key ID
+ * @output_data_size: holds the size of output_data (and will be
+ * replaced by the actual size of parameters)
+ *
+ * This function will return a unique ID the depends on the public
+ * key parameters. This ID can be used in checking whether a
+ * certificate corresponds to the given private key.
+ *
+ * If the buffer provided is not long enough to hold the output, then
+ * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
+ * be returned. The output will normally be a SHA-1 hash output,
+ * which is 20 bytes.
+ *
+ * Return value: In case of failure a negative value will be
+ * returned, and 0 on success.
+ **/
+int
+gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags,
+ unsigned char *output_data,
+ size_t * output_data_size)
+{
+ int pk, result = 0;
+ gnutls_datum_t pubkey;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*output_data_size < 20)
+ {
+ gnutls_assert ();
+ *output_data_size = 20;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ pk = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
+ if (pk < 0)
+ {
+ gnutls_assert ();
+ return pk;
+ }
+
+ if (pk == GNUTLS_PK_RSA || pk == GNUTLS_PK_DSA)
+ {
+ /* This is for compatibility with what GnuTLS has printed for
+ RSA/DSA before the code below was added. The code below is
+ applicable to all types, and it would probably be a better
+ idea to use it for RSA/DSA too, but doing so would break
+ backwards compatibility. */
+ return rsadsa_get_key_id (crt, pk, output_data, output_data_size);
+ }
+
+ /* FIXME: what does this code do here? Isn't identical to the code
+ * in rsadsa_get_key_id?
+ */
+ pubkey.size = 0;
+ result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
+ NULL, &pubkey.size, NULL);
+ if (result != ASN1_MEM_ERROR)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ pubkey.data = gnutls_malloc (pubkey.size);
+ if (pubkey.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = asn1_der_coding (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
+ pubkey.data, &pubkey.size, NULL);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ gnutls_free (pubkey.data);
+ return _gnutls_asn2err (result);
+ }
+
+ result = gnutls_fingerprint (GNUTLS_DIG_SHA1, &pubkey,
+ output_data, output_data_size);
+
+ gnutls_free (pubkey.data);
+
+ return result;
+}
+
+
+#ifdef ENABLE_PKI
+
+/**
+ * gnutls_x509_crt_check_revocation:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @crl_list: should contain a list of gnutls_x509_crl_t structures
+ * @crl_list_length: the length of the crl_list
+ *
+ * This function will return check if the given certificate is
+ * revoked. It is assumed that the CRLs have been verified before.
+ *
+ * Returns: 0 if the certificate is NOT revoked, and 1 if it is. A
+ * negative value is returned on error.
+ **/
+int
+gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
+ const gnutls_x509_crl_t * crl_list,
+ int crl_list_length)
+{
+ opaque serial[64];
+ opaque cert_serial[64];
+ size_t serial_size, cert_serial_size;
+ int ncerts, ret, i, j;
+ gnutls_datum_t dn1, dn2;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (j = 0; j < crl_list_length; j++)
+ { /* do for all the crls */
+
+ /* Step 1. check if issuer's DN match
+ */
+ ret = gnutls_x509_crl_get_raw_issuer_dn (crl_list[j], &dn1);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = gnutls_x509_crt_get_raw_issuer_dn (cert, &dn2);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_x509_compare_raw_dn (&dn1, &dn2);
+ _gnutls_free_datum (&dn1);
+ _gnutls_free_datum (&dn2);
+ if (ret == 0)
+ {
+ /* issuers do not match so don't even
+ * bother checking.
+ */
+ continue;
+ }
+
+ /* Step 2. Read the certificate's serial number
+ */
+ cert_serial_size = sizeof (cert_serial);
+ ret = gnutls_x509_crt_get_serial (cert, cert_serial, &cert_serial_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Step 3. cycle through the CRL serials and compare with
+ * certificate serial we have.
+ */
+
+ ncerts = gnutls_x509_crl_get_crt_count (crl_list[j]);
+ if (ncerts < 0)
+ {
+ gnutls_assert ();
+ return ncerts;
+ }
+
+ for (i = 0; i < ncerts; i++)
+ {
+ serial_size = sizeof (serial);
+ ret =
+ gnutls_x509_crl_get_crt_serial (crl_list[j], i, serial,
+ &serial_size, NULL);
+
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (serial_size == cert_serial_size)
+ {
+ if (memcmp (serial, cert_serial, serial_size) == 0)
+ {
+ /* serials match */
+ return 1; /* revoked! */
+ }
+ }
+ }
+
+ }
+ return 0; /* not revoked. */
+}
+
+/**
+ * gnutls_x509_crt_get_verify_algorithm:
+ * @crt: Holds the certificate
+ * @signature: contains the signature
+ * @hash: The result of the call with the hash algorithm used for signature
+ *
+ * This function will read the certifcate and the signed data to
+ * determine the hash algorithm used to generate the signature.
+ *
+ * Deprecated: Use gnutls_pubkey_get_verify_algorithm() instead.
+ *
+ * Returns: the 0 if the hash algorithm is found. A negative value is
+ * returned on error.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crt_get_verify_algorithm (gnutls_x509_crt_t crt,
+ const gnutls_datum_t * signature,
+ gnutls_digest_algorithm_t * hash)
+{
+ bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
+ int issuer_params_size;
+ int ret, i;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
+ ret = _gnutls_x509_crt_get_mpis (crt, issuer_params, &issuer_params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_x509_verify_algorithm ((gnutls_mac_algorithm_t *) hash,
+ signature,
+ gnutls_x509_crt_get_pk_algorithm (crt,
+ NULL),
+ issuer_params, issuer_params_size);
+
+ /* release allocated mpis */
+ for (i = 0; i < issuer_params_size; i++)
+ {
+ _gnutls_mpi_release (&issuer_params[i]);
+ }
+
+ return ret;
+}
+
+
+
+/**
+ * gnutls_x509_crt_get_preferred_hash_algorithm:
+ * @crt: Holds the certificate
+ * @hash: The result of the call with the hash algorithm used for signature
+ * @mand: If non zero it means that the algorithm MUST use this hash. May be NULL.
+ *
+ * This function will read the certifcate and return the appropriate digest
+ * algorithm to use for signing with this certificate. Some certificates (i.e.
+ * DSA might not be able to sign without the preferred algorithm).
+ *
+ * Deprecated: Please use gnutls_pubkey_get_preferred_hash_algorithm().
+ *
+ * Returns: the 0 if the hash algorithm is found. A negative value is
+ * returned on error.
+ *
+ * Since: 2.11.0
+ **/
+int
+gnutls_x509_crt_get_preferred_hash_algorithm (gnutls_x509_crt_t crt,
+ gnutls_digest_algorithm_t *
+ hash, unsigned int *mand)
+{
+ bigint_t issuer_params[MAX_PUBLIC_PARAMS_SIZE];
+ int issuer_params_size;
+ int ret, i;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ issuer_params_size = MAX_PUBLIC_PARAMS_SIZE;
+ ret = _gnutls_x509_crt_get_mpis (crt, issuer_params, &issuer_params_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret =
+ _gnutls_pk_get_hash_algorithm (gnutls_x509_crt_get_pk_algorithm
+ (crt, NULL), issuer_params,
+ issuer_params_size, hash, mand);
+
+ /* release allocated mpis */
+ for (i = 0; i < issuer_params_size; i++)
+ {
+ _gnutls_mpi_release (&issuer_params[i]);
+ }
+
+ return ret;
+}
+
+/**
+ * gnutls_x509_crt_verify_data:
+ * @crt: Holds the certificate
+ * @flags: should be 0 for now
+ * @data: holds the data to be signed
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed data, using the
+ * parameters from the certificate.
+ *
+ * Deprecated. Please use gnutls_pubkey_verify_data().
+ *
+ * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
+ * is returned, and a positive code on success.
+ **/
+int
+gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, unsigned int flags,
+ const gnutls_datum_t * data,
+ const gnutls_datum_t * signature)
+{
+ int result;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_verify_signature (data, NULL, signature, crt);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_verify_hash:
+ * @crt: Holds the certificate
+ * @flags: should be 0 for now
+ * @hash: holds the hash digest to be verified
+ * @signature: contains the signature
+ *
+ * This function will verify the given signed digest, using the
+ * parameters from the certificate.
+ *
+ * Deprecated. Please use gnutls_pubkey_verify_data().
+ *
+ * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
+ * is returned, and a positive code on success.
+ **/
+int
+gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature)
+{
+ int result;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_verify_signature (NULL, hash, signature, crt);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_get_crl_dist_points:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.)
+ * @ret: is the place where the distribution point will be copied to
+ * @ret_size: holds the size of ret.
+ * @reason_flags: Revocation reasons flags.
+ * @critical: will be non zero if the extension is marked as critical (may be null)
+ *
+ * This function retrieves the CRL distribution points (2.5.29.31),
+ * contained in the given certificate in the X509v3 Certificate
+ * Extensions.
+ *
+ * @reason_flags should be an ORed sequence of
+ * %GNUTLS_CRL_REASON_UNUSED, %GNUTLS_CRL_REASON_KEY_COMPROMISE,
+ * %GNUTLS_CRL_REASON_CA_COMPROMISE,
+ * %GNUTLS_CRL_REASON_AFFILIATION_CHANGED,
+ * %GNUTLS_CRL_REASON_SUPERSEEDED,
+ * %GNUTLS_CRL_REASON_CESSATION_OF_OPERATION,
+ * %GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
+ * %GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN,
+ * %GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if
+ * &@ret_size is not enough to hold the distribution point, or the
+ * type of the distribution point if everything was ok. The type is
+ * one of the enumerated %gnutls_x509_subject_alt_name_t. If the
+ * certificate does not have an Alternative name with the specified
+ * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is
+ * returned.
+ **/
+int
+gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
+ unsigned int seq, void *ret,
+ size_t * ret_size,
+ unsigned int *reason_flags,
+ unsigned int *critical)
+{
+ int result;
+ gnutls_datum_t dist_points = { NULL, 0 };
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+ char name[ASN1_MAX_NAME_SIZE];
+ int len;
+ gnutls_x509_subject_alt_name_t type;
+ uint8_t reasons[2];
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (*ret_size > 0 && ret)
+ memset (ret, 0, *ret_size);
+ else
+ *ret_size = 0;
+
+ if (reason_flags)
+ *reason_flags = 0;
+
+ result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.31", 0, &dist_points,
+ critical);
+ if (result < 0)
+ {
+ return result;
+ }
+
+ if (dist_points.size == 0 || dist_points.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.CRLDistributionPoints", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&dist_points);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, dist_points.data, dist_points.size, NULL);
+ _gnutls_free_datum (&dist_points);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ /* Return the different names from the first CRLDistr. point.
+ * The whole thing is a mess.
+ */
+ _gnutls_str_cpy (name, sizeof (name), "?1.distributionPoint.fullName");
+
+ result = _gnutls_parse_general_name (c2, name, seq, ret, ret_size, NULL, 0);
+ if (result < 0)
+ {
+ asn1_delete_structure (&c2);
+ return result;
+ }
+
+ type = result;
+
+
+ /* Read the CRL reasons.
+ */
+ if (reason_flags)
+ {
+ _gnutls_str_cpy (name, sizeof (name), "?1.reasons");
+
+ reasons[0] = reasons[1] = 0;
+
+ len = sizeof (reasons);
+ result = asn1_read_value (c2, name, reasons, &len);
+
+ if (result != ASN1_VALUE_NOT_FOUND && result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ *reason_flags = reasons[0] | (reasons[1] << 8);
+ }
+
+ return type;
+}
+
+/**
+ * gnutls_x509_crt_get_key_purpose_oid:
+ * @cert: should contain a #gnutls_x509_crt_t structure
+ * @indx: This specifies which OID to return. Use zero to get the first one.
+ * @oid: a pointer to a buffer to hold the OID (may be null)
+ * @sizeof_oid: initially holds the size of @oid
+ * @critical: output flag to indicate criticality of extension
+ *
+ * This function will extract the key purpose OIDs of the Certificate
+ * specified by the given index. These are stored in the Extended Key
+ * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for
+ * human readable names.
+ *
+ * If @oid is null then only the size will be filled.
+ *
+ * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is
+ * not long enough, and in that case the *sizeof_oid will be updated
+ * with the required size. On success 0 is returned.
+ **/
+int
+gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
+ int indx, void *oid, size_t * sizeof_oid,
+ unsigned int *critical)
+{
+ char tmpstr[ASN1_MAX_NAME_SIZE];
+ int result, len;
+ gnutls_datum_t id;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (oid)
+ memset (oid, 0, *sizeof_oid);
+ else
+ *sizeof_oid = 0;
+
+ if ((result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &id,
+ critical)) < 0)
+ {
+ return result;
+ }
+
+ if (id.size == 0 || id.data == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (&id);
+ return _gnutls_asn2err (result);
+ }
+
+ result = asn1_der_decoding (&c2, id.data, id.size, NULL);
+ _gnutls_free_datum (&id);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ indx++;
+ /* create a string like "?1"
+ */
+ snprintf (tmpstr, sizeof (tmpstr), "?%u", indx);
+
+ len = *sizeof_oid;
+ result = asn1_read_value (c2, tmpstr, oid, &len);
+
+ *sizeof_oid = len;
+ asn1_delete_structure (&c2);
+
+ if (result == ASN1_VALUE_NOT_FOUND || result == ASN1_ELEMENT_NOT_FOUND)
+ {
+ return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ }
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_get_pk_rsa_raw:
+ * @crt: Holds the certificate
+ * @m: will hold the modulus
+ * @e: will hold the public exponent
+ *
+ * This function will export the RSA public key's parameters found in
+ * the given structure. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
+ gnutls_datum_t * m, gnutls_datum_t * e)
+{
+ int ret;
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
+ if (ret != GNUTLS_PK_RSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis (crt, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ ret = _gnutls_mpi_dprint_lz (params[0], m);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ ret = _gnutls_mpi_dprint_lz (params[1], e);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (m);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return ret;
+}
+
+/**
+ * gnutls_x509_crt_get_pk_dsa_raw:
+ * @crt: Holds the certificate
+ * @p: will hold the p
+ * @q: will hold the q
+ * @g: will hold the g
+ * @y: will hold the y
+ *
+ * This function will export the DSA public key's parameters found in
+ * the given certificate. The new parameters will be allocated using
+ * gnutls_malloc() and will be stored in the appropriate datum.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y)
+{
+ int ret;
+ bigint_t params[MAX_PUBLIC_PARAMS_SIZE];
+ int params_size = MAX_PUBLIC_PARAMS_SIZE;
+ int i;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = gnutls_x509_crt_get_pk_algorithm (crt, NULL);
+ if (ret != GNUTLS_PK_DSA)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret = _gnutls_x509_crt_get_mpis (crt, params, ¶ms_size);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+
+ /* P */
+ ret = _gnutls_mpi_dprint_lz (params[0], p);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto cleanup;
+ }
+
+ /* Q */
+ ret = _gnutls_mpi_dprint_lz (params[1], q);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ goto cleanup;
+ }
+
+
+ /* G */
+ ret = _gnutls_mpi_dprint_lz (params[2], g);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (q);
+ goto cleanup;
+ }
+
+
+ /* Y */
+ ret = _gnutls_mpi_dprint_lz (params[3], y);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ _gnutls_free_datum (p);
+ _gnutls_free_datum (g);
+ _gnutls_free_datum (q);
+ goto cleanup;
+ }
+
+ ret = 0;
+
+cleanup:
+ for (i = 0; i < params_size; i++)
+ {
+ _gnutls_mpi_release (¶ms[i]);
+ }
+ return ret;
+
+}
+
+#endif
+
+/**
+ * gnutls_x509_crt_list_import:
+ * @certs: The structures to store the parsed certificate. Must not be initialized.
+ * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available.
+ * @data: The PEM encoded certificate.
+ * @format: One of DER or PEM.
+ * @flags: must be zero or an OR'd sequence of gnutls_certificate_import_flags.
+ *
+ * This function will convert the given PEM encoded certificate list
+ * to the native gnutls_x509_crt_t format. The output will be stored
+ * in @certs. They will be automatically initialized.
+ *
+ * If the Certificate is PEM encoded it should have a header of "X509
+ * CERTIFICATE", or "CERTIFICATE".
+ *
+ * Returns: the number of certificates read or a negative error value.
+ **/
+int
+gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
+ unsigned int *cert_max,
+ const gnutls_datum_t * data,
+ gnutls_x509_crt_fmt_t format, unsigned int flags)
+{
+ int size;
+ const char *ptr;
+ gnutls_datum_t tmp;
+ int ret, nocopy = 0;
+ unsigned int count = 0, j;
+
+ if (format == GNUTLS_X509_FMT_DER)
+ {
+ if (*cert_max < 1)
+ {
+ *cert_max = 1;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+
+ count = 1; /* import only the first one */
+
+ ret = gnutls_x509_crt_init (&certs[0]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ ret = gnutls_x509_crt_import (certs[0], data, format);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ *cert_max = 1;
+ return 1;
+ }
+
+ /* move to the certificate
+ */
+ ptr = memmem (data->data, data->size,
+ PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr == NULL)
+ ptr = memmem (data->data, data->size,
+ PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1);
+
+ if (ptr == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ count = 0;
+
+ do
+ {
+ if (count >= *cert_max)
+ {
+ if (!(flags & GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED))
+ break;
+ else
+ nocopy = 1;
+ }
+
+ if (!nocopy)
+ {
+ ret = gnutls_x509_crt_init (&certs[count]);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ tmp.data = (void *) ptr;
+ tmp.size = data->size - (ptr - (char *) data->data);
+
+ ret =
+ gnutls_x509_crt_import (certs[count], &tmp, GNUTLS_X509_FMT_PEM);
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ }
+
+ /* now we move ptr after the pem header
+ */
+ ptr++;
+ /* find the next certificate (if any)
+ */
+ size = data->size - (ptr - (char *) data->data);
+
+ if (size > 0)
+ {
+ char *ptr2;
+
+ ptr2 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1);
+ if (ptr2 == NULL)
+ ptr2 = memmem (ptr, size, PEM_CERT_SEP2,
+ sizeof (PEM_CERT_SEP2) - 1);
+
+ ptr = ptr2;
+ }
+ else
+ ptr = NULL;
+
+ count++;
+ }
+ while (ptr != NULL);
+
+ *cert_max = count;
+
+ if (nocopy == 0)
+ return count;
+ else
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+
+error:
+ for (j = 0; j < count; j++)
+ gnutls_x509_crt_deinit (certs[j]);
+ return ret;
+}
+
+/**
+ * gnutls_x509_crt_get_subject_unique_id:
+ * @crt: Holds the certificate
+ * @buf: user allocated memory buffer, will hold the unique id
+ * @sizeof_buf: size of user allocated memory buffer (on input), will hold
+ * actual size of the unique ID on return.
+ *
+ * This function will extract the subjectUniqueID value (if present) for
+ * the given certificate.
+ *
+ * If the user allocated memory buffer is not large enough to hold the
+ * full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
+ * returned, and sizeof_buf will be set to the actual length.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf,
+ size_t * sizeof_buf)
+{
+ int result;
+ gnutls_datum_t datum = { NULL, 0 };
+
+ result =
+ _gnutls_x509_read_value (crt->cert, "tbsCertificate.subjectUniqueID",
+ &datum, 2);
+
+ if (datum.size > *sizeof_buf)
+ { /* then we're not going to fit */
+ *sizeof_buf = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ *sizeof_buf = datum.size;
+ memcpy (buf, datum.data, datum.size);
+ }
+
+ _gnutls_free_datum (&datum);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_get_issuer_unique_id:
+ * @crt: Holds the certificate
+ * @buf: user allocated memory buffer, will hold the unique id
+ * @sizeof_buf: size of user allocated memory buffer (on input), will hold
+ * actual size of the unique ID on return.
+ *
+ * This function will extract the issuerUniqueID value (if present) for
+ * the given certificate.
+ *
+ * If the user allocated memory buffer is not large enough to hold the
+ * full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be
+ * returned, and sizeof_buf will be set to the actual length.
+ *
+ * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error.
+ **/
+int
+gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf,
+ size_t * sizeof_buf)
+{
+ int result;
+ gnutls_datum_t datum = { NULL, 0 };
+
+ result =
+ _gnutls_x509_read_value (crt->cert, "tbsCertificate.issuerUniqueID",
+ &datum, 2);
+
+ if (datum.size > *sizeof_buf)
+ { /* then we're not going to fit */
+ *sizeof_buf = datum.size;
+ buf[0] = '\0';
+ result = GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ *sizeof_buf = datum.size;
+ memcpy (buf, datum.data, datum.size);
+ }
+
+ _gnutls_free_datum (&datum);
+
+ return result;
+}
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+#ifndef X509_H
+#define X509_H
+
+#include <gnutls/x509.h>
+#include <gnutls/abstract.h>
+
+#include <libtasn1.h>
+
+/* Remove these when we require libtasn1 v1.6 or later. */
+#ifndef ASN1_MAX_NAME_SIZE
+#define ASN1_MAX_NAME_SIZE MAX_NAME_SIZE
+#endif
+#ifndef ASN1_MAX_ERROR_DESCRIPTION_SIZE
+#define ASN1_MAX_ERROR_DESCRIPTION_SIZE MAX_ERROR_DESCRIPTION_SIZE
+#endif
+
+#define MAX_CRQ_EXTENSIONS_SIZE 8*1024
+#define MAX_OID_SIZE 128
+
+#define HASH_OID_SHA1 "1.3.14.3.2.26"
+#define HASH_OID_MD5 "1.2.840.113549.2.5"
+#define HASH_OID_MD2 "1.2.840.113549.2.2"
+#define HASH_OID_RMD160 "1.3.36.3.2.1"
+#define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
+#define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
+#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
+
+typedef struct gnutls_x509_crl_int
+{
+ ASN1_TYPE crl;
+ int use_extensions;
+} gnutls_x509_crl_int;
+
+typedef struct gnutls_x509_crt_int
+{
+ ASN1_TYPE cert;
+ int use_extensions;
+} gnutls_x509_crt_int;
+
+typedef struct gnutls_x509_crq_int
+{
+ ASN1_TYPE crq;
+} gnutls_x509_crq_int;
+
+typedef struct gnutls_pkcs7_int
+{
+ ASN1_TYPE pkcs7;
+} gnutls_pkcs7_int;
+
+#define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
+
+/* parameters should not be larger than this limit */
+#define DSA_PRIVATE_PARAMS 5
+#define DSA_PUBLIC_PARAMS 4
+#define RSA_PRIVATE_PARAMS 8
+#define RSA_PUBLIC_PARAMS 2
+
+#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
+#error INCREASE MAX_PRIV_PARAMS
+#endif
+
+#if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
+#error INCREASE MAX_PRIV_PARAMS
+#endif
+
+typedef struct gnutls_x509_privkey_int
+{
+ /* the size of params depends on the public
+ * key algorithm
+ */
+ bigint_t params[MAX_PRIV_PARAMS_SIZE];
+
+ /*
+ * RSA: [0] is modulus
+ * [1] is public exponent
+ * [2] is private exponent
+ * [3] is prime1 (p)
+ * [4] is prime2 (q)
+ * [5] is coefficient (u == inverse of p mod q)
+ * note that other packages used inverse of q mod p,
+ * so we need to perform conversions on import/export
+ * using fixup.
+ * The following two are also not always available thus fixup
+ * will generate them.
+ * [6] e1 == d mod (p-1)
+ * [7] e2 == d mod (q-1)
+ * DSA: [0] is p
+ * [1] is q
+ * [2] is g
+ * [3] is y (public key)
+ * [4] is x (private key)
+ */
+ int params_size; /* holds the number of params */
+
+ gnutls_pk_algorithm_t pk_algorithm;
+
+ /* The crippled keys will not use the ASN1_TYPE key. The encoding
+ * will only be performed at the export phase, to optimize copying
+ * etc. Cannot be used with the exported API (used internally only).
+ */
+ int crippled;
+
+ ASN1_TYPE key;
+} gnutls_x509_privkey_int;
+
+int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
+
+
+int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
+ const gnutls_datum_t * dn2);
+
+
+int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
+int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
+ gnutls_datum_t * dn);
+
+/* sign.c */
+int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
+ gnutls_datum_t * tbs);
+int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
+ gnutls_digest_algorithm_t,
+ gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key);
+
+/* dn.c */
+#define OID_X520_COUNTRY_NAME "2.5.4.6"
+#define OID_X520_ORGANIZATION_NAME "2.5.4.10"
+#define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
+#define OID_X520_COMMON_NAME "2.5.4.3"
+#define OID_X520_LOCALITY_NAME "2.5.4.7"
+#define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
+#define OID_LDAP_DC "0.9.2342.19200300.100.1.25"
+#define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
+#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
+
+int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, char *buf,
+ size_t * sizeof_buf);
+
+int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, const char *oid,
+ int indx, unsigned int raw_flag, void *buf,
+ size_t * sizeof_buf);
+
+int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name, const char *oid,
+ int raw_flag, const char *name, int sizeof_name);
+
+int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
+ const char *asn1_rdn_name,
+ int indx, void *_oid, size_t * sizeof_oid);
+
+int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
+ int seq, void *name, size_t * name_size,
+ unsigned int *ret_type, int othername_oid);
+
+/* dsa.c */
+
+
+/* verify.c */
+int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
+ gnutls_x509_crt_t issuer);
+
+int
+_gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_pk_algorithm_t pk,
+ bigint_t * issuer_params,
+ unsigned int issuer_params_size);
+
+int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
+ const gnutls_datum_t * hash,
+ const gnutls_datum_t * signature,
+ gnutls_x509_crt_t issuer);
+int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
+ const gnutls_datum_t * signature,
+ gnutls_x509_privkey_t issuer);
+
+/* privkey.h */
+ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
+ raw_key,
+ gnutls_x509_privkey_t pkey);
+int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params);
+
+/* extensions.c */
+int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *_critical);
+
+int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
+ int indx, void *oid,
+ size_t * sizeof_oid);
+
+int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
+
+int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
+ const char *extension_id, int indx,
+ gnutls_datum_t * ret,
+ unsigned int *critical);
+int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
+ int indx, void *ret,
+ size_t * ret_size);
+int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
+ opaque * extnValue, int extnValueLen);
+int _gnutls_x509_ext_extract_basicConstraints (int *CA,
+ int *pathLenConstraint,
+ opaque * extnValue,
+ int extnValueLen);
+int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
+ const char *extension_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
+
+int
+_gnutls_x509_ext_extract_number (opaque * number,
+ size_t * nr_size,
+ opaque * extnValue, int extnValueLen);
+int
+_gnutls_x509_ext_gen_number (const opaque * nuber, size_t nr_size,
+ gnutls_datum_t * der_ext);
+
+
+int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
+ type, const void *data,
+ unsigned int data_size,
+ gnutls_datum_t * prev_der_ext,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags,
+ gnutls_datum_t * der_ext);
+int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
+ gnutls_datum_t * der_data);
+int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
+ gnutls_datum_t * der_data);
+int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
+ char **policyLanguage,
+ char **policy,
+ size_t * sizeof_policy,
+ opaque * extnValue,
+ int extnValueLen);
+int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy,
+ size_t sizeof_policy,
+ gnutls_datum_t * der_ext);
+
+/* mpi.c */
+int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
+ bigint_t * params, int *params_size);
+
+int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
+ bigint_t * params, int *params_size);
+int _gnutls_x509_read_rsa_params (opaque * der, int dersize,
+ bigint_t * params);
+int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize,
+ bigint_t * params);
+int _gnutls_x509_read_dsa_params (opaque * der, int dersize,
+ bigint_t * params);
+
+int _gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
+ gnutls_datum_t * der);
+int _gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
+ gnutls_datum_t * der);
+int _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
+ gnutls_datum_t * der);
+
+int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
+ unsigned int *ret);
+
+int _gnutls_x509_read_der_int (opaque * der, int dersize, bigint_t * out);
+
+int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
+ bigint_t * ret_mpi);
+int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
+ int lz);
+int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
+ uint32_t num);
+
+int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
+ gnutls_pk_algorithm_t pk_algorithm,
+ gnutls_digest_algorithm_t);
+
+/* pkcs12.h */
+#include <gnutls/pkcs12.h>
+
+typedef struct gnutls_pkcs12_int
+{
+ ASN1_TYPE pkcs12;
+} gnutls_pkcs12_int;
+
+#define MAX_BAG_ELEMENTS 32
+
+struct bag_element
+{
+ gnutls_datum_t data;
+ gnutls_pkcs12_bag_type_t type;
+ gnutls_datum_t local_key_id;
+ char *friendly_name;
+};
+
+typedef struct gnutls_pkcs12_bag_int
+{
+ struct bag_element element[MAX_BAG_ELEMENTS];
+ int bag_elements;
+} gnutls_pkcs12_bag_int;
+
+#define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
+#define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
+#define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
+#define BAG_CRL "1.2.840.113549.1.12.10.1.4"
+#define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
+
+/* PKCS #7
+ */
+#define DATA_OID "1.2.840.113549.1.7.1"
+#define ENC_DATA_OID "1.2.840.113549.1.7.6"
+
+/* Bag attributes
+ */
+#define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
+#define KEY_ID_OID "1.2.840.113549.1.9.21"
+
+int
+_gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
+ unsigned int salt_size, unsigned int iter,
+ const char *pw, unsigned int req_keylen,
+ opaque * keybuf);
+
+int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * dec);
+
+typedef enum schema_id
+{
+ PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
+ PBES2_3DES, /* the stuff in PKCS #5 */
+ PBES2_AES_128,
+ PBES2_AES_192,
+ PBES2_AES_256,
+ PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
+ PKCS12_ARCFOUR_SHA1,
+ PKCS12_RC2_40_SHA1
+} schema_id;
+
+int _gnutls_pkcs_flags_to_schema (unsigned int flags);
+int _gnutls_pkcs7_encrypt_data (schema_id schema,
+ const gnutls_datum_t * data,
+ const char *password, gnutls_datum_t * enc);
+int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
+ gnutls_pkcs12_bag_t bag);
+
+int
+_pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
+ int *enc);
+
+int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * in, gnutls_datum_t * out);
+int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
+ const gnutls_datum_t * raw, gnutls_datum_t * out);
+
+/* crq */
+int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
+ const char *ext_id,
+ const gnutls_datum_t * ext_data,
+ unsigned int critical);
+
+#endif
--- /dev/null
+/*
+ * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+ * Software Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* This file contains functions to handle X.509 certificate generation.
+ */
+
+#include <gnutls_int.h>
+
+#ifdef ENABLE_PKI
+
+#include <gnutls_datum.h>
+#include <gnutls_global.h>
+#include <gnutls_errors.h>
+#include <common.h>
+#include <gnutls_x509.h>
+#include <x509_b64.h>
+#include "x509_int.h"
+#include <libtasn1.h>
+
+static void disable_optional_stuff (gnutls_x509_crt_t cert);
+
+/**
+ * gnutls_x509_crt_set_dn_by_oid:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @oid: holds an Object Identifier in a null terminated string
+ * @raw_flag: must be 0, or 1 if the data are DER encoded
+ * @name: a pointer to the name
+ * @sizeof_name: holds the size of @name
+ *
+ * This function will set the part of the name of the Certificate
+ * subject, specified by the given OID. The input string should be
+ * ASCII or UTF-8 encoded.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * With this function you can only set the known OIDs. You can test
+ * for known OIDs using gnutls_x509_dn_oid_known(). For OIDs that are
+ * not known (by gnutls) you should properly DER encode your data,
+ * and call this function with @raw_flag set.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid,
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
+{
+ if (sizeof_name == 0 || name == NULL || crt == NULL)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
+ oid, raw_flag, name, sizeof_name);
+}
+
+/**
+ * gnutls_x509_crt_set_issuer_dn_by_oid:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @oid: holds an Object Identifier in a null terminated string
+ * @raw_flag: must be 0, or 1 if the data are DER encoded
+ * @name: a pointer to the name
+ * @sizeof_name: holds the size of @name
+ *
+ * This function will set the part of the name of the Certificate
+ * issuer, specified by the given OID. The input string should be
+ * ASCII or UTF-8 encoded.
+ *
+ * Some helper macros with popular OIDs can be found in gnutls/x509.h
+ * With this function you can only set the known OIDs. You can test
+ * for known OIDs using gnutls_x509_dn_oid_known(). For OIDs that are
+ * not known (by gnutls) you should properly DER encode your data,
+ * and call this function with @raw_flag set.
+ *
+ * Normally you do not need to call this function, since the signing
+ * operation will copy the signer's name as the issuer of the
+ * certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
+ const char *oid,
+ unsigned int raw_flag,
+ const void *name,
+ unsigned int sizeof_name)
+{
+ if (sizeof_name == 0 || name == NULL || crt == NULL)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.issuer", oid,
+ raw_flag, name, sizeof_name);
+}
+
+/**
+ * gnutls_x509_crt_set_proxy_dn:
+ * @crt: a gnutls_x509_crt_t structure with the new proxy cert
+ * @eecrt: the end entity certificate that will be issuing the proxy
+ * @raw_flag: must be 0, or 1 if the CN is DER encoded
+ * @name: a pointer to the CN name, may be NULL (but MUST then be added later)
+ * @sizeof_name: holds the size of @name
+ *
+ * This function will set the subject in @crt to the end entity's
+ * @eecrt subject name, and add a single Common Name component @name
+ * of size @sizeof_name. This corresponds to the required proxy
+ * certificate naming style. Note that if @name is %NULL, you MUST
+ * set it later by using gnutls_x509_crt_set_dn_by_oid() or similar.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt,
+ unsigned int raw_flag, const void *name,
+ unsigned int sizeof_name)
+{
+ int result;
+
+ if (crt == NULL || eecrt == NULL)
+ {
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
+ eecrt->cert, "tbsCertificate.subject");
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ if (name && sizeof_name)
+ {
+ return _gnutls_x509_set_dn_oid (crt->cert, "tbsCertificate.subject",
+ GNUTLS_OID_X520_COMMON_NAME,
+ raw_flag, name, sizeof_name);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_version:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @version: holds the version number. For X.509v1 certificates must be 1.
+ *
+ * This function will set the version of the certificate. This must
+ * be one for X.509 version 1, and so on. Plain certificates without
+ * extensions must have version set to one.
+ *
+ * To create well-formed certificates, you must specify version 3 if
+ * you use any certificate extensions. Extensions are created by
+ * functions such as gnutls_x509_crt_set_subject_alt_name()
+ * or gnutls_x509_crt_set_key_usage().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version)
+{
+ int result;
+ unsigned char null = version;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (null > 0)
+ null--;
+
+ result = asn1_write_value (crt->cert, "tbsCertificate.version", &null, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_key:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @key: holds a private key
+ *
+ * This function will set the public parameters from the given
+ * private key to the certificate. Only RSA keys are currently
+ * supported.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ **/
+int
+gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key)
+{
+ int result;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_encode_and_copy_PKI_params (crt->cert,
+ "tbsCertificate.subjectPublicKeyInfo",
+ key->pk_algorithm,
+ key->params,
+ key->params_size);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_crq:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @crq: holds a certificate request
+ *
+ * This function will set the name and public parameters as well as
+ * the extensions from the given certificate request to the certificate.
+ * Only RSA keys are currently supported.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq)
+{
+ int result;
+
+ if (crt == NULL || crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_copy_node (crt->cert, "tbsCertificate.subject",
+ crq->crq, "certificationRequestInfo.subject");
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result =
+ asn1_copy_node (crt->cert, "tbsCertificate.subjectPublicKeyInfo",
+ crq->crq, "certificationRequestInfo.subjectPKInfo");
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_crq_extensions:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @crq: holds a certificate request
+ *
+ * This function will set extensions from the given request to the
+ * certificate.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.8.0
+ **/
+int
+gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt,
+ gnutls_x509_crq_t crq)
+{
+ size_t i;
+
+ if (crt == NULL || crq == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ for (i = 0;; i++)
+ {
+ int result;
+ char oid[MAX_OID_SIZE];
+ size_t oid_size;
+ opaque *extensions;
+ size_t extensions_size;
+ unsigned int critical;
+ gnutls_datum_t ext;
+
+ oid_size = sizeof (oid);
+ result = gnutls_x509_crq_get_extension_info (crq, i, oid,
+ &oid_size, &critical);
+ if (result < 0)
+ {
+ if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ break;
+
+ gnutls_assert ();
+ return result;
+ }
+
+ extensions_size = 0;
+ result = gnutls_x509_crq_get_extension_data (crq, i, NULL,
+ &extensions_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ extensions = gnutls_malloc (extensions_size);
+ if (extensions == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ result = gnutls_x509_crq_get_extension_data (crq, i, extensions,
+ &extensions_size);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ gnutls_free (extensions);
+ return result;
+ }
+
+ ext.data = extensions;
+ ext.size = extensions_size;
+
+ result = _gnutls_x509_crt_set_extension (crt, oid, &ext, critical);
+ gnutls_free (extensions);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ if (i > 0)
+ crt->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_extension_by_oid:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @oid: holds an Object Identified in null terminated string
+ * @buf: a pointer to a DER encoded data
+ * @sizeof_buf: holds the size of @buf
+ * @critical: should be non zero if the extension is to be marked as critical
+ *
+ * This function will set an the extension, by the specified OID, in
+ * the certificate. The extension data should be binary data DER
+ * encoded.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
+ const char *oid, const void *buf,
+ size_t sizeof_buf,
+ unsigned int critical)
+{
+ int result;
+ gnutls_datum_t der_data;
+
+ der_data.data = (void *) buf;
+ der_data.size = sizeof_buf;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = _gnutls_x509_crt_set_extension (crt, oid, &der_data, critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_set_basic_constraints:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @ca: true(1) or false(0). Depending on the Certificate authority status.
+ * @pathLenConstraint: non-negative values indicate maximum length of path,
+ * and negative values indicate that the pathLenConstraints field should
+ * not be present.
+ *
+ * This function will set the basicConstraints certificate extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
+ unsigned int ca, int pathLenConstraint)
+{
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_basicConstraints (ca, pathLenConstraint,
+ &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension (crt, "2.5.29.19", &der_data, 1);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_ca_status:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @ca: true(1) or false(0). Depending on the Certificate authority status.
+ *
+ * This function will set the basicConstraints certificate extension.
+ * Use gnutls_x509_crt_set_basic_constraints() if you want to control
+ * the pathLenConstraint field too.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca)
+{
+ return gnutls_x509_crt_set_basic_constraints (crt, ca, -1);
+}
+
+/**
+ * gnutls_x509_crt_set_key_usage:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @usage: an ORed sequence of the GNUTLS_KEY_* elements.
+ *
+ * This function will set the keyUsage certificate extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage)
+{
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_keyUsage ((uint16_t) usage, &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension (crt, "2.5.29.15", &der_data, 1);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_subject_alternative_name:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @type: is one of the gnutls_x509_subject_alt_name_t enumerations
+ * @data_string: The data to be set, a zero terminated string
+ *
+ * This function will set the subject alternative name certificate
+ * extension. This function assumes that data can be expressed as a null
+ * terminated string.
+ *
+ * The name of the function is unfortunate since it is incosistent with
+ * gnutls_x509_crt_get_subject_alt_name().
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t
+ type, const char *data_string)
+{
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* only handle text extensions */
+ if (type != GNUTLS_SAN_DNSNAME && type != GNUTLS_SAN_RFC822NAME &&
+ type != GNUTLS_SAN_URI)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return gnutls_x509_crt_set_subject_alt_name (crt, type, data_string,
+ strlen (data_string),
+ GNUTLS_FSAN_SET);
+}
+
+/**
+ * gnutls_x509_crt_set_subject_alt_name:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @type: is one of the gnutls_x509_subject_alt_name_t enumerations
+ * @data: The data to be set
+ * @data_size: The size of data to be set
+ * @flags: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append.
+ *
+ * This function will set the subject alternative name certificate
+ * extension. It can set the following types:
+ *
+ * &GNUTLS_SAN_DNSNAME: as a text string
+ *
+ * &GNUTLS_SAN_RFC822NAME: as a text string
+ *
+ * &GNUTLS_SAN_URI: as a text string
+ *
+ * &GNUTLS_SAN_IPADDRESS: as a binary IP address (4 or 16 bytes)
+ *
+ * Other values can be set as binary values with the proper DER encoding.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int flags)
+{
+ int result;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t prev_der_data = { NULL, 0 };
+ unsigned int critical = 0;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+
+ if (flags == GNUTLS_FSAN_APPEND)
+ {
+ result = _gnutls_x509_crt_get_extension (crt, "2.5.29.17", 0,
+ &prev_der_data, &critical);
+ if (result < 0 && result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ gnutls_assert ();
+ return result;
+ }
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_subject_alt_name (type, data, data_size,
+ &prev_der_data, &der_data);
+
+ if (flags == GNUTLS_FSAN_APPEND)
+ _gnutls_free_datum (&prev_der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto finish;
+ }
+
+ result = _gnutls_x509_crt_set_extension (crt, "2.5.29.17", &der_data,
+ critical);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+
+finish:
+ _gnutls_free_datum (&prev_der_data);
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_set_proxy:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @pathLenConstraint: non-negative values indicate maximum length of path,
+ * and negative values indicate that the pathLenConstraints field should
+ * not be present.
+ * @policyLanguage: OID describing the language of @policy.
+ * @policy: opaque byte array with policy language, can be %NULL
+ * @sizeof_policy: size of @policy.
+ *
+ * This function will set the proxyCertInfo extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
+ int pathLenConstraint,
+ const char *policyLanguage,
+ const char *policy, size_t sizeof_policy)
+{
+ int result;
+ gnutls_datum_t der_data;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_proxyCertInfo (pathLenConstraint,
+ policyLanguage,
+ policy, sizeof_policy,
+ &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension (crt, "1.3.6.1.5.5.7.1.14",
+ &der_data, 1);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_sign2:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ * @dig: The message digest to use, %GNUTLS_DIG_SHA1 is a safe choice
+ * @flags: must be 0
+ *
+ * This function will sign the certificate with the issuer's private key, and
+ * will copy the issuer's information into the certificate.
+ *
+ * This must be the last step in a certificate generation since all
+ * the previously set parameters are now signed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig, unsigned int flags)
+{
+ int result;
+ gnutls_privkey_t privkey;
+
+ if (crt == NULL || issuer == NULL || issuer_key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = gnutls_privkey_init (&privkey);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = gnutls_privkey_import_x509 (privkey, issuer_key, 0);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ result = gnutls_x509_crt_privkey_sign (crt, issuer, privkey, dig, flags);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto fail;
+ }
+
+ result = 0;
+
+fail:
+ gnutls_privkey_deinit (privkey);
+
+ return result;
+}
+
+/**
+ * gnutls_x509_crt_sign:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ *
+ * This function is the same a gnutls_x509_crt_sign2() with no flags,
+ * and SHA1 as the hash algorithm.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_x509_privkey_t issuer_key)
+{
+ return gnutls_x509_crt_sign2 (crt, issuer, issuer_key, GNUTLS_DIG_SHA1, 0);
+}
+
+/**
+ * gnutls_x509_crt_set_activation_time:
+ * @cert: a certificate of type #gnutls_x509_crt_t
+ * @act_time: The actual time
+ *
+ * This function will set the time this Certificate was or will be
+ * activated.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ return _gnutls_x509_set_time (cert->cert,
+ "tbsCertificate.validity.notBefore",
+ act_time);
+}
+
+/**
+ * gnutls_x509_crt_set_expiration_time:
+ * @cert: a certificate of type #gnutls_x509_crt_t
+ * @exp_time: The actual time
+ *
+ * This function will set the time this Certificate will expire.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time)
+{
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+ return _gnutls_x509_set_time (cert->cert,
+ "tbsCertificate.validity.notAfter", exp_time);
+}
+
+/**
+ * gnutls_x509_crt_set_serial:
+ * @cert: a certificate of type #gnutls_x509_crt_t
+ * @serial: The serial number
+ * @serial_size: Holds the size of the serial field.
+ *
+ * This function will set the X.509 certificate's serial number.
+ * Serial is not always a 32 or 64bit number. Some CAs use large
+ * serial numbers, thus it may be wise to handle it as something
+ * opaque.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial,
+ size_t serial_size)
+{
+ int ret;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ asn1_write_value (cert->cert, "tbsCertificate.serialNumber", serial,
+ serial_size);
+ if (ret != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (ret);
+ }
+
+ return 0;
+
+}
+
+/* If OPTIONAL fields have not been initialized then
+ * disable them.
+ */
+static void
+disable_optional_stuff (gnutls_x509_crt_t cert)
+{
+
+ asn1_write_value (cert->cert, "tbsCertificate.issuerUniqueID", NULL, 0);
+
+ asn1_write_value (cert->cert, "tbsCertificate.subjectUniqueID", NULL, 0);
+
+ if (cert->use_extensions == 0)
+ {
+ _gnutls_x509_log ("Disabling X.509 extensions.\n");
+ asn1_write_value (cert->cert, "tbsCertificate.extensions", NULL, 0);
+ }
+
+ return;
+}
+
+/**
+ * gnutls_x509_crt_set_crl_dist_points:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @type: is one of the gnutls_x509_subject_alt_name_t enumerations
+ * @data_string: The data to be set
+ * @reason_flags: revocation reasons
+ *
+ * This function will set the CRL distribution points certificate extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data_string,
+ unsigned int reason_flags)
+{
+ return gnutls_x509_crt_set_crl_dist_points2 (crt, type, data_string,
+ strlen (data_string),
+ reason_flags);
+}
+
+/**
+ * gnutls_x509_crt_set_crl_dist_points2:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @type: is one of the gnutls_x509_subject_alt_name_t enumerations
+ * @data: The data to be set
+ * @data_size: The data size
+ * @reason_flags: revocation reasons
+ *
+ * This function will set the CRL distribution points certificate extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ *
+ * Since: 2.6.0
+ **/
+int
+gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt,
+ gnutls_x509_subject_alt_name_t type,
+ const void *data,
+ unsigned int data_size,
+ unsigned int reason_flags)
+{
+ int result;
+ gnutls_datum_t der_data = { NULL, 0 };
+ gnutls_datum_t oldname = { NULL, 0 };
+ unsigned int critical;
+
+ if (crt == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension (crt, "2.5.29.31", 0, &oldname, &critical);
+
+ _gnutls_free_datum (&oldname);
+
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result =
+ _gnutls_x509_ext_gen_crl_dist_points (type, data, data_size,
+ reason_flags, &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension (crt, "2.5.29.31", &der_data, 0);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ crt->use_extensions = 1;
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_cpy_crl_dist_points:
+ * @dst: a certificate of type #gnutls_x509_crt_t
+ * @src: the certificate where the dist points will be copied from
+ *
+ * This function will copy the CRL distribution points certificate
+ * extension, from the source to the destination certificate.
+ * This may be useful to copy from a CA certificate to issued ones.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
+ gnutls_x509_crt_t src)
+{
+ int result;
+ gnutls_datum_t der_data;
+ unsigned int critical;
+
+ if (dst == NULL || src == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension (src, "2.5.29.31", 0, &der_data,
+ &critical);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result =
+ _gnutls_x509_crt_set_extension (dst, "2.5.29.31", &der_data, critical);
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ dst->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_subject_key_id:
+ * @cert: a certificate of type #gnutls_x509_crt_t
+ * @id: The key ID
+ * @id_size: Holds the size of the serial field.
+ *
+ * This function will set the X.509 certificate's subject key ID
+ * extension.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
+ const void *id, size_t id_size)
+{
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.14", 0, &old_id, &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum (&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_key_id (id, id_size, &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension (cert, "2.5.29.14", &der_data, 0);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_authority_key_id:
+ * @cert: a certificate of type #gnutls_x509_crt_t
+ * @id: The key ID
+ * @id_size: Holds the size of the serial field.
+ *
+ * This function will set the X.509 certificate's authority key ID extension.
+ * Only the keyIdentifier field can be set with this function.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
+ const void *id, size_t id_size)
+{
+ int result;
+ gnutls_datum_t old_id, der_data;
+ unsigned int critical;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.35", 0, &old_id, &critical);
+
+ if (result >= 0)
+ _gnutls_free_datum (&old_id);
+ if (result != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* generate the extension.
+ */
+ result = _gnutls_x509_ext_gen_auth_key_id (id, id_size, &der_data);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ result = _gnutls_x509_crt_set_extension (cert, "2.5.29.35", &der_data, 0);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
+}
+
+/**
+ * gnutls_x509_crt_set_key_purpose_oid:
+ * @cert: a certificate of type #gnutls_x509_crt_t
+ * @oid: a pointer to a null terminated string that holds the OID
+ * @critical: Whether this extension will be critical or not
+ *
+ * This function will set the key purpose OIDs of the Certificate.
+ * These are stored in the Extended Key Usage extension (2.5.29.37)
+ * See the GNUTLS_KP_* definitions for human readable names.
+ *
+ * Subsequent calls to this function will append OIDs to the OID list.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned,
+ * otherwise an error code is returned.
+ **/
+int
+gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
+ const void *oid, unsigned int critical)
+{
+ int result;
+ gnutls_datum_t old_id, der_data;
+ ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
+
+ if (cert == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ result = asn1_create_element
+ (_gnutls_get_pkix (), "PKIX1.ExtKeyUsageSyntax", &c2);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ /* Check if the extension already exists.
+ */
+ result =
+ _gnutls_x509_crt_get_extension (cert, "2.5.29.37", 0, &old_id, NULL);
+
+ if (result >= 0)
+ {
+ /* decode it.
+ */
+ result = asn1_der_decoding (&c2, old_id.data, old_id.size, NULL);
+ _gnutls_free_datum (&old_id);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ }
+
+ /* generate the extension.
+ */
+ /* 1. create a new element.
+ */
+ result = asn1_write_value (c2, "", "NEW", 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ /* 2. Add the OID.
+ */
+ result = asn1_write_value (c2, "?LAST", oid, 1);
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ asn1_delete_structure (&c2);
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_der_encode (c2, "", &der_data, 0);
+ asn1_delete_structure (&c2);
+
+ if (result != ASN1_SUCCESS)
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = _gnutls_x509_crt_set_extension (cert, "2.5.29.37",
+ &der_data, critical);
+
+ _gnutls_free_datum (&der_data);
+
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ cert->use_extensions = 1;
+
+ return 0;
+
+}
+
+/**
+ * gnutls_x509_crt_privkey_sign:
+ * @crt: a certificate of type #gnutls_x509_crt_t
+ * @issuer: is the certificate of the certificate issuer
+ * @issuer_key: holds the issuer's private key
+ * @dig: The message digest to use, %GNUTLS_DIG_SHA1 is a safe choice
+ * @flags: must be 0
+ *
+ * This function will sign the certificate with the issuer's private key, and
+ * will copy the issuer's information into the certificate.
+ *
+ * This must be the last step in a certificate generation since all
+ * the previously set parameters are now signed.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
+ * negative error value.
+ **/
+int
+gnutls_x509_crt_privkey_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer,
+ gnutls_privkey_t issuer_key,
+ gnutls_digest_algorithm_t dig,
+ unsigned int flags)
+{
+ int result;
+
+ if (crt == NULL || issuer == NULL || issuer_key == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ /* disable all the unneeded OPTIONAL fields.
+ */
+ disable_optional_stuff (crt);
+
+ result = _gnutls_x509_pkix_sign (crt->cert, "tbsCertificate",
+ dig, issuer, issuer_key);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ return result;
+ }
+
+ return 0;
+}
+
+
+#endif /* ENABLE_PKI */
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2003, 2004, 2005, 2008, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+/* Functions that relate to base64 encoding and decoding.
+ */
+
+#include "gnutls_int.h"
+#include "gnutls_errors.h"
+#include <gnutls_datum.h>
+#include <x509_b64.h>
+
+static const uint8_t b64table[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+static const uint8_t asciitable[128] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39,
+ 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
+ 0xff, 0xf1, 0xff, 0xff, 0xff, 0x00, /* 0xf1 for '=' */
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e,
+ 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a,
+ 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+ 0x31, 0x32, 0x33, 0xff, 0xff, 0xff,
+ 0xff, 0xff
+};
+
+inline static int
+encode (char *result, const uint8_t * data, int left)
+{
+
+ int data_len;
+
+ if (left > 3)
+ data_len = 3;
+ else
+ data_len = left;
+
+ switch (data_len)
+ {
+ case 3:
+ result[0] = b64table[(data[0] >> 2)];
+ result[1] =
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ (data[1] >> 4))];
+ result[2] =
+ b64table[((((data[1] & 0x0f) << 2) & 0xff) | (data[2] >> 6))];
+ result[3] = b64table[(((data[2] << 2) & 0xff) >> 2)];
+ break;
+ case 2:
+ result[0] = b64table[(data[0] >> 2)];
+ result[1] =
+ b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff) |
+ (data[1] >> 4))];
+ result[2] = b64table[(((data[1] << 4) & 0xff) >> 2)];
+ result[3] = '=';
+ break;
+ case 1:
+ result[0] = b64table[(data[0] >> 2)];
+ result[1] = b64table[(((((data[0] & 0x03) & 0xff) << 4) & 0xff))];
+ result[2] = '=';
+ result[3] = '=';
+ break;
+ default:
+ return -1;
+ }
+
+ return 4;
+
+}
+
+/* data must be 4 bytes
+ * result should be 3 bytes
+ */
+#define TOASCII(c) (c < 127 ? asciitable[c] : 0xff)
+inline static int
+decode (uint8_t * result, const opaque * data)
+{
+ uint8_t a1, a2;
+ int ret = 3;
+
+ a1 = TOASCII (data[0]);
+ a2 = TOASCII (data[1]);
+ if (a1 == 0xff || a2 == 0xff)
+ return -1;
+ result[0] = ((a1 << 2) & 0xff) | ((a2 >> 4) & 0xff);
+
+ a1 = a2;
+ a2 = TOASCII (data[2]);
+ if (a2 == 0xff)
+ return -1;
+ result[1] = ((a1 << 4) & 0xff) | ((a2 >> 2) & 0xff);
+
+ a1 = a2;
+ a2 = TOASCII (data[3]);
+ if (a2 == 0xff)
+ return -1;
+ result[2] = ((a1 << 6) & 0xff) | (a2 & 0xff);
+
+ if (data[2] == '=')
+ ret--;
+
+ if (data[3] == '=')
+ ret--;
+ return ret;
+}
+
+/* encodes data and puts the result into result (locally allocated)
+ * The result_size is the return value
+ */
+int
+_gnutls_base64_encode (const uint8_t * data, size_t data_size,
+ uint8_t ** result)
+{
+ unsigned int i, j;
+ int ret, tmp;
+ char tmpres[4];
+
+ ret = B64SIZE (data_size);
+
+ (*result) = gnutls_malloc (ret + 1);
+ if ((*result) == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ for (i = j = 0; i < data_size; i += 3, j += 4)
+ {
+ tmp = encode (tmpres, &data[i], data_size - i);
+ if (tmp == -1)
+ {
+ gnutls_free ((*result));
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+ memcpy (&(*result)[j], tmpres, tmp);
+ }
+ (*result)[ret] = 0; /* null terminated */
+
+ return ret;
+}
+
+#define INCR(what, size) \
+ do { \
+ what+=size; \
+ if (what > ret) { \
+ gnutls_assert(); \
+ gnutls_free( (*result)); *result = NULL; \
+ return GNUTLS_E_INTERNAL_ERROR; \
+ } \
+ } while(0)
+
+/* encodes data and puts the result into result (locally allocated)
+ * The result_size (including the null terminator) is the return value.
+ */
+int
+_gnutls_fbase64_encode (const char *msg, const uint8_t * data,
+ int data_size, uint8_t ** result)
+{
+ int i, ret, tmp, j;
+ char tmpres[4];
+ uint8_t *ptr;
+ uint8_t top[80];
+ uint8_t bottom[80];
+ int pos, bytes, top_len, bottom_len;
+ size_t msglen = strlen (msg);
+
+ if (msglen > 50)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_ENCODING_ERROR;
+ }
+
+ memset (bottom, 0, sizeof (bottom));
+ memset (top, 0, sizeof (top));
+
+ strcat (top, "-----BEGIN "); /* Flawfinder: ignore */
+ strcat (top, msg); /* Flawfinder: ignore */
+ strcat (top, "-----"); /* Flawfinder: ignore */
+
+ strcat (bottom, "\n-----END "); /* Flawfinder: ignore */
+ strcat (bottom, msg); /* Flawfinder: ignore */
+ strcat (bottom, "-----\n"); /* Flawfinder: ignore */
+
+ top_len = strlen (top);
+ bottom_len = strlen (bottom);
+
+ ret = B64FSIZE (msglen, data_size);
+
+ (*result) = gnutls_calloc (1, ret + 1);
+ if ((*result) == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_MEMORY_ERROR;
+ }
+
+ bytes = pos = 0;
+ INCR (bytes, top_len);
+ pos = top_len;
+
+ strcpy (*result, top); /* Flawfinder: ignore */
+
+ for (i = j = 0; i < data_size; i += 3, j += 4)
+ {
+
+ tmp = encode (tmpres, &data[i], data_size - i);
+ if (tmp == -1)
+ {
+ gnutls_assert ();
+ gnutls_free ((*result));
+ *result = NULL;
+ return GNUTLS_E_BASE64_ENCODING_ERROR;
+ }
+
+ INCR (bytes, 4);
+ ptr = &(*result)[j + pos];
+
+ if ((j) % 64 == 0)
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
+ *ptr++ = tmpres[0];
+
+ if ((j + 1) % 64 == 0)
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
+ *ptr++ = tmpres[1];
+
+ if ((j + 2) % 64 == 0)
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
+ *ptr++ = tmpres[2];
+
+ if ((j + 3) % 64 == 0)
+ {
+ INCR (bytes, 1);
+ pos++;
+ *ptr++ = '\n';
+ }
+ *ptr++ = tmpres[3];
+ }
+
+ INCR (bytes, bottom_len);
+
+ memcpy (&(*result)[bytes - bottom_len], bottom, bottom_len);
+ (*result)[bytes] = 0;
+
+ return ret + 1;
+}
+
+/**
+ * gnutls_pem_base64_encode:
+ * @msg: is a message to be put in the header
+ * @data: contain the raw data
+ * @result: the place where base64 data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will convert the given data to printable data, using
+ * the base64 encoding. This is the encoding used in PEM messages.
+ *
+ * The output string will be null terminated, although the size will
+ * not include the terminating null.
+ *
+ * Returns: On success %GNUTLS_E_SUCCESS (0) is returned,
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned if the buffer given is
+ * not long enough, or 0 on success.
+ **/
+int
+gnutls_pem_base64_encode (const char *msg, const gnutls_datum_t * data,
+ char *result, size_t * result_size)
+{
+ opaque *ret;
+ int size;
+
+ size = _gnutls_fbase64_encode (msg, data->data, data->size, &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (unsigned) size)
+ {
+ gnutls_free (ret);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ memcpy (result, ret, size);
+ gnutls_free (ret);
+ *result_size = size - 1;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pem_base64_encode_alloc:
+ * @msg: is a message to be put in the encoded header
+ * @data: contains the raw data
+ * @result: will hold the newly allocated encoded data
+ *
+ * This function will convert the given data to printable data, using
+ * the base64 encoding. This is the encoding used in PEM messages.
+ * This function will allocate the required memory to hold the encoded
+ * data.
+ *
+ * You should use gnutls_free() to free the returned data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_pem_base64_encode_alloc (const char *msg,
+ const gnutls_datum_t * data,
+ gnutls_datum_t * result)
+{
+ opaque *ret;
+ int size;
+
+ if (result == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ size = _gnutls_fbase64_encode (msg, data->data, data->size, &ret);
+ if (size < 0)
+ return size;
+
+ result->data = ret;
+ result->size = size - 1;
+ return 0;
+}
+
+
+/* decodes data and puts the result into result (locally allocated)
+ * The result_size is the return value
+ */
+int
+_gnutls_base64_decode (const uint8_t * data, size_t data_size,
+ uint8_t ** result)
+{
+ unsigned int i, j;
+ int ret, tmp, est;
+ uint8_t tmpres[3];
+
+ est = ((data_size * 3) / 4) + 1;
+ (*result) = gnutls_malloc (est);
+ if ((*result) == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ ret = 0;
+ for (i = j = 0; i < data_size; i += 4, j += 3)
+ {
+ tmp = decode (tmpres, &data[i]);
+ if (tmp < 0)
+ {
+ gnutls_free (*result);
+ *result = NULL;
+ return tmp;
+ }
+ memcpy (&(*result)[j], tmpres, tmp);
+ ret += tmp;
+ }
+ return ret;
+}
+
+/* copies data to result but removes newlines and <CR>
+ * returns the size of the data copied.
+ */
+inline static int
+cpydata (const uint8_t * data, int data_size, uint8_t ** result)
+{
+ int i, j;
+
+ (*result) = gnutls_malloc (data_size);
+ if (*result == NULL)
+ return GNUTLS_E_MEMORY_ERROR;
+
+ for (j = i = 0; i < data_size; i++)
+ {
+ if (data[i] == '\n' || data[i] == '\r' || data[i] == ' '
+ || data[i] == '\t')
+ continue;
+ (*result)[j] = data[i];
+ j++;
+ }
+ return j;
+}
+
+/* Searches the given string for ONE PEM encoded certificate, and
+ * stores it in the result.
+ *
+ * The result_size is the return value
+ */
+#define ENDSTR "-----"
+int
+_gnutls_fbase64_decode (const char *header, const opaque * data,
+ size_t data_size, uint8_t ** result)
+{
+ int ret;
+ static const char top[] = "-----BEGIN ";
+ static const char bottom[] = "-----END ";
+ uint8_t *rdata;
+ int rdata_size;
+ uint8_t *kdata;
+ int kdata_size;
+ char pem_header[128];
+
+ _gnutls_str_cpy (pem_header, sizeof (pem_header), top);
+ if (header != NULL)
+ _gnutls_str_cat (pem_header, sizeof (pem_header), header);
+
+ rdata = memmem (data, data_size, pem_header, strlen (pem_header));
+
+ if (rdata == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_debug_log ("Could not find '%s'\n", pem_header);
+ return GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR;
+ }
+
+ data_size -= (unsigned long int) rdata - (unsigned long int) data;
+
+ if (data_size < 4 + strlen (bottom))
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ kdata = memmem (rdata + 1, data_size - 1, ENDSTR, sizeof (ENDSTR) - 1);
+ /* allow CR as well.
+ */
+ if (kdata == NULL)
+ {
+ gnutls_assert ();
+ _gnutls_x509_log ("Could not find '%s'\n", ENDSTR);
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ data_size -= strlen (ENDSTR);
+ data_size -= (unsigned long int) kdata - (unsigned long int) rdata;
+
+ rdata = kdata + strlen (ENDSTR);
+
+ /* position is now after the ---BEGIN--- headers */
+
+ kdata = memmem (rdata, data_size, bottom, strlen (bottom));
+ if (kdata == NULL)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ /* position of kdata is before the ----END--- footer
+ */
+ rdata_size = (unsigned long int) kdata - (unsigned long int) rdata;
+
+ if (rdata_size < 4)
+ {
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ kdata_size = cpydata (rdata, rdata_size, &kdata);
+
+ if (kdata_size < 0)
+ {
+ gnutls_assert ();
+ return kdata_size;
+ }
+
+ if (kdata_size < 4)
+ {
+ gnutls_assert ();
+ gnutls_free (kdata);
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+
+ if ((ret = _gnutls_base64_decode (kdata, kdata_size, result)) < 0)
+ {
+ gnutls_free (kdata);
+ gnutls_assert ();
+ return GNUTLS_E_BASE64_DECODING_ERROR;
+ }
+ gnutls_free (kdata);
+
+ return ret;
+}
+
+/**
+ * gnutls_pem_base64_decode:
+ * @header: A null terminated string with the PEM header (eg. CERTIFICATE)
+ * @b64_data: contain the encoded data
+ * @result: the place where decoded data will be copied
+ * @result_size: holds the size of the result
+ *
+ * This function will decode the given encoded data. If the header
+ * given is non null this function will search for "-----BEGIN header"
+ * and decode only this part. Otherwise it will decode the first PEM
+ * packet found.
+ *
+ * Returns: On success %GNUTLS_E_SUCCESS (0) is returned,
+ * %GNUTLS_E_SHORT_MEMORY_BUFFER is returned if the buffer given is
+ * not long enough, or 0 on success.
+ **/
+int
+gnutls_pem_base64_decode (const char *header,
+ const gnutls_datum_t * b64_data,
+ unsigned char *result, size_t * result_size)
+{
+ opaque *ret;
+ int size;
+
+ size =
+ _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret);
+ if (size < 0)
+ return size;
+
+ if (result == NULL || *result_size < (unsigned) size)
+ {
+ gnutls_free (ret);
+ *result_size = size;
+ return GNUTLS_E_SHORT_MEMORY_BUFFER;
+ }
+ else
+ {
+ memcpy (result, ret, size);
+ gnutls_free (ret);
+ *result_size = size;
+ }
+
+ return 0;
+}
+
+/**
+ * gnutls_pem_base64_decode_alloc:
+ * @header: The PEM header (eg. CERTIFICATE)
+ * @b64_data: contains the encoded data
+ * @result: the place where decoded data lie
+ *
+ * This function will decode the given encoded data. The decoded data
+ * will be allocated, and stored into result. If the header given is
+ * non null this function will search for "-----BEGIN header" and
+ * decode only this part. Otherwise it will decode the first PEM
+ * packet found.
+ *
+ * You should use gnutls_free() to free the returned data.
+ *
+ * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
+ * an error code is returned.
+ **/
+int
+gnutls_pem_base64_decode_alloc (const char *header,
+ const gnutls_datum_t * b64_data,
+ gnutls_datum_t * result)
+{
+ opaque *ret;
+ int size;
+
+ if (result == NULL)
+ return GNUTLS_E_INVALID_REQUEST;
+
+ size =
+ _gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret);
+ if (size < 0)
+ return size;
+
+ result->data = ret;
+ result->size = size;
+ return 0;
+}
--- /dev/null
+/*
+ * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2010 Free Software
+ * Foundation, Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos
+ *
+ * This file is part of GnuTLS.
+ *
+ * The GnuTLS is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
+ * USA
+ *
+ */
+
+int _gnutls_base64_encode (const uint8_t * data, size_t data_size,
+ uint8_t ** result);
+int _gnutls_fbase64_encode (const char *msg, const uint8_t * data,
+ int data_size, uint8_t ** result);
+int _gnutls_base64_decode (const uint8_t * data, size_t data_size,
+ uint8_t ** result);
+int _gnutls_fbase64_decode (const char *header, const uint8_t * data,
+ size_t data_size, uint8_t ** result);
+
+#define B64SIZE( data_size) ((data_size%3==0)?((data_size*4)/3):(4+((data_size/3)*4)))
+
+/* The size for B64 encoding + newlines plus header
+ */
+
+#define HEADSIZE( hsize) \
+ sizeof("-----BEGIN ")-1+sizeof("-----")-1+ \
+ sizeof("\n-----END ")-1+sizeof("-----\n")-1+hsize+hsize
+
+#define B64FSIZE( hsize, dsize) \
+ (B64SIZE(dsize) + HEADSIZE(hsize) + /*newlines*/ \
+ B64SIZE(dsize)/64 + (((B64SIZE(dsize) % 64) > 0) ? 1 : 0))
--- /dev/null
+# Generated from ltmain.m4sh.
+
+# ltmain.sh (GNU libtool) 2.2.6b
+# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html,
+# or obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Usage: $progname [OPTION]... [MODE-ARG]...
+#
+# Provide generalized library-building support services.
+#
+# --config show all configuration variables
+# --debug enable verbose shell tracing
+# -n, --dry-run display commands without modifying any files
+# --features display basic configuration information and exit
+# --mode=MODE use operation mode MODE
+# --preserve-dup-deps don't remove duplicate dependency libraries
+# --quiet, --silent don't print informational messages
+# --tag=TAG use configuration variables from tag TAG
+# -v, --verbose print informational messages (default)
+# --version print version information
+# -h, --help print short or long help message
+#
+# MODE must be one of the following:
+#
+# clean remove files from the build directory
+# compile compile a source file into a libtool object
+# execute automatically set library path, then run a program
+# finish complete the installation of libtool libraries
+# install install libraries or executables
+# link create a library or an executable
+# uninstall remove libraries from an installed directory
+#
+# MODE-ARGS vary depending on the MODE.
+# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
+#
+# When reporting a bug, please describe a test case to reproduce it and
+# include the following information:
+#
+# host-triplet: $host
+# shell: $SHELL
+# compiler: $LTCC
+# compiler flags: $LTCFLAGS
+# linker: $LD (gnu? $with_gnu_ld)
+# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2ubuntu1
+# automake: $automake_version
+# autoconf: $autoconf_version
+#
+# Report bugs to <bug-libtool@gnu.org>.
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION="2.2.6b Debian-2.2.6b-2ubuntu1"
+TIMESTAMP=""
+package_revision=1.3017
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# NLS nuisances: We save the old values to restore during execute mode.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+lt_user_locale=
+lt_safe_locale=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+ eval "if test \"\${$lt_var+set}\" = set; then
+ save_$lt_var=\$$lt_var
+ $lt_var=C
+ export $lt_var
+ lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
+ lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+ fi"
+done
+
+$lt_unset CDPATH
+
+
+
+
+
+: ${CP="cp -f"}
+: ${ECHO="echo"}
+: ${EGREP="/bin/grep -E"}
+: ${FGREP="/bin/grep -F"}
+: ${GREP="/bin/grep"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SED="/bin/sed"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+: ${Xsed="$SED -e 1s/^X//"}
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
+
+exit_status=$EXIT_SUCCESS
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" $lt_nl"
+
+dirname="s,/[^/]*$,,"
+basename="s,^.*/,,"
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+# Generated shell functions inserted here.
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+# In the unlikely event $progname began with a '-', it would play havoc with
+# func_echo (imagine progname=-n), so we prepend ./ in that case:
+func_dirname_and_basename "$progpath"
+progname=$func_basename_result
+case $progname in
+ -*) progname=./$progname ;;
+esac
+
+# Make sure we have an absolute path for reexecution:
+case $progpath in
+ [\\/]*|[A-Za-z]:\\*) ;;
+ *[\\/]*)
+ progdir=$func_dirname_result
+ progdir=`cd "$progdir" && pwd`
+ progpath="$progdir/$progname"
+ ;;
+ *)
+ save_IFS="$IFS"
+ IFS=:
+ for progdir in $PATH; do
+ IFS="$save_IFS"
+ test -x "$progdir/$progname" && break
+ done
+ IFS="$save_IFS"
+ test -n "$progdir" || progdir=`pwd`
+ progpath="$progdir/$progname"
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Re-`\' parameter expansions in output of double_quote_subst that were
+# `\'-ed in input to the same. If an odd number of `\' preceded a '$'
+# in input to double_quote_subst, that '$' was protected from expansion.
+# Since each input `\' is now two `\'s, look for any number of runs of
+# four `\'s followed by two `\'s and then a '$'. `\' that '$'.
+bs='\\'
+bs2='\\\\'
+bs4='\\\\\\\\'
+dollar='\$'
+sed_double_backslash="\
+ s/$bs4/&\\
+/g
+ s/^$bs2$dollar/$bs&/
+ s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
+ s/\n//g"
+
+# Standard options:
+opt_dry_run=false
+opt_help=false
+opt_quiet=false
+opt_verbose=false
+opt_warning=:
+
+# func_echo arg...
+# Echo program name prefixed message, along with the current mode
+# name if it has been set yet.
+func_echo ()
+{
+ $ECHO "$progname${mode+: }$mode: $*"
+}
+
+# func_verbose arg...
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+ $opt_verbose && func_echo ${1+"$@"}
+
+ # A bug in bash halts the script if the last line of a function
+ # fails when set -e is in force, so we need another command to
+ # work around that:
+ :
+}
+
+# func_error arg...
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+ $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+}
+
+# func_warning arg...
+# Echo program name prefixed warning message to standard error.
+func_warning ()
+{
+ $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+
+ # bash bug again:
+ :
+}
+
+# func_fatal_error arg...
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+ func_error ${1+"$@"}
+ exit $EXIT_FAILURE
+}
+
+# func_fatal_help arg...
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+ func_error ${1+"$@"}
+ func_fatal_error "$help"
+}
+help="Try \`$progname --help' for more information." ## default
+
+
+# func_grep expression filename
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+ $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_mkdir_p directory-path
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+ my_directory_path="$1"
+ my_dir_list=
+
+ if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+
+ # Protect directory names starting with `-'
+ case $my_directory_path in
+ -*) my_directory_path="./$my_directory_path" ;;
+ esac
+
+ # While some portion of DIR does not yet exist...
+ while test ! -d "$my_directory_path"; do
+ # ...make a list in topmost first order. Use a colon delimited
+ # list incase some portion of path contains whitespace.
+ my_dir_list="$my_directory_path:$my_dir_list"
+
+ # If the last portion added has no slash in it, the list is done
+ case $my_directory_path in */*) ;; *) break ;; esac
+
+ # ...otherwise throw away the child directory and loop
+ my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+ done
+ my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+
+ save_mkdir_p_IFS="$IFS"; IFS=':'
+ for my_dir in $my_dir_list; do
+ IFS="$save_mkdir_p_IFS"
+ # mkdir can fail with a `File exist' error if two processes
+ # try to create one of the directories concurrently. Don't
+ # stop in that case!
+ $MKDIR "$my_dir" 2>/dev/null || :
+ done
+ IFS="$save_mkdir_p_IFS"
+
+ # Bail out if we (or some other process) failed to create a directory.
+ test -d "$my_directory_path" || \
+ func_fatal_error "Failed to create \`$1'"
+ fi
+}
+
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible. If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+ my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+ if test "$opt_dry_run" = ":"; then
+ # Return a directory name, but don't create it in dry-run mode
+ my_tmpdir="${my_template}-$$"
+ else
+
+ # If mktemp works, use that first and foremost
+ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+ if test ! -d "$my_tmpdir"; then
+ # Failing that, at least try and use $RANDOM to avoid a race
+ my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+ save_mktempdir_umask=`umask`
+ umask 0077
+ $MKDIR "$my_tmpdir"
+ umask $save_mktempdir_umask
+ fi
+
+ # If we're not in dry-run mode, bomb out on failure
+ test -d "$my_tmpdir" || \
+ func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+ fi
+
+ $ECHO "X$my_tmpdir" | $Xsed
+}
+
+
+# func_quote_for_eval arg
+# Aesthetically quote ARG to be evaled later.
+# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
+# is double-quoted, suitable for a subsequent eval, whereas
+# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
+# which are still active within double quotes backslashified.
+func_quote_for_eval ()
+{
+ case $1 in
+ *[\\\`\"\$]*)
+ func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+ *)
+ func_quote_for_eval_unquoted_result="$1" ;;
+ esac
+
+ case $func_quote_for_eval_unquoted_result in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting, command substitution and and variable
+ # expansion for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
+ ;;
+ *)
+ func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
+ esac
+}
+
+
+# func_quote_for_expand arg
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+ case $1 in
+ *[\\\`\"]*)
+ my_arg=`$ECHO "X$1" | $Xsed \
+ -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
+ *)
+ my_arg="$1" ;;
+ esac
+
+ case $my_arg in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting and command substitution for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ my_arg="\"$my_arg\""
+ ;;
+ esac
+
+ func_quote_for_expand_result="$my_arg"
+}
+
+
+# func_show_eval cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$my_cmd"
+ my_status=$?
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+# func_show_eval_locale cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it. Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$lt_user_locale
+ $my_cmd"
+ my_status=$?
+ eval "$lt_safe_locale"
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+
+
+
+# func_version
+# Echo version message to standard output and exit.
+func_version ()
+{
+ $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+ s/^# //
+ s/^# *$//
+ s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_usage
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+ $SED -n '/^# Usage:/,/# -h/ {
+ s/^# //
+ s/^# *$//
+ s/\$progname/'$progname'/
+ p
+ }' < "$progpath"
+ $ECHO
+ $ECHO "run \`$progname --help | more' for full usage"
+ exit $?
+}
+
+# func_help
+# Echo long help message to standard output and exit.
+func_help ()
+{
+ $SED -n '/^# Usage:/,/# Report bugs to/ {
+ s/^# //
+ s/^# *$//
+ s*\$progname*'$progname'*
+ s*\$host*'"$host"'*
+ s*\$SHELL*'"$SHELL"'*
+ s*\$LTCC*'"$LTCC"'*
+ s*\$LTCFLAGS*'"$LTCFLAGS"'*
+ s*\$LD*'"$LD"'*
+ s/\$with_gnu_ld/'"$with_gnu_ld"'/
+ s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
+ s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_missing_arg argname
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+ func_error "missing argument for $1"
+ exit_cmd=exit
+}
+
+exit_cmd=:
+
+
+
+
+
+# Check that we have a working $ECHO.
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell, and then maybe $ECHO will work.
+ exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit $EXIT_SUCCESS
+fi
+
+magic="%%%MAGIC variable%%%"
+magic_exe="%%%MAGIC EXE variable%%%"
+
+# Global variables.
+# $mode is unset
+nonopt=
+execute_dlfiles=
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
+
+opt_dry_run=false
+opt_duplicate_deps=false
+opt_silent=false
+opt_debug=:
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+# func_fatal_configuration arg...
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+ func_error ${1+"$@"}
+ func_error "See the $PACKAGE documentation for more information."
+ func_fatal_error "Fatal configuration error."
+}
+
+
+# func_config
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+ re_begincf='^# ### BEGIN LIBTOOL'
+ re_endcf='^# ### END LIBTOOL'
+
+ # Default configuration.
+ $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+ # Now print the configurations for the tags.
+ for tagname in $taglist; do
+ $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+ done
+
+ exit $?
+}
+
+# func_features
+# Display the features supported by this script.
+func_features ()
+{
+ $ECHO "host: $host"
+ if test "$build_libtool_libs" = yes; then
+ $ECHO "enable shared libraries"
+ else
+ $ECHO "disable shared libraries"
+ fi
+ if test "$build_old_libs" = yes; then
+ $ECHO "enable static libraries"
+ else
+ $ECHO "disable static libraries"
+ fi
+
+ exit $?
+}
+
+# func_enable_tag tagname
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag. We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+ # Global variable:
+ tagname="$1"
+
+ re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+ re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+ sed_extractcf="/$re_begincf/,/$re_endcf/p"
+
+ # Validate tagname.
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ func_fatal_error "invalid tag name: $tagname"
+ ;;
+ esac
+
+ # Don't test for the "default" C tag, as we know it's
+ # there but not specially marked.
+ case $tagname in
+ CC) ;;
+ *)
+ if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+ taglist="$taglist $tagname"
+
+ # Evaluate the configuration. Be careful to quote the path
+ # and the sed script, to avoid splitting on whitespace, but
+ # also don't use non-portable quotes within backquotes within
+ # quotes we have to do it in 2 steps:
+ extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+ eval "$extractedcf"
+ else
+ func_error "ignoring unknown tag $tagname"
+ fi
+ ;;
+ esac
+}
+
+# Parse options once, thoroughly. This comes as soon as possible in
+# the script to make things like `libtool --version' happen quickly.
+{
+
+ # Shorthand for --mode=foo, only valid as the first argument
+ case $1 in
+ clean|clea|cle|cl)
+ shift; set dummy --mode clean ${1+"$@"}; shift
+ ;;
+ compile|compil|compi|comp|com|co|c)
+ shift; set dummy --mode compile ${1+"$@"}; shift
+ ;;
+ execute|execut|execu|exec|exe|ex|e)
+ shift; set dummy --mode execute ${1+"$@"}; shift
+ ;;
+ finish|finis|fini|fin|fi|f)
+ shift; set dummy --mode finish ${1+"$@"}; shift
+ ;;
+ install|instal|insta|inst|ins|in|i)
+ shift; set dummy --mode install ${1+"$@"}; shift
+ ;;
+ link|lin|li|l)
+ shift; set dummy --mode link ${1+"$@"}; shift
+ ;;
+ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+ shift; set dummy --mode uninstall ${1+"$@"}; shift
+ ;;
+ esac
+
+ # Parse non-mode specific arguments:
+ while test "$#" -gt 0; do
+ opt="$1"
+ shift
+
+ case $opt in
+ --config) func_config ;;
+
+ --debug) preserve_args="$preserve_args $opt"
+ func_echo "enabling shell trace mode"
+ opt_debug='set -x'
+ $opt_debug
+ ;;
+
+ -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ execute_dlfiles="$execute_dlfiles $1"
+ shift
+ ;;
+
+ --dry-run | -n) opt_dry_run=: ;;
+ --features) func_features ;;
+ --finish) mode="finish" ;;
+
+ --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ case $1 in
+ # Valid mode arguments:
+ clean) ;;
+ compile) ;;
+ execute) ;;
+ finish) ;;
+ install) ;;
+ link) ;;
+ relink) ;;
+ uninstall) ;;
+
+ # Catch anything else as an error
+ *) func_error "invalid argument for $opt"
+ exit_cmd=exit
+ break
+ ;;
+ esac
+
+ mode="$1"
+ shift
+ ;;
+
+ --preserve-dup-deps)
+ opt_duplicate_deps=: ;;
+
+ --quiet|--silent) preserve_args="$preserve_args $opt"
+ opt_silent=:
+ ;;
+
+ --verbose| -v) preserve_args="$preserve_args $opt"
+ opt_silent=false
+ ;;
+
+ --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ preserve_args="$preserve_args $opt $1"
+ func_enable_tag "$1" # tagname is set here
+ shift
+ ;;
+
+ # Separate optargs to long options:
+ -dlopen=*|--mode=*|--tag=*)
+ func_opt_split "$opt"
+ set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
+ shift
+ ;;
+
+ -\?|-h) func_usage ;;
+ --help) opt_help=: ;;
+ --version) func_version ;;
+
+ -*) func_fatal_help "unrecognized option \`$opt'" ;;
+
+ *) nonopt="$opt"
+ break
+ ;;
+ esac
+ done
+
+
+ case $host in
+ *cygwin* | *mingw* | *pw32* | *cegcc*)
+ # don't eliminate duplications in $postdeps and $predeps
+ opt_duplicate_compiler_generated_deps=:
+ ;;
+ *)
+ opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
+ ;;
+ esac
+
+ # Having warned about all mis-specified options, bail out if
+ # anything was wrong.
+ $exit_cmd $EXIT_FAILURE
+}
+
+# func_check_version_match
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+ if test "$package_revision" != "$macro_revision"; then
+ if test "$VERSION" != "$macro_version"; then
+ if test -z "$macro_version"; then
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ fi
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+ fi
+
+ exit $EXIT_MISMATCH
+ fi
+}
+
+
+## ----------- ##
+## Main. ##
+## ----------- ##
+
+$opt_help || {
+ # Sanity checks first:
+ func_check_version_match
+
+ if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ func_fatal_configuration "not configured to build any kind of library"
+ fi
+
+ test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+
+
+ # Darwin sucks
+ eval std_shrext=\"$shrext_cmds\"
+
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$execute_dlfiles" && test "$mode" != execute; then
+ func_error "unrecognized option \`-dlopen'"
+ $ECHO "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$progname --help --mode=$mode' for more information."
+}
+
+
+# func_lalib_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+ test -f "$1" &&
+ $SED -e 4q "$1" 2>/dev/null \
+ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs. To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway. Works if `file' does not exist.
+func_lalib_unsafe_p ()
+{
+ lalib_p=no
+ if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+ for lalib_p_l in 1 2 3 4
+ do
+ read lalib_p_line
+ case "$lalib_p_line" in
+ \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+ esac
+ done
+ exec 0<&5 5<&-
+ fi
+ test "$lalib_p" = yes
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+ func_lalib_p "$1"
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+ func_ltwrapper_exec_suffix=
+ case $1 in
+ *.exe) ;;
+ *) func_ltwrapper_exec_suffix=.exe ;;
+ esac
+ $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+ func_ltwrapper_scriptname_result=""
+ if func_ltwrapper_executable_p "$1"; then
+ func_dirname_and_basename "$1" "" "."
+ func_stripname '' '.exe' "$func_basename_result"
+ func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+ fi
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+ func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+ $opt_debug
+ save_ifs=$IFS; IFS='~'
+ for cmd in $1; do
+ IFS=$save_ifs
+ eval cmd=\"$cmd\"
+ func_show_eval "$cmd" "${2-:}"
+ done
+ IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)! Also, sourcing
+# `FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+ $opt_debug
+ case $1 in
+ */* | *\\*) . "$1" ;;
+ *) . "./$1" ;;
+ esac
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+ $opt_debug
+ if test -n "$available_tags" && test -z "$tagname"; then
+ CC_quoted=
+ for arg in $CC; do
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case $@ in
+ # Blanks in the command may have been stripped by the calling shell,
+ # but not from the CC environment variable when configure was run.
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+ # Blanks at the start of $base_compile will cause this to fail
+ # if we don't check for them as well.
+ *)
+ for z in $available_tags; do
+ if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ CC_quoted=
+ for arg in $CC; do
+ # Double-quote args containing other shell metacharacters.
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case "$@ " in
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+ # The compiler in the base compile command matches
+ # the one in the tagged configuration.
+ # Assume this is the tagged configuration we want.
+ tagname=$z
+ break
+ ;;
+ esac
+ fi
+ done
+ # If $tagname still isn't set, then no tagged configuration
+ # was found and let the user know that the "--tag" command
+ # line option must be used.
+ if test -z "$tagname"; then
+ func_echo "unable to infer tagged configuration"
+ func_fatal_error "specify a tag with \`--tag'"
+# else
+# func_verbose "using $tagname tagged configuration"
+ fi
+ ;;
+ esac
+ fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+ write_libobj=${1}
+ if test "$build_libtool_libs" = yes; then
+ write_lobj=\'${2}\'
+ else
+ write_lobj=none
+ fi
+
+ if test "$build_old_libs" = yes; then
+ write_oldobj=\'${3}\'
+ else
+ write_oldobj=none
+ fi
+
+ $opt_dry_run || {
+ cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+ $MV "${write_libobj}T" "${write_libobj}"
+ }
+}
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+ $opt_debug
+ # Get the compilation command and the source file.
+ base_compile=
+ srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ suppress_opt=yes
+ suppress_output=
+ arg_mode=normal
+ libobj=
+ later=
+ pie_flag=
+
+ for arg
+ do
+ case $arg_mode in
+ arg )
+ # do not "continue". Instead, add this to base_compile
+ lastarg="$arg"
+ arg_mode=normal
+ ;;
+
+ target )
+ libobj="$arg"
+ arg_mode=normal
+ continue
+ ;;
+
+ normal )
+ # Accept any command-line options.
+ case $arg in
+ -o)
+ test -n "$libobj" && \
+ func_fatal_error "you cannot specify \`-o' more than once"
+ arg_mode=target
+ continue
+ ;;
+
+ -pie | -fpie | -fPIE)
+ pie_flag="$pie_flag $arg"
+ continue
+ ;;
+
+ -shared | -static | -prefer-pic | -prefer-non-pic)
+ later="$later $arg"
+ continue
+ ;;
+
+ -no-suppress)
+ suppress_opt=no
+ continue
+ ;;
+
+ -Xcompiler)
+ arg_mode=arg # the next one goes into the "base_compile" arg list
+ continue # The current "srcfile" will either be retained or
+ ;; # replaced later. I would guess that would be a bug.
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ lastarg=
+ save_ifs="$IFS"; IFS=','
+ for arg in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$arg"
+ lastarg="$lastarg $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$lastarg"
+ lastarg=$func_stripname_result
+
+ # Add the arguments to base_compile.
+ base_compile="$base_compile $lastarg"
+ continue
+ ;;
+
+ *)
+ # Accept the current argument as the source file.
+ # The previous "srcfile" becomes the current argument.
+ #
+ lastarg="$srcfile"
+ srcfile="$arg"
+ ;;
+ esac # case $arg
+ ;;
+ esac # case $arg_mode
+
+ # Aesthetically quote the previous argument.
+ func_quote_for_eval "$lastarg"
+ base_compile="$base_compile $func_quote_for_eval_result"
+ done # for arg
+
+ case $arg_mode in
+ arg)
+ func_fatal_error "you must specify an argument for -Xcompile"
+ ;;
+ target)
+ func_fatal_error "you must specify a target with \`-o'"
+ ;;
+ *)
+ # Get the name of the library object.
+ test -z "$libobj" && {
+ func_basename "$srcfile"
+ libobj="$func_basename_result"
+ }
+ ;;
+ esac
+
+ # Recognize several different file suffixes.
+ # If the user specifies -o file.o, it is replaced with file.lo
+ case $libobj in
+ *.[cCFSifmso] | \
+ *.ada | *.adb | *.ads | *.asm | \
+ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+ *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+ func_xform "$libobj"
+ libobj=$func_xform_result
+ ;;
+ esac
+
+ case $libobj in
+ *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+ *)
+ func_fatal_error "cannot determine name of library object from \`$libobj'"
+ ;;
+ esac
+
+ func_infer_tag $base_compile
+
+ for arg in $later; do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ continue
+ ;;
+
+ -static)
+ build_libtool_libs=no
+ build_old_libs=yes
+ continue
+ ;;
+
+ -prefer-pic)
+ pic_mode=yes
+ continue
+ ;;
+
+ -prefer-non-pic)
+ pic_mode=no
+ continue
+ ;;
+ esac
+ done
+
+ func_quote_for_eval "$libobj"
+ test "X$libobj" != "X$func_quote_for_eval_result" \
+ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
+ && func_warning "libobj name \`$libobj' may not contain shell special characters."
+ func_dirname_and_basename "$obj" "/" ""
+ objname="$func_basename_result"
+ xdir="$func_dirname_result"
+ lobj=${xdir}$objdir/$objname
+
+ test -z "$base_compile" && \
+ func_fatal_help "you must specify a compilation command"
+
+ # Delete any leftover library objects.
+ if test "$build_old_libs" = yes; then
+ removelist="$obj $lobj $libobj ${libobj}T"
+ else
+ removelist="$lobj $libobj ${libobj}T"
+ fi
+
+ # On Cygwin there's no "real" PIC flag so we must build both object types
+ case $host_os in
+ cygwin* | mingw* | pw32* | os2* | cegcc*)
+ pic_mode=default
+ ;;
+ esac
+ if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ # non-PIC code in shared libraries is not supported
+ pic_mode=default
+ fi
+
+ # Calculate the filename of the output object if compiler does
+ # not support -o with -c
+ if test "$compiler_c_o" = no; then
+ output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ lockfile="$output_obj.lock"
+ else
+ output_obj=
+ need_locks=no
+ lockfile=
+ fi
+
+ # Lock this critical section if it is needed
+ # We use this script file to make the link, it avoids creating a new file
+ if test "$need_locks" = yes; then
+ until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+ func_echo "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ elif test "$need_locks" = warn; then
+ if test -f "$lockfile"; then
+ $ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+ removelist="$removelist $output_obj"
+ $ECHO "$srcfile" > "$lockfile"
+ fi
+
+ $opt_dry_run || $RM $removelist
+ removelist="$removelist $lockfile"
+ trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+ if test -n "$fix_srcfile_path"; then
+ eval srcfile=\"$fix_srcfile_path\"
+ fi
+ func_quote_for_eval "$srcfile"
+ qsrcfile=$func_quote_for_eval_result
+
+ # Only build a PIC object if we are building libtool libraries.
+ if test "$build_libtool_libs" = yes; then
+ # Without this assignment, base_compile gets emptied.
+ fbsd_hideous_sh_bug=$base_compile
+
+ if test "$pic_mode" != no; then
+ command="$base_compile $qsrcfile $pic_flag"
+ else
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ fi
+
+ func_mkdir_p "$xdir$objdir"
+
+ if test -z "$output_obj"; then
+ # Place PIC objects in $objdir
+ command="$command -o $lobj"
+ fi
+
+ func_show_eval_locale "$command" \
+ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed, then go on to compile the next one
+ if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+ func_show_eval '$MV "$output_obj" "$lobj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+
+ # Allow error messages only from the first compilation.
+ if test "$suppress_opt" = yes; then
+ suppress_output=' >/dev/null 2>&1'
+ fi
+ fi
+
+ # Only build a position-dependent object if we build old libraries.
+ if test "$build_old_libs" = yes; then
+ if test "$pic_mode" != yes; then
+ # Don't build PIC code
+ command="$base_compile $qsrcfile$pie_flag"
+ else
+ command="$base_compile $qsrcfile $pic_flag"
+ fi
+ if test "$compiler_c_o" = yes; then
+ command="$command -o $obj"
+ fi
+
+ # Suppress compiler output if we already did a PIC compilation.
+ command="$command$suppress_output"
+ func_show_eval_locale "$command" \
+ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed
+ if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+ func_show_eval '$MV "$output_obj" "$obj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+ fi
+
+ $opt_dry_run || {
+ func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
+
+ # Unlock the critical section if it was locked
+ if test "$need_locks" != no; then
+ removelist=$lockfile
+ $RM "$lockfile"
+ fi
+ }
+
+ exit $EXIT_SUCCESS
+}
+
+$opt_help || {
+test "$mode" = compile && func_mode_compile ${1+"$@"}
+}
+
+func_mode_help ()
+{
+ # We need to display help for each of the modes.
+ case $mode in
+ "")
+ # Generic help is extracted from the usage comments
+ # at the start of this file.
+ func_help
+ ;;
+
+ clean)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ compile)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+ -o OUTPUT-FILE set the output file name to OUTPUT-FILE
+ -no-suppress do not suppress compiler output for multiple passes
+ -prefer-pic try to building PIC objects only
+ -prefer-non-pic try to building non-PIC objects only
+ -shared do not build a \`.o' file suitable for static linking
+ -static only build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+ ;;
+
+ execute)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+ -dlopen FILE add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+ ;;
+
+ finish)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges. Use
+the \`--dry-run' option if you just want to see what would be executed."
+ ;;
+
+ install)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command. The first component should be
+either the \`install' or \`cp' program.
+
+The following components of INSTALL-COMMAND are treated specially:
+
+ -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+ ;;
+
+ link)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+ -all-static do not do any dynamic linking at all
+ -avoid-version do not add a version suffix if possible
+ -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
+ -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+ -export-symbols SYMFILE
+ try to export only the symbols listed in SYMFILE
+ -export-symbols-regex REGEX
+ try to export only the symbols matching REGEX
+ -LLIBDIR search LIBDIR for required installed libraries
+ -lNAME OUTPUT-FILE requires the installed library libNAME
+ -module build a library that can dlopened
+ -no-fast-install disable the fast-install mode
+ -no-install link a not-installable executable
+ -no-undefined declare that a library does not refer to external symbols
+ -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
+ -objectlist FILE Use a list of object files found in FILE to specify objects
+ -precious-files-regex REGEX
+ don't remove output files matching REGEX
+ -release RELEASE specify package release information
+ -rpath LIBDIR the created library will eventually be installed in LIBDIR
+ -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
+ -shared only do dynamic linking of libtool libraries
+ -shrext SUFFIX override the standard shared library file extension
+ -static do not do any dynamic linking of uninstalled libtool libraries
+ -static-libtool-libs
+ do not do any dynamic linking of libtool libraries
+ -version-info CURRENT[:REVISION[:AGE]]
+ specify library version info [each variable defaults to 0]
+ -weak LIBNAME declare that the target provides the LIBNAME interface
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename. Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+ ;;
+
+ uninstall)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ *)
+ func_fatal_help "invalid operation mode \`$mode'"
+ ;;
+ esac
+
+ $ECHO
+ $ECHO "Try \`$progname --help' for more information about other modes."
+
+ exit $?
+}
+
+ # Now that we've collected a possible --mode arg, show help if necessary
+ $opt_help && func_mode_help
+
+
+# func_mode_execute arg...
+func_mode_execute ()
+{
+ $opt_debug
+ # The first argument is the command name.
+ cmd="$nonopt"
+ test -z "$cmd" && \
+ func_fatal_help "you must specify a COMMAND"
+
+ # Handle -dlopen flags immediately.
+ for file in $execute_dlfiles; do
+ test -f "$file" \
+ || func_fatal_help "\`$file' is not a file"
+
+ dir=
+ case $file in
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$lib' is not a valid libtool archive"
+
+ # Read the libtool library.
+ dlname=
+ library_names=
+ func_source "$file"
+
+ # Skip this library if it cannot be dlopened.
+ if test -z "$dlname"; then
+ # Warn if it was a shared library.
+ test -n "$library_names" && \
+ func_warning "\`$file' was not linked with \`-export-dynamic'"
+ continue
+ fi
+
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+
+ if test -f "$dir/$objdir/$dlname"; then
+ dir="$dir/$objdir"
+ else
+ if test ! -f "$dir/$dlname"; then
+ func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
+ fi
+ fi
+ ;;
+
+ *.lo)
+ # Just add the directory containing the .lo file.
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+ ;;
+
+ *)
+ func_warning "\`-dlopen' is ignored for non-libtool libraries and objects"
+ continue
+ ;;
+ esac
+
+ # Get the absolute pathname.
+ absdir=`cd "$dir" && pwd`
+ test -n "$absdir" && dir="$absdir"
+
+ # Now add the directory to shlibpath_var.
+ if eval "test -z \"\$$shlibpath_var\""; then
+ eval "$shlibpath_var=\"\$dir\""
+ else
+ eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+ fi
+ done
+
+ # This variable tells wrapper scripts just to set shlibpath_var
+ # rather than running their programs.
+ libtool_execute_magic="$magic"
+
+ # Check if any of the arguments is a wrapper script.
+ args=
+ for file
+ do
+ case $file in
+ -*) ;;
+ *)
+ # Do a test to see if this is really a libtool program.
+ if func_ltwrapper_script_p "$file"; then
+ func_source "$file"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ elif func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ func_source "$func_ltwrapper_scriptname_result"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ fi
+ ;;
+ esac
+ # Quote arguments (to preserve shell metacharacters).
+ func_quote_for_eval "$file"
+ args="$args $func_quote_for_eval_result"
+ done
+
+ if test "X$opt_dry_run" = Xfalse; then
+ if test -n "$shlibpath_var"; then
+ # Export the shlibpath_var.
+ eval "export $shlibpath_var"
+ fi
+
+ # Restore saved environment variables
+ for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+ do
+ eval "if test \"\${save_$lt_var+set}\" = set; then
+ $lt_var=\$save_$lt_var; export $lt_var
+ else
+ $lt_unset $lt_var
+ fi"
+ done
+
+ # Now prepare to actually exec the command.
+ exec_cmd="\$cmd$args"
+ else
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+ $ECHO "export $shlibpath_var"
+ fi
+ $ECHO "$cmd$args"
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = execute && func_mode_execute ${1+"$@"}
+
+
+# func_mode_finish arg...
+func_mode_finish ()
+{
+ $opt_debug
+ libdirs="$nonopt"
+ admincmds=
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ for dir
+ do
+ libdirs="$libdirs $dir"
+ done
+
+ for libdir in $libdirs; do
+ if test -n "$finish_cmds"; then
+ # Do each command in the finish commands.
+ func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
+'"$cmd"'"'
+ fi
+ if test -n "$finish_eval"; then
+ # Do the single finish_eval.
+ eval cmds=\"$finish_eval\"
+ $opt_dry_run || eval "$cmds" || admincmds="$admincmds
+ $cmds"
+ fi
+ done
+ fi
+
+ # Exit here if they wanted silent mode.
+ $opt_silent && exit $EXIT_SUCCESS
+
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ $ECHO "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $ECHO " $libdir"
+ done
+ $ECHO
+ $ECHO "If you ever happen to want to link against installed libraries"
+ $ECHO "in a given directory, LIBDIR, you must either use libtool, and"
+ $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ $ECHO "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ $ECHO " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ $ECHO " - add LIBDIR to the \`$runpath_var' environment variable"
+ $ECHO " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
+
+ $ECHO " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $ECHO " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ $ECHO
+
+ $ECHO "See any operating system documentation about shared libraries for"
+ case $host in
+ solaris2.[6789]|solaris2.1[0-9])
+ $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+ $ECHO "pages."
+ ;;
+ *)
+ $ECHO "more information, such as the ld(1) and ld.so(8) manual pages."
+ ;;
+ esac
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ exit $EXIT_SUCCESS
+}
+
+test "$mode" = finish && func_mode_finish ${1+"$@"}
+
+
+# func_mode_install arg...
+func_mode_install ()
+{
+ $opt_debug
+ # There may be an optional sh(1) argument at the beginning of
+ # install_prog (especially on Windows NT).
+ if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ # Allow the use of GNU shtool's install command.
+ $ECHO "X$nonopt" | $GREP shtool >/dev/null; then
+ # Aesthetically quote it.
+ func_quote_for_eval "$nonopt"
+ install_prog="$func_quote_for_eval_result "
+ arg=$1
+ shift
+ else
+ install_prog=
+ arg=$nonopt
+ fi
+
+ # The real first argument should be the name of the installation program.
+ # Aesthetically quote it.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog$func_quote_for_eval_result"
+
+ # We need to accept at least all the BSD install flags.
+ dest=
+ files=
+ opts=
+ prev=
+ install_type=
+ isdir=no
+ stripme=
+ for arg
+ do
+ if test -n "$dest"; then
+ files="$files $dest"
+ dest=$arg
+ continue
+ fi
+
+ case $arg in
+ -d) isdir=yes ;;
+ -f)
+ case " $install_prog " in
+ *[\\\ /]cp\ *) ;;
+ *) prev=$arg ;;
+ esac
+ ;;
+ -g | -m | -o)
+ prev=$arg
+ ;;
+ -s)
+ stripme=" -s"
+ continue
+ ;;
+ -*)
+ ;;
+ *)
+ # If the previous option needed an argument, then skip it.
+ if test -n "$prev"; then
+ prev=
+ else
+ dest=$arg
+ continue
+ fi
+ ;;
+ esac
+
+ # Aesthetically quote the argument.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog $func_quote_for_eval_result"
+ done
+
+ test -z "$install_prog" && \
+ func_fatal_help "you must specify an install program"
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prev' option requires an argument"
+
+ if test -z "$files"; then
+ if test -z "$dest"; then
+ func_fatal_help "no file or destination specified"
+ else
+ func_fatal_help "you must specify a destination"
+ fi
+ fi
+
+ # Strip any trailing slash from the destination.
+ func_stripname '' '/' "$dest"
+ dest=$func_stripname_result
+
+ # Check to see that the destination is a directory.
+ test -d "$dest" && isdir=yes
+ if test "$isdir" = yes; then
+ destdir="$dest"
+ destname=
+ else
+ func_dirname_and_basename "$dest" "" "."
+ destdir="$func_dirname_result"
+ destname="$func_basename_result"
+
+ # Not a directory, so check to see that there is only one file specified.
+ set dummy $files; shift
+ test "$#" -gt 1 && \
+ func_fatal_help "\`$dest' is not a directory"
+ fi
+ case $destdir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ for file in $files; do
+ case $file in
+ *.lo) ;;
+ *)
+ func_fatal_help "\`$destdir' must be an absolute directory name"
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ staticlibs=
+ future_libdirs=
+ current_libdirs=
+ for file in $files; do
+
+ # Do each installation.
+ case $file in
+ *.$libext)
+ # Do the static libraries later.
+ staticlibs="$staticlibs $file"
+ ;;
+
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$file' is not a valid libtool archive"
+
+ library_names=
+ old_library=
+ relink_command=
+ func_source "$file"
+
+ # Add the libdir to current_libdirs if it is the destination.
+ if test "X$destdir" = "X$libdir"; then
+ case "$current_libdirs " in
+ *" $libdir "*) ;;
+ *) current_libdirs="$current_libdirs $libdir" ;;
+ esac
+ else
+ # Note the libdir as a future libdir.
+ case "$future_libdirs " in
+ *" $libdir "*) ;;
+ *) future_libdirs="$future_libdirs $libdir" ;;
+ esac
+ fi
+
+ func_dirname "$file" "/" ""
+ dir="$func_dirname_result"
+ dir="$dir$objdir"
+
+ if test -n "$relink_command"; then
+ # Determine the prefix the user has applied to our future dir.
+ inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
+ # are installed to the same prefix.
+ # At present, this check doesn't affect windows .dll's that
+ # are installed into $libdir/../bin (currently, that works fine)
+ # but it's something to keep an eye on.
+ test "$inst_prefix_dir" = "$destdir" && \
+ func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir"
+
+ if test -n "$inst_prefix_dir"; then
+ # Stick the inst_prefix_dir data into the link command.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ else
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"`
+ fi
+
+ func_warning "relinking \`$file'"
+ func_show_eval "$relink_command" \
+ 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"'
+ fi
+
+ # See the names of the shared library.
+ set dummy $library_names; shift
+ if test -n "$1"; then
+ realname="$1"
+ shift
+
+ srcname="$realname"
+ test -n "$relink_command" && srcname="$realname"T
+
+ # Install the shared library and build the symlinks.
+ func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \
+ 'exit $?'
+ tstripme="$stripme"
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ case $realname in
+ *.dll.a)
+ tstripme=""
+ ;;
+ esac
+ ;;
+ esac
+ if test -n "$tstripme" && test -n "$striplib"; then
+ func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ fi
+
+ if test "$#" -gt 0; then
+ # Delete the old symlinks, and create new ones.
+ # Try `ln -sf' first, because the `ln' binary might depend on
+ # the symlink we replace! Solaris /bin/ln does not understand -f,
+ # so we also need to try rm && ln -s.
+ for linkname
+ do
+ test "$linkname" != "$realname" \
+ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
+ done
+ fi
+
+ # Do each command in the postinstall commands.
+ lib="$destdir/$realname"
+ func_execute_cmds "$postinstall_cmds" 'exit $?'
+ fi
+
+ # Install the pseudo-library for information purposes.
+ func_basename "$file"
+ name="$func_basename_result"
+ instname="$dir/$name"i
+ func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
+
+ # Maybe install the static library, too.
+ test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ ;;
+
+ *.lo)
+ # Install (i.e. copy) a libtool object.
+
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # Deduce the name of the destination old-style object file.
+ case $destfile in
+ *.lo)
+ func_lo2o "$destfile"
+ staticdest=$func_lo2o_result
+ ;;
+ *.$objext)
+ staticdest="$destfile"
+ destfile=
+ ;;
+ *)
+ func_fatal_help "cannot copy a libtool object to \`$destfile'"
+ ;;
+ esac
+
+ # Install the libtool object if requested.
+ test -n "$destfile" && \
+ func_show_eval "$install_prog $file $destfile" 'exit $?'
+
+ # Install the old object if enabled.
+ if test "$build_old_libs" = yes; then
+ # Deduce the name of the old-style object file.
+ func_lo2o "$file"
+ staticobj=$func_lo2o_result
+ func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+
+ *)
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # If the file is missing, and there is a .exe on the end, strip it
+ # because it is most likely a libtool script we actually want to
+ # install
+ stripped_ext=""
+ case $file in
+ *.exe)
+ if test ! -f "$file"; then
+ func_stripname '' '.exe' "$file"
+ file=$func_stripname_result
+ stripped_ext=".exe"
+ fi
+ ;;
+ esac
+
+ # Do a test to see if this is really a libtool program.
+ case $host in
+ *cygwin* | *mingw*)
+ if func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ wrapper=$func_ltwrapper_scriptname_result
+ else
+ func_stripname '' '.exe' "$file"
+ wrapper=$func_stripname_result
+ fi
+ ;;
+ *)
+ wrapper=$file
+ ;;
+ esac
+ if func_ltwrapper_script_p "$wrapper"; then
+ notinst_deplibs=
+ relink_command=
+
+ func_source "$wrapper"
+
+ # Check the variables that should have been set.
+ test -z "$generated_by_libtool_version" && \
+ func_fatal_error "invalid libtool wrapper script \`$wrapper'"
+
+ finalize=yes
+ for lib in $notinst_deplibs; do
+ # Check to see that each library is installed.
+ libdir=
+ if test -f "$lib"; then
+ func_source "$lib"
+ fi
+ libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ if test -n "$libdir" && test ! -f "$libfile"; then
+ func_warning "\`$lib' has not been installed in \`$libdir'"
+ finalize=no
+ fi
+ done
+
+ relink_command=
+ func_source "$wrapper"
+
+ outputname=
+ if test "$fast_install" = no && test -n "$relink_command"; then
+ $opt_dry_run || {
+ if test "$finalize" = yes; then
+ tmpdir=`func_mktempdir`
+ func_basename "$file$stripped_ext"
+ file="$func_basename_result"
+ outputname="$tmpdir/$file"
+ # Replace the output file specification.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+ $opt_silent || {
+ func_quote_for_expand "$relink_command"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ if eval "$relink_command"; then :
+ else
+ func_error "error: relink \`$file' with the above command before installing it"
+ $opt_dry_run || ${RM}r "$tmpdir"
+ continue
+ fi
+ file="$outputname"
+ else
+ func_warning "cannot relink \`$file'"
+ fi
+ }
+ else
+ # Install the binary that we compiled earlier.
+ file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ fi
+ fi
+
+ # remove .exe since cygwin /usr/bin/install will append another
+ # one anyway
+ case $install_prog,$host in
+ */usr/bin/install*,*cygwin*)
+ case $file:$destfile in
+ *.exe:*.exe)
+ # this is ok
+ ;;
+ *.exe:*)
+ destfile=$destfile.exe
+ ;;
+ *:*.exe)
+ func_stripname '' '.exe' "$destfile"
+ destfile=$func_stripname_result
+ ;;
+ esac
+ ;;
+ esac
+ func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
+ $opt_dry_run || if test -n "$outputname"; then
+ ${RM}r "$tmpdir"
+ fi
+ ;;
+ esac
+ done
+
+ for file in $staticlibs; do
+ func_basename "$file"
+ name="$func_basename_result"
+
+ # Set up the ranlib parameters.
+ oldlib="$destdir/$name"
+
+ func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
+
+ if test -n "$stripme" && test -n "$old_striplib"; then
+ func_show_eval "$old_striplib $oldlib" 'exit $?'
+ fi
+
+ # Do each command in the postinstall commands.
+ func_execute_cmds "$old_postinstall_cmds" 'exit $?'
+ done
+
+ test -n "$future_libdirs" && \
+ func_warning "remember to run \`$progname --finish$future_libdirs'"
+
+ if test -n "$current_libdirs"; then
+ # Maybe just do a dry run.
+ $opt_dry_run && current_libdirs=" -n$current_libdirs"
+ exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ else
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = install && func_mode_install ${1+"$@"}
+
+
+# func_generate_dlsyms outputname originator pic_p
+# Extract symbols from dlprefiles and create ${outputname}S.o with
+# a dlpreopen symbol table.
+func_generate_dlsyms ()
+{
+ $opt_debug
+ my_outputname="$1"
+ my_originator="$2"
+ my_pic_p="${3-no}"
+ my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'`
+ my_dlsyms=
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$NM" && test -n "$global_symbol_pipe"; then
+ my_dlsyms="${my_outputname}S.c"
+ else
+ func_error "not configured to extract global symbols from dlpreopened files"
+ fi
+ fi
+
+ if test -n "$my_dlsyms"; then
+ case $my_dlsyms in
+ "") ;;
+ *.c)
+ # Discover the nlist of each of the dlfiles.
+ nlist="$output_objdir/${my_outputname}.nm"
+
+ func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
+
+ # Parse the name list into a source file.
+ func_verbose "creating $output_objdir/$my_dlsyms"
+
+ $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
+/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* External symbol declarations for the compiler. */\
+"
+
+ if test "$dlself" = yes; then
+ func_verbose "generating symbol list for \`$output'"
+
+ $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
+
+ # Add our own program objects to the symbol list.
+ progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ for progfile in $progfiles; do
+ func_verbose "extracting global C symbols from \`$progfile'"
+ $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -n "$exclude_expsyms"; then
+ $opt_dry_run || {
+ eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ if test -n "$export_symbols_regex"; then
+ $opt_dry_run || {
+ eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ export_symbols="$output_objdir/$outputname.exp"
+ $opt_dry_run || {
+ $RM $export_symbols
+ eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ else
+ $opt_dry_run || {
+ eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ case $host in
+ *cygwin | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ fi
+ fi
+
+ for dlprefile in $dlprefiles; do
+ func_verbose "extracting global C symbols from \`$dlprefile'"
+ func_basename "$dlprefile"
+ name="$func_basename_result"
+ $opt_dry_run || {
+ eval '$ECHO ": $name " >> "$nlist"'
+ eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+ }
+ done
+
+ $opt_dry_run || {
+ # Make sure we have at least an empty file.
+ test -f "$nlist" || : > "$nlist"
+
+ if test -n "$exclude_expsyms"; then
+ $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+ $MV "$nlist"T "$nlist"
+ fi
+
+ # Try sorting and uniquifying the output.
+ if $GREP -v "^: " < "$nlist" |
+ if sort -k 3 </dev/null >/dev/null 2>&1; then
+ sort -k 3
+ else
+ sort +2
+ fi |
+ uniq > "$nlist"S; then
+ :
+ else
+ $GREP -v "^: " < "$nlist" > "$nlist"S
+ fi
+
+ if test -f "$nlist"S; then
+ eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
+ else
+ $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms"
+ fi
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+
+/* The mapping between symbol names and symbols. */
+typedef struct {
+ const char *name;
+ void *address;
+} lt_dlsymlist;
+"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+/* DATA imports from DLLs on WIN32 con't be const, because
+ runtime relocations are performed -- see ld's documentation
+ on pseudo-relocs. */"
+ lt_dlsym_const= ;;
+ *osf5*)
+ echo >> "$output_objdir/$my_dlsyms" "\
+/* This system does not cope well with relocations in const data */"
+ lt_dlsym_const= ;;
+ *)
+ lt_dlsym_const=const ;;
+ esac
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+extern $lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[];
+$lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[] =
+{\
+ { \"$my_originator\", (void *) 0 },"
+
+ case $need_lib_prefix in
+ no)
+ eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ *)
+ eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ esac
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt_${my_prefix}_LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+ } # !$opt_dry_run
+
+ pic_flag_for_symtable=
+ case "$compile_command " in
+ *" -static "*) ;;
+ *)
+ case $host in
+ # compiling the symbol table file with pic_flag works around
+ # a FreeBSD bug that causes programs to crash when -lm is
+ # linked before any other PIC object. But we must not use
+ # pic_flag when linking with -static. The problem exists in
+ # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+ *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
+ *-*-hpux*)
+ pic_flag_for_symtable=" $pic_flag" ;;
+ *)
+ if test "X$my_pic_p" != Xno; then
+ pic_flag_for_symtable=" $pic_flag"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ symtab_cflags=
+ for arg in $LTCFLAGS; do
+ case $arg in
+ -pie | -fpie | -fPIE) ;;
+ *) symtab_cflags="$symtab_cflags $arg" ;;
+ esac
+ done
+
+ # Now compile the dynamic symbol file.
+ func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
+
+ # Clean up the generated files.
+ func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"'
+
+ # Transform the symbol file into the correct name.
+ symfileobj="$output_objdir/${my_outputname}S.$objext"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ if test -f "$output_objdir/$my_outputname.def"; then
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ else
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ fi
+ ;;
+ *)
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ ;;
+ esac
+ ;;
+ *)
+ func_fatal_error "unknown suffix for \`$my_dlsyms'"
+ ;;
+ esac
+ else
+ # We keep going just in case the user didn't refer to
+ # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
+ # really was required.
+
+ # Nullify the symbol file.
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ fi
+}
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+ $opt_debug
+ win32_libid_type="unknown"
+ win32_fileres=`file -L $1 2>/dev/null`
+ case $win32_fileres in
+ *ar\ archive\ import\ library*) # definitely import
+ win32_libid_type="x86 archive import"
+ ;;
+ *ar\ archive*) # could be an import, or static
+ if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
+ $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+ win32_nmres=`eval $NM -f posix -A $1 |
+ $SED -n -e '
+ 1,100{
+ / I /{
+ s,.*,import,
+ p
+ q
+ }
+ }'`
+ case $win32_nmres in
+ import*) win32_libid_type="x86 archive import";;
+ *) win32_libid_type="x86 archive static";;
+ esac
+ fi
+ ;;
+ *DLL*)
+ win32_libid_type="x86 DLL"
+ ;;
+ *executable*) # but shell scripts are "executable" too...
+ case $win32_fileres in
+ *MS\ Windows\ PE\ Intel*)
+ win32_libid_type="x86 DLL"
+ ;;
+ esac
+ ;;
+ esac
+ $ECHO "$win32_libid_type"
+}
+
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+ $opt_debug
+ f_ex_an_ar_dir="$1"; shift
+ f_ex_an_ar_oldlib="$1"
+ func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?'
+ if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
+ fi
+}
+
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+ $opt_debug
+ my_gentop="$1"; shift
+ my_oldlibs=${1+"$@"}
+ my_oldobjs=""
+ my_xlib=""
+ my_xabs=""
+ my_xdir=""
+
+ for my_xlib in $my_oldlibs; do
+ # Extract the objects.
+ case $my_xlib in
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ *) my_xabs=`pwd`"/$my_xlib" ;;
+ esac
+ func_basename "$my_xlib"
+ my_xlib="$func_basename_result"
+ my_xlib_u=$my_xlib
+ while :; do
+ case " $extracted_archives " in
+ *" $my_xlib_u "*)
+ func_arith $extracted_serial + 1
+ extracted_serial=$func_arith_result
+ my_xlib_u=lt$extracted_serial-$my_xlib ;;
+ *) break ;;
+ esac
+ done
+ extracted_archives="$extracted_archives $my_xlib_u"
+ my_xdir="$my_gentop/$my_xlib_u"
+
+ func_mkdir_p "$my_xdir"
+
+ case $host in
+ *-darwin*)
+ func_verbose "Extracting $my_xabs"
+ # Do not bother doing anything if just a dry run
+ $opt_dry_run || {
+ darwin_orig_dir=`pwd`
+ cd $my_xdir || exit $?
+ darwin_archive=$my_xabs
+ darwin_curdir=`pwd`
+ darwin_base_archive=`basename "$darwin_archive"`
+ darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
+ if test -n "$darwin_arches"; then
+ darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
+ darwin_arch=
+ func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
+ for darwin_arch in $darwin_arches ; do
+ func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+ cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ cd "$darwin_curdir"
+ $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ done # $darwin_arches
+ ## Okay now we've a bunch of thin objects, gotta fatten them up :)
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u`
+ darwin_file=
+ darwin_files=
+ for darwin_file in $darwin_filelist; do
+ darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ $LIPO -create -output "$darwin_file" $darwin_files
+ done # $darwin_filelist
+ $RM -rf unfat-$$
+ cd "$darwin_orig_dir"
+ else
+ cd $darwin_orig_dir
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ fi # $darwin_arches
+ } # !$opt_dry_run
+ ;;
+ *)
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ ;;
+ esac
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ done
+
+ func_extract_archives_result="$my_oldobjs"
+}
+
+
+
+# func_emit_wrapper_part1 [arg=no]
+#
+# Emit the first part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part1 ()
+{
+ func_emit_wrapper_part1_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part1_arg1=$1
+ fi
+
+ $ECHO "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# Be Bourne compatible
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+ # install mode needs the following variables:
+ generated_by_libtool_version='$macro_version'
+ notinst_deplibs='$notinst_deplibs'
+else
+ # When we are sourced in execute mode, \$file and \$ECHO are already set.
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ ECHO=\"$qecho\"
+ file=\"\$0\"
+ # Make sure echo works.
+ if test \"X\$1\" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+ elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then
+ # Yippee, \$ECHO works!
+ :
+ else
+ # Restart under the correct shell, and then maybe \$ECHO will work.
+ exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+ fi
+ fi\
+"
+ $ECHO "\
+
+ # Find the directory that this script lives in.
+ thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+ # Follow symbolic links until we get to the real thisdir.
+ file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ while test -n \"\$file\"; do
+ destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+ # If there was a directory component, then change thisdir.
+ if test \"x\$destdir\" != \"x\$file\"; then
+ case \"\$destdir\" in
+ [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+ *) thisdir=\"\$thisdir/\$destdir\" ;;
+ esac
+ fi
+
+ file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ done
+"
+}
+# end: func_emit_wrapper_part1
+
+# func_emit_wrapper_part2 [arg=no]
+#
+# Emit the second part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part2 ()
+{
+ func_emit_wrapper_part2_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part2_arg1=$1
+ fi
+
+ $ECHO "\
+
+ # Usually 'no', except on cygwin/mingw when embedded into
+ # the cwrapper.
+ WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1
+ if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
+ # special case for '.'
+ if test \"\$thisdir\" = \".\"; then
+ thisdir=\`pwd\`
+ fi
+ # remove .libs from thisdir
+ case \"\$thisdir\" in
+ *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;;
+ $objdir ) thisdir=. ;;
+ esac
+ fi
+
+ # Try to get the absolute directory name.
+ absdir=\`cd \"\$thisdir\" && pwd\`
+ test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+ if test "$fast_install" = yes; then
+ $ECHO "\
+ program=lt-'$outputname'$exeext
+ progdir=\"\$thisdir/$objdir\"
+
+ if test ! -f \"\$progdir/\$program\" ||
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+ file=\"\$\$-\$program\"
+
+ if test ! -d \"\$progdir\"; then
+ $MKDIR \"\$progdir\"
+ else
+ $RM \"\$progdir/\$file\"
+ fi"
+
+ $ECHO "\
+
+ # relink executable if necessary
+ if test -n \"\$relink_command\"; then
+ if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+ else
+ $ECHO \"\$relink_command_output\" >&2
+ $RM \"\$progdir/\$file\"
+ exit 1
+ fi
+ fi
+
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+ { $RM \"\$progdir/\$program\";
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+ $RM \"\$progdir/\$file\"
+ fi"
+ else
+ $ECHO "\
+ program='$outputname'
+ progdir=\"\$thisdir/$objdir\"
+"
+ fi
+
+ $ECHO "\
+
+ if test -f \"\$progdir/\$program\"; then"
+
+ # Export our shlibpath_var if we have one.
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ $ECHO "\
+ # Add our own library path to $shlibpath_var
+ $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+ # Some systems cannot cope with colon-terminated $shlibpath_var
+ # The second colon is a workaround for a bug in BeOS R4 sed
+ $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+ export $shlibpath_var
+"
+ fi
+
+ # fixup the dll searchpath if we need to.
+ if test -n "$dllsearchpath"; then
+ $ECHO "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
+ $ECHO "\
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ # Run the actual program with our arguments.
+"
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2* | *-cegcc*)
+ $ECHO "\
+ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $ECHO "\
+ exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $ECHO "\
+ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+ exit 1
+ fi
+ else
+ # The program doesn't exist.
+ \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+ \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
+ $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+ exit 1
+ fi
+fi\
+"
+}
+# end: func_emit_wrapper_part2
+
+
+# func_emit_wrapper [arg=no]
+#
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
+# incorporate the script contents within a cygwin/mingw
+# wrapper executable. Must ONLY be called from within
+# func_mode_link because it depends on a number of variables
+# set therein.
+#
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# variable will take. If 'yes', then the emitted script
+# will assume that the directory in which it is stored is
+# the $objdir directory. This is a cygwin/mingw-specific
+# behavior.
+func_emit_wrapper ()
+{
+ func_emit_wrapper_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_arg1=$1
+ fi
+
+ # split this up so that func_emit_cwrapperexe_src
+ # can call each part independently.
+ func_emit_wrapper_part1 "${func_emit_wrapper_arg1}"
+ func_emit_wrapper_part2 "${func_emit_wrapper_arg1}"
+}
+
+
+# func_to_host_path arg
+#
+# Convert paths to host format when used with build tools.
+# Intended for use with "native" mingw (where libtool itself
+# is running under the msys shell), or in the following cross-
+# build environments:
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+# where wine is equipped with the `winepath' executable.
+# In the native mingw case, the (msys) shell automatically
+# converts paths for any non-msys applications it launches,
+# but that facility isn't available from inside the cwrapper.
+# Similar accommodations are necessary for $host mingw and
+# $build cygwin. Calling this function does no harm for other
+# $host/$build combinations not listed above.
+#
+# ARG is the path (on $build) that should be converted to
+# the proper representation for $host. The result is stored
+# in $func_to_host_path_result.
+func_to_host_path ()
+{
+ func_to_host_path_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ case $build in
+ *mingw* ) # actually, msys
+ # awkward: cmd appends spaces to result
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_path_tmp1=`( cmd //c echo "$1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_path_tmp1=`cygpath -w "$1"`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # Unfortunately, winepath does not exit with a non-zero
+ # error code, so we are forced to check the contents of
+ # stdout. On the other hand, if the command is not
+ # found, the shell will set an exit code of 127 and print
+ # *an error message* to stdout. So we must check for both
+ # error code of zero AND non-empty stdout, which explains
+ # the odd construction:
+ func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null`
+ if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ else
+ # Allow warning below.
+ func_to_host_path_result=""
+ fi
+ ;;
+ esac
+ if test -z "$func_to_host_path_result" ; then
+ func_error "Could not determine host path corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback:
+ func_to_host_path_result="$1"
+ fi
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_path
+
+# func_to_host_pathlist arg
+#
+# Convert pathlists to host format when used with build tools.
+# See func_to_host_path(), above. This function supports the
+# following $build/$host combinations (but does no harm for
+# combinations not listed here):
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+#
+# Path separators are also converted from $build format to
+# $host format. If ARG begins or ends with a path separator
+# character, it is preserved (but converted to $host format)
+# on output.
+#
+# ARG is a pathlist (on $build) that should be converted to
+# the proper representation on $host. The result is stored
+# in $func_to_host_pathlist_result.
+func_to_host_pathlist ()
+{
+ func_to_host_pathlist_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ # Remove leading and trailing path separator characters from
+ # ARG. msys behavior is inconsistent here, cygpath turns them
+ # into '.;' and ';.', and winepath ignores them completely.
+ func_to_host_pathlist_tmp2="$1"
+ # Once set for this call, this variable should not be
+ # reassigned. It is used in tha fallback case.
+ func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e 's|^:*||' -e 's|:*$||'`
+ case $build in
+ *mingw* ) # Actually, msys.
+ # Awkward: cmd appends spaces to result.
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # unfortunately, winepath doesn't convert pathlists
+ func_to_host_pathlist_result=""
+ func_to_host_pathlist_oldIFS=$IFS
+ IFS=:
+ for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do
+ IFS=$func_to_host_pathlist_oldIFS
+ if test -n "$func_to_host_pathlist_f" ; then
+ func_to_host_path "$func_to_host_pathlist_f"
+ if test -n "$func_to_host_path_result" ; then
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_to_host_pathlist_result="$func_to_host_path_result"
+ else
+ func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result"
+ fi
+ fi
+ fi
+ IFS=:
+ done
+ IFS=$func_to_host_pathlist_oldIFS
+ ;;
+ esac
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_error "Could not determine the host path(s) corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback. This may break if $1 contains DOS-style drive
+ # specifications. The fix is not to complicate the expression
+ # below, but for the user to provide a working wine installation
+ # with winepath so that path translation in the cross-to-mingw
+ # case works properly.
+ lt_replace_pathsep_nix_to_dos="s|:|;|g"
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_replace_pathsep_nix_to_dos"`
+ fi
+ # Now, add the leading and trailing path separators back
+ case "$1" in
+ :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result"
+ ;;
+ esac
+ case "$1" in
+ *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_pathlist
+
+# func_emit_cwrapperexe_src
+# emit the source code for a wrapper executable on stdout
+# Must ONLY be called from within func_mode_link because
+# it depends on a number of variable set therein.
+func_emit_cwrapperexe_src ()
+{
+ cat <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+ Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+
+ The $output program cannot be directly executed until all the libtool
+ libraries that it depends on are installed.
+
+ This wrapper executable should never be moved out of the build directory.
+ If it is, it will not operate correctly.
+
+ Currently, it simply execs the wrapper *script* "$SHELL $output",
+ but could eventually absorb all of the scripts functionality and
+ exec $objdir/$outputname directly.
+*/
+EOF
+ cat <<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+# include <process.h>
+# include <io.h>
+# define setmode _setmode
+#else
+# include <unistd.h>
+# include <stdint.h>
+# ifdef __CYGWIN__
+# include <io.h>
+# define HAVE_SETENV
+# ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+# endif
+# endif
+#endif
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef S_IXOTH
+# define S_IXOTH 0
+#endif
+#ifndef S_IXGRP
+# define S_IXGRP 0
+#endif
+
+#ifdef _MSC_VER
+# define S_IXUSR _S_IEXEC
+# define stat _stat
+# ifndef _INTPTR_T_DEFINED
+# define intptr_t int
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+ defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# define FOPEN_WB "wb"
+# ifndef DIR_SEPARATOR_2
+# define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+# define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#ifdef __CYGWIN__
+# define FOPEN_WB "wb"
+#endif
+
+#ifndef FOPEN_WB
+# define FOPEN_WB "w"
+#endif
+#ifndef _O_BINARY
+# define _O_BINARY 0
+#endif
+
+#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+ if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+#undef LTWRAPPER_DEBUGPRINTF
+#if defined DEBUGWRAPPER
+# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args
+static void
+ltwrapper_debugprintf (const char *fmt, ...)
+{
+ va_list args;
+ va_start (args, fmt);
+ (void) vfprintf (stderr, fmt, args);
+ va_end (args);
+}
+#else
+# define LTWRAPPER_DEBUGPRINTF(args)
+#endif
+
+const char *program_name = NULL;
+
+void *xmalloc (size_t num);
+char *xstrdup (const char *string);
+const char *base_name (const char *name);
+char *find_executable (const char *wrapper);
+char *chase_symlinks (const char *pathspec);
+int make_executable (const char *path);
+int check_executable (const char *path);
+char *strendzap (char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_opt_process_env_set (const char *arg);
+void lt_opt_process_env_prepend (const char *arg);
+void lt_opt_process_env_append (const char *arg);
+int lt_split_name_value (const char *arg, char** name, char** value);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+
+static const char *script_text_part1 =
+EOF
+
+ func_emit_wrapper_part1 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+ cat <<EOF
+
+static const char *script_text_part2 =
+EOF
+ func_emit_wrapper_part2 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+
+ cat <<EOF
+const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
+EOF
+
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ func_to_host_pathlist "$temp_rpath"
+ cat <<EOF
+const char * LIB_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * LIB_PATH_VALUE = "";
+EOF
+ fi
+
+ if test -n "$dllsearchpath"; then
+ func_to_host_pathlist "$dllsearchpath:"
+ cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE = "";
+EOF
+ fi
+
+ if test "$fast_install" = yes; then
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+ else
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+ fi
+
+
+ cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX "--lt-"
+#define LTWRAPPER_OPTION_PREFIX_LENGTH 5
+
+static const size_t opt_prefix_len = LTWRAPPER_OPTION_PREFIX_LENGTH;
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+
+static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script";
+
+static const size_t env_set_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 7;
+static const char *env_set_opt = LTWRAPPER_OPTION_PREFIX "env-set";
+ /* argument is putenv-style "foo=bar", value of foo is set to bar */
+
+static const size_t env_prepend_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 11;
+static const char *env_prepend_opt = LTWRAPPER_OPTION_PREFIX "env-prepend";
+ /* argument is putenv-style "foo=bar", new value of foo is bar${foo} */
+
+static const size_t env_append_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 10;
+static const char *env_append_opt = LTWRAPPER_OPTION_PREFIX "env-append";
+ /* argument is putenv-style "foo=bar", new value of foo is ${foo}bar */
+
+int
+main (int argc, char *argv[])
+{
+ char **newargz;
+ int newargc;
+ char *tmp_pathspec;
+ char *actual_cwrapper_path;
+ char *actual_cwrapper_name;
+ char *target_name;
+ char *lt_argv_zero;
+ intptr_t rval = 127;
+
+ int i;
+
+ program_name = (char *) xstrdup (base_name (argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) argv[0] : %s\n", argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name));
+
+ /* very simple arg parsing; don't want to rely on getopt */
+ for (i = 1; i < argc; i++)
+ {
+ if (strcmp (argv[i], dumpscript_opt) == 0)
+ {
+EOF
+ case "$host" in
+ *mingw* | *cygwin* )
+ # make stdout use "unix" line endings
+ echo " setmode(1,_O_BINARY);"
+ ;;
+ esac
+
+ cat <<"EOF"
+ printf ("%s", script_text_part1);
+ printf ("%s", script_text_part2);
+ return 0;
+ }
+ }
+
+ newargz = XMALLOC (char *, argc + 1);
+ tmp_pathspec = find_executable (argv[0]);
+ if (tmp_pathspec == NULL)
+ lt_fatal ("Couldn't find %s", argv[0]);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n",
+ tmp_pathspec));
+
+ actual_cwrapper_path = chase_symlinks (tmp_pathspec);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n",
+ actual_cwrapper_path));
+ XFREE (tmp_pathspec);
+
+ actual_cwrapper_name = xstrdup( base_name (actual_cwrapper_path));
+ strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+ /* wrapper name transforms */
+ strendzap (actual_cwrapper_name, ".exe");
+ tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+ XFREE (actual_cwrapper_name);
+ actual_cwrapper_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ /* target_name transforms -- use actual target program name; might have lt- prefix */
+ target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+ strendzap (target_name, ".exe");
+ tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+ XFREE (target_name);
+ target_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) libtool target name: %s\n",
+ target_name));
+EOF
+
+ cat <<EOF
+ newargz[0] =
+ XMALLOC (char, (strlen (actual_cwrapper_path) +
+ strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+ strcpy (newargz[0], actual_cwrapper_path);
+ strcat (newargz[0], "$objdir");
+ strcat (newargz[0], "/");
+EOF
+
+ cat <<"EOF"
+ /* stop here, and copy so we don't have to do this twice */
+ tmp_pathspec = xstrdup (newargz[0]);
+
+ /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+ strcat (newargz[0], actual_cwrapper_name);
+
+ /* DO want the lt- prefix here if it exists, so use target_name */
+ lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+ XFREE (tmp_pathspec);
+ tmp_pathspec = NULL;
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ {
+ char* p;
+ while ((p = strchr (newargz[0], '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ while ((p = strchr (lt_argv_zero, '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ }
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+ XFREE (target_name);
+ XFREE (actual_cwrapper_path);
+ XFREE (actual_cwrapper_name);
+
+ lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+ lt_setenv ("DUALCASE", "1"); /* for MSK sh */
+ lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+ lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+
+ newargc=0;
+ for (i = 1; i < argc; i++)
+ {
+ if (strncmp (argv[i], env_set_opt, env_set_opt_len) == 0)
+ {
+ if (argv[i][env_set_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_set_opt_len + 1;
+ lt_opt_process_env_set (p);
+ }
+ else if (argv[i][env_set_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_set (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_set_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_prepend_opt, env_prepend_opt_len) == 0)
+ {
+ if (argv[i][env_prepend_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_prepend_opt_len + 1;
+ lt_opt_process_env_prepend (p);
+ }
+ else if (argv[i][env_prepend_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_prepend (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_prepend_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_append_opt, env_append_opt_len) == 0)
+ {
+ if (argv[i][env_append_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_append_opt_len + 1;
+ lt_opt_process_env_append (p);
+ }
+ else if (argv[i][env_append_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_append (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_append_opt);
+ continue;
+ }
+ if (strncmp (argv[i], ltwrapper_option_prefix, opt_prefix_len) == 0)
+ {
+ /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+ namespace, but it is not one of the ones we know about and
+ have already dealt with, above (inluding dump-script), then
+ report an error. Otherwise, targets might begin to believe
+ they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+ namespace. The first time any user complains about this, we'll
+ need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+ or a configure.ac-settable value.
+ */
+ lt_fatal ("Unrecognized option in %s namespace: '%s'",
+ ltwrapper_option_prefix, argv[i]);
+ }
+ /* otherwise ... */
+ newargz[++newargc] = xstrdup (argv[i]);
+ }
+ newargz[++newargc] = NULL;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) lt_argv_zero : %s\n", (lt_argv_zero ? lt_argv_zero : "<NULL>")));
+ for (i = 0; i < newargc; i++)
+ {
+ LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : "<NULL>")));
+ }
+
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ /* execv doesn't actually work on mingw as expected on unix */
+ rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+ if (rval == -1)
+ {
+ /* failed to start process */
+ LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno));
+ return 127;
+ }
+ return rval;
+EOF
+ ;;
+ *)
+ cat <<"EOF"
+ execv (lt_argv_zero, newargz);
+ return rval; /* =127, but avoids unused variable warning */
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+ void *p = (void *) malloc (num);
+ if (!p)
+ lt_fatal ("Memory exhausted");
+
+ return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+ return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
+ string) : NULL;
+}
+
+const char *
+base_name (const char *name)
+{
+ const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ /* Skip over the disk name in MSDOS pathnames. */
+ if (isalpha ((unsigned char) name[0]) && name[1] == ':')
+ name += 2;
+#endif
+
+ for (base = name; *name; name++)
+ if (IS_DIR_SEPARATOR (*name))
+ base = name + 1;
+ return base;
+}
+
+int
+check_executable (const char *path)
+{
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if ((stat (path, &st) >= 0)
+ && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
+ return 1;
+ else
+ return 0;
+}
+
+int
+make_executable (const char *path)
+{
+ int rval = 0;
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if (stat (path, &st) >= 0)
+ {
+ rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
+ }
+ return rval;
+}
+
+/* Searches for the full path of the wrapper. Returns
+ newly allocated full path name if found, NULL otherwise
+ Does not chase symlinks, even on platforms that support them.
+*/
+char *
+find_executable (const char *wrapper)
+{
+ int has_slash = 0;
+ const char *p;
+ const char *p_next;
+ /* static buffer for getcwd */
+ char tmp[LT_PATHMAX + 1];
+ int tmp_len;
+ char *concat_name;
+
+ LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n",
+ wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"));
+
+ if ((wrapper == NULL) || (*wrapper == '\0'))
+ return NULL;
+
+ /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ else
+ {
+#endif
+ if (IS_DIR_SEPARATOR (wrapper[0]))
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ }
+#endif
+
+ for (p = wrapper; *p; p++)
+ if (*p == '/')
+ {
+ has_slash = 1;
+ break;
+ }
+ if (!has_slash)
+ {
+ /* no slashes; search PATH */
+ const char *path = getenv ("PATH");
+ if (path != NULL)
+ {
+ for (p = path; *p; p = p_next)
+ {
+ const char *q;
+ size_t p_len;
+ for (q = p; *q; q++)
+ if (IS_PATH_SEPARATOR (*q))
+ break;
+ p_len = q - p;
+ p_next = (*q == '\0' ? q : q + 1);
+ if (p_len == 0)
+ {
+ /* empty path: current directory */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name =
+ XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+ }
+ else
+ {
+ concat_name =
+ XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, p, p_len);
+ concat_name[p_len] = '/';
+ strcpy (concat_name + p_len + 1, wrapper);
+ }
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ }
+ /* not found in PATH; assume curdir */
+ }
+ /* Relative path | not found in path: prepend cwd */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ return NULL;
+}
+
+char *
+chase_symlinks (const char *pathspec)
+{
+#ifndef S_ISLNK
+ return xstrdup (pathspec);
+#else
+ char buf[LT_PATHMAX];
+ struct stat s;
+ char *tmp_pathspec = xstrdup (pathspec);
+ char *p;
+ int has_symlinks = 0;
+ while (strlen (tmp_pathspec) && !has_symlinks)
+ {
+ LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n",
+ tmp_pathspec));
+ if (lstat (tmp_pathspec, &s) == 0)
+ {
+ if (S_ISLNK (s.st_mode) != 0)
+ {
+ has_symlinks = 1;
+ break;
+ }
+
+ /* search backwards for last DIR_SEPARATOR */
+ p = tmp_pathspec + strlen (tmp_pathspec) - 1;
+ while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ p--;
+ if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ {
+ /* no more DIR_SEPARATORS left */
+ break;
+ }
+ *p = '\0';
+ }
+ else
+ {
+ char *errstr = strerror (errno);
+ lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr);
+ }
+ }
+ XFREE (tmp_pathspec);
+
+ if (!has_symlinks)
+ {
+ return xstrdup (pathspec);
+ }
+
+ tmp_pathspec = realpath (pathspec, buf);
+ if (tmp_pathspec == 0)
+ {
+ lt_fatal ("Could not follow symlinks for %s", pathspec);
+ }
+ return xstrdup (tmp_pathspec);
+#endif
+}
+
+char *
+strendzap (char *str, const char *pat)
+{
+ size_t len, patlen;
+
+ assert (str != NULL);
+ assert (pat != NULL);
+
+ len = strlen (str);
+ patlen = strlen (pat);
+
+ if (patlen <= len)
+ {
+ str += len - patlen;
+ if (strcmp (str, pat) == 0)
+ *str = '\0';
+ }
+ return str;
+}
+
+static void
+lt_error_core (int exit_status, const char *mode,
+ const char *message, va_list ap)
+{
+ fprintf (stderr, "%s: %s: ", program_name, mode);
+ vfprintf (stderr, message, ap);
+ fprintf (stderr, ".\n");
+
+ if (exit_status >= 0)
+ exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+ va_list ap;
+ va_start (ap, message);
+ lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ va_end (ap);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+ {
+#ifdef HAVE_SETENV
+ /* always make a copy, for consistency with !HAVE_SETENV */
+ char *str = xstrdup (value);
+ setenv (name, str, 1);
+#else
+ int len = strlen (name) + 1 + strlen (value) + 1;
+ char *str = XMALLOC (char, len);
+ sprintf (str, "%s=%s", name, value);
+ if (putenv (str) != EXIT_SUCCESS)
+ {
+ XFREE (str);
+ }
+#endif
+ }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+ char *new_value;
+ if (orig_value && *orig_value)
+ {
+ int orig_value_len = strlen (orig_value);
+ int add_len = strlen (add);
+ new_value = XMALLOC (char, add_len + orig_value_len + 1);
+ if (to_end)
+ {
+ strcpy (new_value, orig_value);
+ strcpy (new_value + orig_value_len, add);
+ }
+ else
+ {
+ strcpy (new_value, add);
+ strcpy (new_value + add_len, orig_value);
+ }
+ }
+ else
+ {
+ new_value = xstrdup (add);
+ }
+ return new_value;
+}
+
+int
+lt_split_name_value (const char *arg, char** name, char** value)
+{
+ const char *p;
+ int len;
+ if (!arg || !*arg)
+ return 1;
+
+ p = strchr (arg, (int)'=');
+
+ if (!p)
+ return 1;
+
+ *value = xstrdup (++p);
+
+ len = strlen (arg) - strlen (*value);
+ *name = XMALLOC (char, len);
+ strncpy (*name, arg, len-1);
+ (*name)[len - 1] = '\0';
+
+ return 0;
+}
+
+void
+lt_opt_process_env_set (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg);
+ }
+
+ lt_setenv (name, value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_prepend (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_append (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 1);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ /* some systems can't cope with a ':'-terminated path #' */
+ int len = strlen (new_value);
+ while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+ {
+ new_value[len-1] = '\0';
+ }
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+
+EOF
+}
+# end: func_emit_cwrapperexe_src
+
+# func_mode_link arg...
+func_mode_link ()
+{
+ $opt_debug
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ # It is impossible to link a dll without this setting, and
+ # we shouldn't force the makefile maintainer to figure out
+ # which system we are compiling for in order to pass an extra
+ # flag for every libtool invocation.
+ # allow_undefined=no
+
+ # FIXME: Unfortunately, there are problems with the above when trying
+ # to make a dll which has undefined symbols, in which case not
+ # even a static library is built. For now, we need to specify
+ # -no-undefined on the libtool link line when we can be certain
+ # that all symbols are satisfied, otherwise we get a static library.
+ allow_undefined=yes
+ ;;
+ *)
+ allow_undefined=yes
+ ;;
+ esac
+ libtool_args=$nonopt
+ base_compile="$nonopt $@"
+ compile_command=$nonopt
+ finalize_command=$nonopt
+
+ compile_rpath=
+ finalize_rpath=
+ compile_shlibpath=
+ finalize_shlibpath=
+ convenience=
+ old_convenience=
+ deplibs=
+ old_deplibs=
+ compiler_flags=
+ linker_flags=
+ dllsearchpath=
+ lib_search_path=`pwd`
+ inst_prefix_dir=
+ new_inherited_linker_flags=
+
+ avoid_version=no
+ dlfiles=
+ dlprefiles=
+ dlself=no
+ export_dynamic=no
+ export_symbols=
+ export_symbols_regex=
+ generated=
+ libobjs=
+ ltlibs=
+ module=no
+ no_install=no
+ objs=
+ non_pic_objects=
+ precious_files_regex=
+ prefer_static_libs=no
+ preload=no
+ prev=
+ prevarg=
+ release=
+ rpath=
+ xrpath=
+ perm_rpath=
+ temp_rpath=
+ thread_safe=no
+ vinfo=
+ vinfo_number=no
+ weak_libs=
+ single_module="${wl}-single_module"
+ func_infer_tag $base_compile
+
+ # We need to know -static, to get the right output filenames.
+ for arg
+ do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ break
+ ;;
+ -all-static | -static | -static-libtool-libs)
+ case $arg in
+ -all-static)
+ if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ func_warning "complete static linking is impossible in this configuration"
+ fi
+ if test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ -static)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=built
+ ;;
+ -static-libtool-libs)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ esac
+ build_libtool_libs=no
+ build_old_libs=yes
+ break
+ ;;
+ esac
+ done
+
+ # See if our shared archives depend on static archives.
+ test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+ # Go through the arguments, transforming them on the way.
+ while test "$#" -gt 0; do
+ arg="$1"
+ shift
+ func_quote_for_eval "$arg"
+ qarg=$func_quote_for_eval_unquoted_result
+ func_append libtool_args " $func_quote_for_eval_result"
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ output)
+ func_append compile_command " @OUTPUT@"
+ func_append finalize_command " @OUTPUT@"
+ ;;
+ esac
+
+ case $prev in
+ dlfiles|dlprefiles)
+ if test "$preload" = no; then
+ # Add the symbol object into the linking commands.
+ func_append compile_command " @SYMFILE@"
+ func_append finalize_command " @SYMFILE@"
+ preload=yes
+ fi
+ case $arg in
+ *.la | *.lo) ;; # We handle these cases below.
+ force)
+ if test "$dlself" = no; then
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ self)
+ if test "$prev" = dlprefiles; then
+ dlself=yes
+ elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ dlself=yes
+ else
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ *)
+ if test "$prev" = dlfiles; then
+ dlfiles="$dlfiles $arg"
+ else
+ dlprefiles="$dlprefiles $arg"
+ fi
+ prev=
+ continue
+ ;;
+ esac
+ ;;
+ expsyms)
+ export_symbols="$arg"
+ test -f "$arg" \
+ || func_fatal_error "symbol file \`$arg' does not exist"
+ prev=
+ continue
+ ;;
+ expsyms_regex)
+ export_symbols_regex="$arg"
+ prev=
+ continue
+ ;;
+ framework)
+ case $host in
+ *-*-darwin*)
+ case "$deplibs " in
+ *" $qarg.ltframework "*) ;;
+ *) deplibs="$deplibs $qarg.ltframework" # this is fixed later
+ ;;
+ esac
+ ;;
+ esac
+ prev=
+ continue
+ ;;
+ inst_prefix)
+ inst_prefix_dir="$arg"
+ prev=
+ continue
+ ;;
+ objectlist)
+ if test -f "$arg"; then
+ save_arg=$arg
+ moreargs=
+ for fil in `cat "$save_arg"`
+ do
+# moreargs="$moreargs $fil"
+ arg=$fil
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ done
+ else
+ func_fatal_error "link input file \`$arg' does not exist"
+ fi
+ arg=$save_arg
+ prev=
+ continue
+ ;;
+ precious_regex)
+ precious_files_regex="$arg"
+ prev=
+ continue
+ ;;
+ release)
+ release="-$arg"
+ prev=
+ continue
+ ;;
+ rpath | xrpath)
+ # We need an absolute path.
+ case $arg in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ if test "$prev" = rpath; then
+ case "$rpath " in
+ *" $arg "*) ;;
+ *) rpath="$rpath $arg" ;;
+ esac
+ else
+ case "$xrpath " in
+ *" $arg "*) ;;
+ *) xrpath="$xrpath $arg" ;;
+ esac
+ fi
+ prev=
+ continue
+ ;;
+ shrext)
+ shrext_cmds="$arg"
+ prev=
+ continue
+ ;;
+ weak)
+ weak_libs="$weak_libs $arg"
+ prev=
+ continue
+ ;;
+ xcclinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xcompiler)
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xlinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $wl$qarg"
+ prev=
+ func_append compile_command " $wl$qarg"
+ func_append finalize_command " $wl$qarg"
+ continue
+ ;;
+ *)
+ eval "$prev=\"\$arg\""
+ prev=
+ continue
+ ;;
+ esac
+ fi # test -n "$prev"
+
+ prevarg="$arg"
+
+ case $arg in
+ -all-static)
+ if test -n "$link_static_flag"; then
+ # See comment for -static flag below, for more details.
+ func_append compile_command " $link_static_flag"
+ func_append finalize_command " $link_static_flag"
+ fi
+ continue
+ ;;
+
+ -allow-undefined)
+ # FIXME: remove this flag sometime in the future.
+ func_fatal_error "\`-allow-undefined' must not be used because it is the default"
+ ;;
+
+ -avoid-version)
+ avoid_version=yes
+ continue
+ ;;
+
+ -dlopen)
+ prev=dlfiles
+ continue
+ ;;
+
+ -dlpreopen)
+ prev=dlprefiles
+ continue
+ ;;
+
+ -export-dynamic)
+ export_dynamic=yes
+ continue
+ ;;
+
+ -export-symbols | -export-symbols-regex)
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ func_fatal_error "more than one -exported-symbols argument is not allowed"
+ fi
+ if test "X$arg" = "X-export-symbols"; then
+ prev=expsyms
+ else
+ prev=expsyms_regex
+ fi
+ continue
+ ;;
+
+ -framework)
+ prev=framework
+ continue
+ ;;
+
+ -inst-prefix-dir)
+ prev=inst_prefix
+ continue
+ ;;
+
+ # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+ # so, if we see these flags be careful not to treat them like -L
+ -L[A-Z][A-Z]*:*)
+ case $with_gcc/$host in
+ no/*-*-irix* | /*-*-irix*)
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ ;;
+ esac
+ continue
+ ;;
+
+ -L*)
+ func_stripname '-L' '' "$arg"
+ dir=$func_stripname_result
+ if test -z "$dir"; then
+ if test "$#" -gt 0; then
+ func_fatal_error "require no space between \`-L' and \`$1'"
+ else
+ func_fatal_error "need path for \`-L' option"
+ fi
+ fi
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ test -z "$absdir" && \
+ func_fatal_error "cannot determine absolute directory name of \`$dir'"
+ dir="$absdir"
+ ;;
+ esac
+ case "$deplibs " in
+ *" -L$dir "*) ;;
+ *)
+ deplibs="$deplibs -L$dir"
+ lib_search_path="$lib_search_path $dir"
+ ;;
+ esac
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$dir:"*) ;;
+ ::) dllsearchpath=$dir;;
+ *) dllsearchpath="$dllsearchpath:$dir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ ::) dllsearchpath=$testbindir;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ continue
+ ;;
+
+ -l*)
+ if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*)
+ # These systems don't actually have a C or math library (as such)
+ continue
+ ;;
+ *-*-os2*)
+ # These systems don't actually have a C library (as such)
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C and math libraries are in the System framework
+ deplibs="$deplibs System.ltframework"
+ continue
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ test "X$arg" = "X-lc" && continue
+ ;;
+ esac
+ elif test "X$arg" = "X-lc_r"; then
+ case $host in
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc_r directly, use -pthread flag.
+ continue
+ ;;
+ esac
+ fi
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ -module)
+ module=yes
+ continue
+ ;;
+
+ # Tru64 UNIX uses -model [arg] to determine the layout of C++
+ # classes, name mangling, and exception handling.
+ # Darwin uses the -arch flag to determine output architecture.
+ -model|-arch|-isysroot)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ prev=xcompiler
+ continue
+ ;;
+
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ case "$new_inherited_linker_flags " in
+ *" $arg "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;;
+ esac
+ continue
+ ;;
+
+ -multi_module)
+ single_module="${wl}-multi_module"
+ continue
+ ;;
+
+ -no-fast-install)
+ fast_install=no
+ continue
+ ;;
+
+ -no-install)
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+ # The PATH hackery in wrapper scripts is required on Windows
+ # and Darwin in order for the loader to find any dlls it needs.
+ func_warning "\`-no-install' is ignored for $host"
+ func_warning "assuming \`-no-fast-install' instead"
+ fast_install=no
+ ;;
+ *) no_install=yes ;;
+ esac
+ continue
+ ;;
+
+ -no-undefined)
+ allow_undefined=no
+ continue
+ ;;
+
+ -objectlist)
+ prev=objectlist
+ continue
+ ;;
+
+ -o) prev=output ;;
+
+ -precious-files-regex)
+ prev=precious_regex
+ continue
+ ;;
+
+ -release)
+ prev=release
+ continue
+ ;;
+
+ -rpath)
+ prev=rpath
+ continue
+ ;;
+
+ -R)
+ prev=xrpath
+ continue
+ ;;
+
+ -R*)
+ func_stripname '-R' '' "$arg"
+ dir=$func_stripname_result
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ continue
+ ;;
+
+ -shared)
+ # The effects of -shared are defined in a previous loop.
+ continue
+ ;;
+
+ -shrext)
+ prev=shrext
+ continue
+ ;;
+
+ -static | -static-libtool-libs)
+ # The effects of -static are defined in a previous loop.
+ # We used to do the same as -all-static on platforms that
+ # didn't have a PIC flag, but the assumption that the effects
+ # would be equivalent was wrong. It would break on at least
+ # Digital Unix and AIX.
+ continue
+ ;;
+
+ -thread-safe)
+ thread_safe=yes
+ continue
+ ;;
+
+ -version-info)
+ prev=vinfo
+ continue
+ ;;
+
+ -version-number)
+ prev=vinfo
+ vinfo_number=yes
+ continue
+ ;;
+
+ -weak)
+ prev=weak
+ continue
+ ;;
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Wl,*)
+ func_stripname '-Wl,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $wl$func_quote_for_eval_result"
+ linker_flags="$linker_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Xcompiler)
+ prev=xcompiler
+ continue
+ ;;
+
+ -Xlinker)
+ prev=xlinker
+ continue
+ ;;
+
+ -XCClinker)
+ prev=xcclinker
+ continue
+ ;;
+
+ # -msg_* for osf cc
+ -msg_*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+ # -r[0-9][0-9]* specifies the processor on the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+ # +DA*, +DD* enable 64-bit mode on the HP compiler
+ # -q* pass through compiler args for the IBM compiler
+ # -m*, -t[45]*, -txscale* pass through architecture-specific
+ # compiler args for GCC
+ # -F/path gives path to uninstalled frameworks, gcc on darwin
+ # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
+ # @file GCC response files
+ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ compiler_flags="$compiler_flags $arg"
+ continue
+ ;;
+
+ # Some other compiler flag.
+ -* | +*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ *.$objext)
+ # A standard object.
+ objs="$objs $arg"
+ ;;
+
+ *.lo)
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ ;;
+
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+ old_deplibs="$old_deplibs $arg"
+ continue
+ ;;
+
+ *.la)
+ # A libtool-controlled library.
+
+ if test "$prev" = dlfiles; then
+ # This library was specified with -dlopen.
+ dlfiles="$dlfiles $arg"
+ prev=
+ elif test "$prev" = dlprefiles; then
+ # The library was specified with -dlpreopen.
+ dlprefiles="$dlprefiles $arg"
+ prev=
+ else
+ deplibs="$deplibs $arg"
+ fi
+ continue
+ ;;
+
+ # Some other compiler argument.
+ *)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+ esac # arg
+
+ # Now actually substitute the argument into the commands.
+ if test -n "$arg"; then
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+ done # argument parsing loop
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prevarg' option requires an argument"
+
+ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ eval arg=\"$export_dynamic_flag_spec\"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+
+ oldlibs=
+ # calculate the name of the file, without its directory
+ func_basename "$output"
+ outputname="$func_basename_result"
+ libobjs_save="$libobjs"
+
+ if test -n "$shlibpath_var"; then
+ # get the directories listed in $shlibpath_var
+ eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ else
+ shlib_search_path=
+ fi
+ eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+ eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+ func_dirname "$output" "/" ""
+ output_objdir="$func_dirname_result$objdir"
+ # Create the object directory.
+ func_mkdir_p "$output_objdir"
+
+ # Determine the type of output
+ case $output in
+ "")
+ func_fatal_help "you must specify an output file"
+ ;;
+ *.$libext) linkmode=oldlib ;;
+ *.lo | *.$objext) linkmode=obj ;;
+ *.la) linkmode=lib ;;
+ *) linkmode=prog ;; # Anything else should be a program.
+ esac
+
+ specialdeplibs=
+
+ libs=
+ # Find all interdependent deplibs by searching for libraries
+ # that are linked more than once (e.g. -la -lb -la)
+ for deplib in $deplibs; do
+ if $opt_duplicate_deps ; then
+ case "$libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ libs="$libs $deplib"
+ done
+
+ if test "$linkmode" = lib; then
+ libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+ # Compute libraries that are listed more than once in $predeps
+ # $postdeps and mark them as special (i.e., whose duplicates are
+ # not to be eliminated).
+ pre_post_deps=
+ if $opt_duplicate_compiler_generated_deps; then
+ for pre_post_dep in $predeps $postdeps; do
+ case "$pre_post_deps " in
+ *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ esac
+ pre_post_deps="$pre_post_deps $pre_post_dep"
+ done
+ fi
+ pre_post_deps=
+ fi
+
+ deplibs=
+ newdependency_libs=
+ newlib_search_path=
+ need_relink=no # whether we're linking any uninstalled libtool libraries
+ notinst_deplibs= # not-installed libtool libraries
+ notinst_path= # paths that contain not-installed libtool libraries
+
+ case $linkmode in
+ lib)
+ passes="conv dlpreopen link"
+ for file in $dlfiles $dlprefiles; do
+ case $file in
+ *.la) ;;
+ *)
+ func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file"
+ ;;
+ esac
+ done
+ ;;
+ prog)
+ compile_deplibs=
+ finalize_deplibs=
+ alldeplibs=no
+ newdlfiles=
+ newdlprefiles=
+ passes="conv scan dlopen dlpreopen link"
+ ;;
+ *) passes="conv"
+ ;;
+ esac
+
+ for pass in $passes; do
+ # The preopen pass in lib mode reverses $deplibs; put it back here
+ # so that -L comes before libs that need it for instance...
+ if test "$linkmode,$pass" = "lib,link"; then
+ ## FIXME: Find the place where the list is rebuilt in the wrong
+ ## order, and fix it there properly
+ tmp_deplibs=
+ for deplib in $deplibs; do
+ tmp_deplibs="$deplib $tmp_deplibs"
+ done
+ deplibs="$tmp_deplibs"
+ fi
+
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan"; then
+ libs="$deplibs"
+ deplibs=
+ fi
+ if test "$linkmode" = prog; then
+ case $pass in
+ dlopen) libs="$dlfiles" ;;
+ dlpreopen) libs="$dlprefiles" ;;
+ link)
+ libs="$deplibs %DEPLIBS%"
+ test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
+ ;;
+ esac
+ fi
+ if test "$linkmode,$pass" = "lib,dlpreopen"; then
+ # Collect and forward deplibs of preopened libtool libs
+ for lib in $dlprefiles; do
+ # Ignore non-libtool-libs
+ dependency_libs=
+ case $lib in
+ *.la) func_source "$lib" ;;
+ esac
+
+ # Collect preopened libtool deplibs, except any this library
+ # has declared as weak libs
+ for deplib in $dependency_libs; do
+ deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"`
+ case " $weak_libs " in
+ *" $deplib_base "*) ;;
+ *) deplibs="$deplibs $deplib" ;;
+ esac
+ done
+ done
+ libs="$dlprefiles"
+ fi
+ if test "$pass" = dlopen; then
+ # Collect dlpreopened libraries
+ save_deplibs="$deplibs"
+ deplibs=
+ fi
+
+ for deplib in $libs; do
+ lib=
+ found=no
+ case $deplib in
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags $deplib"
+ if test "$linkmode" = lib ; then
+ case "$new_inherited_linker_flags " in
+ *" $deplib "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ esac
+ fi
+ fi
+ continue
+ ;;
+ -l*)
+ if test "$linkmode" != lib && test "$linkmode" != prog; then
+ func_warning "\`-l' is ignored for archives/objects"
+ continue
+ fi
+ func_stripname '-l' '' "$deplib"
+ name=$func_stripname_result
+ if test "$linkmode" = lib; then
+ searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+ else
+ searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
+ fi
+ for searchdir in $searchdirs; do
+ for search_ext in .la $std_shrext .so .a; do
+ # Search the libtool library
+ lib="$searchdir/lib${name}${search_ext}"
+ if test -f "$lib"; then
+ if test "$search_ext" = ".la"; then
+ found=yes
+ else
+ found=no
+ fi
+ break 2
+ fi
+ done
+ done
+ if test "$found" != yes; then
+ # deplib doesn't seem to be a libtool library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ else # deplib is a libtool library
+ # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+ # We need to do some special things here, and not later.
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $deplib "*)
+ if func_lalib_p "$lib"; then
+ library_names=
+ old_library=
+ func_source "$lib"
+ for l in $old_library $library_names; do
+ ll="$l"
+ done
+ if test "X$ll" = "X$old_library" ; then # only static version available
+ found=no
+ func_dirname "$lib" "" "."
+ ladir="$func_dirname_result"
+ lib=$ladir/$old_library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ fi
+ fi
+ ;;
+ *) ;;
+ esac
+ fi
+ fi
+ ;; # -l
+ *.ltframework)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ if test "$linkmode" = lib ; then
+ case "$new_inherited_linker_flags " in
+ *" $deplib "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ esac
+ fi
+ fi
+ continue
+ ;;
+ -L*)
+ case $linkmode in
+ lib)
+ deplibs="$deplib $deplibs"
+ test "$pass" = conv && continue
+ newdependency_libs="$deplib $newdependency_libs"
+ func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ prog)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ if test "$pass" = scan; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ *)
+ func_warning "\`-L' is ignored for archives/objects"
+ ;;
+ esac # linkmode
+ continue
+ ;; # -L
+ -R*)
+ if test "$pass" = link; then
+ func_stripname '-R' '' "$deplib"
+ dir=$func_stripname_result
+ # Make sure the xrpath contains only unique directories.
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ fi
+ deplibs="$deplib $deplibs"
+ continue
+ ;;
+ *.la) lib="$deplib" ;;
+ *.$libext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ case $linkmode in
+ lib)
+ # Linking convenience modules into shared libraries is allowed,
+ # but linking other static libraries is non-portable.
+ case " $dlpreconveniencelibs " in
+ *" $deplib "*) ;;
+ *)
+ valid_a_lib=no
+ case $deplibs_check_method in
+ match_pattern*)
+ set dummy $deplibs_check_method; shift
+ match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ valid_a_lib=yes
+ fi
+ ;;
+ pass_all)
+ valid_a_lib=yes
+ ;;
+ esac
+ if test "$valid_a_lib" != yes; then
+ $ECHO
+ $ECHO "*** Warning: Trying to link with static lib archive $deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because the file extensions .$libext of this argument makes me believe"
+ $ECHO "*** that it is just a static archive that I should not use here."
+ else
+ $ECHO
+ $ECHO "*** Warning: Linking the shared library $output against the"
+ $ECHO "*** static library $deplib is not portable!"
+ deplibs="$deplib $deplibs"
+ fi
+ ;;
+ esac
+ continue
+ ;;
+ prog)
+ if test "$pass" != link; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ continue
+ ;;
+ esac # linkmode
+ ;; # *.$libext
+ *.lo | *.$objext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ elif test "$linkmode" = prog; then
+ if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+ # If there is no dlopen support or we're linking statically,
+ # we need to preload.
+ newdlprefiles="$newdlprefiles $deplib"
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ newdlfiles="$newdlfiles $deplib"
+ fi
+ fi
+ continue
+ ;;
+ %DEPLIBS%)
+ alldeplibs=yes
+ continue
+ ;;
+ esac # case $deplib
+
+ if test "$found" = yes || test -f "$lib"; then :
+ else
+ func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'"
+ fi
+
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$lib" \
+ || func_fatal_error "\`$lib' is not a valid libtool archive"
+
+ func_dirname "$lib" "" "."
+ ladir="$func_dirname_result"
+
+ dlname=
+ dlopen=
+ dlpreopen=
+ libdir=
+ library_names=
+ old_library=
+ inherited_linker_flags=
+ # If the library was installed with an old release of libtool,
+ # it will not redefine variables installed, or shouldnotlink
+ installed=yes
+ shouldnotlink=no
+ avoidtemprpath=
+
+
+ # Read the .la file
+ func_source "$lib"
+
+ # Convert "-framework foo" to "foo.ltframework"
+ if test -n "$inherited_linker_flags"; then
+ tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'`
+ for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
+ case " $new_inherited_linker_flags " in
+ *" $tmp_inherited_linker_flag "*) ;;
+ *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";;
+ esac
+ done
+ fi
+ dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan" ||
+ { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+ test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+ test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+ fi
+
+ if test "$pass" = conv; then
+ # Only check for convenience libraries
+ deplibs="$lib $deplibs"
+ if test -z "$libdir"; then
+ if test -z "$old_library"; then
+ func_fatal_error "cannot find name of link library for \`$lib'"
+ fi
+ # It is a libtool convenience library, so add in its objects.
+ convenience="$convenience $ladir/$objdir/$old_library"
+ old_convenience="$old_convenience $ladir/$objdir/$old_library"
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ deplibs="$deplib $deplibs"
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+ elif test "$linkmode" != prog && test "$linkmode" != lib; then
+ func_fatal_error "\`$lib' is not a convenience library"
+ fi
+ continue
+ fi # $pass = conv
+
+
+ # Get the name of the library we link against.
+ linklib=
+ for l in $old_library $library_names; do
+ linklib="$l"
+ done
+ if test -z "$linklib"; then
+ func_fatal_error "cannot find name of link library for \`$lib'"
+ fi
+
+ # This library was specified with -dlopen.
+ if test "$pass" = dlopen; then
+ if test -z "$libdir"; then
+ func_fatal_error "cannot -dlopen a convenience library: \`$lib'"
+ fi
+ if test -z "$dlname" ||
+ test "$dlopen_support" != yes ||
+ test "$build_libtool_libs" = no; then
+ # If there is no dlname, no dlopen support or we're linking
+ # statically, we need to preload. We also need to preload any
+ # dependent libraries so libltdl's deplib preloader doesn't
+ # bomb out in the load deplibs phase.
+ dlprefiles="$dlprefiles $lib $dependency_libs"
+ else
+ newdlfiles="$newdlfiles $lib"
+ fi
+ continue
+ fi # $pass = dlopen
+
+ # We need an absolute path.
+ case $ladir in
+ [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+ *)
+ abs_ladir=`cd "$ladir" && pwd`
+ if test -z "$abs_ladir"; then
+ func_warning "cannot determine absolute directory name of \`$ladir'"
+ func_warning "passing it literally to the linker, although it might fail"
+ abs_ladir="$ladir"
+ fi
+ ;;
+ esac
+ func_basename "$lib"
+ laname="$func_basename_result"
+
+ # Find the relevant object directory and library name.
+ if test "X$installed" = Xyes; then
+ if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ func_warning "library \`$lib' was moved."
+ dir="$ladir"
+ absdir="$abs_ladir"
+ libdir="$abs_ladir"
+ else
+ dir="$libdir"
+ absdir="$libdir"
+ fi
+ test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+ else
+ if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ dir="$ladir"
+ absdir="$abs_ladir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ else
+ dir="$ladir/$objdir"
+ absdir="$abs_ladir/$objdir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ fi
+ fi # $installed = yes
+ func_stripname 'lib' '.la' "$laname"
+ name=$func_stripname_result
+
+ # This library was specified with -dlpreopen.
+ if test "$pass" = dlpreopen; then
+ if test -z "$libdir" && test "$linkmode" = prog; then
+ func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'"
+ fi
+ # Prefer using a static library (so that no silly _DYNAMIC symbols
+ # are required to link).
+ if test -n "$old_library"; then
+ newdlprefiles="$newdlprefiles $dir/$old_library"
+ # Keep a list of preopened convenience libraries to check
+ # that they are being used correctly in the link pass.
+ test -z "$libdir" && \
+ dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library"
+ # Otherwise, use the dlname, so that lt_dlopen finds it.
+ elif test -n "$dlname"; then
+ newdlprefiles="$newdlprefiles $dir/$dlname"
+ else
+ newdlprefiles="$newdlprefiles $dir/$linklib"
+ fi
+ fi # $pass = dlpreopen
+
+ if test -z "$libdir"; then
+ # Link the convenience library
+ if test "$linkmode" = lib; then
+ deplibs="$dir/$old_library $deplibs"
+ elif test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$dir/$old_library $compile_deplibs"
+ finalize_deplibs="$dir/$old_library $finalize_deplibs"
+ else
+ deplibs="$lib $deplibs" # used for prog,scan pass
+ fi
+ continue
+ fi
+
+
+ if test "$linkmode" = prog && test "$pass" != link; then
+ newlib_search_path="$newlib_search_path $ladir"
+ deplibs="$lib $deplibs"
+
+ linkalldeplibs=no
+ if test "$link_all_deplibs" != no || test -z "$library_names" ||
+ test "$build_libtool_libs" = no; then
+ linkalldeplibs=yes
+ fi
+
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ esac
+ # Need to link against all dependency_libs?
+ if test "$linkalldeplibs" = yes; then
+ deplibs="$deplib $deplibs"
+ else
+ # Need to hardcode shared library paths
+ # or/and link against static libraries
+ newdependency_libs="$deplib $newdependency_libs"
+ fi
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done # for deplib
+ continue
+ fi # $linkmode = prog...
+
+ if test "$linkmode,$pass" = "prog,link"; then
+ if test -n "$library_names" &&
+ { { test "$prefer_static_libs" = no ||
+ test "$prefer_static_libs,$installed" = "built,yes"; } ||
+ test -z "$old_library"; }; then
+ # We need to hardcode the library path
+ if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+ # Make sure the rpath contains only unique directories.
+ case "$temp_rpath:" in
+ *"$absdir:"*) ;;
+ *) temp_rpath="$temp_rpath$absdir:" ;;
+ esac
+ fi
+
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi # $linkmode,$pass = prog,link...
+
+ if test "$alldeplibs" = yes &&
+ { test "$deplibs_check_method" = pass_all ||
+ { test "$build_libtool_libs" = yes &&
+ test -n "$library_names"; }; }; then
+ # We only need to search for static libraries
+ continue
+ fi
+ fi
+
+ link_static=no # Whether the deplib will be linked statically
+ use_static_libs=$prefer_static_libs
+ if test "$use_static_libs" = built && test "$installed" = yes; then
+ use_static_libs=no
+ fi
+ if test -n "$library_names" &&
+ { test "$use_static_libs" = no || test -z "$old_library"; }; then
+ case $host in
+ *cygwin* | *mingw* | *cegcc*)
+ # No point in relinking DLLs because paths are not encoded
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=no
+ ;;
+ *)
+ if test "$installed" = no; then
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=yes
+ fi
+ ;;
+ esac
+ # This is a shared library
+
+ # Warn about portability, can't link against -module's on some
+ # systems (darwin). Don't bleat about dlopened modules though!
+ dlopenmodule=""
+ for dlpremoduletest in $dlprefiles; do
+ if test "X$dlpremoduletest" = "X$lib"; then
+ dlopenmodule="$dlpremoduletest"
+ break
+ fi
+ done
+ if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then
+ $ECHO
+ if test "$linkmode" = prog; then
+ $ECHO "*** Warning: Linking the executable $output against the loadable module"
+ else
+ $ECHO "*** Warning: Linking the shared library $output against the loadable module"
+ fi
+ $ECHO "*** $linklib is not portable!"
+ fi
+ if test "$linkmode" = lib &&
+ test "$hardcode_into_libs" = yes; then
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi
+
+ if test -n "$old_archive_from_expsyms_cmds"; then
+ # figure out the soname
+ set dummy $library_names
+ shift
+ realname="$1"
+ shift
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ # use dlname if we got it. it's perfectly good, no?
+ if test -n "$dlname"; then
+ soname="$dlname"
+ elif test -n "$soname_spec"; then
+ # bleh windows
+ case $host in
+ *cygwin* | mingw* | *cegcc*)
+ func_arith $current - $age
+ major=$func_arith_result
+ versuffix="-$major"
+ ;;
+ esac
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+
+ # Make a new name for the extract_expsyms_cmds to use
+ soroot="$soname"
+ func_basename "$soroot"
+ soname="$func_basename_result"
+ func_stripname 'lib' '.dll' "$soname"
+ newlib=libimp-$func_stripname_result.a
+
+ # If the library has no export list, then create one now
+ if test -f "$output_objdir/$soname-def"; then :
+ else
+ func_verbose "extracting exported symbol list from \`$soname'"
+ func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
+ fi
+
+ # Create $newlib
+ if test -f "$output_objdir/$newlib"; then :; else
+ func_verbose "generating import library for \`$soname'"
+ func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
+ fi
+ # make sure the library variables are pointing to the new library
+ dir=$output_objdir
+ linklib=$newlib
+ fi # test -n "$old_archive_from_expsyms_cmds"
+
+ if test "$linkmode" = prog || test "$mode" != relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ lib_linked=yes
+ case $hardcode_action in
+ immediate | unsupported)
+ if test "$hardcode_direct" = no; then
+ add="$dir/$linklib"
+ case $host in
+ *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+ *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+ *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+ *-*-unixware7*) add_dir="-L$dir" ;;
+ *-*-darwin* )
+ # if the lib is a (non-dlopened) module then we can not
+ # link against it, someone is ignoring the earlier warnings
+ if /usr/bin/file -L $add 2> /dev/null |
+ $GREP ": [^:]* bundle" >/dev/null ; then
+ if test "X$dlopenmodule" != "X$lib"; then
+ $ECHO "*** Warning: lib $linklib is a module, not a shared library"
+ if test -z "$old_library" ; then
+ $ECHO
+ $ECHO "*** And there doesn't seem to be a static archive available"
+ $ECHO "*** The link will probably fail, sorry"
+ else
+ add="$dir/$old_library"
+ fi
+ elif test -n "$old_library"; then
+ add="$dir/$old_library"
+ fi
+ fi
+ esac
+ elif test "$hardcode_minus_L" = no; then
+ case $host in
+ *-*-sunos*) add_shlibpath="$dir" ;;
+ esac
+ add_dir="-L$dir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = no; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ relink)
+ if test "$hardcode_direct" = yes &&
+ test "$hardcode_direct_absolute" = no; then
+ add="$dir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$dir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ *) lib_linked=no ;;
+ esac
+
+ if test "$lib_linked" != yes; then
+ func_fatal_configuration "unsupported hardcode properties"
+ fi
+
+ if test -n "$add_shlibpath"; then
+ case :$compile_shlibpath: in
+ *":$add_shlibpath:"*) ;;
+ *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+ esac
+ fi
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+ test -n "$add" && compile_deplibs="$add $compile_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ if test "$hardcode_direct" != yes &&
+ test "$hardcode_minus_L" != yes &&
+ test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ fi
+ fi
+ fi
+
+ if test "$linkmode" = prog || test "$mode" = relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ # Finalize command for both is simple: just hardcode it.
+ if test "$hardcode_direct" = yes &&
+ test "$hardcode_direct_absolute" = no; then
+ add="$libdir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$libdir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ add="-l$name"
+ elif test "$hardcode_automatic" = yes; then
+ if test -n "$inst_prefix_dir" &&
+ test -f "$inst_prefix_dir$libdir/$linklib" ; then
+ add="$inst_prefix_dir$libdir/$linklib"
+ else
+ add="$libdir/$linklib"
+ fi
+ else
+ # We cannot seem to hardcode it, guess we'll fake it.
+ add_dir="-L$libdir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ fi
+
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+ test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ fi
+ fi
+ elif test "$linkmode" = prog; then
+ # Here we assume that one of hardcode_direct or hardcode_minus_L
+ # is not unsupported. This is valid on all known static and
+ # shared platforms.
+ if test "$hardcode_direct" != unsupported; then
+ test -n "$old_library" && linklib="$old_library"
+ compile_deplibs="$dir/$linklib $compile_deplibs"
+ finalize_deplibs="$dir/$linklib $finalize_deplibs"
+ else
+ compile_deplibs="-l$name -L$dir $compile_deplibs"
+ finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+ fi
+ elif test "$build_libtool_libs" = yes; then
+ # Not a shared library
+ if test "$deplibs_check_method" != pass_all; then
+ # We're trying link a shared library against a static one
+ # but the system doesn't support it.
+
+ # Just print a warning and add the library to dependency_libs so
+ # that the program can be linked against the static library.
+ $ECHO
+ $ECHO "*** Warning: This system can not link to static lib archive $lib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have."
+ if test "$module" = yes; then
+ $ECHO "*** But as you try to build a module library, libtool will still create "
+ $ECHO "*** a static module, that should work as long as the dlopening application"
+ $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime."
+ if test -z "$global_symbol_pipe"; then
+ $ECHO
+ $ECHO "*** However, this would only work if libtool was able to extract symbol"
+ $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $ECHO "*** not find such a program. So, this module is probably useless."
+ $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ else
+ deplibs="$dir/$old_library $deplibs"
+ link_static=yes
+ fi
+ fi # link shared/static library?
+
+ if test "$linkmode" = lib; then
+ if test -n "$dependency_libs" &&
+ { test "$hardcode_into_libs" != yes ||
+ test "$build_old_libs" = yes ||
+ test "$link_static" = yes; }; then
+ # Extract -R from dependency_libs
+ temp_deplibs=
+ for libdir in $dependency_libs; do
+ case $libdir in
+ -R*) func_stripname '-R' '' "$libdir"
+ temp_xrpath=$func_stripname_result
+ case " $xrpath " in
+ *" $temp_xrpath "*) ;;
+ *) xrpath="$xrpath $temp_xrpath";;
+ esac;;
+ *) temp_deplibs="$temp_deplibs $libdir";;
+ esac
+ done
+ dependency_libs="$temp_deplibs"
+ fi
+
+ newlib_search_path="$newlib_search_path $absdir"
+ # Link against this library
+ test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+ # ... and its dependency_libs
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ newdependency_libs="$deplib $newdependency_libs"
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+
+ if test "$link_all_deplibs" != no; then
+ # Add the search paths of all dependency libraries
+ for deplib in $dependency_libs; do
+ path=
+ case $deplib in
+ -L*) path="$deplib" ;;
+ *.la)
+ func_dirname "$deplib" "" "."
+ dir="$func_dirname_result"
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ func_warning "cannot determine absolute directory name of \`$dir'"
+ absdir="$dir"
+ fi
+ ;;
+ esac
+ if $GREP "^installed=no" $deplib > /dev/null; then
+ case $host in
+ *-*-darwin*)
+ depdepl=
+ eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+ if test -n "$deplibrary_names" ; then
+ for tmp in $deplibrary_names ; do
+ depdepl=$tmp
+ done
+ if test -f "$absdir/$objdir/$depdepl" ; then
+ depdepl="$absdir/$objdir/$depdepl"
+ darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ if test -z "$darwin_install_name"; then
+ darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ fi
+ compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
+ linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}"
+ path=
+ fi
+ fi
+ ;;
+ *)
+ path="-L$absdir/$objdir"
+ ;;
+ esac
+ else
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$deplib' is not a valid libtool archive"
+ test "$absdir" != "$libdir" && \
+ func_warning "\`$deplib' seems to be moved"
+
+ path="-L$absdir"
+ fi
+ ;;
+ esac
+ case " $deplibs " in
+ *" $path "*) ;;
+ *) deplibs="$path $deplibs" ;;
+ esac
+ done
+ fi # link_all_deplibs != no
+ fi # linkmode = lib
+ done # for deplib in $libs
+ if test "$pass" = link; then
+ if test "$linkmode" = "prog"; then
+ compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
+ finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ fi
+ fi
+ dependency_libs="$newdependency_libs"
+ if test "$pass" = dlpreopen; then
+ # Link the dlpreopened libraries before other libraries
+ for deplib in $save_deplibs; do
+ deplibs="$deplib $deplibs"
+ done
+ fi
+ if test "$pass" != dlopen; then
+ if test "$pass" != conv; then
+ # Make sure lib_search_path contains only unique directories.
+ lib_search_path=
+ for dir in $newlib_search_path; do
+ case "$lib_search_path " in
+ *" $dir "*) ;;
+ *) lib_search_path="$lib_search_path $dir" ;;
+ esac
+ done
+ newlib_search_path=
+ fi
+
+ if test "$linkmode,$pass" != "prog,link"; then
+ vars="deplibs"
+ else
+ vars="compile_deplibs finalize_deplibs"
+ fi
+ for var in $vars dependency_libs; do
+ # Add libraries to $var in reverse order
+ eval tmp_libs=\"\$$var\"
+ new_libs=
+ for deplib in $tmp_libs; do
+ # FIXME: Pedantically, this is the right thing to do, so
+ # that some nasty dependency loop isn't accidentally
+ # broken:
+ #new_libs="$deplib $new_libs"
+ # Pragmatically, this seems to cause very few problems in
+ # practice:
+ case $deplib in
+ -L*) new_libs="$deplib $new_libs" ;;
+ -R*) ;;
+ *)
+ # And here is the reason: when a library appears more
+ # than once as an explicit dependence of a library, or
+ # is implicitly linked in more than once by the
+ # compiler, it is considered special, and multiple
+ # occurrences thereof are not removed. Compare this
+ # with having the same library being listed as a
+ # dependency of multiple other libraries: in this case,
+ # we know (pedantically, we assume) the library does not
+ # need to be listed more than once, so we keep only the
+ # last copy. This is not always right, but it is rare
+ # enough that we require users that really mean to play
+ # such unportable linking tricks to link the library
+ # using -Wl,-lname, so that libtool does not consider it
+ # for duplicate removal.
+ case " $specialdeplibs " in
+ *" $deplib "*) new_libs="$deplib $new_libs" ;;
+ *)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$deplib $new_libs" ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+ done
+ tmp_libs=
+ for deplib in $new_libs; do
+ case $deplib in
+ -L*)
+ case " $tmp_libs " in
+ *" $deplib "*) ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ done
+ eval $var=\"$tmp_libs\"
+ done # for var
+ fi
+ # Last step: remove runtime libs from dependency_libs
+ # (they stay in deplibs)
+ tmp_libs=
+ for i in $dependency_libs ; do
+ case " $predeps $postdeps $compiler_lib_search_path " in
+ *" $i "*)
+ i=""
+ ;;
+ esac
+ if test -n "$i" ; then
+ tmp_libs="$tmp_libs $i"
+ fi
+ done
+ dependency_libs=$tmp_libs
+ done # for pass
+ if test "$linkmode" = prog; then
+ dlfiles="$newdlfiles"
+ fi
+ if test "$linkmode" = prog || test "$linkmode" = lib; then
+ dlprefiles="$newdlprefiles"
+ fi
+
+ case $linkmode in
+ oldlib)
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ func_warning "\`-dlopen' is ignored for archives"
+ fi
+
+ case " $deplibs" in
+ *\ -l* | *\ -L*)
+ func_warning "\`-l' and \`-L' are ignored for archives" ;;
+ esac
+
+ test -n "$rpath" && \
+ func_warning "\`-rpath' is ignored for archives"
+
+ test -n "$xrpath" && \
+ func_warning "\`-R' is ignored for archives"
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info/-version-number' is ignored for archives"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for archives"
+
+ test -n "$export_symbols$export_symbols_regex" && \
+ func_warning "\`-export-symbols' is ignored for archives"
+
+ # Now set the variables for building old libraries.
+ build_libtool_libs=no
+ oldlibs="$output"
+ objs="$objs$old_deplibs"
+ ;;
+
+ lib)
+ # Make sure we only generate libraries of the form `libNAME.la'.
+ case $outputname in
+ lib*)
+ func_stripname 'lib' '.la' "$outputname"
+ name=$func_stripname_result
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ ;;
+ *)
+ test "$module" = no && \
+ func_fatal_help "libtool library \`$output' must begin with \`lib'"
+
+ if test "$need_lib_prefix" != no; then
+ # Add the "lib" prefix for modules if required
+ func_stripname '' '.la' "$outputname"
+ name=$func_stripname_result
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ else
+ func_stripname '' '.la' "$outputname"
+ libname=$func_stripname_result
+ fi
+ ;;
+ esac
+
+ if test -n "$objs"; then
+ if test "$deplibs_check_method" != pass_all; then
+ func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs"
+ else
+ $ECHO
+ $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
+ $ECHO "*** objects $objs is not portable!"
+ libobjs="$libobjs $objs"
+ fi
+ fi
+
+ test "$dlself" != no && \
+ func_warning "\`-dlopen self' is ignored for libtool libraries"
+
+ set dummy $rpath
+ shift
+ test "$#" -gt 1 && \
+ func_warning "ignoring multiple \`-rpath's for a libtool library"
+
+ install_libdir="$1"
+
+ oldlibs=
+ if test -z "$rpath"; then
+ if test "$build_libtool_libs" = yes; then
+ # Building a libtool convenience library.
+ # Some compilers have problems with a `.al' extension so
+ # convenience libraries should have the same extension an
+ # archive normally would.
+ oldlibs="$output_objdir/$libname.$libext $oldlibs"
+ build_libtool_libs=convenience
+ build_old_libs=yes
+ fi
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info/-version-number' is ignored for convenience libraries"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for convenience libraries"
+ else
+
+ # Parse the version information argument.
+ save_ifs="$IFS"; IFS=':'
+ set dummy $vinfo 0 0 0
+ shift
+ IFS="$save_ifs"
+
+ test -n "$7" && \
+ func_fatal_help "too many parameters to \`-version-info'"
+
+ # convert absolute version numbers to libtool ages
+ # this retains compatibility with .la files and attempts
+ # to make the code below a bit more comprehensible
+
+ case $vinfo_number in
+ yes)
+ number_major="$1"
+ number_minor="$2"
+ number_revision="$3"
+ #
+ # There are really only two kinds -- those that
+ # use the current revision as the major version
+ # and those that subtract age and use age as
+ # a minor version. But, then there is irix
+ # which has an extra 1 added just for fun
+ #
+ case $version_type in
+ darwin|linux|osf|windows|none)
+ func_arith $number_major + $number_minor
+ current=$func_arith_result
+ age="$number_minor"
+ revision="$number_revision"
+ ;;
+ freebsd-aout|freebsd-elf|sunos)
+ current="$number_major"
+ revision="$number_minor"
+ age="0"
+ ;;
+ irix|nonstopux)
+ func_arith $number_major + $number_minor
+ current=$func_arith_result
+ age="$number_minor"
+ revision="$number_minor"
+ lt_irix_increment=no
+ ;;
+ *)
+ func_fatal_configuration "$modename: unknown library version type \`$version_type'"
+ ;;
+ esac
+ ;;
+ no)
+ current="$1"
+ revision="$2"
+ age="$3"
+ ;;
+ esac
+
+ # Check that each of the things are valid numbers.
+ case $current in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "CURRENT \`$current' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ case $revision in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "REVISION \`$revision' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ case $age in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "AGE \`$age' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ if test "$age" -gt "$current"; then
+ func_error "AGE \`$age' is greater than the current interface number \`$current'"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ fi
+
+ # Calculate the version variables.
+ major=
+ versuffix=
+ verstring=
+ case $version_type in
+ none) ;;
+
+ darwin)
+ # Like Linux, but with the current version available in
+ # verstring for coding it into the library header
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix="$major.$age.$revision"
+ # Darwin ld doesn't like 0 for these options...
+ func_arith $current + 1
+ minor_current=$func_arith_result
+ xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+ verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+ ;;
+
+ freebsd-aout)
+ major=".$current"
+ versuffix=".$current.$revision";
+ ;;
+
+ freebsd-elf)
+ major=".$current"
+ versuffix=".$current"
+ ;;
+
+ irix | nonstopux)
+ if test "X$lt_irix_increment" = "Xno"; then
+ func_arith $current - $age
+ else
+ func_arith $current - $age + 1
+ fi
+ major=$func_arith_result
+
+ case $version_type in
+ nonstopux) verstring_prefix=nonstopux ;;
+ *) verstring_prefix=sgi ;;
+ esac
+ verstring="$verstring_prefix$major.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$revision
+ while test "$loop" -ne 0; do
+ func_arith $revision - $loop
+ iface=$func_arith_result
+ func_arith $loop - 1
+ loop=$func_arith_result
+ verstring="$verstring_prefix$major.$iface:$verstring"
+ done
+
+ # Before this point, $major must not contain `.'.
+ major=.$major
+ versuffix="$major.$revision"
+ ;;
+
+ linux)
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix="$major.$age.$revision"
+ ;;
+
+ osf)
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix=".$current.$age.$revision"
+ verstring="$current.$age.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$age
+ while test "$loop" -ne 0; do
+ func_arith $current - $loop
+ iface=$func_arith_result
+ func_arith $loop - 1
+ loop=$func_arith_result
+ verstring="$verstring:${iface}.0"
+ done
+
+ # Make executables depend on our current version.
+ verstring="$verstring:${current}.0"
+ ;;
+
+ qnx)
+ major=".$current"
+ versuffix=".$current"
+ ;;
+
+ sunos)
+ major=".$current"
+ versuffix=".$current.$revision"
+ ;;
+
+ windows)
+ # Use '-' rather than '.', since we only want one
+ # extension on DOS 8.3 filesystems.
+ func_arith $current - $age
+ major=$func_arith_result
+ versuffix="-$major"
+ ;;
+
+ *)
+ func_fatal_configuration "unknown library version type \`$version_type'"
+ ;;
+ esac
+
+ # Clear the version info if we defaulted, and they specified a release.
+ if test -z "$vinfo" && test -n "$release"; then
+ major=
+ case $version_type in
+ darwin)
+ # we can't check for "0.0" in archive_cmds due to quoting
+ # problems, so we reset it completely
+ verstring=
+ ;;
+ *)
+ verstring="0.0"
+ ;;
+ esac
+ if test "$need_version" = no; then
+ versuffix=
+ else
+ versuffix=".0.0"
+ fi
+ fi
+
+ # Remove version info from name if versioning should be avoided
+ if test "$avoid_version" = yes && test "$need_version" = no; then
+ major=
+ versuffix=
+ verstring=""
+ fi
+
+ # Check to see if the archive will have undefined symbols.
+ if test "$allow_undefined" = yes; then
+ if test "$allow_undefined_flag" = unsupported; then
+ func_warning "undefined symbols not allowed in $host shared libraries"
+ build_libtool_libs=no
+ build_old_libs=yes
+ fi
+ else
+ # Don't allow undefined symbols.
+ allow_undefined_flag="$no_undefined_flag"
+ fi
+
+ fi
+
+ func_generate_dlsyms "$libname" "$libname" "yes"
+ libobjs="$libobjs $symfileobj"
+ test "X$libobjs" = "X " && libobjs=
+
+ if test "$mode" != relink; then
+ # Remove our outputs, but don't remove object files since they
+ # may have been created when compiling PIC objects.
+ removelist=
+ tempremovelist=`$ECHO "$output_objdir/*"`
+ for p in $tempremovelist; do
+ case $p in
+ *.$objext | *.gcno)
+ ;;
+ $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+ if test "X$precious_files_regex" != "X"; then
+ if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+ then
+ continue
+ fi
+ fi
+ removelist="$removelist $p"
+ ;;
+ *) ;;
+ esac
+ done
+ test -n "$removelist" && \
+ func_show_eval "${RM}r \$removelist"
+ fi
+
+ # Now set the variables for building old libraries.
+ if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+ oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+ # Transform .lo files to .o files.
+ oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+ fi
+
+ # Eliminate all temporary directories.
+ #for path in $notinst_path; do
+ # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"`
+ # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"`
+ # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"`
+ #done
+
+ if test -n "$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ temp_xrpath=
+ for libdir in $xrpath; do
+ temp_xrpath="$temp_xrpath -R$libdir"
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ dependency_libs="$temp_xrpath $dependency_libs"
+ fi
+ fi
+
+ # Make sure dlfiles contains only unique files that won't be dlpreopened
+ old_dlfiles="$dlfiles"
+ dlfiles=
+ for lib in $old_dlfiles; do
+ case " $dlprefiles $dlfiles " in
+ *" $lib "*) ;;
+ *) dlfiles="$dlfiles $lib" ;;
+ esac
+ done
+
+ # Make sure dlprefiles contains only unique files
+ old_dlprefiles="$dlprefiles"
+ dlprefiles=
+ for lib in $old_dlprefiles; do
+ case "$dlprefiles " in
+ *" $lib "*) ;;
+ *) dlprefiles="$dlprefiles $lib" ;;
+ esac
+ done
+
+ if test "$build_libtool_libs" = yes; then
+ if test -n "$rpath"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*)
+ # these systems don't actually have a c library (as such)!
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C library is in the System framework
+ deplibs="$deplibs System.ltframework"
+ ;;
+ *-*-netbsd*)
+ # Don't link with libc until the a.out ld.so is fixed.
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ ;;
+ *)
+ # Add libc to deplibs on all other systems if necessary.
+ if test "$build_libtool_need_lc" = "yes"; then
+ deplibs="$deplibs -lc"
+ fi
+ ;;
+ esac
+ fi
+
+ # Transform deplibs into only deplibs that can be linked in shared.
+ name_save=$name
+ libname_save=$libname
+ release_save=$release
+ versuffix_save=$versuffix
+ major_save=$major
+ # I'm not sure if I'm treating the release correctly. I think
+ # release should show up in the -l (ie -lgmp5) so we don't want to
+ # add it in twice. Is that correct?
+ release=""
+ versuffix=""
+ major=""
+ newdeplibs=
+ droppeddeps=no
+ case $deplibs_check_method in
+ pass_all)
+ # Don't check for shared/static. Everything works.
+ # This might be a little naive. We might want to check
+ # whether the library exists or not. But this is on
+ # osf3 & osf4 and I'm not really sure... Just
+ # implementing what was already the behavior.
+ newdeplibs=$deplibs
+ ;;
+ test_compile)
+ # This code stresses the "libraries are programs" paradigm to its
+ # limits. Maybe even breaks it. We compile a program, linking it
+ # against the deplibs as a proxy for the library. Then we can check
+ # whether they linked in statically or dynamically with ldd.
+ $opt_dry_run || $RM conftest.c
+ cat > conftest.c <<EOF
+ int main() { return 0; }
+EOF
+ $opt_dry_run || $RM conftest
+ if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
+ ldd_output=`ldd conftest`
+ for i in $deplibs; do
+ case $i in
+ -l*)
+ func_stripname -l '' "$i"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+ set dummy $deplib_matches; shift
+ deplib_match=$1
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which I believe you do not have"
+ $ECHO "*** because a test_compile did reveal that the linker did not use it for"
+ $ECHO "*** its dynamic dependency list that programs get resolved with at runtime."
+ fi
+ fi
+ ;;
+ *)
+ newdeplibs="$newdeplibs $i"
+ ;;
+ esac
+ done
+ else
+ # Error occurred in the first compile. Let's try to salvage
+ # the situation: Compile a separate program for each library.
+ for i in $deplibs; do
+ case $i in
+ -l*)
+ func_stripname -l '' "$i"
+ name=$func_stripname_result
+ $opt_dry_run || $RM conftest
+ if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
+ ldd_output=`ldd conftest`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+ set dummy $deplib_matches; shift
+ deplib_match=$1
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because a test_compile did reveal that the linker did not use this one"
+ $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime."
+ fi
+ fi
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning! Library $i is needed by this library but I was not able to"
+ $ECHO "*** make it link in! You will probably need to install it or some"
+ $ECHO "*** library that it depends on before this library will be fully"
+ $ECHO "*** functional. Installing it before continuing would be even better."
+ fi
+ ;;
+ *)
+ newdeplibs="$newdeplibs $i"
+ ;;
+ esac
+ done
+ fi
+ ;;
+ file_magic*)
+ set dummy $deplibs_check_method; shift
+ file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ for a_deplib in $deplibs; do
+ case $a_deplib in
+ -l*)
+ func_stripname -l '' "$a_deplib"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ # Follow soft links.
+ if ls -lLd "$potent_lib" 2>/dev/null |
+ $GREP " -> " >/dev/null; then
+ continue
+ fi
+ # The statement above tries to avoid entering an
+ # endless loop below, in case of cyclic links.
+ # We might still enter an endless loop, since a link
+ # loop can be closed while we follow links,
+ # but so what?
+ potlib="$potent_lib"
+ while test -h "$potlib" 2>/dev/null; do
+ potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+ case $potliblink in
+ [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+ *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+ esac
+ done
+ if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
+ $SED -e 10q |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
+ else
+ $ECHO "*** with $libname and none of the candidates passed a file format test"
+ $ECHO "*** using a file magic. Last file checked: $potlib"
+ fi
+ fi
+ ;;
+ *)
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ ;;
+ esac
+ done # Gone through all deplibs.
+ ;;
+ match_pattern*)
+ set dummy $deplibs_check_method; shift
+ match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ for a_deplib in $deplibs; do
+ case $a_deplib in
+ -l*)
+ func_stripname -l '' "$a_deplib"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ potlib="$potent_lib" # see symlink-check above in file_magic test
+ if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \
+ $EGREP "$match_pattern_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
+ else
+ $ECHO "*** with $libname and none of the candidates passed a file format test"
+ $ECHO "*** using a regex pattern. Last file checked: $potlib"
+ fi
+ fi
+ ;;
+ *)
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ ;;
+ esac
+ done # Gone through all deplibs.
+ ;;
+ none | unknown | *)
+ newdeplibs=""
+ tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \
+ -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ for i in $predeps $postdeps ; do
+ # can't use Xsed below, because $i might contain '/'
+ tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"`
+ done
+ fi
+ if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' |
+ $GREP . >/dev/null; then
+ $ECHO
+ if test "X$deplibs_check_method" = "Xnone"; then
+ $ECHO "*** Warning: inter-library dependencies are not supported in this platform."
+ else
+ $ECHO "*** Warning: inter-library dependencies are not known to be supported."
+ fi
+ $ECHO "*** All declared inter-library dependencies are being dropped."
+ droppeddeps=yes
+ fi
+ ;;
+ esac
+ versuffix=$versuffix_save
+ major=$major_save
+ release=$release_save
+ libname=$libname_save
+ name=$name_save
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library with the System framework
+ newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ ;;
+ esac
+
+ if test "$droppeddeps" = yes; then
+ if test "$module" = yes; then
+ $ECHO
+ $ECHO "*** Warning: libtool could not satisfy all declared inter-library"
+ $ECHO "*** dependencies of module $libname. Therefore, libtool will create"
+ $ECHO "*** a static module, that should work as long as the dlopening"
+ $ECHO "*** application is linked with the -dlopen flag."
+ if test -z "$global_symbol_pipe"; then
+ $ECHO
+ $ECHO "*** However, this would only work if libtool was able to extract symbol"
+ $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $ECHO "*** not find such a program. So, this module is probably useless."
+ $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ else
+ $ECHO "*** The inter-library dependencies that have been dropped here will be"
+ $ECHO "*** automatically added whenever a program is linked with this library"
+ $ECHO "*** or is declared to -dlopen it."
+
+ if test "$allow_undefined" = no; then
+ $ECHO
+ $ECHO "*** Since this library must not contain undefined symbols,"
+ $ECHO "*** because either the platform does not support them or"
+ $ECHO "*** it was explicitly requested with -no-undefined,"
+ $ECHO "*** libtool will only create a static version of it."
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ fi
+ fi
+ # Done checking deplibs!
+ deplibs=$newdeplibs
+ fi
+ # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+ case $host in
+ *-*-darwin*)
+ newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ ;;
+ esac
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ deplibs="$new_libs"
+
+ # All the library-specific variables (install_libdir is set above).
+ library_names=
+ old_library=
+ dlname=
+
+ # Test again, we may have decided not to build it any more
+ if test "$build_libtool_libs" = yes; then
+ if test "$hardcode_into_libs" = yes; then
+ # Hardcode the library paths
+ hardcode_libdirs=
+ dep_rpath=
+ rpath="$finalize_rpath"
+ test "$mode" != relink && rpath="$compile_rpath$rpath"
+ for libdir in $rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ dep_rpath="$dep_rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ if test -n "$hardcode_libdir_flag_spec_ld"; then
+ eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+ else
+ eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+ fi
+ fi
+ if test -n "$runpath_var" && test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+ fi
+ test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+ fi
+
+ shlibpath="$finalize_shlibpath"
+ test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ if test -n "$shlibpath"; then
+ eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+ fi
+
+ # Get the real and link names of the library.
+ eval shared_ext=\"$shrext_cmds\"
+ eval library_names=\"$library_names_spec\"
+ set dummy $library_names
+ shift
+ realname="$1"
+ shift
+
+ if test -n "$soname_spec"; then
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+ if test -z "$dlname"; then
+ dlname=$soname
+ fi
+
+ lib="$output_objdir/$realname"
+ linknames=
+ for link
+ do
+ linknames="$linknames $link"
+ done
+
+ # Use standard objects if they are pic
+ test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ test "X$libobjs" = "X " && libobjs=
+
+ delfiles=
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
+ export_symbols="$output_objdir/$libname.uexp"
+ delfiles="$delfiles $export_symbols"
+ fi
+
+ orig_export_symbols=
+ case $host_os in
+ cygwin* | mingw* | cegcc*)
+ if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
+ # exporting using user supplied symfile
+ if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
+ # and it's NOT already a .def file. Must figure out
+ # which of the given symbols are data symbols and tag
+ # them as such. So, trigger use of export_symbols_cmds.
+ # export_symbols gets reassigned inside the "prepare
+ # the list of exported symbols" if statement, so the
+ # include_expsyms logic still works.
+ orig_export_symbols="$export_symbols"
+ export_symbols=
+ always_export_symbols=yes
+ fi
+ fi
+ ;;
+ esac
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+ func_verbose "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $opt_dry_run || $RM $export_symbols
+ cmds=$export_symbols_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ func_len " $cmd"
+ len=$func_len_result
+ if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ func_show_eval "$cmd" 'exit $?'
+ skipped_export=false
+ else
+ # The command line is too long to execute in one step.
+ func_verbose "using reloadable object file for export list..."
+ skipped_export=:
+ # Break out early, otherwise skipped_export may be
+ # set to false by a later but shorter cmd.
+ break
+ fi
+ done
+ IFS="$save_ifs"
+ if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then
+ func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+ fi
+
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ tmp_export_symbols="$export_symbols"
+ test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ fi
+
+ if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then
+ # The given exports_symbols file has to be filtered, so filter it.
+ func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ # FIXME: $output_objdir/$libname.filter potentially contains lots of
+ # 's' commands which not all seds can handle. GNU sed should be fine
+ # though. Also, the filter scales superlinearly with the number of
+ # global variables. join(1) would be nice here, but unfortunately
+ # isn't a blessed tool.
+ $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+ delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ export_symbols=$output_objdir/$libname.def
+ $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+ fi
+
+ tmp_deplibs=
+ for test_deplib in $deplibs; do
+ case " $convenience " in
+ *" $test_deplib "*) ;;
+ *)
+ tmp_deplibs="$tmp_deplibs $test_deplib"
+ ;;
+ esac
+ done
+ deplibs="$tmp_deplibs"
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec" &&
+ test "$compiler_needs_object" = yes &&
+ test -z "$libobjs"; then
+ # extract the archives, so we have objects to list.
+ # TODO: could optimize this to just extract one archive.
+ whole_archive_flag_spec=
+ fi
+ if test -n "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ test "X$libobjs" = "X " && libobjs=
+ else
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ libobjs="$libobjs $func_extract_archives_result"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+ fi
+
+ if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+ eval flag=\"$thread_safe_flag_spec\"
+ linker_flags="$linker_flags $flag"
+ fi
+
+ # Make a backup of the uninstalled library when relinking
+ if test "$mode" = relink; then
+ $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
+ fi
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ eval test_cmds=\"$module_expsym_cmds\"
+ cmds=$module_expsym_cmds
+ else
+ eval test_cmds=\"$module_cmds\"
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ eval test_cmds=\"$archive_expsym_cmds\"
+ cmds=$archive_expsym_cmds
+ else
+ eval test_cmds=\"$archive_cmds\"
+ cmds=$archive_cmds
+ fi
+ fi
+
+ if test "X$skipped_export" != "X:" &&
+ func_len " $test_cmds" &&
+ len=$func_len_result &&
+ test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ :
+ else
+ # The command line is too long to link in one step, link piecewise
+ # or, if using GNU ld and skipped_export is not :, use a linker
+ # script.
+
+ # Save the value of $output and $libobjs because we want to
+ # use them later. If we have whole_archive_flag_spec, we
+ # want to use save_libobjs as it was before
+ # whole_archive_flag_spec was expanded, because we can't
+ # assume the linker understands whole_archive_flag_spec.
+ # This may have to be revisited, in case too many
+ # convenience libraries get linked in and end up exceeding
+ # the spec.
+ if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ fi
+ save_output=$output
+ output_la=`$ECHO "X$output" | $Xsed -e "$basename"`
+
+ # Clear the reloadable object creation command queue and
+ # initialize k to one.
+ test_cmds=
+ concat_cmds=
+ objlist=
+ last_robj=
+ k=1
+
+ if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then
+ output=${output_objdir}/${output_la}.lnkscript
+ func_verbose "creating GNU ld script: $output"
+ $ECHO 'INPUT (' > $output
+ for obj in $save_libobjs
+ do
+ $ECHO "$obj" >> $output
+ done
+ $ECHO ')' >> $output
+ delfiles="$delfiles $output"
+ elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then
+ output=${output_objdir}/${output_la}.lnk
+ func_verbose "creating linker input file list: $output"
+ : > $output
+ set x $save_libobjs
+ shift
+ firstobj=
+ if test "$compiler_needs_object" = yes; then
+ firstobj="$1 "
+ shift
+ fi
+ for obj
+ do
+ $ECHO "$obj" >> $output
+ done
+ delfiles="$delfiles $output"
+ output=$firstobj\"$file_list_spec$output\"
+ else
+ if test -n "$save_libobjs"; then
+ func_verbose "creating reloadable object files..."
+ output=$output_objdir/$output_la-${k}.$objext
+ eval test_cmds=\"$reload_cmds\"
+ func_len " $test_cmds"
+ len0=$func_len_result
+ len=$len0
+
+ # Loop over the list of objects to be linked.
+ for obj in $save_libobjs
+ do
+ func_len " $obj"
+ func_arith $len + $func_len_result
+ len=$func_arith_result
+ if test "X$objlist" = X ||
+ test "$len" -lt "$max_cmd_len"; then
+ func_append objlist " $obj"
+ else
+ # The command $test_cmds is almost too long, add a
+ # command to the queue.
+ if test "$k" -eq 1 ; then
+ # The first file doesn't have a previous command to add.
+ eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+ else
+ # All subsequent reloadable object files will link in
+ # the last one created.
+ eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\"
+ fi
+ last_robj=$output_objdir/$output_la-${k}.$objext
+ func_arith $k + 1
+ k=$func_arith_result
+ output=$output_objdir/$output_la-${k}.$objext
+ objlist=$obj
+ func_len " $last_robj"
+ func_arith $len0 + $func_len_result
+ len=$func_arith_result
+ fi
+ done
+ # Handle the remaining objects by creating one last
+ # reloadable object file. All subsequent reloadable object
+ # files will link in the last one created.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+ if test -n "$last_robj"; then
+ eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\"
+ fi
+ delfiles="$delfiles $output"
+
+ else
+ output=
+ fi
+
+ if ${skipped_export-false}; then
+ func_verbose "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $opt_dry_run || $RM $export_symbols
+ libobjs=$output
+ # Append the command to create the export file.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
+ if test -n "$last_robj"; then
+ eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
+ fi
+ fi
+
+ test -n "$save_libobjs" &&
+ func_verbose "creating a temporary reloadable object file: $output"
+
+ # Loop through the commands generated above and execute them.
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $concat_cmds; do
+ IFS="$save_ifs"
+ $opt_silent || {
+ func_quote_for_expand "$cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ $opt_dry_run || eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ ( cd "$output_objdir" && \
+ $RM "${realname}T" && \
+ $MV "${realname}U" "$realname" )
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ if test -n "$export_symbols_regex" && ${skipped_export-false}; then
+ func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+
+ if ${skipped_export-false}; then
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ tmp_export_symbols="$export_symbols"
+ test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ fi
+
+ if test -n "$orig_export_symbols"; then
+ # The given exports_symbols file has to be filtered, so filter it.
+ func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ # FIXME: $output_objdir/$libname.filter potentially contains lots of
+ # 's' commands which not all seds can handle. GNU sed should be fine
+ # though. Also, the filter scales superlinearly with the number of
+ # global variables. join(1) would be nice here, but unfortunately
+ # isn't a blessed tool.
+ $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+ delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ export_symbols=$output_objdir/$libname.def
+ $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+ fi
+ fi
+
+ libobjs=$output
+ # Restore the value of output.
+ output=$save_output
+
+ if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+ # Expand the library linking commands again to reset the
+ # value of $libobjs for piecewise linking.
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ cmds=$module_expsym_cmds
+ else
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ cmds=$archive_expsym_cmds
+ else
+ cmds=$archive_cmds
+ fi
+ fi
+ fi
+
+ if test -n "$delfiles"; then
+ # Append the command to remove temporary files to $cmds.
+ eval cmds=\"\$cmds~\$RM $delfiles\"
+ fi
+
+ # Add any objects from preloaded convenience libraries
+ if test -n "$dlprefiles"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $dlprefiles
+ libobjs="$libobjs $func_extract_archives_result"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $opt_silent || {
+ func_quote_for_expand "$cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ $opt_dry_run || eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ ( cd "$output_objdir" && \
+ $RM "${realname}T" && \
+ $MV "${realname}U" "$realname" )
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
+
+ if test -n "$convenience"; then
+ if test -z "$whole_archive_flag_spec"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ # Create links to the real library.
+ for linkname in $linknames; do
+ if test "$realname" != "$linkname"; then
+ func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
+ fi
+ done
+
+ # If -module or -export-dynamic was specified, set the dlname.
+ if test "$module" = yes || test "$export_dynamic" = yes; then
+ # On all known operating systems, these are identical.
+ dlname="$soname"
+ fi
+ fi
+ ;;
+
+ obj)
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ func_warning "\`-dlopen' is ignored for objects"
+ fi
+
+ case " $deplibs" in
+ *\ -l* | *\ -L*)
+ func_warning "\`-l' and \`-L' are ignored for objects" ;;
+ esac
+
+ test -n "$rpath" && \
+ func_warning "\`-rpath' is ignored for objects"
+
+ test -n "$xrpath" && \
+ func_warning "\`-R' is ignored for objects"
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info' is ignored for objects"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for objects"
+
+ case $output in
+ *.lo)
+ test -n "$objs$old_deplibs" && \
+ func_fatal_error "cannot build library object \`$output' from non-libtool objects"
+
+ libobj=$output
+ func_lo2o "$libobj"
+ obj=$func_lo2o_result
+ ;;
+ *)
+ libobj=
+ obj="$output"
+ ;;
+ esac
+
+ # Delete the old objects.
+ $opt_dry_run || $RM $obj $libobj
+
+ # Objects from convenience libraries. This assumes
+ # single-version convenience libraries. Whenever we create
+ # different ones for PIC/non-PIC, this we'll have to duplicate
+ # the extraction.
+ reload_conv_objs=
+ gentop=
+ # reload_cmds runs $LD directly, so let us get rid of
+ # -Wl from whole_archive_flag_spec and hope we can get by with
+ # turning comma into space..
+ wl=
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
+ reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
+ else
+ gentop="$output_objdir/${obj}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ reload_conv_objs="$reload_objs $func_extract_archives_result"
+ fi
+ fi
+
+ # Create the old-style object.
+ reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+ output="$obj"
+ func_execute_cmds "$reload_cmds" 'exit $?'
+
+ # Exit if we aren't doing a library object file.
+ if test -z "$libobj"; then
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$build_libtool_libs" != yes; then
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ # Create an invalid libtool object if no PIC, so that we don't
+ # accidentally link it into a program.
+ # $show "echo timestamp > $libobj"
+ # $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test -n "$pic_flag" || test "$pic_mode" != default; then
+ # Only do commands if we really have different PIC objects.
+ reload_objs="$libobjs $reload_conv_objs"
+ output="$libobj"
+ func_execute_cmds "$reload_cmds" 'exit $?'
+ fi
+
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ prog)
+ case $host in
+ *cygwin*) func_stripname '' '.exe' "$output"
+ output=$func_stripname_result.exe;;
+ esac
+ test -n "$vinfo" && \
+ func_warning "\`-version-info' is ignored for programs"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for programs"
+
+ test "$preload" = yes \
+ && test "$dlopen_support" = unknown \
+ && test "$dlopen_self" = unknown \
+ && test "$dlopen_self_static" = unknown && \
+ func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support."
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ ;;
+ esac
+
+ case $host in
+ *-*-darwin*)
+ # Don't allow lazy linking, it breaks C++ global constructors
+ # But is supposedly fixed on 10.4 or later (yay!).
+ if test "$tagname" = CXX ; then
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
+ 10.[0123])
+ compile_command="$compile_command ${wl}-bind_at_load"
+ finalize_command="$finalize_command ${wl}-bind_at_load"
+ ;;
+ esac
+ fi
+ # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+ compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ ;;
+ esac
+
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $compile_deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $compile_deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ compile_deplibs="$new_libs"
+
+
+ compile_command="$compile_command $compile_deplibs"
+ finalize_command="$finalize_command $finalize_deplibs"
+
+ if test -n "$rpath$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ for libdir in $rpath $xrpath; do
+ # This is the magic to use -rpath.
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ fi
+
+ # Now hardcode the library paths
+ rpath=
+ hardcode_libdirs=
+ for libdir in $compile_rpath $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$libdir:"*) ;;
+ ::) dllsearchpath=$libdir;;
+ *) dllsearchpath="$dllsearchpath:$libdir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ ::) dllsearchpath=$testbindir;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ compile_rpath="$rpath"
+
+ rpath=
+ hardcode_libdirs=
+ for libdir in $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$finalize_perm_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ finalize_rpath="$rpath"
+
+ if test -n "$libobjs" && test "$build_old_libs" = yes; then
+ # Transform all the library objects into standard objects.
+ compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ fi
+
+ func_generate_dlsyms "$outputname" "@PROGRAM@" "no"
+
+ # template prelinking step
+ if test -n "$prelink_cmds"; then
+ func_execute_cmds "$prelink_cmds" 'exit $?'
+ fi
+
+ wrappers_required=yes
+ case $host in
+ *cygwin* | *mingw* )
+ if test "$build_libtool_libs" != yes; then
+ wrappers_required=no
+ fi
+ ;;
+ *cegcc)
+ # Disable wrappers for cegcc, we are cross compiling anyway.
+ wrappers_required=no
+ ;;
+ *)
+ if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+ wrappers_required=no
+ fi
+ ;;
+ esac
+ if test "$wrappers_required" = no; then
+ # Replace the output file specification.
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ link_command="$compile_command$compile_rpath"
+
+ # We have no uninstalled library dependencies, so finalize right now.
+ exit_status=0
+ func_show_eval "$link_command" 'exit_status=$?'
+
+ # Delete the generated files.
+ if test -f "$output_objdir/${outputname}S.${objext}"; then
+ func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"'
+ fi
+
+ exit $exit_status
+ fi
+
+ if test -n "$compile_shlibpath$finalize_shlibpath"; then
+ compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+ fi
+ if test -n "$finalize_shlibpath"; then
+ finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+ fi
+
+ compile_var=
+ finalize_var=
+ if test -n "$runpath_var"; then
+ if test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ if test -n "$finalize_perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $finalize_perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ fi
+
+ if test "$no_install" = yes; then
+ # We don't need to create a wrapper script.
+ link_command="$compile_var$compile_command$compile_rpath"
+ # Replace the output file specification.
+ link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ # Delete the old output file.
+ $opt_dry_run || $RM $output
+ # Link the executable and exit
+ func_show_eval "$link_command" 'exit $?'
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+ func_warning "this platform does not like uninstalled shared libraries"
+ func_warning "\`$output' will be relinked during installation"
+ else
+ if test "$fast_install" != no; then
+ link_command="$finalize_var$compile_command$finalize_rpath"
+ if test "$fast_install" = yes; then
+ relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+ else
+ # fast_install is set to needless
+ relink_command=
+ fi
+ else
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+ fi
+ fi
+
+ # Replace the output file specification.
+ link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+ # Delete the old output files.
+ $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+ func_show_eval "$link_command" 'exit $?'
+
+ # Now create the wrapper script.
+ func_verbose "creating $output"
+
+ # Quote the relink command for shipping.
+ if test -n "$relink_command"; then
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ func_quote_for_eval "$var_value"
+ relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+ fi
+ done
+ relink_command="(cd `pwd`; $relink_command)"
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Quote $ECHO for shipping.
+ if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then
+ case $progpath in
+ [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+ *) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+ esac
+ qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"`
+ else
+ qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Only actually do things if not in dry run mode.
+ $opt_dry_run || {
+ # win32 will think the script is a binary if it has
+ # a .exe suffix, so we strip it off here.
+ case $output in
+ *.exe) func_stripname '' '.exe' "$output"
+ output=$func_stripname_result ;;
+ esac
+ # test for cygwin because mv fails w/o .exe extensions
+ case $host in
+ *cygwin*)
+ exeext=.exe
+ func_stripname '' '.exe' "$outputname"
+ outputname=$func_stripname_result ;;
+ *) exeext= ;;
+ esac
+ case $host in
+ *cygwin* | *mingw* )
+ func_dirname_and_basename "$output" "" "."
+ output_name=$func_basename_result
+ output_path=$func_dirname_result
+ cwrappersource="$output_path/$objdir/lt-$output_name.c"
+ cwrapper="$output_path/$output_name.exe"
+ $RM $cwrappersource $cwrapper
+ trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+ func_emit_cwrapperexe_src > $cwrappersource
+
+ # The wrapper executable is built using the $host compiler,
+ # because it contains $host paths and files. If cross-
+ # compiling, it, like the target executable, must be
+ # executed on the $host or under an emulation environment.
+ $opt_dry_run || {
+ $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
+ $STRIP $cwrapper
+ }
+
+ # Now, create the wrapper script for func_source use:
+ func_ltwrapper_scriptname $cwrapper
+ $RM $func_ltwrapper_scriptname_result
+ trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
+ $opt_dry_run || {
+ # note: this script will not be executed, so do not chmod.
+ if test "x$build" = "x$host" ; then
+ $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
+ else
+ func_emit_wrapper no > $func_ltwrapper_scriptname_result
+ fi
+ }
+ ;;
+ * )
+ $RM $output
+ trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
+
+ func_emit_wrapper no > $output
+ chmod +x $output
+ ;;
+ esac
+ }
+ exit $EXIT_SUCCESS
+ ;;
+ esac
+
+ # See if we need to build an old-fashioned archive.
+ for oldlib in $oldlibs; do
+
+ if test "$build_libtool_libs" = convenience; then
+ oldobjs="$libobjs_save $symfileobj"
+ addlibs="$convenience"
+ build_libtool_libs=no
+ else
+ if test "$build_libtool_libs" = module; then
+ oldobjs="$libobjs_save"
+ build_libtool_libs=no
+ else
+ oldobjs="$old_deplibs $non_pic_objects"
+ if test "$preload" = yes && test -f "$symfileobj"; then
+ oldobjs="$oldobjs $symfileobj"
+ fi
+ fi
+ addlibs="$old_convenience"
+ fi
+
+ if test -n "$addlibs"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $addlibs
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # Do each command in the archive commands.
+ if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+ cmds=$old_archive_from_new_cmds
+ else
+
+ # Add any objects from preloaded convenience libraries
+ if test -n "$dlprefiles"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $dlprefiles
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # POSIX demands no paths to be encoded in archives. We have
+ # to avoid creating archives with duplicate basenames if we
+ # might have to extract them afterwards, e.g., when creating a
+ # static archive out of a convenience library, or when linking
+ # the entirety of a libtool archive into another (currently
+ # not supported by libtool).
+ if (for obj in $oldobjs
+ do
+ func_basename "$obj"
+ $ECHO "$func_basename_result"
+ done | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $ECHO "copying selected object files to avoid basename conflicts..."
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+ func_mkdir_p "$gentop"
+ save_oldobjs=$oldobjs
+ oldobjs=
+ counter=1
+ for obj in $save_oldobjs
+ do
+ func_basename "$obj"
+ objbase="$func_basename_result"
+ case " $oldobjs " in
+ " ") oldobjs=$obj ;;
+ *[\ /]"$objbase "*)
+ while :; do
+ # Make sure we don't pick an alternate name that also
+ # overlaps.
+ newobj=lt$counter-$objbase
+ func_arith $counter + 1
+ counter=$func_arith_result
+ case " $oldobjs " in
+ *[\ /]"$newobj "*) ;;
+ *) if test ! -f "$gentop/$newobj"; then break; fi ;;
+ esac
+ done
+ func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+ oldobjs="$oldobjs $gentop/$newobj"
+ ;;
+ *) oldobjs="$oldobjs $obj" ;;
+ esac
+ done
+ fi
+ eval cmds=\"$old_archive_cmds\"
+
+ func_len " $cmds"
+ len=$func_len_result
+ if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ cmds=$old_archive_cmds
+ else
+ # the command line is too long to link in one step, link in parts
+ func_verbose "using piecewise archive linking..."
+ save_RANLIB=$RANLIB
+ RANLIB=:
+ objlist=
+ concat_cmds=
+ save_oldobjs=$oldobjs
+ oldobjs=
+ # Is there a better way of finding the last object in the list?
+ for obj in $save_oldobjs
+ do
+ last_oldobj=$obj
+ done
+ eval test_cmds=\"$old_archive_cmds\"
+ func_len " $test_cmds"
+ len0=$func_len_result
+ len=$len0
+ for obj in $save_oldobjs
+ do
+ func_len " $obj"
+ func_arith $len + $func_len_result
+ len=$func_arith_result
+ func_append objlist " $obj"
+ if test "$len" -lt "$max_cmd_len"; then
+ :
+ else
+ # the above command should be used before it gets too long
+ oldobjs=$objlist
+ if test "$obj" = "$last_oldobj" ; then
+ RANLIB=$save_RANLIB
+ fi
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+ objlist=
+ len=$len0
+ fi
+ done
+ RANLIB=$save_RANLIB
+ oldobjs=$objlist
+ if test "X$oldobjs" = "X" ; then
+ eval cmds=\"\$concat_cmds\"
+ else
+ eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+ fi
+ fi
+ fi
+ func_execute_cmds "$cmds" 'exit $?'
+ done
+
+ test -n "$generated" && \
+ func_show_eval "${RM}r$generated"
+
+ # Now create the libtool archive.
+ case $output in
+ *.la)
+ old_library=
+ test "$build_old_libs" = yes && old_library="$libname.$libext"
+ func_verbose "creating $output"
+
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ func_quote_for_eval "$var_value"
+ relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+ fi
+ done
+ # Quote the link command for shipping.
+ relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ if test "$hardcode_automatic" = yes ; then
+ relink_command=
+ fi
+
+ # Only create the output if not a dry run.
+ $opt_dry_run || {
+ for installed in no yes; do
+ if test "$installed" = yes; then
+ if test -z "$install_libdir"; then
+ break
+ fi
+ output="$output_objdir/$outputname"i
+ # Replace all uninstalled libtool libraries with the installed ones
+ newdependency_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ *.la)
+ func_basename "$deplib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$deplib' is not a valid libtool archive"
+ newdependency_libs="$newdependency_libs $libdir/$name"
+ ;;
+ *) newdependency_libs="$newdependency_libs $deplib" ;;
+ esac
+ done
+ dependency_libs="$newdependency_libs"
+ newdlfiles=
+
+ for lib in $dlfiles; do
+ case $lib in
+ *.la)
+ func_basename "$lib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$lib' is not a valid libtool archive"
+ newdlfiles="$newdlfiles $libdir/$name"
+ ;;
+ *) newdlfiles="$newdlfiles $lib" ;;
+ esac
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ *.la)
+ # Only pass preopened files to the pseudo-archive (for
+ # eventual linking with the app. that links it) if we
+ # didn't already link the preopened objects directly into
+ # the library:
+ func_basename "$lib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$lib' is not a valid libtool archive"
+ newdlprefiles="$newdlprefiles $libdir/$name"
+ ;;
+ esac
+ done
+ dlprefiles="$newdlprefiles"
+ else
+ newdlfiles=
+ for lib in $dlfiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlfiles="$newdlfiles $abs"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlprefiles="$newdlprefiles $abs"
+ done
+ dlprefiles="$newdlprefiles"
+ fi
+ $RM $output
+ # place dlname in correct position for cygwin
+ tdlname=$dlname
+ case $host,$output,$installed,$module,$dlname in
+ *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+ esac
+ $ECHO > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Linker flags that can not go in dependency_libs.
+inherited_linker_flags='$new_inherited_linker_flags'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Names of additional weak libraries provided by this library
+weak_library_names='$weak_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+ if test "$installed" = no && test "$need_relink" = yes; then
+ $ECHO >> $output "\
+relink_command=\"$relink_command\""
+ fi
+ done
+ }
+
+ # Do a symbolic link so that the libtool archive can be found in
+ # LD_LIBRARY_PATH before the program is installed.
+ func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
+ ;;
+ esac
+ exit $EXIT_SUCCESS
+}
+
+{ test "$mode" = link || test "$mode" = relink; } &&
+ func_mode_link ${1+"$@"}
+
+
+# func_mode_uninstall arg...
+func_mode_uninstall ()
+{
+ $opt_debug
+ RM="$nonopt"
+ files=
+ rmforce=
+ exit_status=0
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ for arg
+ do
+ case $arg in
+ -f) RM="$RM $arg"; rmforce=yes ;;
+ -*) RM="$RM $arg" ;;
+ *) files="$files $arg" ;;
+ esac
+ done
+
+ test -z "$RM" && \
+ func_fatal_help "you must specify an RM program"
+
+ rmdirs=
+
+ origobjdir="$objdir"
+ for file in $files; do
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+ if test "X$dir" = X.; then
+ objdir="$origobjdir"
+ else
+ objdir="$dir/$origobjdir"
+ fi
+ func_basename "$file"
+ name="$func_basename_result"
+ test "$mode" = uninstall && objdir="$dir"
+
+ # Remember objdir for removal later, being careful to avoid duplicates
+ if test "$mode" = clean; then
+ case " $rmdirs " in
+ *" $objdir "*) ;;
+ *) rmdirs="$rmdirs $objdir" ;;
+ esac
+ fi
+
+ # Don't error if the file doesn't exist and rm -f was used.
+ if { test -L "$file"; } >/dev/null 2>&1 ||
+ { test -h "$file"; } >/dev/null 2>&1 ||
+ test -f "$file"; then
+ :
+ elif test -d "$file"; then
+ exit_status=1
+ continue
+ elif test "$rmforce" = yes; then
+ continue
+ fi
+
+ rmfiles="$file"
+
+ case $name in
+ *.la)
+ # Possibly a libtool archive, so verify it.
+ if func_lalib_p "$file"; then
+ func_source $dir/$name
+
+ # Delete the libtool libraries and symlinks.
+ for n in $library_names; do
+ rmfiles="$rmfiles $objdir/$n"
+ done
+ test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+ case "$mode" in
+ clean)
+ case " $library_names " in
+ # " " in the beginning catches empty $dlname
+ *" $dlname "*) ;;
+ *) rmfiles="$rmfiles $objdir/$dlname" ;;
+ esac
+ test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+ ;;
+ uninstall)
+ if test -n "$library_names"; then
+ # Do each command in the postuninstall commands.
+ func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ fi
+
+ if test -n "$old_library"; then
+ # Do each command in the old_postuninstall commands.
+ func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ fi
+ # FIXME: should reinstall the best remaining shared library.
+ ;;
+ esac
+ fi
+ ;;
+
+ *.lo)
+ # Possibly a libtool object, so verify it.
+ if func_lalib_p "$file"; then
+
+ # Read the .lo file
+ func_source $dir/$name
+
+ # Add PIC object to the list of files to remove.
+ if test -n "$pic_object" &&
+ test "$pic_object" != none; then
+ rmfiles="$rmfiles $dir/$pic_object"
+ fi
+
+ # Add non-PIC object to the list of files to remove.
+ if test -n "$non_pic_object" &&
+ test "$non_pic_object" != none; then
+ rmfiles="$rmfiles $dir/$non_pic_object"
+ fi
+ fi
+ ;;
+
+ *)
+ if test "$mode" = clean ; then
+ noexename=$name
+ case $file in
+ *.exe)
+ func_stripname '' '.exe' "$file"
+ file=$func_stripname_result
+ func_stripname '' '.exe' "$name"
+ noexename=$func_stripname_result
+ # $file with .exe has already been added to rmfiles,
+ # add $file without .exe
+ rmfiles="$rmfiles $file"
+ ;;
+ esac
+ # Do a test to see if this is a libtool program.
+ if func_ltwrapper_p "$file"; then
+ if func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ relink_command=
+ func_source $func_ltwrapper_scriptname_result
+ rmfiles="$rmfiles $func_ltwrapper_scriptname_result"
+ else
+ relink_command=
+ func_source $dir/$noexename
+ fi
+
+ # note $name still contains .exe if it was in $file originally
+ # as does the version of $file that was added into $rmfiles
+ rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+ if test "$fast_install" = yes && test -n "$relink_command"; then
+ rmfiles="$rmfiles $objdir/lt-$name"
+ fi
+ if test "X$noexename" != "X$name" ; then
+ rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+ fi
+ fi
+ fi
+ ;;
+ esac
+ func_show_eval "$RM $rmfiles" 'exit_status=1'
+ done
+ objdir="$origobjdir"
+
+ # Try to remove the ${objdir}s in the directories where we deleted files
+ for dir in $rmdirs; do
+ if test -d "$dir"; then
+ func_show_eval "rmdir $dir >/dev/null 2>&1"
+ fi
+ done
+
+ exit $exit_status
+}
+
+{ test "$mode" = uninstall || test "$mode" = clean; } &&
+ func_mode_uninstall ${1+"$@"}
+
+test -z "$mode" && {
+ help="$generic_help"
+ func_fatal_help "you must specify a MODE"
+}
+
+test -z "$exec_cmd" && \
+ func_fatal_help "invalid operation mode \`$mode'"
+
+if test -n "$exec_cmd"; then
+ eval exec "$exec_cmd"
+ exit $EXIT_FAILURE
+fi
+
+exit $exit_status
+
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries. Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them. This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration. But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+build_libtool_libs=no
+build_old_libs=yes
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
+# vi:sw=2
+
--- /dev/null
+dnl -*- mode: autoconf -*-
+
+# serial 1
+
+dnl Usage:
+dnl GTK_DOC_CHECK([minimum-gtk-doc-version])
+AC_DEFUN([GTK_DOC_CHECK],
+[
+ AC_BEFORE([AC_PROG_LIBTOOL],[$0])dnl setup libtool first
+ AC_BEFORE([AM_PROG_LIBTOOL],[$0])dnl setup libtool first
+
+ dnl check for tools we added during development
+ AC_PATH_PROG([GTKDOC_CHECK],[gtkdoc-check])
+ AC_PATH_PROGS([GTKDOC_REBASE],[gtkdoc-rebase],[true])
+ AC_PATH_PROG([GTKDOC_MKPDF],[gtkdoc-mkpdf])
+
+ dnl for overriding the documentation installation directory
+ AC_ARG_WITH([html-dir],
+ AS_HELP_STRING([--with-html-dir=PATH], [path to installed docs]),,
+ [with_html_dir='${datadir}/gtk-doc/html'])
+ HTML_DIR="$with_html_dir"
+ AC_SUBST([HTML_DIR])
+
+ dnl enable/disable documentation building
+ AC_ARG_ENABLE([gtk-doc],
+ AS_HELP_STRING([--enable-gtk-doc],
+ [use gtk-doc to build documentation [[default=no]]]),,
+ [enable_gtk_doc=no])
+
+ if test x$enable_gtk_doc = xyes; then
+ ifelse([$1],[],
+ [PKG_CHECK_EXISTS([gtk-doc],,
+ AC_MSG_ERROR([gtk-doc not installed and --enable-gtk-doc requested]))],
+ [PKG_CHECK_EXISTS([gtk-doc >= $1],,
+ AC_MSG_ERROR([You need to have gtk-doc >= $1 installed to build $PACKAGE_NAME]))])
+ fi
+
+ AC_MSG_CHECKING([whether to build gtk-doc documentation])
+ AC_MSG_RESULT($enable_gtk_doc)
+
+ dnl enable/disable output formats
+ AC_ARG_ENABLE([gtk-doc-html],
+ AS_HELP_STRING([--enable-gtk-doc-html],
+ [build documentation in html format [[default=yes]]]),,
+ [enable_gtk_doc_html=yes])
+ AC_ARG_ENABLE([gtk-doc-pdf],
+ AS_HELP_STRING([--enable-gtk-doc-pdf],
+ [build documentation in pdf format [[default=no]]]),,
+ [enable_gtk_doc_pdf=no])
+
+ if test -z "$GTKDOC_MKPDF"; then
+ enable_gtk_doc_pdf=no
+ fi
+
+
+ AM_CONDITIONAL([ENABLE_GTK_DOC], [test x$enable_gtk_doc = xyes])
+ AM_CONDITIONAL([GTK_DOC_BUILD_HTML], [test x$enable_gtk_doc_html = xyes])
+ AM_CONDITIONAL([GTK_DOC_BUILD_PDF], [test x$enable_gtk_doc_pdf = xyes])
+ AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], [test -n "$LIBTOOL"])
+ AM_CONDITIONAL([GTK_DOC_USE_REBASE], [test -n "$GTKDOC_REBASE"])
+])
--- /dev/null
+## Autoconf macros for working with Guile.
+##
+## Copyright (C) 1998, 2001, 2006, 2010 Free Software Foundation, Inc.
+##
+## This library is free software; you can redistribute it and/or
+## modify it under the terms of the GNU Lesser General Public
+## License as published by the Free Software Foundation; either
+## version 2.1 of the License, or (at your option) any later version.
+##
+## This library is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+## Lesser General Public License for more details.
+##
+## You should have received a copy of the GNU Lesser General Public
+## License along with this library; if not, write to the Free Software
+## Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+## Index
+## -----
+##
+## GUILE_PROGS -- set paths to Guile interpreter, config and tool programs
+## GUILE_FLAGS -- set flags for compiling and linking with Guile
+## GUILE_SITE_DIR -- find path to Guile "site" directory
+## GUILE_CHECK -- evaluate Guile Scheme code and capture the return value
+## GUILE_MODULE_CHECK -- check feature of a Guile Scheme module
+## GUILE_MODULE_AVAILABLE -- check availability of a Guile Scheme module
+## GUILE_MODULE_REQUIRED -- fail if a Guile Scheme module is unavailable
+## GUILE_MODULE_EXPORTS -- check if a module exports a variable
+## GUILE_MODULE_REQUIRED_EXPORT -- fail if a module doesn't export a variable
+
+## Code
+## ----
+
+## NOTE: Comments preceding an AC_DEFUN (starting from "Usage:") are massaged
+## into doc/ref/autoconf-macros.texi (see Makefile.am in that directory).
+
+# GUILE_PROGS -- set paths to Guile interpreter, config and tool programs
+#
+# Usage: GUILE_PROGS
+#
+# This macro looks for programs @code{guile}, @code{guile-config} and
+# @code{guile-tools}, and sets variables @var{GUILE}, @var{GUILE_CONFIG} and
+# @var{GUILE_TOOLS}, to their paths, respectively. If either of the first two
+# is not found, signal error.
+#
+# The variables are marked for substitution, as by @code{AC_SUBST}.
+#
+AC_DEFUN([GUILE_PROGS],
+ [AC_PATH_PROG(GUILE,guile)
+ if test "$GUILE" = "" ; then
+ AC_MSG_ERROR([guile required but not found])
+ fi
+ AC_SUBST(GUILE)
+ AC_PATH_PROG(GUILE_CONFIG,guile-config)
+ if test "$GUILE_CONFIG" = "" ; then
+ AC_MSG_ERROR([guile-config required but not found])
+ fi
+ AC_SUBST(GUILE_CONFIG)
+ AC_PATH_PROG(GUILE_TOOLS,guile-tools)
+ AC_SUBST(GUILE_TOOLS)
+ ])
+
+# GUILE_FLAGS -- set flags for compiling and linking with Guile
+#
+# Usage: GUILE_FLAGS
+#
+# This macro runs the @code{guile-config} script, installed with Guile, to
+# find out where Guile's header files and libraries are installed. It sets
+# two variables, @var{GUILE_CFLAGS} and @var{GUILE_LDFLAGS}.
+#
+# @var{GUILE_CFLAGS}: flags to pass to a C or C++ compiler to build code that
+# uses Guile header files. This is almost always just a @code{-I} flag.
+#
+# @var{GUILE_LDFLAGS}: flags to pass to the linker to link a program against
+# Guile. This includes @code{-lguile} for the Guile library itself, any
+# libraries that Guile itself requires (like -lqthreads), and so on. It may
+# also include a @code{-L} flag to tell the compiler where to find the
+# libraries.
+#
+# The variables are marked for substitution, as by @code{AC_SUBST}.
+#
+AC_DEFUN([GUILE_FLAGS],
+ [AC_REQUIRE([GUILE_PROGS])dnl
+ AC_MSG_CHECKING([libguile compile flags])
+ GUILE_CFLAGS="`$GUILE_CONFIG compile`"
+ AC_MSG_RESULT([$GUILE_CFLAGS])
+ AC_MSG_CHECKING([libguile link flags])
+ GUILE_LDFLAGS="`$GUILE_CONFIG link`"
+ AC_MSG_RESULT([$GUILE_LDFLAGS])
+ AC_SUBST(GUILE_CFLAGS)
+ AC_SUBST(GUILE_LDFLAGS)
+ ])
+
+# GUILE_SITE_DIR -- find path to Guile "site" directory
+#
+# Usage: GUILE_SITE_DIR
+#
+# This looks for Guile's "site" directory, usually something like
+# PREFIX/share/guile/site, and sets var @var{GUILE_SITE} to the path.
+# Note that the var name is different from the macro name.
+#
+# The variable is marked for substitution, as by @code{AC_SUBST}.
+#
+AC_DEFUN([GUILE_SITE_DIR],
+ [AC_REQUIRE([GUILE_PROGS])dnl
+ AC_MSG_CHECKING(for Guile site directory)
+ GUILE_SITE=`[$GUILE_CONFIG] info pkgdatadir`/site
+ AC_MSG_RESULT($GUILE_SITE)
+ AC_SUBST(GUILE_SITE)
+ ])
+
+# GUILE_CHECK -- evaluate Guile Scheme code and capture the return value
+#
+# Usage: GUILE_CHECK_RETVAL(var,check)
+#
+# @var{var} is a shell variable name to be set to the return value.
+# @var{check} is a Guile Scheme expression, evaluated with "$GUILE -c", and
+# returning either 0 or non-#f to indicate the check passed.
+# Non-0 number or #f indicates failure.
+# Avoid using the character "#" since that confuses autoconf.
+#
+AC_DEFUN([GUILE_CHECK],
+ [AC_REQUIRE([GUILE_PROGS])
+ $GUILE -c "$2" > /dev/null 2>&1
+ $1=$?
+ ])
+
+# GUILE_MODULE_CHECK -- check feature of a Guile Scheme module
+#
+# Usage: GUILE_MODULE_CHECK(var,module,featuretest,description)
+#
+# @var{var} is a shell variable name to be set to "yes" or "no".
+# @var{module} is a list of symbols, like: (ice-9 common-list).
+# @var{featuretest} is an expression acceptable to GUILE_CHECK, q.v.
+# @var{description} is a present-tense verb phrase (passed to AC_MSG_CHECKING).
+#
+AC_DEFUN([GUILE_MODULE_CHECK],
+ [AC_MSG_CHECKING([if $2 $4])
+ GUILE_CHECK($1,(use-modules $2) (exit ((lambda () $3))))
+ if test "$$1" = "0" ; then $1=yes ; else $1=no ; fi
+ AC_MSG_RESULT($$1)
+ ])
+
+# GUILE_MODULE_AVAILABLE -- check availability of a Guile Scheme module
+#
+# Usage: GUILE_MODULE_AVAILABLE(var,module)
+#
+# @var{var} is a shell variable name to be set to "yes" or "no".
+# @var{module} is a list of symbols, like: (ice-9 common-list).
+#
+AC_DEFUN([GUILE_MODULE_AVAILABLE],
+ [GUILE_MODULE_CHECK($1,$2,0,is available)
+ ])
+
+# GUILE_MODULE_REQUIRED -- fail if a Guile Scheme module is unavailable
+#
+# Usage: GUILE_MODULE_REQUIRED(symlist)
+#
+# @var{symlist} is a list of symbols, WITHOUT surrounding parens,
+# like: ice-9 common-list.
+#
+AC_DEFUN([GUILE_MODULE_REQUIRED],
+ [GUILE_MODULE_AVAILABLE(ac_guile_module_required, ($1))
+ if test "$ac_guile_module_required" = "no" ; then
+ AC_MSG_ERROR([required guile module not found: ($1)])
+ fi
+ ])
+
+# GUILE_MODULE_EXPORTS -- check if a module exports a variable
+#
+# Usage: GUILE_MODULE_EXPORTS(var,module,modvar)
+#
+# @var{var} is a shell variable to be set to "yes" or "no".
+# @var{module} is a list of symbols, like: (ice-9 common-list).
+# @var{modvar} is the Guile Scheme variable to check.
+#
+AC_DEFUN([GUILE_MODULE_EXPORTS],
+ [GUILE_MODULE_CHECK($1,$2,$3,exports `$3')
+ ])
+
+# GUILE_MODULE_REQUIRED_EXPORT -- fail if a module doesn't export a variable
+#
+# Usage: GUILE_MODULE_REQUIRED_EXPORT(module,modvar)
+#
+# @var{module} is a list of symbols, like: (ice-9 common-list).
+# @var{modvar} is the Guile Scheme variable to check.
+#
+AC_DEFUN([GUILE_MODULE_REQUIRED_EXPORT],
+ [GUILE_MODULE_EXPORTS(guile_module_required_export,$1,$2)
+ if test "$guile_module_required_export" = "no" ; then
+ AC_MSG_ERROR([module $1 does not export $2; required])
+ fi
+ ])
+
+## guile.m4 ends here
--- /dev/null
+# inttypes_h.m4 serial 7
+dnl Copyright (C) 1997-2004, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_INTTYPES_H_WITH_UINTMAX if <inttypes.h> exists,
+# doesn't clash with <sys/types.h>, and declares uintmax_t.
+
+AC_DEFUN([gl_AC_HEADER_INTTYPES_H],
+[
+ AC_CACHE_CHECK([for inttypes.h], gl_cv_header_inttypes_h,
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#include <inttypes.h>],
+ [uintmax_t i = (uintmax_t) -1; return !i;],
+ gl_cv_header_inttypes_h=yes,
+ gl_cv_header_inttypes_h=no)])
+ if test $gl_cv_header_inttypes_h = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_INTTYPES_H_WITH_UINTMAX, 1,
+ [Define if <inttypes.h> exists, doesn't clash with <sys/types.h>,
+ and declares uintmax_t. ])
+ fi
+])
--- /dev/null
+# lib-ld.m4 serial 3 (gettext-0.13)
+dnl Copyright (C) 1996-2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl Subroutines of libtool.m4,
+dnl with replacements s/AC_/AC_LIB/ and s/lt_cv/acl_cv/ to avoid collision
+dnl with libtool.m4.
+
+dnl From libtool-1.4. Sets the variable with_gnu_ld to yes or no.
+AC_DEFUN([AC_LIB_PROG_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], acl_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ acl_cv_prog_gnu_ld=yes ;;
+*)
+ acl_cv_prog_gnu_ld=no ;;
+esac])
+with_gnu_ld=$acl_cv_prog_gnu_ld
+])
+
+dnl From libtool-1.4. Sets the variable LD.
+AC_DEFUN([AC_LIB_PROG_LD],
+[AC_ARG_WITH(gnu-ld,
+[ --with-gnu-ld assume the C compiler uses GNU ld [default=no]],
+test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no)
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# Prepare PATH_SEPARATOR.
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ echo "#! /bin/sh" >conf$$.sh
+ echo "exit 0" >>conf$$.sh
+ chmod +x conf$$.sh
+ if (PATH="/nonexistent;."; conf$$.sh) >/dev/null 2>&1; then
+ PATH_SEPARATOR=';'
+ else
+ PATH_SEPARATOR=:
+ fi
+ rm -f conf$$.sh
+fi
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by GCC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]* | [A-Za-z]:[\\/]*)]
+ [re_direlt='/[^/][^/]*/\.\./']
+ # Canonicalize the path of ld
+ ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+ while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(acl_cv_path_LD,
+[if test -z "$LD"; then
+ IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+ for ac_dir in $PATH; do
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ acl_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some GNU ld's only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$acl_cv_path_LD" -v 2>&1 < /dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break ;;
+ *)
+ test "$with_gnu_ld" != yes && break ;;
+ esac
+ fi
+ done
+ IFS="$ac_save_ifs"
+else
+ acl_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$acl_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_LIB_PROG_LD_GNU
+])
--- /dev/null
+# lib-link.m4 serial 13 (gettext-0.17)
+dnl Copyright (C) 2001-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_PREREQ(2.54)
+
+dnl AC_LIB_LINKFLAGS(name [, dependencies]) searches for libname and
+dnl the libraries corresponding to explicit and implicit dependencies.
+dnl Sets and AC_SUBSTs the LIB${NAME} and LTLIB${NAME} variables and
+dnl augments the CPPFLAGS variable.
+dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
+dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_LINKFLAGS],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+ define([Name],[translit([$1],[./-], [___])])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+ AC_CACHE_CHECK([how to link with lib[]$1], [ac_cv_lib[]Name[]_libs], [
+ AC_LIB_LINKFLAGS_BODY([$1], [$2])
+ ac_cv_lib[]Name[]_libs="$LIB[]NAME"
+ ac_cv_lib[]Name[]_ltlibs="$LTLIB[]NAME"
+ ac_cv_lib[]Name[]_cppflags="$INC[]NAME"
+ ac_cv_lib[]Name[]_prefix="$LIB[]NAME[]_PREFIX"
+ ])
+ LIB[]NAME="$ac_cv_lib[]Name[]_libs"
+ LTLIB[]NAME="$ac_cv_lib[]Name[]_ltlibs"
+ INC[]NAME="$ac_cv_lib[]Name[]_cppflags"
+ LIB[]NAME[]_PREFIX="$ac_cv_lib[]Name[]_prefix"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
+ AC_SUBST([LIB]NAME)
+ AC_SUBST([LTLIB]NAME)
+ AC_SUBST([LIB]NAME[_PREFIX])
+ dnl Also set HAVE_LIB[]NAME so that AC_LIB_HAVE_LINKFLAGS can reuse the
+ dnl results of this search when this library appears as a dependency.
+ HAVE_LIB[]NAME=yes
+ undefine([Name])
+ undefine([NAME])
+])
+
+dnl AC_LIB_HAVE_LINKFLAGS(name, dependencies, includes, testcode)
+dnl searches for libname and the libraries corresponding to explicit and
+dnl implicit dependencies, together with the specified include files and
+dnl the ability to compile and link the specified testcode. If found, it
+dnl sets and AC_SUBSTs HAVE_LIB${NAME}=yes and the LIB${NAME} and
+dnl LTLIB${NAME} variables and augments the CPPFLAGS variable, and
+dnl #defines HAVE_LIB${NAME} to 1. Otherwise, it sets and AC_SUBSTs
+dnl HAVE_LIB${NAME}=no and LIB${NAME} and LTLIB${NAME} to empty.
+dnl Sets and AC_SUBSTs the LIB${NAME}_PREFIX variable to nonempty if libname
+dnl was found in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_HAVE_LINKFLAGS],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ AC_REQUIRE([AC_LIB_RPATH])
+ define([Name],[translit([$1],[./-], [___])])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+
+ dnl Search for lib[]Name and define LIB[]NAME, LTLIB[]NAME and INC[]NAME
+ dnl accordingly.
+ AC_LIB_LINKFLAGS_BODY([$1], [$2])
+
+ dnl Add $INC[]NAME to CPPFLAGS before performing the following checks,
+ dnl because if the user has installed lib[]Name and not disabled its use
+ dnl via --without-lib[]Name-prefix, he wants to use it.
+ ac_save_CPPFLAGS="$CPPFLAGS"
+ AC_LIB_APPENDTOVAR([CPPFLAGS], [$INC]NAME)
+
+ AC_CACHE_CHECK([for lib[]$1], [ac_cv_lib[]Name], [
+ ac_save_LIBS="$LIBS"
+ LIBS="$LIBS $LIB[]NAME"
+ AC_TRY_LINK([$3], [$4], [ac_cv_lib[]Name=yes], [ac_cv_lib[]Name=no])
+ LIBS="$ac_save_LIBS"
+ ])
+ if test "$ac_cv_lib[]Name" = yes; then
+ HAVE_LIB[]NAME=yes
+ AC_DEFINE([HAVE_LIB]NAME, 1, [Define if you have the $1 library.])
+ AC_MSG_CHECKING([how to link with lib[]$1])
+ AC_MSG_RESULT([$LIB[]NAME])
+ else
+ HAVE_LIB[]NAME=no
+ dnl If $LIB[]NAME didn't lead to a usable library, we don't need
+ dnl $INC[]NAME either.
+ CPPFLAGS="$ac_save_CPPFLAGS"
+ LIB[]NAME=
+ LTLIB[]NAME=
+ LIB[]NAME[]_PREFIX=
+ fi
+ AC_SUBST([HAVE_LIB]NAME)
+ AC_SUBST([LIB]NAME)
+ AC_SUBST([LTLIB]NAME)
+ AC_SUBST([LIB]NAME[_PREFIX])
+ undefine([Name])
+ undefine([NAME])
+])
+
+dnl Determine the platform dependent parameters needed to use rpath:
+dnl acl_libext,
+dnl acl_shlibext,
+dnl acl_hardcode_libdir_flag_spec,
+dnl acl_hardcode_libdir_separator,
+dnl acl_hardcode_direct,
+dnl acl_hardcode_minus_L.
+AC_DEFUN([AC_LIB_RPATH],
+[
+ dnl Tell automake >= 1.10 to complain if config.rpath is missing.
+ m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([config.rpath])])
+ AC_REQUIRE([AC_PROG_CC]) dnl we use $CC, $GCC, $LDFLAGS
+ AC_REQUIRE([AC_LIB_PROG_LD]) dnl we use $LD, $with_gnu_ld
+ AC_REQUIRE([AC_CANONICAL_HOST]) dnl we use $host
+ AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT]) dnl we use $ac_aux_dir
+ AC_CACHE_CHECK([for shared library run path origin], acl_cv_rpath, [
+ CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \
+ ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh
+ . ./conftest.sh
+ rm -f ./conftest.sh
+ acl_cv_rpath=done
+ ])
+ wl="$acl_cv_wl"
+ acl_libext="$acl_cv_libext"
+ acl_shlibext="$acl_cv_shlibext"
+ acl_libname_spec="$acl_cv_libname_spec"
+ acl_library_names_spec="$acl_cv_library_names_spec"
+ acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec"
+ acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator"
+ acl_hardcode_direct="$acl_cv_hardcode_direct"
+ acl_hardcode_minus_L="$acl_cv_hardcode_minus_L"
+ dnl Determine whether the user wants rpath handling at all.
+ AC_ARG_ENABLE(rpath,
+ [ --disable-rpath do not hardcode runtime library paths],
+ :, enable_rpath=yes)
+])
+
+dnl AC_LIB_LINKFLAGS_BODY(name [, dependencies]) searches for libname and
+dnl the libraries corresponding to explicit and implicit dependencies.
+dnl Sets the LIB${NAME}, LTLIB${NAME} and INC${NAME} variables.
+dnl Also, sets the LIB${NAME}_PREFIX variable to nonempty if libname was found
+dnl in ${LIB${NAME}_PREFIX}/$acl_libdirstem.
+AC_DEFUN([AC_LIB_LINKFLAGS_BODY],
+[
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ define([NAME],[translit([$1],[abcdefghijklmnopqrstuvwxyz./-],
+ [ABCDEFGHIJKLMNOPQRSTUVWXYZ___])])
+ dnl Autoconf >= 2.61 supports dots in --with options.
+ define([N_A_M_E],[m4_if(m4_version_compare(m4_defn([m4_PACKAGE_VERSION]),[2.61]),[-1],[translit([$1],[.],[_])],[$1])])
+ dnl By default, look in $includedir and $libdir.
+ use_additional=yes
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ AC_LIB_ARG_WITH([lib]N_A_M_E[-prefix],
+[ --with-lib]N_A_M_E[-prefix[=DIR] search for lib$1 in DIR/include and DIR/lib
+ --without-lib]N_A_M_E[-prefix don't search for lib$1 in includedir and libdir],
+[
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+])
+ dnl Search the library and its dependencies in $additional_libdir and
+ dnl $LDFLAGS. Using breadth-first-seach.
+ LIB[]NAME=
+ LTLIB[]NAME=
+ INC[]NAME=
+ LIB[]NAME[]_PREFIX=
+ rpathdirs=
+ ltrpathdirs=
+ names_already_handled=
+ names_next_round='$1 $2'
+ while test -n "$names_next_round"; do
+ names_this_round="$names_next_round"
+ names_next_round=
+ for name in $names_this_round; do
+ already_handled=
+ for n in $names_already_handled; do
+ if test "$n" = "$name"; then
+ already_handled=yes
+ break
+ fi
+ done
+ if test -z "$already_handled"; then
+ names_already_handled="$names_already_handled $name"
+ dnl See if it was already located by an earlier AC_LIB_LINKFLAGS
+ dnl or AC_LIB_HAVE_LINKFLAGS call.
+ uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./-|ABCDEFGHIJKLMNOPQRSTUVWXYZ___|'`
+ eval value=\"\$HAVE_LIB$uppername\"
+ if test -n "$value"; then
+ if test "$value" = yes; then
+ eval value=\"\$LIB$uppername\"
+ test -z "$value" || LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$value"
+ eval value=\"\$LTLIB$uppername\"
+ test -z "$value" || LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$value"
+ else
+ dnl An earlier call to AC_LIB_HAVE_LINKFLAGS has determined
+ dnl that this library doesn't exist. So just drop it.
+ :
+ fi
+ else
+ dnl Search the library lib$name in $additional_libdir and $LDFLAGS
+ dnl and the already constructed $LIBNAME/$LTLIBNAME.
+ found_dir=
+ found_la=
+ found_so=
+ found_a=
+ eval libname=\"$acl_libname_spec\" # typically: libname=lib$name
+ if test -n "$acl_shlibext"; then
+ shrext=".$acl_shlibext" # typically: shrext=.so
+ else
+ shrext=
+ fi
+ if test $use_additional = yes; then
+ dir="$additional_libdir"
+ dnl The same code as in the loop below:
+ dnl First look for a shared library.
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ dnl Then look for a static library.
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ fi
+ if test "X$found_dir" = "X"; then
+ for x in $LDFLAGS $LTLIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ case "$x" in
+ -L*)
+ dir=`echo "X$x" | sed -e 's/^X-L//'`
+ dnl First look for a shared library.
+ if test -n "$acl_shlibext"; then
+ if test -f "$dir/$libname$shrext"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext"
+ else
+ if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then
+ ver=`(cd "$dir" && \
+ for f in "$libname$shrext".*; do echo "$f"; done \
+ | sed -e "s,^$libname$shrext\\\\.,," \
+ | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \
+ | sed 1q ) 2>/dev/null`
+ if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then
+ found_dir="$dir"
+ found_so="$dir/$libname$shrext.$ver"
+ fi
+ else
+ eval library_names=\"$acl_library_names_spec\"
+ for f in $library_names; do
+ if test -f "$dir/$f"; then
+ found_dir="$dir"
+ found_so="$dir/$f"
+ break
+ fi
+ done
+ fi
+ fi
+ fi
+ dnl Then look for a static library.
+ if test "X$found_dir" = "X"; then
+ if test -f "$dir/$libname.$acl_libext"; then
+ found_dir="$dir"
+ found_a="$dir/$libname.$acl_libext"
+ fi
+ fi
+ if test "X$found_dir" != "X"; then
+ if test -f "$dir/$libname.la"; then
+ found_la="$dir/$libname.la"
+ fi
+ fi
+ ;;
+ esac
+ if test "X$found_dir" != "X"; then
+ break
+ fi
+ done
+ fi
+ if test "X$found_dir" != "X"; then
+ dnl Found the library.
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$found_dir -l$name"
+ if test "X$found_so" != "X"; then
+ dnl Linking with a shared library. We attempt to hardcode its
+ dnl directory into the executable's runpath, unless it's the
+ dnl standard /usr/lib.
+ if test "$enable_rpath" = no || test "X$found_dir" = "X/usr/$acl_libdirstem"; then
+ dnl No hardcoding is needed.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ dnl Use an explicit option to hardcode DIR into the resulting
+ dnl binary.
+ dnl Potentially add DIR to ltrpathdirs.
+ dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $found_dir"
+ fi
+ dnl The hardcoding into $LIBNAME is system dependent.
+ if test "$acl_hardcode_direct" = yes; then
+ dnl Using DIR/libNAME.so during linking hardcodes DIR into the
+ dnl resulting binary.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ dnl Use an explicit option to hardcode DIR into the resulting
+ dnl binary.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ dnl Potentially add DIR to rpathdirs.
+ dnl The rpathdirs will be appended to $LIBNAME at the end.
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $found_dir"
+ fi
+ else
+ dnl Rely on "-L$found_dir".
+ dnl But don't add it if it's already contained in the LDFLAGS
+ dnl or the already constructed $LIBNAME
+ haveit=
+ for x in $LDFLAGS $LIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$found_dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir"
+ fi
+ if test "$acl_hardcode_minus_L" != no; then
+ dnl FIXME: Not sure whether we should use
+ dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
+ dnl here.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_so"
+ else
+ dnl We cannot use $acl_hardcode_runpath_var and LD_RUN_PATH
+ dnl here, because this doesn't fit in flags passed to the
+ dnl compiler. So give up. No hardcoding. This affects only
+ dnl very old systems.
+ dnl FIXME: Not sure whether we should use
+ dnl "-L$found_dir -l$name" or "-L$found_dir $found_so"
+ dnl here.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
+ fi
+ fi
+ fi
+ fi
+ else
+ if test "X$found_a" != "X"; then
+ dnl Linking with a static library.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$found_a"
+ else
+ dnl We shouldn't come here, but anyway it's good to have a
+ dnl fallback.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$found_dir -l$name"
+ fi
+ fi
+ dnl Assume the include files are nearby.
+ additional_includedir=
+ case "$found_dir" in
+ */$acl_libdirstem | */$acl_libdirstem/)
+ basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'`
+ LIB[]NAME[]_PREFIX="$basedir"
+ additional_includedir="$basedir/include"
+ ;;
+ esac
+ if test "X$additional_includedir" != "X"; then
+ dnl Potentially add $additional_includedir to $INCNAME.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/include,
+ dnl 2. if it's /usr/local/include and we are using GCC on Linux,
+ dnl 3. if it's already present in $CPPFLAGS or the already
+ dnl constructed $INCNAME,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ for x in $CPPFLAGS $INC[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ dnl Really add $additional_includedir to $INCNAME.
+ INC[]NAME="${INC[]NAME}${INC[]NAME:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ fi
+ dnl Look for dependencies.
+ if test -n "$found_la"; then
+ dnl Read the .la file. It defines the variables
+ dnl dlname, library_names, old_library, dependency_libs, current,
+ dnl age, revision, installed, dlopen, dlpreopen, libdir.
+ save_libdir="$libdir"
+ case "$found_la" in
+ */* | *\\*) . "$found_la" ;;
+ *) . "./$found_la" ;;
+ esac
+ libdir="$save_libdir"
+ dnl We use only dependency_libs.
+ for dep in $dependency_libs; do
+ case "$dep" in
+ -L*)
+ additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'`
+ dnl Potentially add $additional_libdir to $LIBNAME and $LTLIBNAME.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/lib,
+ dnl 2. if it's /usr/local/lib and we are using GCC on Linux,
+ dnl 3. if it's already present in $LDFLAGS or the already
+ dnl constructed $LIBNAME,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ haveit=
+ for x in $LDFLAGS $LIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LIBNAME.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-L$additional_libdir"
+ fi
+ fi
+ haveit=
+ for x in $LDFLAGS $LTLIB[]NAME; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LTLIBNAME.
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ ;;
+ -R*)
+ dir=`echo "X$dep" | sed -e 's/^X-R//'`
+ if test "$enable_rpath" != no; then
+ dnl Potentially add DIR to rpathdirs.
+ dnl The rpathdirs will be appended to $LIBNAME at the end.
+ haveit=
+ for x in $rpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ dnl Potentially add DIR to ltrpathdirs.
+ dnl The ltrpathdirs will be appended to $LTLIBNAME at the end.
+ haveit=
+ for x in $ltrpathdirs; do
+ if test "X$x" = "X$dir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ ltrpathdirs="$ltrpathdirs $dir"
+ fi
+ fi
+ ;;
+ -l*)
+ dnl Handle this in the next round.
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'`
+ ;;
+ *.la)
+ dnl Handle this in the next round. Throw away the .la's
+ dnl directory; it is already contained in a preceding -L
+ dnl option.
+ names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'`
+ ;;
+ *)
+ dnl Most likely an immediate library name.
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$dep"
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }$dep"
+ ;;
+ esac
+ done
+ fi
+ else
+ dnl Didn't find the library; assume it is in the system directories
+ dnl known to the linker and runtime loader. (All the system
+ dnl directories known to the linker should also be known to the
+ dnl runtime loader, otherwise the system is severely misconfigured.)
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }-l$name"
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-l$name"
+ fi
+ fi
+ fi
+ done
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n "$acl_hardcode_libdir_separator"; then
+ dnl Weird platform: only the last -rpath option counts, the user must
+ dnl pass all path elements in one option. We can arrange that for a
+ dnl single library, but not when more than one $LIBNAMEs are used.
+ alldirs=
+ for found_dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir"
+ done
+ dnl Note: acl_hardcode_libdir_flag_spec uses $libdir and $wl.
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
+ else
+ dnl The -rpath options are cumulative.
+ for found_dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$found_dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ LIB[]NAME="${LIB[]NAME}${LIB[]NAME:+ }$flag"
+ done
+ fi
+ fi
+ if test "X$ltrpathdirs" != "X"; then
+ dnl When using libtool, the option that works for both libraries and
+ dnl executables is -R. The -R options are cumulative.
+ for found_dir in $ltrpathdirs; do
+ LTLIB[]NAME="${LTLIB[]NAME}${LTLIB[]NAME:+ }-R$found_dir"
+ done
+ fi
+])
+
+dnl AC_LIB_APPENDTOVAR(VAR, CONTENTS) appends the elements of CONTENTS to VAR,
+dnl unless already present in VAR.
+dnl Works only for CPPFLAGS, not for LIB* variables because that sometimes
+dnl contains two or three consecutive elements that belong together.
+AC_DEFUN([AC_LIB_APPENDTOVAR],
+[
+ for element in [$2]; do
+ haveit=
+ for x in $[$1]; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X$element"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ [$1]="${[$1]}${[$1]:+ }$element"
+ fi
+ done
+])
+
+dnl For those cases where a variable contains several -L and -l options
+dnl referring to unknown libraries and directories, this macro determines the
+dnl necessary additional linker options for the runtime path.
+dnl AC_LIB_LINKFLAGS_FROM_LIBS([LDADDVAR], [LIBSVALUE], [USE-LIBTOOL])
+dnl sets LDADDVAR to linker options needed together with LIBSVALUE.
+dnl If USE-LIBTOOL evaluates to non-empty, linking with libtool is assumed,
+dnl otherwise linking without libtool is assumed.
+AC_DEFUN([AC_LIB_LINKFLAGS_FROM_LIBS],
+[
+ AC_REQUIRE([AC_LIB_RPATH])
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ $1=
+ if test "$enable_rpath" != no; then
+ if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then
+ dnl Use an explicit option to hardcode directories into the resulting
+ dnl binary.
+ rpathdirs=
+ next=
+ for opt in $2; do
+ if test -n "$next"; then
+ dir="$next"
+ dnl No need to hardcode the standard /usr/lib.
+ if test "X$dir" != "X/usr/$acl_libdirstem"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ next=
+ else
+ case $opt in
+ -L) next=yes ;;
+ -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'`
+ dnl No need to hardcode the standard /usr/lib.
+ if test "X$dir" != "X/usr/$acl_libdirstem"; then
+ rpathdirs="$rpathdirs $dir"
+ fi
+ next= ;;
+ *) next= ;;
+ esac
+ fi
+ done
+ if test "X$rpathdirs" != "X"; then
+ if test -n ""$3""; then
+ dnl libtool is used for linking. Use -R options.
+ for dir in $rpathdirs; do
+ $1="${$1}${$1:+ }-R$dir"
+ done
+ else
+ dnl The linker is used for linking directly.
+ if test -n "$acl_hardcode_libdir_separator"; then
+ dnl Weird platform: only the last -rpath option counts, the user
+ dnl must pass all path elements in one option.
+ alldirs=
+ for dir in $rpathdirs; do
+ alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir"
+ done
+ acl_save_libdir="$libdir"
+ libdir="$alldirs"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ $1="$flag"
+ else
+ dnl The -rpath options are cumulative.
+ for dir in $rpathdirs; do
+ acl_save_libdir="$libdir"
+ libdir="$dir"
+ eval flag=\"$acl_hardcode_libdir_flag_spec\"
+ libdir="$acl_save_libdir"
+ $1="${$1}${$1:+ }$flag"
+ done
+ fi
+ fi
+ fi
+ fi
+ fi
+ AC_SUBST([$1])
+])
--- /dev/null
+# lib-prefix.m4 serial 5 (gettext-0.15)
+dnl Copyright (C) 2001-2005 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+dnl AC_LIB_ARG_WITH is synonymous to AC_ARG_WITH in autoconf-2.13, and
+dnl similar to AC_ARG_WITH in autoconf 2.52...2.57 except that is doesn't
+dnl require excessive bracketing.
+ifdef([AC_HELP_STRING],
+[AC_DEFUN([AC_LIB_ARG_WITH], [AC_ARG_WITH([$1],[[$2]],[$3],[$4])])],
+[AC_DEFUN([AC_][LIB_ARG_WITH], [AC_ARG_WITH([$1],[$2],[$3],[$4])])])
+
+dnl AC_LIB_PREFIX adds to the CPPFLAGS and LDFLAGS the flags that are needed
+dnl to access previously installed libraries. The basic assumption is that
+dnl a user will want packages to use other packages he previously installed
+dnl with the same --prefix option.
+dnl This macro is not needed if only AC_LIB_LINKFLAGS is used to locate
+dnl libraries, but is otherwise very convenient.
+AC_DEFUN([AC_LIB_PREFIX],
+[
+ AC_BEFORE([$0], [AC_LIB_LINKFLAGS])
+ AC_REQUIRE([AC_PROG_CC])
+ AC_REQUIRE([AC_CANONICAL_HOST])
+ AC_REQUIRE([AC_LIB_PREPARE_MULTILIB])
+ AC_REQUIRE([AC_LIB_PREPARE_PREFIX])
+ dnl By default, look in $includedir and $libdir.
+ use_additional=yes
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ AC_LIB_ARG_WITH([lib-prefix],
+[ --with-lib-prefix[=DIR] search for libraries in DIR/include and DIR/lib
+ --without-lib-prefix don't search for libraries in includedir and libdir],
+[
+ if test "X$withval" = "Xno"; then
+ use_additional=no
+ else
+ if test "X$withval" = "X"; then
+ AC_LIB_WITH_FINAL_PREFIX([
+ eval additional_includedir=\"$includedir\"
+ eval additional_libdir=\"$libdir\"
+ ])
+ else
+ additional_includedir="$withval/include"
+ additional_libdir="$withval/$acl_libdirstem"
+ fi
+ fi
+])
+ if test $use_additional = yes; then
+ dnl Potentially add $additional_includedir to $CPPFLAGS.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/include,
+ dnl 2. if it's already present in $CPPFLAGS,
+ dnl 3. if it's /usr/local/include and we are using GCC on Linux,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_includedir" != "X/usr/include"; then
+ haveit=
+ for x in $CPPFLAGS; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-I$additional_includedir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test "X$additional_includedir" = "X/usr/local/include"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux* | gnu* | k*bsd*-gnu) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ if test -d "$additional_includedir"; then
+ dnl Really add $additional_includedir to $CPPFLAGS.
+ CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }-I$additional_includedir"
+ fi
+ fi
+ fi
+ fi
+ dnl Potentially add $additional_libdir to $LDFLAGS.
+ dnl But don't add it
+ dnl 1. if it's the standard /usr/lib,
+ dnl 2. if it's already present in $LDFLAGS,
+ dnl 3. if it's /usr/local/lib and we are using GCC on Linux,
+ dnl 4. if it doesn't exist as a directory.
+ if test "X$additional_libdir" != "X/usr/$acl_libdirstem"; then
+ haveit=
+ for x in $LDFLAGS; do
+ AC_LIB_WITH_FINAL_PREFIX([eval x=\"$x\"])
+ if test "X$x" = "X-L$additional_libdir"; then
+ haveit=yes
+ break
+ fi
+ done
+ if test -z "$haveit"; then
+ if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem"; then
+ if test -n "$GCC"; then
+ case $host_os in
+ linux*) haveit=yes;;
+ esac
+ fi
+ fi
+ if test -z "$haveit"; then
+ if test -d "$additional_libdir"; then
+ dnl Really add $additional_libdir to $LDFLAGS.
+ LDFLAGS="${LDFLAGS}${LDFLAGS:+ }-L$additional_libdir"
+ fi
+ fi
+ fi
+ fi
+ fi
+])
+
+dnl AC_LIB_PREPARE_PREFIX creates variables acl_final_prefix,
+dnl acl_final_exec_prefix, containing the values to which $prefix and
+dnl $exec_prefix will expand at the end of the configure script.
+AC_DEFUN([AC_LIB_PREPARE_PREFIX],
+[
+ dnl Unfortunately, prefix and exec_prefix get only finally determined
+ dnl at the end of configure.
+ if test "X$prefix" = "XNONE"; then
+ acl_final_prefix="$ac_default_prefix"
+ else
+ acl_final_prefix="$prefix"
+ fi
+ if test "X$exec_prefix" = "XNONE"; then
+ acl_final_exec_prefix='${prefix}'
+ else
+ acl_final_exec_prefix="$exec_prefix"
+ fi
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ eval acl_final_exec_prefix=\"$acl_final_exec_prefix\"
+ prefix="$acl_save_prefix"
+])
+
+dnl AC_LIB_WITH_FINAL_PREFIX([statement]) evaluates statement, with the
+dnl variables prefix and exec_prefix bound to the values they will have
+dnl at the end of the configure script.
+AC_DEFUN([AC_LIB_WITH_FINAL_PREFIX],
+[
+ acl_save_prefix="$prefix"
+ prefix="$acl_final_prefix"
+ acl_save_exec_prefix="$exec_prefix"
+ exec_prefix="$acl_final_exec_prefix"
+ $1
+ exec_prefix="$acl_save_exec_prefix"
+ prefix="$acl_save_prefix"
+])
+
+dnl AC_LIB_PREPARE_MULTILIB creates a variable acl_libdirstem, containing
+dnl the basename of the libdir, either "lib" or "lib64".
+AC_DEFUN([AC_LIB_PREPARE_MULTILIB],
+[
+ dnl There is no formal standard regarding lib and lib64. The current
+ dnl practice is that on a system supporting 32-bit and 64-bit instruction
+ dnl sets or ABIs, 64-bit libraries go under $prefix/lib64 and 32-bit
+ dnl libraries go under $prefix/lib. We determine the compiler's default
+ dnl mode by looking at the compiler's library search path. If at least
+ dnl of its elements ends in /lib64 or points to a directory whose absolute
+ dnl pathname ends in /lib64, we assume a 64-bit ABI. Otherwise we use the
+ dnl default, namely "lib".
+ acl_libdirstem=lib
+ searchpath=`(LC_ALL=C $CC -print-search-dirs) 2>/dev/null | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'`
+ if test -n "$searchpath"; then
+ acl_save_IFS="${IFS= }"; IFS=":"
+ for searchdir in $searchpath; do
+ if test -d "$searchdir"; then
+ case "$searchdir" in
+ */lib64/ | */lib64 ) acl_libdirstem=lib64 ;;
+ *) searchdir=`cd "$searchdir" && pwd`
+ case "$searchdir" in
+ */lib64 ) acl_libdirstem=lib64 ;;
+ esac ;;
+ esac
+ fi
+ done
+ IFS="$acl_save_IFS"
+ fi
+])
--- /dev/null
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+m4_define([_LT_COPYING], [dnl
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+])
+
+# serial 56 LT_INIT
+
+
+# LT_PREREQ(VERSION)
+# ------------------
+# Complain and exit if this libtool version is less that VERSION.
+m4_defun([LT_PREREQ],
+[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
+ [m4_default([$3],
+ [m4_fatal([Libtool version $1 or higher is required],
+ 63)])],
+ [$2])])
+
+
+# _LT_CHECK_BUILDDIR
+# ------------------
+# Complain if the absolute build directory name contains unusual characters
+m4_defun([_LT_CHECK_BUILDDIR],
+[case `pwd` in
+ *\ * | *\ *)
+ AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
+esac
+])
+
+
+# LT_INIT([OPTIONS])
+# ------------------
+AC_DEFUN([LT_INIT],
+[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT
+AC_BEFORE([$0], [LT_LANG])dnl
+AC_BEFORE([$0], [LT_OUTPUT])dnl
+AC_BEFORE([$0], [LTDL_INIT])dnl
+m4_require([_LT_CHECK_BUILDDIR])dnl
+
+dnl Autoconf doesn't catch unexpanded LT_ macros by default:
+m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
+m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
+dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
+dnl unless we require an AC_DEFUNed macro:
+AC_REQUIRE([LTOPTIONS_VERSION])dnl
+AC_REQUIRE([LTSUGAR_VERSION])dnl
+AC_REQUIRE([LTVERSION_VERSION])dnl
+AC_REQUIRE([LTOBSOLETE_VERSION])dnl
+m4_require([_LT_PROG_LTMAIN])dnl
+
+dnl Parse OPTIONS
+_LT_SET_OPTIONS([$0], [$1])
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+_LT_SETUP
+
+# Only expand once:
+m4_define([LT_INIT])
+])# LT_INIT
+
+# Old names:
+AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
+AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
+dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+m4_defun([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+ case $cc_temp in
+ compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+ distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_FILEUTILS_DEFAULTS
+# ----------------------
+# It is okay to use these file commands and assume they have been set
+# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'.
+m4_defun([_LT_FILEUTILS_DEFAULTS],
+[: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+])# _LT_FILEUTILS_DEFAULTS
+
+
+# _LT_SETUP
+# ---------
+m4_defun([_LT_SETUP],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+_LT_DECL([], [host_alias], [0], [The host system])dnl
+_LT_DECL([], [host], [0])dnl
+_LT_DECL([], [host_os], [0])dnl
+dnl
+_LT_DECL([], [build_alias], [0], [The build system])dnl
+_LT_DECL([], [build], [0])dnl
+_LT_DECL([], [build_os], [0])dnl
+dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+test -z "$LN_S" && LN_S="ln -s"
+_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
+dnl
+AC_REQUIRE([LT_CMD_MAX_LEN])dnl
+_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
+_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
+dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_CHECK_MAGIC_METHOD])dnl
+m4_require([_LT_CMD_OLD_ARCHIVE])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+
+_LT_CONFIG_LIBTOOL_INIT([
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+])
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+_LT_CHECK_OBJDIR
+
+m4_require([_LT_TAG_COMPILER])dnl
+_LT_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([["`\\]]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ _LT_PATH_MAGIC
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+LT_SUPPORTED_TAG([CC])
+_LT_LANG_C_CONFIG
+_LT_LANG_DEFAULT_CONFIG
+_LT_CONFIG_COMMANDS
+])# _LT_SETUP
+
+
+# _LT_PROG_LTMAIN
+# ---------------
+# Note that this code is called both from `configure', and `config.status'
+# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably,
+# `config.status' has no value for ac_aux_dir unless we are using Automake,
+# so we pass a copy along to make sure it has a sensible value anyway.
+m4_defun([_LT_PROG_LTMAIN],
+[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
+_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
+ltmain="$ac_aux_dir/ltmain.sh"
+])# _LT_PROG_LTMAIN
+
+
+## ------------------------------------- ##
+## Accumulate code for creating libtool. ##
+## ------------------------------------- ##
+
+# So that we can recreate a full libtool script including additional
+# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
+# in macros and then make a single call at the end using the `libtool'
+# label.
+
+
+# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
+# ----------------------------------------
+# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL_INIT],
+[m4_ifval([$1],
+ [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
+ [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_INIT])
+
+
+# _LT_CONFIG_LIBTOOL([COMMANDS])
+# ------------------------------
+# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL],
+[m4_ifval([$1],
+ [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
+ [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
+
+
+# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
+# -----------------------------------------------------
+m4_defun([_LT_CONFIG_SAVE_COMMANDS],
+[_LT_CONFIG_LIBTOOL([$1])
+_LT_CONFIG_LIBTOOL_INIT([$2])
+])
+
+
+# _LT_FORMAT_COMMENT([COMMENT])
+# -----------------------------
+# Add leading comment marks to the start of each line, and a trailing
+# full-stop to the whole comment if one is not present already.
+m4_define([_LT_FORMAT_COMMENT],
+[m4_ifval([$1], [
+m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
+ [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
+)])
+
+
+
+## ------------------------ ##
+## FIXME: Eliminate VARNAME ##
+## ------------------------ ##
+
+
+# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
+# -------------------------------------------------------------------
+# CONFIGNAME is the name given to the value in the libtool script.
+# VARNAME is the (base) name used in the configure script.
+# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
+# VARNAME. Any other value will be used directly.
+m4_define([_LT_DECL],
+[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
+ [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
+ [m4_ifval([$1], [$1], [$2])])
+ lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
+ m4_ifval([$4],
+ [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
+ lt_dict_add_subkey([lt_decl_dict], [$2],
+ [tagged?], [m4_ifval([$5], [yes], [no])])])
+])
+
+
+# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
+# --------------------------------------------------------
+m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
+
+
+# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_tag_varnames],
+[_lt_decl_filter([tagged?], [yes], $@)])
+
+
+# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
+# ---------------------------------------------------------
+m4_define([_lt_decl_filter],
+[m4_case([$#],
+ [0], [m4_fatal([$0: too few arguments: $#])],
+ [1], [m4_fatal([$0: too few arguments: $#: $1])],
+ [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
+ [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
+ [lt_dict_filter([lt_decl_dict], $@)])[]dnl
+])
+
+
+# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
+# --------------------------------------------------
+m4_define([lt_decl_quote_varnames],
+[_lt_decl_filter([value], [1], $@)])
+
+
+# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_dquote_varnames],
+[_lt_decl_filter([value], [2], $@)])
+
+
+# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_varnames_tagged],
+[m4_assert([$# <= 2])dnl
+_$0(m4_quote(m4_default([$1], [[, ]])),
+ m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
+ m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
+m4_define([_lt_decl_varnames_tagged],
+[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
+
+
+# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_all_varnames],
+[_$0(m4_quote(m4_default([$1], [[, ]])),
+ m4_if([$2], [],
+ m4_quote(lt_decl_varnames),
+ m4_quote(m4_shift($@))))[]dnl
+])
+m4_define([_lt_decl_all_varnames],
+[lt_join($@, lt_decl_varnames_tagged([$1],
+ lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
+])
+
+
+# _LT_CONFIG_STATUS_DECLARE([VARNAME])
+# ------------------------------------
+# Quote a variable value, and forward it to `config.status' so that its
+# declaration there will have the same value as in `configure'. VARNAME
+# must have a single quote delimited value for this to work.
+m4_define([_LT_CONFIG_STATUS_DECLARE],
+[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`'])
+
+
+# _LT_CONFIG_STATUS_DECLARATIONS
+# ------------------------------
+# We delimit libtool config variables with single quotes, so when
+# we write them to config.status, we have to be sure to quote all
+# embedded single quotes properly. In configure, this macro expands
+# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
+#
+# <var>='`$ECHO "X$<var>" | $Xsed -e "$delay_single_quote_subst"`'
+m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
+ [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAGS
+# ----------------
+# Output comment and list of tags supported by the script
+m4_defun([_LT_LIBTOOL_TAGS],
+[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
+available_tags="_LT_TAGS"dnl
+])
+
+
+# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
+# -----------------------------------
+# Extract the dictionary values for VARNAME (optionally with TAG) and
+# expand to a commented shell variable setting:
+#
+# # Some comment about what VAR is for.
+# visible_name=$lt_internal_name
+m4_define([_LT_LIBTOOL_DECLARE],
+[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
+ [description])))[]dnl
+m4_pushdef([_libtool_name],
+ m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
+m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
+ [0], [_libtool_name=[$]$1],
+ [1], [_libtool_name=$lt_[]$1],
+ [2], [_libtool_name=$lt_[]$1],
+ [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
+m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
+])
+
+
+# _LT_LIBTOOL_CONFIG_VARS
+# -----------------------
+# Produce commented declarations of non-tagged libtool config variables
+# suitable for insertion in the LIBTOOL CONFIG section of the `libtool'
+# script. Tagged libtool config variables (even for the LIBTOOL CONFIG
+# section) are produced by _LT_LIBTOOL_TAG_VARS.
+m4_defun([_LT_LIBTOOL_CONFIG_VARS],
+[m4_foreach([_lt_var],
+ m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
+ [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAG_VARS(TAG)
+# -------------------------
+m4_define([_LT_LIBTOOL_TAG_VARS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
+ [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
+
+
+# _LT_TAGVAR(VARNAME, [TAGNAME])
+# ------------------------------
+m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
+
+
+# _LT_CONFIG_COMMANDS
+# -------------------
+# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of
+# variables for single and double quote escaping we saved from calls
+# to _LT_DECL, we can put quote escaped variables declarations
+# into `config.status', and then the shell code to quote escape them in
+# for loops in `config.status'. Finally, any additional code accumulated
+# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
+m4_defun([_LT_CONFIG_COMMANDS],
+[AC_PROVIDE_IFELSE([LT_OUTPUT],
+ dnl If the libtool generation code has been placed in $CONFIG_LT,
+ dnl instead of duplicating it all over again into config.status,
+ dnl then we will have config.status run $CONFIG_LT later, so it
+ dnl needs to know what name is stored there:
+ [AC_CONFIG_COMMANDS([libtool],
+ [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
+ dnl If the libtool generation code is destined for config.status,
+ dnl expand the accumulated commands and init code now:
+ [AC_CONFIG_COMMANDS([libtool],
+ [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
+])#_LT_CONFIG_COMMANDS
+
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
+[
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+_LT_CONFIG_STATUS_DECLARATIONS
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_quote_varnames); do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[[\\\\\\\`\\"\\\$]]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_dquote_varnames); do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[[\\\\\\\`\\"\\\$]]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\[$]0 --fallback-echo"')dnl "
+ lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\`
+ ;;
+esac
+
+_LT_OUTPUT_LIBTOOL_INIT
+])
+
+
+# LT_OUTPUT
+# ---------
+# This macro allows early generation of the libtool script (before
+# AC_OUTPUT is called), incase it is used in configure for compilation
+# tests.
+AC_DEFUN([LT_OUTPUT],
+[: ${CONFIG_LT=./config.lt}
+AC_MSG_NOTICE([creating $CONFIG_LT])
+cat >"$CONFIG_LT" <<_LTEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate a libtool stub with the current configuration.
+
+lt_cl_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AS_SHELL_SANITIZE
+_AS_PREPARE
+
+exec AS_MESSAGE_FD>&1
+exec AS_MESSAGE_LOG_FD>>config.log
+{
+ echo
+ AS_BOX([Running $as_me.])
+} >&AS_MESSAGE_LOG_FD
+
+lt_cl_help="\
+\`$as_me' creates a local libtool stub from the current configuration,
+for use in further configure time tests before the real libtool is
+generated.
+
+Usage: $[0] [[OPTIONS]]
+
+ -h, --help print this help, then exit
+ -V, --version print version number, then exit
+ -q, --quiet do not print progress messages
+ -d, --debug don't remove temporary files
+
+Report bugs to <bug-libtool@gnu.org>."
+
+lt_cl_version="\
+m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
+m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
+configured by $[0], generated by m4_PACKAGE_STRING.
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.lt script is free software; the Free Software Foundation
+gives unlimited permision to copy, distribute and modify it."
+
+while test $[#] != 0
+do
+ case $[1] in
+ --version | --v* | -V )
+ echo "$lt_cl_version"; exit 0 ;;
+ --help | --h* | -h )
+ echo "$lt_cl_help"; exit 0 ;;
+ --debug | --d* | -d )
+ debug=: ;;
+ --quiet | --q* | --silent | --s* | -q )
+ lt_cl_silent=: ;;
+
+ -*) AC_MSG_ERROR([unrecognized option: $[1]
+Try \`$[0] --help' for more information.]) ;;
+
+ *) AC_MSG_ERROR([unrecognized argument: $[1]
+Try \`$[0] --help' for more information.]) ;;
+ esac
+ shift
+done
+
+if $lt_cl_silent; then
+ exec AS_MESSAGE_FD>/dev/null
+fi
+_LTEOF
+
+cat >>"$CONFIG_LT" <<_LTEOF
+_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AC_MSG_NOTICE([creating $ofile])
+_LT_OUTPUT_LIBTOOL_COMMANDS
+AS_EXIT(0)
+_LTEOF
+chmod +x "$CONFIG_LT"
+
+# configure is writing to config.log, but config.lt does its own redirection,
+# appending to config.log, which fails on DOS, as config.log is still kept
+# open by configure. Here we exec the FD to /dev/null, effectively closing
+# config.log, so it can be properly (re)opened and appended to by config.lt.
+if test "$no_create" != yes; then
+ lt_cl_success=:
+ test "$silent" = yes &&
+ lt_config_lt_args="$lt_config_lt_args --quiet"
+ exec AS_MESSAGE_LOG_FD>/dev/null
+ $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
+ exec AS_MESSAGE_LOG_FD>>config.log
+ $lt_cl_success || AS_EXIT(1)
+fi
+])# LT_OUTPUT
+
+
+# _LT_CONFIG(TAG)
+# ---------------
+# If TAG is the built-in tag, create an initial libtool script with a
+# default configuration from the untagged config vars. Otherwise add code
+# to config.status for appending the configuration named by TAG from the
+# matching tagged config vars.
+m4_defun([_LT_CONFIG],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_CONFIG_SAVE_COMMANDS([
+ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
+ m4_if(_LT_TAG, [C], [
+ # See if we are running on zsh, and set the options which allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile="${ofile}T"
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+_LT_COPYING
+_LT_LIBTOOL_TAGS
+
+# ### BEGIN LIBTOOL CONFIG
+_LT_LIBTOOL_CONFIG_VARS
+_LT_LIBTOOL_TAG_VARS
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+ _LT_PROG_LTMAIN
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ _LT_PROG_XSI_SHELLFNS
+
+ sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+],
+[cat <<_LT_EOF >> "$ofile"
+
+dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
+dnl in a comment (ie after a #).
+# ### BEGIN LIBTOOL TAG CONFIG: $1
+_LT_LIBTOOL_TAG_VARS(_LT_TAG)
+# ### END LIBTOOL TAG CONFIG: $1
+_LT_EOF
+])dnl /m4_if
+],
+[m4_if([$1], [], [
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ TIMESTAMP='$TIMESTAMP'
+ RM='$RM'
+ ofile='$ofile'], [])
+])dnl /_LT_CONFIG_SAVE_COMMANDS
+])# _LT_CONFIG
+
+
+# LT_SUPPORTED_TAG(TAG)
+# ---------------------
+# Trace this macro to discover what tags are supported by the libtool
+# --tag option, using:
+# autoconf --trace 'LT_SUPPORTED_TAG:$1'
+AC_DEFUN([LT_SUPPORTED_TAG], [])
+
+
+# C support is built-in for now
+m4_define([_LT_LANG_C_enabled], [])
+m4_define([_LT_TAGS], [])
+
+
+# LT_LANG(LANG)
+# -------------
+# Enable libtool support for the given language if not already enabled.
+AC_DEFUN([LT_LANG],
+[AC_BEFORE([$0], [LT_OUTPUT])dnl
+m4_case([$1],
+ [C], [_LT_LANG(C)],
+ [C++], [_LT_LANG(CXX)],
+ [Java], [_LT_LANG(GCJ)],
+ [Fortran 77], [_LT_LANG(F77)],
+ [Fortran], [_LT_LANG(FC)],
+ [Windows Resource], [_LT_LANG(RC)],
+ [m4_ifdef([_LT_LANG_]$1[_CONFIG],
+ [_LT_LANG($1)],
+ [m4_fatal([$0: unsupported language: "$1"])])])dnl
+])# LT_LANG
+
+
+# _LT_LANG(LANGNAME)
+# ------------------
+m4_defun([_LT_LANG],
+[m4_ifdef([_LT_LANG_]$1[_enabled], [],
+ [LT_SUPPORTED_TAG([$1])dnl
+ m4_append([_LT_TAGS], [$1 ])dnl
+ m4_define([_LT_LANG_]$1[_enabled], [])dnl
+ _LT_LANG_$1_CONFIG($1)])dnl
+])# _LT_LANG
+
+
+# _LT_LANG_DEFAULT_CONFIG
+# -----------------------
+m4_defun([_LT_LANG_DEFAULT_CONFIG],
+[AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [LT_LANG(CXX)],
+ [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_F77],
+ [LT_LANG(F77)],
+ [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_FC],
+ [LT_LANG(FC)],
+ [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
+
+dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
+dnl pulling things in needlessly.
+AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [m4_ifdef([AC_PROG_GCJ],
+ [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
+ m4_ifdef([A][M_PROG_GCJ],
+ [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
+ m4_ifdef([LT_PROG_GCJ],
+ [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+
+AC_PROVIDE_IFELSE([LT_PROG_RC],
+ [LT_LANG(RC)],
+ [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
+])# _LT_LANG_DEFAULT_CONFIG
+
+# Obsolete macros:
+AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
+AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
+AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
+AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
+dnl AC_DEFUN([AC_LIBTOOL_F77], [])
+dnl AC_DEFUN([AC_LIBTOOL_FC], [])
+dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
+
+
+# _LT_TAG_COMPILER
+# ----------------
+m4_defun([_LT_TAG_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
+_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
+_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
+_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_TAG_COMPILER
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+m4_defun([_LT_COMPILER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+m4_defun([_LT_LINKER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+])# _LT_LINKER_BOILERPLATE
+
+# _LT_REQUIRED_DARWIN_CHECKS
+# -------------------------
+m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
+ case $host_os in
+ rhapsody* | darwin*)
+ AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
+ AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
+ AC_CHECK_TOOL([LIPO], [lipo], [:])
+ AC_CHECK_TOOL([OTOOL], [otool], [:])
+ AC_CHECK_TOOL([OTOOL64], [otool64], [:])
+ _LT_DECL([], [DSYMUTIL], [1],
+ [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
+ _LT_DECL([], [NMEDIT], [1],
+ [Tool to change global to local symbols on Mac OS X])
+ _LT_DECL([], [LIPO], [1],
+ [Tool to manipulate fat objects and archives on Mac OS X])
+ _LT_DECL([], [OTOOL], [1],
+ [ldd/readelf like tool for Mach-O binaries on Mac OS X])
+ _LT_DECL([], [OTOOL64], [1],
+ [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
+
+ AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
+ [lt_cv_apple_cc_single_mod=no
+ if test -z "${LT_MULTI_MODULE}"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi])
+ AC_CACHE_CHECK([for -exported_symbols_list linker flag],
+ [lt_cv_ld_exported_symbols_list],
+ [lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+ [lt_cv_ld_exported_symbols_list=yes],
+ [lt_cv_ld_exported_symbols_list=no])
+ LDFLAGS="$save_LDFLAGS"
+ ])
+ case $host_os in
+ rhapsody* | darwin1.[[012]])
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ 10.[[012]]*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ 10.*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+ _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ if test "$DSYMUTIL" != ":"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+])
+
+
+# _LT_DARWIN_LINKER_FEATURES
+# --------------------------
+# Checks for linker and compiler features on darwin
+m4_defun([_LT_DARWIN_LINKER_FEATURES],
+[
+ m4_require([_LT_REQUIRED_DARWIN_CHECKS])
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+ m4_if([$1], [CXX],
+[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+ fi
+],[])
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+])
+
+# _LT_SYS_MODULE_PATH_AIX
+# -----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+m4_defun([_LT_SYS_MODULE_PATH_AIX],
+[m4_require([_LT_DECL_SED])dnl
+AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_SYS_MODULE_PATH_AIX
+
+
+# _LT_SHELL_INIT(ARG)
+# -------------------
+m4_define([_LT_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+ [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+ [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_SHELL_INIT
+
+
+# _LT_PROG_ECHO_BACKSLASH
+# -----------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+m4_defun([_LT_PROG_ECHO_BACKSLASH],
+[_LT_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+ ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X[$]1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<_LT_EOF
+[$]*
+_LT_EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+ if test "X${echo_test_string+set}" != Xset; then
+ # find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+ { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+ then
+ break
+ fi
+ done
+ fi
+
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+ else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$ECHO" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ ECHO='print -r'
+ elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+ else
+ # Try using printf.
+ ECHO='printf %s\n'
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+ if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "[$]0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ ECHO=echo
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+ lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(lt_ECHO)
+])
+_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
+_LT_DECL([], [ECHO], [1],
+ [An echo program that does not interpret backslashes])
+])# _LT_PROG_ECHO_BACKSLASH
+
+
+# _LT_ENABLE_LOCK
+# ---------------
+m4_defun([_LT_ENABLE_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+ [AS_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+ [AC_LANG_PUSH(C)
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+ AC_LANG_POP])
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks="$enable_libtool_lock"
+])# _LT_ENABLE_LOCK
+
+
+# _LT_CMD_OLD_ARCHIVE
+# -------------------
+m4_defun([_LT_CMD_OLD_ARCHIVE],
+[AC_CHECK_TOOL(AR, ar, false)
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+_LT_DECL([], [AR], [1], [The archiver])
+_LT_DECL([], [AR_FLAGS], [1])
+
+AC_CHECK_TOOL(STRIP, strip, :)
+test -z "$STRIP" && STRIP=:
+_LT_DECL([], [STRIP], [1], [A symbol stripping program])
+
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+test -z "$RANLIB" && RANLIB=:
+_LT_DECL([], [RANLIB], [1],
+ [Commands used to install an old-style archive])
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+_LT_DECL([], [old_postinstall_cmds], [2])
+_LT_DECL([], [old_postuninstall_cmds], [2])
+_LT_TAGDECL([], [old_archive_cmds], [2],
+ [Commands used to build an old-style archive])
+])# _LT_CMD_OLD_ARCHIVE
+
+
+# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([_LT_COMPILER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$3"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ fi
+ $RM conftest*
+])
+
+if test x"[$]$2" = xyes; then
+ m4_if([$5], , :, [$5])
+else
+ m4_if([$6], , :, [$6])
+fi
+])# _LT_COMPILER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
+
+
+# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------
+# Check whether the given linker option works
+AC_DEFUN([_LT_LINKER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $3"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&AS_MESSAGE_LOG_FD
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ else
+ $2=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+ m4_if([$4], , :, [$4])
+else
+ m4_if([$5], , :, [$5])
+fi
+])# _LT_LINKER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
+
+
+# LT_CMD_MAX_LEN
+#---------------
+AC_DEFUN([LT_CMD_MAX_LEN],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8 ; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+ = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+ AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+ AC_MSG_RESULT(none)
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+_LT_DECL([], [max_cmd_len], [0],
+ [What is the maximum length of a command?])
+])# LT_CMD_MAX_LEN
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
+
+
+# _LT_HEADER_DLFCN
+# ----------------
+m4_defun([_LT_HEADER_DLFCN],
+[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
+])# _LT_HEADER_DLFCN
+
+
+# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ----------------------------------------------------------------
+m4_defun([_LT_TRY_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+ [$4]
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}]
+_LT_EOF
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) $1 ;;
+ x$lt_dlneed_uscore) $2 ;;
+ x$lt_dlunknown|x*) $3 ;;
+ esac
+ else :
+ # compilation failed
+ $3
+ fi
+fi
+rm -fr conftest*
+])# _LT_TRY_DLOPEN_SELF
+
+
+# LT_SYS_DLOPEN_SELF
+# ------------------
+AC_DEFUN([LT_SYS_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ])
+ ;;
+
+ *)
+ AC_CHECK_FUNC([shl_load],
+ [lt_cv_dlopen="shl_load"],
+ [AC_CHECK_LIB([dld], [shl_load],
+ [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"],
+ [AC_CHECK_FUNC([dlopen],
+ [lt_cv_dlopen="dlopen"],
+ [AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+ [AC_CHECK_LIB([svld], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+ [AC_CHECK_LIB([dld], [dld_link],
+ [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"])
+ ])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ AC_CACHE_CHECK([whether a program can dlopen itself],
+ lt_cv_dlopen_self, [dnl
+ _LT_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+ lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+ ])
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+ lt_cv_dlopen_self_static, [dnl
+ _LT_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+ lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
+ ])
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+_LT_DECL([dlopen_support], [enable_dlopen], [0],
+ [Whether dlopen is supported])
+_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
+ [Whether dlopen of programs is supported])
+_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
+ [Whether dlopen of statically linked programs is supported])
+])# LT_SYS_DLOPEN_SELF
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
+
+
+# _LT_COMPILER_C_O([TAGNAME])
+# ---------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler.
+# This macro does not hard code the compiler like AC_PROG_CC_C_O.
+m4_defun([_LT_COMPILER_C_O],
+[m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+ [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+ [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+ fi
+ fi
+ chmod u+w . 2>&AS_MESSAGE_LOG_FD
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+])
+_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
+ [Does compiler simultaneously support -c and -o options?])
+])# _LT_COMPILER_C_O
+
+
+# _LT_COMPILER_FILE_LOCKS([TAGNAME])
+# ----------------------------------
+# Check to see if we can do hard links to lock some files if needed
+m4_defun([_LT_COMPILER_FILE_LOCKS],
+[m4_require([_LT_ENABLE_LOCK])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_COMPILER_C_O([$1])
+
+hard_links="nottested"
+if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ AC_MSG_CHECKING([if we can lock with hard links])
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ AC_MSG_RESULT([$hard_links])
+ if test "$hard_links" = no; then
+ AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
+])# _LT_COMPILER_FILE_LOCKS
+
+
+# _LT_CHECK_OBJDIR
+# ----------------
+m4_defun([_LT_CHECK_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+_LT_DECL([], [objdir], [0],
+ [The name of the directory that contains temporary libtool files])dnl
+m4_pattern_allow([LT_OBJDIR])dnl
+AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/",
+ [Define to the sub-directory in which libtool stores uninstalled libraries.])
+])# _LT_CHECK_OBJDIR
+
+
+# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
+# --------------------------------------
+# Check hardcoding attributes.
+m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
+ test -n "$_LT_TAGVAR(runpath_var, $1)" ||
+ test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$_LT_TAGVAR(hardcode_direct, $1)" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+ test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then
+ # Linking always hardcodes the temporary library directory.
+ _LT_TAGVAR(hardcode_action, $1)=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ _LT_TAGVAR(hardcode_action, $1)=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ _LT_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_TAGVAR(hardcode_action, $1)" = relink ||
+ test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+_LT_TAGDECL([], [hardcode_action], [0],
+ [How to hardcode a shared library path into an executable])
+])# _LT_LINKER_HARDCODE_LIBPATH
+
+
+# _LT_CMD_STRIPLIB
+# ----------------
+m4_defun([_LT_CMD_STRIPLIB],
+[m4_require([_LT_DECL_EGREP])
+striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ ;;
+ *)
+ AC_MSG_RESULT([no])
+ ;;
+ esac
+fi
+_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
+_LT_DECL([], [striplib], [1])
+])# _LT_CMD_STRIPLIB
+
+
+# _LT_SYS_DYNAMIC_LINKER([TAG])
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+m4_defun([_LT_SYS_DYNAMIC_LINKER],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_OBJDUMP])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_MSG_CHECKING([dynamic linker characteristics])
+m4_if([$1],
+ [], [
+if test "$GCC" = yes; then
+ case $host_os in
+ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+ *) lt_awk_arg="/^libraries:/" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary.
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+ else
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+ lt_foo="";
+ lt_count=0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo="/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[[lt_foo]]++; }
+ if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
+}'`
+ sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[[4-9]]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[[01]] | aix4.[[01]].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[[45]]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+m4_if([$1], [],[
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[[123]]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
+ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[[3-9]]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
+ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+ [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
+ [shlibpath_overrides_runpath=yes])])
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[[89]] | openbsd2.[[89]].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+_LT_DECL([], [variables_saved_for_relink], [1],
+ [Variables whose values should be saved in libtool wrapper scripts and
+ restored at link time])
+_LT_DECL([], [need_lib_prefix], [0],
+ [Do we need the "lib" prefix for modules?])
+_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
+_LT_DECL([], [version_type], [0], [Library versioning type])
+_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable])
+_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
+_LT_DECL([], [shlibpath_overrides_runpath], [0],
+ [Is shlibpath searched before the hard-coded library search path?])
+_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
+_LT_DECL([], [library_names_spec], [1],
+ [[List of archive names. First name is the real one, the rest are links.
+ The last name is the one that the linker finds with -lNAME]])
+_LT_DECL([], [soname_spec], [1],
+ [[The coded name of the library, if different from the real name]])
+_LT_DECL([], [postinstall_cmds], [2],
+ [Command to use after installation of a shared archive])
+_LT_DECL([], [postuninstall_cmds], [2],
+ [Command to use after uninstallation of a shared archive])
+_LT_DECL([], [finish_cmds], [2],
+ [Commands used to finish a libtool library installation in a directory])
+_LT_DECL([], [finish_eval], [1],
+ [[As "finish_cmds", except a single script fragment to be evaled but
+ not shown]])
+_LT_DECL([], [hardcode_into_libs], [0],
+ [Whether we should hardcode library paths into libraries])
+_LT_DECL([], [sys_lib_search_path_spec], [2],
+ [Compile-time system search path for libraries])
+_LT_DECL([], [sys_lib_dlsearch_path_spec], [2],
+ [Run-time system search path for libraries])
+])# _LT_SYS_DYNAMIC_LINKER
+
+
+# _LT_PATH_TOOL_PREFIX(TOOL)
+# --------------------------
+# find a file program which can recognize shared library
+AC_DEFUN([_LT_PATH_TOOL_PREFIX],
+[m4_require([_LT_DECL_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] | ?:[\\/]*])
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word. This closes a longstanding sh security hole.
+ ac_dummy="m4_if([$2], , $PATH, [$2])"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$1; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ AC_MSG_RESULT($MAGIC_CMD)
+else
+ AC_MSG_RESULT(no)
+fi
+_LT_DECL([], [MAGIC_CMD], [0],
+ [Used to examine libraries when file_magic_cmd begins with "file"])dnl
+])# _LT_PATH_TOOL_PREFIX
+
+# Old name:
+AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
+
+
+# _LT_PATH_MAGIC
+# --------------
+# find a file program which can recognize a shared library
+m4_defun([_LT_PATH_MAGIC],
+[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+ else
+ MAGIC_CMD=:
+ fi
+fi
+])# _LT_PATH_MAGIC
+
+
+# LT_PATH_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([LT_PATH_LD],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_ARG_WITH([gnu-ld],
+ [AS_HELP_STRING([--with-gnu-ld],
+ [assume the C compiler uses GNU ld @<:@default=no@:>@])],
+ [test "$withval" = no || with_gnu_ld=yes],
+ [with_gnu_ld=no])dnl
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by $CC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]]* | ?:[[\\/]]*)
+ re_direlt='/[[^/]][[^/]]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+_LT_PATH_LD_GNU
+AC_SUBST([LD])
+
+_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
+])# LT_PATH_LD
+
+# Old names:
+AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
+AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_LD], [])
+dnl AC_DEFUN([AC_PROG_LD], [])
+
+
+# _LT_PATH_LD_GNU
+#- --------------
+m4_defun([_LT_PATH_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# _LT_PATH_LD_GNU
+
+
+# _LT_CMD_RELOAD
+# --------------
+# find reload flag for linker
+# -- PORTME Some linkers may need a different reload flag.
+m4_defun([_LT_CMD_RELOAD],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+ lt_cv_ld_reload_flag,
+ [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+_LT_DECL([], [reload_flag], [1], [How to create reloadable object files])dnl
+_LT_DECL([], [reload_cmds], [2])dnl
+])# _LT_CMD_RELOAD
+
+
+# _LT_CHECK_MAGIC_METHOD
+# ----------------------
+# how to check for library dependencies
+# -- PORTME fill in with the dynamic library characteristics
+m4_defun([_LT_CHECK_MAGIC_METHOD],
+[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
+AC_CACHE_CHECK([how to recognize dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[[4-9]]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[[45]]*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[[3-9]]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+_LT_DECL([], [deplibs_check_method], [1],
+ [Method to check whether dependent libraries are shared objects])
+_LT_DECL([], [file_magic_cmd], [1],
+ [Command to use when deplibs_check_method == "file_magic"])
+])# _LT_CHECK_MAGIC_METHOD
+
+
+# LT_PATH_NM
+# ----------
+# find the pathname to a BSD- or MS-compatible name lister
+AC_DEFUN([LT_PATH_NM],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
+[if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ : ${lt_cv_path_NM=no}
+fi])
+if test "$lt_cv_path_NM" != "no"; then
+ NM="$lt_cv_path_NM"
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :)
+ AC_SUBST([DUMPBIN])
+ if test "$DUMPBIN" != ":"; then
+ NM="$DUMPBIN"
+ fi
+fi
+test -z "$NM" && NM=nm
+AC_SUBST([NM])
+_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
+
+AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
+ [lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD)
+ cat conftest.out >&AS_MESSAGE_LOG_FD
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*])
+])# LT_PATH_NM
+
+# Old names:
+AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
+AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_NM], [])
+dnl AC_DEFUN([AC_PROG_NM], [])
+
+
+# LT_LIB_M
+# --------
+# check for math library
+AC_DEFUN([LT_LIB_M],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+ # These system don't have libm, or don't need it
+ ;;
+*-ncr-sysv4.3*)
+ AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+ AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+ ;;
+*)
+ AC_CHECK_LIB(m, cos, LIBM="-lm")
+ ;;
+esac
+AC_SUBST([LIBM])
+])# LT_LIB_M
+
+# Old name:
+AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_CHECK_LIBM], [])
+
+
+# _LT_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------
+m4_defun([_LT_COMPILER_NO_RTTI],
+[m4_require([_LT_TAG_COMPILER])dnl
+
+_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+ _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+ lt_cv_prog_compiler_rtti_exceptions,
+ [-fno-rtti -fno-exceptions], [],
+ [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
+ [Compiler flag to turn off builtin functions])
+])# _LT_COMPILER_NO_RTTI
+
+
+# _LT_CMD_GLOBAL_SYMBOLS
+# ----------------------
+m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[[BCDT]]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[[ABCDGISTW]]'
+ ;;
+hpux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDEGRST]]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[[BCDEGRST]]'
+ ;;
+osf*)
+ symcode='[[BCDEGQRST]]'
+ ;;
+solaris*)
+ symcode='[[BDRT]]'
+ ;;
+sco3.2v5*)
+ symcode='[[DT]]'
+ ;;
+sysv4.2uw2*)
+ symcode='[[DT]]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[[ABDT]]'
+ ;;
+sysv4)
+ symcode='[[DFNSTU]]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function
+ # and D for any global variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK ['"\
+" {last_section=section; section=\$ 3};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+" s[1]~/^[@?]/{print s[1], s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx]"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if AC_TRY_EVAL(ac_compile); then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[[]] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ AC_MSG_RESULT(failed)
+else
+ AC_MSG_RESULT(ok)
+fi
+
+_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
+ [Take the output of nm and produce a listing of raw symbols and C names])
+_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
+ [Transform the output of nm in a proper C declaration])
+_LT_DECL([global_symbol_to_c_name_address],
+ [lt_cv_sys_global_symbol_to_c_name_address], [1],
+ [Transform the output of nm in a C name address pair])
+_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
+ [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
+ [Transform the output of nm in a C name address pair when lib prefix is needed])
+]) # _LT_CMD_GLOBAL_SYMBOLS
+
+
+# _LT_COMPILER_PIC([TAGNAME])
+# ---------------------------
+m4_defun([_LT_COMPILER_PIC],
+[m4_require([_LT_TAG_COMPILER])dnl
+_LT_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+m4_if([$1], [CXX], [
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | cygwin* | os2* | pw32* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ interix[[3-9]]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix[[4-9]]*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ if test "$host_cpu" != ia64; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ fi
+ ;;
+ aCC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ interix*)
+ # This is c89, which is MS Visual C++ (no shared libs)
+ # Anyone wants to do a port?
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ ecpc* )
+ # old Intel C++ for x86_64 which still supported -KPIC.
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ icpc* )
+ # Intel C++, used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ xlc* | xlC*)
+ # IBM XL 8.0 on PPC
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd* | netbsdelf*-gnu)
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ vxworks*)
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+],
+[
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[[3-9]]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC (with -KPIC) is the default.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ ccc*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All Alpha code is PIC.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ xl*)
+ # IBM XL C 8.0/Fortran 10.1 on PPC
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C 5.9
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ *Sun\ F*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All OSF/1 code is PIC.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ rdos*)
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ solaris*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ unicos*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+
+ uts4*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *)
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+])
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
+ ;;
+esac
+AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
+_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
+ [How to pass a linker flag through the compiler])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
+ [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
+ [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
+ [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
+ "" | " "*) ;;
+ *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+ esac],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
+ [Additional compiler flags for building library objects])
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
+_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
+ _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
+ $lt_tmp_static_flag,
+ [],
+ [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
+_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
+ [Compiler flag to prevent dynamic linking])
+])# _LT_COMPILER_PIC
+
+
+# _LT_LINKER_SHLIBS([TAGNAME])
+# ----------------------------
+# See if the linker supports building shared libraries.
+m4_defun([_LT_LINKER_SHLIBS],
+[AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+m4_if([$1], [CXX], [
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix[[4-9]]*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+ ;;
+ cygwin* | mingw* | cegcc*)
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ linux* | k*bsd*-gnu)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+ _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+], [
+ runpath_var=
+ _LT_TAGVAR(allow_undefined_flag, $1)=
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(archive_cmds, $1)=
+ _LT_TAGVAR(archive_expsym_cmds, $1)=
+ _LT_TAGVAR(compiler_needs_object, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ _LT_TAGVAR(hardcode_automatic, $1)=no
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ _LT_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_TAGVAR(inherit_rpath, $1)=no
+ _LT_TAGVAR(link_all_deplibs, $1)=unknown
+ _LT_TAGVAR(module_cmds, $1)=
+ _LT_TAGVAR(module_expsym_cmds, $1)=
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)=
+ _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+ _LT_TAGVAR(thread_safe_flag_spec, $1)=
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ _LT_TAGVAR(include_expsyms, $1)=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+dnl Note also adjust exclude_expsyms for C++ above.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ linux* | k*bsd*-gnu)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
+ esac
+
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[[3-9]]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)=''
+ ;;
+ m68k)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ interix[[3-9]]*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ tmp_diet=no
+ if test "$host_os" = linux-dietlibc; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test "$tmp_diet" = no
+ then
+ tmp_addflag=
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ tmp_sharedflag='--shared' ;;
+ xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(compiler_needs_object, $1)=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ xlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+
+ if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
+ runpath_var=
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ fi
+ ;;
+
+ aix[[4-9]]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_TAGVAR(archive_cmds, $1)=''
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)=''
+ ;;
+ m68k)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[[45]]*)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+ # FIXME: Should let the user specify the lib program.
+ _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
+ darwin* | rhapsody*)
+ _LT_DARWIN_LINKER_FEATURES($1)
+ ;;
+
+ dgux*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ freebsd1*)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ AC_LINK_IFELSE(int foo(void) {},
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+ )
+ LDFLAGS="$save_LDFLAGS"
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(inherit_rpath, $1)=yes
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ newsos6)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ else
+ case $host_os in
+ openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ os2*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ else
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ solaris*)
+ _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='${wl}'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ ;;
+ motorola)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4.3*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+
+ if test x$host_vendor = xsni; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+])
+AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
+
+_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
+_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
+_LT_DECL([], [extract_expsyms_cmds], [2],
+ [The commands to extract the exported symbol list from a shared archive])
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+ # Assume -lc should be added
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $_LT_TAGVAR(archive_cmds, $1) in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
+ pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
+ _LT_TAGVAR(allow_undefined_flag, $1)=
+ if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
+ then
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ else
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ fi
+ _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)])
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
+ [Whether or not to add -lc for building shared libraries])
+_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
+ [enable_shared_with_static_runtimes], [0],
+ [Whether or not to disallow shared libs when runtime libs are static])
+_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
+ [Compiler flag to allow reflexive dlopens])
+_LT_TAGDECL([], [whole_archive_flag_spec], [1],
+ [Compiler flag to generate shared objects directly from archives])
+_LT_TAGDECL([], [compiler_needs_object], [1],
+ [Whether the compiler copes with passing no objects directly])
+_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
+ [Create an old-style archive from a shared archive])
+_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
+ [Create a temporary old-style archive to link instead of a shared archive])
+_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
+_LT_TAGDECL([], [archive_expsym_cmds], [2])
+_LT_TAGDECL([], [module_cmds], [2],
+ [Commands used to build a loadable module if different from building
+ a shared archive.])
+_LT_TAGDECL([], [module_expsym_cmds], [2])
+_LT_TAGDECL([], [with_gnu_ld], [1],
+ [Whether we are building with GNU ld or not])
+_LT_TAGDECL([], [allow_undefined_flag], [1],
+ [Flag that allows shared libraries with undefined symbols to be built])
+_LT_TAGDECL([], [no_undefined_flag], [1],
+ [Flag that enforces no undefined symbols])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
+ [Flag to hardcode $libdir into a binary during linking.
+ This must work even if $libdir does not exist])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
+ [[If ld is used when linking, flag to hardcode $libdir into a binary
+ during linking. This must work even if $libdir does not exist]])
+_LT_TAGDECL([], [hardcode_libdir_separator], [1],
+ [Whether we need a single "-rpath" flag with a separated argument])
+_LT_TAGDECL([], [hardcode_direct], [0],
+ [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ DIR into the resulting binary])
+_LT_TAGDECL([], [hardcode_direct_absolute], [0],
+ [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ DIR into the resulting binary and the resulting library dependency is
+ "absolute", i.e impossible to change by setting ${shlibpath_var} if the
+ library is relocated])
+_LT_TAGDECL([], [hardcode_minus_L], [0],
+ [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+ into the resulting binary])
+_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
+ [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+ into the resulting binary])
+_LT_TAGDECL([], [hardcode_automatic], [0],
+ [Set to "yes" if building a shared library automatically hardcodes DIR
+ into the library and all subsequent libraries and executables linked
+ against it])
+_LT_TAGDECL([], [inherit_rpath], [0],
+ [Set to yes if linker adds runtime paths of dependent libraries
+ to runtime path list])
+_LT_TAGDECL([], [link_all_deplibs], [0],
+ [Whether libtool must link a program against all its dependency libraries])
+_LT_TAGDECL([], [fix_srcfile_path], [1],
+ [Fix the shell variable $srcfile for the compiler])
+_LT_TAGDECL([], [always_export_symbols], [0],
+ [Set to "yes" if exported symbols are required])
+_LT_TAGDECL([], [export_symbols_cmds], [2],
+ [The commands to list exported symbols])
+_LT_TAGDECL([], [exclude_expsyms], [1],
+ [Symbols that should not be listed in the preloaded symbols])
+_LT_TAGDECL([], [include_expsyms], [1],
+ [Symbols that must always be exported])
+_LT_TAGDECL([], [prelink_cmds], [2],
+ [Commands necessary for linking programs (against libraries) with templates])
+_LT_TAGDECL([], [file_list_spec], [1],
+ [Specify filename containing input files])
+dnl FIXME: Not yet implemented
+dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
+dnl [Compiler flag to generate thread safe objects])
+])# _LT_LINKER_SHLIBS
+
+
+# _LT_LANG_C_CONFIG([TAG])
+# ------------------------
+# Ensure that the configuration variables for a C compiler are suitably
+# defined. These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_C_CONFIG],
+[m4_require([_LT_DECL_EGREP])dnl
+lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+_LT_TAG_COMPILER
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+ LT_SYS_DLOPEN_SELF
+ _LT_CMD_STRIPLIB
+
+ # Report which library types will actually be built
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_CONFIG($1)
+fi
+AC_LANG_POP
+CC="$lt_save_CC"
+])# _LT_LANG_C_CONFIG
+
+
+# _LT_PROG_CXX
+# ------------
+# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++
+# compiler, we have our own version here.
+m4_defun([_LT_PROG_CXX],
+[
+pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes])
+AC_PROG_CXX
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_PROG_CXXCPP
+else
+ _lt_caught_CXX_error=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_CXX
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_CXX], [])
+
+
+# _LT_LANG_CXX_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a C++ compiler are suitably
+# defined. These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_CXX_CONFIG],
+[AC_REQUIRE([_LT_PROG_CXX])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_LANG_PUSH(C++)
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(compiler_needs_object, $1)=no
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_caught_CXX_error" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="int some_variable = 0;"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC=$CC
+ lt_save_LD=$LD
+ lt_save_GCC=$GCC
+ GCC=$GXX
+ lt_save_with_gnu_ld=$with_gnu_ld
+ lt_save_path_LD=$lt_cv_path_LD
+ if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+ else
+ $as_unset lt_cv_prog_gnu_ld
+ fi
+ if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+ else
+ $as_unset lt_cv_path_LD
+ fi
+ test -z "${LDCXX+set}" || LD=$LDCXX
+ CC=${CXX-"c++"}
+ compiler=$CC
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+
+ if test -n "$compiler"; then
+ # We don't want -fno-exception when compiling C++ code, so set the
+ # no_builtin_flag separately
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+ else
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+ fi
+
+ if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+ LT_PATH_LD
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+ $GREP 'no-whole-archive' > /dev/null; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+ fi
+
+ # PORTME: fill in a description of your system's C++ link characteristics
+ AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_TAGVAR(archive_cmds, $1)=''
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to
+ # export.
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty
+ # executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared
+ # libraries.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ _LT_DARWIN_LINKER_FEATURES($1)
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ freebsd[[12]]*)
+ # C++ shared libraries reported to be fairly broken before
+ # switch to ELF
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ freebsd-elf*)
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+
+ freebsd* | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+
+ gnu*)
+ ;;
+
+ hpux9*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ interix[[3-9]]*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+ fi
+ fi
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+ esac
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(inherit_rpath, $1)=yes
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc* | ecpc* )
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ case `$CC -V` in
+ *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*)
+ _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+ compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+ _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+ $RANLIB $oldlib'
+ _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ *) # Version 6 will use weak symbols
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ xl*)
+ # IBM XL 8.0 on PPC, with GNU ld
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(compiler_needs_object, $1)=yes
+
+ # Not sure whether something based on
+ # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+ # would be better.
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ m88k*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+
+ *nto* | *qnx*)
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd=echo
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ case $host in
+ osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
+ *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
+ esac
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ case $host in
+ osf3*)
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ ;;
+ *)
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+ $RM $lib.exp'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ case $host in
+ osf3*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ psos*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
+ _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+ ;;
+ esac
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+ if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ fi
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+
+ AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+ test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+ _LT_TAGVAR(GCC, $1)="$GXX"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_SYS_HIDDEN_LIBDEPS($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ CC=$lt_save_CC
+ LDCXX=$LD
+ LD=$lt_save_LD
+ GCC=$lt_save_GCC
+ with_gnu_ld=$lt_save_with_gnu_ld
+ lt_cv_path_LDCXX=$lt_cv_path_LD
+ lt_cv_path_LD=$lt_save_path_LD
+ lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+ lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test "$_lt_caught_CXX_error" != yes
+
+AC_LANG_POP
+])# _LT_LANG_CXX_CONFIG
+
+
+# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
+# ---------------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+# Dependencies to place before and after the object being linked:
+_LT_TAGVAR(predep_objects, $1)=
+_LT_TAGVAR(postdep_objects, $1)=
+_LT_TAGVAR(predeps, $1)=
+_LT_TAGVAR(postdeps, $1)=
+_LT_TAGVAR(compiler_lib_search_path, $1)=
+
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library. It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
+int a;
+void foo (void) { a = 0; }
+_LT_EOF
+], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+_LT_EOF
+], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
+ subroutine foo
+ implicit none
+ integer*4 a
+ a=0
+ return
+ end
+_LT_EOF
+], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
+ subroutine foo
+ implicit none
+ integer a
+ a=0
+ return
+ end
+_LT_EOF
+], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
+public class foo {
+ private int a;
+ public void bar (void) {
+ a = 0;
+ }
+};
+_LT_EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ for p in `eval "$output_verbose_link_cmd"`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" ||
+ test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
+ _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+ else
+ _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$_LT_TAGVAR(postdeps, $1)"; then
+ _LT_TAGVAR(postdeps, $1)="${prev}${p}"
+ else
+ _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
+ _LT_TAGVAR(predep_objects, $1)="$p"
+ else
+ _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
+ fi
+ else
+ if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
+ _LT_TAGVAR(postdep_objects, $1)="$p"
+ else
+ _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$RM -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+m4_if([$1], [CXX],
+[case $host_os in
+interix[[3-9]]*)
+ # Interix 3.5 installs completely hosed .la files for C++, so rather than
+ # hack all around it, let's just trust "g++" to DTRT.
+ _LT_TAGVAR(predep_objects,$1)=
+ _LT_TAGVAR(postdep_objects,$1)=
+ _LT_TAGVAR(postdeps,$1)=
+ ;;
+
+linux*)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ if test "$solaris_use_stlport4" != yes; then
+ _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+
+solaris*)
+ case $cc_basename in
+ CC*)
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ if test "$solaris_use_stlport4" != yes; then
+ _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+esac
+])
+
+case " $_LT_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=
+if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
+ [The directories searched by this compiler when creating a shared library])
+_LT_TAGDECL([], [predep_objects], [1],
+ [Dependencies to place before and after the objects being linked to
+ create a shared library])
+_LT_TAGDECL([], [postdep_objects], [1])
+_LT_TAGDECL([], [predeps], [1])
+_LT_TAGDECL([], [postdeps], [1])
+_LT_TAGDECL([], [compiler_lib_search_path], [1],
+ [The library search path used internally by the compiler when linking
+ a shared library])
+])# _LT_SYS_HIDDEN_LIBDEPS
+
+
+# _LT_PROG_F77
+# ------------
+# Since AC_PROG_F77 is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_F77],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes])
+AC_PROG_F77
+if test -z "$F77" || test "X$F77" = "Xno"; then
+ _lt_disable_F77=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_F77
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_F77], [])
+
+
+# _LT_LANG_F77_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a Fortran 77 compiler are
+# suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_F77_CONFIG],
+[AC_REQUIRE([_LT_PROG_F77])dnl
+AC_LANG_PUSH(Fortran 77)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the F77 compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_F77" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="\
+ subroutine t
+ return
+ end
+"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code="\
+ program t
+ end
+"
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC="$CC"
+ lt_save_GCC=$GCC
+ CC=${F77-"f77"}
+ compiler=$CC
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+ GCC=$G77
+ if test -n "$compiler"; then
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_TAGVAR(GCC, $1)="$G77"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ GCC=$lt_save_GCC
+ CC="$lt_save_CC"
+fi # test "$_lt_disable_F77" != yes
+
+AC_LANG_POP
+])# _LT_LANG_F77_CONFIG
+
+
+# _LT_PROG_FC
+# -----------
+# Since AC_PROG_FC is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_FC],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes])
+AC_PROG_FC
+if test -z "$FC" || test "X$FC" = "Xno"; then
+ _lt_disable_FC=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_FC
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_FC], [])
+
+
+# _LT_LANG_FC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for a Fortran compiler are
+# suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_FC_CONFIG],
+[AC_REQUIRE([_LT_PROG_FC])dnl
+AC_LANG_PUSH(Fortran)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for fc test sources.
+ac_ext=${ac_fc_srcext-f}
+
+# Object file extension for compiled fc test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the FC compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_FC" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="\
+ subroutine t
+ return
+ end
+"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code="\
+ program t
+ end
+"
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC="$CC"
+ lt_save_GCC=$GCC
+ CC=${FC-"f95"}
+ compiler=$CC
+ GCC=$ac_cv_fc_compiler_gnu
+
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+
+ if test -n "$compiler"; then
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_SYS_HIDDEN_LIBDEPS($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ GCC=$lt_save_GCC
+ CC="$lt_save_CC"
+fi # test "$_lt_disable_FC" != yes
+
+AC_LANG_POP
+])# _LT_LANG_FC_CONFIG
+
+
+# _LT_LANG_GCJ_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Java Compiler compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_GCJ_CONFIG],
+[AC_REQUIRE([LT_PROG_GCJ])dnl
+AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)="$LD"
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC="$lt_save_CC"
+])# _LT_LANG_GCJ_CONFIG
+
+
+# _LT_LANG_RC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for the Windows resource compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_RC_CONFIG],
+[AC_REQUIRE([LT_PROG_RC])dnl
+AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=
+CC=${RC-"windres"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+if test -n "$compiler"; then
+ :
+ _LT_CONFIG($1)
+fi
+
+GCC=$lt_save_GCC
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# _LT_LANG_RC_CONFIG
+
+
+# LT_PROG_GCJ
+# -----------
+AC_DEFUN([LT_PROG_GCJ],
+[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
+ [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
+ [AC_CHECK_TOOL(GCJ, gcj,)
+ test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+ AC_SUBST(GCJFLAGS)])])[]dnl
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+
+
+# LT_PROG_RC
+# ----------
+AC_DEFUN([LT_PROG_RC],
+[AC_CHECK_TOOL(RC, windres,)
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_RC], [])
+
+
+# _LT_DECL_EGREP
+# --------------
+# If we don't have a new enough Autoconf to choose the best grep
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_EGREP],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_REQUIRE([AC_PROG_FGREP])dnl
+test -z "$GREP" && GREP=grep
+_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
+_LT_DECL([], [EGREP], [1], [An ERE matcher])
+_LT_DECL([], [FGREP], [1], [A literal string matcher])
+dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
+AC_SUBST([GREP])
+])
+
+
+# _LT_DECL_OBJDUMP
+# --------------
+# If we don't have a new enough Autoconf to choose the best objdump
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_OBJDUMP],
+[AC_CHECK_TOOL(OBJDUMP, objdump, false)
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
+AC_SUBST([OBJDUMP])
+])
+
+
+# _LT_DECL_SED
+# ------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible. Prefer GNU sed if found.
+m4_defun([_LT_DECL_SED],
+[AC_PROG_SED
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
+_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
+ [Sed that helps us avoid accidentally triggering echo(1) options like -n])
+])# _LT_DECL_SED
+
+m4_ifndef([AC_PROG_SED], [
+############################################################
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_SED. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+############################################################
+
+m4_defun([AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+IFS=$as_save_IFS
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+])
+SED=$lt_cv_path_SED
+AC_SUBST([SED])
+AC_MSG_RESULT([$SED])
+])#AC_PROG_SED
+])#m4_ifndef
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_SED], [])
+
+
+# _LT_CHECK_SHELL_FEATURES
+# ------------------------
+# Find out whether the shell is Bourne or XSI compatible,
+# or has some other useful features.
+m4_defun([_LT_CHECK_SHELL_FEATURES],
+[AC_MSG_CHECKING([whether the shell understands some XSI constructs])
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+ test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,, \
+ && eval 'test $(( 1 + 1 )) -eq 2 \
+ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+ && xsi_shell=yes
+AC_MSG_RESULT([$xsi_shell])
+_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell'])
+
+AC_MSG_CHECKING([whether the shell understands "+="])
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \
+ >/dev/null 2>&1 \
+ && lt_shell_append=yes
+AC_MSG_RESULT([$lt_shell_append])
+_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append'])
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
+_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
+])# _LT_CHECK_SHELL_FEATURES
+
+
+# _LT_PROG_XSI_SHELLFNS
+# ---------------------
+# Bourne and XSI compatible variants of some useful shell functions.
+m4_defun([_LT_PROG_XSI_SHELLFNS],
+[case $xsi_shell in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=${1%%=*}
+ func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=$(( $[*] ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=${#1}
+}
+
+_LT_EOF
+ ;;
+ *) # Bourne compatible functions.
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+dnl func_dirname_and_basename
+dnl A portable version of this function is already defined in general.m4sh
+dnl so there is no need for it here.
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+ esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[[^=]]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+ func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "$[@]"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$[1]+=\$[2]"
+}
+_LT_EOF
+ ;;
+ *)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$[1]=\$$[1]\$[2]"
+}
+
+_LT_EOF
+ ;;
+ esac
+])
--- /dev/null
+# longlong.m4 serial 13
+dnl Copyright (C) 1999-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_LONG_LONG_INT if 'long long int' works.
+# This fixes a bug in Autoconf 2.61, but can be removed once we
+# assume 2.62 everywhere.
+
+# Note: If the type 'long long int' exists but is only 32 bits large
+# (as on some very old compilers), HAVE_LONG_LONG_INT will not be
+# defined. In this case you can treat 'long long int' like 'long int'.
+
+AC_DEFUN([AC_TYPE_LONG_LONG_INT],
+[
+ AC_CACHE_CHECK([for long long int], [ac_cv_type_long_long_int],
+ [AC_LINK_IFELSE(
+ [_AC_TYPE_LONG_LONG_SNIPPET],
+ [dnl This catches a bug in Tandem NonStop Kernel (OSS) cc -O circa 2004.
+ dnl If cross compiling, assume the bug isn't important, since
+ dnl nobody cross compiles for this platform as far as we know.
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[@%:@include <limits.h>
+ @%:@ifndef LLONG_MAX
+ @%:@ define HALF \
+ (1LL << (sizeof (long long int) * CHAR_BIT - 2))
+ @%:@ define LLONG_MAX (HALF - 1 + HALF)
+ @%:@endif]],
+ [[long long int n = 1;
+ int i;
+ for (i = 0; ; i++)
+ {
+ long long int m = n << i;
+ if (m >> i != n)
+ return 1;
+ if (LLONG_MAX / 2 < m)
+ break;
+ }
+ return 0;]])],
+ [ac_cv_type_long_long_int=yes],
+ [ac_cv_type_long_long_int=no],
+ [ac_cv_type_long_long_int=yes])],
+ [ac_cv_type_long_long_int=no])])
+ if test $ac_cv_type_long_long_int = yes; then
+ AC_DEFINE([HAVE_LONG_LONG_INT], 1,
+ [Define to 1 if the system has the type `long long int'.])
+ fi
+])
+
+# Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works.
+# This fixes a bug in Autoconf 2.61, but can be removed once we
+# assume 2.62 everywhere.
+
+# Note: If the type 'unsigned long long int' exists but is only 32 bits
+# large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT
+# will not be defined. In this case you can treat 'unsigned long long int'
+# like 'unsigned long int'.
+
+AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT],
+[
+ AC_CACHE_CHECK([for unsigned long long int],
+ [ac_cv_type_unsigned_long_long_int],
+ [AC_LINK_IFELSE(
+ [_AC_TYPE_LONG_LONG_SNIPPET],
+ [ac_cv_type_unsigned_long_long_int=yes],
+ [ac_cv_type_unsigned_long_long_int=no])])
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+ AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], 1,
+ [Define to 1 if the system has the type `unsigned long long int'.])
+ fi
+])
+
+# Expands to a C program that can be used to test for simultaneous support
+# of 'long long' and 'unsigned long long'. We don't want to say that
+# 'long long' is available if 'unsigned long long' is not, or vice versa,
+# because too many programs rely on the symmetry between signed and unsigned
+# integer types (excluding 'bool').
+AC_DEFUN([_AC_TYPE_LONG_LONG_SNIPPET],
+[
+ AC_LANG_PROGRAM(
+ [[/* Test preprocessor. */
+ #if ! (-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ error in preprocessor;
+ #endif
+ #if ! (18446744073709551615ULL <= -1ull)
+ error in preprocessor;
+ #endif
+ /* Test literals. */
+ long long int ll = 9223372036854775807ll;
+ long long int nll = -9223372036854775807LL;
+ unsigned long long int ull = 18446744073709551615ULL;
+ /* Test constant expressions. */
+ typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll)
+ ? 1 : -1)];
+ typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;]],
+ [[/* Test availability of runtime routines for shift and division. */
+ long long int llmax = 9223372036854775807ll;
+ unsigned long long int ullmax = 18446744073709551615ull;
+ return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i)
+ | (llmax / ll) | (llmax % ll)
+ | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i)
+ | (ullmax / ull) | (ullmax % ull));]])
+])
--- /dev/null
+# Helper functions for option handling. -*- Autoconf -*-
+#
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltoptions.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
+
+
+# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
+# ------------------------------------------
+m4_define([_LT_MANGLE_OPTION],
+[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
+
+
+# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
+# ---------------------------------------
+# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
+# matching handler defined, dispatch to it. Other OPTION-NAMEs are
+# saved as a flag.
+m4_define([_LT_SET_OPTION],
+[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
+m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
+ _LT_MANGLE_DEFUN([$1], [$2]),
+ [m4_warning([Unknown $1 option `$2'])])[]dnl
+])
+
+
+# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
+# ------------------------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+m4_define([_LT_IF_OPTION],
+[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
+
+
+# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
+# -------------------------------------------------------
+# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
+# are set.
+m4_define([_LT_UNLESS_OPTIONS],
+[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+ [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
+ [m4_define([$0_found])])])[]dnl
+m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
+])[]dnl
+])
+
+
+# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
+# ----------------------------------------
+# OPTION-LIST is a space-separated list of Libtool options associated
+# with MACRO-NAME. If any OPTION has a matching handler declared with
+# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
+# the unknown option and exit.
+m4_defun([_LT_SET_OPTIONS],
+[# Set options
+m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+ [_LT_SET_OPTION([$1], _LT_Option)])
+
+m4_if([$1],[LT_INIT],[
+ dnl
+ dnl Simply set some default values (i.e off) if boolean options were not
+ dnl specified:
+ _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
+ ])
+ _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
+ ])
+ dnl
+ dnl If no reference was made to various pairs of opposing options, then
+ dnl we run the default mode handler for the pair. For example, if neither
+ dnl `shared' nor `disable-shared' was passed, we enable building of shared
+ dnl archives by default:
+ _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
+ _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
+ _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
+ _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
+ [_LT_ENABLE_FAST_INSTALL])
+ ])
+])# _LT_SET_OPTIONS
+
+
+## --------------------------------- ##
+## Macros to handle LT_INIT options. ##
+## --------------------------------- ##
+
+# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
+# -----------------------------------------
+m4_define([_LT_MANGLE_DEFUN],
+[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
+
+
+# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
+# -----------------------------------------------
+m4_define([LT_OPTION_DEFINE],
+[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
+])# LT_OPTION_DEFINE
+
+
+# dlopen
+# ------
+LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
+])
+
+AU_DEFUN([AC_LIBTOOL_DLOPEN],
+[_LT_SET_OPTION([LT_INIT], [dlopen])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `dlopen' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
+
+
+# win32-dll
+# ---------
+# Declare package support for building win32 dll's.
+LT_OPTION_DEFINE([LT_INIT], [win32-dll],
+[enable_win32_dll=yes
+
+case $host in
+*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*)
+ AC_CHECK_TOOL(AS, as, false)
+ AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+ AC_CHECK_TOOL(OBJDUMP, objdump, false)
+ ;;
+esac
+
+test -z "$AS" && AS=as
+_LT_DECL([], [AS], [0], [Assembler program])dnl
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl
+])# win32-dll
+
+AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+_LT_SET_OPTION([LT_INIT], [win32-dll])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `win32-dll' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
+
+
+# _LT_ENABLE_SHARED([DEFAULT])
+# ----------------------------
+# implement the --enable-shared flag, and supports the `shared' and
+# `disable-shared' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_SHARED],
+[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([shared],
+ [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+ [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
+
+ _LT_DECL([build_libtool_libs], [enable_shared], [0],
+ [Whether or not to build shared libraries])
+])# _LT_ENABLE_SHARED
+
+LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
+])
+
+AC_DEFUN([AC_DISABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], [disable-shared])
+])
+
+AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_SHARED], [])
+dnl AC_DEFUN([AM_DISABLE_SHARED], [])
+
+
+
+# _LT_ENABLE_STATIC([DEFAULT])
+# ----------------------------
+# implement the --enable-static flag, and support the `static' and
+# `disable-static' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_STATIC],
+[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([static],
+ [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+ [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
+
+ _LT_DECL([build_old_libs], [enable_static], [0],
+ [Whether or not to build static libraries])
+])# _LT_ENABLE_STATIC
+
+LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
+])
+
+AC_DEFUN([AC_DISABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], [disable-static])
+])
+
+AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_STATIC], [])
+dnl AC_DEFUN([AM_DISABLE_STATIC], [])
+
+
+
+# _LT_ENABLE_FAST_INSTALL([DEFAULT])
+# ----------------------------------
+# implement the --enable-fast-install flag, and support the `fast-install'
+# and `disable-fast-install' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_FAST_INSTALL],
+[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([fast-install],
+ [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+ [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
+
+_LT_DECL([fast_install], [enable_fast_install], [0],
+ [Whether or not to optimize for fast installation])dnl
+])# _LT_ENABLE_FAST_INSTALL
+
+LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
+
+# Old names:
+AU_DEFUN([AC_ENABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `fast-install' option into LT_INIT's first parameter.])
+])
+
+AU_DEFUN([AC_DISABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `disable-fast-install' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
+dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
+
+
+# _LT_WITH_PIC([MODE])
+# --------------------
+# implement the --with-pic flag, and support the `pic-only' and `no-pic'
+# LT_INIT options.
+# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
+m4_define([_LT_WITH_PIC],
+[AC_ARG_WITH([pic],
+ [AS_HELP_STRING([--with-pic],
+ [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+ [pic_mode="$withval"],
+ [pic_mode=default])
+
+test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
+
+_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
+])# _LT_WITH_PIC
+
+LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
+
+# Old name:
+AU_DEFUN([AC_LIBTOOL_PICMODE],
+[_LT_SET_OPTION([LT_INIT], [pic-only])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `pic-only' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
+
+## ----------------- ##
+## LTDL_INIT Options ##
+## ----------------- ##
+
+m4_define([_LTDL_MODE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
+ [m4_define([_LTDL_MODE], [nonrecursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [recursive],
+ [m4_define([_LTDL_MODE], [recursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [subproject],
+ [m4_define([_LTDL_MODE], [subproject])])
+
+m4_define([_LTDL_TYPE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [installable],
+ [m4_define([_LTDL_TYPE], [installable])])
+LT_OPTION_DEFINE([LTDL_INIT], [convenience],
+ [m4_define([_LTDL_TYPE], [convenience])])
--- /dev/null
+# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
+#
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltsugar.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
+
+
+# lt_join(SEP, ARG1, [ARG2...])
+# -----------------------------
+# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
+# associated separator.
+# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
+# versions in m4sugar had bugs.
+m4_define([lt_join],
+[m4_if([$#], [1], [],
+ [$#], [2], [[$2]],
+ [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
+m4_define([_lt_join],
+[m4_if([$#$2], [2], [],
+ [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
+
+
+# lt_car(LIST)
+# lt_cdr(LIST)
+# ------------
+# Manipulate m4 lists.
+# These macros are necessary as long as will still need to support
+# Autoconf-2.59 which quotes differently.
+m4_define([lt_car], [[$1]])
+m4_define([lt_cdr],
+[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
+ [$#], 1, [],
+ [m4_dquote(m4_shift($@))])])
+m4_define([lt_unquote], $1)
+
+
+# lt_append(MACRO-NAME, STRING, [SEPARATOR])
+# ------------------------------------------
+# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
+# Note that neither SEPARATOR nor STRING are expanded; they are appended
+# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
+# No SEPARATOR is output if MACRO-NAME was previously undefined (different
+# than defined and empty).
+#
+# This macro is needed until we can rely on Autoconf 2.62, since earlier
+# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
+m4_define([lt_append],
+[m4_define([$1],
+ m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
+
+
+
+# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
+# ----------------------------------------------------------
+# Produce a SEP delimited list of all paired combinations of elements of
+# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
+# has the form PREFIXmINFIXSUFFIXn.
+# Needed until we can rely on m4_combine added in Autoconf 2.62.
+m4_define([lt_combine],
+[m4_if(m4_eval([$# > 3]), [1],
+ [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
+[[m4_foreach([_Lt_prefix], [$2],
+ [m4_foreach([_Lt_suffix],
+ ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
+ [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
+
+
+# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
+# -----------------------------------------------------------------------
+# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
+# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
+m4_define([lt_if_append_uniq],
+[m4_ifdef([$1],
+ [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
+ [lt_append([$1], [$2], [$3])$4],
+ [$5])],
+ [lt_append([$1], [$2], [$3])$4])])
+
+
+# lt_dict_add(DICT, KEY, VALUE)
+# -----------------------------
+m4_define([lt_dict_add],
+[m4_define([$1($2)], [$3])])
+
+
+# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
+# --------------------------------------------
+m4_define([lt_dict_add_subkey],
+[m4_define([$1($2:$3)], [$4])])
+
+
+# lt_dict_fetch(DICT, KEY, [SUBKEY])
+# ----------------------------------
+m4_define([lt_dict_fetch],
+[m4_ifval([$3],
+ m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
+ m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
+
+
+# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
+# -----------------------------------------------------------------
+m4_define([lt_if_dict_fetch],
+[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
+ [$5],
+ [$6])])
+
+
+# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
+# --------------------------------------------------------------
+m4_define([lt_dict_filter],
+[m4_if([$5], [], [],
+ [lt_join(m4_quote(m4_default([$4], [[, ]])),
+ lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
+ [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
+])
--- /dev/null
+# ltversion.m4 -- version numbers -*- Autoconf -*-
+#
+# Copyright (C) 2004 Free Software Foundation, Inc.
+# Written by Scott James Remnant, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# Generated from ltversion.in.
+
+# serial 3017 ltversion.m4
+# This file is part of GNU Libtool
+
+m4_define([LT_PACKAGE_VERSION], [2.2.6b])
+m4_define([LT_PACKAGE_REVISION], [1.3017])
+
+AC_DEFUN([LTVERSION_VERSION],
+[macro_version='2.2.6b'
+macro_revision='1.3017'
+_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
+_LT_DECL(, macro_revision, 0)
+])
--- /dev/null
+# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
+#
+# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
+# Written by Scott James Remnant, 2004.
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 4 lt~obsolete.m4
+
+# These exist entirely to fool aclocal when bootstrapping libtool.
+#
+# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
+# which have later been changed to m4_define as they aren't part of the
+# exported API, or moved to Autoconf or Automake where they belong.
+#
+# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
+# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
+# using a macro with the same name in our local m4/libtool.m4 it'll
+# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
+# and doesn't know about Autoconf macros at all.)
+#
+# So we provide this file, which has a silly filename so it's always
+# included after everything else. This provides aclocal with the
+# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
+# because those macros already exist, or will be overwritten later.
+# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
+#
+# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
+# Yes, that means every name once taken will need to remain here until
+# we give up compatibility with versions before 1.7, at which point
+# we need to keep only those names which we still refer to.
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
+
+m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
+m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
+m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
+m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
+m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
+m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
+m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
+m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
+m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
+m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
+m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
+m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
+m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
+m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
+m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
+m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
+m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
+m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
+m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
+m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
+m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
+m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
+m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
+m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
+m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
+m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
+m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
+m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
+m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
+m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
+m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
+m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
+m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
+m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
+m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
+m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
+m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
+m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
+m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])])
+m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
+m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
+m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
+m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
+m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
+m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
+m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
+m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
--- /dev/null
+# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
+#
+# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# PKG_PROG_PKG_CONFIG([MIN-VERSION])
+# ----------------------------------
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=m4_default([$1], [0.9.0])
+ AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ PKG_CONFIG=""
+ fi
+
+fi[]dnl
+])# PKG_PROG_PKG_CONFIG
+
+# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+#
+# Check to see whether a particular set of modules exists. Similar
+# to PKG_CHECK_MODULES(), but does not set variables or print errors.
+#
+#
+# Similar to PKG_CHECK_MODULES, make sure that the first instance of
+# this or PKG_CHECK_MODULES is called, or make sure to call
+# PKG_CHECK_EXISTS manually
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+ m4_ifval([$2], [$2], [:])
+m4_ifvaln([$3], [else
+ $3])dnl
+fi])
+
+
+# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+# ---------------------------------------------
+m4_define([_PKG_CONFIG],
+[if test -n "$PKG_CONFIG"; then
+ if test -n "$$1"; then
+ pkg_cv_[]$1="$$1"
+ else
+ PKG_CHECK_EXISTS([$3],
+ [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
+ [pkg_failed=yes])
+ fi
+else
+ pkg_failed=untried
+fi[]dnl
+])# _PKG_CONFIG
+
+# _PKG_SHORT_ERRORS_SUPPORTED
+# -----------------------------
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi[]dnl
+])# _PKG_SHORT_ERRORS_SUPPORTED
+
+
+# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+# [ACTION-IF-NOT-FOUND])
+#
+#
+# Note that if there is a possibility the first call to
+# PKG_CHECK_MODULES might not happen, you should be sure to include an
+# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+#
+#
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $1])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+ _PKG_SHORT_ERRORS_SUPPORTED
+ if test $_pkg_short_errors_supported = yes; then
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"`
+ else
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+ ifelse([$4], , [AC_MSG_ERROR(dnl
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT
+])],
+ [AC_MSG_RESULT([no])
+ $4])
+elif test $pkg_failed = untried; then
+ ifelse([$4], , [AC_MSG_FAILURE(dnl
+[The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])],
+ [$4])
+else
+ $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+ $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+ AC_MSG_RESULT([yes])
+ ifelse([$3], , :, [$3])
+fi[]dnl
+])# PKG_CHECK_MODULES
--- /dev/null
+# po.m4 serial 15 (gettext-0.17)
+dnl Copyright (C) 1995-2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+dnl
+dnl This file can can be used in projects which are not available under
+dnl the GNU General Public License or the GNU Library General Public
+dnl License but which still want to provide support for the GNU gettext
+dnl functionality.
+dnl Please note that the actual code of the GNU gettext library is covered
+dnl by the GNU Library General Public License, and the rest of the GNU
+dnl gettext package package is covered by the GNU General Public License.
+dnl They are *not* in the public domain.
+
+dnl Authors:
+dnl Ulrich Drepper <drepper@cygnus.com>, 1995-2000.
+dnl Bruno Haible <haible@clisp.cons.org>, 2000-2003.
+
+AC_PREREQ(2.50)
+
+dnl Checks for all prerequisites of the po subdirectory.
+AC_DEFUN([AM_PO_SUBDIRS],
+[
+ AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+ AC_REQUIRE([AC_PROG_INSTALL])dnl
+ AC_REQUIRE([AM_PROG_MKDIR_P])dnl defined by automake
+ AC_REQUIRE([AM_NLS])dnl
+
+ dnl Release version of the gettext macros. This is used to ensure that
+ dnl the gettext macros and po/Makefile.in.in are in sync.
+ AC_SUBST([GETTEXT_MACRO_VERSION], [0.17])
+
+ dnl Perform the following tests also if --disable-nls has been given,
+ dnl because they are needed for "make dist" to work.
+
+ dnl Search for GNU msgfmt in the PATH.
+ dnl The first test excludes Solaris msgfmt and early GNU msgfmt versions.
+ dnl The second test excludes FreeBSD msgfmt.
+ AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt,
+ [$ac_dir/$ac_word --statistics /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
+ (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
+ :)
+ AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT)
+
+ dnl Test whether it is GNU msgfmt >= 0.15.
+changequote(,)dnl
+ case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;;
+ *) MSGFMT_015=$MSGFMT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([MSGFMT_015])
+changequote(,)dnl
+ case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;;
+ *) GMSGFMT_015=$GMSGFMT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([GMSGFMT_015])
+
+ dnl Search for GNU xgettext 0.12 or newer in the PATH.
+ dnl The first test excludes Solaris xgettext and early GNU xgettext versions.
+ dnl The second test excludes FreeBSD xgettext.
+ AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext,
+ [$ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1 &&
+ (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi)],
+ :)
+ dnl Remove leftover from FreeBSD xgettext call.
+ rm -f messages.po
+
+ dnl Test whether it is GNU xgettext >= 0.15.
+changequote(,)dnl
+ case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in
+ '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;;
+ *) XGETTEXT_015=$XGETTEXT ;;
+ esac
+changequote([,])dnl
+ AC_SUBST([XGETTEXT_015])
+
+ dnl Search for GNU msgmerge 0.11 or newer in the PATH.
+ AM_PATH_PROG_WITH_TEST(MSGMERGE, msgmerge,
+ [$ac_dir/$ac_word --update -q /dev/null /dev/null >&]AS_MESSAGE_LOG_FD[ 2>&1], :)
+
+ dnl Installation directories.
+ dnl Autoconf >= 2.60 defines localedir. For older versions of autoconf, we
+ dnl have to define it here, so that it can be used in po/Makefile.
+ test -n "$localedir" || localedir='${datadir}/locale'
+ AC_SUBST([localedir])
+
+ dnl Support for AM_XGETTEXT_OPTION.
+ test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS=
+ AC_SUBST([XGETTEXT_EXTRA_OPTIONS])
+
+ AC_CONFIG_COMMANDS([po-directories], [[
+ for ac_file in $CONFIG_FILES; do
+ # Support "outfile[:infile[:infile...]]"
+ case "$ac_file" in
+ *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;;
+ esac
+ # PO directories have a Makefile.in generated from Makefile.in.in.
+ case "$ac_file" in */Makefile.in)
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+ # Treat a directory as a PO directory if and only if it has a
+ # POTFILES.in file. This allows packages to have multiple PO
+ # directories under different names or in different locations.
+ if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then
+ rm -f "$ac_dir/POTFILES"
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES"
+ cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES"
+ POMAKEFILEDEPS="POTFILES.in"
+ # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend
+ # on $ac_dir but don't depend on user-specified configuration
+ # parameters.
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # The set of available languages was given in configure.in.
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS'
+ fi
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ done
+ fi
+ test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile"
+ sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile"
+ for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do
+ if test -f "$f"; then
+ case "$f" in
+ *.orig | *.bak | *~) ;;
+ *) cat "$f" >> "$ac_dir/Makefile" ;;
+ esac
+ fi
+ done
+ fi
+ ;;
+ esac
+ done]],
+ [# Capture the value of obsolete ALL_LINGUAS because we need it to compute
+ # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it
+ # from automake < 1.5.
+ eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"'
+ # Capture the value of LINGUAS because we need it to compute CATALOGS.
+ LINGUAS="${LINGUAS-%UNSET%}"
+ ])
+])
+
+dnl Postprocesses a Makefile in a directory containing PO files.
+AC_DEFUN([AM_POSTPROCESS_PO_MAKEFILE],
+[
+ # When this code is run, in config.status, two variables have already been
+ # set:
+ # - OBSOLETE_ALL_LINGUAS is the value of LINGUAS set in configure.in,
+ # - LINGUAS is the value of the environment variable LINGUAS at configure
+ # time.
+
+changequote(,)dnl
+ # Adjust a relative srcdir.
+ ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'`
+ ac_dir_suffix="/`echo "$ac_dir"|sed 's%^\./%%'`"
+ ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'`
+ # In autoconf-2.13 it is called $ac_given_srcdir.
+ # In autoconf-2.50 it is called $srcdir.
+ test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir"
+ case "$ac_given_srcdir" in
+ .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;;
+ /*) top_srcdir="$ac_given_srcdir" ;;
+ *) top_srcdir="$ac_dots$ac_given_srcdir" ;;
+ esac
+
+ # Find a way to echo strings without interpreting backslash.
+ if test "X`(echo '\t') 2>/dev/null`" = 'X\t'; then
+ gt_echo='echo'
+ else
+ if test "X`(printf '%s\n' '\t') 2>/dev/null`" = 'X\t'; then
+ gt_echo='printf %s\n'
+ else
+ echo_func () {
+ cat <<EOT
+$*
+EOT
+ }
+ gt_echo='echo_func'
+ fi
+ fi
+
+ # A sed script that extracts the value of VARIABLE from a Makefile.
+ sed_x_variable='
+# Test if the hold space is empty.
+x
+s/P/P/
+x
+ta
+# Yes it was empty. Look if we have the expected variable definition.
+/^[ ]*VARIABLE[ ]*=/{
+ # Seen the first line of the variable definition.
+ s/^[ ]*VARIABLE[ ]*=//
+ ba
+}
+bd
+:a
+# Here we are processing a line from the variable definition.
+# Remove comment, more precisely replace it with a space.
+s/#.*$/ /
+# See if the line ends in a backslash.
+tb
+:b
+s/\\$//
+# Print the line, without the trailing backslash.
+p
+tc
+# There was no trailing backslash. The end of the variable definition is
+# reached. Clear the hold space.
+s/^.*$//
+x
+bd
+:c
+# A trailing backslash means that the variable definition continues in the
+# next line. Put a nonempty string into the hold space to indicate this.
+s/^.*$/P/
+x
+:d
+'
+changequote([,])dnl
+
+ # Set POTFILES to the value of the Makefile variable POTFILES.
+ sed_x_POTFILES=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/POTFILES/g'`
+ POTFILES=`sed -n -e "$sed_x_POTFILES" < "$ac_file"`
+ # Compute POTFILES_DEPS as
+ # $(foreach file, $(POTFILES), $(top_srcdir)/$(file))
+ POTFILES_DEPS=
+ for file in $POTFILES; do
+ POTFILES_DEPS="$POTFILES_DEPS "'$(top_srcdir)/'"$file"
+ done
+ POMAKEFILEDEPS=""
+
+ if test -n "$OBSOLETE_ALL_LINGUAS"; then
+ test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete"
+ fi
+ if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then
+ # The LINGUAS file contains the set of available languages.
+ ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"`
+ POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS"
+ else
+ # Set ALL_LINGUAS to the value of the Makefile variable LINGUAS.
+ sed_x_LINGUAS=`$gt_echo "$sed_x_variable" | sed -e '/^ *#/d' -e 's/VARIABLE/LINGUAS/g'`
+ ALL_LINGUAS_=`sed -n -e "$sed_x_LINGUAS" < "$ac_file"`
+ fi
+ # Hide the ALL_LINGUAS assigment from automake < 1.5.
+ eval 'ALL_LINGUAS''=$ALL_LINGUAS_'
+ # Compute POFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po)
+ # Compute UPDATEPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update)
+ # Compute DUMMYPOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop)
+ # Compute GMOFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo)
+ # Compute PROPERTIESFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).properties)
+ # Compute CLASSFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(top_srcdir)/$(DOMAIN)_$(lang).class)
+ # Compute QMFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).qm)
+ # Compute MSGFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang)).msg)
+ # Compute RESOURCESDLLFILES
+ # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(frob $(lang))/$(DOMAIN).resources.dll)
+ case "$ac_given_srcdir" in
+ .) srcdirpre= ;;
+ *) srcdirpre='$(srcdir)/' ;;
+ esac
+ POFILES=
+ UPDATEPOFILES=
+ DUMMYPOFILES=
+ GMOFILES=
+ PROPERTIESFILES=
+ CLASSFILES=
+ QMFILES=
+ MSGFILES=
+ RESOURCESDLLFILES=
+ for lang in $ALL_LINGUAS; do
+ POFILES="$POFILES $srcdirpre$lang.po"
+ UPDATEPOFILES="$UPDATEPOFILES $lang.po-update"
+ DUMMYPOFILES="$DUMMYPOFILES $lang.nop"
+ GMOFILES="$GMOFILES $srcdirpre$lang.gmo"
+ PROPERTIESFILES="$PROPERTIESFILES \$(top_srcdir)/\$(DOMAIN)_$lang.properties"
+ CLASSFILES="$CLASSFILES \$(top_srcdir)/\$(DOMAIN)_$lang.class"
+ QMFILES="$QMFILES $srcdirpre$lang.qm"
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ MSGFILES="$MSGFILES $srcdirpre$frobbedlang.msg"
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ RESOURCESDLLFILES="$RESOURCESDLLFILES $srcdirpre$frobbedlang/\$(DOMAIN).resources.dll"
+ done
+ # CATALOGS depends on both $ac_dir and the user's LINGUAS
+ # environment variable.
+ INST_LINGUAS=
+ if test -n "$ALL_LINGUAS"; then
+ for presentlang in $ALL_LINGUAS; do
+ useit=no
+ if test "%UNSET%" != "$LINGUAS"; then
+ desiredlanguages="$LINGUAS"
+ else
+ desiredlanguages="$ALL_LINGUAS"
+ fi
+ for desiredlang in $desiredlanguages; do
+ # Use the presentlang catalog if desiredlang is
+ # a. equal to presentlang, or
+ # b. a variant of presentlang (because in this case,
+ # presentlang can be used as a fallback for messages
+ # which are not translated in the desiredlang catalog).
+ case "$desiredlang" in
+ "$presentlang"*) useit=yes;;
+ esac
+ done
+ if test $useit = yes; then
+ INST_LINGUAS="$INST_LINGUAS $presentlang"
+ fi
+ done
+ fi
+ CATALOGS=
+ JAVACATALOGS=
+ QTCATALOGS=
+ TCLCATALOGS=
+ CSHARPCATALOGS=
+ if test -n "$INST_LINGUAS"; then
+ for lang in $INST_LINGUAS; do
+ CATALOGS="$CATALOGS $lang.gmo"
+ JAVACATALOGS="$JAVACATALOGS \$(DOMAIN)_$lang.properties"
+ QTCATALOGS="$QTCATALOGS $lang.qm"
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ TCLCATALOGS="$TCLCATALOGS $frobbedlang.msg"
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ CSHARPCATALOGS="$CSHARPCATALOGS $frobbedlang/\$(DOMAIN).resources.dll"
+ done
+ fi
+
+ sed -e "s|@POTFILES_DEPS@|$POTFILES_DEPS|g" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@PROPERTIESFILES@|$PROPERTIESFILES|g" -e "s|@CLASSFILES@|$CLASSFILES|g" -e "s|@QMFILES@|$QMFILES|g" -e "s|@MSGFILES@|$MSGFILES|g" -e "s|@RESOURCESDLLFILES@|$RESOURCESDLLFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@JAVACATALOGS@|$JAVACATALOGS|g" -e "s|@QTCATALOGS@|$QTCATALOGS|g" -e "s|@TCLCATALOGS@|$TCLCATALOGS|g" -e "s|@CSHARPCATALOGS@|$CSHARPCATALOGS|g" -e 's,^#distdir:,distdir:,' < "$ac_file" > "$ac_file.tmp"
+ if grep -l '@TCLCATALOGS@' "$ac_file" > /dev/null; then
+ # Add dependencies that cannot be formulated as a simple suffix rule.
+ for lang in $ALL_LINGUAS; do
+ frobbedlang=`echo $lang | sed -e 's/\..*$//' -e 'y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/'`
+ cat >> "$ac_file.tmp" <<EOF
+$frobbedlang.msg: $lang.po
+ @echo "\$(MSGFMT) -c --tcl -d \$(srcdir) -l $lang $srcdirpre$lang.po"; \
+ \$(MSGFMT) -c --tcl -d "\$(srcdir)" -l $lang $srcdirpre$lang.po || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
+EOF
+ done
+ fi
+ if grep -l '@CSHARPCATALOGS@' "$ac_file" > /dev/null; then
+ # Add dependencies that cannot be formulated as a simple suffix rule.
+ for lang in $ALL_LINGUAS; do
+ frobbedlang=`echo $lang | sed -e 's/_/-/g' -e 's/^sr-CS/sr-SP/' -e 's/@latin$/-Latn/' -e 's/@cyrillic$/-Cyrl/' -e 's/^sr-SP$/sr-SP-Latn/' -e 's/^uz-UZ$/uz-UZ-Latn/'`
+ cat >> "$ac_file.tmp" <<EOF
+$frobbedlang/\$(DOMAIN).resources.dll: $lang.po
+ @echo "\$(MSGFMT) -c --csharp -d \$(srcdir) -l $lang $srcdirpre$lang.po -r \$(DOMAIN)"; \
+ \$(MSGFMT) -c --csharp -d "\$(srcdir)" -l $lang $srcdirpre$lang.po -r "\$(DOMAIN)" || { rm -f "\$(srcdir)/$frobbedlang.msg"; exit 1; }
+EOF
+ done
+ fi
+ if test -n "$POMAKEFILEDEPS"; then
+ cat >> "$ac_file.tmp" <<EOF
+Makefile: $POMAKEFILEDEPS
+EOF
+ fi
+ mv "$ac_file.tmp" "$ac_file"
+])
+
+dnl Initializes the accumulator used by AM_XGETTEXT_OPTION.
+AC_DEFUN([AM_XGETTEXT_OPTION_INIT],
+[
+ XGETTEXT_EXTRA_OPTIONS=
+])
+
+dnl Registers an option to be passed to xgettext in the po subdirectory.
+AC_DEFUN([AM_XGETTEXT_OPTION],
+[
+ AC_REQUIRE([AM_XGETTEXT_OPTION_INIT])
+ XGETTEXT_EXTRA_OPTIONS="$XGETTEXT_EXTRA_OPTIONS $1"
+])
--- /dev/null
+# size_max.m4 serial 6
+dnl Copyright (C) 2003, 2005-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+
+AC_DEFUN([gl_SIZE_MAX],
+[
+ AC_CHECK_HEADERS(stdint.h)
+ dnl First test whether the system already has SIZE_MAX.
+ AC_MSG_CHECKING([for SIZE_MAX])
+ AC_CACHE_VAL([gl_cv_size_max], [
+ gl_cv_size_max=
+ AC_EGREP_CPP([Found it], [
+#include <limits.h>
+#if HAVE_STDINT_H
+#include <stdint.h>
+#endif
+#ifdef SIZE_MAX
+Found it
+#endif
+], gl_cv_size_max=yes)
+ if test -z "$gl_cv_size_max"; then
+ dnl Define it ourselves. Here we assume that the type 'size_t' is not wider
+ dnl than the type 'unsigned long'. Try hard to find a definition that can
+ dnl be used in a preprocessor #if, i.e. doesn't contain a cast.
+ AC_COMPUTE_INT([size_t_bits_minus_1], [sizeof (size_t) * CHAR_BIT - 1],
+ [#include <stddef.h>
+#include <limits.h>], size_t_bits_minus_1=)
+ AC_COMPUTE_INT([fits_in_uint], [sizeof (size_t) <= sizeof (unsigned int)],
+ [#include <stddef.h>], fits_in_uint=)
+ if test -n "$size_t_bits_minus_1" && test -n "$fits_in_uint"; then
+ if test $fits_in_uint = 1; then
+ dnl Even though SIZE_MAX fits in an unsigned int, it must be of type
+ dnl 'unsigned long' if the type 'size_t' is the same as 'unsigned long'.
+ AC_TRY_COMPILE([#include <stddef.h>
+ extern size_t foo;
+ extern unsigned long foo;
+ ], [], fits_in_uint=0)
+ fi
+ dnl We cannot use 'expr' to simplify this expression, because 'expr'
+ dnl works only with 'long' integers in the host environment, while we
+ dnl might be cross-compiling from a 32-bit platform to a 64-bit platform.
+ if test $fits_in_uint = 1; then
+ gl_cv_size_max="(((1U << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ else
+ gl_cv_size_max="(((1UL << $size_t_bits_minus_1) - 1) * 2 + 1)"
+ fi
+ else
+ dnl Shouldn't happen, but who knows...
+ gl_cv_size_max='((size_t)~(size_t)0)'
+ fi
+ fi
+ ])
+ AC_MSG_RESULT([$gl_cv_size_max])
+ if test "$gl_cv_size_max" != yes; then
+ AC_DEFINE_UNQUOTED([SIZE_MAX], [$gl_cv_size_max],
+ [Define as the maximum value of type 'size_t', if the system doesn't define it.])
+ fi
+])
+
+dnl Autoconf >= 2.61 has AC_COMPUTE_INT built-in.
+dnl Remove this when we can assume autoconf >= 2.61.
+m4_ifdef([AC_COMPUTE_INT], [], [
+ AC_DEFUN([AC_COMPUTE_INT], [_AC_COMPUTE_INT([$2],[$1],[$3],[$4])])
+])
--- /dev/null
+# stdint_h.m4 serial 6
+dnl Copyright (C) 1997-2004, 2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_STDINT_H_WITH_UINTMAX if <stdint.h> exists,
+# doesn't clash with <sys/types.h>, and declares uintmax_t.
+
+AC_DEFUN([gl_AC_HEADER_STDINT_H],
+[
+ AC_CACHE_CHECK([for stdint.h], gl_cv_header_stdint_h,
+ [AC_TRY_COMPILE(
+ [#include <sys/types.h>
+#include <stdint.h>],
+ [uintmax_t i = (uintmax_t) -1; return !i;],
+ gl_cv_header_stdint_h=yes,
+ gl_cv_header_stdint_h=no)])
+ if test $gl_cv_header_stdint_h = yes; then
+ AC_DEFINE_UNQUOTED(HAVE_STDINT_H_WITH_UINTMAX, 1,
+ [Define if <stdint.h> exists, doesn't clash with <sys/types.h>,
+ and declares uintmax_t. ])
+ fi
+])
--- /dev/null
+# ulonglong.m4 serial 6
+dnl Copyright (C) 1999-2006 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Paul Eggert.
+
+# Define HAVE_UNSIGNED_LONG_LONG_INT if 'unsigned long long int' works.
+# This fixes a bug in Autoconf 2.60, but can be removed once we
+# assume 2.61 everywhere.
+
+# Note: If the type 'unsigned long long int' exists but is only 32 bits
+# large (as on some very old compilers), AC_TYPE_UNSIGNED_LONG_LONG_INT
+# will not be defined. In this case you can treat 'unsigned long long int'
+# like 'unsigned long int'.
+
+AC_DEFUN([AC_TYPE_UNSIGNED_LONG_LONG_INT],
+[
+ AC_CACHE_CHECK([for unsigned long long int],
+ [ac_cv_type_unsigned_long_long_int],
+ [AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[unsigned long long int ull = 18446744073709551615ULL;
+ typedef int a[(18446744073709551615ULL <= (unsigned long long int) -1
+ ? 1 : -1)];
+ int i = 63;]],
+ [[unsigned long long int ullmax = 18446744073709551615ull;
+ return (ull << 63 | ull >> 63 | ull << i | ull >> i
+ | ullmax / ull | ullmax % ull);]])],
+ [ac_cv_type_unsigned_long_long_int=yes],
+ [ac_cv_type_unsigned_long_long_int=no])])
+ if test $ac_cv_type_unsigned_long_long_int = yes; then
+ AC_DEFINE([HAVE_UNSIGNED_LONG_LONG_INT], 1,
+ [Define to 1 if the system has the type `unsigned long long int'.])
+ fi
+])
+
+# This macro is obsolescent and should go away soon.
+AC_DEFUN([gl_AC_TYPE_UNSIGNED_LONG_LONG],
+[
+ AC_REQUIRE([AC_TYPE_UNSIGNED_LONG_LONG_INT])
+ ac_cv_type_unsigned_long_long=$ac_cv_type_unsigned_long_long_int
+ if test $ac_cv_type_unsigned_long_long = yes; then
+ AC_DEFINE(HAVE_UNSIGNED_LONG_LONG, 1,
+ [Define if you have the 'unsigned long long' type.])
+ fi
+])
--- /dev/null
+# wchar_t.m4 serial 1 (gettext-0.12)
+dnl Copyright (C) 2002-2003 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether <stddef.h> has the 'wchar_t' type.
+dnl Prerequisite: AC_PROG_CC
+
+AC_DEFUN([gt_TYPE_WCHAR_T],
+[
+ AC_CACHE_CHECK([for wchar_t], gt_cv_c_wchar_t,
+ [AC_TRY_COMPILE([#include <stddef.h>
+ wchar_t foo = (wchar_t)'\0';], ,
+ gt_cv_c_wchar_t=yes, gt_cv_c_wchar_t=no)])
+ if test $gt_cv_c_wchar_t = yes; then
+ AC_DEFINE(HAVE_WCHAR_T, 1, [Define if you have the 'wchar_t' type.])
+ fi
+])
--- /dev/null
+# wint_t.m4 serial 2 (gettext-0.17)
+dnl Copyright (C) 2003, 2007 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+dnl From Bruno Haible.
+dnl Test whether <wchar.h> has the 'wint_t' type.
+dnl Prerequisite: AC_PROG_CC
+
+AC_DEFUN([gt_TYPE_WINT_T],
+[
+ AC_CACHE_CHECK([for wint_t], gt_cv_c_wint_t,
+ [AC_TRY_COMPILE([
+/* Tru64 with Desktop Toolkit C has a bug: <stdio.h> must be included before
+ <wchar.h>.
+ BSD/OS 4.0.1 has a bug: <stddef.h>, <stdio.h> and <time.h> must be included
+ before <wchar.h>. */
+#include <stddef.h>
+#include <stdio.h>
+#include <time.h>
+#include <wchar.h>
+ wint_t foo = (wchar_t)'\0';], ,
+ gt_cv_c_wint_t=yes, gt_cv_c_wint_t=no)])
+ if test $gt_cv_c_wint_t = yes; then
+ AC_DEFINE(HAVE_WINT_T, 1, [Define if you have the 'wint_t' type.])
+ fi
+])
--- /dev/null
+# xsize.m4 serial 3
+dnl Copyright (C) 2003-2004 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_XSIZE],
+[
+ dnl Prerequisites of lib/xsize.h.
+ AC_REQUIRE([gl_SIZE_MAX])
+ AC_REQUIRE([AC_C_INLINE])
+ AC_CHECK_HEADERS(stdint.h)
+])
--- /dev/null
+# -*-Makefile-*-
+# This Makefile fragment tries to be general-purpose enough to be
+# used by many projects via the gnulib maintainer-makefile module.
+
+## Copyright (C) 2001-2011 Free Software Foundation, Inc.
+##
+## This program is free software: you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation, either version 3 of the License, or
+## (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+## GNU General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# This is reported not to work with make-3.79.1
+# ME := $(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST))
+ME := maint.mk
+
+# Override this in cfg.mk if you use a non-standard build-aux directory.
+build_aux ?= $(srcdir)/build-aux
+
+# Do not save the original name or timestamp in the .tar.gz file.
+# Use --rsyncable if available.
+gzip_rsyncable := \
+ $(shell gzip --help 2>/dev/null|grep rsyncable >/dev/null \
+ && printf %s --rsyncable)
+GZIP_ENV = '--no-name --best $(gzip_rsyncable)'
+
+GIT = git
+VC = $(GIT)
+VC-tag = git tag -s -m '$(VERSION)' -u '$(gpg_key_ID)'
+
+VC_LIST = $(build_aux)/vc-list-files -C $(srcdir)
+
+# You can override this variable in cfg.mk to set your own regexp
+# matching files to ignore.
+VC_LIST_ALWAYS_EXCLUDE_REGEX ?= ^$$
+
+# This is to preprocess robustly the output of $(VC_LIST), so that even
+# when $(srcdir) is a pathological name like "....", the leading sed command
+# removes only the intended prefix.
+_dot_escaped_srcdir = $(subst .,\.,$(srcdir))
+
+# Post-process $(VC_LIST) output, prepending $(srcdir)/, but only
+# when $(srcdir) is not ".".
+ifeq ($(srcdir),.)
+_prepend_srcdir_prefix =
+else
+_prepend_srcdir_prefix = | sed 's|^|$(srcdir)/|'
+endif
+
+# In order to be able to consistently filter "."-relative names,
+# (i.e., with no $(srcdir) prefix), this definition is careful to
+# remove any $(srcdir) prefix, and to restore what it removes.
+VC_LIST_EXCEPT = \
+ $(VC_LIST) | sed 's|^$(_dot_escaped_srcdir)/||' \
+ | if test -f $(srcdir)/.x-$@; then grep -vEf $(srcdir)/.x-$@; \
+ else grep -Ev -e "$${VC_LIST_EXCEPT_DEFAULT-ChangeLog}"; fi \
+ | grep -Ev -e '$(VC_LIST_ALWAYS_EXCLUDE_REGEX)' \
+ $(_prepend_srcdir_prefix)
+
+ifeq ($(origin prev_version_file), undefined)
+ prev_version_file = $(srcdir)/.prev-version
+endif
+
+PREV_VERSION := $(shell cat $(prev_version_file) 2>/dev/null)
+VERSION_REGEXP = $(subst .,\.,$(VERSION))
+PREV_VERSION_REGEXP = $(subst .,\.,$(PREV_VERSION))
+
+ifeq ($(VC),$(GIT))
+this-vc-tag = v$(VERSION)
+this-vc-tag-regexp = v$(VERSION_REGEXP)
+else
+tag-package = $(shell echo "$(PACKAGE)" | tr '[:lower:]' '[:upper:]')
+tag-this-version = $(subst .,_,$(VERSION))
+this-vc-tag = $(tag-package)-$(tag-this-version)
+this-vc-tag-regexp = $(this-vc-tag)
+endif
+my_distdir = $(PACKAGE)-$(VERSION)
+
+# Old releases are stored here.
+release_archive_dir ?= ../release
+
+# Override gnu_rel_host and url_dir_list in cfg.mk if these are not right.
+# Use alpha.gnu.org for alpha and beta releases.
+# Use ftp.gnu.org for stable releases.
+gnu_ftp_host-alpha = alpha.gnu.org
+gnu_ftp_host-beta = alpha.gnu.org
+gnu_ftp_host-stable = ftp.gnu.org
+gnu_rel_host ?= $(gnu_ftp_host-$(RELEASE_TYPE))
+
+ifeq ($(gnu_rel_host),ftp.gnu.org)
+url_dir_list ?= http://ftpmirror.gnu.org/$(PACKAGE)
+else
+url_dir_list ?= ftp://$(gnu_rel_host)/gnu/$(PACKAGE)
+endif
+
+# Override this in cfg.mk if you are using a different format in your
+# NEWS file.
+today = $(shell date +%Y-%m-%d)
+
+# Select which lines of NEWS are searched for $(news-check-regexp).
+# This is a sed line number spec. The default says that we search
+# lines 1..10 of NEWS for $(news-check-regexp).
+# If you want to search only line 3 or only lines 20-22, use "3" or "20,22".
+news-check-lines-spec ?= 1,10
+news-check-regexp ?= '^\*.* $(VERSION_REGEXP) \($(today)\)'
+
+# Prevent programs like 'sort' from considering distinct strings to be equal.
+# Doing it here saves us from having to set LC_ALL elsewhere in this file.
+export LC_ALL = C
+
+## --------------- ##
+## Sanity checks. ##
+## --------------- ##
+
+_cfg_mk := $(shell test -f $(srcdir)/cfg.mk && echo '$(srcdir)/cfg.mk')
+
+# Collect the names of rules starting with `sc_'.
+syntax-check-rules := $(sort $(shell sed -n 's/^\(sc_[a-zA-Z0-9_-]*\):.*/\1/p' \
+ $(srcdir)/$(ME) $(_cfg_mk)))
+.PHONY: $(syntax-check-rules)
+
+ifeq ($(shell $(VC_LIST) >/dev/null 2>&1; echo $$?),0)
+local-checks-available += $(syntax-check-rules)
+else
+local-checks-available += no-vc-detected
+no-vc-detected:
+ @echo "No version control files detected; skipping syntax check"
+endif
+.PHONY: $(local-checks-available)
+
+# Arrange to print the name of each syntax-checking rule just before running it.
+$(syntax-check-rules): %: %.m
+sc_m_rules_ = $(patsubst %, %.m, $(syntax-check-rules))
+.PHONY: $(sc_m_rules_)
+$(sc_m_rules_):
+ @echo $(patsubst sc_%.m, %, $@)
+ @date +%s.%N > .sc-start-$(basename $@)
+
+# Compute and print the elapsed time for each syntax-check rule.
+sc_z_rules_ = $(patsubst %, %.z, $(syntax-check-rules))
+.PHONY: $(sc_z_rules_)
+$(sc_z_rules_): %.z: %
+ @end=$$(date +%s.%N); \
+ start=$$(cat .sc-start-$*); \
+ rm -f .sc-start-$*; \
+ awk -v s=$$start -v e=$$end \
+ 'END {printf "%.2f $(patsubst sc_%,%,$*)\n", e - s}' < /dev/null
+
+# The patsubst here is to replace each sc_% rule with its sc_%.z wrapper
+# that computes and prints elapsed time.
+local-check := \
+ $(patsubst sc_%, sc_%.z, \
+ $(filter-out $(local-checks-to-skip), $(local-checks-available)))
+
+syntax-check: $(local-check)
+
+# _sc_search_regexp
+#
+# This macro searches for a given construct in the selected files and
+# then takes some action.
+#
+# Parameters (shell variables):
+#
+# prohibit | require
+#
+# Regular expression (ERE) denoting either a forbidden construct
+# or a required construct. Those arguments are exclusive.
+#
+# in_vc_files | in_files
+#
+# grep-E-style regexp denoting the files to check. If no files
+# are specified the default are all the files that are under
+# version control.
+#
+# containing | non_containing
+#
+# Select the files (non) containing strings matching this regexp.
+# If both arguments are specified then CONTAINING takes
+# precedence.
+#
+# with_grep_options
+#
+# Extra options for grep.
+#
+# ignore_case
+#
+# Ignore case.
+#
+# halt
+#
+# Message to display before to halting execution.
+
+# By default, _sc_search_regexp does not ignore case.
+export ignore_case =
+_ignore_case = $$(test -n "$$ignore_case" && printf %s -i || :)
+
+define _sc_say_and_exit
+ dummy=; : so we do not need a semicolon before each use; \
+ { printf '%s\n' "$(ME): $$msg" 1>&2; exit 1; };
+endef
+
+# _sc_search_regexp used to be named _prohibit_regexp. However,
+# upgrading to the new definition and leaving the old name undefined
+# would usually convert each custom rule using $(_prohibit_regexp)
+# (usually defined in cfg.mk) into a no-op. This definition ensures
+# that people know right away if they're still using the old name.
+# FIXME: remove in 2012.
+_prohibit_regexp = \
+ $(error '*** you need to s/_prohibit_regexp/_sc_search_regexp/, and adapt')
+
+define _sc_search_regexp
+ dummy=; : so we do not need a semicolon before each use; \
+ \
+ : Check arguments; \
+ test -n "$$prohibit" && test -n "$$require" \
+ && { msg='Cannot specify both prohibit and require' \
+ $(_sc_say_and_exit) } || :; \
+ test -z "$$prohibit" && test -z "$$require" \
+ && { msg='Should specify either prohibit or require' \
+ $(_sc_say_and_exit) } || :; \
+ test -n "$$in_vc_files" && test -n "$$in_files" \
+ && { msg='Cannot specify both in_vc_files and in_files' \
+ $(_sc_say_and_exit) } || :; \
+ test "x$$halt" != x \
+ || { msg='halt not defined' $(_sc_say_and_exit) }; \
+ \
+ : Filter by file name; \
+ if test -n "$$in_files"; then \
+ files=$$(find $(srcdir) | grep -E "$$in_files"); \
+ else \
+ files=$$($(VC_LIST_EXCEPT)); \
+ if test -n "$$in_vc_files"; then \
+ files=$$(echo "$$files" | grep -E "$$in_vc_files"); \
+ fi; \
+ fi; \
+ \
+ : Filter by content; \
+ test -n "$$files" && test -n "$$containing" \
+ && { files=$$(grep -l "$$containing" $$files); } || :; \
+ test -n "$$files" && test -n "$$non_containing" \
+ && { files=$$(grep -vl "$$non_containing" $$files); } || :; \
+ \
+ : Check for the construct; \
+ if test -n "$$files"; then \
+ if test -n "$$prohibit"; then \
+ grep $$with_grep_options $(_ignore_case) -nE "$$prohibit" $$files \
+ && { msg="$$halt" $(_sc_say_and_exit) } || :; \
+ else \
+ grep $$with_grep_options $(_ignore_case) -LE "$$require" $$files \
+ | grep . \
+ && { msg="$$halt" $(_sc_say_and_exit) } || :; \
+ fi \
+ else :; \
+ fi || :;
+endef
+
+sc_avoid_if_before_free:
+ @$(build_aux)/useless-if-before-free \
+ $(useless_free_options) \
+ $$($(VC_LIST_EXCEPT) | grep -v useless-if-before-free) && \
+ { echo '$(ME): found useless "if" before "free" above' 1>&2; \
+ exit 1; } || :
+
+sc_cast_of_argument_to_free:
+ @prohibit='\<free *\( *\(' halt='don'\''t cast free argument' \
+ $(_sc_search_regexp)
+
+sc_cast_of_x_alloc_return_value:
+ @prohibit='\*\) *x(m|c|re)alloc\>' \
+ halt='don'\''t cast x*alloc return value' \
+ $(_sc_search_regexp)
+
+sc_cast_of_alloca_return_value:
+ @prohibit='\*\) *alloca\>' \
+ halt='don'\''t cast alloca return value' \
+ $(_sc_search_regexp)
+
+sc_space_tab:
+ @prohibit='[ ] ' \
+ halt='found SPACE-TAB sequence; remove the SPACE' \
+ $(_sc_search_regexp)
+
+# Don't use *scanf or the old ato* functions in `real' code.
+# They provide no error checking mechanism.
+# Instead, use strto* functions.
+sc_prohibit_atoi_atof:
+ @prohibit='\<([fs]?scanf|ato([filq]|ll)) *\(' \
+ halt='do not use *scan''f, ato''f, ato''i, ato''l, ato''ll or ato''q' \
+ $(_sc_search_regexp)
+
+# Use STREQ rather than comparing strcmp == 0, or != 0.
+sc_prohibit_strcmp:
+ @grep -nE '! *str''cmp *\(|\<str''cmp *\(.+\) *[!=]=' \
+ $$($(VC_LIST_EXCEPT)) \
+ | grep -vE ':# *define STRN?EQ\(' && \
+ { echo '$(ME): replace str''cmp calls above with STREQ/STRNEQ' \
+ 1>&2; exit 1; } || :
+
+# Pass EXIT_*, not number, to usage, exit, and error (when exiting)
+# Convert all uses automatically, via these two commands:
+# git grep -l '\<exit *(1)' \
+# | grep -vEf .x-sc_prohibit_magic_number_exit \
+# | xargs --no-run-if-empty \
+# perl -pi -e 's/(^|[^.])\b(exit ?)\(1\)/$1$2(EXIT_FAILURE)/'
+# git grep -l '\<exit *(0)' \
+# | grep -vEf .x-sc_prohibit_magic_number_exit \
+# | xargs --no-run-if-empty \
+# perl -pi -e 's/(^|[^.])\b(exit ?)\(0\)/$1$2(EXIT_SUCCESS)/'
+sc_prohibit_magic_number_exit:
+ @prohibit='(^|[^.])\<(usage|exit) ?\([0-9]|\<error ?\([1-9][0-9]*,' \
+ halt='use EXIT_* values rather than magic number' \
+ $(_sc_search_regexp)
+
+# Using EXIT_SUCCESS as the first argument to error is misleading,
+# since when that parameter is 0, error does not exit. Use `0' instead.
+sc_error_exit_success:
+ @prohibit='error *\(EXIT_SUCCESS,' \
+ in_vc_files='\.[chly]$$' \
+ halt='found error (EXIT_SUCCESS' \
+ $(_sc_search_regexp)
+
+# `FATAL:' should be fully upper-cased in error messages
+# `WARNING:' should be fully upper-cased, or fully lower-cased
+sc_error_message_warn_fatal:
+ @grep -nEA2 '[^rp]error *\(' $$($(VC_LIST_EXCEPT)) \
+ | grep -E '"Warning|"Fatal|"fatal' && \
+ { echo '$(ME): use FATAL, WARNING or warning' 1>&2; \
+ exit 1; } || :
+
+# Error messages should not start with a capital letter
+sc_error_message_uppercase:
+ @grep -nEA2 '[^rp]error *\(' $$($(VC_LIST_EXCEPT)) \
+ | grep -E '"[A-Z]' \
+ | grep -vE '"FATAL|"WARNING|"Java|"C#|PRIuMAX' && \
+ { echo '$(ME): found capitalized error message' 1>&2; \
+ exit 1; } || :
+
+# Error messages should not end with a period
+sc_error_message_period:
+ @grep -nEA2 '[^rp]error *\(' $$($(VC_LIST_EXCEPT)) \
+ | grep -E '[^."]\."' && \
+ { echo '$(ME): found error message ending in period' 1>&2; \
+ exit 1; } || :
+
+sc_file_system:
+ @prohibit=file''system \
+ ignore_case=1 \
+ halt='found use of "file''system"; spell it "file system"' \
+ $(_sc_search_regexp)
+
+# Don't use cpp tests of this symbol. All code assumes config.h is included.
+sc_prohibit_have_config_h:
+ @prohibit='^# *if.*HAVE''_CONFIG_H' \
+ halt='found use of HAVE''_CONFIG_H; remove' \
+ $(_sc_search_regexp)
+
+# Nearly all .c files must include <config.h>. However, we also permit this
+# via inclusion of a package-specific header, if cfg.mk specified one.
+# config_h_header must be suitable for grep -E.
+config_h_header ?= <config\.h>
+sc_require_config_h:
+ @require='^# *include $(config_h_header)' \
+ in_vc_files='\.c$$' \
+ halt='the above files do not include <config.h>' \
+ $(_sc_search_regexp)
+
+# You must include <config.h> before including any other header file.
+# This can possibly be via a package-specific header, if given by cfg.mk.
+sc_require_config_h_first:
+ @if $(VC_LIST_EXCEPT) | grep -l '\.c$$' > /dev/null; then \
+ fail=0; \
+ for i in $$($(VC_LIST_EXCEPT) | grep '\.c$$'); do \
+ grep '^# *include\>' $$i | sed 1q \
+ | grep -E '^# *include $(config_h_header)' > /dev/null \
+ || { echo $$i; fail=1; }; \
+ done; \
+ test $$fail = 1 && \
+ { echo '$(ME): the above files include some other header' \
+ 'before <config.h>' 1>&2; exit 1; } || :; \
+ else :; \
+ fi
+
+sc_prohibit_HAVE_MBRTOWC:
+ @prohibit='\bHAVE_MBRTOWC\b' \
+ halt="do not use $$prohibit; it is always defined" \
+ $(_sc_search_regexp)
+
+# To use this "command" macro, you must first define two shell variables:
+# h: the header, enclosed in <> or ""
+# re: a regular expression that matches IFF something provided by $h is used.
+define _sc_header_without_use
+ dummy=; : so we do not need a semicolon before each use; \
+ h_esc=`echo "$$h"|sed 's/\./\\\\./g'`; \
+ if $(VC_LIST_EXCEPT) | grep -l '\.c$$' > /dev/null; then \
+ files=$$(grep -l '^# *include '"$$h_esc" \
+ $$($(VC_LIST_EXCEPT) | grep '\.c$$')) && \
+ grep -LE "$$re" $$files | grep . && \
+ { echo "$(ME): the above files include $$h but don't use it" \
+ 1>&2; exit 1; } || :; \
+ else :; \
+ fi
+endef
+
+# Prohibit the inclusion of assert.h without an actual use of assert.
+sc_prohibit_assert_without_use:
+ @h='<assert.h>' re='\<assert *\(' $(_sc_header_without_use)
+
+# Prohibit the inclusion of close-stream.h without an actual use.
+sc_prohibit_close_stream_without_use:
+ @h='"close-stream.h"' re='\<close_stream *\(' $(_sc_header_without_use)
+
+# Prohibit the inclusion of getopt.h without an actual use.
+sc_prohibit_getopt_without_use:
+ @h='<getopt.h>' re='\<getopt(_long)? *\(' $(_sc_header_without_use)
+
+# Don't include quotearg.h unless you use one of its functions.
+sc_prohibit_quotearg_without_use:
+ @h='"quotearg.h"' re='\<quotearg(_[^ ]+)? *\(' $(_sc_header_without_use)
+
+# Don't include quote.h unless you use one of its functions.
+sc_prohibit_quote_without_use:
+ @h='"quote.h"' re='\<quote(_n)? *\(' $(_sc_header_without_use)
+
+# Don't include this header unless you use one of its functions.
+sc_prohibit_long_options_without_use:
+ @h='"long-options.h"' re='\<parse_long_options *\(' \
+ $(_sc_header_without_use)
+
+# Don't include this header unless you use one of its functions.
+sc_prohibit_inttostr_without_use:
+ @h='"inttostr.h"' re='\<(off|[iu]max|uint)tostr *\(' \
+ $(_sc_header_without_use)
+
+# Don't include this header unless you use one of its functions.
+sc_prohibit_ignore_value_without_use:
+ @h='"ignore-value.h"' re='\<ignore_(value|ptr) *\(' \
+ $(_sc_header_without_use)
+
+# Don't include this header unless you use one of its functions.
+sc_prohibit_error_without_use:
+ @h='"error.h"' \
+ re='\<error(_at_line|_print_progname|_one_per_line|_message_count)? *\('\
+ $(_sc_header_without_use)
+
+# Don't include xalloc.h unless you use one of its functions.
+# Consider these symbols:
+# perl -lne '/^# *define (\w+)\(/ and print $1' lib/xalloc.h|grep -v '^__';
+# perl -lne '/^(?:extern )?(?:void|char) \*?(\w+) *\(/ and print $1' lib/xalloc.h
+# Divide into two sets on case, and filter each through this:
+# | sort | perl -MRegexp::Assemble -le \
+# 'print Regexp::Assemble->new(file => "/dev/stdin")->as_string'|sed 's/\?://g'
+# Note this was produced by the above:
+# _xa1 = \
+#x(((2n?)?re|c(har)?|n(re|m)|z)alloc|alloc_(oversized|die)|m(alloc|emdup)|strdup)
+# But we can do better, in at least two ways:
+# 1) take advantage of two "dup"-suffixed strings:
+# x(((2n?)?re|c(har)?|n(re|m)|[mz])alloc|alloc_(oversized|die)|(mem|str)dup)
+# 2) notice that "c(har)?|[mz]" is equivalent to the shorter and more readable
+# "char|[cmz]"
+# x(((2n?)?re|char|n(re|m)|[cmz])alloc|alloc_(oversized|die)|(mem|str)dup)
+_xa1 = x(((2n?)?re|char|n(re|m)|[cmz])alloc|alloc_(oversized|die)|(mem|str)dup)
+_xa2 = X([CZ]|N?M)ALLOC
+sc_prohibit_xalloc_without_use:
+ @h='"xalloc.h"' \
+ re='\<($(_xa1)|$(_xa2)) *\('\
+ $(_sc_header_without_use)
+
+# Extract function names:
+# perl -lne '/^(?:extern )?(?:void|char) \*?(\w+) *\(/ and print $1' lib/hash.h
+_hash_re = \
+clear|delete|free|get_(first|next)|insert|lookup|print_statistics|reset_tuning
+_hash_fn = \<($(_hash_re)) *\(
+_hash_struct = (struct )?\<[Hh]ash_(table|tuning)\>
+sc_prohibit_hash_without_use:
+ @h='"hash.h"' \
+ re='$(_hash_fn)|$(_hash_struct)'\
+ $(_sc_header_without_use)
+
+sc_prohibit_hash_pjw_without_use:
+ @h='"hash-pjw.h"' \
+ re='\<hash_pjw *\(' \
+ $(_sc_header_without_use)
+
+sc_prohibit_safe_read_without_use:
+ @h='"safe-read.h"' re='(\<SAFE_READ_ERROR\>|\<safe_read *\()' \
+ $(_sc_header_without_use)
+
+sc_prohibit_argmatch_without_use:
+ @h='"argmatch.h"' \
+ re='(\<(ARRAY_CARDINALITY|X?ARGMATCH(|_TO_ARGUMENT|_VERIFY))\>|\<argmatch(_exit_fn|_(in)?valid) *\()' \
+ $(_sc_header_without_use)
+
+sc_prohibit_canonicalize_without_use:
+ @h='"canonicalize.h"' \
+ re='CAN_(EXISTING|ALL_BUT_LAST|MISSING)|canonicalize_(mode_t|filename_mode)' \
+ $(_sc_header_without_use)
+
+sc_prohibit_root_dev_ino_without_use:
+ @h='"root-dev-ino.h"' \
+ re='(\<ROOT_DEV_INO_(CHECK|WARN)\>|\<get_root_dev_ino *\()' \
+ $(_sc_header_without_use)
+
+sc_prohibit_openat_without_use:
+ @h='"openat.h"' \
+ re='\<(openat_(permissive|needs_fchdir|(save|restore)_fail)|l?(stat|ch(own|mod))at|(euid)?accessat)\>' \
+ $(_sc_header_without_use)
+
+# Prohibit the inclusion of c-ctype.h without an actual use.
+ctype_re = isalnum|isalpha|isascii|isblank|iscntrl|isdigit|isgraph|islower\
+|isprint|ispunct|isspace|isupper|isxdigit|tolower|toupper
+sc_prohibit_c_ctype_without_use:
+ @h='[<"]c-ctype.h[">]' re='\<c_($(ctype_re)) *\(' \
+ $(_sc_header_without_use)
+
+_empty =
+_sp = $(_empty) $(_empty)
+# The following list was generated by running:
+# man signal.h|col -b|perl -ne '/bsd_signal.*;/.../sigwaitinfo.*;/ and print' \
+# | perl -lne '/^\s+(?:int|void).*?(\w+).*/ and print $1' | fmt
+_sig_functions = \
+ bsd_signal kill killpg pthread_kill pthread_sigmask raise sigaction \
+ sigaddset sigaltstack sigdelset sigemptyset sigfillset sighold sigignore \
+ siginterrupt sigismember signal sigpause sigpending sigprocmask sigqueue \
+ sigrelse sigset sigsuspend sigtimedwait sigwait sigwaitinfo
+_sig_function_re = $(subst $(_sp),|,$(strip $(_sig_functions)))
+# The following were extracted from "man signal.h" manually.
+_sig_types_and_consts = \
+ MINSIGSTKSZ SA_NOCLDSTOP SA_NOCLDWAIT SA_NODEFER SA_ONSTACK \
+ SA_RESETHAND SA_RESTART SA_SIGINFO SIGEV_NONE SIGEV_SIGNAL \
+ SIGEV_THREAD SIGSTKSZ SIG_BLOCK SIG_SETMASK SIG_UNBLOCK SS_DISABLE \
+ SS_ONSTACK mcontext_t pid_t sig_atomic_t sigevent siginfo_t sigset_t \
+ sigstack sigval stack_t ucontext_t
+# generated via this:
+# perl -lne '/^#ifdef (SIG\w+)/ and print $1' lib/sig2str.c|sort -u|fmt -70
+_sig_names = \
+ SIGABRT SIGALRM SIGALRM1 SIGBUS SIGCANCEL SIGCHLD SIGCLD SIGCONT \
+ SIGDANGER SIGDIL SIGEMT SIGFPE SIGFREEZE SIGGRANT SIGHUP SIGILL \
+ SIGINFO SIGINT SIGIO SIGIOT SIGKAP SIGKILL SIGKILLTHR SIGLOST SIGLWP \
+ SIGMIGRATE SIGMSG SIGPHONE SIGPIPE SIGPOLL SIGPRE SIGPROF SIGPWR \
+ SIGQUIT SIGRETRACT SIGSAK SIGSEGV SIGSOUND SIGSTKFLT SIGSTOP SIGSYS \
+ SIGTERM SIGTHAW SIGTRAP SIGTSTP SIGTTIN SIGTTOU SIGURG SIGUSR1 \
+ SIGUSR2 SIGVIRT SIGVTALRM SIGWAITING SIGWINCH SIGWIND SIGWINDOW \
+ SIGXCPU SIGXFSZ
+_sig_syms_re = $(subst $(_sp),|,$(strip $(_sig_names) $(_sig_types_and_consts)))
+
+# Prohibit the inclusion of signal.h without an actual use.
+sc_prohibit_signal_without_use:
+ @h='<signal.h>' \
+ re='\<($(_sig_function_re)) *\(|\<($(_sig_syms_re))\>' \
+ $(_sc_header_without_use)
+
+# Prohibit the inclusion of strings.h without a sensible use.
+# Using the likes of bcmp, bcopy, bzero, index or rindex is not sensible.
+sc_prohibit_strings_without_use:
+ @h='<strings.h>' \
+ re='\<(strn?casecmp|ffs(ll)?)\>' \
+ $(_sc_header_without_use)
+
+# Get the list of symbol names with this:
+# perl -lne '/^# *define (\w+)\(/ and print $1' lib/intprops.h|grep -v '^s'|fmt
+_intprops_names = \
+ TYPE_IS_INTEGER TYPE_TWOS_COMPLEMENT TYPE_ONES_COMPLEMENT \
+ TYPE_SIGNED_MAGNITUDE TYPE_SIGNED TYPE_MINIMUM TYPE_MAXIMUM \
+ INT_STRLEN_BOUND INT_BUFSIZE_BOUND
+_intprops_syms_re = $(subst $(_sp),|,$(strip $(_intprops_names)))
+# Prohibit the inclusion of intprops.h without an actual use.
+sc_prohibit_intprops_without_use:
+ @h='"intprops.h"' \
+ re='\<($(_intprops_syms_re)) *\(' \
+ $(_sc_header_without_use)
+
+_stddef_syms_re = NULL|offsetof|ptrdiff_t|size_t|wchar_t
+# Prohibit the inclusion of stddef.h without an actual use.
+sc_prohibit_stddef_without_use:
+ @h='<stddef.h>' \
+ re='\<($(_stddef_syms_re)) *\(' \
+ $(_sc_header_without_use)
+
+sc_obsolete_symbols:
+ @prohibit='\<(HAVE''_FCNTL_H|O''_NDELAY)\>' \
+ halt='do not use HAVE''_FCNTL_H or O'_NDELAY \
+ $(_sc_search_regexp)
+
+# FIXME: warn about definitions of EXIT_FAILURE, EXIT_SUCCESS, STREQ
+
+# Each nonempty ChangeLog line must start with a year number, or a TAB.
+sc_changelog:
+ @prohibit='^[^12 ]' \
+ in_vc_files='^ChangeLog$$' \
+ halt='found unexpected prefix in a ChangeLog' \
+ $(_sc_search_regexp)
+
+# Ensure that each .c file containing a "main" function also
+# calls set_program_name.
+sc_program_name:
+ @require='set_program_name *\(m?argv\[0\]\);' \
+ in_vc_files='\.c$$' \
+ containing='\<main *(' \
+ halt='the above files do not call set_program_name' \
+ $(_sc_search_regexp)
+
+# Ensure that each .c file containing a "main" function also
+# calls bindtextdomain.
+sc_bindtextdomain:
+ @require='bindtextdomain *\(' \
+ in_vc_files='\.c$$' \
+ containing='\<main *(' \
+ halt='the above files do not call bindtextdomain' \
+ $(_sc_search_regexp)
+
+# Require that the final line of each test-lib.sh-using test be this one:
+# Exit $fail
+# Note: this test requires GNU grep's --label= option.
+Exit_witness_file ?= tests/test-lib.sh
+Exit_base := $(notdir $(Exit_witness_file))
+sc_require_test_exit_idiom:
+ @if test -f $(srcdir)/$(Exit_witness_file); then \
+ die=0; \
+ for i in $$(grep -l -F 'srcdir/$(Exit_base)' \
+ $$($(VC_LIST) tests)); do \
+ tail -n1 $$i | grep '^Exit .' > /dev/null \
+ && : || { die=1; echo $$i; } \
+ done; \
+ test $$die = 1 && \
+ { echo 1>&2 '$(ME): the final line in each of the above is not:'; \
+ echo 1>&2 'Exit something'; \
+ exit 1; } || :; \
+ fi
+
+sc_the_the:
+ @prohibit='\<the ''the\>' \
+ ignore_case=1 \
+ halt='found use of "the ''the";' \
+ $(_sc_search_regexp)
+
+sc_trailing_blank:
+ @prohibit='[ ]$$' \
+ halt='found trailing blank(s)' \
+ $(_sc_search_regexp)
+
+# Match lines like the following, but where there is only one space
+# between the options and the description:
+# -D, --all-repeated[=delimit-method] print all duplicate lines\n
+longopt_re = --[a-z][0-9A-Za-z-]*(\[?=[0-9A-Za-z-]*\]?)?
+sc_two_space_separator_in_usage:
+ @prohibit='^ *(-[A-Za-z],)? $(longopt_re) [^ ].*\\$$' \
+ halt='help2man requires at least two spaces between an option and its description'\
+ $(_sc_search_regexp)
+
+# Look for diagnostics that aren't marked for translation.
+# This won't find any for which error's format string is on a separate line.
+sc_unmarked_diagnostics:
+ @grep -nE \
+ '\<error *\([^"]*"[^"]*[a-z]{3}' $$($(VC_LIST_EXCEPT)) \
+ | grep -v '_''(' && \
+ { echo '$(ME): found unmarked diagnostic(s)' 1>&2; \
+ exit 1; } || :
+
+# Avoid useless parentheses like those in this example:
+# #if defined (SYMBOL) || defined (SYM2)
+sc_useless_cpp_parens:
+ @prohibit='^# *if .*defined *\(' \
+ halt='found useless parentheses in cpp directive' \
+ $(_sc_search_regexp)
+
+# List headers for which HAVE_HEADER_H is always true, assuming you are
+# using the appropriate gnulib module. CAUTION: for each "unnecessary"
+# #if HAVE_HEADER_H that you remove, be sure that your project explicitly
+# requires the gnulib module that guarantees the usability of that header.
+gl_assured_headers_ = \
+ cd $(gnulib_dir)/lib && echo *.in.h|sed 's/\.in\.h//g'
+
+# Convert the list of names to upper case, and replace each space with "|".
+az_ = abcdefghijklmnopqrstuvwxyz
+AZ_ = ABCDEFGHIJKLMNOPQRSTUVWXYZ
+gl_header_upper_case_or_ = \
+ $$($(gl_assured_headers_) \
+ | tr $(az_)/.- $(AZ_)___ \
+ | tr -s ' ' '|' \
+ )
+sc_prohibit_always_true_header_tests:
+ @or=$(gl_header_upper_case_or_); \
+ re="HAVE_($$or)_H"; \
+ prohibit='\<'"$$re"'\>' \
+ halt=$$(printf '%s\n' \
+ 'do not test the above HAVE_<header>_H symbol(s);' \
+ ' with the corresponding gnulib module, they are always true') \
+ $(_sc_search_regexp)
+
+# ==================================================================
+gl_other_headers_ ?= \
+ intprops.h \
+ openat.h \
+ stat-macros.h
+
+# Perl -lne code to extract "significant" cpp-defined symbols from a
+# gnulib header file, eliminating a few common false-positives.
+gl_extract_significant_defines_ = \
+ /^\# *define ([^_ (][^ (]*)(\s*\(|\s+\w+)/\
+ && $$2 !~ /(?:rpl_|_used_without_)/\
+ && $$1 !~ /^(?:NSIG|ATTRIBUTE_NORETURN)$$/\
+ and print $$1
+
+# Create a list of regular expressions matching the names
+# of macros that are guaranteed to be defined by parts of gnulib.
+define def_sym_regex
+ gen_h=$(gl_generated_headers_); \
+ (cd $(gnulib_dir)/lib; \
+ for f in *.in.h $(gl_other_headers_); do \
+ perl -lne '$(gl_extract_significant_defines_)' $$f; \
+ done; \
+ ) | sort -u \
+ | grep -Ev '^ATTRIBUTE_NORETURN' \
+ | sed 's/^/^ *# *(define|undef) */;s/$$/\\>/'
+endef
+
+# Don't define macros that we already get from gnulib header files.
+sc_prohibit_always-defined_macros:
+ @if test -d $(gnulib_dir); then \
+ case $$(echo all: | grep -l -f - Makefile) in Makefile);; *) \
+ echo '$(ME): skipping $@: you lack GNU grep' 1>&2; exit 0;; \
+ esac; \
+ $(def_sym_regex) | grep -E -f - $$($(VC_LIST_EXCEPT)) \
+ && { echo '$(ME): define the above via some gnulib .h file' \
+ 1>&2; exit 1; } || :; \
+ fi
+# ==================================================================
+
+# Prohibit checked in backup files.
+sc_prohibit_backup_files:
+ @$(VC_LIST) | grep '~$$' && \
+ { echo '$(ME): found version controlled backup file' 1>&2; \
+ exit 1; } || :
+
+# Require the latest GPL.
+sc_GPL_version:
+ @prohibit='either ''version [^3]' \
+ halt='GPL vN, N!=3' \
+ $(_sc_search_regexp)
+
+# Require the latest GFDL. Two regexp, since some .texi files end up
+# line wrapping between 'Free Documentation License,' and 'Version'.
+_GFDL_regexp = (Free ''Documentation.*Version 1\.[^3]|Version 1\.[^3] or any)
+sc_GFDL_version:
+ @prohibit='$(_GFDL_regexp)' \
+ halt='GFDL vN, N!=3' \
+ $(_sc_search_regexp)
+
+# Don't use Texinfo's @acronym{}.
+# http://lists.gnu.org/archive/html/bug-gnulib/2010-03/msg00321.html
+texinfo_suffix_re_ ?= \.(txi|texi(nfo)?)$$
+sc_texinfo_acronym:
+ @prohibit='@acronym\{' \
+ in_vc_files='$(texinfo_suffix_re_)' \
+ halt='found use of Texinfo @acronym{}' \
+ $(_sc_search_regexp)
+
+cvs_keywords = \
+ Author|Date|Header|Id|Name|Locker|Log|RCSfile|Revision|Source|State
+
+sc_prohibit_cvs_keyword:
+ @prohibit='\$$($(cvs_keywords))\$$' \
+ halt='do not use CVS keyword expansion' \
+ $(_sc_search_regexp)
+
+# This Perl code is slightly obfuscated. Not only is each "$" doubled
+# because it's in a Makefile, but the $$c's are comments; we cannot
+# use "#" due to the way the script ends up concatenated onto one line.
+# It would be much more concise, and would produce better output (including
+# counts) if written as:
+# perl -ln -0777 -e '/\n(\n+)$/ and print "$ARGV: ".length $1' ...
+# but that would be far less efficient, reading the entire contents
+# of each file, rather than just the last two bytes of each.
+#
+# This is a perl script that is expected to be the single-quoted argument
+# to a command-line "-le". The remaining arguments are file names.
+# Print the name of each file that ends in two or more newline bytes.
+# Exit nonzero if at least one such file is found, otherwise, exit 0.
+# Warn about, but otherwise ignore open failure. Ignore seek/read failure.
+#
+# Use this if you want to remove trailing empty lines from selected files:
+# perl -pi -0777 -e 's/\n\n+$/\n/' files...
+#
+detect_empty_lines_at_EOF_ = \
+ foreach my $$f (@ARGV) \
+ { \
+ open F, "<", $$f or (warn "failed to open $$f: $$!\n"), next; \
+ my $$p = sysseek (F, -2, 2); \
+ my $$c = "seek failure probably means file has < 2 bytes; ignore"; \
+ my $$last_two_bytes; \
+ defined $$p and $$p = sysread F, $$last_two_bytes, 2; \
+ close F; \
+ $$c = "ignore read failure"; \
+ $$p && $$last_two_bytes eq "\n\n" and (print $$f), $$fail=1; \
+ } \
+ END { exit defined $$fail }
+sc_prohibit_empty_lines_at_EOF:
+ @perl -le '$(detect_empty_lines_at_EOF_)' $$($(VC_LIST_EXCEPT)) \
+ || { echo '$(ME): the above files end with empty line(s)' \
+ 1>&2; exit 1; } || :; \
+
+# Make sure we don't use st_blocks. Use ST_NBLOCKS instead.
+# This is a bit of a kludge, since it prevents use of the string
+# even in comments, but for now it does the job with no false positives.
+sc_prohibit_stat_st_blocks:
+ @prohibit='[.>]st_blocks' \
+ halt='do not use st_blocks; use ST_NBLOCKS' \
+ $(_sc_search_regexp)
+
+# Make sure we don't define any S_IS* macros in src/*.c files.
+# They're already defined via gnulib's sys/stat.h replacement.
+sc_prohibit_S_IS_definition:
+ @prohibit='^ *# *define *S_IS' \
+ halt='do not define S_IS* macros; include <sys/stat.h>' \
+ $(_sc_search_regexp)
+
+_ptm1 = use "test C1 && test C2", not "test C1 -''a C2"
+_ptm2 = use "test C1 || test C2", not "test C1 -''o C2"
+# Using test's -a and -o operators is not portable.
+# We prefer test over [, since the latter is spelled [[ in configure.ac.
+sc_prohibit_test_minus_ao:
+ @prohibit='(\<test| \[+) .+ -[ao] ' \
+ halt='$(_ptm1); $(_ptm2)' \
+ $(_sc_search_regexp)
+
+# Avoid a test bashism.
+sc_prohibit_test_double_equal:
+ @prohibit='(\<test| \[+) .+ == ' \
+ containing='#! */bin/[a-z]*sh' \
+ halt='use "test x = x", not "test x =''= x"' \
+ $(_sc_search_regexp)
+
+# Each program that uses proper_name_utf8 must link with one of the
+# ICONV libraries. Otherwise, some ICONV library must appear in LDADD.
+# The perl -0777 invocation below extracts the possibly-multi-line
+# definition of LDADD from the appropriate Makefile.am and exits 0
+# when it contains "ICONV".
+sc_proper_name_utf8_requires_ICONV:
+ @progs=$$(grep -l 'proper_name_utf8 ''("' $$($(VC_LIST_EXCEPT)));\
+ if test "x$$progs" != x; then \
+ fail=0; \
+ for p in $$progs; do \
+ dir=$$(dirname "$$p"); \
+ perl -0777 \
+ -ne 'exit !(/^LDADD =(.+?[^\\]\n)/ms && $$1 =~ /ICONV/)' \
+ $$dir/Makefile.am && continue; \
+ base=$$(basename "$$p" .c); \
+ grep "$${base}_LDADD.*ICONV)" $$dir/Makefile.am > /dev/null \
+ || { fail=1; echo 1>&2 "$(ME): $$p uses proper_name_utf8"; }; \
+ done; \
+ test $$fail = 1 && \
+ { echo 1>&2 '$(ME): the above do not link with any ICONV library'; \
+ exit 1; } || :; \
+ fi
+
+# Warn about "c0nst struct Foo const foo[]",
+# but not about "char const *const foo" or "#define const const".
+sc_redundant_const:
+ @prohibit='\bconst\b[[:space:][:alnum:]]{2,}\bconst\b' \
+ halt='redundant "const" in declarations' \
+ $(_sc_search_regexp)
+
+sc_const_long_option:
+ @grep '^ *static.*struct option ' $$($(VC_LIST_EXCEPT)) \
+ | grep -Ev 'const struct option|struct option const' && { \
+ echo 1>&2 '$(ME): add "const" to the above declarations'; \
+ exit 1; } || :
+
+NEWS_hash = \
+ $$(sed -n '/^\*.* $(PREV_VERSION_REGEXP) ([0-9-]*)/,$$p' \
+ $(srcdir)/NEWS \
+ | perl -0777 -pe \
+ 's/^Copyright.+?Free\sSoftware\sFoundation,\sInc\.\n//ms' \
+ | md5sum - \
+ | sed 's/ .*//')
+
+# Ensure that we don't accidentally insert an entry into an old NEWS block.
+sc_immutable_NEWS:
+ @if test -f $(srcdir)/NEWS; then \
+ test "$(NEWS_hash)" = '$(old_NEWS_hash)' && : || \
+ { echo '$(ME): you have modified old NEWS' 1>&2; exit 1; }; \
+ fi
+
+# Update the hash stored above. Do this after each release and
+# for any corrections to old entries.
+update-NEWS-hash: NEWS
+ perl -pi -e 's/^(old_NEWS_hash[ \t]+:?=[ \t]+).*/$${1}'"$(NEWS_hash)/" \
+ $(srcdir)/cfg.mk
+
+# Ensure that we use only the standard $(VAR) notation,
+# not @...@ in Makefile.am, now that we can rely on automake
+# to emit a definition for each substituted variable.
+# We use perl rather than "grep -nE ..." to exempt a single
+# use of an @...@-delimited variable name in src/Makefile.am.
+# Allow the package to add exceptions via a hook in cfg.mk;
+# for example, @PRAGMA_SYSTEM_HEADER@ can be permitted by
+# setting this to ' && !/PRAGMA_SYSTEM_HEADER/'.
+_makefile_at_at_check_exceptions ?=
+sc_makefile_at_at_check:
+ @perl -ne '/\@[A-Z_0-9]+\@/'$(_makefile_at_at_check_exceptions) \
+ -e 'and (print "$$ARGV:$$.: $$_"), $$m=1; END {exit !$$m}' \
+ $$($(VC_LIST_EXCEPT) | grep -E '(^|/)Makefile\.am$$') \
+ && { echo '$(ME): use $$(...), not @...@' 1>&2; exit 1; } || :
+
+news-check: NEWS
+ if sed -n $(news-check-lines-spec)p $(srcdir)/NEWS \
+ | grep -E $(news-check-regexp) >/dev/null; then \
+ :; \
+ else \
+ echo 'NEWS: $$(news-check-regexp) failed to match' 1>&2; \
+ exit 1; \
+ fi
+
+sc_makefile_TAB_only_indentation:
+ @prohibit='^ [ ]{8}' \
+ in_vc_files='akefile|\.mk$$' \
+ halt='found TAB-8-space indentation' \
+ $(_sc_search_regexp)
+
+sc_m4_quote_check:
+ @prohibit='(AC_DEFINE(_UNQUOTED)?|AC_DEFUN)\([^[]' \
+ in_vc_files='(^configure\.ac|\.m4)$$' \
+ halt='quote the first arg to AC_DEF*' \
+ $(_sc_search_regexp)
+
+fix_po_file_diag = \
+'you have changed the set of files with translatable diagnostics;\n\
+apply the above patch\n'
+
+# Verify that all source files using _() are listed in po/POTFILES.in.
+po_file = po/POTFILES.in
+sc_po_check:
+ @if test -f $(po_file); then \
+ grep -E -v '^(#|$$)' $(po_file) \
+ | grep -v '^src/false\.c$$' | sort > $@-1; \
+ files=; \
+ for file in $$($(VC_LIST_EXCEPT)) lib/*.[ch]; do \
+ test -r $$file || continue; \
+ case $$file in \
+ *.m4|*.mk) continue ;; \
+ *.?|*.??) ;; \
+ *) continue;; \
+ esac; \
+ case $$file in \
+ *.[ch]) \
+ base=`expr " $$file" : ' \(.*\)\..'`; \
+ { test -f $$base.l || test -f $$base.y; } && continue;; \
+ esac; \
+ files="$$files $$file"; \
+ done; \
+ grep -E -l '\b(N?_|gettext *)\([^)"]*("|$$)' $$files \
+ | sort -u > $@-2; \
+ diff -u -L $(po_file) -L $(po_file) $@-1 $@-2 \
+ || { printf '$(ME): '$(fix_po_file_diag) 1>&2; exit 1; }; \
+ rm -f $@-1 $@-2; \
+ fi
+
+# Sometimes it is useful to change the PATH environment variable
+# in Makefiles. When doing so, it's better not to use the Unix-centric
+# path separator of `:', but rather the automake-provided `$(PATH_SEPARATOR)'.
+msg = '$(ME): Do not use `:'\'' above; use $$(PATH_SEPARATOR) instead'
+sc_makefile_path_separator_check:
+ @prohibit='PATH[=].*:' \
+ in_vc_files='akefile|\.mk$$' \
+ halt=$(msg) \
+ $(_sc_search_regexp)
+
+# Check that `make alpha' will not fail at the end of the process.
+writable-files:
+ if test -d $(release_archive_dir); then :; else \
+ for file in $(distdir).tar.gz \
+ $(release_archive_dir)/$(distdir).tar.gz; do \
+ test -e $$file || continue; \
+ test -w $$file \
+ || { echo ERROR: $$file is not writable; fail=1; }; \
+ done; \
+ test "$$fail" && exit 1 || : ; \
+ fi
+
+v_etc_file = $(gnulib_dir)/lib/version-etc.c
+sample-test = tests/sample-test
+texi = doc/$(PACKAGE).texi
+# Make sure that the copyright date in $(v_etc_file) is up to date.
+# Do the same for the $(sample-test) and the main doc/.texi file.
+sc_copyright_check:
+ @require='enum { COPYRIGHT_YEAR = '$$(date +%Y)' };' \
+ in_files=$(v_etc_file) \
+ halt='out of date copyright in $(v_etc_file); update it' \
+ $(_sc_search_regexp)
+ @require='# Copyright \(C\) '$$(date +%Y)' Free' \
+ in_vc_files=$(sample-test) \
+ halt='out of date copyright in $(sample-test); update it' \
+ $(_sc_search_regexp)
+ @require='Copyright @copyright\{\} .*'$$(date +%Y)' Free' \
+ in_vc_files=$(texi) \
+ halt='out of date copyright in $(texi); update it' \
+ $(_sc_search_regexp)
+
+# If tests/help-version exists and seems to be new enough, assume that its
+# use of init.sh and path_prepend_ is correct, and ensure that every other
+# use of init.sh is identical.
+# This is useful because help-version cross-checks prog --version
+# with $(VERSION), which verifies that its path_prepend_ invocation
+# sets PATH correctly. This is an inexpensive way to ensure that
+# the other init.sh-using tests also get it right.
+_hv_file ?= $(srcdir)/tests/help-version
+_hv_regex_weak ?= ^ *\. .*/init\.sh"
+_hv_regex_strong ?= ^ *\. "\$${srcdir=\.}/init\.sh"
+sc_cross_check_PATH_usage_in_tests:
+ @if test -f $(_hv_file); then \
+ grep -l 'VERSION mismatch' $(_hv_file) >/dev/null \
+ || { echo "$@: skipped: no such file: $(_hv_file)" 1>&2; \
+ exit 0; }; \
+ grep -lE '$(_hv_regex_strong)' $(_hv_file) >/dev/null \
+ || { echo "$@: $(_hv_file) lacks conforming use of init.sh" 1>&2; \
+ exit 1; }; \
+ good=$$(grep -E '$(_hv_regex_strong)' $(_hv_file)); \
+ grep -LFx "$$good" \
+ $$(grep -lE '$(_hv_regex_weak)' $$($(VC_LIST_EXCEPT))) \
+ | grep . && \
+ { echo "$(ME): the above files use path_prepend_ inconsistently" \
+ 1>&2; exit 1; } || :; \
+ fi
+
+# #if HAVE_... will evaluate to false for any non numeric string.
+# That would be flagged by using -Wundef, however gnulib currently
+# tests many undefined macros, and so we can't enable that option.
+# So at least preclude common boolean strings as macro values.
+sc_Wundef_boolean:
+ @prohibit='^#define.*(yes|no|true|false)$$' \
+ in_files='$(CONFIG_INCLUDE)' \
+ halt='Use 0 or 1 for macro values' \
+ $(_sc_search_regexp)
+
+sc_vulnerable_makefile_CVE-2009-4029:
+ @prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \
+ in_files=$$(find $(srcdir) -name Makefile.in) \
+ halt=$$(printf '%s\n' \
+ 'the above files are vulnerable; beware of running' \
+ ' "make dist*" rules, and upgrade to fixed automake' \
+ ' see http://bugzilla.redhat.com/542609 for details') \
+ $(_sc_search_regexp)
+
+vc-diff-check:
+ (unset CDPATH; cd $(srcdir) && $(VC) diff) > vc-diffs || :
+ if test -s vc-diffs; then \
+ cat vc-diffs; \
+ echo "Some files are locally modified:" 1>&2; \
+ exit 1; \
+ else \
+ rm vc-diffs; \
+ fi
+
+rel-files = $(DIST_ARCHIVES)
+
+gnulib_dir ?= $(srcdir)/gnulib
+gnulib-version = $$(cd $(gnulib_dir) && git describe)
+bootstrap-tools ?= autoconf,automake,gnulib
+
+# If it's not already specified, derive the GPG key ID from
+# the signed tag we've just applied to mark this release.
+gpg_key_ID ?= \
+ $$(git cat-file tag v$(VERSION) > .ann-sig \
+ && gpgv .ann-sig - < /dev/null 2>&1 \
+ | sed -n '/.*key ID \([0-9A-F]*\)/s//\1/p'; rm -f .ann-sig)
+
+translation_project_ ?= coordinator@translationproject.org
+announcement_Cc_ ?= $(translation_project_), $(PACKAGE_BUGREPORT)
+announcement_mail_headers_ ?= \
+To: info-gnu@gnu.org \
+Cc: $(announcement_Cc_) \
+Mail-Followup-To: $(PACKAGE_BUGREPORT)
+
+announcement: NEWS ChangeLog $(rel-files)
+ @$(build_aux)/announce-gen \
+ --mail-headers='$(announcement_mail_headers_)' \
+ --release-type=$(RELEASE_TYPE) \
+ --package=$(PACKAGE) \
+ --prev=$(PREV_VERSION) \
+ --curr=$(VERSION) \
+ --gpg-key-id=$(gpg_key_ID) \
+ --news=$(srcdir)/NEWS \
+ --bootstrap-tools=$(bootstrap-tools) \
+ --gnulib-version=$(gnulib-version) \
+ --no-print-checksums \
+ $(addprefix --url-dir=, $(url_dir_list))
+
+## ---------------- ##
+## Updating files. ##
+## ---------------- ##
+
+ftp-gnu = ftp://ftp.gnu.org/gnu
+www-gnu = http://www.gnu.org
+
+upload_dest_dir_ ?= $(PACKAGE)
+emit_upload_commands:
+ @echo =====================================
+ @echo =====================================
+ @echo "$(build_aux)/gnupload $(GNUPLOADFLAGS) \\"
+ @echo " --to $(gnu_rel_host):$(upload_dest_dir_) \\"
+ @echo " $(rel-files)"
+ @echo '# send the ~/announce-$(my_distdir) e-mail'
+ @echo =====================================
+ @echo =====================================
+
+define emit-commit-log
+ printf '%s\n' 'post-release administrivia' '' \
+ '* NEWS: Add header line for next release.' \
+ '* .prev-version: Record previous version.' \
+ '* cfg.mk (old_NEWS_hash): Auto-update.'
+endef
+
+.PHONY: no-submodule-changes
+no-submodule-changes:
+
+submodule-checks ?= no-submodule-changes public-submodule-commit
+
+# Ensure that each sub-module commit we're using is public.
+# Without this, it is too easy to tag and release code that
+# cannot be built from a fresh clone.
+.PHONY: public-submodule-commit
+public-submodule-commit:
+
+# This rule has a high enough utility/cost ratio that it should be a
+# dependent of "check" by default. However, some of us do occasionally
+# commit a temporary change that deliberately points to a non-public
+# submodule commit, and want to be able to use rules like "make check".
+# In that case, run e.g., "make check gl_public_submodule_commit="
+# to disable this test.
+gl_public_submodule_commit ?= public-submodule-commit
+check: $(gl_public_submodule_commit)
+
+.PHONY: alpha beta stable
+ALL_RECURSIVE_TARGETS += alpha beta stable
+alpha beta stable: $(local-check) writable-files $(submodule-checks)
+ test $@ = stable \
+ && { echo $(VERSION) | grep -E '^[0-9]+(\.[0-9]+)+$$' \
+ || { echo "invalid version string: $(VERSION)" 1>&2; exit 1;};}\
+ || :
+ $(MAKE) vc-diff-check
+ $(MAKE) news-check
+ $(MAKE) distcheck
+ $(MAKE) dist XZ_OPT=-9ev
+ $(MAKE) $(release-prep-hook) RELEASE_TYPE=$@
+ $(MAKE) -s emit_upload_commands RELEASE_TYPE=$@
+
+# Override this in cfg.mk if you follow different procedures.
+release-prep-hook ?= release-prep
+
+gl_noteworthy_news_ = * Noteworthy changes in release ?.? (????-??-??) [?]
+.PHONY: release-prep
+release-prep:
+ case $$RELEASE_TYPE in alpha|beta|stable) ;; \
+ *) echo "invalid RELEASE_TYPE: $$RELEASE_TYPE" 1>&2; exit 1;; esac
+ $(MAKE) -s announcement > ~/announce-$(my_distdir)
+ if test -d $(release_archive_dir); then \
+ ln $(rel-files) $(release_archive_dir); \
+ chmod a-w $(rel-files); \
+ fi
+ echo $(VERSION) > $(prev_version_file)
+ $(MAKE) update-NEWS-hash
+ perl -pi -e '$$. == 3 and print "$(gl_noteworthy_news_)\n\n\n"' NEWS
+ $(emit-commit-log) > .ci-msg
+ $(VC) commit -F .ci-msg -a
+ rm .ci-msg
+
+# Override this with e.g., -s $(srcdir)/some_other_name.texi
+# if the default $(PACKAGE)-derived name doesn't apply.
+gendocs_options_ ?=
+
+.PHONY: web-manual
+web-manual:
+ @test -z "$(manual_title)" \
+ && { echo define manual_title in cfg.mk 1>&2; exit 1; } || :
+ @cd '$(srcdir)/doc'; \
+ $(SHELL) ../build-aux/gendocs.sh $(gendocs_options_) \
+ -o '$(abs_builddir)/doc/manual' \
+ --email $(PACKAGE_BUGREPORT) $(PACKAGE) \
+ "$(PACKAGE_NAME) - $(manual_title)"
+ @echo " *** Upload the doc/manual directory to web-cvs."
+
+# Code Coverage
+
+init-coverage:
+ $(MAKE) $(AM_MAKEFLAGS) clean
+ lcov --directory . --zerocounters
+
+COVERAGE_CCOPTS ?= "-g --coverage"
+COVERAGE_OUT ?= doc/coverage
+
+build-coverage:
+ $(MAKE) $(AM_MAKEFLAGS) CFLAGS=$(COVERAGE_CCOPTS) CXXFLAGS=$(COVERAGE_CCOPTS)
+ $(MAKE) $(AM_MAKEFLAGS) CFLAGS=$(COVERAGE_CCOPTS) CXXFLAGS=$(COVERAGE_CCOPTS) check
+ mkdir -p $(COVERAGE_OUT)
+ lcov --directory . --output-file $(COVERAGE_OUT)/$(PACKAGE).info \
+ --capture
+
+gen-coverage:
+ genhtml --output-directory $(COVERAGE_OUT) \
+ $(COVERAGE_OUT)/$(PACKAGE).info \
+ --highlight --frames --legend \
+ --title "$(PACKAGE_NAME)"
+
+coverage: init-coverage build-coverage gen-coverage
+
+# Update gettext files.
+PACKAGE ?= $(shell basename $(PWD))
+PO_DOMAIN ?= $(PACKAGE)
+POURL = http://translationproject.org/latest/$(PO_DOMAIN)/
+PODIR ?= po
+refresh-po:
+ rm -f $(PODIR)/*.po && \
+ echo "$(ME): getting translations into po (please ignore the robots.txt ERROR 404)..." && \
+ wget --no-verbose --directory-prefix $(PODIR) --no-directories --recursive --level 1 --accept .po --accept .po.1 $(POURL) && \
+ echo 'en@boldquot' > $(PODIR)/LINGUAS && \
+ echo 'en@quot' >> $(PODIR)/LINGUAS && \
+ ls $(PODIR)/*.po | sed 's/\.po//' | sed 's,$(PODIR)/,,' | sort >> $(PODIR)/LINGUAS
+
+ # Running indent once is not idempotent, but running it twice is.
+INDENT_SOURCES ?= $(C_SOURCES)
+.PHONY: indent
+indent:
+ indent $(INDENT_SOURCES)
+ indent $(INDENT_SOURCES)
+
+# If you want to set UPDATE_COPYRIGHT_* environment variables,
+# put the assignments in this variable.
+update-copyright-env ?=
+
+# Run this rule once per year (usually early in January)
+# to update all FSF copyright year lists in your project.
+# If you have an additional project-specific rule,
+# add it in cfg.mk along with a line 'update-copyright: prereq'.
+# By default, exclude all variants of COPYING; you can also
+# add exemptions (such as ChangeLog..* for rotated change logs)
+# in the file .x-update-copyright.
+.PHONY: update-copyright
+update-copyright:
+ grep -l -w Copyright \
+ $$(export VC_LIST_EXCEPT_DEFAULT=COPYING && $(VC_LIST_EXCEPT)) \
+ | $(update-copyright-env) xargs $(build_aux)/$@
--- /dev/null
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+ configure_ac=configure.ac
+else
+ configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+ # Try to run requested program, and just exit if it succeeds.
+ run=
+ shift
+ "$@" && exit 0
+ # Exit code 63 means version mismatch. This often happens
+ # when the user try to use an ancient version of a tool on
+ # a file that requires a minimum version. In this case we
+ # we should proceed has if the program had been absent, or
+ # if --run hadn't been passed.
+ if test $? = 63; then
+ run=:
+ msg="probably too old"
+ fi
+ ;;
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+ --run try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ autom4te touch the output file, or create a stub one
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ help2man touch the output file
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ tar try tar, gnutar, gtar, then tar without non-portable flags
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+ exit $?
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing $scriptversion (GNU Automake)"
+ exit $?
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+ s/^gnu-//; t
+ s/^gnu//; t
+ s/^g//; t'`
+
+# Now exit if we have it, but it failed. Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program). This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+ lex*|yacc*)
+ # Not GNU programs, they don't have --version.
+ ;;
+
+ tar*)
+ if test -n "$run"; then
+ echo 1>&2 "ERROR: \`tar' requires --run"
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ exit 1
+ fi
+ ;;
+
+ *)
+ if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+ # We have it, but it failed.
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ # Could not run --version or --help. This is probably someone
+ # running `$TOOL --version' or `$TOOL --help' to check whether
+ # $TOOL exists and not knowing $TOOL uses missing.
+ exit 1
+ fi
+ ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+ aclocal*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acinclude.m4' or \`${configure_ac}'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`${configure_ac}'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acconfig.h' or \`${configure_ac}'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case $f in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ autom4te*)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them.
+ You can get \`$1' as part of \`Autoconf' from any GNU
+ archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo "#! /bin/sh"
+ echo "# Created by GNU Automake missing as a replacement of"
+ echo "# $ $@"
+ echo "exit 0"
+ chmod +x $file
+ exit 1
+ fi
+ ;;
+
+ bison*|yacc*)
+ echo 1>&2 "\
+WARNING: \`$1' $msg. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f y.tab.h; then
+ echo >y.tab.h
+ fi
+ if test ! -f y.tab.c; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex*|flex*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f lex.yy.c; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ help2man*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a dependency of a manual page. You may need the
+ \`Help2man' package in order for those modifications to take
+ effect. You can get \`Help2man' from any GNU archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo ".ab help2man is required to generate this page"
+ exit $?
+ fi
+ ;;
+
+ makeinfo*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ # The file to touch is that specified with -o ...
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -z "$file"; then
+ # ... or it is the one specified with @setfilename ...
+ infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '
+ /^@setfilename/{
+ s/.* \([^ ]*\) *$/\1/
+ p
+ q
+ }' $infile`
+ # ... or it is derived from the source name (dir/f.texi becomes f.info)
+ test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+ fi
+ # If the file does not exist, the user really needs makeinfo;
+ # let's fail without touching anything.
+ test -f $file || exit 1
+ touch $file
+ ;;
+
+ tar*)
+ shift
+
+ # We have already tried tar in the generic part.
+ # Look for gnutar/gtar before invocation to avoid ugly error
+ # messages.
+ if (gnutar --version > /dev/null 2>&1); then
+ gnutar "$@" && exit 0
+ fi
+ if (gtar --version > /dev/null 2>&1); then
+ gtar "$@" && exit 0
+ fi
+ firstarg="$1"
+ if shift; then
+ case $firstarg in
+ *o*)
+ firstarg=`echo "$firstarg" | sed s/o//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ case $firstarg in
+ *h*)
+ firstarg=`echo "$firstarg" | sed s/h//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ fi
+
+ echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+ You may want to install GNU tar or Free paxutils, or check the
+ command line arguments."
+ exit 1
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequisites for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
projects / external / libgnutls26.git / commitdiff